2020-01-26T09:26:00Z
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
  • 0
  • 29

What needs improvement with Check Point Remote Access VPN?

Please share with the community what you think needs improvement with Check Point Remote Access VPN.

What are its weaknesses? What would you like to see changed in a future version?

25
PeerSpot user
25 Answers
Hazel Zuñiga Rojas - PeerSpot reviewer
Administrative Assistant at Tecapro
Real User
Top 5Leaderboard
2022-10-19T04:01:00Z
Oct 19, 2022

I would like this service to be easier to manage when you integrate it with third parties. Although it is complex to configure, I cannot complain that it is complete and it is worth being able to use and integrate it. However, any administrator would welcome any changes that made configuration simpler. We would like the ability to perform remote access with the VPN in the future with any type of device. Lately, Android applications tend to have more errors. I hope that this will be solved in the future.

Search for a product comparison
SS
Pre-sales Manager at Alpha1 IT Solutions & Consulting Pvt Ltd
Real User
Top 20
2022-10-04T12:36:14Z
Oct 4, 2022

If you are new to deploying the solution, the initial setup might be difficult the first time around. I had trouble setting the policies and then resetting the device.

DH
Support at a tech services company with 51-200 employees
Real User
Top 5Leaderboard
2022-09-24T04:07:00Z
Sep 24, 2022

The VPN remote Access blade could be improved. Licensing is extremely expensive per user and more so for large companies where the number of users directly impacts the cost. The documentation for good practices and specific configurations is somewhat old, generally for versions before R80, which is why it is sometimes more challenging to understand them or be able to implement them, Also, at the support level, response times can be improved, as the technical level for this type of tool is very good.

LD
Cloud Support - Security Admin at a tech company with 1-10 employees
User
Top 5Leaderboard
2022-07-29T05:09:00Z
Jul 29, 2022

Generally, the license is included with the Check Point gateway licensing, however, in terms of the number of users that can be activated for use, it is generally five users. In our case, we quote additional licensing and it is quite expensive for remote VPN, other manufacturers are not so expensive. The support provided is slow, in addition to the fact that the service hours are contrary to ours, which generates slower problem solving, I think it is important to improve this area.

Fabian Miranda - PeerSpot reviewer
Subject Matter Expert - Helthcare and Corporate Verticals Development at Lenovo
Real User
Top 5Leaderboard
2022-07-07T17:41:00Z
Jul 7, 2022

In my organization, there aren't Linux users, however, I know it has difficulties offering secure access for customers who use this operating system. Also, this product has limitations with headcount addition, as there are performance limitations in each security gateway the software has. The ability to allow split-tunneling while still following our corporate policy should be offered. Some things like the compliance aspect of the VPN Client can be updated so the product stays up to speed with the ever-changing environment in software security.

Jonathan Ramos G. - PeerSpot reviewer
Cloud Engineer at ITQS
Real User
Top 5Leaderboard
2022-06-06T15:12:00Z
Jun 6, 2022

That the level of Remote access VPN was higher by default as other brands do it that way. In the case of Check Point, they are not like that. The maximum it is giving us is only 5 licenses and if you need more, they must be purchased separately. From my perspective, it should be added to the same cost as the general license, and that well explained makes the product more attractive. Many organizations would have this need, as many are moving off-premise. We have great executives and entire corporate teams that perform work tasks from home.

Learn what your peers think about Check Point Remote Access VPN. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
653,584 professionals have used our research since 2012.
alvarado - PeerSpot reviewer
Cloud Support Leader at a tech company with 51-200 employees
User
Top 5Leaderboard
2022-05-17T05:01:00Z
May 17, 2022

At the moment, the remote Check Point VPNs are quite stable. They could improve the support they provide for Check Point. The support is always in English. Some users (who speak Spanish) have no alternative. Another very important fact is documentation and bug fixes are a little too classified in the Check Point portal to help administrators when they find problems. More documentation availability would help users to depend less on support.

JamesYa - PeerSpot reviewer
Senior Solutions Architect at Cloud4C Services
Real User
Top 5Leaderboard
2022-04-12T20:01:40Z
Apr 12, 2022

Check Point Remote Access VPN could be more user-friendly.

FG
Especialista Certificado en Administración de Servicios de Tecnología de la Información at AZZAIT
User
Top 20
2022-02-28T14:53:00Z
Feb 28, 2022

It needs to improve the capability of the Secure browser VPN connections. Some in-house applications didn't work due to the use of JScript and the backend and front end technology for the applications. In the case of URL translation of the VPN Web portal, the requests made from the front end to the back end weren't valid (due to the use of dynamic subdomains). In the case of host translations, the request was made to the same host, however, we cannot specify the ports, which, in our case, are used to redirect to different servers.

