Check Point Security Management Reviews

We use the solution for ensuring the on-premise and cloud-based infrastructure through the Check Point gateway solution. We're applying the solution to the endpoint and running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance. 

As compared to the other vendors like CISCO ASA, Juniper, and other vendors it's nice to see maximum futures in the single firewall. The site and remote VPN deployment are very easy and troubleshooting the issues is also very easy.

The cluster solution made our job easier any fault to the device will not halt entire internet connectivity. In that case of the performance, we have zero-downtime upgrades and VPN solution deployments.

Check Point Software Technologies (Check Point for short) is a company operating exclusively in the field of Information Security and covering four main areas:

1. Network Security on the perimeter and inside Data Centers.
2. Cloud Security: Public, Private, and Hybrid.
3. Endpoint Security for both Windows and Macs.
4. Mobile Security for Android and iOS devices.

The solution offers ClusterXL, Secure XL, and Core XL.

When working with it, you will encounter three main components: Security gateway, security management server, and Smart Console. 

Customer support is very good and they have depth knowledge on the particular technology which helps us in fixing the problems ASAP. 

Remote and site-site VPNs we can easily deployable and maintenance  upgrade of the tunnel parameters becomes very easy as this is having the simple smart console access to the gateways. 

Also the multi-domain smart dashboard is another capability to manage multiple firewall through the single console.

The application filtering and URL filtering could be better.

They need to improve on this kind of technology as the Palo alto is ahead of the application-based and zero-trust-based approach also the cloud-based application control also user identification through the LDAP and other user directory settings to provide the proper solution.

Check Point has a complex range of reporting tools, some of which can take time to learn and be comfortable with. 

It is advised to make the processes simpler.

Need to have simple scripting and automation methodology to automate the networking operations.

I've used the solution for more than six years.

It's stable.

It's a good product that's scalable.

Technical support is nice.

Positive

I used Cisco ASA. Large-scale deployment and integration are very difficult in Cisco ASA.

The solution is straightforward.

We implemented it with the help of a vendor.

The ROI is good

I did evaluate ASA, Palo Alto, and Firepower solutions.

We primarily use the solution based on the results that are provided. We've tried others previously and they didn't give us the results we receive on this particular product.

The additional features offered by the solution are excellent. We didn't have a lot of these on a previous solution, and they've proven to be an advantage for us.

Based on my personal use of the system, the interface is quite good.

It depends on the user, but all of the checkpoints need improvement. The only place I need a bit of an update, for example, is in the endpoint management. There are some policies that are embedded that you have to examine if you have sensitive users. 

For some applications, the default acts as a manager. However, in a system with a history of being breached or where users are given access based on their job function, we seem to have issues particularly there.

The reporting should be improved in future releases. It needs to be very explicit. This is very important.

I've been using the solution for about a year.

Over the past nine or ten months that we've been using the solution we've found it to be very stable. We haven't had any issues at all. Since we have a monetary drive to enforce stability, when we see a flagged issue we will address it immediately.

The scalability of the solution is excellent. We haven't faced any negative aspects when trying to scale up.

The technical support of the solution has been very good. They are much better than what I previously had. I find that we get attention within 24 hours if we flag something. We are purchasing the support so it may be the reason we get such a quick and helpful response.

We did previously use a different solution. They didn't have support locally in my country and this was difficult for us. Everything was done via mail or phone and it was not helpful. With this solution, if the situation cannot be remotely addressed within 48 hours, they will come to my office in person and attend to me. It's much better.

The initial setup is very straightforward. Deployment takes about three working days. In our case, we had to import policies from SonicWall but not on the same platform, so we had some little challenges like that, however, overall it was quite straightforward.

We have an in-house team that handles maintenance.

We had an integrator that assisted us with the implementation of the product. We use them for support as well.

We're still in the testing phase in terms of using the solution. Soon, it will be one year since we have fully deployed it. So far, it's been very good. I would rate it eight out of ten.

Perimeter protection. It has performed well. It's good.

It hasn't really improved the way our organization functions. It has just provided that extra functionality. That is something we now demand of all firewalls.

The ability to include logs for everything that you do for admin. Also, it has web filtering built in and VPN. Those are the main features we use.

I would like the ability to have an overview, cross-site: One portal that does all firewalls.

The stability is good, but that's because we've got a high-availability configuration.

