If someone wants to review the configuration for the proxy, they would need to look elsewhere, as this tool is not designed to assess the performance of security policies.
They need to improve the graphical interface. They should also improve the latency when entering the GUI. The application should not be so closed when it comes to integrations with third-party tools. They have become a bit expensive to be able to purchase them for smaller companies.
Network System Administrator at Camara Municipal de Lisboa
Real User
Top 20
2023-03-09T22:04:06Z
Mar 9, 2023
There are many aspects we do not like about the solution and there are a lot of alternatives available on the market. Some of the settings are buried deep within the solution making it a challenge to navigate. It would be helpful if it was more intuitive. Additionally, there can be some settings that are in multiple places, this leaves the user not knowing what settings are needed to be modified for the wanted result. I have lost confidence because I do not know if I change a setting or if it is going to have the desired result I intended it to do. I have used other solutions, such as Palo Alto and I did not experience these types of problems. When we apply a change in Check Point Application Control there can be some time for the changes to take effect. The time is too long, and we have experienced approximately five minutes on occasion for modifying some rules or filtering. When there are outside-of-the-network threats, such as DoS attacks, Check Point Application Control should have more integrated ways to deal with the attacks. We should not have to purchase add-ons or secondary solutions or patches. There is some functionality that is not working anymore as it once did, such as HTTP filtering. The complexity of application usage is increasing day by day, and it seems that at some point, we will need to initiate specific projects to tackle the issue of application filtering. Check Point Application Control has been instrumental in addressing this challenge, but with the continued growth in complexity, more advanced features would be necessary to make the solution even more effective.
Check Point licenses are somewhat expensive, in addition to the fact that it is difficult to validate their costs without a Check Point partner - which is why it is difficult to validate them. Support is only available in the English language, which affects some regions where Check Point products will be used. The SLAs of checkpoint products are sometimes not met since the cases created are sometimes attended to very late after opening them.
One of the improvements that we need is in the manual services. The guides used today are a bit complex, and we need efficient and simple access to them so that any administrative or technical person can solve, analyze, and configure each of the rules and identities seamlessly. We need clear directions to help us configure effectively. It's important to be able to have this documentation available to make the many available features easy to configure and allow us to promote defense tactics in depth against all available threats.
The set security features have increased the production efficiency of all applications. The new IT team monitoring this system requires proper training in order to execute the targeted goals effectively without failure. The set performance monitoring systems are complex to interpret and scale down their operations. The customer service team works tirelessly to ensure our teams are satisfied. Cloud network security has kept our assets secure since we deployed with a smooth continuation of other enterprise activities.
Learn what your peers think about Check Point Application Control. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
The blocking characteristics for filtering content currently are not so customizable. I would like to be able to modify them a bit. I hope that customization will be incorporated in the future. Right now, we must educate the users who are constantly violating or in fear of violating an issue. We would like to be able to incorporate filtering with notifications in a learning portal so users can be educated and will no longer have a lack of experience. A portal will help make better, more educated, and knowledgeable users.
The learning curve for new users is challenging since the integrated data models are complicated. The system slows down when the company has a lot of applications. New versions that are upgraded rarely come with new market updates. The cost and deployment capacity is based on the size of the company. The overall performance is excellent when the system administrators from the company work closely with the vendor-customer support team. It has enhanced a secure work environment and enabled employees to focus on more productive tasks.
I would like this layer to be faster to install in the future. The evolution of its equipment and appliances where the solution is executed has improved a lot, however, it is necessary to increase that capacity. Some competitors do it just as well and in that layer, are faster to apply their changes. These would give greater value and would be a differentiator. Among other things, I would like this integrated solution to manage from mobile devices in an optimized way and be able to administer from anywhere in the world.
Sometimes, documentation is not accurate and with the support issue we have to wait a long time for an engineer to understand the errors. I would like to see if they can help with the issue of service and more qualified staff. They need to have good service with Check Point products. The load balancer functionality for application traffic might be a better option. Configuration and deployment are a little bit difficult. This product works only when the user is in traffic flow through NGFW. Sometimes there are more than one category tag to an application which can be tricky.
Information Technology Security Specialist at AKBANK TAS
User
Top 10
2022-08-02T05:24:00Z
Aug 2, 2022
The objects found now have large applications or general category definitions that are completely determined and organized by Check Point. It would be nice if there was a platform and small application owners could come and send their own applications' name and IP information from there. If we could use application objects directly in our rule sets in Check Point in those small companies, that would be ideal. A few more layered objects could be created for Azure in large applications. It would be nice if firewall administrators could see parser information such as IP behind these objects.