SN
System Analyst at IIT Gandhinagar
User
2022-02-08T14:34:00Z
Feb 8, 2022

The Linux version may have an app (similar to Windows) instead of a shell script. We have seen that in Windows and Apple systems the app is running on the system tray whereas in Linux we have to keep the Linux Terminal Window open otherwise the connection drops. Sometimes, we have noticed that the owing to installation of various antivirus and running of inbuilt firewalls (applicable to all operating systems); the connection for VPN sporadically drops and tries to reconnect. When this happens, we have to manually either disable the firewall/antivirus or reconnect the VPN again.

Alex Tremblay - PeerSpot reviewer
Cyber Security Manager at H2O Power
Real User
Top 10
2021-11-19T15:26:00Z
Nov 19, 2021

The ability to allow split-tunneling while still following our corporate policy needs to be on the table. Right now, in order to allow the same policy to apply, the users' traffic must be routed up to our NGFW before going out to the internet. Having a method to apply the same policy to the client for outbound traffic while connected to the VPN would be huge. Some things like the compliance aspect of the VPN Client can be updated to bring it a little more modern. It's very useful for checking things like Windows Updates levels before connecting, however, it could use a facelift since it's still quite old-looking.

Manuel Briones - PeerSpot reviewer
Voice and data infrastructure specialist at a tech services company with 1,001-5,000 employees
User
Top 5Leaderboard
2021-11-02T20:39:00Z
Nov 2, 2021

We have not migrated to the R81 version and I do not doubt that it will have some improvements compared to the version we use today. Without a doubt and with the new trends in technology, Check Point should already have a blade with a 2MFA solution and not through some other vendor. This type of integration would undoubtedly give it a better reach and greater market with new security trends top of mind. I know that everything is moving to a cloud environment, however, for all those corporates that still do not trust such an environment, it would be favorable to offer a 2MFA service in a solution tested through a blade or in the cloud.

Manuel Briones - PeerSpot reviewer
Voice and data infrastructure specialist at a tech services company with 1,001-5,000 employees
User
Top 5Leaderboard
2021-10-07T21:05:00Z
Oct 7, 2021

The authentication that we handle is through a .p12 certificate, however, we have integrated it with a 2MFA service through another provider. Something that could improve Check Point is if it had its own 2MFA service through a blade or some sort of application. We'd be able to give a better experience to companies that already have a contract or Check Point services that deal with a work-from-home environment, giving greater scope and coverage from a single centralized dashboard.

PRAPHULLA  DESHPANDE - PeerSpot reviewer
Associate Consult at Atos
Real User
Top 5Leaderboard
2021-09-20T11:05:00Z
Sep 20, 2021

Check Point RA VPN requires companies to take separate licenses initially so that only 5 connected users licenses are given as subscriptions. Most other competitors, like Palo Alto, provide 1000 connected user licenses for free. Some configurations, like idle timeout (the requirement came from multiple users), are not possible to configure directly from the Check Point management server. We have to make changes in the local directory of the respective devices.

AD
Accounts Administrator at a non-profit with 51-200 employees
User
2021-08-31T17:22:00Z
Aug 31, 2021

A saving password option might save time for continuous disconnection to the server due to internet fluctuation problems. They need to increase their timeout. Right now, it will fail after ten seconds, however, it shouldn't fail until after 20 seconds. If you don't get on your phone right away and check on your authentications, it will kick you out. In an environment with multiple cluster checkpoints, the global properties common to all clusters in some cases give problems. The interface needs improvement. When you need to create something, you have to go through a lot of steps. It needs to be simplified.

NK
Senior Vice President, Technology for the Americas at Engel & Völkers Development GmbH
Real User
Top 10
2021-06-16T01:39:00Z
Jun 16, 2021

We don't have any specific complaints. We are very happy with the Windows client. You log in with the VPN for the full client, you do the log in right from the software itself. For Linux machines, they don't have a full client to install. For the users that utilize Linux, there needs to be an equivalent. The documentation of the software needs to be more accessible. If an end-user wants to have access to customized training from the company, that should be able to be built-in. I would add that feature.

