If you were talking to someone whose organization is considering Check Point Virtual Systems, what would you say?
How would you rate it and why? Any other tips or advice?
My advice for anybody who is considering this solution is to start by identifying high-bandwidth use cases. If you have any, and you have a high-security requirement, then I suggest considering other options. This is a secure and reliable solution for us, although we are a bit disappointed with the limited scalability and resource consumption. I would rate this solution an eight out of ten.
There are two deployment model modes in Check Point. One is a gateway level and one is a no gateway all-in-one box solution. With the gateway level, only hardware will be there, all operating systems are stored in a VMware and if there are any issues in the hardware, you just replace the box; all of your policies will be saved into VMware. The all-in-one box you have the GUI policies and also the gateway so it's secure. If there is an issue in the box - like failure or downtime - all of the networks will be affected. I would rate the solution eight out of ten. We haven't been using it too long, so we haven't had a chance to look at all aspects of the solution. I would recommend Check Point to customers because it is an affordable option.
The web application firewall is commonly used in most firewalls now. If they can add that as a feature, it would be a very strong scenario. When we use Check Point on a perimeter or a DMZ zone, the first thing that clients ask is if there is wireless protection. Check Point has IPS (Intrusion Prevention System) but it does not have wireless protection. So if production is using the cloud if they can integrate mobile app protection, mobile shielding, there's more value for Check Point, but if they include that, Check Point could be the very best firewall option. On a scale from one to ten, when one is the worst and ten is the best, I would rate Check Point as an eight. It needs to do better in pricing and with broader features for mobile. One thing that I learned from multiple installations of Check Point is that you have to train the customer before implementing. Unless the customer is already a highly skilled security engineer so that they know what they can get out of the product, they will not be as satisfied. Otherwise, just before the deployment, we have them go for training so they understand the product and what it can do. They will be happier and they won't choose to go with another product in the future. Even with my engineers who understand many other products, I trained them properly before I send them out for deployments. Check Point is not a product that if you don't know you can just install without knowing anything about it. You have to know the architecture first. You have to know each and every option than work on the product. Then it will be far better and say no to certain features which are not important to use. On the other hand, knowing it is available is fantastic and becomes an option in the right situations.
For those who want to implement the solution, they should make sure they have a very strong networking background. I would rate the solution eight out of ten.
The solution is the on-premises deployment model which we use in our server environment. We are an integration company, and although we deal with other solutions, we mainly focus on Check Point. The solution is a great mix of user experience, flexibility, security features, and cost. After five years, I believe the total cost ownership will be much cheaper than any competitor. The advice I would give to others interested in implementing is that this solution does have security problems. Not Check Point, per se, but in the network environment. The security recommendation from the Check Point and from us is to use the VSX in the internal network. It should not protect your border because there are some issues around bugs, etc. It could cause vulnerabilities if it's used this way. I would rate this solution eight out of ten.
I will recommend this program to others and my rating is seven out of ten. I do recommend that users should always use the checkpoints and backup as often as they can.
The biggest lesson that I have learned from this solution is to never assume that something is simple, because there's always a hidden snag that we run into. I would rate this solution a nine out of ten.
I would rate it a nine out of ten and I would recommend this solution. Their support team should be faster because sometimes when we need support their responses are late.
Ultimately Palo Alto is a very advanced firewall. This firewall can easily identify what application is running behind the network. I would rate this solution an eight out of ten.