Check Point Security Management Reviews

I mainly use this solution for endpoint security, to capture data with a secure approach.

Our data is the most important thing, therefore, it's essential that it be secured. Checkpoint has been very effective in terms of threat management and comprehensive protection against vulnerabilities, and it has given us confidence that our data is not going anywhere. 

The tracking of new threats could be improved.

I've been working with this solution for a couple of years.

Check Point's stability is good.

My experience with technical support has been good.

The initial setup is straightforward.

The return on investment is that our data is safe, Check Point offer upgrades, and we get the best possible cost-effective price.

I looked at Sophos, but Check Point's security coverage is better.

I would definitely recommend this solution to anybody thinking of implementing it. I would give it a rating of nine out of ten.

We use the solution for a distributed lean IT environment where there's a need to monitor logs, threats, and events, or requires configuring security policies within a single dashboard.

It's great for customers who are searching for an upgraded top to bottom yet simple and improved log management solution. In such cases, Check Point Management works perfectly.

Wherever we have provided such a solution, it has become very easy for IT administrators to manage not only a single location but also geographically distributed workplaces.

It works similarly to other management software in the industry, but Check Point is far beyond all others due to its management log monitoring functionality.

After integration with the R80 series, Check Point has made most organizations become relatively secure as configuration with security policies, IPS, and log management extend to the maximum ability.

Previously, we needed to monitor all logs related to network traffic and threats and had to audit logs in different dashboards which sometimes felt time and memory consuming.

With the R80 management consoles, all tasks become very easy - starting from gateway management, log monitoring, IPS configuration, global properties configuration, etc.

Some of the great aspects of the solution include:

1. Smart Event is a great feature of the Check Point management console. It gives a complete graphical view of more than a year of traffic flow including botnet traffic, malicious host present in-network, compromised hosts, and many more.

2. Object (based on IP, hostname, domain name) configuration.

3. Application and URL filtering configuration.

4. Log monitoring and alert configuration.

5. IPS configuration with improved performance.

6. Applying filters based on source, destination, port, application, etc. which is easy compared to all other vendors in the market.

7. Managing clustering for gateways - including their live health check performance - can be done on the dashboard itself.

8. The SSL VPN monitoring based on users and tunnel monitoring are great value-added features present in the management console.

The solution could be improved in these ways:

1. In order to work the management console properly we're required to have more memory and CPU on the system where we need to install a setup.

2. Due to the large size of logs generated for daily traffic, even when old logs purging is enabled, we need to delete old logs manually or else it causes errors while publishing policies which slow down the process.

3. SD-WAN functionality could be added.

4. The required license addition for every blade is a bit of a complicated task for normal IT admins to understand.

I've used the solution for more than four years.

Stability is always improving day by day with Hotfixes they are releasing.

We can scale up to a maximum limit.

The technical support is very knowledgeable.

We have good relations with Check Point. This is the main reason we have always preferred it. The technical support offered by Check Point is always a top priority.

Customer from Sophos to Check Point and ASA to Check Point has migrated to our centralized management from Check Point.

The initial setup is straightforward, however, it can get a little complex for migration from another vendor to Check Point.

We had the assistance of vendor support during the implementation.

Check Point licenses work very differently compared to other vendors. We need to purchase each blade in order to make it work, but we can easily obtain a trial (evaluation) license from Check Point to get visibility for the blade.

Check Point tries to maintain relationships with customers and they try to match their price with customer expectations.

Palo Alto is most preferred NGFW compared to Check Point, due to having a large market share.

Our primary use case is to have a centralized server to manage all of our Check Point firewalls, which are around 30 clusters of firewalls. We also use it to have a place where we can see, call, and centralize the logs.

Every day we have new projects and new applications that need to be delivered. We need to open flows on the firewall from one point to the other. Check Point helps our security team to create the policies in a centralized way, where we can even copy policies from one firewall to the other.

It saves us a lot of time, and it's very easy to use. We can clone objects and drag and drop. It's much easier than a few years ago where we used to have Cisco firewalls and we needed to do it on the command line. Check Point is much easier. We can very quickly place trainees to work in policy creation.

