To make the tool better, I think we could have some sort of analysis similar to how some products offer information related to social media sentiments. If we could get that kind of assessment, some sort of analysis of some sort, I think that would be something that can really improve the solution. In the future, I would like to see more frequent updates because of the changing security landscape. We should be seeing more updates in the tool, especially those that are not paid. The tool can also put in efforts in terms of maybe the community by conducting some sort of workshop or some sort of online event to bring the community together so that we can all meet. A community portal is needed.
Check Point Tech Support will not assist with new configurations if we encounter any issues during the configuration process. They only provide support if there are issues with existing configurations.
Check Point is highly regarded for its effectiveness and the three-layer architecture for security, comprising the client, Security Management, and secure management console, integrated with firewall capabilities. This architecture differentiates it from other security solutions like Palo Alto, Cisco, and FortiGate. Our files are more secure against potential compromises with three layers, as configurations are managed centrally on the Management servers. The SmartConsole facilitates easy configuration and management, aligning with modern automation trends. Integrating Check Point with AI and API security features enhances its effectiveness and user-friendliness. Customizable logs tailored to sources, businesses, and IPs can be automated for delivery via email, ensuring accessibility without needing to log into devices directly.
The only issue is that, you need to install an application instead of managing it through a browser. Thus, it requires installation. Additionally, it can be slow when multiple users access the manager simultaneously. Even with increased CPU and memory resources, some performance issues may still occur when multiple users check simultaneously.
Advisor at Rossell Techsys (Division of Rossell India Limited)
Real User
Top 20
2024-02-20T12:08:00Z
Feb 20, 2024
Check Point EDR has room for improvement, especially in the area of Data Loss Prevention where it currently lacks functionality. I'd also like to see enhancements in content filtering and categorization features. I would appreciate the ability to restrict forwarding of confidential documents to specific groups, ensuring tighter security measures.
Learn what your peers think about Check Point Security Management. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Security Consultant at a consultancy with 501-1,000 employees
Real User
Top 5
2023-06-26T14:23:26Z
Jun 26, 2023
From the Check Point Security Management solution, it's possible to get the situation of my clusters. I guess it lacks in providing visibility of the many incidents. Hence, the visibility of incidents is an area where I want the solution to improve.
Check Point's hybrid cloud integration needs significant improvements. These resources need to evolve as data transfers to the cloud increase, so hybrid cloud models are easier to implement. Better hybrid cloud integration would improve how we manage our security logs and provide our administrators with a low-cost solution that enables them to meet all our essential requirements.
Cloud Engineer at IT Quest Solutions|interglobalmsp
User
Top 5
2023-01-04T15:28:00Z
Jan 4, 2023
Check Point Security Management must make some improvements. While the console and administration work well, they have to work on performance since it consumes a lot of CPU and memory. There is also latency in the administrative panel when entering. There has been a problem with updating licenses. They must improve the documentation library. They must improve the support they provide and improve the SLAs they offer. On some occasions, they have not been met.
This security control system has efficient features that have transformed the company to help it achieve set international standards. Most of the features provide excellent services that cannot be extracted from other platforms. It can be scaled down to provide services based on the company's demands and lowers operational costs. Sometimes the security system slows down when it is overloaded. Poor configurations have led to data leakages and weakened security signals. The overall performance has impressed all the team members and provided a secure environment for better workflows.
Overloading and access to many members simultaneously slow down performance, which can lead to security threats. New users working with this software find it hard to integrate effectively with other applications without the input of the customer support staff. It sometimes blocks safe sites when I am researching, affecting the overall output and wasting time. If the authorization commands are not well set, it slows down the working capacity of the Operating System. I love the current version with upgraded features that can block more attacks and protect our work environment.
In the future, I would like the platform to be able to integrate or manage appliances or third-party equipment. That would give us a management solution that is able to adapt to the technological changes that we have today. Maybe we could see if the brand or the services become commercial allies of other brands. I know that it is something that is requested a lot, however, better integration could be beneficial for the market and for users when purchasing a service in the market.
