What is our primary use case?
We are mainly using it for policy installation and access purposes. We have a bank project where we are using mobile access, Antivirus, and IPS. These are all are configured on the Check Point Firewall, where we are using it on a daily basis.
I have worked on the following firewall series and models:
I have worked on the following versions:
I am currently working on the R80.20 version and the hardware version is from the 23000 series.
How has it helped my organization?
We installed this firewall in our organization one year ago, and it is completely fine. There are other deployment also going on for other customers. Most of those deployments are handled by our project teams.
What is most valuable?
What I like most about Check Point Firewall is that it is easy to use.
The most valuable feature is the IPS. For our bank project, we are using it as an external firewall. All the traffic is going through the Check Point Firewall. Then, using the IPS, we can easily identify if there is any malicious activity or anything else. We also have to update signatures on a regular basis.
What needs improvement?
We are facing some problems with the management on our Check Point Management Server. There are some issues with R80.20, so Check Point suggested to upgrade. However, we are in lockdown, so we will upgrade after the lockdown. We are coordinating this issue with the Check Point guys. After upgrading, I think these issues will get resolved.
For R80.10 and above, if you want to install a hotfix, then you can't install it through the GUI. I don't know why. In the earlier days, I was able to do the installation of hotfixes through the GUI. Now, Check Point said that you have to install hotfixes through the CLI. If that issue could be resolved, then it would be great because the GUI is more handy than the CLI.
For how long have I used the solution?
What do I think about the stability of the solution?
They are completely stable. I haven't faced any issue with stability.
What do I think about the scalability of the solution?
There are no issues with scalability.
In Hitachi Systems in Mumbai, there are around 10 to 12 clients who are using Check Point Firewall. There are around 40 network security engineers who support Check Point Firewall in our organization for the Mumbai location, and there are multiple locations.
How are customer service and technical support?
The technical support is very good. The Check Point guys are very humble and quick. They are always ready to support us if we call them.
How was the initial setup?
I have done four to five initial setups and configurations of firewalls, which have been completely fine and proper. There are no improvements needed.
For one firewall, it will take around two and a half hours to configure the interface and everything else. For the deployment of one firewall, it will take around two and a half hours. If you want to make any clusters, then it is around five to six hours.
What about the implementation team?
We support companies locally and remotely. Since the lockdown, we have been supporting companies only in a remote fashion.
We have to first make a plan of action, then verify that it meets Check Point's requirements. Then, we will raise a case with the Check Point desk. We verify with them if there are any changes that they need us to do. After that, we will go for deployment. Check Point engineering will also help if there are issues with the deployment.
What was our ROI?
They have made domain improvements to SmartConsole. If you check older versions, such as R77.30, you have to open a separate, smart tracker to view logs. However, in R80.10 and above, you can view logs in SmartConsole. You don't have to open another smart tracker to view logs. That is the improvement Check Point has done which makes it better because it is much easier to find logs. This saves time, approximately 40 to 50 a day in one shift.
What's my experience with pricing, setup cost, and licensing?
For the firewall, there is a limitation on the license. We are facing some problems with mobile access. We have a license for 450 licenses of VPN users. We would like Check Point to have more than that, e.g., if the organization gets bigger and there are more users, then that will be a problem.
I have done licensing and contracts for multiple firewalls. The license and contract configuration is completely fine, but if it is possible to make them cost a bit less, then this would be better.
Which other solutions did I evaluate?
Palo Alto is a zone-based firewall and Check Point is an interface-based firewall. With Palo Alto, we are using Panorama to install policy, and in Check Point, we are using their Management Server to install policy. The Palo Alto Panorama console has more options than Check Point.
On the Check Point Firewall, you can install policy. With the Palo Alto firewall, you can install policy on multiple gateways. You cannot install policy on multiple gateways with the Check Point Firewall.
What other advice do I have?
If you are making a plan of action for the installation of firewalls, clarify with the Check Point tech engineers that all is proper and good. We always arrange a Check Point standby engineer for this activity, because if anything goes wrong, then they can help on the call.
I would rate this solution as an eight out of 10.