What is our primary use case?
We use it as a normal firewall for perimeter security, using some of the Next Generation features, like Anti-Bot and Antivirus.
We have two ISPs. We have a different firewall system in front of the Check Point Firewall. We also have normal Cisco switches combined with the Check Point solution. Then, our internal network is with Cisco, which is about 300 servers and 1,500 clients.
How has it helped my organization?
Since we are an insurance company, the solution is a necessity.
Two-thirds of our employees are working at home at the moment, so we use the VPN feature more than we used to. Of those two-thirds, only 100 or 200 are using the remote client from Check Point. The other employees are using other technologies, like NetScaler from Citrix.
What is most valuable?
We use the basic firewall functionality, plus the VPN functionality, a lot.
We have about 100 remote sites, which is where we use the VPN functionality. For private lines, we prefer to do further private encryption on the line. It is very convenient to do it with Check Point, if you have Check Point on both sides. It is convenient and easy to monitor.
The firewall feature and DDoS Protector, when turned on, keep away attacks from the outside. They also prevent users from accessing things on the Internet that they are not supposed to access.
What needs improvement?
The Threat Emulation definitely needs improvement. A couple of years ago, we did a comparison with other companies, e.g., Lastline, offering threat emulation and threat detection functionalities, and Check Point was lacking.
For how long have I used the solution?
I have been using Check Point for 22 to 23 years. I have been using Check Point NGFW for 15 years, since 2005.
What do I think about the stability of the solution?
We used to have more problems. For the past five years, unless we have had a bug, which happens like once a year, it has been pretty stable. We did have a bug for the last three months, which has just been fixed. Before that we had another two or three major bugs. However, when there is a bug and it's not known to Check Point, they need quite a while to get it fixed. If they have a fix already, then there is a pretty quick turnaround to get it fixed.
There are three people working on firewalls, but not at 100 percent. We have the equivalent of one person doing firewalls 100 percent of the time using three people.
What do I think about the scalability of the solution?
For our requirements, it's scalable enough. We have a 1 gig uplink to the Internet, which is easily doable with open servers.
We used to have some problems with the performance, then we upgraded the license and the scalability has worked well since.
There are 1,200 to 1,500 users.
How are customer service and technical support?
It depends whether the problem is known to Check Point. If they are aware there is a problem, quite often it will then depend on which tech you finally land on if it's easier or harder to get to the root cause. The last issue was in India so that was pretty bad. It's easier if you get directly through to Tel Aviv or Ottawa, but you can't choose. Once they know what the issue is, it's pretty good. It pretty much depends on the engineer that you get. There are pretty good engineers and there are many engineers who are at just the starter level at Check Point who are not really into the stuff. Sometimes it's hard, sometimes it's easy, depending on the problem and the tech engineer you get.
To the next manager, it's pretty easy to escalate an issue, if needed. Though, it depends on the manager.
Our current sales staff isn't too good. Though, the one before was pretty good. So, you can escalate on that process well. As an escalation path, it works most of the time.
How was the initial setup?
Once you do it for over 20 years, it is straightforward. If you have done it a couple of times, then you know what to do. However, even if you are a beginner, Check Point is more straightforward than Palo Alto or something like that. Once you get the idea of how a firewall works, Check Point does it that way.
There is a central location where we deploy upgrades, which normally take one business day since we have several clusters there.
When deploying the solution to remote locations, we have several models to choose from.
What about the implementation team?
When we tried Threat Emulation, we have received professional services from Check Point. However, for the normal setup, we don't involve any professional services.
What was our ROI?
It is like insurance for us.
What's my experience with pricing, setup cost, and licensing?
The pricing and licensing are pretty steep. They know that they are good, so they are pricey.
Which other solutions did I evaluate?
We are also using Forcepoint, which is a little bit different on the OS and focused more on IPS/IDS. It is a good practice to combine two different firewall vendors in case one of them gets hacked.
We also evaluated Palo Alto, like five years ago, but that doesn't make much sense for us.
What other advice do I have?
Since we are trying to get our customers to do more self-service, we should see more inbound traffic. So, the usage will increase in the next two years.
We get more attacks from the outside these days, so it has become more important to use systems like Check Point. When I started with security 25 years ago, it was still something not everybody was aware they needed. Today, it's common sense that everybody needs to protect their perimeter.
Plan first, implement last. You should first be aware of what assets you want to protect and what are your traffic patterns. You should plan your policy and network topology ahead of time, then start to implement a firewall. If you just place it there without any plan of what it's supposed to do, it doesn't make too much sense. I think planning is 80 percent of the implementation.
I would rate this solution as an eight out of 10. It would be better if the support was quicker in the cases we had. Apart from that, we are happy with the functionality.
Which deployment model are you using for this solution?
Which version of this solution are you currently using?