Among the things that I would like in the future is for the solution to have its application on Android and iOS, as many of the administrators have adopted remote administration positions due to what has happened since the pandemic. This would help us to have an easier and simpler administration. I believe that these mobile solutions are part of the technological evolution and the promising future that new technologies bring us; this will help us with future innovation and management.
There are some improvements that can be generated in this solution. For example, their internal environments and dashboards should all be updated to look pleasant on a visual level. It would be helpful if the documentation and good practice guides are updated. Many are still from R77. At the support level, they should expand the languages of attention to be able to expand support in countries where the English language is not standard. They could improve the response time when it comes to providing customer support.
The web administration tool that allows administration in the browser must be developed even more. When one tries to enter the panel, the loading delays us. They can also implement version updating. Another feature that could be improved is the export of configurations to .CSV. This would further simplify the management and compliance with rules.
Senior Information Security Specialist at AKBANK TAS
Real User
Top 10
2022-07-30T08:12:00Z
Jul 30, 2022
I am happy with Check Point Security Management. However: 1- In order to work management console, you need some good appliance or you need to provide more CPU and Memory to the appliance. 2-If you overload your appliance with detailed log, you need additional appliances. For big companies even smart 5150 kinda devices is not enough. 3-I normally had trouble updating licenses automatically. We always need to add manually and this is tiresome. 5- API seems to be fine but need some improvements and Check Point should provide scripts to its customers for tiresome jobs.
Every manufacturer must have enough documentation for client implementations and proofs of concept. However, Check Point has many outdated manuals. These should be simpler for users and help them to manage their environments with the best practices. As for the support, it is not the best. The hours are different from those in America. They generally respond to us at dawn. They are not as fast or efficient, and they could improve in this area. Some costs are ridiculously high. Adding additional licenses for Remote VPN is very expensive compared to other manufacturers. They could lower the costs.
Initially, I was not a huge fan of Check Point's SmartConsole; I'm not sure why; perhaps it was because I was used to using only the web interface in other vendor firewalls like Palo Alto, Fortigate, and so on. Now that I've tried it, I have to say that it's the greatest way to handle firewalls. There are some flaws, however, Check Point is working to correct them with each version. They need to make a Mac version of the SmartConsole, in my opinion. Aside from that, I'm satisfied with Check Point solutions.
In complex environment, the Security Management system manages many firewall gateways. There are thousands of security rules in the server and there are also other security settings about Check Point blades. Database in the server becomes large. Hence installing policy takes very long time to complete. Imagine that the administrators must process their daily tickets. They make configuration changes in Smart Console of Management Server for the first ticket, and while waiting for installation completion, then they receive the second ticket, a critical case, what should they do? This is only one of the situations that the administrators are facing in operation. Hope that Check Point can improve the processing time of installation.
We would like to improve the upgrade process in order to do mass upgrades to firewalls and to be able to upgrade target firewalls at the same time. I would like to be able to use Check Point Security Management in a way where it is hosted on the cloud. I'd like secured Security Management directly reachable from wherever you are with no need to install the Check Point client software on the laptop. I would also like to have the ability to easily export the Check Point security policies in order to exploit the data in other applications and have more compatibility with other applications.
It could improve by showing DNS-specific information for connections to unknown public IPs. Check Point could also improve management by not having applications for each version released because we have to install a new application for every version it is not very nice. They could do that by moving management to the web so that we do not have to install a client for every version. The fact that you have to connect to two different applications for management, does not make it the most usable. It could be great to have a system setting and policy setting done from one interface.
Contracted IT Staff at Sağlık Bakanlığı-Turkish Ministry of Health
Real User
2022-05-06T18:48:00Z
May 6, 2022
Policy installation time can be reduced. Proof of concept really matters on this subject. Every organization's needs are different and unique. Therefore, before you purchase the product, use proof of concept as much as you can.
