We just raised a $30M Series A: Read our story
Oleg Pekar
Senior Network/Security Engineer at Skywind Group
Real User
Top 5Leaderboard
Easy to install, centrally managed, and stable

Pros and Cons

  • "It is easy to install the Endpoint Remote Access VPN client to different platforms."
  • "The Compliance software blade is available only for the Windows operating systems family, so no macOS security checks are implemented and performed."

What is our primary use case?

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment, located in Asia (Taiwan).

In addition, there are about 30 Google Cloud projects of different sizes ranging from 10 to 250 virtual machines, and they are used for development, staging, production, etc. For every project, there is one dedicated scalable instance group of the Check Point CloudGuard IaaS gateways.

We user the Check Point Remote Access VPN to provide access for our employees to connect to the specified environments.

How has it helped my organization?

We use the Check Point Endpoint Remote Access VPN client to allow our remote employees to connect to our company's offices in a secure and reliable way.

We use the clients for Windows and macOS, with the current software version E82.30. The Endpoint Remote Access VPN clients are fully compatible with the Check Point NGFWs Mobile Access VPN blade, and there are no problems connecting to it.

The clients have additional functions, like Firewall and Compliance blades, which we consider as a strong benefit for using the pure clients.

Several remote sites are supported in the client configuration, which allows us to have the redundancy for the case when one of the Offices becomes unavailable due to ISP problems.

What is most valuable?

  1. It is easy to install the Endpoint Remote Access VPN client to different platforms. Within the company, we use it for Windows and macOS.
  2. Built-in, centrally-managed Firewall blade, which allows filtering traffic on the client-side.
  3. Built-in, centrally-managed Compliance blade. We check the client OS on the presence of the latest security updates and that the corporate antivirus software is up and running, and do not allow the client to connect to the office site in the case where these rules are not satisfied. That prevents the infected computers from connecting to the company's location and spreading the threats.
  4. Stable VPN connection.

What needs improvement?

  1. The Compliance software blade is available only for the Windows operating systems family, so no macOS security checks are implemented and performed. This is valid for at least software version E82.30, which we currently use.
  2. In addition, there is no full client of the Check Point Remote Access VPN available for the Linux operating systems families. That is important since some of our administrators prefer to use this OS even on their home PCs. We hope that Check Point would develop a client for Linux in the future.

For how long have I used the solution?

I have been using the Check Point Remote Access VPN for about two years.

What do I think about the stability of the solution?

The Check Point Remote Access VPN clients are stable on both Windows and macOS.

What do I think about the scalability of the solution?

The Gateway side part of the software scales well.

How are customer service and technical support?

We have had several support cases opened, but none of them were connected with the Check Point Remote Access VPN. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration at the OS kernel level.

Which solution did I use previously and why did I switch?

Prior to this product, we didn't use any centralized VPN software before.

How was the initial setup?

The setup was straightforward and simple.

What about the implementation team?

Our deployment was completed by our in-house team. We have a Check Point Certified engineer working in the engineering team.

Which other solutions did I evaluate?

We did not evaluate other options because we already use the products from the CheckPoint ecosystem.

What other advice do I have?

The Check Point Endpoint Remote Access VPN for MacOs and Windows are reliable solutions for remote access VPN, and fully compatible with the Check Point security ecosystem.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manuel Briones
Voice and data infrastructure specialist at a tech services company with 1,001-5,000 employees
User
Top 5Leaderboard
Creates a dynamic network with great mobility and excellent stability

Pros and Cons

  • "The IPSec VPN, Mobile Access, and Identity Awareness are three of the blades with which we have been working with since the pandemic. This has given us great mobility, making our network more dynamic."
  • "The authentication that we handle is through a .p12 certificate, however, we have integrated it with a 2MFA service through another provider. Something that could improve Check Point is if it had its own 2MFA service through a blade or some sort of application."

What is our primary use case?

We have always worked within the office. However, the COVID pandemic changed the course of our work in terms of where we had to implement new solutions so that we could all work from home. That was when I encountered Check Point; we had years with this solution in the facilities, yet, only during the pandemic did we have to innovate for a home environment. Today we have more than 6000 users working from home thanks to Check Point. This is possible due to the fact that, with a certificate and the client for this connection, every person can connect to our environment as if they were at the office.

