Check Point Remote Access VPN Reviews

We use Check Point Remote Access VPN to provide access to our corporate network and resources to remote users in a secure way. Users have access that is limited or defined by the server.

Access is granted for identified devices post-posture validation. 

Access should be provided via VPN using multifactor authentication other than username/credentials. Users are able to connect from anywhere at anytime using both mechanisms (i.e. User VPN client or browser). 

This solution mitigates or minimizes data leakage issues.

It is stable and scalable and requires minimal management and access provisioning.

This solution has improved our organization by providing access to corporate resources in a secure fashion. It uses complete end-to-end encryption from the end-user machine to the VPN device.

Access policies are created on the firewall for restricting access to resources and applications based on the user profile/policy.

Our security gateway is integrated with Active Directory and access to resources/applications is provided based on the security group created in Active directory.

This product has inbuild/native integration with MFA solutions.  

It does not require any additional hardware in cases where the organization already has the Check Point NGFW. The mobile access blade and remote access VPN can be enabled on the same security gateway. Check Point provides a common dashboard and management console used in conjunction with the NGFW.

Multiple access can be provided using multiple realms, based on the user ID or security group, and access can be provided accordingly. Each realm will have a pool of IP addresses for which access will be provisioned on the firewall.

Organizations that already use the Check Point NGFW Solution do not require any additional hardware, which makes the implementation straightforward and reduces the time to go live. The only requirement is to purchase an additional license from Check Point, and then enable the mobile access blade. After this, the solution is ready to roll out and provide access based on the configured policy. 

Access is restricted based on user ID, security group, and device type. 

Access is provisioned post-posture policy validation and it offers protection against users connecting to the corporate network from non-corporate devices, which minimizes data leakage possibilities. 

Access is available from browsers or VPN clients using MFA. This is helpful in cases where the machine does not have the client installed or the client is corrupted.

We are able to restrict access based on geo-location and device type. Devices can be Android, iOS, Windows, or Linux.

It provides threat prevention capabilities while uses connect via VPN for Windows devices.

Access is provisioned based on a single L3 tunnel being established between the endpoint and the VPN device. If an attacker gains access to this session then all of the tunnel traffic is compromised. It needs to move to next-generation style access, provisioning such as per-app VPN.

The GUI interface for configuring the SSL VPN is not user-friendly and requires expertise. 

Devices are exposed over the internet and it can lead to a security threat.

When a critical patch needs to be applied to the VPN, downtime is required for the entire NGFW. This can impact the business when it has a single security gateway.

This product cannot manage sudden user growth, as each security gateway has limitations in terms of performance and throughput.

The fully-featured security module is only supported on Windows and Mac systems, which means that organizations with Linux will face issues providing secure access. Specifically, modules such as Threat prevention, Access control, and Incident analysis are supported only on Windows and Mac.

It's very stable in terms of downtime, although it required updates.

The solution can be easily scaled by adding a security gateway.

The Check Point technical support is excellent.

We used Aventail SonicWALL as a standalone product. We switched because it was expensive in terms of management and maintenance. As we already had Check Point NGFW, it was easy to enable the VPN on the same device.

Enabling the VPN was simple and straightforward with the purchase of an additional license from the OEM. Once we acquired the license, it involved enabling the module on the security gateway. The solution was ready to go live within 10-15 minutes.

The implementation was completed by our in-house team with the assistance of the OEM.

Organizations that already have the Check Point NGFW need to purchase an additional license to have access to the VPN functionality.

We evaluated Pulse and Citrix before choosing this option. 

Traditional VPNs that work on L3 or L4, with a single VPN tunnel, are typically hosted on-premises. As organizations are adopting cloud computing, it makes sense to have a VPN solution hosted on the cloud for better control and security.

This functionality is very practical to be able to connect to the business network from anywhere; the monitoring that can be provided and the granularity in the VPN to provide control to users is really good.

It offers excellent performance to be able to connect our users to business applications outside the company perimeter.           

It is easy to use and has an easy-to-use connectivity agent, and can be integrated with MFA to provide an additional layer.

In these times when the priority is telecommuting or working from home, it is essential to provide accessibility to the company safely. Through Check Point it was possible to provide this essential comfort to users who work in this modern format.

One of the features that draws a lot of attention is the integration of the remote VPN application in our Check Point gateway and management server, where it is easy to use.

The granular control and access under the Check Point policies made applying a zero trust policy much easier, providing greater security.

The integration with MFA through a configuration and integration with Azure is quite good, providing security to the user's identity. It is a very important feature where everything is tried to shield against modern vulnerabilities.