Sr. Security Infrastructure Engineer at NTT Security
Real User
2022-05-06T12:41:00Z
May 6, 2022
The upgrade procedure already made huge improvements, yet it remains more challenging compared to other products. However, everything is well documented and the Check Point support is very skilled, so risks are rather limited. As this is probably the most complete product within its segment, no huge improvements are required from my point of view. Another problematic point, the policy installation duration time is solved since version R8x, so that's good. Clients always tell me: "Check Point is the Rolls Royce within this segment, it is outstanding".
The application filtering and URL filtering could be better. They need to improve on this kind of technology as the Palo alto is ahead of the application-based and zero-trust-based approach also the cloud-based application control also user identification through the LDAP and other user directory settings to provide the proper solution. Check Point has a complex range of reporting tools, some of which can take time to learn and be comfortable with. It is advised to make the processes simpler. Need to have simple scripting and automation methodology to automate the networking operations.
Cloud Support at a tech company with 51-200 employees
User
2022-05-04T01:24:00Z
May 4, 2022
I sincerely believe that the documentation could be improved a little for cloud implementations both in Microsoft Azure and others. The documentation is somewhat messy. We also found many versions of the documentation for which it was difficult at first to achieve all the adaptations that we required. However, once implemented and we obtained the appropriate documentation, everything was clear, and the guarantee that it generated for us was very good, so I honestly have a good rating for this product.
I would like for users to have more control over the platform in the next release. Right now, the system is very central and general requiring new rules to be created that better-suite our requirements.
System Engineer Network & Security at a retailer with 10,001+ employees
Real User
2021-11-22T09:37:00Z
Nov 22, 2021
The management API can be further developed so that all functions offered by the dashboard are also available via the API (for example, Network Topology). The new web management tool which allows the management in the browser has to be developed further so that all functions from the dashboard are available. Many of our administrators work with a Mac OS. Until now, the management of rules is only possible on Windows as the Smart Dashboard is only available for Windows. Now, with the first release of the web interface, it is possible in the browser. All functions from the dashboard must still be possible via the web interface.
Network Security Engineer at Atlantic Data Security
User
2021-11-19T18:38:00Z
Nov 19, 2021
Sometimes there are some performance issues that cause certain operations to run slowly, however, that may just be due to the hardware it is running on needing to be stronger. Check Point could possibly lighten up the software code so that it is not as resource-intensive and will run more smoothly on a variety of hardware and cloud or virtual machine platforms. More ability for users to generate reports for traffic flows, firewall performance factors like CPU, memory usage, total bandwidth consumption, and tracing heavy traffic (elephant) flows would also be great.
Presales engineer cybersecurity expert en ElevenPaths at Telefónica
Real User
2021-09-13T15:33:00Z
Sep 13, 2021
In my experience, the place they can improve the most is in the technical support where I have had some serious problems that could not be solved in time due to a lack of knowledge of the assigned engineer. It would be a good policy to try to assign senior engineers when it has been verified that an incident is critical and urgent for a client and not to resort to less-experienced technicians that can put at risk the recovery of the attacked assets. Apart from that, at the architectural level, it is a very competent and versatile solution.
The solution could be improved in these ways: 1. In order to work the management console properly we're required to have more memory and CPU on the system where we need to install a setup. 2. Due to the large size of logs generated for daily traffic, even when old logs purging is enabled, we need to delete old logs manually or else it causes errors while publishing policies which slow down the process. 3. SD-WAN functionality could be added. 4. The required license addition for every blade is a bit of a complicated task for normal IT admins to understand.
