Check Point Remote Access VPN Reviews

Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution we use for the protection of our DataCenter environment, located in Asia (Taiwan).

In addition, there are about 30 Google Cloud projects of different sizes ranging from 10 to 250 virtual machines, and they are used for development, staging, production, etc. For every project, there is one dedicated scalable instance group of the Check Point CloudGuard IaaS gateways.

We user the Check Point Remote Access VPN to provide access for our employees to connect to the specified environments.

We use the Check Point Endpoint Remote Access VPN client to allow our remote employees to connect to our company's offices in a secure and reliable way.

We use the clients for Windows and macOS, with the current software version E82.30. The Endpoint Remote Access VPN clients are fully compatible with the Check Point NGFWs Mobile Access VPN blade, and there are no problems connecting to it.

The clients have additional functions, like Firewall and Compliance blades, which we consider as a strong benefit for using the pure clients.

Several remote sites are supported in the client configuration, which allows us to have the redundancy for the case when one of the Offices becomes unavailable due to ISP problems.

1. It is easy to install the Endpoint Remote Access VPN client to different platforms. Within the company, we use it for Windows and macOS.
   
2. Built-in, centrally-managed Firewall blade, which allows filtering traffic on the client-side.
3. Built-in, centrally-managed Compliance blade. We check the client OS on the presence of the latest security updates and that the corporate antivirus software is up and running, and do not allow the client to connect to the office site in the case where these rules are not satisfied. That prevents the infected computers from connecting to the company's location and spreading the threats.
4. Stable VPN connection.

1. The Compliance software blade is available only for the Windows operating systems family, so no macOS security checks are implemented and performed. This is valid for at least software version E82.30, which we currently use.
2. In addition, there is no full client of the Check Point Remote Access VPN available for the Linux operating systems families. That is important since some of our administrators prefer to use this OS even on their home PCs. We hope that Check Point would develop a client for Linux in the future.

I have been using the Check Point Remote Access VPN for about two years.

The Check Point Remote Access VPN clients are stable on both Windows and macOS.

The Gateway side part of the software scales well.

We have had several support cases opened, but none of them were connected with the Check Point Remote Access VPN. Some of the issues were resolved by installing the latest recommended JumoHotfix, whereas some required additional configuration at the OS kernel level.

Prior to this product, we didn't use any centralized VPN software before.

The setup was straightforward and simple.

Our deployment was completed by our in-house team. We have a Check Point Certified engineer working in the engineering team.

We did not evaluate other options because we already use the products from the CheckPoint ecosystem.

The Check Point Endpoint Remote Access VPN for MacOs and Windows are reliable solutions for remote access VPN, and fully compatible with the Check Point security ecosystem.

The primary use case of this solution is to connect to our internal network for accessing servers and clusters using Check Point VPN. End-users are, for example, students accessing computer labs and licensed software that can check academic licenses only within the campus network; further, our ERP folks could make good use of the VPN solution by remotely working on the Institute Management System infrastructure and can work efficiently without any hindrance. We also use its capsule app on smartphones to connect further.

Using Check Point Remote Access VPN has increased the overall productivity for users staying outside the campus and working remotely during this Covid-19 period. Faculty, students, staff, and research fellows as well as a lot of other eligible users have been benefited by securing the VPN license in order to run login remotely and access the project workstations, clusters, run simulations and submit their research work for the final thesis defense. It also allows for publishing in high-impact factor journals.

Once we install and connect the VPN service, it keeps on running until we disconnect. Moreover, the best outcome is when the end-users are able to check out software licenses through the tunnel and keep on working remotely from their home without any interruption. 

The VPN service works seamlessly in Windows and Mac. Only in the case of Linux or Ubuntu have we had to struggle a bit by understanding the SNX Batch file to get installed and run it. Moreover, in Windows and Apple systems the app is running on the system tray whereas in Linux we have to keep the Terminal Window Open.

The Linux version may have an app (similar to Windows) instead of a shell script. We have seen that in Windows and Apple systems the app is running on the system tray whereas in Linux we have to keep the Linux Terminal Window open otherwise the connection drops. Sometimes, we have noticed that the owing to installation of various antivirus and running of inbuilt firewalls (applicable to all operating systems); the connection for VPN sporadically drops and tries to reconnect. When this happens, we have to manually either disable the firewall/antivirus or reconnect the VPN again.

