There are many aspects we do not like about the solution and there are a lot of alternatives available on the market. Some of the settings are buried deep within the solution making it a challenge to navigate. It would be helpful if it was more intuitive. Additionally, there can be some settings that are in multiple places, this leaves the user not knowing what settings are needed to be modified for the wanted result. I have lost confidence because I do not know if I change a setting or if it is going to have the desired result I intended it to do. I have used other solutions, such as Palo Alto and I did not experience these types of problems. When we apply a change in Check Point Application Control there can be some time for the changes to take effect. The time is too long, and we have experienced approximately five minutes on occasion for modifying some rules or filtering. When there are outside-of-the-network threats, such as DoS attacks, Check Point Application Control should have more integrated ways to deal with the attacks. We should not have to purchase add-ons or secondary solutions or patches. There is some functionality that is not working anymore as it once did, such as HTTP filtering. The complexity of application usage is increasing day by day, and it seems that at some point, we will need to initiate specific projects to tackle the issue of application filtering. Check Point Application Control has been instrumental in addressing this challenge, but with the continued growth in complexity, more advanced features would be necessary to make the solution even more effective.