The license is included with gw licensing, however, in terms of the number of users that can be activated for use.                                                                                       

In our case, we quote additional licensing and it is quite expensive for remote VPN, other manufacturers are not so expensive.

The support provided is slow, in addition to the fact that the service hours are contrary to ours, which generates slower problem solving, I think it is important to improve this area.

This is a not-so-new tool that can be used in our gateways and management products. We have used these VPNs since we started using our environments with this manufacturer.

On a personal level, I had previously used Cisco and Azure VPN, among others, however, the control generated with Check Point is not the same. It is much better.

It is essential to validate how many remote VPNs are required, check costs, and see if they are within the scope of the company.

We validated the scope against other manufacturers and were satisfied with the security features provided by Check Point.

On a technical level, the tool is very good, and safe, in addition to providing a lot of control.

We use Check PointVPN to securely connect to our main office systems, which are behind a firewall. This ensures that all incoming and outgoing traffic is encrypted and secure.

The security of the solution is a good feature, the stability is a valuable feature, and the customization is also a nice feature.

The provisioning of VPN users has room for improvement.

The solution can improve by providing an option to centrally manage and upgrade client applications on a PC.

I have been using the solution for five years.

We found the previous checkpoint version to be quite unstable, as it would occasionally cause issues with the VPN caching every two months. However, we have since updated the solution and the stability has improved significantly, with no further occurrences of this issue.

The solution is licensed-based, so to scale up we only need to add more licenses.

The tech support isn't great. They take a long time to get to our ticket. Their initial response was fast, but after we provided the information they asked for, there was a month of silence before we updated the ticket again. Ultimately, the problem was resolved with newer versions without any response from tech support.

Neutral

I previously used Mikro Tik VPN which is cheap and includes enterprise features but is hard to configure.

The initial setup is straightforward if we are knowledgeable about the task at hand. However, it is recommended to consider a few things and to have a reliable technical support team to assist with the initial deployment. For a small company, the first step is relatively straightforward. However, if we are looking to scale up, we may need to enlist the help of a consultant to properly configure the necessary parameters, as there are many of them to consider.

Once we have configured users, access lists, written firewall rules, and deployed clients to endpoints, the next step is to educate employees on how to use the solution.

On average the deployment took around two weeks to configure all the certificates. This included preparing laptops and PCs. For just the VPN with central management deployment, it would take one week.

Our deployment was completed by two people.

I give the price of the solution a five out of ten. 

We have a subscription-based license.

I give the solution a seven out of ten.

We have 250 people using the solution in our organization.

Managing updates to endpoints can be a bit of a hassle, but there isn't much maintenance required.

We came to need a solution that would allow us to connect quickly and easily from our homes or from anywhere, and it was at this point that we integrated and enabled the Check Point Remote Access VPN. With it, our employees could log in from anywhere at any time. 

This solution allowed them to have the same experience that they had in the office, and they could access all the resources that were necessary for their work. 

This solution helped us mainly with the shift to remote work. Before the pandemic, everyone worked from the office. Today, more employees have become digital nomads. 

In terms of infrastructure, we can say that we have benefited since employees are happier being able to work from home. They make better use of their time and have become more productive. 

In the case of the organization, the impact is in being able to have to rent fewer square meters. This helps with annual returns since those operating costs have been reduced.

Everyone has told me that it is simple and easy to use. 

One of the most outstanding features is the ability to deliver third-party services and achieve double authenticity with integrated identities. We have SSO (Single Sign-On). It is a 'unified' or 'single authentication' which can be integrated to improve security in startup services. This is an advantage due to the fact that you can use the integrated services or the third-party services that you already have, and you will not incur more costs. 

I would like this service to be easier to manage when you integrate it with third parties. 

Although it is complex to configure, I cannot complain that it is complete and it is worth being able to use and integrate it. However, any administrator would welcome any changes that made configuration simpler. 

We would like the ability to perform remote access with the VPN in the future with any type of device. Lately, Android applications tend to have more errors. I hope that this will be solved in the future. 

I've used the solution for one year.

Check Point Remote Access VPN allows organization users to work remotely. Especially in the pandemic period, work-from-home demand has been higher than ever. 

I have a remarkable case about the solution. That is for a bank. They want to have remote access VPNs that can provide connections for internal users who work remotely, partners who have restricted connections to the bank environment and ATM machines that connect to core banking applications. All VPNs acted in the same internet connections but still ensure these three VPNs were separated from each other. For the requirements, deploying the VPN in VSX appliances helped to solve issues. I created three virtual instances: one for corporate users, one for partners and one for ATM machines. 

