Please share with the community what you think needs improvement with Check Point DDoS Protector.
What are its weaknesses? What would you like to see changed in a future version?
It does not provide the capability to upload data for blacklisting/whitelisting in bulk. Rather, in cases where many IP addresses need to be blacklisted or whitelisted, either a single IP address has to be added or it needs to be done using a script. It does not provide default server grouping such as default policy that can be enabled on a Web Server or Application Server IP address. The dashboard is complicated. It does not provide real-time traffic details; instead, it only provides logs for blocked traffic. During troubleshooting, a complete log file is required for forensics. A PCAP file is not provided for individual IP, which is something that should be improved.
For a long time, there was no software version of R80.10 available for the Check Point DDoS Protector software appliances, and we had to stay on the quite outdated R77.30 version. I hope in the future, Check Point would release the relevant software version sooner. In addition, it feels like there is no matching hardware platform in case we will need to switch from the "20" appliance. The next one available is "60", which is too powerful and much more expensive. We would prefer the systems to be modular, so the performance may be upgraded with some relatively cheap modules when there is a need.
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.
If you have a CDN, does it mean you don't have to worry about DDoS attacks or will hackers still succeed in carrying out DDoS attacks?
I'm a VAR/System Integrator and I don't see any problem once you have Cloudflare.