It is scalable, but, as I said before, you are not able to connect across multiple sites for a similar firewall.

I would say tech support is about a six out of 10.

There was no previous solution. I inherited this one.

When selecting a vendor, the most important criteria are history, reputation, and looking at the industry ratings.

Although I wasn't involved in the initial setup, I believe it was quite complicated.

Do the homework because Check Point is rather expensive. There are better firewalls on the market now that are cheaper and provide better functionality and security.

I rate it a six out of 10 because the user interface is overly complicated.

We utilize the security management solution to oversee all our Check Point products, including firewall, IPS, and antivirus policies. It serves as our primary tool for managing all Check Point devices.

Check Point Security Management excels over Forti Management in daily operations, policy management, and graphical interface. It is easy to open and edit policies, search within them, and view logs.

The only issue is that, you need to install an application instead of managing it through a browser. Thus, it requires installation. Additionally, it can be slow when multiple users access the manager simultaneously. Even with increased CPU and memory resources, some performance issues may still occur when multiple users check simultaneously.

I have been using Check Point Security Management for ten years.

Sometimes, we encounter crashes while working on Check Point Security Management, necessitating application restarts. We also face connectivity issues with certain firewalls, making it less stable than other products.

The solution’s scalability is good ; adding more CPUs and memory can give you more gateways.

20 managers are using this solution.

I rate the solution’s scalability a nine out of ten.

We currently have at least two or three cases open, and some are regarding demand. We struggle to find a good engineer who can truly help us instead of just sending some comments for us to run and provide feedback. They need to improve, especially in their initial client support.

Positive

The initial setup is complex.

Compared to Forti Management, Check Point Security Management involves much more work and is more difficult. You need to establish connections to all the firewalls manually, one by one. However, with the function manager, you point the firewall to the manager and accept it on the Management, and it's done. Additionally, you need to manage certificates on Check Point, making the process less straightforward than FortiManager. 

You depend entirely on the manager to edit the security gateway policies. If the manager encounters an issue with Fortinet, you can still access the FortiGate and delete policies. In Check Point, you cannot delete firewall policies directly on the firewall itself if you encounter a Management issue.

Deployment, including firewall synchronization, takes about four days to complete.

You usually need to create and use the VM Manager VM. So, you need to deploy the VM, configure the IPs, and install the Check Point console software. Then, you need to perform an SIP IT connection to all the firewalls to manage them. After that, you need to configure the firewall networks and public IPs. 

I rate the initial setup as seven out of ten, where one is difficult, and ten is easy.

The product is more expensive than Fortinet. We need to pay the license for the Management. I rate the product’s pricing a seven out of ten, where one is cheap and ten is expensive.

It enhances our daily operational efficiency. Therefore, all management personnel prioritizing working on Check Point policies over Fortinet would benefit. However, maintenance upgrades, backups, snapshots, and synchronization between primary and secondary management can become cumbersome. These tasks tend to be more challenging and time-consuming.

The learning curve for Check Point is quite steep. Sometimes, when we recruit new members to our company, they take a lot of time to understand how our Check Point system works, including the connection between the Management and the firewall, among other components. With Fortinet, it takes only two or three weeks for them to get acquainted with everything. With Check Point, they need at least three months to become accustomed to upgrades, managing policies, and maintenance of the Management system. So, it takes at least three or four times longer than with Fortinet.

AI is essential for correlating logs and presenting the ones that matter. They could strengthen how they present logs by giving more attention to the ones that matter most.

Check Point is easy to use, allowing users to drag and drop objects effortlessly. However, it's essential to note that deploying and maintaining the solution may require a bit more expertise than some competitors.

Overall, I rate the solution an eight out of ten.

We are using it on the cloud for cloud segmentation and as a VPN for users. We have been implementing Checkpoint on Azure's cloud for configuring scale sets for internal and external firewalls and as a gateway group active/standby for the VPN. The solution is implemented using a Multiple Entry Point feature. This allows us to use the same URL deplyed for all users and let them connect to the nearest node. We use other features like IPS, Threat Control, and Antivirus/Antibot for protecting our servers. We wanted to implement the SCV feature but it's not working. We've been working with support for months without a resolution.

It has allowed global worldwide access to our cloud infrastructure. It gives us the possibility to improve security on the Azure cloud as well. 