1 – Custom applications for internal applications must be defined frequently. This should be improved. It would be much better if Check Point could detect internal applications and automatically bypass them. 2- Without HTTPS decryption, the majority of App Control recognition features will be rendered ineffective, as everything has been encrypted thus far. 3-An application may have multiple category tags, which is confusing. These areas should be improved. It satisfies all of our needs except for this. Check Point Application Control assists us in controlling bandwidth and restricting internet access for our infrastructure.
Something important to mention is the improvement at the support level. It could be more advanced. Sometimes the responses are somewhat slow or based on a schedule that is not always the same as the companies. It's difficult to generate a session with them to better explain your needs. We would also like the costs to be more comfortable. Although they are not different from other security tools, they could have improvements to provide greater interest to customers who are interested or loyal to Check Point's products.
The tool has a number of features necessary for good business security. Nevertheless, it is always good to add several features and maintain an open and adequate performance for the machines where said software is installed since it will be able to present high performance. However, so far, Check Point Application Control satisfactorily meets the needs of a company in security. At the moment I don't see the need to add new features. That said, you always have to be one step ahead.
Cloud Support at a tech company with 51-200 employees
User
Top 5
2022-04-13T17:33:00Z
Apr 13, 2022
We would like to see a greater facility or some corrector that if we apply a change that affects any other policy, it is in constant review and notifies you before applying the changes. This would be extremely impressive and useful for administrators since it would save us time for the publication and installation of the changes on the Check Point Gateways. It would also be good to find more documentation for implementations in the cloud - in my case Microsoft Azure. It has been quite difficult when looking for specific documentation.
Cloud Support at a tech company with 51-200 employees
User
Top 5
2022-04-13T17:33:00Z
Apr 13, 2022
We would like to see a greater facility or some corrector that, if we apply a change that affects any other policy, it is in constant review and notifies you before applying the changes. This would be extremely impressive and useful for administrators since it would save us time in the publication and installation of the changes on the Check Point gateways. It would also be good to find more documentation for implementations in the cloud - in my case Microsoft Azure. When looking for specific documentation, it has been quite difficult for me.
We haven't had any issues with the product. There aren't really any features missing. We would like the product to be a bit more user-friendly in general.
Voice and data infrastructure specialist at a tech services company with 1,001-5,000 employees
User
2021-11-19T03:21:00Z
Nov 19, 2021
With Check Point we are more protected, however, one of the issues is the cost. They are expensive products due to the fact that we have to buy blades for each solution that we want to integrate into our corporate. Without a doubt, it is worth it, however, it is an important point that could be considered. Likewise, nowadays a 2MFA solution could be integrated to Check Point since nowadays remote connections made with remote workers are required to protect the extension from the office to your home through a VPN connection.
The working principle of Check Point Application Control is far different from all other vendors in the market. It basically works in parallel with security rules. Every time packet must go from policy lookup into security rules. It sometimes leads to a troubleshooting phase for which we can create application traffic. SD-WAN functionality can be added. Direct API integration for customized application features can be added. Load balancer functionality for application traffic might be a better option.
It's important that there is the option to validate the policies before applying them since it is very annoying and causes a waste of time to apply a new policy or rule and afterward receive an error that the policy has failed. It is important that, if you are being notified of the modifications in the automatic policies that were updated, it's clear in terms of the content that is included as well as the applications that have been modified for being malicious or not. Without a doubt, these would be contributions that would greatly benefit the solution's operation within my company.
System and Network Administrator at Auriga - The banking e-volution
Real User
2021-05-08T13:30:00Z
May 8, 2021
It is hard to say what has to be improved in Check Point Application Control. Occasionally, we have to identify an application that is not registered. I would like to have a periodic update of the applications, perhaps based on a predefined calendar. We would like to have the ability to submit new applications for registration, as well as request the recategorization of URLs.
Network Security Engineer/Architect at Euronext Technologies SAS
Real User
Top 5
2020-10-04T06:40:00Z
Oct 4, 2020
I think Check Point Application Control is one of Check Point's most complete solutions. It has had a lot of years for improvement. I don't see anything that we need to be improved. It does everything that we would need. It always applies new applications. It does what we need it to do. We don't need to select a specific application if we don't need it, it can be selected by category. The solution is very complete.
I think that the pricing for the Check Point products should be reconsidered - we found it to be quite expensive to purchase and to maintain (the licenses and the support services need to be prolonged regularly), or create some additional bundles of the software blades with significant discounts in addition to the current Next Generation Threat Prevention & SandBlast (NGTX) and Next Generation Threat Prevention (NGTP) offers. We also had several support cases opened for software issues, but none of them were connected with the Application Control blade.
