Check Point Remote Access VPN Reviews

We use a Check Point Endpoint Remote Access VPN client along with Check Point SSL VPN, which allows users to connect to our firewall who don't have the client, e.g., if they have a MacBook, then we don't have a client for them. We allow them to connect to the firewall over the browser. That had a bunch of problems, but they have resolved those this year. 

The use case is to allow people to connect to our firewall on-premise. We also have Check Point firewalls in the cloud, which people can connect to as well. Then they can access resources either in our on-premise environment that they need to access, such as, their computers, the Intranet, Salesforce, or our production applications. Also, in AWS, they can access other types of applications, like WorkSpaces, or our production applications there, which allows them to work. It lets them have access to their email, because they're not able to access their email unless they are VPN'd in, etc. 

We keep everything locked down to the VPN. If that's not working, then our company will not be able to work. It was very finicky last year, and it's working now. It has been perfect this year.

We don't use the Endpoint Remote Access VPN client for too much. We use its local firewall, which is valuable, but we don't really use SandBlast. I know you can add the SandBlast module along with all these other modules. We literally just use it so our users can connect on-prem.

Before we used the Check Point Endpoint Remote Access VPN solution, we were using a difficult VPN solution. It made us install a certificate on the user's laptop. That was very difficult to maintain for the IT department. When we gave out a new laptop, we would have to go and manually put the certificate on a laptop so they could then connect back to the on-prem. Where now, Check Point allows us to use an RSA token and PIN. It integrates with RSA, which is another solution that we use. RSA is a random generated key done every minute and another factor of authentication. With Check Point having that feature, it helped us a lot when we initially set it up.

The most valuable part would be allowing users to have a seamless connection to the Check Point firewall, which is what we use for controlling access to our on-premise area. Otherwise, we would have to get some other type of VPN solution that I don't know how well would work with the Check Point firewalls. Keeping it in the same ecosystem is good.

Currently, we're using Check Point Endpoint Remote Access VPN R70.30.03. That's the latest version of R70.30. We haven't upgraded to R80 yet, but all of our firewalls are R80. We've been through many iterations of the Endpoint VPN client. I remember awhile ago, it was very difficult to deploy and not have problems, but they've come a long way. Now, it's a lot better. 

I have worked so much on this in the past with Check Point that they actually had their vice president of product development call me. I remember one of the things that I told him need room for improvement, which I still haven't seen: When you want to deploy a new Check Point agent, it is really a pain in the butt. For example, Windows 10 now has updates almost every couple of months. It changes the versioning and things under the hood. These are things that I don't understand, because I'm not a Windows person. However, I know that the Check Point client is installed on the Windows machine, and if the Check Point client's not kept up-to-date, then it's functionality breaks. It has to be up-to-date with the Windows versions. Check Point has to update the client more often. Now, the problem is that the Check Point client is not easy to update on remote computers and it's not easy to deploy a new client. 

They need to improve deploying a new Endpoint Remote Access VPN client and updating existing Endpoint Remote Access VPN clients. Especially if you want to deploy a new one, it's not an easy process. Their software doesn't really support creating a new Endpoint Remote Access VPN client. There is a lot of manual activity. They need to automate it better. You have to create a generic client, download it to a computer, and install it to the computer. Then, you have to find a file deep inside the directory that it creates. It's like a text file, then you take that text file out and edit the settings in it. For example, I have to tell it to connect to a site which contains our firewalls or else it's like a phone with no phone numbers and I have to put in the phone numbers. This should be done when I download the client the first time from their GUI, but it is not. Instead, I have to install a generic blank version on a computer, find a text file, and edit the text file with the sites of firewalls that the users have to connect to specific to my company. I have to make other setting changes in that version, save it, reboot the computer, find the file again, take that file out of the computer, upload it to GUI, and deploy a new version. Then, I install it after I uninstalled the old one. Of course, all the uninstalls require reboots. So, I am rebooting it like five times now. After that, I have to install it and check the settings. Half the time they don't save the way you want them to save. It is very tedious and terrible. 

Even learning that process was a nightmare, because it's not like they have a nice article that explains it to you. They don't. I was bumping my head up against the wall with support for almost six or seven months trying to figure that out. Half of them didn't even know how to do it. That was miserable. But now that I'm an expert on it, I can probably do it within a half a day to three days depending on if it gives me problems or not. That's still miserable, and it should be as easy as: I upload the new version of the client, put in the information that I want it to have on the settings, click download, and install, then it works. It should be that easy. There's really no reason why it's not, except for they didn't improve that process nor have they developed that area. It makes me think that their interest isn't in VPN solutions, even though it should be because it's something that they offer. Otherwise, their support is great.

About seven or eight years.

Since it was fixed in November, it's been 100 percent solid and stable. It's been solid as far as Endpoint Remote Access VPN is concerned. I would say their SSL VPN isn't always solid, but I don't think it's necessarily their fault. I think it's because companies, like Apple and Google, change their browsers and operating systems. This messes up Check Point's ability to allow the connection as far as Java updates or other types of security features that they enable. They also don't let you run the application without administrative rights or in sandbox. I have seen a lot of things break because of other companies' involvement in their products. 

As far as the connection is concerned, recently it's been stable. If you had asked me that a couple years ago, it was miserable. It was like the bane of my existence. Now, it's working great. 

I manage the solution, though technically it's my team. They don't work on it if they don't have to. If they have to, then they ask me questions.