Assistant Manager IT Operation at Datamatics Global Services Limited
Real User
2021-08-25T04:48:00Z
Aug 25, 2021
The Security Management server could be improved. If it provided an inbuilt authenticator for multifactor authentication, that would be ideal. Currently, we have to depend on a third party for multifactor authentication. It would help us greatly in securing the remote access users if Mac binding can be done for remote access VPN users in mobile. It would be helpful if we could enable URL and application traffic control remote access. The logging and reporting are good, but it would be helpful if more report templates were available.
Senior Infrastructure Service Specialist at a financial services firm with 10,001+ employees
User
2021-07-16T04:05:00Z
Jul 16, 2021
One possible improvement for the platform would be the import of security policies via CSV or CLI. Even though the platform is simple, and creating security policies is a fairly quick task, creating a bulk of policies at once (ie. for a migration) could be a useful tool. This is probably possible through scripting, however, having an easy-to-use "import CSV" button would be beneficial. Another feature that could be improved is the export of configurations to CSV. This is often useful to map current firewall policies or NATs. I understand that this feature is available currently, but would CSV bring objects with names (but not IPs) and groups (but not the members). The improvement of this feature would surely be welcomed.
ICT at a manufacturing company with 501-1,000 employees
Real User
2021-06-16T13:31:00Z
Jun 16, 2021
The graphical interface is nice but it is a bit heavy. Even installing the policies is often a very slow activity. Sometimes it happens that the rules are scattered in several points such as global properties, security policy, and/or application policy and it is difficult to find the point where to intervene
Works at a financial services firm with 5,001-10,000 employees
Real User
2021-05-18T15:54:00Z
May 18, 2021
Support is the main area that they need to improve. Our support experience is not very smooth. We are based in Africa, and we don't know whether it is because of our region. I would like a feature where there is a workflow to provide authorization to some users before they're able to create and apply rules. Such a feature should be integrated with the management. It should not be in the box that comes with it.
Technology consultant at a tech services company with 501-1,000 employees
Real User
2021-03-23T07:32:00Z
Mar 23, 2021
It is very difficult to recover policies from the gateway in case if you lose your security management server, and don't have a backup. The backup functionality (Migrate export command), which covers policies, can not be operated from the GUI. Instead, we have to log into the CLI and generate a file then take it out. For those not familiar with the Command Line interface, there should be an option in the GUI for operating backups. There should also be an option to automatically schedule the backup. The smart dashboard is a very heavy application. If we could directly connect & manage firewalls from the Management server itself then it would make it very easy.
I would like for Check Point to add some features like the Smart Monitor on the R77 that are available on the SmartConsole of the R80. Now, we need to open a different application to have access to it. There are some applications that worked in the past but were not too integrated with a new application that communicates with the manager. There are some applications that should be integrated into the SmartConsole. I don't know if they will be, but everything should be on the SmartConsole and we shouldn't need to open another application. The migration from R77 Manager to R80 is a major upgrade. It's not very easy to do. There should be some kind of Wizard for a direct upgrade from the R77 to the R80. There should be an easy way for the customers to do the upgrade.
Currently we have option to create rule with Access Role, but it is also asking network as well, so my suggestion if we mapped user and machine both then the network should be not compulsory. This will reduce our effort to creating rules. Above is only my suggestion for access role rule type
Senior Network and Security Engineer at a computer software company with 201-500 employees
Real User
2020-07-23T17:00:00Z
Jul 23, 2020
I like that the Compliance software blade is available for free with the Security Management server purchase, but it is free for only one year - after that, you have to buy an additional license to continue using it. I think such an important feature is vital for the management server, and should not be licensed separately. Also, the SmartConsole application used for management is currently available only for Microsoft Windows OSes. I think many administrators use macOS and Linux, so it would be nice to have native apps for these platforms as well.
It depends on the user, but all of the checkpoints need improvement. The only place I need a bit of an update, for example, is in the endpoint management. There are some policies that are embedded that you have to examine if you have sensitive users. For some applications, the default acts as a manager. However, in a system with a history of being breached or where users are given access based on their job function, we seem to have issues particularly there. The reporting should be improved in future releases. It needs to be very explicit. This is very important.
