What is our primary use case?
Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our datacenter environment located in Asia (Taiwan).
The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.
How has it helped my organization?
The "Infinity" is not some standalone security solution, but the way you plan and implement the whole security infrastructure of your company. It contains all the modern components from Check Point.
In our company, we use the hardware appliances, Next-Generation Firewalls, with a bunch of blades activated (DLP, IPS, VPN, etc.) to protect the data centers. Our data centers are controlled by the Check Point Security management, with the current version being R80.10. These are the basic building blocks of Check Point Infinity, and they work just great together. They also allow for the future extension and we are thinking about adding the Anti-DDOS protection on the edge of our environments.
We are fully satisfied with the abilities it provides and the general approach of the Check Point solutions.
What is most valuable?
The Check Point Infinity architecture is the unified approach for building the unified security infrastructure of our company. I like that it covers all the pieces of the modern enterprise organization security needs including offices and data centers, public cloud environments, and the interconnects between them. It also protects end-user devices such as laptops, smartphones, and tablets.
We have full control over what our employees can do with the devices we provide them, to provide a secure and reliable network infrastructure. I also like that all of the components are tightly integrated and there is a single endpoint to control all the elements. This is called the Smart Console.
What needs improvement?
Even though we have had several support cases opened for the components of the Check Point Infinity architecture, as an administrator, I'm satisfied with the solution and the abilities it provides. I can't describe any disadvantages at the moment, except for the overall price of purchasing and maintaining the entire set of components.
I think that the pricing for the Check Point products should be reconsidered, as we found it to be quite expensive to purchase and to maintain. Maintenance requires that the licenses and the support services be prolonged regularly.
Alternatively, they should create some additional bundles of the software blades with significant discounts in addition to the current Next Generation Threat Prevention & SandBlast (NGTX) and Next Generation Threat Prevention (NGTP) offers.
For how long have I used the solution?
We have been using the Check Point Infinity for about three years, starting in late 2017.
What do I think about the stability of the solution?
All of the components in Check Point Infinity are mature and stable and we have not encountered any issue with that.
What do I think about the scalability of the solution?
The solution scales well with the hardware we have, and we see that scalability, the Active-Active HA mode, doesn't affect the overall performance much after activation.
How are customer service and technical support?
We have had several support cases opened, but none of them were connected with the Check Point Mobile Access Software Blade. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration at the OS kernel level.
The longest issue took about one month to be resolved, which we consider too long.
Which solution did I use previously and why did I switch?
We have not used any solution of this kind before.
How was the initial setup?
The setup was straightforward. The configuration was easy and understandable, and we relied heavily on built-in objects and groups.
What about the implementation team?
Our deployment was completed by our in-house team. We have a Check Point Certified engineer working in the engineering team.
What's my experience with pricing, setup cost, and licensing?
Choosing the correct set of licenses is essential because, without the additional software blade licenses, the Check Point gateways are just a stateful firewall.
Which other solutions did I evaluate?
We decided to stick to the Check Point Infinity after the demo with the vendor.
What other advice do I have?
The Check Point Infinity security architecture is a robust and modern security solution for organizations of any size, but make sure that you have a dedicated budget to maintain it. It is really not cheap.
Also, it is better to have a dedicated and certified Check Point specialist in your engineering team, since the solution is complex.
Which deployment model are you using for this solution?