Applying security policies for three instances is different. Corporate users must pass two-factor authentication layers and then have access to common corporate services (like email, and chat) and the right business applications depending on their working role, and their department. Partners after authenticating successfully only have limited access to the right place that they are allowed while being unable to connect to other places. 

ATM machines that act 24/7 need to have continuous connections, thus, they must authenticate using a certificate and their VPN clients must be configured to re-authenticate automatically after a timeout.

Check Point Remote Access VPN supports almost all common devices, from Windows to macOS, and from Android to iOS. Connection methods are flexible, including browsers and VPN clients. 

With such an approach, the solution can solve every remote working problem from anywhere, on any device while maintaining security features. The solution allows us to integrate with external systems like directory servers, email servers, and RADIUS servers for using directory users (a unified user instead must remember many usernames and passwords), adding multi-factor authentication via an OTP certificate. VPN users will have controlled access based on who they are and where they are by security policies. 

The solution offers flexible authentication methods to control access by policies and compliance. 

Check Point can integrate with external systems and third-party solutions to provide multi-layer authentications. This helps secure the user accounts from leakage of passwords and also protects corporate from unauthorized access damage risks. 

Security policies help to convert access regulations to policy rule configurations after authenticating. Setting policies allow, block, and limit users' access. 

With the compliance feature, Check Point can define what conditions user machines should have to authenticate the VPN. This feature helps to add more security to the network.

Endpoint Security on Demand, or Compliance Check is a good feature. It allows the creation of compliance policies and adds more security to the network. Machines will be scanned once they connect to VPN to make sure all of them are compliant. Conditions to configure compliance checks are Windows security (hotfixes, patches), Anti-Spyware, Anti-Virus software, personal firewall, or Custom (application, files, registry). These are not enough in a complicated environment. Almost of them are supported for Windows machines, however, are just limited conditions for non-Windows. In fact, using mobile devices on Android, iOS, macOS, and Linux is very popular. Compliance Check on Check Point should be improved by having more configurable conditions to support multi-platforms and adding more granularity. 

Besides compliance scanning sometimes causes consumes machine resources. 

I also suggest scanning operations will consume fewer resources and increase speed time.

I've been using the solution for more than five years.

As mentioned in my use case, the solution is running for thousands of corporate users, partner users, and ATM machines. The performance is very impressive. 

With Check Point VSX, the virtual instance extension is just an additional license, thus, it's very easy to add VS for other purposes. Besides Check Point also developed Maestro technology to allow hyperscale, increase throughput, and maximize capacity.

The Check Point Support Team is very professional and has technical expertise. The team is online 24/7 to make sure their customers always be supported. Response time to the customer is quick enough when they provide a solution to fix the issues or when they need some time to investigate or when they need some time to investigate they stay up to date.

Positive

I had used Fortinet Remote Access VPN before. At that time, other security features like Firewall, IPS, Application Control, and URL Filtering had been added to the same box running Remote Access VPN. The Fortinet appliance was overloaded all the time - although specifications in the datasheet could be OK. After changing to Check Point (using Remote Access VPN with other security features), the performance was amazing. CPU and memory usages were always at an average level.

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment, located in Asia (Taiwan).

In addition, there are about 30 Google Cloud projects of different sizes ranging from 10 to 250 virtual machines, and they are used for development, staging, production, etc. For every project, there is one dedicated scalable instance group of the Check Point CloudGuard IaaS gateways.

We user the Check Point Remote Access VPN to provide access for our employees to connect to the specified environments.

We use the Check Point Endpoint Remote Access VPN client to allow our remote employees to connect to our company's offices in a secure and reliable way.

We use the clients for Windows and macOS, with the current software version E82.30. The Endpoint Remote Access VPN clients are fully compatible with the Check Point NGFWs Mobile Access VPN blade, and there are no problems connecting to it.

The clients have additional functions, like Firewall and Compliance blades, which we consider as a strong benefit for using the pure clients.

Several remote sites are supported in the client configuration, which allows us to have the redundancy for the case when one of the Offices becomes unavailable due to ISP problems.

1. It is easy to install the Endpoint Remote Access VPN client to different platforms. Within the company, we use it for Windows and macOS.
   
2. Built-in, centrally-managed Firewall blade, which allows filtering traffic on the client-side.
3. Built-in, centrally-managed Compliance blade. We check the client OS on the presence of the latest security updates and that the corporate antivirus software is up and running, and do not allow the client to connect to the office site in the case where these rules are not satisfied. That prevents the infected computers from connecting to the company's location and spreading the threats.
4. Stable VPN connection.