As for improvement, again, the bandwidth regulation is an issue - it is not up to my expectations. If they could improve that it would be good. In future releases I'd like to see better integration with other applications and solutions. Also, the cost of the license is too high, it's too expensive.
System and Network Engineer at a non-tech company with 1,001-5,000 employees
Real User
2019-10-06T16:38:00Z
Oct 6, 2019
We had a lot of problems with the VPN blade on the solution. We sometimes have trouble with the performance of the solution. Maybe some performance tuning options could be added in a future release. There should be more visibility about which blade in your firewall is causing the latency. That would be nice as well.
The client of the management needs to be improved. The solution is a bit slow. The speed should be improved. If there is a possibility to use the URL instead of client management in a future release, that would be ideal. In the last version from 80.20, there are some issues around SSNA Diction. I would like this to be improved.
Check Point Security Management is an advanced security management platform for enterprises. The platform integrates all aspects of security. A single platform manages the entire infrastructure, from data centers to private/public cloud deployments.
Check Point Security Management is a reliable and easy-to-use security platform. It integrates all aspects of your security environment to strengthen the security posture without impairing productivity. The system has a layered policy model....
To make the tool better, I think we could have some sort of analysis similar to how some products offer information related to social media sentiments. If we could get that kind of assessment, some sort of analysis of some sort, I think that would be something that can really improve the solution. In the future, I would like to see more frequent updates because of the changing security landscape. We should be seeing more updates in the tool, especially those that are not paid. The tool can also put in efforts in terms of maybe the community by conducting some sort of workshop or some sort of online event to bring the community together so that we can all meet. A community portal is needed.
Check Point Tech Support will not assist with new configurations if we encounter any issues during the configuration process. They only provide support if there are issues with existing configurations.
Check Point is highly regarded for its effectiveness and the three-layer architecture for security, comprising the client, Security Management, and secure management console, integrated with firewall capabilities. This architecture differentiates it from other security solutions like Palo Alto, Cisco, and FortiGate. Our files are more secure against potential compromises with three layers, as configurations are managed centrally on the Management servers. The SmartConsole facilitates easy configuration and management, aligning with modern automation trends. Integrating Check Point with AI and API security features enhances its effectiveness and user-friendliness. Customizable logs tailored to sources, businesses, and IPs can be automated for delivery via email, ensuring accessibility without needing to log into devices directly.
The only issue is that, you need to install an application instead of managing it through a browser. Thus, it requires installation. Additionally, it can be slow when multiple users access the manager simultaneously. Even with increased CPU and memory resources, some performance issues may still occur when multiple users check simultaneously.
The tool is expensive.
Check Point EDR has room for improvement, especially in the area of Data Loss Prevention where it currently lacks functionality. I'd also like to see enhancements in content filtering and categorization features. I would appreciate the ability to restrict forwarding of confidential documents to specific groups, ensuring tighter security measures.
They could offer educational courses to help individuals improve their knowledge and skills.
Check Point Security Management lacks some of the competitor features.
From the Check Point Security Management solution, it's possible to get the situation of my clusters. I guess it lacks in providing visibility of the many incidents. Hence, the visibility of incidents is an area where I want the solution to improve.
Check Point's hybrid cloud integration needs significant improvements. These resources need to evolve as data transfers to the cloud increase, so hybrid cloud models are easier to implement. Better hybrid cloud integration would improve how we manage our security logs and provide our administrators with a low-cost solution that enables them to meet all our essential requirements.
Check Point Security Management must make some improvements. While the console and administration work well, they have to work on performance since it consumes a lot of CPU and memory. There is also latency in the administrative panel when entering. There has been a problem with updating licenses. They must improve the documentation library. They must improve the support they provide and improve the SLAs they offer. On some occasions, they have not been met.