It features NGFW provided by checkpoint with all of the capabilities that are required to protect for Next Generation protection from attacks at perimeter level The module and security features that are provided as part of the base license with Checkpoint include the VPN, IPS, Application Control, and Content Awareness which offers strong protection for the organization. The main problem is that the support in terms of solving any issue is not very good.

The unique management using Smart Console for all Firewalls is very useful. Also, the management of policies and the log page allows for easy troubleshooting and configuration using a single pane of glass. The new release R81 allows a very fast installation of policies on the firewalls.

The MEP feature had a lot of problems during the implementation, needing configuration of TXT file via the CLI, however, at the end of the implementation, it is working well and has given us a very good advantage on the VPN solution in our company. I hope to see other useful features in the next release.

I've found the solution was a bit unstable. It would be better to improve the stability of the service. Another thing that needs to be improved is the Checkpoint support. Very often they were not able to solve the problems that we had. Sometimes to solve problems you need to install a new Hotfix or Custom release - and that can generate some side effects that can create instability problems. It's necessary to improve the support - especially the one that is provided in India.

We had done an upgrade 2 months ago.

It's improving with new releases.

It's very scalable.

The experience has not been very good.

Yes, we were using on-prem products with Cisco Anyconnect VPN solutions. We switched to Checkpoint and moved the VPN solution to the cloud.

Yes, it was a bit complex.

We had a good level of expertise, and we also used Checkpoint professional services directly.

We hope to have ROI in 3 years.

Licensing is very granular. You can easily select the best solution and feature that fits to you.

We did not evaluate other options.

They should improve the support and the stability of the system. When there are issues, it is not very easy to solve problems using the support they offer. Other vendors like Cisco have better support. This is very important for Enterprise companies - even more than new features.

Our primary use case is to have a centralized server to manage all of our Check Point firewalls, which are around 30 clusters of firewalls. We also use it to have a place where we can see, call, and centralize the logs.

Every day we have new projects and new applications that need to be delivered. We need to open flows on the firewall from one point to the other. Check Point helps our security team to create the policies in a centralized way, where we can even copy policies from one firewall to the other.

It saves us a lot of time, and it's very easy to use. We can clone objects and drag and drop. It's much easier than a few years ago where we used to have Cisco firewalls and we needed to do it on the command line. Check Point is much easier. We can very quickly place trainees to work in policy creation.

The features we like and find the most valuable are the ways we can manage the policy, create objects, and drag and drop objects in our daily operation. It makes our daily operation on the firewall management much easier than going, for example, to one firewall, then going to the other. We have a centralized point of managing the firewall in terms of firewall policy and in terms of threat prevention policy where we can easily review the antivirus policy. It has a good description of which protection we are applying to the IPS on the antivirus. It's very clear and easy to use.

The SmartConsole chooses which application communicates with the manager and allows us to create the policies and also look at the log of the traffic that is crossing all the firewalls. We can manage and also see the logs of what is happening on the firewalls.

I would like for Check Point to add some features like the Smart Monitor on the R77 that are available on the SmartConsole of the R80. Now, we need to open a different application to have access to it. There are some applications that worked in the past but were not too integrated with a new application that communicates with the manager. There are some applications that should be integrated into the SmartConsole. I don't know if they will be, but everything should be on the SmartConsole and we shouldn't need to open another application.

The migration from R77 Manager to R80 is a major upgrade. It's not very easy to do. There should be some kind of Wizard for a direct upgrade from the R77 to the R80. There should be an easy way for the customers to do the upgrade.

We have been using Check Point Security Management for three years. 

It has been very stable. We don't have many complaints about stability. Once every three months or so, there are some processes on the management server that we get stuck on and we need to restart the services. After we restart, we get back to normal.

It's very scalable for our use case. We have two security managers. We have one primary and one backup to manage all of our firewall infrastructure, and we have no problem with it. We always have a new firewall. 

There are around eight people who work with this solution in my company. They're network engineers. 

My colleague and I are responsible for the maintenance. 

We have a 100% adoption rate for all of the Check Point Firewalls. We all use this manager to manage the Check Point infrastructure.

We don't have any issues with support. The support is very good, especially if you work with the Israel group, but on this specific product, as this is a core product of Check Point, I would say all of the groups work fairly well.

We also have experience with Fortinet but it's like comparing apples to oranges. 

The initial migration from R77 to the R80 was a bit complex. We had the help of a third-party company for the migration phase. We needed to export from the old manager and import it to the new one. There were some modifications we needed to do. It's not very straightforward. They had more experience in those kinds of migrations. 

