What is our primary use case?
We use Check Point Remote Access VPN to provide access to employees and to the company resources, especially now that most people are working from home. That's the main use. We also use it for specific companies that give us remote support to some applications. They access our company servers and resources. We're using Remote Access VPN with a specific profile for them that only gives access to some.
We have two environments. Our firewalls and our perimeter firewalls are Check Point. The firewall connects to the internet and those firewalls are the ones that the people connect to for the Remote VPN. We have the Blade enabled and they access the company resources as if they were working at the office.
How has it helped my organization?
Remote Access VPN allows users to work from home very easily. They are very happy with the way they log in with RSA. That's why we use the Foo. It's very stable. We didn't have any issues.
Compared to Pulse Secure, Check Point saves us a couple of hours a week. It's easier to reverse when we have issues. At the moment, most of our company still uses Pulse Secure. But a year ago, we also started deploying some people on Check Point so that we have another option. If we don't want to renew with Pulse Secure the client says we can migrate everyone to Check Point as we already have some people working on the Check Point VPN. 20% of the company uses the Check Point VPN and the rest uses Pulse Secure, which is our main VPN, which is around 100 people.
What is most valuable?
The biggest advantage of Check Point Remote Access VPN is that we already use the Check Point firewall. We only needed to enable the feature and do the configuration in order to enable the VPN feature. We didn't need to buy or manage new hardware. This was a big advantage.
The integration with two-factor authentication for Remote Access users is another valuable feature. In our case we use RSA.
Those two are the most valuable aspects that we have on the solution. It also gives us the possibility to securely connect to the company resources, without Check Point security measures.
Another good thing we like is that we already have all the logs from the firewall on the SmartPortal as the remote VPN also integrates into the firewall. We can see all the logs on the same tool because we also have a fully secure solution for Remote Access VPN. For full security, we need to manage the different hardware from the firewalls and the logs that are not in the same place. This is another valuable aspect of this solution.
Having access to those logs affects our security operations because if a user calls the support but does not have access to the VPN, we can see on the same tool on the SmartPortal. If he's being blocked on the firewall policy, you can see it with the VPN profile.
If the user is using Foo, we need to go to the Check Point firewall to see the Check Point firewall log on the perimeter firewall, to see if the user is crossing the firewall to get the Foo. Then we need to go to the supplier to see that the logs are there. So we need to go to two places.
What needs improvement?
We are very happy with the Windows client. You log in with the VPN for the full client, you do the log in there. But for Linux machines, they don't have a full client to install. It is important because we have some users that use Linux and they don't have a specific application from Check Point to use. That is something that could be improved.
For how long have I used the solution?
I have been using Check Point Remote Access VPN for around one year.
What do I think about the stability of the solution?
We don't have any stability issues.
What do I think about the scalability of the solution?
It is very scalable in a way that we can share the configuration for Remote VPN amongst our perimeter firewall so we can implement the Remote VPN with the same profiles and the same configuration easily on all of them. It's very scalable.
We are still studying the possibility of migrating everyone to Check Point VPN, but a decision has to be made because we still have a lot of people using Pulse Secure.
How are customer service and technical support?
We haven't used technical support specifically for Remote Access VPN. We use it for other products, but not for this one. In general, their support is good, especially if you work with the Israel team. Because of the time zones, we try to call when they are available. The support is usually in. The other ones are also good but in most cases, the Israel team is better.
Which solution did I use previously and why did I switch?
Our team finds that Pulse Security is a bit difficult to configure. It's not very straightforward. We are used to it now. Management is easier on Check Point. Our managers wanted us to have to study some alternatives to Pulse Secure so that if the price was too high, or if we wanted to move to another solution, we would already have an idea about other solutions. We chose Check Point as we already had the firewall. It has worked well until now. We already have some people using the Check Point VPN and we are ready to move everyone.
Pulse Secure was more difficult because of all the things that you need to for the setup. You need to do four or five things to set up a profile and some of them don't make any sense. It's difficult for a person that's never used Pulse to understand the philosophy of the configuration and to create different profiles. It's not very straightforward.
How was the initial setup?
The initial setup was straightforward, especially because we already have the firewall implemented. So we only needed to enable the features and do some configurations, which were not hard to do. They were really fit.
It took two days. We did our own thing. The implementation strategy was to first have only two or three users from the IT team to test it. Then we allowed it to extend to some teams.
What about the implementation team?
Two team members did the deployment.
We require three full-time network security engineers for maintenance. We manage all the solutions on the security side of our company. Specifically Remote Access VPN requires three hours of maintenance a week.
What was our ROI?
The return on investment is that we have a stable VPN solution to provide our employees, which is very important. Especially now with the virus, we have more than 50% of people working from home and using the VPN solutions. Our return on investment is the ability to allow people to work remotely in a secure way and a stable VPN.
What's my experience with pricing, setup cost, and licensing?
As far as I'm aware, Check Point is on the same line of pricing with Pulse at the moment. It's not any different. It is in line with the competition. There are no additional costs that I'm aware of.
What other advice do I have?
It's not hard to deploy the solution. Remote Access VPN is easier to deploy than some other solutions like Pulse Secure.
If you already have a Check Point firewall, this remote solution is a win-win because you don't need to buy, manage, or do a hardware refresh when you enter the end of life. You will have centralized logs on the same tools. If you have a Check Point firewall, this solution is the best for you.
I would rate Check Point Remote Access VPN a nine out of ten.
It works very well. I would say it's almost the perfect solution. As far as I'm aware, it's one of the oldest solutions from Check Point. So it's very, very stable. They have a lot of years of working with it.
Which deployment model are you using for this solution?
Which version of this solution are you currently using?