Please share with the community what you think needs improvement with Check Point DDoS Protector.
What are its weaknesses? What would you like to see changed in a future version?
It does not provide the capability to upload data for blacklisting/whitelisting in bulk. Rather, in cases where many IP addresses need to be blacklisted or whitelisted, either a single IP address has to be added or it needs to be done using a script. It does not provide default server grouping such as default policy that can be enabled on a Web Server or Application Server IP address. The dashboard is complicated. It does not provide real-time traffic details; instead, it only provides logs for blocked traffic. During troubleshooting, a complete log file is required for forensics. A PCAP file is not provided for individual IP, which is something that should be improved.
For a long time, there was no software version of R80.10 available for the Check Point DDoS Protector software appliances, and we had to stay on the quite outdated R77.30 version. I hope in the future, Check Point would release the relevant software version sooner. In addition, it feels like there is no matching hardware platform in case we will need to switch from the "20" appliance. The next one available is "60", which is too powerful and much more expensive. We would prefer the systems to be modular, so the performance may be upgraded with some relatively cheap modules when there is a need.
Check Point should develop a DDoS solution because they don't have one and we need to use another solution, in our case, Imperva. This is a problem because we need to have two firewalls. We would like to only have one solution because it would improve the management, we would have fewer incidents, and we wouldn't need to talk to more than one person for support.
What do you like most about Check Point DDoS Protector?
Thanks for sharing your thoughts with the community!