What is our primary use case?
Our primary use case is as a perimeter firewall for main and DR sites for a financial institution. It secures Internet access for users through IPS/AV/Threat Emulation/Application control and URL filtering with HTTPS inspection and geolocation restrictions.
It secures our email and MDM solutions.
We also use it to create site-to-site VPNs with vendors. Remote access is achieved through the use of a secure workspace and SSL network extender. Securing and inspecting HTTP traffic to our web servers is another important task.
It secures several DMZs and segregates them from the rest of the network.
We use all of the security features available.
How has it helped my organization?
It has helped us with controlling internet access, securing our external websites, and providing remote access that you can trust (secure workspace). The latter provides with a virtual Windows 7 desktop that only allowed apps can be initiated from. In our case, we launch RDP sessions from secure workspace.
The latest version of the software is a big win overall, with major improvements in how the rulebase is scanned (it's not the top down classical rulebase checking, but a column based checking) and overall efficiency.
What is most valuable?
Remote access with a secure workspace provides a clear separation between the client and corporate network.
Threat Emulation (sandboxing) is great for zero-day malware and it is easy to configure.
Logging and administration are best-of-breed. You can quickly trace back on all sorts of logs in no time.
IPS and AV rules are granular and specific for the rules that you need.
The geolocation feature is good for dropping irrelevant traffic.
Configuration through SMS is quick and easy. It eliminates administration errors while checking consistency before applying a policy.
What needs improvement?
I would like to have an improved secure workspace solution for remote access. I hear that the Apache Guacamole solution has been integrated into R81.
The site-to-site VPN options are numerous, but they can get confusing. Interoperability with other vendors is not the strongest when it comes to setting up VPNs. It's totally different from any other VPN vendors I have come across.
Improvements are needed in policy backups and reverting to the previous policy. This used to be better in R77.30.
Policy installation tends to take a long time when the rule base increases in size, which can become frustrating.
For how long have I used the solution?
I have been using Check Point NGFW for 10 years.
What do I think about the stability of the solution?
We have never had any unexpected crashes or issues.
What do I think about the scalability of the solution?
It should scale well as they now support more than 40 CPUs on a single system.
How are customer service and technical support?
Our experience has been great, although we don't have direct support. This means that sometimes, it takes a while to get to the bottom of issues.
Which solution did I use previously and why did I switch?
Check Point is really the best NGFW I have come across and I have worked with many vendors including Cisco, Juniper, and FortiGate. It's a platform that a huge amount of research has gone into over the years. It has a great support community and clear guides to solve all sorts of problems and issues.
I didn't switch to Check Point, as it was always there. We haven't switched away from it over the past 10 years.
How was the initial setup?
We always need some help on installs or major upgrades.
What about the implementation team?
We have used several vendors and some are better than others.
What was our ROI?
It is difficult to calculate ROI when it comes to security products.
What's my experience with pricing, setup cost, and licensing?
The hardware cost is not huge, but you need to push for good pricing on software licensing and blades.
Which other solutions did I evaluate?
Check Point was implemented in the company before I arrived.
What other advice do I have?
It's demanding for the administrator, as it takes years to get an in-depth knowledge of the platform. Otherwise, it is easy to use from day one.
Which deployment model are you using for this solution?
Which version of this solution are you currently using?