Most of the business applications stopped working, we don't know why and we have already escalated to the top level but we still haven't gotten any corrective action on this. They always take logs but after that, there is no resolution. They need to improve this, this will help us a lot. We have not blocked anything on a rule base we have enabled HTTPS on a monitoring mode but still, we are facing issues, and if we add an unknown category on that respective rule only then does it start working.
Check Point Application Control provides the industry’s strongest application security and identity control to organizations of all sizes. It enables IT teams to easily create granular policies, based on users or groups, to identify, block or limit usage of thousands of Web applications and widgets.Learn more about Application control software
If someone wants to review the configuration for the proxy, they would need to look elsewhere, as this tool is not designed to assess the performance of security policies.
They need to improve the graphical interface. They should also improve the latency when entering the GUI. The application should not be so closed when it comes to integrations with third-party tools. They have become a bit expensive to be able to purchase them for smaller companies.
There are many aspects we do not like about the solution and there are a lot of alternatives available on the market. Some of the settings are buried deep within the solution making it a challenge to navigate. It would be helpful if it was more intuitive. Additionally, there can be some settings that are in multiple places, this leaves the user not knowing what settings are needed to be modified for the wanted result. I have lost confidence because I do not know if I change a setting or if it is going to have the desired result I intended it to do. I have used other solutions, such as Palo Alto and I did not experience these types of problems. When we apply a change in Check Point Application Control there can be some time for the changes to take effect. The time is too long, and we have experienced approximately five minutes on occasion for modifying some rules or filtering. When there are outside-of-the-network threats, such as DoS attacks, Check Point Application Control should have more integrated ways to deal with the attacks. We should not have to purchase add-ons or secondary solutions or patches. There is some functionality that is not working anymore as it once did, such as HTTP filtering. The complexity of application usage is increasing day by day, and it seems that at some point, we will need to initiate specific projects to tackle the issue of application filtering. Check Point Application Control has been instrumental in addressing this challenge, but with the continued growth in complexity, more advanced features would be necessary to make the solution even more effective.
Check Point licenses are somewhat expensive, in addition to the fact that it is difficult to validate their costs without a Check Point partner - which is why it is difficult to validate them. Support is only available in the English language, which affects some regions where Check Point products will be used. The SLAs of checkpoint products are sometimes not met since the cases created are sometimes attended to very late after opening them.
One of the improvements that we need is in the manual services. The guides used today are a bit complex, and we need efficient and simple access to them so that any administrative or technical person can solve, analyze, and configure each of the rules and identities seamlessly. We need clear directions to help us configure effectively. It's important to be able to have this documentation available to make the many available features easy to configure and allow us to promote defense tactics in depth against all available threats.
The set security features have increased the production efficiency of all applications. The new IT team monitoring this system requires proper training in order to execute the targeted goals effectively without failure. The set performance monitoring systems are complex to interpret and scale down their operations. The customer service team works tirelessly to ensure our teams are satisfied. Cloud network security has kept our assets secure since we deployed with a smooth continuation of other enterprise activities.
The blocking characteristics for filtering content currently are not so customizable. I would like to be able to modify them a bit. I hope that customization will be incorporated in the future. Right now, we must educate the users who are constantly violating or in fear of violating an issue. We would like to be able to incorporate filtering with notifications in a learning portal so users can be educated and will no longer have a lack of experience. A portal will help make better, more educated, and knowledgeable users.
The learning curve for new users is challenging since the integrated data models are complicated. The system slows down when the company has a lot of applications. New versions that are upgraded rarely come with new market updates. The cost and deployment capacity is based on the size of the company. The overall performance is excellent when the system administrators from the company work closely with the vendor-customer support team. It has enhanced a secure work environment and enabled employees to focus on more productive tasks.
I would like this layer to be faster to install in the future. The evolution of its equipment and appliances where the solution is executed has improved a lot, however, it is necessary to increase that capacity. Some competitors do it just as well and in that layer, are faster to apply their changes. These would give greater value and would be a differentiator. Among other things, I would like this integrated solution to manage from mobile devices in an optimized way and be able to administer from anywhere in the world.
Sometimes, documentation is not accurate and with the support issue we have to wait a long time for an engineer to understand the errors. I would like to see if they can help with the issue of service and more qualified staff. They need to have good service with Check Point products. The load balancer functionality for application traffic might be a better option. Configuration and deployment are a little bit difficult. This product works only when the user is in traffic flow through NGFW. Sometimes there are more than one category tag to an application which can be tricky.
The objects found now have large applications or general category definitions that are completely determined and organized by Check Point. It would be nice if there was a platform and small application owners could come and send their own applications' name and IP information from there. If we could use application objects directly in our rule sets in Check Point in those small companies, that would be ideal. A few more layered objects could be created for Azure in large applications. It would be nice if firewall administrators could see parser information such as IP behind these objects.
