What is our primary use case?
Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment, located in Asia (Taiwan).
The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters consisting of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.
The Check Point DDoS Protector 20 is directly connected to one of the ISPs we are connected to, using LACP and static routing.
How has it helped my organization?
Our DataCenter environment in Taiwan serves the incoming user traffic, thus it is connected to the Internet and needs protection from DDoS attacks. Not all of the Internet Service Providers are able to provide DDoS mitigation.
For example, among the three providers we use in Taiwan, only one provides such a service. To protect the other lines, we had to implement the Check Point DDoS Protector as a hardware solution. Now, all the ISP lines are protected and we can switch the users back and forth between them with the same level of security.
What is most valuable?
The traffic processing latency is at a good level, being about 40 microseconds on the average for our traffic pattern. I believe most of the users will not even notice that this solution is on the traffic path.
The appliances have the hardware-based SSL engine, which allows it to offload and inspect the SSL/TLS encrypted traffic of the various standards.
The is a really low level of the false-positive alerts (when the clean traffic is marked as DDoS) due to some advanced techniques used by Check Point under the hood.
What needs improvement?
For a long time, there was no software version of R80.10 available for the Check Point DDoS Protector software appliances, and we had to stay on the quite outdated R77.30 version. I hope in the future, Check Point would release the relevant software version sooner.
In addition, it feels like there is no matching hardware platform in case we will need to switch from the "20" appliance. The next one available is "60", which is too powerful and much more expensive. We would prefer the systems to be modular, so the performance may be upgraded with some relatively cheap modules when there is a need.
For how long have I used the solution?
We have been using the Check Point DDoS Protector for about two years.
What do I think about the stability of the solution?
The solution is stable, and no software or performance issues have been noticed.
What do I think about the scalability of the solution?
The solution is not really scalable, in my opinion. You should buy the correct hardware appliance with a gap for future growth.
How are customer service and technical support?
No support tickets have been opened so far.
Which solution did I use previously and why did I switch?
This is the first hardware DDoS mitigation solution we use.
How was the initial setup?
The setup was quite straightforward with no drawbacks from a technical standpoint. However, you should have at least have a basic understanding of DDoS types and behaviour for the initial setup.
What about the implementation team?
The deployment was done by our in-house team. We have a Check Point Certified engineer working in the engineering team.
Also, we got some help from the ISP's engineers that we were connecting to.
Which other solutions did I evaluate?
Since we have a strong Check Point knowledge expertise among the engineering team, we did not evaluate other options.
Which deployment model are you using for this solution?
Which version of this solution are you currently using?