This security control system has efficient features that have transformed the company to help it achieve set international standards. Most of the features provide excellent services that cannot be extracted from other platforms. It can be scaled down to provide services based on the company's demands and lowers operational costs. Sometimes the security system slows down when it is overloaded. Poor configurations have led to data leakages and weakened security signals. The overall performance has impressed all the team members and provided a secure environment for better workflows.
Overloading and access to many members simultaneously slow down performance, which can lead to security threats. New users working with this software find it hard to integrate effectively with other applications without the input of the customer support staff. It sometimes blocks safe sites when I am researching, affecting the overall output and wasting time. If the authorization commands are not well set, it slows down the working capacity of the Operating System. I love the current version with upgraded features that can block more attacks and protect our work environment.
In the future, I would like the platform to be able to integrate or manage appliances or third-party equipment. That would give us a management solution that is able to adapt to the technological changes that we have today. Maybe we could see if the brand or the services become commercial allies of other brands. I know that it is something that is requested a lot, however, better integration could be beneficial for the market and for users when purchasing a service in the market.
Among the things that I would like in the future is for the solution to have its application on Android and iOS, as many of the administrators have adopted remote administration positions due to what has happened since the pandemic. This would help us to have an easier and simpler administration. I believe that these mobile solutions are part of the technological evolution and the promising future that new technologies bring us; this will help us with future innovation and management.
There are some improvements that can be generated in this solution. For example, their internal environments and dashboards should all be updated to look pleasant on a visual level. It would be helpful if the documentation and good practice guides are updated. Many are still from R77. At the support level, they should expand the languages of attention to be able to expand support in countries where the English language is not standard. They could improve the response time when it comes to providing customer support.
The web administration tool that allows administration in the browser must be developed even more. When one tries to enter the panel, the loading delays us. They can also implement version updating. Another feature that could be improved is the export of configurations to .CSV. This would further simplify the management and compliance with rules.
I am happy with Check Point Security Management. However: 1- In order to work management console, you need some good appliance or you need to provide more CPU and Memory to the appliance. 2-If you overload your appliance with detailed log, you need additional appliances. For big companies even smart 5150 kinda devices is not enough. 3-I normally had trouble updating licenses automatically. We always need to add manually and this is tiresome. 5- API seems to be fine but need some improvements and Check Point should provide scripts to its customers for tiresome jobs.
Every manufacturer must have enough documentation for client implementations and proofs of concept. However, Check Point has many outdated manuals. These should be simpler for users and help them to manage their environments with the best practices. As for the support, it is not the best. The hours are different from those in America. They generally respond to us at dawn. They are not as fast or efficient, and they could improve in this area. Some costs are ridiculously high. Adding additional licenses for Remote VPN is very expensive compared to other manufacturers. They could lower the costs.
Initially, I was not a huge fan of Check Point's SmartConsole; I'm not sure why; perhaps it was because I was used to using only the web interface in other vendor firewalls like Palo Alto, Fortigate, and so on. Now that I've tried it, I have to say that it's the greatest way to handle firewalls. There are some flaws, however, Check Point is working to correct them with each version. They need to make a Mac version of the SmartConsole, in my opinion. Aside from that, I'm satisfied with Check Point solutions.
In complex environment, the Security Management system manages many firewall gateways. There are thousands of security rules in the server and there are also other security settings about Check Point blades. Database in the server becomes large. Hence installing policy takes very long time to complete. Imagine that the administrators must process their daily tickets. They make configuration changes in Smart Console of Management Server for the first ticket, and while waiting for installation completion, then they receive the second ticket, a critical case, what should they do? This is only one of the situations that the administrators are facing in operation. Hope that Check Point can improve the processing time of installation.
We would like to improve the upgrade process in order to do mass upgrades to firewalls and to be able to upgrade target firewalls at the same time. I would like to be able to use Check Point Security Management in a way where it is hosted on the cloud. I'd like secured Security Management directly reachable from wherever you are with no need to install the Check Point client software on the laptop. I would also like to have the ability to easily export the Check Point security policies in order to exploit the data in other applications and have more compatibility with other applications.
