What is our primary use case?
We have a Check Point firewall to secure our perimeter as well as on the internal network. We also have our Security Management server on VM. Both perimeter & internal sets are managed via the same Security Management system.
Two separate packages are created for both perimeter & internal sets.
We are also managing a SandBlast device via Security Management.
Even though all of the work is performed by the gateway, Security Management plays a vital role in a three-tier architecture. Here, our primary use case is to push security policies & manage logs.
How has it helped my organization?
Check Point Security Management is one-stop for all operation-related activity on the Check Point Security Gateway (firewalls).
We have completed one-time implementation configurations, like clustering, using this tool.
Check Point has a very sophisticated log monitor, where troubleshooting is very simple. We just have to put the desired filter, and Check Point generates the reports that help us to understand the overall picture in our network.
We have created multiple users, and they each have a smart dashboard install on their machine.
What is most valuable?
The Check Point Management server is isolated from security gateways, which means that in case there is an issue, we have our configuration ready and we can directly replace the device and push the configuration. Logs are collected at the management server, hence we can preserve those as well.
We can keep on adding new devices that can all be managed from a single security management server.
After the upgrade to R80, we have a single interface for all activities. Previously, we needed to configure using different applications.
What needs improvement?
It is very difficult to recover policies from the gateway in case if you lose your security management server, and don't have a backup.
The backup functionality (Migrate export command), which covers policies, can not be operated from the GUI. Instead, we have to log into the CLI and generate a file then take it out. For those not familiar with the Command Line interface, there should be an option in the GUI for operating backups. There should also be an option to automatically schedule the backup.
The smart dashboard is a very heavy application. If we could directly connect & manage firewalls from the Management server itself then it would make it very easy.
For how long have I used the solution?
I have been working with Check Point Security Management for more than three years.
What do I think about the stability of the solution?
The stability needs to be improved.
What do I think about the scalability of the solution?
Scalability-wise, it is very good, as it was deployed on VM.
How are customer service and technical support?
TAC is very supportive but we face many issues with this product.
Which solution did I use previously and why did I switch?
Previously, we had only firewalls & not a management device.
How was the initial setup?
The initial setup is not very complex & can be done easily.
What about the implementation team?
We are the ones who implemented it.
What's my experience with pricing, setup cost, and licensing?
This product can be used for 25 security gateways on a basic license. I think that this is good value for the money.
Which other solutions did I evaluate?
We wanted to implement Check Point and hence, we did not evaluate others.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?