The features we like and find the most valuable are the ways we can manage the policy, create objects, and drag and drop objects in our daily operation. It makes our daily operation on the firewall management much easier than going, for example, to one firewall, then going to the other. We have a centralized point of managing the firewall in terms of firewall policy and in terms of threat prevention policy where we can easily review the antivirus policy. It has a good description of which protection we are applying to the IPS on the antivirus. It's very clear and easy to use.

The SmartConsole chooses which application communicates with the manager and allows us to create the policies and also look at the log of the traffic that is crossing all the firewalls. We can manage and also see the logs of what is happening on the firewalls.

I would like for Check Point to add some features like the Smart Monitor on the R77 that are available on the SmartConsole of the R80. Now, we need to open a different application to have access to it. There are some applications that worked in the past but were not too integrated with a new application that communicates with the manager. There are some applications that should be integrated into the SmartConsole. I don't know if they will be, but everything should be on the SmartConsole and we shouldn't need to open another application.

The migration from R77 Manager to R80 is a major upgrade. It's not very easy to do. There should be some kind of Wizard for a direct upgrade from the R77 to the R80. There should be an easy way for the customers to do the upgrade.

We have been using Check Point Security Management for three years. 

It has been very stable. We don't have many complaints about stability. Once every three months or so, there are some processes on the management server that we get stuck on and we need to restart the services. After we restart, we get back to normal.

It's very scalable for our use case. We have two security managers. We have one primary and one backup to manage all of our firewall infrastructure, and we have no problem with it. We always have a new firewall. 

There are around eight people who work with this solution in my company. They're network engineers. 

My colleague and I are responsible for the maintenance. 

We have a 100% adoption rate for all of the Check Point Firewalls. We all use this manager to manage the Check Point infrastructure.

We don't have any issues with support. The support is very good, especially if you work with the Israel group, but on this specific product, as this is a core product of Check Point, I would say all of the groups work fairly well.

We also have experience with Fortinet but it's like comparing apples to oranges. 

The initial migration from R77 to the R80 was a bit complex. We had the help of a third-party company for the migration phase. We needed to export from the old manager and import it to the new one. There were some modifications we needed to do. It's not very straightforward. They had more experience in those kinds of migrations. 

We have already done some upgrades and they are very easy and straightforward. For this migration, we needed to prepare the servers side by side to the old one, and we needed to do the initial configuration. It took like at least one week to prepare and to migrate it that way.

We do see ROI because we save a lot of time and we can have new team members working with the firewall very quickly. We save at least eight hours a week.

The pricing is in line with its competition, like Fortinet. 

Sometimes applying licensing in products gets a bit messy. We will apply for a license on the manager, specifically for the firewall, but you still see the firewall complaining it doesn't have any rights. In this case, we need vendor support to fix this kind of situation.

We need to devise whether we need to have remote sessions with regard to why the firewall is complaining. There must be some kind of protection for the people not to flip licenses that they shouldn't. Sometimes when you buy a new firewall, the licensing is not straightforward to apply. After we fix it, we never have issues again.

This solution is overall our favorite Check Point product. It's a product that you need to have if you have a Check Point Firewall. If you have a Check Point Firewall, you need to have to Check Point Security Management. You cannot manage the firewalls directly, you need to have the manager.

I think it's the best product Check Point has and is the one that makes the difference. When you compare it to, for example, Fortinet, which has a manager that is web-based, it's not as easy to use and easy to drag and drop objects. The way to see the logs is not as good. It works better than web-based FortiManager, for example.

Palo Alto is also web-based, but me and my team, all of us prefer the SmartConsole over the way we have to manage FortiGate. It's very easy to search for rules on the policy, Check Point is much easier than the competition.

The competitors work well but Check Point works better.

If you refresh the page, you will lose what you did. Even the screen resolution is dependent on the browser. Drag and drop is not as good as with Check Point. It's by far the best product we have to manage firewalls. I think the thing that makes the difference on the other Check Point firewalls.