We have already done some upgrades and they are very easy and straightforward. For this migration, we needed to prepare the servers side by side to the old one, and we needed to do the initial configuration. It took like at least one week to prepare and to migrate it that way.

We do see ROI because we save a lot of time and we can have new team members working with the firewall very quickly. We save at least eight hours a week.

The pricing is in line with its competition, like Fortinet. 

Sometimes applying licensing in products gets a bit messy. We will apply for a license on the manager, specifically for the firewall, but you still see the firewall complaining it doesn't have any rights. In this case, we need vendor support to fix this kind of situation.

We need to devise whether we need to have remote sessions with regard to why the firewall is complaining. There must be some kind of protection for the people not to flip licenses that they shouldn't. Sometimes when you buy a new firewall, the licensing is not straightforward to apply. After we fix it, we never have issues again.

This solution is overall our favorite Check Point product. It's a product that you need to have if you have a Check Point Firewall. If you have a Check Point Firewall, you need to have to Check Point Security Management. You cannot manage the firewalls directly, you need to have the manager.

I think it's the best product Check Point has and is the one that makes the difference. When you compare it to, for example, Fortinet, which has a manager that is web-based, it's not as easy to use and easy to drag and drop objects. The way to see the logs is not as good. It works better than web-based FortiManager, for example.

Palo Alto is also web-based, but me and my team, all of us prefer the SmartConsole over the way we have to manage FortiGate. It's very easy to search for rules on the policy, Check Point is much easier than the competition.

The competitors work well but Check Point works better.

If you refresh the page, you will lose what you did. Even the screen resolution is dependent on the browser. Drag and drop is not as good as with Check Point. It's by far the best product we have to manage firewalls. I think the thing that makes the difference on the other Check Point firewalls.

My advice would be to try the SmartConsole before deciding if you want to go ahead with buying Check Point Firewalls and the manager. You can install the application in any Windows, computer, or Windows server and try the SmartConsole in demo mode.

I would rate Check Point Security Management a nine out of ten. 

We use it for the firewall and the filtration. The accounts are put on a server and even the SmartConsole is installed on a server environment.

In terms of most valuable features, I love the URL filtering as well as the identification capabilities which link with the Active Directory and work for me even with bandwidth regulation. These allow me to select to whom to do what, and when.

As for improvement, again, the bandwidth regulation is an issue - it is not up to my expectations. If they could improve that it would be good.

In future releases I'd like to see better integration with other applications and solutions.

Also, the cost of the license is too high, it's too expensive.

I have been using Check Point Security Management for the last five or six years.

I used to contact customer service, but nowadays, I'm authorized to handle that. We have our own internal team in the company to maintain this solution on our own. I know a few people at Check Point so we work together.

Yes, we were using Dell SonicWall.

In terms of initial setup, at the beginning when I was not an expert, it was difficult but now that I'm an expert it is no longer difficult at all.

I don't know how long the setup was the first time since it was done by a client. But nowadays, because I'm an expert, it doesn't take long. It takes about an hour or two and I've done everything.

On a scale of one to ten, I'd give Check Point Security Management a nine because it is not yet available in our country.

This solution is used to control OPC's. You are also able to generate reports with it.

Our organization is now able to easily see if our computers are running smoothly or not.

This solution is easy to install and deploy. It is also user-friendly.

I would like for users to have more control over the platform in the next release. Right now, the system is very central and general requiring new rules to be created that better-suite our requirements.

I have been using this solution since 1993.

This is a stable solution.

This is a scalable solution, we currently have three to four hundred users.

We hardly contact Check Point support thanks to help from our partner. However, if there is an issue neither of us can resolve, we open a case with Check Point and they are able to resolve the issue quickly.

We were using Symantec for its antivirus and backup capabilities, but now that Check Point offers antivirus, we are only using Symantec for backups. And Check Point is one fourth of the price!

The initial setup was not complex. There was still a bit to learn with the program, but it was not complex. Initial installation took about a day and a half and it took one week for deployment in total after running some tasks.

We had support from a Check Point partner perform the initial setup. We now have four members of our technical group maintaining the solution.

Check Point is much cheaper than the competition ($4/server as compared to $17/server).

I would rate this solution an eight out of ten (nine for its antivirus capabilities).