Check Point Remote Access VPN Reviews

Remote Access VPN is one of those essential items for every organization in order to maintain seamless and highly secured connectivity between the end-user and the organization's local area network to access resources - including Jump server Databases, et cetera.

No matter from which device or from which location users are accessing an organization's local resources, with the help of the Check Point VPN client they can make sure they have connected securely.

Check Point offers a best-in-class encryption algorithm to ensure confidentiality and maintain integrity between the end-user and the Gateway. 

In disaster situations like Covid-19, most users were working from home or in remote locations. In such cases, Check Point Remote Access VPN provides feasibility to everyone to work from home and access an organization's resources remotely.

With a client-less configuration known as SSL VPN users can directly access resources via a browser-like database, share folders, et cetera.

To maintain the authorization of the connected user, Check Point provides multi-factor authentication for an RA VPN client to make sure legitimate users have access to resources.

• Secure connectivity: Guaranteed authentication, confidentiality, and data integrity for every connection and user.
• Straightforward Configuration: Easy to enable blades and define policies.
• Authentication: SAML authentication makes sure the user is legitimate.
• Compliance check: It scans the endpoint machine to detect suspicious/malicious content before connecting to an office network.
• MEP: Multi entry points to make sure there's availability to the LAN network even if the primary gateway goes down.
• A single client can work as sandblast agent.

Check Point RA VPN requires companies to take separate licenses initially so that only 5 connected users licenses are given as subscriptions. Most other competitors, like Palo Alto, provide 1000 connected user licenses for free.

Some configurations, like idle timeout (the requirement came from multiple users), are not possible to configure directly from the Check Point management server. We have to make changes in the local directory of the respective devices.

I've used the solution for more than three years.

The solution is highly stable.

Check Point has an Unlimited License Package for the RA VPN and therefore we can scale it easily.

Customer service has a dedicated team that handles RA VPN cases which ultimately leads to an early resolution.

Migration has taken place such as from Cisco to Check Point and Sophos to Check Point. During that phase, the customer needed to change the VPN client as well.

Browser-based functionality is one of the best things that Check Point provides.

The initial setup is straightforward during the initial configuration.

The setup is very straightforward but subscription-based. It isn't cost-effective.

We did look at Cisco Anyconnect and Palo Alto Global Protect.

Check Point Remote Access VPN allows organization users to work remotely. Especially in the pandemic period, work-from-home demand has been higher than ever. 

I have a remarkable case about the solution. That is for a bank. They want to have remote access VPNs that can provide connections for internal users who work remotely, partners who have restricted connections to the bank environment and ATM machines that connect to core banking applications. All VPNs acted in the same internet connections but still ensure these three VPNs were separated from each other. For the requirements, deploying the VPN in VSX appliances helped to solve issues. I created three virtual instances: one for corporate users, one for partners and one for ATM machines. 

Applying security policies for three instances is different. Corporate users must pass two-factor authentication layers and then have access to common corporate services (like email, and chat) and the right business applications depending on their working role, and their department. Partners after authenticating successfully only have limited access to the right place that they are allowed while being unable to connect to other places. 

ATM machines that act 24/7 need to have continuous connections, thus, they must authenticate using a certificate and their VPN clients must be configured to re-authenticate automatically after a timeout.

Check Point Remote Access VPN supports almost all common devices, from Windows to macOS, and from Android to iOS. Connection methods are flexible, including browsers and VPN clients. 

With such an approach, the solution can solve every remote working problem from anywhere, on any device while maintaining security features. The solution allows us to integrate with external systems like directory servers, email servers, and RADIUS servers for using directory users (a unified user instead must remember many usernames and passwords), adding multi-factor authentication via an OTP certificate. VPN users will have controlled access based on who they are and where they are by security policies. 

The solution offers flexible authentication methods to control access by policies and compliance. 

Check Point can integrate with external systems and third-party solutions to provide multi-layer authentications. This helps secure the user accounts from leakage of passwords and also protects corporate from unauthorized access damage risks. 

Security policies help to convert access regulations to policy rule configurations after authenticating. Setting policies allow, block, and limit users' access. 

With the compliance feature, Check Point can define what conditions user machines should have to authenticate the VPN. This feature helps to add more security to the network.