My advice would be to try the SmartConsole before deciding if you want to go ahead with buying Check Point Firewalls and the manager. You can install the application in any Windows, computer, or Windows server and try the SmartConsole in demo mode.

I would rate Check Point Security Management a nine out of ten. 

We use this solution to manage and configure all of our firewalls distributed across multiple remote locations. We can do it with a single interface where policies are created, managed, and distributed across all locations.

Check Point Security Management has improved our organization because all corporate firewalls can be managed with a single interface. Many objects are common in the policies of the various sites, thus saving time when it is necessary to create or modify access policies.

Check Point Security Management has a beautiful interface for viewing logs and access reports. You can create many filters and run queries from a modern graphical interface without resorting to shell commands.

The graphical interface is nice but it is a bit heavy. Even installing the policies is often a very slow activity. Sometimes it happens that the rules are scattered in several points such as global properties, security policy, and/or application policy and it is difficult to find the point where to intervene

I've been using Check Pont for 15 years.

We are primarily using the solution as a firewall, and for some IPS features as well.

The firewall's blades are the solution's most valuable feature.

We had a lot of problems with the VPN blade on the solution.

We sometimes have trouble with the performance of the solution. Maybe some performance tuning options could be added in a future release. There should be more visibility about which blade in your firewall is causing the latency. That would be nice as well.

The stability of the file blade is good. However, there are a lot of blades, and some of the blades have bugs. For example, the VPN is not so stable. Aso, sometimes when we have high loads on our firewall because we have 20,000 users, the Firewall blade also has trouble.

The scalability of the solution is good. However, we have four or five firewalls and that's more than enough, so we don't need to increase the usage. We have about 20,000 users that go through the firewall at this time.

We don't go through technical support if we need assistance. We instead go to our consultants which assist us if we run into any issues. The consultants may sometimes open cases, but we have no direct contact with Check Point.

We didn't previously use a different solution.

In general, the initial setup was straightforward. Deployment for us took quite long because we migrated in small steps. That was our choice and had nothing to do with Check Point. We have five people managing the solution, and we have two consultants that sometimes help us with some troubleshooting and features.

We used a consultant to assist with the implementation.

Before choosing Check Point, we evaluated FortiGate from FortiNet, Sonicwall from Dell and Cisco FW products.

We're using the on-premises deployment model.

I'd rate the solution seven out of ten.

One of the most valuable features is the console application.

It's a great solution for management. We can manage a lot at the same time with one security management system. Also, each gateway depends on the other, which is helpful.

The client of the management needs to be improved. 

The solution is a bit slow. The speed should be improved. 

If there is a possibility to use the URL instead of client management in a future release, that would be ideal.

In the last version from 80.20, there are some issues around SSNA Diction. I would like this to be improved.

The solution is scalable.

I haven't contacted technical support a lot. I have a colleague that's had issues with a certain version of the solution, and they have made contact. They've had issues, but for me, technical support has always been fine.

The initial setup is not too complex, but those setting it up should have knowledge of Unix as well as some knowledge in Linux command lines. 

We're a partner. We help clients implement the solution.

We are using the on-premises deployment model.

I would rate the solution eight out of ten.

This solution is used to validate the firewalls, and it performs this function very well.

It helps us control what people are accessing, inside the company.

URL filtering is a very important feature.

The usability of the solution could be improved.

I think stability is good. We haven't had any trouble.

The scalability looks fine.

My company has used technical support, but I have not.

In the past, we had a type of proxy for our URL filtering. The idea was to have everything packaged in the same solution. We removed the proxy and started to use just the firewall to control URL filtering and normal firewall rules in the same solution.

When selecting a vendor, we always check the industry reviews. Then, we analyze the features and, after that, the price-feature combination is the most important factor: which one has the best price and has the features we need.

Pay attention to the stability of the solution because it's very critical.

I would rate this solution a nine out of 10. They need to improve the usability. It's good but it can always be better.