How has it helped my organization?

We still have many areas of opportunity in which we must work, however, this has required us to improve our infrastructure in order to accommodate remote work. Since the beginning of the pandemic, we have had this solution and we have had many challenges since there are more than 6000 people who work from home. For security, we have an expiration time of the .p12 certificates and that requires updating passwords. Today, we are integrating this solution with a 2MFA system to give much more security to corporate.

What is most valuable?

The IPSec VPN, Mobile Access, and Identity Awareness are three of the blades with which we have been working with since the pandemic. This has given us great mobility, making our network more dynamic for connection to corporate due to the integration we have of Check Point via our AC or LDAP. 

We are creating rules by user and not by IP (which could be done both ways). We stick more to mobility inside and outside the corporate environment. Since then, corporate has been increasing security and keeping our workers happier.

What needs improvement?

The authentication that we handle is through a .p12 certificate, however, we have integrated it with a 2MFA service through another provider. Something that could improve Check Point is if it had its own 2MFA service through a blade or some sort of application. We'd be able to give a better experience to companies that already have a contract or Check Point services that deal with a work-from-home environment, giving greater scope and coverage from a single centralized dashboard.

For how long have I used the solution?

I've used the solution for more than two years

What do I think about the stability of the solution?

The stability is the best.

What do I think about the scalability of the solution?

The scalability is great.

How are customer service and support?

 We have witnessed a fast response from the support team.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did not use a different solution.

How was the initial setup?

The initial setup was not overly complex.

What about the implementation team?

We handled the installation in-house.

What was our ROI?

We've witnessed a 40% ROI.

What's my experience with pricing, setup cost, and licensing?

The price is a little high, however, the solution is something that we recommend often.

Which other solutions did I evaluate?

We did evaluate other options.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Check Point Remote Access VPN. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,305 professionals have used our research since 2012.
PRAPHULLA  DESHPANDE
Associate Consult at Atos
Real User
Top 5Leaderboard
Highly stable, very stable, and offers good technical support

Pros and Cons

  • "To maintain the authorization of the connected user, Check Point provides multi-factor authentication for an RA VPN client to make sure legitimate users have access to resources."
  • "Some configurations, like idle timeout (the requirement came from multiple users), are not possible to configure directly from the Check Point management server."

What is our primary use case?

Remote Access VPN is one of those essential items for every organization in order to maintain seamless and highly secured connectivity between the end-user and the organization's local area network to access resources - including Jump server Databases, et cetera.

No matter from which device or from which location users are accessing an organization's local resources, with the help of the Check Point VPN client they can make sure they have connected securely.

Check Point offers a best-in-class encryption algorithm to ensure confidentiality and maintain integrity between the end-user and the Gateway. 

How has it helped my organization?

In disaster situations like Covid-19, most users were working from home or in remote locations. In such cases, Check Point Remote Access VPN provides feasibility to everyone to work from home and access an organization's resources remotely.

With a client-less configuration known as SSL VPN users can directly access resources via a browser-like database, share folders, et cetera.

To maintain the authorization of the connected user, Check Point provides multi-factor authentication for an RA VPN client to make sure legitimate users have access to resources.

What is most valuable?

  • Secure connectivity: Guaranteed authentication, confidentiality, and data integrity for every connection and user.
  • Straightforward Configuration: Easy to enable blades and define policies.
  • Authentication: SAML authentication makes sure the user is legitimate.
  • Compliance check: It scans the endpoint machine to detect suspicious/malicious content before connecting to an office network.
  • MEP: Multi entry points to make sure there's availability to the LAN network even if the primary gateway goes down.
  • A single client can work as sandblast agent.

What needs improvement?

Check Point RA VPN requires companies to take separate licenses initially so that only 5 connected users licenses are given as subscriptions. Most other competitors, like Palo Alto, provide 1000 connected user licenses for free.

Some configurations, like idle timeout (the requirement came from multiple users), are not possible to configure directly from the Check Point management server. We have to make changes in the local directory of the respective devices.

For how long have I used the solution?

I've used the solution for more than three years.

What do I think about the stability of the solution?

The solution is highly stable.

What do I think about the scalability of the solution?

Check Point has an Unlimited License Package for the RA VPN and therefore we can scale it easily.

