What is our primary use case?
On our infrastructure, we installed the Check Point 6200 appliance as our primary firewall. It is deployed in a distributed mode, with the security gateway and management running on separate machines.
Our major purpose is to limit web access from internal networks.
Using application control, we blocked the use of peer-to-peer applications such as torrent from our networks and allowed only youtube.com from the media streaming category, resulting in a significant improvement in bandwidth.
Aside from these numerous categories, we blocked a large number of high-risk applications from access our network.
How has it helped my organization?
We can control bandwidth and high-risk application access from our network using application control.
We want our users to only be able to access certain websites during working hours. We accomplished this through application control by blocking social media, phonography, drugs, media sharing, and other sites.
We also restricted file sharing sites through application control and blocked file uploading, which helped us avoid data loss.
We set a usage limit for YouTube.com, giving us more bandwidth control.
What is most valuable?
The control options for an application are very specialized. We may thus ultimately decide what to access and what to prevent.
It is relatively easy to implement an application control policy, and it is made to integrate with the access policy.
The ability to see each application clearly in the logs is quite helpful.
Application control utilizes signatures similarly to how IPS does. It is an excellent feature.
It's pretty easy to schedule updates to the application control database. We can design a check for fresh updates every two hours.
Users can clearly understand the reasons for site blocking from the blocked message.
What needs improvement?
1 – Custom applications for internal applications must be defined frequently. This should be improved. It would be much better if Check Point could detect internal applications and automatically bypass them.
2- Without HTTPS decryption, the majority of App Control recognition features will be rendered ineffective, as everything has been encrypted thus far.
3-An application may have multiple category tags, which is confusing.
These areas should be improved.
It satisfies all of our needs except for this.
Check Point Application Control assists us in controlling bandwidth and restricting internet access for our infrastructure.
For how long have I used the solution?
I've used the solution for almost two years.
Which solution did I use previously and why did I switch?
Yes, we used a different solution. However, it did not satisfy us in terms of security. As a result, we decided to deploy Check Point NGFW for enhanced security.
Before migrating to Check Point firewall, we conducted market research and solicited feedback from my contacts who are already Checkpoint NGFW customers. We decided to use Check Point NGFW as a result of this.
What was our ROI?
Our ROI is that it increases the security precautions that prevent users from accessing websites that can harm our business. Additionally, it also reduces the use of the internet, which is often unrelated to business tasks.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.