What is our primary use case?
Check Point protects our environment from external threats. In particular, we use:
- Application Control for Internet access
- HTTPS Inspection for outgoing connections into the internet
- Separate the OT network from the normal data LANs
- SSL VPN for End Users - Check Point Mobile VPN Client is used on the end-user clients
- Site-to-Site VPN for connecting other companies to our environment
We are using two Check Point boxes in a ClusterXL Setup so that one appliance can die and the environment is not affected. We also use a cloud gateway for internet security on users, which are only connected to the internet (outside the office).
How has it helped my organization?
Check Point has improved our organization in the following ways:
- Provides for central management over all of the Check Point gateways
- Maintains a changelog that shows which users have made changes
- Version control allows us to roll back a ruleset after, for example, a misconfiguration
- Offers very granular application control
- Allows for various internet permissions for various users
- Gives us very good logging, which is nice for troubleshooting because you can instantly which rule is affected for each action
- The cloud gateway (Check Point Capsule Cloud) ensures that users are getting the same internet permissions as they would if inside the company, no matter which internet connection they are using
What is most valuable?
The most valuable feature is the centralized management, which gives us control over all of the Check Point gateways. This means that you do not need to connect to each gateway and make the necessary changes.
Cluster functionality, "ClusterXL", works like a charm. A rollover to the standby gateway does work with no noticeable delay in the network.
You can buy a Check Point appliance or install the Check Point NGFW as a VM on your own hardware.
The extremely wide function horizon covers almost every possible scenario.
What needs improvement?
The Performance on a policy install takes too long for my taste. This might be because, at each policy install, the management pushes the whole policy on the affected gateways.
Without any training, it is very hard to administrate the whole Check Point NGFW.
In our case, the main Check Point gateways are in a cluster configuration. Sadly, the management always shows the standby box as failed. This may be because it is set to STANDBY and not ACTIVE. It would be better to show the standby box as good.
For how long have I used the solution?
I have been using Check Point NGFW for about five years.
How are customer service and technical support?
Support is very customer-oriented and you are always in good hands.(customer wishes are often implemented in the next hotfix)
Most Support engineers are located in Israel. (Very good spoken english)
Very fast response from R&D Team
Which solution did I use previously and why did I switch?
We were using SonicWall and switched because of EOL.
What's my experience with pricing, setup cost, and licensing?
The pricing for Check Point depends on your environment.
Which other solutions did I evaluate?
Before choosing Check Point we evaluated Fortinet and a newer version of SonicWall.
Which version of this solution are you currently using?