Check Point Application Control Reviews

The Check Point Application Control solution is used by us on two firewall clusters. It is used both on the inside and on the outside.

Analyzing internal traffic helps us to understand which applications are used within our network. It does more than simply allowing or blocking traffic. It provides a report on how much these applications consume on the network and where they are used.

On the foreign side, we only allow applications considered safe and we always use the report to identify external attacks or improper use from the inside out.

Check Point Application Control application I would define it as oxygen: you notice it when it is missing and I say this because we now think it is natural to have this module incorporated in a firewall.

In the beginning, without this module, we were in the dark about everything. We were forced to open internal or external traffic by trusting (sorry for the nonsense) who was doing the traffic: unthinkable today!

Now we know who does what and can give specific permissions based on the user or the group to which the user belongs. The same user can have maximum permits on the professional side but be protected himself from ending up on sites that are improper for his work activity, such as porn sites.

The most important feature, in my opinion, regarding Check Point Application Control is the granularity and the great variety of applications and sub-applications recognized.

Consider that I can make multiple rules for the same user or group of users by detailing what it can do perfectly. The applications are not trivially listed but well-specified. To give an example: the Facebook application is not simple but its features are listed so that I can allow the use of Facebook but not the uploading of a file.

It is hard to say what has to be improved in Check Point Application Control.

Occasionally, we have to identify an application that is not registered. I would like to have a periodic update of the applications, perhaps based on a predefined calendar.

We would like to have the ability to submit new applications for registration, as well as request the recategorization of URLs.

We have been using Check Point Application Control for twenty years.

I have not found any particular malfunctions so I can say that it is well implemented.

Through a firewall cluster, I can increase the power and reliability of the system, and avoid buying a superior model.

Customer service is very competent.

We did not use another similar solution prior to this one.

The initial setup was straightforward.

Setup is made easy by using logs. As a first rule, I put the blocking of applications that come to mind, then a rule of allowed applications specifying all applications. By looking at the logs, I will be able to refine the rule by populating that of blocked applications and creating one of the allowed applications.

For maximum security (but maximum limitation), I can put at the end a rule that blocks everything but will block both applications not previously specified and those not recognized. This rule requires having a team that looks at the logs a lot, otherwise, it is better to put it on permission and analyze it periodically.

We implemented it through a team that lived up to the solution.

The blade has its cost but you can take advantage of the license package to pay less for it.

We did not evaluate other options.

It does not require excessive resources but if you intend to use it massively, do not underestimate the size of the firewall.

The primary use case of this solution is security, threat prevention, antivirus, and ransomware. You can use it for everything.

The most valuable feature is the protection from threats.

This solution could be easier to manage. 

The security features could be enhanced, and the price could be lower as well.

I have been familiar with this solution for a year and a half.

This solution is stable and we have not had any issues.

This solution scales nicely.

We have not contacted technical support as of yet.

The initial setup was a bit difficult. Every product has its own difficulties and many products are not equal to each other, which is the reason why it was a bit difficult. 

You have to know the features and where they are located and how they work, the logic and even with the logic you have, you don't know the configuration.

The deployment took one week.

We have our team. We implemented this solution ourselves.

It's a bit expensive and it could be cheaper, but it's part of business politics.

We did evaluate other options but they are approximately the same. They may have some differences, but at first glance, they don't appear to have differences in the functions.

It's a good solution and I suggest it. In general, it can be improved but it's good enough.

I would rate this solution an eight out of ten.