What is our primary use case?
Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution that we use for the protection of our DataCenter environment located in Asia (Taiwan).
The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.
The Check Point Virtual Systems are activated on the NGFWs to logically divide the firewall into two parts. One is for serving internal, intra-VLAN traffic, and the other is for serving the external traffic coming from the Internet.
How has it helped my organization?
The overall security of the environment has been greatly improved by implementing the Check Point Virtual Systems solution. Before deploying it, we relied on the Cisco ACLs and Zone-Based firewalls configured on the switches and routers, which in fact is a simple stateful firewall, and currently appears to be not an efficient solution for protection from advanced threats.
The Check Point Virtual Systems solution has significantly increased the security level from the standpoint of the logical separation of traffic patterns, both internal and external in our particular case.
This product makes the NGFWs work as if we had two separate sets of physical firewalls, without additional spendings on the hardware.
What is most valuable?
The main benefit of the Check Point Virtual Systems solution is its ability to split up the hardware appliances that we have into several logical, virtual devices with separate traffic handling policies, as well as the switching and routing. This allowed us to save significant money on the hardware purchase, and keep our NGFWs efficiently loaded.
As an administrator, I find the management really convenient and cozy. The usual SmartConsole is used and you don't need any additional software to be installed.
What needs improvement?
As an administrator, I can say that among all of the Check Point products I have been working with so far, the Virtual Systems solution is one of the most difficult. You need to understand a lot of the underlying concepts to configure it, like the virtual switches and routers it uses underneath. That leads to additional time needed for the initial configuration if you don't have previous experience.
In addition, there is a list of limitations connected specifically with the virtual systems, like the inability to work with the VTI interfaces in a VPN blade, or an unsupported DLP software blade.
For how long have I used the solution?
We have been using the Check Point Virtual Systems for about three years, starting in late 2017.
What do I think about the stability of the solution?
The solution is stable and we haven't had any support cases opened that are connected with it.
What do I think about the scalability of the solution?
The solution is scalable. I believe you could just add the new hardware into the cluster without affecting the functionality, and thus increasing the performance on the spot.
How are customer service and technical support?
We have had several support cases opened, but none of them were connected with the Virtual Systems. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration on the OS kernel level.
The longest issue took about one month to be resolved, which we consider too long.
Which solution did I use previously and why did I switch?
We didn't have any logical separation of security solutions before implementing this product.
How was the initial setup?
The solution was really complex and difficult to implement since it requires a lot of additional knowledge and understanding of the underlying routing and switching technologies and protocols.
What about the implementation team?
Our in-team has a Check Point Certified engineer as part of it.
Which other solutions did I evaluate?
Since we have already had the Check Point NGFWs purchased, we just proceeded with the configuration of the Virtual Systems.
Which deployment model are you using for this solution?