We've used the solution since 2015 or 2016.

We were using Cyberoam.

Users must pursue Proof of Concept as the functional requirements can vary.

We also looked into Palo Alto and Fortinet.

The Mobile Access VPN is used to provide users with remote access to company resources.

Users can access the system at any time from corporate laptops as well as home PCs.

It is also possible to connect from Android and IOS mobile devices.

We also use the functionality of the secure Capsule Workspace container to securely provide access to corporate Web resources and mailing services from mobile devices.

It is also possible to provide restricted access to partners via SSL VPN using the Check Point Mobile Web Portal fine-tuning.

This solution allows users to connect from any location. The system is very flexible. We can easily control access and view statistics on the usage of this functionality.

We are also happy with the overall stability of the operation, the easy configuration on the gateway side, and the ease of deploying clients to endstations.

The user device verification functionality allows us to prevent connections if a device does not comply with corporate security policies until the device has met all requirements.

When working with different groups of users, we can easily set up both standard authentication by username and password and use two-factor authentication such as SMS + username and password or certificate + username and password. This definitely increases security and allows you to control access.

It is also possible to use third-party tools to customize HTML5 access. For example, the connection is made without the need to install any client on the user side.

Access is browser-based only and requires no additional client installation.

We would like to implement HTML5 (clientless access) in the product without installing any additional software.

It would also be desirable to be able to segregate the different authentication methods by domain user group.

Unfortunately at the moment, the division is only between domain and non-domain users.

What we also miss is control over the workstations for non-domain PCs that the client is installed on.

It would be nice if we could block such connections based on, for example, the machine name or connection ID.

We have been using this solution since 2007 and started with the R65 version.

We are hosting environments for our customers and ourselves. With Check Point Client, VPN users that aren't in their internal networks can connect via a secure connection into the internal network.

Remote users use different clients (Windows, Linux, and Mac OS) so depending on the customer, there is either a client connection or a clientless approach (using a web portal).

Users can also be identified if they use the Client VPN solution. If you want to identify them inside the network you have to use an IA agent.

Once set up, it simply works without issues.

The main advantage is that if you already have a Check Point Gateway in place you don't have to buy additional hardware. You only need to check if there are enough resources on the gateway for the additional load and decide how many concurrent users you need.

The installation was fairly straightforward thanks to the Admin Guide and the User Center.

Adding a Radius or similar to use for the user authentication can also easily be done so you don't have to create local users. Depending on the size of the user base I would also recommend MFA.

A normal Check Point Gateway has, with the base license, 5 concurrent users included. This means that in emergency situations you don't have to buy additional licenses.

During Covid, the license was increased and therefore it was easily possible to have several users working from home.

It's possible to either have a client installed on the user's machine, or have a clientless approach using the web portal. 

There is MEP functionality, so, based on the user's location, it minimizes the latency by connecting to the nearest entry point. 

The non-standard setup is quite complex as you have to do changes via GUI and CLI. Luckily, Check Point knowledgebase articles help you, however, there are so many resources you have to go through.

The Client VPN licenses are for concurrent users and there is currently no way to prioritize certain users over others.

There is no possibility to increase the number of concurrent users for a short time (except if you have unlimited concurrent users licensed). This could help during emergency situations where there are more client VPN users than anticipated.

I've used the product for over 7 years.

For a basic setup, implementation is quite easy.

It allows staff to work from home, especially now during COVID-19. You can access it from any location, and it does not require technical knowledge. 

If any problem occurs, we are unable to work. An access to VPN enabled organization needs to improve by way of getting work done from any location in order to improve submission of work on time.

The solution is easy to install, centrally managed, and stable, with good technical support and a straightforward setup. It integrates extremely well with the Check Point Firewall.

A saving password option might save time for continuous disconnection to the server due to internet fluctuation problems. 

They need to increase their timeout. Right now, it will fail after ten seconds, however, it shouldn't fail until after 20 seconds. 

If you don't get on your phone right away and check on your authentications, it will kick you out. 

In an environment with multiple cluster checkpoints, the global properties common to all clusters in some cases give problems. 

