We didn't find any major feature missing or lacking in Check Point products that we used. We'd just like them to continue to improve their products with new features and updates. 

We'd like to see more and more integration possibilities between Checkpoint and other vendor security solutions such as Malwarebytes, SIEM solution providers, and standalone vulnerability scanners.

The Check Point SandBlast platform could also be merged with the Check Point GAIA platform for a central management console and easier controls.

I am happy with Check Point Security Management. However:

1- In order to work management console, you need some good appliance or you need to provide more CPU and Memory to the appliance.

2-If you overload your appliance with detailed log, you need additional appliances. For big companies even smart 5150 kinda devices is not enough.

3-I normally had trouble updating licenses automatically. We always need to add manually and this is tiresome.

5- API seems to be fine but need some improvements and Check Point should provide scripts to its customers for tiresome jobs.

We would like to improve the upgrade process in order to do mass upgrades to firewalls and to be able to upgrade target firewalls at the same time.

I would like to be able to use Check Point Security Management in a way where it is hosted on the cloud. I'd like secured Security Management directly reachable from wherever you are with no need to install the Check Point client software on the laptop.

I would also like to have the ability to easily export the Check Point security policies in order to exploit the data in other applications and have more compatibility with other applications.

There is room for improvement in reliability. 

Some of the configuration elements could be improved. 

More automation of the tasks that now need to be performed at the level of the operating system could be made more streamlined. For example, we've often had issues where the log space has filled up. It would really be nice to have a feature in the GUI that addresses the cleanup of old files/logs. This is very much a manual process now. I have to get a putty or WinSCP session to the device and dig through the directory structure to find old files that are safe to delete. Luckily, I haven't accidentally deleted any critical files (so far).

Currently we have option to create rule with Access Role, but it is also asking network as well, so my suggestion if we mapped user and machine both then the network should be not compulsory. 

This will reduce our effort to creating rules.

Above is only my suggestion for access role rule type

Check Point EDR has room for improvement, especially in the area of Data Loss Prevention where it currently lacks functionality. 

I'd also like to see enhancements in content filtering and categorization features.

I would appreciate the ability to restrict forwarding of confidential documents to specific groups, ensuring tighter security measures.

The tool is expensive.

Check Point could improve by enhancing the networking in their solution in order to align it with the existing network architecture.  

To perform a service cutover, such as migrating from one firewall to another or bringing up a new firewall, it is essential to thoroughly study and understand the customer's network architecture. This is a complex and challenging process that requires careful deployment and configuration. However, once the firewall is successfully connected to the environment, it becomes very robust and provides comprehensive cybersecurity that meets the needs of the customer.

I would like it to be the administrator of equipment or Next Generation firewalls (which have to be managed on this platform) and to be able to manage other services (like Harmony) that also belong to Check Point. We'd like to be able to manage them from the same platform. Although they are within the same portal right now, they are not managed in the same way nor are they from the same teams. It could be a very innovative future integration and will help to centralize this section while having the characteristics under the same management.

While the console and administration work well, they have to work on performance since it consumes a lot of CPU and memory. There is also latency in the administrative panel when entering. There has been a problem with updating licenses as well. There is ground-level feedback based on interaction with the relevant stakeholders that states implementing it would make a major difference in the overall experience.

Check Point Security Management lacks some of the competitor features. 

In the future, I would like the platform to be able to integrate or manage appliances or third-party equipment. That would give us a management solution that is able to adapt to the technological changes that we have today. 

Maybe we could see if the brand or the services become commercial allies of other brands. I know that it is something that is requested a lot, however, better integration could be beneficial for the market and for users when purchasing a service in the market.

The upgrade procedure already made huge improvements, yet it remains more challenging compared to other products. However, everything is well documented and the Check Point support is very skilled, so risks are rather limited. 

As this is probably the most complete product within its segment, no huge improvements are required from my point of view. Another problematic point, the policy installation duration time is solved since version R8x, so that's good. Clients always tell me: "Check Point is the Rolls Royce within this segment, it is outstanding". 

The web administration tool that allows administration in the browser must be developed even more. When one tries to enter the panel, the loading delays us. 

They can also implement version updating. 

Another feature that could be improved is the export of configurations to .CSV. This would further simplify the management and compliance with rules.

They could offer educational courses to help individuals improve their knowledge and skills.