It could improve by showing DNS-specific information for connections to unknown public IPs. Check Point could also improve management by not having applications for each version released because we have to install a new application for every version it is not very nice. They could do that by moving management to the web so that we do not have to install a client for every version. The fact that you have to connect to two different applications for management, does not make it the most usable. It could be great to have a system setting and policy setting done from one interface.
Policy installation time can be reduced. Proof of concept really matters on this subject. Every organization's needs are different and unique. Therefore, before you purchase the product, use proof of concept as much as you can.
The upgrade procedure already made huge improvements, yet it remains more challenging compared to other products. However, everything is well documented and the Check Point support is very skilled, so risks are rather limited. As this is probably the most complete product within its segment, no huge improvements are required from my point of view. Another problematic point, the policy installation duration time is solved since version R8x, so that's good. Clients always tell me: "Check Point is the Rolls Royce within this segment, it is outstanding".
The application filtering and URL filtering could be better. They need to improve on this kind of technology as the Palo alto is ahead of the application-based and zero-trust-based approach also the cloud-based application control also user identification through the LDAP and other user directory settings to provide the proper solution. Check Point has a complex range of reporting tools, some of which can take time to learn and be comfortable with. It is advised to make the processes simpler. Need to have simple scripting and automation methodology to automate the networking operations.
I sincerely believe that the documentation could be improved a little for cloud implementations both in Microsoft Azure and others. The documentation is somewhat messy. We also found many versions of the documentation for which it was difficult at first to achieve all the adaptations that we required. However, once implemented and we obtained the appropriate documentation, everything was clear, and the guarantee that it generated for us was very good, so I honestly have a good rating for this product.
The tracking of new threats could be improved.
I would like for users to have more control over the platform in the next release. Right now, the system is very central and general requiring new rules to be created that better-suite our requirements.
The management API can be further developed so that all functions offered by the dashboard are also available via the API (for example, Network Topology). The new web management tool which allows the management in the browser has to be developed further so that all functions from the dashboard are available. Many of our administrators work with a Mac OS. Until now, the management of rules is only possible on Windows as the Smart Dashboard is only available for Windows. Now, with the first release of the web interface, it is possible in the browser. All functions from the dashboard must still be possible via the web interface.
Sometimes there are some performance issues that cause certain operations to run slowly, however, that may just be due to the hardware it is running on needing to be stronger. Check Point could possibly lighten up the software code so that it is not as resource-intensive and will run more smoothly on a variety of hardware and cloud or virtual machine platforms. More ability for users to generate reports for traffic flows, firewall performance factors like CPU, memory usage, total bandwidth consumption, and tracing heavy traffic (elephant) flows would also be great.
In my experience, the place they can improve the most is in the technical support where I have had some serious problems that could not be solved in time due to a lack of knowledge of the assigned engineer. It would be a good policy to try to assign senior engineers when it has been verified that an incident is critical and urgent for a client and not to resort to less-experienced technicians that can put at risk the recovery of the attacked assets. Apart from that, at the architectural level, it is a very competent and versatile solution.
The solution could be improved in these ways: 1. In order to work the management console properly we're required to have more memory and CPU on the system where we need to install a setup. 2. Due to the large size of logs generated for daily traffic, even when old logs purging is enabled, we need to delete old logs manually or else it causes errors while publishing policies which slow down the process. 3. SD-WAN functionality could be added. 4. The required license addition for every blade is a bit of a complicated task for normal IT admins to understand.
The Security Management server could be improved. If it provided an inbuilt authenticator for multifactor authentication, that would be ideal. Currently, we have to depend on a third party for multifactor authentication. It would help us greatly in securing the remote access users if Mac binding can be done for remote access VPN users in mobile. It would be helpful if we could enable URL and application traffic control remote access. The logging and reporting are good, but it would be helpful if more report templates were available.
