What is our primary use case?
We use Check Point in our internal network, as well as on the perimeter & we have used the Application control-blade on the internal firewall. All of our user traffic will be terminated at the internal firewall, hence we have done primary filtering of traffic on the internal firewall only.
Basically, on the internal firewall, we are blocking all social networking sites, remote meeting applications, adult content, & torrent applications. This restriction helps us to save our bandwidth as well to ensure that users follow & maintain work ethics at the office premises.
How has it helped my organization?
Application control blades help us in two ways. The first is to allow specific applications, where earlier we have to find out all of the URLs needed for each application & then allow them one by one. Now, we now just find the application. The second way is to restrict the user from browsing unwanted websites.
Together, these improved security & help to maintain discipline & focus at work.
The application control-blade also helps us by providing visibility. We have an overview of application traffic & depending upon the content, we can decide to allow or deny the application.
What is most valuable?
Check Point has its own application database where more than 7,300 applications are known. I am able to see them using the smart console, along with details for each one. Each and every application has an accompanying category, some knowledge about the application, the protocol it uses, & the risk factor associate with it.
Implementing application control is very simple & it is designed in such a way that we can introduce it with access policy. Also, to reduce complexity, we can create an altogether different layer.
This product logs & monitors event traffic for each application, giving us better visibility. Updating the application database is very easy; we just have to schedule the update & the device will automatically fetch it on a regular schedule, such as every two hours.
What needs improvement?
We expect applications to be updated regularly.
For how long have I used the solution?
I have been using Check Point Application Control for more than three years.
What do I think about the stability of the solution?
This is one of the stable modules in Check Point.
What do I think about the scalability of the solution?
Scalability for application control in the Check Point gateways is good & does not take need much processing power.
How are customer service and technical support?
Check Point TAC is always helpful, although particularly for application control, we have not yet raised any tickets. For the help that they have given us with other products, I appreciate the effort from the support team, as they always help us when we ask.
Which solution did I use previously and why did I switch?
Prior to this, we used FortiGate but the Check Point database is far better.
How was the initial setup?
The initial setup is very simple.
What about the implementation team?
We completed the implementation in-house.
What's my experience with pricing, setup cost, and licensing?
I think application control has become a basic feature and it should be enabled automatically, without having to purchase a separate license for it. Alternatively, it should be available at a minimal cost.
Which other solutions did I evaluate?
We have not evaluated any other options.
What other advice do I have?
The only thing we expect from a Check Point is to regularly update their database with the new applications. Other than this, specific to the application control-blade, I have not seen any issues or problems.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?