Check Point Security Management Reviews

We use Check Point Multi-Domain Management (Provider-1) to manage several customers with their firewalls as well as handle our internal administrators based on their rights.

Each domain (CMA) contains the customer's firewalls that are managed by us. Bigger customers with more than one domain use global objects as well as global rules so that administrators do not have to implement a local object for each domain.

Since this environment is bigger, we also use a dedicated log server for each domain. That way the logs reside in a different virtual log server.

When using global rules and objects it is possible to push changes to several domains at the same time without touching each individually.

Administration of all users within a single environment makes it easy, instead of connecting to management individually. Using templates for rights helps a lot too.

Last but not least, by only using one VM (or 2 if you include the log server), upgrading and patching are easier. You have a bigger maintenance window, but do not have to upgrade several Security Management Servers by themselves.

Using a single GUI with a single management IP makes things easier if you have to administrate several customers. In the Multi-Domain Environment, you are able to see an overview of all the different customers.

Several health checks are shown for the gateways in an overview so you don't always have to use a monitoring system in parallel since you see some states at a glance after logging in.

Having the possibility to use Smart Event to check for threats on a broader scale helps after a security incident and also makes it easier to check - instead of looking through different logs.

Troubleshooting is quite complicated within multi-domain management. If an issue arises, the local administrator has to keep in mind that there are other domains that could be also affected.

For each version, you have to download a new GUI. Sometimes the GUIs have fixes in them. If you need a new one, you have to inform and update all administrators too.

Some features still use the legacy GUI, however, as far as I know, it is planned to include this in newer versions (R81+). 

Unfortunately, there is still not a rule checker in place where you can insert SRC/DST/Port and it shows you which rule it matches.

I've used the solution for over 10 years.

The solution can scale, depending on the VM environment.

The installation process is quite easy.

We work with multiple clients managing their network firewalls. This includes many multi-national networks as well as local systems in the U.S.A. 

We primarily are utilizing these products for managing customer/client environments to modify access rules and other policies for controlling traffic to and from both internal and external networks as well as cloud-based Azure systems. 

Check Point management products are in use in all these networks, including both standard Single Management Servers as well as Multi-Domain Management servers.

Check Point Security Management has always made it simple and easy to manage all our firewall systems and firewall policies. 

Check Point Security Management systems, both standard Single Management Servers as well as Multi-Domain Management servers, have made it very simple and easy to perform daily functions such as adding new user hosts or destination servers to existing firewall policy rules and successfully managing large corporate networks easily from both our office space or from remote worker systems.

We love the ability to monitor performance in real-time, and gather critical information about network flows and traffic. 

The controls for creating, modifying, and editing firewall policies, firewall configurations, and other system operations are very simple and seamless. Accessing and viewing logging from many firewalls worldwide is also made very simple and intuitive with the ability to see both an overall picture of the logging, as well as the ability to filter down to the most specific traffic flows.

Sometimes there are some performance issues that cause certain operations to run slowly, however, that may just be due to the hardware it is running on needing to be stronger. Check Point could possibly lighten up the software code so that it is not as resource-intensive and will run more smoothly on a variety of hardware and cloud or virtual machine platforms. 

More ability for users to generate reports for traffic flows, firewall performance factors like CPU, memory usage, total bandwidth consumption, and tracing heavy traffic (elephant) flows would also be great.

I've used the solution for over seven years.

So far, we have not experienced really serious issues with the stability of the platform.

Check Point Security Management is pretty robust at allowing the management of large numbers of firewalls - especially the Multi-Domain systems.

Though we do not need to utilize the support services often, they have always been prompt and courteous, and definitely knowledgeable.

Positive

Some of our clients have switched from other firewall solutions such as Fortinet or Palo Alto, however, they were not happy with these systems for various reasons.

These systems are pretty straightforward to install and implement.

Check Point seems to be reasonable with its pricing, and competitive in the market.

Sometimes our clients look at other options such as Palo Alto, or even a blend of these and Check Point.

We use Check Point Security Gateway GAIA R 80.40 as our secure gateway firewall. We have configured two gateways as active-passive in cluster mode. We also use R 80.40 as our security management server to configure the policies on the firewall. We use it primarily to control traffic and secure our network perimeter against unknown attacks. The different rules and policies for the SSL VPN connections are configured on the mobile access blade. We use the policies to segregate and filter the traffic flow. 

Check Point Security Management GAIA R 80.40 tremendously helped us in securing our network perimeter against various threats. 

We have used the access rules and application/URL filtering blades to filter and restrict unwanted traffic. 

The IPS blade, Antivirus blade, Anti-bot blade, Threat Emulation blade, and Threat Prevention blades are helping us tremendously in preventing attacks and thus take care of the threats at the gateways themselves. 

At the time of COVID, the Mobile Access blade has helped greatly in the smooth running of production.

We have found all the security blades very helpful. The IPS blade, Antivirus blade, Anti-bot blade, Threat Emulation blade, and Threat Prevention blades have been most useful in securing the network. 