One possible improvement for the platform would be the import of security policies via CSV or CLI. Even though the platform is simple, and creating security policies is a fairly quick task, creating a bulk of policies at once (ie. for a migration) could be a useful tool. This is probably possible through scripting, however, having an easy-to-use "import CSV" button would be beneficial. Another feature that could be improved is the export of configurations to CSV. This is often useful to map current firewall policies or NATs. I understand that this feature is available currently, but would CSV bring objects with names (but not IPs) and groups (but not the members). The improvement of this feature would surely be welcomed.
The graphical interface is nice but it is a bit heavy. Even installing the policies is often a very slow activity. Sometimes it happens that the rules are scattered in several points such as global properties, security policy, and/or application policy and it is difficult to find the point where to intervene
Support is the main area that they need to improve. Our support experience is not very smooth. We are based in Africa, and we don't know whether it is because of our region. I would like a feature where there is a workflow to provide authorization to some users before they're able to create and apply rules. Such a feature should be integrated with the management. It should not be in the box that comes with it.
It is very difficult to recover policies from the gateway in case if you lose your security management server, and don't have a backup. The backup functionality (Migrate export command), which covers policies, can not be operated from the GUI. Instead, we have to log into the CLI and generate a file then take it out. For those not familiar with the Command Line interface, there should be an option in the GUI for operating backups. There should also be an option to automatically schedule the backup. The smart dashboard is a very heavy application. If we could directly connect & manage firewalls from the Management server itself then it would make it very easy.
I would like for Check Point to add some features like the Smart Monitor on the R77 that are available on the SmartConsole of the R80. Now, we need to open a different application to have access to it. There are some applications that worked in the past but were not too integrated with a new application that communicates with the manager. There are some applications that should be integrated into the SmartConsole. I don't know if they will be, but everything should be on the SmartConsole and we shouldn't need to open another application. The migration from R77 Manager to R80 is a major upgrade. It's not very easy to do. There should be some kind of Wizard for a direct upgrade from the R77 to the R80. There should be an easy way for the customers to do the upgrade.
Currently we have option to create rule with Access Role, but it is also asking network as well, so my suggestion if we mapped user and machine both then the network should be not compulsory. This will reduce our effort to creating rules. Above is only my suggestion for access role rule type
I like that the Compliance software blade is available for free with the Security Management server purchase, but it is free for only one year - after that, you have to buy an additional license to continue using it. I think such an important feature is vital for the management server, and should not be licensed separately. Also, the SmartConsole application used for management is currently available only for Microsoft Windows OSes. I think many administrators use macOS and Linux, so it would be nice to have native apps for these platforms as well.
It depends on the user, but all of the checkpoints need improvement. The only place I need a bit of an update, for example, is in the endpoint management. There are some policies that are embedded that you have to examine if you have sensitive users. For some applications, the default acts as a manager. However, in a system with a history of being breached or where users are given access based on their job function, we seem to have issues particularly there. The reporting should be improved in future releases. It needs to be very explicit. This is very important.
As for improvement, again, the bandwidth regulation is an issue - it is not up to my expectations. If they could improve that it would be good. In future releases I'd like to see better integration with other applications and solutions. Also, the cost of the license is too high, it's too expensive.
We had a lot of problems with the VPN blade on the solution. We sometimes have trouble with the performance of the solution. Maybe some performance tuning options could be added in a future release. There should be more visibility about which blade in your firewall is causing the latency. That would be nice as well.
The client of the management needs to be improved. The solution is a bit slow. The speed should be improved. If there is a possibility to use the URL instead of client management in a future release, that would be ideal. In the last version from 80.20, there are some issues around SSNA Diction. I would like this to be improved.
The usability of the solution could be improved.
I would like the ability to have an overview, cross-site: One portal that does all firewalls.