Endpoint Security on Demand, or Compliance Check is a good feature. It allows the creation of compliance policies and adds more security to the network. Machines will be scanned once they connect to VPN to make sure all of them are compliant. Conditions to configure compliance checks are Windows security (hotfixes, patches), Anti-Spyware, Anti-Virus software, personal firewall, or Custom (application, files, registry). These are not enough in a complicated environment. Almost of them are supported for Windows machines, however, are just limited conditions for non-Windows. In fact, using mobile devices on Android, iOS, macOS, and Linux is very popular. Compliance Check on Check Point should be improved by having more configurable conditions to support multi-platforms and adding more granularity. 

Besides compliance scanning sometimes causes consumes machine resources. 

I also suggest scanning operations will consume fewer resources and increase speed time.

I've been using the solution for more than five years.

As mentioned in my use case, the solution is running for thousands of corporate users, partner users, and ATM machines. The performance is very impressive. 

With Check Point VSX, the virtual instance extension is just an additional license, thus, it's very easy to add VS for other purposes. Besides Check Point also developed Maestro technology to allow hyperscale, increase throughput, and maximize capacity.

The Check Point Support Team is very professional and has technical expertise. The team is online 24/7 to make sure their customers always be supported. Response time to the customer is quick enough when they provide a solution to fix the issues or when they need some time to investigate or when they need some time to investigate they stay up to date.

Positive

I had used Fortinet Remote Access VPN before. At that time, other security features like Firewall, IPS, Application Control, and URL Filtering had been added to the same box running Remote Access VPN. The Fortinet appliance was overloaded all the time - although specifications in the datasheet could be OK. After changing to Check Point (using Remote Access VPN with other security features), the performance was amazing. CPU and memory usages were always at an average level.

We have always worked within the office. However, the COVID pandemic changed the course of our work in terms of where we had to implement new solutions so that we could all work from home. That was when I encountered Check Point; we had years with this solution in the facilities, yet, only during the pandemic did we have to innovate for a home environment. Today we have more than 6000 users working from home thanks to Check Point. This is possible due to the fact that, with a certificate and the client for this connection, every person can connect to our environment as if they were at the office.

We still have many areas of opportunity in which we must work, however, this has required us to improve our infrastructure in order to accommodate remote work. Since the beginning of the pandemic, we have had this solution and we have had many challenges since there are more than 6000 people who work from home. For security, we have an expiration time of the .p12 certificates and that requires updating passwords. Today, we are integrating this solution with a 2MFA system to give much more security to corporate.

The IPSec VPN, Mobile Access, and Identity Awareness are three of the blades with which we have been working with since the pandemic. This has given us great mobility, making our network more dynamic for connection to corporate due to the integration we have of Check Point via our AC or LDAP. 

We are creating rules by user and not by IP (which could be done both ways). We stick more to mobility inside and outside the corporate environment. Since then, corporate has been increasing security and keeping our workers happier.

The authentication that we handle is through a .p12 certificate, however, we have integrated it with a 2MFA service through another provider. Something that could improve Check Point is if it had its own 2MFA service through a blade or some sort of application. We'd be able to give a better experience to companies that already have a contract or Check Point services that deal with a work-from-home environment, giving greater scope and coverage from a single centralized dashboard.

I've used the solution for more than two years

The stability is the best.

The scalability is great.

 We have witnessed a fast response from the support team.

We did not use a different solution.

The initial setup was not overly complex.

We handled the installation in-house.

We've witnessed a 40% ROI.

The price is a little high, however, the solution is something that we recommend often.

We did evaluate other options.

We are hosting environments for our customers and ourselves. With Check Point Client, VPN users that aren't in their internal networks can connect via a secure connection into the internal network.

Remote users use different clients (Windows, Linux, and Mac OS) so depending on the customer, there is either a client connection or a clientless approach (using a web portal).

Users can also be identified if they use the Client VPN solution. If you want to identify them inside the network you have to use an IA agent.

Once set up, it simply works without issues.

The main advantage is that if you already have a Check Point Gateway in place you don't have to buy additional hardware. You only need to check if there are enough resources on the gateway for the additional load and decide how many concurrent users you need.

The installation was fairly straightforward thanks to the Admin Guide and the User Center.

Adding a Radius or similar to use for the user authentication can also easily be done so you don't have to create local users. Depending on the size of the user base I would also recommend MFA.