WA
Network Security Engineer at a manufacturing company with 5,001-10,000 employees
Real User
2021-06-15T19:04:00Z
Jun 15, 2021

There needs to be a way to create a VPN client specific to our environment so that we can easily lock down who can connect. The VPN client install should be specific to our environment. Our service desk does get some complaints about users not being able to connect. Sometimes it's because the VPN client has updated and they've lost their connection settings and don't have a record of the connection settings themselves. Other times, the VPN client needs to be reinstalled or upgraded to allow them to connect.

Ifeanyi Onyiaodike - PeerSpot reviewer
Network security engineer at Fidelity Bank
Real User
Top 5
2021-06-03T09:53:16Z
Jun 3, 2021

With this particular client VPN, there needs to be a feature that can glance at your credentials, of being able to look at credentials. You might hang for a bit or the execution might fail. It would be useful to see your credentials before you connect to take note to see if you are likely to have trouble connecting. They need to increase their timeout. Right now, it will fail after ten seconds, however, it shouldn't fail until after 20. If you don't get on your phone right away and check on your authentications, it will kick you out. They need to give a bit more time.

LA
Network, Systems and Security Engineer at SOLTEL Group
Real User
Top 5
2021-06-02T10:42:00Z
Jun 2, 2021

Despite being very intuitive, the interface needs improvements. When you need to create something, you have to follow many steps and I think that should be simplified.

SM
ICT at a manufacturing company with 501-1,000 employees
Real User
Top 5
2021-05-31T06:33:00Z
May 31, 2021

I would like to have the ability to specify different policies in a simple and quick way, depending on whether I am using the secure remote client or the SSL VPN. It would be very useful to be able to apply different policies depending on the authentication method. For example, an 801x authentication can have different native permissions from those who enter the username and password. In an environment with multiple cluster checkpoints, the global properties common to all clusters in some cases give problems.

JM
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
Real User
2020-10-25T06:25:00Z
Oct 25, 2020

We are very happy with the Windows client. You log in with the VPN for the full client, you do the log in there. But for Linux machines, they don't have a full client to install. It is important because we have some users that use Linux and they don't have a specific application from Check Point to use. That is something that could be improved.

Kirtikumar Patel - PeerSpot reviewer
Network Engineer at LTTS
Real User
Top 5Leaderboard
2020-09-01T09:32:00Z
Sep 1, 2020

We would like to see support for a layer seven VPN over UDP.-- currently some VPN solution are working on Layer 7 Platform. The updates under Windows 10 are not always up to date, and we have trouble upgrading remote clients. We have also had trouble deploying new clients.-- The Check Point Remote VPN new client is giving trouble us during upgradation with older version of Windows 10

Oleg Pekar - PeerSpot reviewer
Senior Network/Security Engineer at Skywind Group
Real User
Top 5
2020-08-27T17:49:00Z
Aug 27, 2020

* The Compliance software blade is available only for the Windows operating systems family, so no macOS security checks are implemented and performed. This is valid for at least software version E82.30, which we currently use. * In addition, there is no full client of the Check Point Remote Access VPN available for the Linux operating systems families. That is important since some of our administrators prefer to use this OS even on their home PCs. We hope that Check Point would develop a client for Linux in the future.

AG
Network Security Engineer at a financial services firm with 51-200 employees
Real User
2020-08-03T06:11:00Z
Aug 3, 2020

Currently, we're using Check Point Endpoint Remote Access VPN R70.30.03. That's the latest version of R70.30. We haven't upgraded to R80 yet, but all of our firewalls are R80. We've been through many iterations of the Endpoint VPN client. I remember awhile ago, it was very difficult to deploy and not have problems, but they've come a long way. Now, it's a lot better. I have worked so much on this in the past with Check Point that they actually had their vice president of product development call me. I remember one of the things that I told him need room for improvement, which I still haven't seen: When you want to deploy a new Check Point agent, it is really a pain in the butt. For example, Windows 10 now has updates almost every couple of months. It changes the versioning and things under the hood. These are things that I don't understand, because I'm not a Windows person. However, I know that the Check Point client is installed on the Windows machine, and if the Check Point client's not kept up-to-date, then it's functionality breaks. It has to be up-to-date with the Windows versions. Check Point has to update the client more often. Now, the problem is that the Check Point client is not easy to update on remote computers and it's not easy to deploy a new client. They need to improve deploying a new Endpoint Remote Access VPN client and updating existing Endpoint Remote Access VPN clients. Especially if you want to deploy a new one, it's not an easy process. Their software doesn't really support creating a new Endpoint Remote Access VPN client. There is a lot of manual activity. They need to automate it better. You have to create a generic client, download it to a computer, and install it to the computer. Then, you have to find a file deep inside the directory that it creates. It's like a text file, then you take that text file out and edit the settings in it. For example, I have to tell it to connect to a site which contains our firewalls or else it's like a phone with no phone numbers and I have to put in the phone numbers. This should be done when I download the client the first time from their GUI, but it is not. Instead, I have to install a generic blank version on a computer, find a text file, and edit the text file with the sites of firewalls that the users have to connect to specific to my company. I have to make other setting changes in that version, save it, reboot the computer, find the file again, take that file out of the computer, upload it to GUI, and deploy a new version. Then, I install it after I uninstalled the old one. Of course, all the uninstalls require reboots. So, I am rebooting it like five times now. After that, I have to install it and check the settings. Half the time they don't save the way you want them to save. It is very tedious and terrible. Even learning that process was a nightmare, because it's not like they have a nice article that explains it to you. They don't. I was bumping my head up against the wall with support for almost six or seven months trying to figure that out. Half of them didn't even know how to do it. That was miserable. But now that I'm an expert on it, I can probably do it within a half a day to three days depending on if it gives me problems or not. That's still miserable, and it should be as easy as: I upload the new version of the client, put in the information that I want it to have on the settings, click download, and install, then it works. It should be that easy. There's really no reason why it's not, except for they didn't improve that process nor have they developed that area. It makes me think that their interest isn't in VPN solutions, even though it should be because it's something that they offer. Otherwise, their support is great.