From the Check Point Security Management solution, it's possible to get the situation of my clusters. I guess it lacks in providing visibility of the many incidents. Hence, the visibility of incidents is an area where I want the solution to improve.

I would like this solution to be integrated directly into the Cluster XL equipment. We'd like something that is all in one. The implementation becomes quite complex due to the extensive and not very graphic guides that we can find on their portal. 

Policy installation time can be reduced. Proof of concept really matters on this subject. Every organization's needs are different and unique. Therefore, before you purchase the product, use proof of concept as much as you can. 

The management API can be further developed so that all functions offered by the dashboard are also available via the API (for example,  Network Topology).

The new web management tool which allows the management in the browser has to be developed further so that all functions from the dashboard are available. Many of our administrators work with a Mac OS. Until now, the management of rules is only possible on  Windows as the Smart Dashboard is only available for Windows. Now, with the first release of the web interface, it is possible in the browser. All functions from the dashboard must still be possible via the web interface.

One possible improvement for the platform would be the import of security policies via CSV or CLI. Even though the platform is simple, and creating security policies is a fairly quick task, creating a bulk of policies at once (ie. for a migration) could be a useful tool. This is probably possible through scripting, however, having an easy-to-use "import CSV" button would be beneficial.

Another feature that could be improved is the export of configurations to CSV. This is often useful to map current firewall policies or NATs. I understand that this feature is available currently, but would CSV bring objects with names (but not IPs) and groups (but not the members). The improvement of this feature would surely be welcomed.

Check Point Security Management Server integrates seamlessly with other Check Point security products, providing a cohesive security ecosystem for organizations. It also offers compatibility with third-party security solutions, however, it is not a lot. This needs to be improved.

Check Point offers comprehensive product support and documentation, including online resources, knowledge bases, and technical support services. This ensures that administrators have access to the assistance they need to deploy and maintain the Security Management Server effectively, but when customers raise issues, the support is not satisfactory and timely.

There are some improvements that can be generated in this solution. For example, their internal environments and dashboards should all be updated to look pleasant on a visual level.

It would be helpful if the documentation and good practice guides are updated. Many are still from R77.

At the support level, they should expand the languages of attention to be able to expand support in countries where the English language is not standard.  They could improve the response time when it comes to providing customer support.

Initially, I was not a huge fan of Check Point's SmartConsole; I'm not sure why; perhaps it was because I was used to using only the web interface in other vendor firewalls like Palo Alto, Fortigate, and so on.

Now that I've tried it, I have to say that it's the greatest way to handle firewalls. There are some flaws, however, Check Point is working to correct them with each version.

They need to make a Mac version of the SmartConsole, in my opinion.

Aside from that, I'm satisfied with Check Point solutions.

It would be great if the SmartView Monitor could become integrated into the SmartView Console Platform. As it stands, it will still open the old R77 SmartView monitor session, which is a bit flaky and slow. If the SmartView monitor could be integrated into the R80.40 and R81 versions, that would be great. It would help us in unpacking the trends and graphs and see how traffic is observed when hitting the different Check Point Firewall Gateways that the Security Management controls. It will help support teams to identify capacity limitations and have oversight into what's happening in the environment at any given point in time.

It would be great if the SmartView Monitor could become integrated into the SmartView Console Platform. As it stands, performing a smart view monitor will still open the old R77 SmartView monitor session, which is a bit flaky and slow. If the SmartView monitor can be integrated in the R80.40 and R81 versions, that would be ideal in understanding the trends and graphs of how traffic is observed hitting the different Check Point Firewall Gateways that the Security Management controls. It will also help support teams to identify capacity limitations and have a foresight of what's happening in the environment at any given point in time.

Check Point's hybrid cloud integration needs significant improvements. These resources need to evolve as data transfers to the cloud increase, so hybrid cloud models are easier to implement. Better hybrid cloud integration would improve how we manage our security logs and provide our administrators with a low-cost solution that enables them to meet all our essential requirements. 

Being a security appliance, there should be the ability for the Security Management server to send email alerts via authenticated email. One of our requirements from the organization is to not use unauthenticated email and to only use authenticated email which this does not support.

SmartConsole should be available for MacOS machines. Not every Network/Security administrator utilizes a Windows machine. Being a Mac user, I need to have a VM with SmartConsole installed in order to be able to manage my gateways. I have heard the newer versions allow management through a web version however I have not tested it as of this moment.

