What is our primary use case?
The Check Point Application Control solution is used by us on two firewall clusters. It is used both on the inside and on the outside.
Analyzing internal traffic helps us to understand which applications are used within our network. It does more than simply allowing or blocking traffic. It provides a report on how much these applications consume on the network and where they are used.
On the foreign side, we only allow applications considered safe and we always use the report to identify external attacks or improper use from the inside out.
How has it helped my organization?
Check Point Application Control application I would define it as oxygen: you notice it when it is missing and I say this because we now think it is natural to have this module incorporated in a firewall.
In the beginning, without this module, we were in the dark about everything. We were forced to open internal or external traffic by trusting (sorry for the nonsense) who was doing the traffic: unthinkable today!
Now we know who does what and can give specific permissions based on the user or the group to which the user belongs. The same user can have maximum permits on the professional side but be protected himself from ending up on sites that are improper for his work activity, such as porn sites.
What is most valuable?
The most important feature, in my opinion, regarding Check Point Application Control is the granularity and the great variety of applications and sub-applications recognized.
Consider that I can make multiple rules for the same user or group of users by detailing what it can do perfectly. The applications are not trivially listed but well-specified. To give an example: the Facebook application is not simple but its features are listed so that I can allow the use of Facebook but not the uploading of a file.
What needs improvement?
It is hard to say what has to be improved in Check Point Application Control.
Occasionally, we have to identify an application that is not registered. I would like to have a periodic update of the applications, perhaps based on a predefined calendar.
We would like to have the ability to submit new applications for registration, as well as request the recategorization of URLs.
For how long have I used the solution?
We have been using Check Point Application Control for twenty years.
What do I think about the stability of the solution?
I have not found any particular malfunctions so I can say that it is well implemented.
What do I think about the scalability of the solution?
Through a firewall cluster, I can increase the power and reliability of the system, and avoid buying a superior model.
How are customer service and support?
Customer service is very competent.
Which solution did I use previously and why did I switch?
We did not use another similar solution prior to this one.
How was the initial setup?
The initial setup was straightforward.
Setup is made easy by using logs. As a first rule, I put the blocking of applications that come to mind, then a rule of allowed applications specifying all applications. By looking at the logs, I will be able to refine the rule by populating that of blocked applications and creating one of the allowed applications.
For maximum security (but maximum limitation), I can put at the end a rule that blocks everything but will block both applications not previously specified and those not recognized. This rule requires having a team that looks at the logs a lot, otherwise, it is better to put it on permission and analyze it periodically.
What about the implementation team?
We implemented it through a team that lived up to the solution.
What's my experience with pricing, setup cost, and licensing?
The blade has its cost but you can take advantage of the license package to pay less for it.
Which other solutions did I evaluate?
We did not evaluate other options.
What other advice do I have?
It does not require excessive resources but if you intend to use it massively, do not underestimate the size of the firewall.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.