A normal Check Point Gateway has, with the base license, 5 concurrent users included. This means that in emergency situations you don't have to buy additional licenses.

During Covid, the license was increased and therefore it was easily possible to have several users working from home.

It's possible to either have a client installed on the user's machine, or have a clientless approach using the web portal. 

There is MEP functionality, so, based on the user's location, it minimizes the latency by connecting to the nearest entry point. 

The non-standard setup is quite complex as you have to do changes via GUI and CLI. Luckily, Check Point knowledgebase articles help you, however, there are so many resources you have to go through.

The Client VPN licenses are for concurrent users and there is currently no way to prioritize certain users over others.

There is no possibility to increase the number of concurrent users for a short time (except if you have unlimited concurrent users licensed). This could help during emergency situations where there are more client VPN users than anticipated.

I've used the product for over 7 years.

For a basic setup, implementation is quite easy.

Check Point Endpoint Remote Access VPN is without a doubt, really fantastic software. It allows me remote and secure access to my most important data, to the company's networks, and to corporate resources from anywhere in the world.

Regardless of where I am, it guarantees the complete privacy of all our confidential information through multifactor authentication and compliance analysis of the endpoint system.

All of this is very easy to configure using step-by-step wizards, and there are many guides to explain it.

Check Point Remote Access VPN has improved my Organization with:

• It has a built-in, centrally-managed Firewall blade, which allows us to filter traffic on the client-side.
• The built-in, centrally-managed Compliance blade is helpful. Using it, we check the client OS for the presence of the latest security updates and that the corporate antivirus software is up and running. It doesn't allow the client to connect to the office in cases where these rules are not satisfied. That prevents infected computers from connecting to the company's location and spreading threats.
• It is easy to install the Endpoint Remote Access VPN client on different platforms.
• It provides a stable VPN connection.

One of the features that I like most about this software is that it has a very intuitive, simple, and versatile interface that makes it easy to use and configure. It is compatible with several operating systems, and it has great protection against malware and any other cyber threat that wants to penetrate our endpoints.

It is fully integrated and centralized, which allows me to configure the security policy and view VPN events from a console.

Despite being very intuitive, the interface needs improvements. When you need to create something, you have to follow many steps and I think that should be simplified.

We've been using Check Point Remote Access VPN for more than two years.

I know that if there were any problems, the technical support team would solve them almost immediately. The team is highly qualified.

So far, I have not found any negative characteristics to complain about, since in general, the software works in an excellent way and it has never failed us.

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment, located in Asia (Taiwan).

In addition, there are about 30 Google Cloud projects of different sizes ranging from 10 to 250 virtual machines, and they are used for development, staging, production, etc. For every project, there is one dedicated scalable instance group of the Check Point CloudGuard IaaS gateways.

We user the Check Point Remote Access VPN to provide access for our employees to connect to the specified environments.

We use the Check Point Endpoint Remote Access VPN client to allow our remote employees to connect to our company's offices in a secure and reliable way.

We use the clients for Windows and macOS, with the current software version E82.30. The Endpoint Remote Access VPN clients are fully compatible with the Check Point NGFWs Mobile Access VPN blade, and there are no problems connecting to it.

The clients have additional functions, like Firewall and Compliance blades, which we consider as a strong benefit for using the pure clients.

Several remote sites are supported in the client configuration, which allows us to have the redundancy for the case when one of the Offices becomes unavailable due to ISP problems.

1. It is easy to install the Endpoint Remote Access VPN client to different platforms. Within the company, we use it for Windows and macOS.
   
2. Built-in, centrally-managed Firewall blade, which allows filtering traffic on the client-side.
3. Built-in, centrally-managed Compliance blade. We check the client OS on the presence of the latest security updates and that the corporate antivirus software is up and running, and do not allow the client to connect to the office site in the case where these rules are not satisfied. That prevents the infected computers from connecting to the company's location and spreading the threats.
4. Stable VPN connection.

1. The Compliance software blade is available only for the Windows operating systems family, so no macOS security checks are implemented and performed. This is valid for at least software version E82.30, which we currently use.
2. In addition, there is no full client of the Check Point Remote Access VPN available for the Linux operating systems families. That is important since some of our administrators prefer to use this OS even on their home PCs. We hope that Check Point would develop a client for Linux in the future.

I have been using the Check Point Remote Access VPN for about two years.