I like that the Compliance software blade is available for free with the Security Management server purchase, but it is free for only one year - after that, you have to buy an additional license to continue using it. I think such an important feature is vital for the management server, and should not be licensed separately. 

Also, the SmartConsole application used for management is currently available only for Microsoft Windows OSes. I think many administrators use macOS and Linux, so it would be nice to have native apps for these platforms as well.

As for the support, it is not the best. 

The hours are different from those in America. They generally respond to us at dawn. They are not as fast or efficient, and they could improve in this area.

Every manufacturer must have enough documentation for client implementations and proof of concept. However, Check Point has many outdated manuals. These should be simpler for users and help them to manage their environments with the best practices.

They should improve the ease of licensing.

In my experience, the place they can improve the most is in the technical support where I have had some serious problems that could not be solved in time due to a lack of knowledge of the assigned engineer.

It would be a good policy to try to assign senior engineers when it has been verified that an incident is critical and urgent for a client and not to resort to less-experienced technicians that can put at risk the recovery of the attacked assets.

Apart from that, at the architectural level, it is a very competent and versatile solution.

Troubleshooting is quite complicated within multi-domain management. If an issue arises, the local administrator has to keep in mind that there are other domains that could be also affected.

For each version, you have to download a new GUI. Sometimes the GUIs have fixes in them. If you need a new one, you have to inform and update all administrators too.

Some features still use the legacy GUI, however, as far as I know, it is planned to include this in newer versions (R81+). 

Unfortunately, there is still not a rule checker in place where you can insert SRC/DST/Port and it shows you which rule it matches.

Sometimes there are some performance issues that cause certain operations to run slowly, however, that may just be due to the hardware it is running on needing to be stronger. Check Point could possibly lighten up the software code so that it is not as resource-intensive and will run more smoothly on a variety of hardware and cloud or virtual machine platforms. 

More ability for users to generate reports for traffic flows, firewall performance factors like CPU, memory usage, total bandwidth consumption, and tracing heavy traffic (elephant) flows would also be great.

The Security Management server could be improved. If it provided an inbuilt authenticator for multifactor authentication, that would be ideal. Currently, we have to depend on a third party for multifactor authentication. 

It would help us greatly in securing the remote access users if Mac binding can be done for remote access VPN users in mobile. It would be helpful if we could enable URL and application traffic control remote access. 

The logging and reporting are good, but it would be helpful if more report templates were available.

You need some technical expertise to use the solution. I don't think it's accessible to the typical end-user. You need to access the box and use some command lines or the web interface. It would be nice to have a user-friendly dashboard and comprehensive reporting. 

Among the things that I would like in the future is for the solution to have its application on Android and iOS, as many of the administrators have adopted remote administration positions due to what has happened since the pandemic. This would help us to have an easier and simpler administration. I believe that these mobile solutions are part of the technological evolution and the promising future that new technologies bring us; this will help us with future innovation and management.

In complex environment, the Security Management system manages many firewall gateways. There are thousands of security rules in the server and there are also other security settings about Check Point blades. Database in the server becomes large. Hence installing policy takes very long time to complete. Imagine that the administrators must process their daily tickets. They make configuration changes in Smart Console of Management Server for the first ticket, and while waiting for installation completion, then they receive the second ticket, a critical case, what should they do? This is only one of the situations that the administrators are facing in operation. Hope that Check Point can improve the processing time of installation.

It could improve by showing DNS-specific information for connections to unknown public IPs. 

Check Point could also improve management by not having applications for each version released because we have to install a new application for every version it is not very nice. They could do that by moving management to the web so that we do not have to install a client for every version. 

The fact that you have to connect to two different applications for management, does not make it the most usable. It could be great to have a system setting and policy setting done from one interface. 

Overloading and access to many members simultaneously slow down performance, which can lead to security threats. 

New users working with this software find it hard to integrate effectively with other applications without the input of the customer support staff. 

It sometimes blocks safe sites when I am researching, affecting the overall output and wasting time. 

If the authorization commands are not well set, it slows down the working capacity of the Operating System. 

I love the current version with upgraded features that can block more attacks and protect our work environment.

The application filtering and URL filtering could be better.