How are customer service and technical support?

Customer service has a dedicated team that handles RA VPN cases which ultimately leads to an early resolution.

Which solution did I use previously and why did I switch?

Migration has taken place such as from Cisco to Check Point and Sophos to Check Point. During that phase, the customer needed to change the VPN client as well.

Browser-based functionality is one of the best things that Check Point provides.

How was the initial setup?

The initial setup is straightforward during the initial configuration.

What's my experience with pricing, setup cost, and licensing?

The setup is very straightforward but subscription-based. It isn't cost-effective.

Which other solutions did I evaluate?

We did look at Cisco Anyconnect and Palo Alto Global Protect.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Ifeanyi Onyiaodike
Network security engineer at Fidelity Bank
Real User
Top 5
Stable with good technical support and a straightforward setup

Pros and Cons

  • "Technical support has been excellent."
  • "They need to increase their timeout. Right now, it will fail after ten seconds, however, it shouldn't fail until after 20. If you don't get on your phone right away and check on your authentications, it will kick you out."

What is our primary use case?

We primarily use this solution for our clients. Use cases vary, and they include VPN connectivity. It can be used as a provisional firewall and you can allow for a provisional access list, or grant permission to access or for servers or users trying to connect to the server. 

What is most valuable?

The VPN, the end-user client VPN, is excellent. 

The firewall experience that we have had has been good. It's secure. We've enjoyed it so far.

The initial setup is very easy. It's pretty straightforward. 

The solution is very stable.

Technical support has been excellent.

What needs improvement?

With this particular client VPN, there needs to be a feature that can glance at your credentials, of being able to look at credentials. You might hang for a bit or the execution might fail. It would be useful to see your credentials before you connect to take note to see if you are likely to have trouble connecting. They need to increase their timeout. Right now, it will fail after ten seconds, however, it shouldn't fail until after 20. If you don't get on your phone right away and check on your authentications, it will kick you out. They need to give a bit more time.

For how long have I used the solution?

I've used the solution within the last 12 months. I've used it for a while. 

What do I think about the stability of the solution?

The stability has been quite good. It's very reliable. It connects. Our VPN connects over 1,200 people with no issues. There are no bugs or glitches. It doesn't crash or freeze.

What do I think about the scalability of the solution?

I can't speak to the scalability aspect. We don't have a need to scale. We have about 1,200 users and that's all we need. Therefore, I've never tried to scale it previously.

How are customer service and technical support?

I've worked with technical support in the past. I was surprised at how responsive they are, actually. They are very helpful and ready to assist us. They're knowledgeable. We're happy with the level of support they give to us. 

We also have a vendor right here in Nigeria, which is quite helpful.

How was the initial setup?

We did not find the initial setup to be overly difficult or complex. It's pretty straightforward. A company shouldn't run into problems with the initial setup.

What's my experience with pricing, setup cost, and licensing?

You do have to pay a licensing fee, however, there aren't add-ons or additional costs that you would need to consider.

What other advice do I have?

We are customers and end-users. We don't have a business relationship with the company.

I'd advise new users that, when it comes to deploying with an authentication provider, I would advise that you use a Microsoft authenticator. We tried using their authenticator at first, but that is not good. That did not work.

I'd rate the solution at an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
WA
Network Security Engineer at a manufacturing company with 5,001-10,000 employees
Real User
Easy to manage, perfect for remote workers, and does not require technical knowledge

Pros and Cons

  • "Our number of users working remotely vastly increased during the COVID 19 pandemic. Check Point Remote Access VPN allowed us to quickly make the transition from in-office to remote work."
  • "There needs to be a way to create a VPN client specific to our environment so that we can easily lock down who can connect."

What is our primary use case?

We are able to allow users to easily gain access to internal systems from outside the organization. No longer is coming into the office a necessary requirement for our users. They can seamlessly transition from home/remote work to going into the office while still having the same level of access. We also have many users that need to manage servers who are able to connect to the internal servers from anywhere - allowing them to still do their jobs from anywhere. Connecting to VPN doesn't require a ton of technical skill for those not in the technical field.

How has it helped my organization?

