Check Point Remote Access VPN Room for Improvement

Network Security Engineer at a financial services firm with 51-200 employees

Currently, we're using Check Point Endpoint Remote Access VPN R70.30.03. That's the latest version of R70.30. We haven't upgraded to R80 yet, but all of our firewalls are R80. We've been through many iterations of the Endpoint VPN client. I remember awhile ago, it was very difficult to deploy and not have problems, but they've come a long way. Now, it's a lot better. 

I have worked so much on this in the past with Check Point that they actually had their vice president of product development call me. I remember one of the things that I told him need room for improvement, which I still haven't seen: When you want to deploy a new Check Point agent, it is really a pain in the butt. For example, Windows 10 now has updates almost every couple of months. It changes the versioning and things under the hood. These are things that I don't understand, because I'm not a Windows person. However, I know that the Check Point client is installed on the Windows machine, and if the Check Point client's not kept up-to-date, then it's functionality breaks. It has to be up-to-date with the Windows versions. Check Point has to update the client more often. Now, the problem is that the Check Point client is not easy to update on remote computers and it's not easy to deploy a new client. 

They need to improve deploying a new Endpoint Remote Access VPN client and updating existing Endpoint Remote Access VPN clients. Especially if you want to deploy a new one, it's not an easy process. Their software doesn't really support creating a new Endpoint Remote Access VPN client. There is a lot of manual activity. They need to automate it better. You have to create a generic client, download it to a computer, and install it to the computer. Then, you have to find a file deep inside the directory that it creates. It's like a text file, then you take that text file out and edit the settings in it. For example, I have to tell it to connect to a site which contains our firewalls or else it's like a phone with no phone numbers and I have to put in the phone numbers. This should be done when I download the client the first time from their GUI, but it is not. Instead, I have to install a generic blank version on a computer, find a text file, and edit the text file with the sites of firewalls that the users have to connect to specific to my company. I have to make other setting changes in that version, save it, reboot the computer, find the file again, take that file out of the computer, upload it to GUI, and deploy a new version. Then, I install it after I uninstalled the old one. Of course, all the uninstalls require reboots. So, I am rebooting it like five times now. After that, I have to install it and check the settings. Half the time they don't save the way you want them to save. It is very tedious and terrible. 

Even learning that process was a nightmare, because it's not like they have a nice article that explains it to you. They don't. I was bumping my head up against the wall with support for almost six or seven months trying to figure that out. Half of them didn't even know how to do it. That was miserable. But now that I'm an expert on it, I can probably do it within a half a day to three days depending on if it gives me problems or not. That's still miserable, and it should be as easy as: I upload the new version of the client, put in the information that I want it to have on the settings, click download, and install, then it works. It should be that easy. There's really no reason why it's not, except for they didn't improve that process nor have they developed that area. It makes me think that their interest isn't in VPN solutions, even though it should be because it's something that they offer. Otherwise, their support is great.

View full review »
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees

We are very happy with the Windows client. You log in with the VPN for the full client, you do the log in there. But for Linux machines, they don't have a full client to install. It is important because we have some users that use Linux and they don't have a specific application from Check Point to use. That is something that could be improved. 

View full review »
Oleg Pekar
Senior Network/Security Engineer at Skywind Group
  1. The Compliance software blade is available only for the Windows operating systems family, so no macOS security checks are implemented and performed. This is valid for at least software version E82.30, which we currently use.
  2. In addition, there is no full client of the Check Point Remote Access VPN available for the Linux operating systems families. That is important since some of our administrators prefer to use this OS even on their home PCs. We hope that Check Point would develop a client for Linux in the future.
View full review »
Learn what your peers think about Check Point Remote Access VPN. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
501,499 professionals have used our research since 2012.
IT Tech Security Management at a logistics company with 1,001-5,000 employees

I cannot see the full effect of the antibot solution because it relies on having access to the DNS queries, which might not go through the Check Point firewall when you're using it for perimeter networks. In this case Check Point will not identify the actual source of the DNS queries associated with antibot activity. This may be related to the customer architecture, however, and not due to product limitation. I don't know if it can be improved on the Check Point side or not.

The solution should allow for the automatic identification of destinations. 

We have a URL qualification on the on-premises deployment model; this should also be the case on the cloud. The automatic classification should be done by the cloud team instead of having to specify or subscribe to a RSS for the information, we should be able to have an object that represents such cloud services. It's possible that Check Point already allows for this, but if they don't they should.

View full review »
Kirtikumar Patel
Network Engineer at LTTS

We would like to see support for a layer seven VPN over UDP.-- currently some VPN solution are working on Layer 7 Platform.

The updates under Windows 10 are not always up to date, and we have trouble upgrading remote clients. We have also had trouble deploying new clients.-- The Check Point Remote VPN new client is giving trouble us during upgradation with older version of Windows 10

View full review »
Senior System Engineer at Thai Transmission Industry

In terms of improving the service, I think they could add more features, like the security to block off the doors, or create another hatch, something like this. They could make the features safer, add malware to make my mail and the Kryon system safer and to protect data at an earlier stage.

View full review »
IT System Integrator at a financial services firm with 201-500 employees

The solution should include the ability to integrate the equipment's functionality with others. For example, we would like Checkpoint to be able to integrate easily to the public key infrastructure. According to Checkpoint, there is no use case for this right now. 

The interface itself needs improvement. When you need to create something, you have to go through a lot of steps. It needs to be simplified. 

View full review »
Assistant General Manager IT at a non-tech company with 1,001-5,000 employees

There is always room for innovation and the addition of new features.

View full review »
Learn what your peers think about Check Point Remote Access VPN. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
501,499 professionals have used our research since 2012.