CK
Senior System Engineer at Thai Transmission Industry
Real User
2020-01-26T09:26:00Z
Jan 26, 2020

In terms of improving the service, I think they could add more features, like the security to block off the doors, or create another hatch, something like this. They could make the features safer, add malware to make my mail and the Kryon system safer and to protect data at an earlier stage.

Related Questions
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Oct 4, 2022
Hi, We all know it's really hard to get good pricing and cost information. Please share what you can so you can help your peers.
2 out of 19 answers
AG
Network Security Engineer at a financial services firm with 51-200 employees
Aug 3, 2020
My understanding is that the pricing and licensing are very competitive, and it's not one of their more expensive products. We buy licenses for the solution and have licenses for the endpoint servers.
Kirtikumar Patel - PeerSpot reviewer
Network Engineer at LTTS
Sep 1, 2020
This is a very good solution for our employees who work outside of our organization.
Julia Frohwein - PeerSpot reviewer
Senior Director of Delivery at PeerSpot (formerly IT Central Station)
Oct 19, 2022
How do you or your organization use this solution? Please share with us so that your peers can learn from your experiences. Thank you!
2 out of 25 answers
CK
Senior System Engineer at Thai Transmission Industry
Jan 26, 2020
A lot of our clients are complimentary companies, like the electrical company. They need Check Point Remote Access VPN, or even another similar solution. I tell them that I already have the VPN solution in our company.
AG
Network Security Engineer at a financial services firm with 51-200 employees
Aug 3, 2020
We use a Check Point Endpoint Remote Access VPN client along with Check Point SSL VPN, which allows users to connect to our firewall who don't have the client, e.g., if they have a MacBook, then we don't have a client for them. We allow them to connect to the firewall over the browser. That had a bunch of problems, but they have resolved those this year. The use case is to allow people to connect to our firewall on-premise. We also have Check Point firewalls in the cloud, which people can connect to as well. Then they can access resources either in our on-premise environment that they need to access, such as, their computers, the Intranet, Salesforce, or our production applications. Also, in AWS, they can access other types of applications, like WorkSpaces, or our production applications there, which allows them to work. It lets them have access to their email, because they're not able to access their email unless they are VPN'd in, etc. We keep everything locked down to the VPN. If that's not working, then our company will not be able to work. It was very finicky last year, and it's working now. It has been perfect this year. We don't use the Endpoint Remote Access VPN client for too much. We use its local firewall, which is valuable, but we don't really use SandBlast. I know you can add the SandBlast module along with all these other modules. We literally just use it so our users can connect on-prem.
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Apr 26, 2022
PeerSpot’s popular crowdsourced user review platform helps technology decision-makers around the world to better collaborate with peers and other independent technical experts to provide advice, share knowledge and expertise without vendor bias.Our users have ranked numerous popular solutions according to their valuable features, and have also made suggestions on where they see room for improve...
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Apr 26, 2022
Top 5 Enterprise Infrastructure VPN Solutions 2022
PeerSpot’s popular crowdsourced user review platform helps technology decision-makers around the ...
Download Free Report
Download our free Check Point Remote Access VPN Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
653,584 professionals have used our research since 2012.