What is our primary use case?
We have deployed Check Point firewalls for perimeter security and also for filtering East-West traffic.
Check Point helps in improving perimeter security along with giving insights into different kinds of traffic and attacks.
Isolation between different tiers of APPs is critical for us and Check Point is utilized for handling high traffic volumes of East-West traffic.
We are leveraging the VPN module on the perimeter firewall for users to access the VPNs. VPN authentication is integrated with RSA for multi-factor authentication.
How has it helped my organization?
We have reduced the number of firewalls using the VSX cluster from Check Point. This reduced management overhead to a great extent. Also, the stability of clustered firewall helps us in meeting SLAs with clients.
Check Point firewalls can be tuned for one-off cases like allowing out-of-sync packets for a source-destination pair, which is a feature that helped us tackle application issues.
We have deployed VPN firewalls in multiple data centers, which help with load sharing and redundancy for the VPN traffic.
Managing all of our user VPNs, customer VPNs, and Cloud VPN tunnels' endpoint encryption from a single management portal is helping us.
What is most valuable?
VSX helps to reduce the physical footprint on datacenter racks.
The SmartView monitor and SmartReporter help us to monitor and report on traffic.
Centralized management and management high availability give the ability to manage firewalls in a DR scenario.
Features such as the ability to simultaneously edit the rule base by multiple admins and revert to a previous rule base revision are very useful.
Having a separate appliance for logging helps us in meeting the security audit requirements, without having an overhead on management.
What needs improvement?
Configurations can be complex in some situations and need experienced engineers for managing the solution.
Integration with a third-party authentication mechanism is tricky and needs to be planned well.
SmartView monitor can be enhanced to display granular details of gateways with a single click. Also, having the ability to generate alerts from the Smart Monitor would be a nice feature.
For how long have I used the solution?
We have been using Check Point firewalls for the last eight years.
How are customer service and technical support?
Support might take a long time to resolve issues in rare scenarios.
What other advice do I have?
My advice for anybody who is implementing this solution is to always keep an identical configuration, even interface statuses, in a VSX cluster before an upgrade to minimize upgrade failures.
Which deployment model are you using for this solution?