2019-10-06T16:38:00Z

What needs improvement with Check Point Security Management?

0

Please share with the community what you think needs improvement with Check Point Security Management.

What are its weaknesses? What would you like to see changed in a future version?

ITCS user
Guest
1313 Answers

author avatar
Top 5LeaderboardReal User

The solution could be improved in these ways: 1. In order to work the management console properly we're required to have more memory and CPU on the system where we need to install a setup. 2. Due to the large size of logs generated for daily traffic, even when old logs purging is enabled, we need to delete old logs manually or else it causes errors while publishing policies which slow down the process. 3. SD-WAN functionality could be added. 4. The required license addition for every blade is a bit of a complicated task for normal IT admins to understand.

2021-08-25T06:35:00Z
author avatar
Top 20Real User

The Security Management server could be improved. If it provided an inbuilt authenticator for multifactor authentication, that would be ideal. Currently, we have to depend on a third party for multifactor authentication. It would help us greatly in securing the remote access users if Mac binding can be done for remote access VPN users in mobile. It would be helpful if we could enable URL and application traffic control remote access. The logging and reporting are good, but it would be helpful if more report templates were available.

2021-08-25T04:48:00Z
author avatar
Top 20User

One possible improvement for the platform would be the import of security policies via CSV or CLI. Even though the platform is simple, and creating security policies is a fairly quick task, creating a bulk of policies at once (ie. for a migration) could be a useful tool. This is probably possible through scripting, however, having an easy-to-use "import CSV" button would be beneficial. Another feature that could be improved is the export of configurations to CSV. This is often useful to map current firewall policies or NATs. I understand that this feature is available currently, but would CSV bring objects with names (but not IPs) and groups (but not the members). The improvement of this feature would surely be welcomed.

2021-07-16T04:05:00Z
author avatar
Top 5Real User

The graphical interface is nice but it is a bit heavy. Even installing the policies is often a very slow activity. Sometimes it happens that the rules are scattered in several points such as global properties, security policy, and/or application policy and it is difficult to find the point where to intervene

2021-06-16T13:31:00Z
author avatar
Top 10Real User

Support is the main area that they need to improve. Our support experience is not very smooth. We are based in Africa, and we don't know whether it is because of our region. I would like a feature where there is a workflow to provide authorization to some users before they're able to create and apply rules. Such a feature should be integrated with the management. It should not be in the box that comes with it.

2021-05-18T15:54:00Z
author avatar
Top 5LeaderboardReal User

It is very difficult to recover policies from the gateway in case if you lose your security management server, and don't have a backup. The backup functionality (Migrate export command), which covers policies, can not be operated from the GUI. Instead, we have to log into the CLI and generate a file then take it out. For those not familiar with the Command Line interface, there should be an option in the GUI for operating backups. There should also be an option to automatically schedule the backup. The smart dashboard is a very heavy application. If we could directly connect & manage firewalls from the Management server itself then it would make it very easy.

2021-03-23T07:32:00Z
author avatar
Top 5LeaderboardReal User

I would like for Check Point to add some features like the Smart Monitor on the R77 that are available on the SmartConsole of the R80. Now, we need to open a different application to have access to it. There are some applications that worked in the past but were not too integrated with a new application that communicates with the manager. There are some applications that should be integrated into the SmartConsole. I don't know if they will be, but everything should be on the SmartConsole and we shouldn't need to open another application. The migration from R77 Manager to R80 is a major upgrade. It's not very easy to do. There should be some kind of Wizard for a direct upgrade from the R77 to the R80. There should be an easy way for the customers to do the upgrade.

2020-09-27T04:10:00Z
author avatar
Top 5LeaderboardReal User

Currently we have option to create rule with Access Role, but it is also asking network as well, so my suggestion if we mapped user and machine both then the network should be not compulsory. This will reduce our effort to creating rules. Above is only my suggestion for access role rule type

2020-09-01T08:46:00Z
author avatar
Top 5Real User

I like that the Compliance software blade is available for free with the Security Management server purchase, but it is free for only one year - after that, you have to buy an additional license to continue using it. I think such an important feature is vital for the management server, and should not be licensed separately. Also, the SmartConsole application used for management is currently available only for Microsoft Windows OSes. I think many administrators use macOS and Linux, so it would be nice to have native apps for these platforms as well.

2020-07-23T17:00:00Z
author avatar
Top 20Real User

It depends on the user, but all of the checkpoints need improvement. The only place I need a bit of an update, for example, is in the endpoint management. There are some policies that are embedded that you have to examine if you have sensitive users. For some applications, the default acts as a manager. However, in a system with a history of being breached or where users are given access based on their job function, we seem to have issues particularly there. The reporting should be improved in future releases. It needs to be very explicit. This is very important.

2020-01-26T09:27:00Z
author avatar
Top 20Real User

As for improvement, again, the bandwidth regulation is an issue - it is not up to my expectations. If they could improve that it would be good. In future releases I'd like to see better integration with other applications and solutions. Also, the cost of the license is too high, it's too expensive.

2020-01-26T09:26:00Z
author avatar
Real User

The client of the management needs to be improved. The solution is a bit slow. The speed should be improved. If there is a possibility to use the URL instead of client management in a future release, that would be ideal. In the last version from 80.20, there are some issues around SSNA Diction. I would like this to be improved.

2019-10-06T16:38:00Z
author avatar
Top 20Real User

We had a lot of problems with the VPN blade on the solution. We sometimes have trouble with the performance of the solution. Maybe some performance tuning options could be added in a future release. There should be more visibility about which blade in your firewall is causing the latency. That would be nice as well.

2019-10-06T16:38:00Z
Learn what your peers think about Check Point Security Management. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
535,919 professionals have used our research since 2012.