The interface needs improvement. When you need to create something, you have to go through a lot of steps. It needs to be simplified.

I've used the solution for more than three years.

The solution's stability is reasonable.

The scalability of the product is reasonable.

We've had a satisfactory experience with technical support.

We did not previously use a different solution.

The initial setup is straightforward.

We used a vendor to set up the solution. 

We've seen a 100% ROI.

The product is offered at a reasonable cost.

We did look at other solutions before choosing this product. 

We've used Check Point VPN to move from an on-premise VPN Cisco product to a VPN built on the cloud. We decided to use Check Point as it was fully integrated with Microsoft Azure and present on the Azure marketplace. We deployed this solution on different subscriptions and used the MEP function to reduce users' latency on the VPN. The implementation has not been very easy, and the implementation of MEP has taken months. There were a lot of hotfixes to install, and the CLI configuration on the files had to be done. The configuration, in fact, can't be implemented using a GUI.

The solution has allowed us to remove the on-premise VPN solution and to remove firewalls from the data center. The solution implemented on the cloud allows us to easily scale in cases of increased users - such as during the pandemic, where all users had been moved to Smart working and to a VPN. In fact, in February of 2020, when we closed all of our offices and gave all users the possibility to work from home, we had licenses and CPU problems on-prem. The Check Point solution offered us an unlimited number of users and that made the solution very scalable.

I found the MEP feature the most valuable. This has improved users' latency allowing the users to connect to the nearest Azure Check Point VM. 

The Multiple Entry Point (MEP) is a feature that provides high availability and load sharing solution for VPN connections. A security gateway on which the VPN module is installed provides a single point of entry to the internal network. It is the security gateway that makes the internal network "available" to remote machines. If a security gateway should become unavailable, the internal network is no longer available as well. An MEP environment has two or more security gateways to both protect and enable access to the same VPN domain, providing peer security gateways with uninterrupted access.

The main problem with Check Point is that some configuration can be done with the smart console in GUI, however, some others need to connect to the firewall via the CLI on SSH and therefore you will need to modify the local file on the firewall with VI. 

ASA is so easy to reserve some static IPs based on users, however, in Check Point, it is really difficult to do so. In addition, you can't reserve as static some IP that you are assigned dynamically to a local pool. 

You have no ability to reserve a total number of licenses. The VPN user licenses are assigned per gateway, and if you enable the MEP function is not so easy to size the gateway licenses. 

The configurations that you do to modify local files are not reflected in the GUI via the smart console. 

We have been using this solution since 2020.

The solution isn't really stable. Maybe the last versions of R80.40 and R81 were more stable, however, the upgrade (if you have another old version) is really difficult and you have to rebuild the solution (if you are on Azure cloud).

The solution is really scalable. You have to know that if you want to scale the solution you will have to configure and rebuild an SMS server with high CPU/memory resources, however.

Unluckily the experience with support, especially in India, is really poor. It's best if you open a case using the Israeli team as that one is better.

Yes, we were using CIsco ASA on-premises. We switched because we were moving our data center infrastructure onto the cloud.

At first, the implementation was not easy to set up. We found many bugs and we had to install different hotfixes and upgrade the version more than one time.

We implemented the solution via a hybrid approach. Check Point professional service is really good, however, our third-party implementation team was not very good.

At the moment, we have not reached the ROI point.

I'd advise users to pay attention to the sizing of the solution. There is not an intermediate number of licenses. It's very easy to go to unlimited users licenses.

We have gone with the Check Point solution due to its cheap price. Other options we considered were Palo Alto with Global Protect, Zscaler with ZPA, and Cisco Firepower implemented on Cloud.

I suggest that if you want to implement this Check Point solution you should have good knowledge of the system as well as a system integrator or direct contacts in Check Point. In case of any issue, the support is poor and it's not easy to solve issues using technical support. 

We use Check Point Remote Access VPN to provide access to employees, vendors, and advisors. They access the company resources - especially now that most people are working from home over the course of the last year. We also use it for specific companies that give us remote support to some applications, such as our parent company. Our admins access our company servers and resources. We're using Remote Access VPN with specific profiles for them that only give access to some resources.