The Check Point Remote Access VPN clients are stable on both Windows and macOS.

The Gateway side part of the software scales well.

We have had several support cases opened, but none of them were connected with the Check Point Remote Access VPN. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration at the OS kernel level.

Prior to this product, we didn't use any centralized VPN software before.

The setup was straightforward and simple.

Our deployment was completed by our in-house team. We have a Check Point Certified engineer working in the engineering team.

We did not evaluate other options because we already use the products from the CheckPoint ecosystem.

The Check Point Endpoint Remote Access VPN for MacOs and Windows are reliable solutions for remote access VPN, and fully compatible with the Check Point security ecosystem.

The primary use case of this solution is to connect to our internal network for accessing servers and clusters using Check Point VPN. End-users are, for example, students accessing computer labs and licensed software that can check academic licenses only within the campus network; further, our ERP folks could make good use of the VPN solution by remotely working on the Institute Management System infrastructure and can work efficiently without any hindrance. We also use its capsule app on smartphones to connect further.

Using Check Point Remote Access VPN has increased the overall productivity for users staying outside the campus and working remotely during this Covid-19 period. Faculty, students, staff, and research fellows as well as a lot of other eligible users have been benefited by securing the VPN license in order to run login remotely and access the project workstations, clusters, run simulations and submit their research work for the final thesis defense. It also allows for publishing in high-impact factor journals.

Once we install and connect the VPN service, it keeps on running until we disconnect. Moreover, the best outcome is when the end-users are able to check out software licenses through the tunnel and keep on working remotely from their home without any interruption. 

The VPN service works seamlessly in Windows and Mac. Only in the case of Linux or Ubuntu have we had to struggle a bit by understanding the SNX Batch file to get installed and run it. Moreover, in Windows and Apple systems the app is running on the system tray whereas in Linux we have to keep the Terminal Window Open.

The Linux version may have an app (similar to Windows) instead of a shell script. We have seen that in Windows and Apple systems the app is running on the system tray whereas in Linux we have to keep the Linux Terminal Window open otherwise the connection drops. Sometimes, we have noticed that the owing to installation of various antivirus and running of inbuilt firewalls (applicable to all operating systems); the connection for VPN sporadically drops and tries to reconnect. When this happens, we have to manually either disable the firewall/antivirus or reconnect the VPN again.

We've used the solution since 2015 or 2016.

We were using Cyberoam.

Users must pursue Proof of Concept as the functional requirements can vary.

We also looked into Palo Alto and Fortinet.

We are able to allow users to easily gain access to internal systems from outside the organization. No longer is coming into the office a necessary requirement for our users. They can seamlessly transition from home/remote work to going into the office while still having the same level of access. We also have many users that need to manage servers who are able to connect to the internal servers from anywhere - allowing them to still do their jobs from anywhere. Connecting to VPN doesn't require a ton of technical skill for those not in the technical field.

Users who need to work remotely for any reason can still do their jobs despite their location. The solution is also incredibly easy to manage. It's pretty much set and forget once the blade is turned out and configured. No day-to-day maintenance or configuration is required from the security operations team to keep it running which is welcome considering actual user help tickets are abundant throughout most organizations. Many times our service desk needs to enter the connection settings for our end-users, but that's about it.

Our number of users working remotely vastly increased during the COVID 19 pandemic. Check Point Remote Access VPN allowed us to quickly make the transition from in-office to remote work. There was no need to make any changes at the firewall level once we saw a large number of users go to work from home for safety reasons. If the VPN client was installed on their laptop they were good to go. The client also supports MFA, which is important, especially considering all of the remote work happening these days. 

There needs to be a way to create a VPN client specific to our environment so that we can easily lock down who can connect. The VPN client install should be specific to our environment. Our service desk does get some complaints about users not being able to connect. Sometimes it's because the VPN client has updated and they've lost their connection settings and don't have a record of the connection settings themselves. Other times, the VPN client needs to be reinstalled or upgraded to allow them to connect.

I've worked with the solution for more than 5 years.

The solution is very stable and requires virtually no maintenance.

The solution is easily scalable.

Diamond support is typically fantastic. However, lately, they make us wait for our diamond support person instead of giving us a different tech to work with.

There was no previous solution that was used prior to this product.

The initial setup was straightforward.

We handled the entire process in-house.