They need to improve on this kind of technology as the Palo alto is ahead of the application-based and zero-trust-based approach also the cloud-based application control also user identification through the LDAP and other user directory settings to provide the proper solution.

Check Point has a complex range of reporting tools, some of which can take time to learn and be comfortable with. 

It is advised to make the processes simpler.

Need to have simple scripting and automation methodology to automate the networking operations.

This security control system has efficient features that have transformed the company to help it achieve set international standards. 

Most of the features provide excellent services that cannot be extracted from other platforms. 

It can be scaled down to provide services based on the company's demands and lowers operational costs. 

Sometimes the security system slows down when it is overloaded. Poor configurations have led to data leakages and weakened security signals. 

The overall performance has impressed all the team members and provided a secure environment for better workflows.

It is very difficult to recover policies from the gateway in case if you lose your security management server, and don't have a backup.

The backup functionality (Migrate export command), which covers policies, can not be operated from the GUI. Instead, we have to log into the CLI and generate a file then take it out. For those not familiar with the Command Line interface, there should be an option in the GUI for operating backups. There should also be an option to automatically schedule the backup. 

The smart dashboard is a very heavy application. If we could directly connect & manage firewalls from the Management server itself then it would make it very easy.

I've found the solution was a bit unstable. It would be better to improve the stability of the service. Another thing that needs to be improved is the Checkpoint support. Very often they were not able to solve the problems that we had. Sometimes to solve problems you need to install a new Hotfix or Custom release - and that can generate some side effects that can create instability problems. It's necessary to improve the support - especially the one that is provided in India.

Support is the main area that they need to improve. Our support experience is not very smooth. We are based in Africa, and we don't know whether it is because of our region.

I would like a feature where there is a workflow to provide authorization to some users before they're able to create and apply rules. Such a feature should be integrated with the management. It should not be in the box that comes with it.

As for improvement, again, the bandwidth regulation is an issue - it is not up to my expectations. If they could improve that it would be good.

In future releases I'd like to see better integration with other applications and solutions.

Also, the cost of the license is too high, it's too expensive.

I would like for users to have more control over the platform in the next release. Right now, the system is very central and general requiring new rules to be created that better-suite our requirements.

It depends on the user, but all of the checkpoints need improvement. The only place I need a bit of an update, for example, is in the endpoint management. There are some policies that are embedded that you have to examine if you have sensitive users. 

For some applications, the default acts as a manager. However, in a system with a history of being breached or where users are given access based on their job function, we seem to have issues particularly there.

The reporting should be improved in future releases. It needs to be very explicit. This is very important.

I would like the ability to have an overview, cross-site: One portal that does all firewalls.

The tracking of new threats could be improved.

The solution could be improved in these ways:

1. In order to work the management console properly we're required to have more memory and CPU on the system where we need to install a setup.

2. Due to the large size of logs generated for daily traffic, even when old logs purging is enabled, we need to delete old logs manually or else it causes errors while publishing policies which slow down the process.

3. SD-WAN functionality could be added.

4. The required license addition for every blade is a bit of a complicated task for normal IT admins to understand.

I would like for Check Point to add some features like the Smart Monitor on the R77 that are available on the SmartConsole of the R80. Now, we need to open a different application to have access to it. There are some applications that worked in the past but were not too integrated with a new application that communicates with the manager. There are some applications that should be integrated into the SmartConsole. I don't know if they will be, but everything should be on the SmartConsole and we shouldn't need to open another application.

The migration from R77 Manager to R80 is a major upgrade. It's not very easy to do. There should be some kind of Wizard for a direct upgrade from the R77 to the R80. There should be an easy way for the customers to do the upgrade.

The graphical interface is nice but it is a bit heavy. Even installing the policies is often a very slow activity. Sometimes it happens that the rules are scattered in several points such as global properties, security policy, and/or application policy and it is difficult to find the point where to intervene

We had a lot of problems with the VPN blade on the solution.

We sometimes have trouble with the performance of the solution. Maybe some performance tuning options could be added in a future release. There should be more visibility about which blade in your firewall is causing the latency. That would be nice as well.

The client of the management needs to be improved. 

The solution is a bit slow. The speed should be improved. 

If there is a possibility to use the URL instead of client management in a future release, that would be ideal.

In the last version from 80.20, there are some issues around SSNA Diction. I would like this to be improved.

The usability of the solution could be improved.