We have three distinct environments. Server, DMZ, and User/SHOP. The firewall connects to the internet and those firewalls are the ones that the people connect to for the Remote VPN. We have the Blade enabled and they access the company resources as if they were working at the office.

The headache of connecting has been removed. It's very stable and we don't have any issues with it connecting. We have a large majority of people that were using nothing and always coming to the office. However, since the last year, we have a whopping 75% of users that have switched to using Check Point Remote Access VPN. The biggest advantage of Check Point Remote Access VPN is that we already use the Check Point firewall. We only needed to enable the feature and do the configuration in order to enable the VPN feature. We didn't need to buy or manage new hardware. This was a big advantage.

The biggest advantage of Check Point Remote Access VPN is that we already use the Check Point firewall. We only needed to enable the feature and do the configuration in order to enable the VPN feature. We didn't need to buy or manage new hardware. This was a big advantage. 

The integration with two-factor authentication for remote access users is another valuable feature. In our case we use RSA.

Those two are the most valuable aspects that we have on the solution. It also gives us the possibility to securely connect to the company resources, without Check Point security measures.

Another great thing is that we already have all the logs from the firewall on the SmartPortal as the remote VPN also integrates into the firewall. We can see all the logs on the same tool because we also have a fully secure solution for Remote Access VPN. For full operational security, we need to manage the different hardware from the firewalls and the logs that are not in the same place. This is another valuable aspect of this solution.

Having access to those logs affects our security operations because if a user calls the support but does not have access to the VPN, we can see on the same tool on the SmartPortal and troublshoot. 

We don't have any specific complaints. We are very happy with the Windows client. You log in with the VPN for the full client, you do the log in right from the software itself. For Linux machines, they don't have a full client to install. For the users that utilize Linux, there needs to be an equivalent. The documentation of the software needs to be more accessible. If an end-user wants to have access to customized training from the company, that should be able to be built-in. I would add that feature. 

I've been using the solution for around 1.5 years.

The stability is good. It's a never-fail.

The scalability is great. We deploy to 5000+ users.

It's second to none but we haven't needed it a lot. 

We used to use Fortinet. We switched because it was hard to deploy. 

Just pull the trigger on a 3rd party. Not complex at all. 

We used both a vendor and in-house talent. 

The ROI was instant and around 54%.

Go with a third party and get it set up correctly. It may be costly but it's worth it. 

We didn't evaluate anything else. I knew a vendor and had used the software before. 

Get this software installed as soon as possible. It's a smart move. 

We are able to allow users to easily gain access to internal systems from outside the organization. No longer is coming into the office a necessary requirement for our users. They can seamlessly transition from home/remote work to going into the office while still having the same level of access. We also have many users that need to manage servers who are able to connect to the internal servers from anywhere - allowing them to still do their jobs from anywhere. Connecting to VPN doesn't require a ton of technical skill for those not in the technical field.

Users who need to work remotely for any reason can still do their jobs despite their location. The solution is also incredibly easy to manage. It's pretty much set and forget once the blade is turned out and configured. No day-to-day maintenance or configuration is required from the security operations team to keep it running which is welcome considering actual user help tickets are abundant throughout most organizations. Many times our service desk needs to enter the connection settings for our end-users, but that's about it.

Our number of users working remotely vastly increased during the COVID 19 pandemic. Check Point Remote Access VPN allowed us to quickly make the transition from in-office to remote work. There was no need to make any changes at the firewall level once we saw a large number of users go to work from home for safety reasons. If the VPN client was installed on their laptop they were good to go. The client also supports MFA, which is important, especially considering all of the remote work happening these days. 

There needs to be a way to create a VPN client specific to our environment so that we can easily lock down who can connect. The VPN client install should be specific to our environment. Our service desk does get some complaints about users not being able to connect. Sometimes it's because the VPN client has updated and they've lost their connection settings and don't have a record of the connection settings themselves. Other times, the VPN client needs to be reinstalled or upgraded to allow them to connect.

I've worked with the solution for more than 5 years.

The solution is very stable and requires virtually no maintenance.

The solution is easily scalable.

Diamond support is typically fantastic. However, lately, they make us wait for our diamond support person instead of giving us a different tech to work with.

There was no previous solution that was used prior to this product.

The initial setup was straightforward.

We handled the entire process in-house.