1 – Custom applications for internal applications must be defined frequently. This should be improved. It would be much better if Check Point could detect internal applications and automatically bypass them. 2- Without HTTPS decryption, the majority of App Control recognition features will be rendered ineffective, as everything has been encrypted thus far. 3-An application may have multiple category tags, which is confusing. These areas should be improved. It satisfies all of our needs except for this. Check Point Application Control assists us in controlling bandwidth and restricting internet access for our infrastructure.
Something important to mention is the improvement at the support level. It could be more advanced. Sometimes the responses are somewhat slow or based on a schedule that is not always the same as the companies. It's difficult to generate a session with them to better explain your needs. We would also like the costs to be more comfortable. Although they are not different from other security tools, they could have improvements to provide greater interest to customers who are interested or loyal to Check Point's products.
The tool has a number of features necessary for good business security. Nevertheless, it is always good to add several features and maintain an open and adequate performance for the machines where said software is installed since it will be able to present high performance. However, so far, Check Point Application Control satisfactorily meets the needs of a company in security. At the moment I don't see the need to add new features. That said, you always have to be one step ahead.
We would like to see a greater facility or some corrector that if we apply a change that affects any other policy, it is in constant review and notifies you before applying the changes. This would be extremely impressive and useful for administrators since it would save us time for the publication and installation of the changes on the Check Point Gateways. It would also be good to find more documentation for implementations in the cloud - in my case Microsoft Azure. It has been quite difficult when looking for specific documentation.
We would like to see a greater facility or some corrector that, if we apply a change that affects any other policy, it is in constant review and notifies you before applying the changes. This would be extremely impressive and useful for administrators since it would save us time in the publication and installation of the changes on the Check Point gateways. It would also be good to find more documentation for implementations in the cloud - in my case Microsoft Azure. When looking for specific documentation, it has been quite difficult for me.
We haven't had any issues with the product. There aren't really any features missing. We would like the product to be a bit more user-friendly in general.
This has been the best experience I have had with this software and company
@reviewer1767168 thanks for the answer! Can you please describe some specific/outstanding points that you have liked about the product?
With Check Point we are more protected, however, one of the issues is the cost. They are expensive products due to the fact that we have to buy blades for each solution that we want to integrate into our corporate. Without a doubt, it is worth it, however, it is an important point that could be considered. Likewise, nowadays a 2MFA solution could be integrated to Check Point since nowadays remote connections made with remote workers are required to protect the extension from the office to your home through a VPN connection.
The working principle of Check Point Application Control is far different from all other vendors in the market. It basically works in parallel with security rules. Every time packet must go from policy lookup into security rules. It sometimes leads to a troubleshooting phase for which we can create application traffic. SD-WAN functionality can be added. Direct API integration for customized application features can be added. Load balancer functionality for application traffic might be a better option.
It's important that there is the option to validate the policies before applying them since it is very annoying and causes a waste of time to apply a new policy or rule and afterward receive an error that the policy has failed. It is important that, if you are being notified of the modifications in the automatic policies that were updated, it's clear in terms of the content that is included as well as the applications that have been modified for being malicious or not. Without a doubt, these would be contributions that would greatly benefit the solution's operation within my company.
It is hard to say what has to be improved in Check Point Application Control. Occasionally, we have to identify an application that is not registered. I would like to have a periodic update of the applications, perhaps based on a predefined calendar. We would like to have the ability to submit new applications for registration, as well as request the recategorization of URLs.
We expect applications to be updated regularly.
I think Check Point Application Control is one of Check Point's most complete solutions. It has had a lot of years for improvement. I don't see anything that we need to be improved. It does everything that we would need. It always applies new applications. It does what we need it to do. We don't need to select a specific application if we don't need it, it can be selected by category. The solution is very complete.
I think that the pricing for the Check Point products should be reconsidered - we found it to be quite expensive to purchase and to maintain (the licenses and the support services need to be prolonged regularly), or create some additional bundles of the software blades with significant discounts in addition to the current Next Generation Threat Prevention & SandBlast (NGTX) and Next Generation Threat Prevention (NGTP) offers. We also had several support cases opened for software issues, but none of them were connected with the Application Control blade.
Most of the business applications stopped working, we don't know why and we have already escalated to the top level but we still haven't gotten any corrective action on this. They always take logs but after that, there is no resolution. They need to improve this, this will help us a lot. We have not blocked anything on a rule base we have enabled HTTPS on a monitoring mode but still, we are facing issues, and if we add an unknown category on that respective rule only then does it start working.
This solution could be easier to manage. The security features could be enhanced, and the price could be lower as well.