1. The Compliance software blade is available only for the Windows operating systems family, so no macOS security checks are implemented and performed. This is valid for at least software version E82.30, which we currently use.
2. In addition, there is no full client of the Check Point Remote Access VPN available for the Linux operating systems families. That is important since some of our administrators prefer to use this OS even on their home PCs. We hope that Check Point would develop a client for Linux in the future.

I have been using the Check Point Remote Access VPN for about two years.

The Check Point Remote Access VPN clients are stable on both Windows and macOS.

The Gateway side part of the software scales well.

We have had several support cases opened, but none of them were connected with the Check Point Remote Access VPN. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration at the OS kernel level.

Prior to this product, we didn't use any centralized VPN software before.

The setup was straightforward and simple.

Our deployment was completed by our in-house team. We have a Check Point Certified engineer working in the engineering team.

We did not evaluate other options because we already use the products from the CheckPoint ecosystem.

The Check Point Endpoint Remote Access VPN for MacOs and Windows are reliable solutions for remote access VPN, and fully compatible with the Check Point security ecosystem.

The primary use case of this solution is to connect to our internal network for accessing servers and clusters using Check Point VPN. End-users are, for example, students accessing computer labs and licensed software that can check academic licenses only within the campus network; further, our ERP folks could make good use of the VPN solution by remotely working on the Institute Management System infrastructure and can work efficiently without any hindrance. We also use its capsule app on smartphones to connect further.

Using Check Point Remote Access VPN has increased the overall productivity for users staying outside the campus and working remotely during this Covid-19 period. Faculty, students, staff, and research fellows as well as a lot of other eligible users have been benefited by securing the VPN license in order to run login remotely and access the project workstations, clusters, run simulations and submit their research work for the final thesis defense. It also allows for publishing in high-impact factor journals.

Once we install and connect the VPN service, it keeps on running until we disconnect. Moreover, the best outcome is when the end-users are able to check out software licenses through the tunnel and keep on working remotely from their home without any interruption. 

The VPN service works seamlessly in Windows and Mac. Only in the case of Linux or Ubuntu have we had to struggle a bit by understanding the SNX Batch file to get installed and run it. Moreover, in Windows and Apple systems the app is running on the system tray whereas in Linux we have to keep the Terminal Window Open.

The Linux version may have an app (similar to Windows) instead of a shell script. We have seen that in Windows and Apple systems the app is running on the system tray whereas in Linux we have to keep the Linux Terminal Window open otherwise the connection drops. Sometimes, we have noticed that the owing to installation of various antivirus and running of inbuilt firewalls (applicable to all operating systems); the connection for VPN sporadically drops and tries to reconnect. When this happens, we have to manually either disable the firewall/antivirus or reconnect the VPN again.

We've used the solution since 2015 or 2016.

We were using Cyberoam.

Users must pursue Proof of Concept as the functional requirements can vary.

We also looked into Palo Alto and Fortinet.

The Mobile Access VPN is used to provide users with remote access to company resources.

Users can access the system at any time from corporate laptops as well as home PCs.

It is also possible to connect from Android and IOS mobile devices.

We also use the functionality of the secure Capsule Workspace container to securely provide access to corporate Web resources and mailing services from mobile devices.

It is also possible to provide restricted access to partners via SSL VPN using the Check Point Mobile Web Portal fine-tuning.

This solution allows users to connect from any location. The system is very flexible. We can easily control access and view statistics on the usage of this functionality.

We are also happy with the overall stability of the operation, the easy configuration on the gateway side, and the ease of deploying clients to endstations.

The user device verification functionality allows us to prevent connections if a device does not comply with corporate security policies until the device has met all requirements.

When working with different groups of users, we can easily set up both standard authentication by username and password and use two-factor authentication such as SMS + username and password or certificate + username and password. This definitely increases security and allows you to control access.

It is also possible to use third-party tools to customize HTML5 access. For example, the connection is made without the need to install any client on the user side.

Access is browser-based only and requires no additional client installation.

We would like to implement HTML5 (clientless access) in the product without installing any additional software.

It would also be desirable to be able to segregate the different authentication methods by domain user group.

Unfortunately at the moment, the division is only between domain and non-domain users.

What we also miss is control over the workstations for non-domain PCs that the client is installed on.

It would be nice if we could block such connections based on, for example, the machine name or connection ID.

We have been using this solution since 2007 and started with the R65 version.