With the antivirus, IPS, and Anti-bot blades signatures being automatically updated regularly on a daily/hourly basis, the network is always safe. 

The URL and Application Filter blade offers a daily update of the database which helps us control the traffic. 

Mobile access has helped us cater to more than 4000 users so that they can work from home.

The Security Management server could be improved. If it provided an inbuilt authenticator for multifactor authentication, that would be ideal. Currently, we have to depend on a third party for multifactor authentication. 

It would help us greatly in securing the remote access users if Mac binding can be done for remote access VPN users in mobile. It would be helpful if we could enable URL and application traffic control remote access. 

The logging and reporting are good, but it would be helpful if more report templates were available.

I have been using Check Point Security Gateway for more than 7 years.

The stability is great.

The scalability is great.

Technical support is good.

Positive

The company has been using Check Point for a long time. It's been more than 10 years. I have been with the company for past 7 Years.

The initial setup is straightforward.

We had assistance from our Vendor Team (ISecurenet). They are very good.

Our ROI has been above expectations.

The price is high but worth it.

Check Point is one of the top leaders in security solutions.

I am using Check Point to secure my home office because I'm doing all my work from home. 

The company uses software called Harmony. Check Point integrates nicely, whether on an endpoint or mobile device. It integrates well with the firewall and can give me reports that I can check without going to an online portal.

You need some technical expertise to use the solution. I don't think it's accessible to the typical end-user. You need to access the box and use some command lines or the web interface. It would be nice to have a user-friendly dashboard and comprehensive reporting. 

I started using Check Point last year.

I contacted Check Point because the device wasn't logging into the portal to download the license I purchased. It took them about three days to answer.

I was using Untangled and switched to Sophos. I decided after a year that Sophos wasn't for me, so I tried Check Point. 

It took me about two hours to do the initial installation, but the total deployment took a day. I did it myself and found it somewhat complicated. You need to know what you're doing. Check Point doesn't provide enough guidance and assumes you know everything. 

I pay for a yearly license, but you have the option of a three-year or a five-year license. 

I rate Check Point Security Management seven out of 10. I recommend it if you're a technical person experienced in WFM security devices. 

We deployed the Check Point firewall for protecting our web servers and intranet servers. We used a management server as a centralized device for Check Point Gateway firewalls.

The best aspect about the notion is that we can push policy, IPs, or any other functionality to all or a subset of gateways. Alternatively, creating a distinct tab for each gateway gives a clear idea of the configuration changes and makes them less complicated.

Check Point's solution cuts down on the time it takes to manage multiple firewall devices.

Our organization has faced multiple attackers daily which causes high-impact performance, even though the previous firewall blocks. This leads to an impact on customer satisfaction with our services.

However, after deploying Check Point firewalls in our organization we found drastic changes in the performance of our network   

The management server helps us to reduce the time to manage multiple firewalls.

It's easy to push configuration changes to each of the gateways.

We can track logs of each firewall which is very helpful.

The importance of centralized administration cannot be overstated. As a network security engineer, I must mention that it allows us to manage all of our Check Point devices from a centralized point. 

Although there is certainly room for improvement in the UI, I am pleased that Check Point continues to correct and enhance. 

Furthermore, they provide some new features that will revolutionize security administration.

Initially, I was not a huge fan of Check Point's SmartConsole; I'm not sure why; perhaps it was because I was used to using only the web interface in other vendor firewalls like Palo Alto, Fortigate, and so on.

Now that I've tried it, I have to say that it's the greatest way to handle firewalls. There are some flaws, however, Check Point is working to correct them with each version.

They need to make a Mac version of the SmartConsole, in my opinion.

Aside from that, I'm satisfied with Check Point solutions.

I've used the solution for two years.

The application intervenes in security situations in the organization and launches advanced threat prevention measures. 

It has automated security controls that can predict and block malware attacks. 

It is backed by AI deep learning that offers intelligent information and scales performance to unlock hidden malicious behaviors. 

Data fraud cases have reduced since we set up this product as the main security assessment platform. 

Employees can safely browse and share files with their colleagues without fear of external interference.

We are satisfied with this application as it improves internet browsing security across the organization. 

Each department can easily share data with the management without fear of data compromise. 

It is more flexible than other solutions in the market as it can be deployed in both cloud and on-premise. 

It prevents members from logging in to unsecured sites and running links that may spread viruses to clean data. 

The set features are updated regularly to meet company demands and comply with set community guidelines.

The advanced security operational features help the business to identify weak points that can leak data to unauthorized personnel and take necessary precautions. 

Autonomous IoT Security monitors the performance of applications and equips them with safety measures to prevent risks and attacks. 

Deep learning threat prevention has blocked unsafe sites and phishing attacks from cyber attackers. 

It has audited the entire network and removed threat barriers that are used to slow down workflows. 

The cost of running this software has been reduced due to the modern automated version that can work faster without human intervention.

