Check Point UTM-1 [EOL] Review

We can create a domain to separate and segregate functions and services


What is our primary use case?

We use it as a perimeter firewall. We need to put all the security inside of our data center and Check Point was the first option to use it as the firewall in order to offer all of our services via the internet.

How has it helped my organization?

This solution improved our email service, with less presence on the internet blacklist.

What is most valuable?

The policies that you can use with this equipment are valuable. This is very nice for us; it responded to our requirements for the application to go to the internet. So, we can create a VPN for all the companies that want our service. We can create a domain to separate and segregate some functions, some services. These are the features that we are currently using right now.

What needs improvement?

The solution could be improved by creating or including in the product enforcement of some kind to deal with cybersecurity and all the new kinds of attacks we are dealing with right now.  

One thing that we are facing also is the PKI, the public key infrastructure. We don't know how to use this solution to get the visitor certification from the PKI. We did some searching on the internet looking for cases on how we can have this solution integrated with the PKI and we didn't find anything about this. 

I would like it if the vendors could pay special attention to integration. It must be easy to do with other kinds of solutions. For example, now to authenticate Cisco routers to the Check Point. So this is one thing that the vendors must think about, how can you make this solution easier to integrate with the others, to be able to collaborate. 

For how long have I used the solution?

I've been using the solutions for 1.5 years.

What do I think about the stability of the solution?

It's a stable and good community. You can use it, plus you have all the information that you need from the vendors. You need updates sometimes, but not frequently. It's good to use.

What do I think about the scalability of the solution?

At the moment, we are using two devices, but according to workloads, you can add more devices as you need to. It's scalable. We have 1001 branches/sites right now. And each branch has at least four users. Our application spread all over the country and we are in all the provinces and districts. Right now we have not less than 3,000 users that must access all our environments through this device.

Also, right now, I only have one Institution, included in this solution. Currently, I'm going to the other government institutions and each one has is own concurrent users/branches. 

How are customer service and technical support?

As we don't have a representative of Check Point supplier in our country, this makes it very difficult when we have some issues to resolve. I can say for the VPN implementation, we had some trouble and some support from the local Check Point technical team (Supplier).

With the Supplier as a bridge between the vendors and the clients, we can solve this quickly. So I think this kind of solution must have strong suppliers or representation, in Africa especially in Southern Africa, they need to have close representatives for the kind of situations that we cannot solve by ourselves. 

Southern Africa is facing cybersecurity concerns because of a lack of expertise.

If you previously used a different solution, which one did you use and why did you switch?

We started with the Cisco PIX. The equipment was at the end of its life.

How was the initial setup?

The setup was not so complex, but of course, you need to have some skill to implement it. I would say, from one to five, the complexity is three or four. It's not complex. 

For deployment, we had two phases. One was to implement the equipment to respond to our needs. And the second was to implement the VPN in our branch offices. The first phase took only one month. The second phase we're doing slowly because when we have a new branch we add it. We're doing this continuously.

The acquiring must be done through a reseller/supplier based in our country, by the law. The reseller worked with us in the first implementation phase.

The administration is normal and I am doing with a team composed by four people, which two are dedicated day by day work watching into this equipment alerts, logs, etc, and two others as a backup which I believe is enough for deployment and maintenance.

What was our ROI?

I'm using this solution to provide my services and applications over the internet, and according to what we are doing, the workload is huge and we have presence all over the country. If you do the calculations between the investment and the usage of the solution, I can tell you, in less than three years we will have all the investments paid off.

What's my experience with pricing, setup cost, and licensing?

I cannot tell you the pricing, but we paid for three years. There aren't any other costs above the standard licensing and fess. We bought it, we use it.

Which other solutions did I evaluate?

We evaluated Cisco ASA and FortiGate.

What other advice do I have?

If we're talking about value, in my opinion, the financial institutions are the companies that I see that can use this most. I like it because it's user-friendly. You can use it without a lot of complexity. Of course, I sent my staff for training but only to guarantee that they are certified to use it.

I would suggest you first go for training before you implement the solution.

I would rate this solution 9 out of 10. It was very easy for us to implement this solution. And this has all the features that we need to use it. Of course, people say that FortiGate, in comparison, is easier than this one. When we were evaluating services, we knew we needed something robust and easy to implement with the old equipment and something that was safe. We looked at three options: Cisco, Check Point, and FortiGate, we talked about these three products. My team of four invited another four people to evaluate these three products. All of them know that Check Point is quite difficult but it's the best. All of them choose to use Check Point. We are all Cisco aware, but Check Point, it's good.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email