Users who need to work remotely for any reason can still do their jobs despite their location. The solution is also incredibly easy to manage. It's pretty much set and forget once the blade is turned out and configured. No day-to-day maintenance or configuration is required from the security operations team to keep it running which is welcome considering actual user help tickets are abundant throughout most organizations. Many times our service desk needs to enter the connection settings for our end-users, but that's about it.

What is most valuable?

Our number of users working remotely vastly increased during the COVID 19 pandemic. Check Point Remote Access VPN allowed us to quickly make the transition from in-office to remote work. There was no need to make any changes at the firewall level once we saw a large number of users go to work from home for safety reasons. If the VPN client was installed on their laptop they were good to go. The client also supports MFA, which is important, especially considering all of the remote work happening these days. 

What needs improvement?

There needs to be a way to create a VPN client specific to our environment so that we can easily lock down who can connect. The VPN client install should be specific to our environment. Our service desk does get some complaints about users not being able to connect. Sometimes it's because the VPN client has updated and they've lost their connection settings and don't have a record of the connection settings themselves. Other times, the VPN client needs to be reinstalled or upgraded to allow them to connect.

For how long have I used the solution?

I've worked with the solution for more than 5 years.

What do I think about the stability of the solution?

The solution is very stable and requires virtually no maintenance.

What do I think about the scalability of the solution?

The solution is easily scalable.

How are customer service and technical support?

Diamond support is typically fantastic. However, lately, they make us wait for our diamond support person instead of giving us a different tech to work with.

Which solution did I use previously and why did I switch?

There was no previous solution that was used prior to this product.

How was the initial setup?

The initial setup was straightforward.

What about the implementation team?

We handled the entire process in-house.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
SM
ICT at a manufacturing company with 501-1,000 employees
Real User
Top 5
Stable, supports dual-factor authentication, and facilitates Smart Working

Pros and Cons

  • "For us, it was essential to integrate with Active Directory, which is our credentials repository."
  • "In an environment with multiple cluster checkpoints, the global properties common to all clusters in some cases give problems."

What is our primary use case?

We use this solution to permit the connection to on-premises resources to internal and external users.

We use rules specific to external users based on the real access needs of the specific company, whereas, for internal users, other rules are used.

Users connect to our headquarters and then through private connections, they reach the resources distributed in the various locations. Using dual-factor authentication, we improve the identity security of the users and also protect our company.

Check Point has been our strategic partner for approximately 15 years. 

How has it helped my organization?

Check Point Remote Access VPN has improved our organization because it has allowed remote access to various users. This includes external consultants who use their devices to access our resources, as well as internal users who use corporate devices for remote access.

With the current pandemic, the use of Smart Working has increased considerably and this solution is essential to meet the needs of users.

With the latest version, we have introduced dual-factor authentication and in this way, we have greatly increased security on the identity of the people who connect. It also allows clientless connection with major operating systems.

What is most valuable?

There are many features that make this solution interesting.

For us, it was essential to integrate with Active Directory, which is our credentials repository. 

The option of using SSL VPN, which is clientless and does not require the installation and configuration of a specific client, is a very important feature. Especially given that the latest cyberattacks are against dual-factor authentication, it allows you to significantly increase the security of the identity of the people who connect.

What needs improvement?

I would like to have the ability to specify different policies in a simple and quick way, depending on whether I am using the secure remote client or the SSL VPN.

It would be very useful to be able to apply different policies depending on the authentication method. For example, an 801x authentication can have different native permissions from those who enter the username and password.

In an environment with multiple cluster checkpoints, the global properties common to all clusters in some cases give problems.

For how long have I used the solution?

I have been using Check Point Remote Access VPN for about 15 years.

What do I think about the stability of the solution?

Stability-wise, this solution is good.

What do I think about the scalability of the solution?

For me, the scalability is very good.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

What's my experience with pricing, setup cost, and licensing?

The price of this product is good.

Which other solutions did I evaluate?

We did not evaluate other options.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Kirtikumar Patel
Network Engineer at LTTS
Real User
Top 5Leaderboard
Multi-factor authentication helps to securely provide access to company resources while working offsite

Pros and Cons

  • "The most valuable feature is the seamless access."
  • "We would like to see support for a layer seven VPN over UDP."

What is our primary use case?

The primary use case is to allow our employees to connect to the firewall on-premises, then they can access our office resources. This includes their respective computer, the intranet, shared files, and local applications, even if they are outside of the organization's network.