Overloading and access to many members simultaneously slow down performance, which can lead to security threats. 

New users working with this software find it hard to integrate effectively with other applications without the input of the customer support staff. 

It sometimes blocks safe sites when I am researching, affecting the overall output and wasting time. 

If the authorization commands are not well set, it slows down the working capacity of the Operating System. 

I love the current version with upgraded features that can block more attacks and protect our work environment.

I've used the solution for nine months.

The innovative security enhancement models have helped us in curbing most online threats.

There is improved security in communication and internet browsing.

We have achieved most of the set goals due to customer service team transparency and assistance.

Positive

This solution has been awesome and offers excellent functionalities.

The setup was relatively complex. That said, the customer service team provided enough assistance.

The vendor team was responsible for setting up everything.

The measured ROI has improved from 30% to 55% from the deployment period.

The setup and pricing costs are favorable to many business enterprises.

I have no interest in other applications.

This is the best platform for reducing phishing and blocking malware attacks.

Check Point Security Management is primarily used for managing our security gateways that are deployed in multiple offices around the world. We have 20+ gateways in total. 

Security management also has reporting functionality which can be passed off to our internal security team as well as our senior leadership team. 

SmartView is also a handy utility that allows our system admins to have insight into the network traffic which reduces the need to contact the network support team each time something is not functioning.

Check Point Security Management has improved the organization and it assists with easy manageability of all of our globally deployed gateways which if they were not centrally managed, would be very time-consuming to manage. 

The compliance blade provides detailed reports in regards to our policy configuration and global configuration of the gateways which can be easily read to determine if something needs to be actioned. It also contains multiple different other reports that can be utilized by various other departments.

The compliance is great. It verifies the overall compliance of all of the gateways and attached policies against standards. It offers ready-to-use reports that are detailed.

The SmartView monitor is helpful. Having the ability to give read-only access to our system admins where they can look into the firewall logs is a huge plus and reduces the load on the dependency of the network admins. Also, it is very handy in that it is a web console and not an application that needs to be installed on your computer to view the logs. 

It displays very nice dashboards.

Being a security appliance, there should be the ability for the Security Management server to send email alerts via authenticated email. One of our requirements from the organization is to not use unauthenticated email and to only use authenticated email which this does not support.

SmartConsole should be available for MacOS machines. Not every Network/Security administrator utilizes a Windows machine. Being a Mac user, I need to have a VM with SmartConsole installed in order to be able to manage my gateways. I have heard the newer versions allow management through a web version however I have not tested it as of this moment.

I've been using the solution for more than three years.

The solution is very stable.

In terms of scalability, the licensing is restrictive and are cookie-cutter solutions for a number of gateways.

The L1/L2 agents seem inexperienced. Cases often need to be escalated. 

Negative

Yes, we did use something else. We switched as we were looking for something that had a bigger feature set.

We looked into SonicWall and Palo Alto.

We use the solution for ensuring the on-premise and cloud-based infrastructure through the Check Point gateway solution. We're applying the solution to the endpoint and running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance. 

As compared to the other vendors like CISCO ASA, Juniper, and other vendors it's nice to see maximum futures in the single firewall. The site and remote VPN deployment are very easy and troubleshooting the issues is also very easy.

The cluster solution made our job easier any fault to the device will not halt entire internet connectivity. In that case of the performance, we have zero-downtime upgrades and VPN solution deployments.

Check Point Software Technologies (Check Point for short) is a company operating exclusively in the field of Information Security and covering four main areas:

1. Network Security on the perimeter and inside Data Centers.
2. Cloud Security: Public, Private, and Hybrid.
3. Endpoint Security for both Windows and Macs.
4. Mobile Security for Android and iOS devices.

The solution offers ClusterXL, Secure XL, and Core XL.

When working with it, you will encounter three main components: Security gateway, security management server, and Smart Console. 

Customer support is very good and they have depth knowledge on the particular technology which helps us in fixing the problems ASAP. 

Remote and site-site VPNs we can easily deployable and maintenance  upgrade of the tunnel parameters becomes very easy as this is having the simple smart console access to the gateways. 

Also the multi-domain smart dashboard is another capability to manage multiple firewall through the single console.

The application filtering and URL filtering could be better.

They need to improve on this kind of technology as the Palo alto is ahead of the application-based and zero-trust-based approach also the cloud-based application control also user identification through the LDAP and other user directory settings to provide the proper solution.

Check Point has a complex range of reporting tools, some of which can take time to learn and be comfortable with. 

It is advised to make the processes simpler.

Need to have simple scripting and automation methodology to automate the networking operations.

I've used the solution for more than six years.

It's stable.

It's a good product that's scalable.

Technical support is nice.

Positive

I used Cisco ASA. Large-scale deployment and integration are very difficult in Cisco ASA.

The solution is straightforward.

We implemented it with the help of a vendor.

The ROI is good

I did evaluate ASA, Palo Alto, and Firepower solutions.