What is our primary use case?
We use several of the blades. We use it for regular access control, but we also use the application control. We use HTTPS inspection and threat prevention. We use the Mobile Access blades as well IPS.
We have a Smart-1 205 as our management server and for the gateway we've got 3200s.
How has it helped my organization?
Over time, we've enabled different blades on the firewall. We started off with the access control policy, and since then we enabled the HTTPS inspection and the IPS blade. That's helped reduce our risk landscape as a whole.
What is most valuable?
The simplicity of the access control is the most valuable feature for us. It gives us the ability to easily identify traffic that is either being allowed or denied to our network. The ease of use is important to us. The more difficult something is to use, the more likely it is that you'll experience some type of service failure. When we do have issues, with the Check Point SmartConsole being as simple as it is to navigate, it makes it easy for us to identify problems and fix them, to minimize our downtime.
What needs improvement?
I would like there to be a way to run packet captures more easily in the GUI environment. Right now, if we want to read packet captures, we have to do so from the command line.
For how long have I used the solution?
We have been using Check Point's NGFWs for as long as I've been with the Department of Mental Health, so it's three years that I've personally been using them.
What do I think about the stability of the solution?
Based on other networking hardware that I've used, I would say the Check Point NGFWs are just as stable, if not more so. We rarely have any issues. In the past, I've experienced networking hardware often needing to be rebooted. That's not something that happens with these devices. They're on 24/7 and we have next to no downtime. I can't think of a time in my three years here that one of the devices has gone down and caused us any downtime.
What do I think about the scalability of the solution?
We've already purchased a new management server from Check Point, and it will be replacing our 205 appliance. They make it easy. These devices inter-operate together, so if we need more resources, for example, on the management end, we're able to buy that server and replace our old one and scale up as needed.
As far as users are concerned, we have 70 locations throughout the State of South Carolina with a total of 400 to 500 devices that can be connected at any point in time.
I would think we have plans to increase our usage. We work in tele-psychiatry, for the State of South Carolina, and telemedicine right now is a hot topic. I see it very likely that our usage could double and triple in the coming years.
How are customer service and technical support?
We've had an issue with licenses not populating to a new device, but that is the only thing we've ever called them for in relation to replacing or adding in a new device.
They're very helpful. They're easy to get in touch with. It's not like you're sitting there on hold for hours at a time, and they're quick to get back to you. It might be that they're taking packet captures and analyzing them and then getting back to you. It's a quick turnaround. I can't think of any time we've ever had to wait more than 24 hours to get an answer on an issue we've had.
How was the initial setup?
I have set up replacements and it's very straightforward. It's very easy. It's much easier than some of the other network equipment that I've had to deal with. Check Point provides a wizard that walks you through the process and that streamlines the entire process. They also provide instructions on how to go about getting to the wizard and the process that we needed to take to complete that configuration. It was relatively painless.
The replacement was configured in one day and deployed the next, with no issues.
There are five of us in our company who have management access. I'm the network administrator, and I've got four IT technicians who work under me and assist in the firewall configuration and deployment.
What about the implementation team?
I don't believe we've ever had to actually call Check Point to assist with anything. It's pretty straightforward. The wizard does most of the work and we have all the instructions we need. It's pretty much all done in-house.
What was our ROI?
I definitely feel it's been worth our investment. Check Point is there to help when we need them. Our downtime has been very minimal, and when we do have issues, they're there to help us. They're there to get us back up and running as quickly as possible. It's definitely been worth its weight.
What's my experience with pricing, setup cost, and licensing?
One of the main reasons that we went with Check Point is that they provide a good solution for a firewall but at an affordable price. As a state agency, we can't afford Cisco Firepower. It's just out of our budget to be able to pay for something where licensing and hardware are so expensive. Check Point has really met our needs for a budget-friendly solution.
We pay a yearly support fee in addition to the standard licensing fees with Check Point.
Which other solutions did I evaluate?
I've worked with Cisco routers and firewalls. I've worked with Ruckus switches and routers, and Aruba access points.
A drawback with these products is their stability. Almost all other networking devices I've seen need to be rebooted over time. If they're left unattended for extended periods of time, we experience some sort of downtime. That is not an issue with our Check Point products.
What other advice do I have?
Do your research and look into cloud solutions. Check Point offers many cloud services, and that's where everything's moving, towards the future. Research the different appliances and solutions that Check Point offers and find out what works best for your particular situation.
The biggest lesson I have learned from using Check Point's firewalls is not to be afraid to call for help. There are times where I may be trying to figure something out myself, when in all reality, all I need to do is call Check Point customer support. They'll explain to me why something is configured a certain way, or if there's a better way that I could go about configuring something, and things of that nature. They have been very helpful and have saved me time, anytime I've called.
I can't think of any additional features their NGFW needs that we don't already have access to. I know there are features such as moving the dashboard toward the cloud, and I think that's beneficial, but it's something they already offer. We just don't take advantage of it right now.
Which deployment model are you using for this solution?