Our production will be locked down if my VPN stops working, leaving the company unable to work. As such, this is a crucial service for us and resources need to be available for each of our users when working remotely.

How has it helped my organization?

Prior to using Check Point Endpoint Remote Access VPN, our previous solution required installing certificates on every user's machine, which was a very difficult task.

Our old solution did not offer two-factor authentication, which we now have implemented. This helps secure against ongoing cyber theft and threats.

What is most valuable?

The most valuable feature is the seamless access. Using this, we control access to our on-premises resources, and our users who are working from outside are easily able to access their office area computers, file servers, and intranet applications.

This product allows us to provide WAN access for our users, whereas prior to this, we could not make the whole intranet available.

Multifactor authentication is very helpful for us.

What needs improvement?

We would like to see support for a layer seven VPN over UDP.-- currently some VPN solution are working on Layer 7 Platform.

The updates under Windows 10 are not always up to date, and we have trouble upgrading remote clients. We have also had trouble deploying new clients.-- The Check Point Remote VPN new client is giving trouble us during upgradation with older version of Windows 10

For how long have I used the solution?

We have been using the Check Point Endpoint Remote Access VPN for the past four years.

What do I think about the stability of the solution?

We have had no problems with stability and it is working smoothly.

What do I think about the scalability of the solution?

Scalability is good. We have more than 500 users who are working on it.

How are customer service and technical support?

The technical support is good.

Which solution did I use previously and why did I switch?

Earlier, we had a traditional VPN, which did not help in running our business seamlessly. 

How was the initial setup?

The initial setup is straightforward.

What about the implementation team?

A vendor team assisted us with implementation and deployment.

What was our ROI?

Its complete ROI, as expected. 

What's my experience with pricing, setup cost, and licensing?

This is a very good solution for our employees who work outside of our organization.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PL
Firewall Engineer at a logistics company with 1,001-5,000 employees
User
Top 5Leaderboard
Great MEP functionality, perfect for remote users, and has an easy basic setup

Pros and Cons

  • "For a basic setup, implementation is quite easy."
  • "The non-standard setup is quite complex as you have to do changes via GUI and CLI."

What is our primary use case?

We are hosting environments for our customers and ourselves. With Check Point Client, VPN users that aren't in their internal networks can connect via a secure connection into the internal network.

Remote users use different clients (Windows, Linux, and Mac OS) so depending on the customer, there is either a client connection or a clientless approach (using a web portal).

Users can also be identified if they use the Client VPN solution. If you want to identify them inside the network you have to use an IA agent.

Once set up, it simply works without issues.

How has it helped my organization?

The main advantage is that if you already have a Check Point Gateway in place you don't have to buy additional hardware. You only need to check if there are enough resources on the gateway for the additional load and decide how many concurrent users you need.

The installation was fairly straightforward thanks to the Admin Guide and the User Center.

Adding a Radius or similar to use for the user authentication can also easily be done so you don't have to create local users. Depending on the size of the user base I would also recommend MFA.

What is most valuable?

A normal Check Point Gateway has, with the base license, 5 concurrent users included. This means that in emergency situations you don't have to buy additional licenses.

During Covid, the license was increased and therefore it was easily possible to have several users working from home.

It's possible to either have a client installed on the user's machine, or have a clientless approach using the web portal. 

There is MEP functionality, so, based on the user's location, it minimizes the latency by connecting to the nearest entry point. 

What needs improvement?

The non-standard setup is quite complex as you have to do changes via GUI and CLI. Luckily, Check Point knowledgebase articles help you, however, there are so many resources you have to go through.

The Client VPN licenses are for concurrent users and there is currently no way to prioritize certain users over others.

There is no possibility to increase the number of concurrent users for a short time (except if you have unlimited concurrent users licensed). This could help during emergency situations where there are more client VPN users than anticipated.

For how long have I used the solution?

I've used the product for over 7 years.

How was the initial setup?

For a basic setup, implementation is quite easy.

Disclosure: My company has a business relationship with this vendor other than being a customer: We're a check point partner and also host and administrate our customers environments.
Flag as inappropriate
Buyer's Guide
Download our free Check Point Remote Access VPN Report and get advice and tips from experienced pros sharing their opinions.