It is pretty scalable as far as adding more users. I don't see that as being an issue. All we have to do is buy more licenses and it's easy to add the license headcount, then more users can be added just as simply.

We have 200 to 250 users in our company.

We will definitely be increasing to have more users since our company was just purchased by a very large company. This will make us grow.

Their Endpoint Remote Access VPN support team tries to fix whatever problems that are there and incorporate those issues into the next Endpoint Remote Access VPN client that they release for everyone, which is great. I know that last year specifically, I worked with the Endpoint Remote Access VPN support for nine months. We were having disconnects. Some users would get disconnected from their VPN five times in a day. Throughout nine months of working with them, providing logs, providing TCP dumps from the firewall, and all the information they needed, they were able to give us a new client where our users didn't have any more disconnects. They did something where they made it more resilient. So, if there's a problem, the client has more time to talk back to the endpoint or firewall. That is huge since this entire year our whole company has been working from home. 

Last year, we had a few people working from home every week, or maybe a tenth of the company works from home permanently. However, if we hadn't fix that issue by November of last year, then having everyone work from home and getting disconnected five times a day would have been an utter nightmare. It probably would (100 percent) been the end of Check Point at our company, because I know our CIO already doesn't really like Check Point. We keep it around because my team believes in it. But if no one could work, because no one could VPN, that definitely would have been the end of Check Point.

This wasn't something they could just fix or something that I could fix or configure. It literally took nine months of troubleshooting and ongoing fixing with their development team in Israel, where they were making new code for the input client, which we got. It worked and we're still running that client today. That was huge. If I had to say something really good, it would be that their support helped us and fixed that issue.

We did use something else previously. I want to say it was some kind of a VNC Viewer things with a certificate. It's very basic and crappy. 

We switched because we need more features, like the RSA token involvement. We also like that we were using another Check Point solution and could integrate with that.

The initial setup wasn't too complex. I think their documentation is pretty good for the initial setup. It took a little while, but it wasn't difficult. We did the deployment successfully in probably two months on our own, without them doing anything, by just reading the documentation and having other stuff going on too. We didn't just focus on this deployment.

I just wished the upgrade process was easy and the configuration initial process was easier. In the past six months, they did a fix, where if I push out a new install to users, it doesn't reboot their computer. Now, it will install their client and not reboot.

They need to keep up with Windows updates faster. There have been a couple of times where Windows is updated and they didn't have a new version ready for when Windows was ready, which means the clients that are running on the newer version of Windows won't be able to VPN. If they can keep up to speed with that, then it would be good.

I've done this twice already because I know that we didn't upgrade it. I built out two new servers for it. I have a primary and a policy server. We have a primary endpoint server. Then, we have a secondary, which is called a policy server. This is operational because our clients will connect round robin to one, then the other. It's just that one of them has more precedence over the other as far as enforcing policy. We have those in two different environments, and they're virtual. All the standard things that go along with setting up a virtual environment.

We had to create the policy on the new endpoint server, which isn't too complicated. It includes a list of ports that we needed for our users to be able to use certain applications, like their chat and VoIP, because it has a local firewall. That took some time, like a week building that policy out and testing it. It's really about making sure that it can connect to the endpoint server through the main firewall. Then, it gets its policy from the endpoint server that it downloads and enforces on the local firewall, allowing for the connection to the main firewall. I wouldn't say it was too complicated as far as deployment strategy goes.

We have seen ROI. It allows everyone to work from home. If no one could work from home, then we wouldn't have a company, especially now during COVID-19. It's mission-critical, especially since it's currently being used. If there is a problem with it, we would really be screwed. We would be hard-pressed because we would have to figure out what solution we're going to go with, how to deploy it, how long it would take to deploy it, and how we'd even get it on people's computers if we couldn't VPN to them. It would be near impossible to just change to a new VPN solution right now. Without physical access to the machines, it makes things much more difficult.

My understanding is that the pricing and licensing are very competitive, and it's not one of their more expensive products. We buy licenses for the solution and have licenses for the endpoint servers.

I believe we did evaluate other option, but I know that we were leaning strongly towards Check Point.

My advice would be to have patience. Make sure you get a Tier 3 support person. Setting up the servers and everything is easy, but deploying the Endpoint VPN client is not easy. They need to have someone walk them through the process of creating the Trac file that contains the settings for the client. That is hard.

There is the endpoint server, which is on-prem, and easy to set up like any other appliance that any network engineer or systems administrator should know how to do. That is easy. But if you want to deploy the client, which most people want to deploy the client, and have any type of configured settings on it, then know that it is not just a generic client. That's the hard part. My advice would be to reach out to support and have them help you with it.

I remember not knowing how to deploy the Trac file and struggling immensely. I was unable to deploy the client and get people working, which is my job and what I'm supposed to do. Learning how to do that, being familiar with the process, and actually doing what I'm expected to do at work, which is let people be connected to the firewall, that was my biggest lesson.

I would rate it a seven and a half out of 10.

I use Remote Access VPN for clientless applications, setting up WireGuard tunnels, and WireGuard VPN as a service. It provides remote access for SIP setups, allowing users to connect securely through a VPN.

The most valuable features include application access, clientless application access, and WireGuard. These features make it easy to deploy and offer a user-friendly interface. The complexity is hidden within a full mesh network, allowing seamless user-to-application connectivity with minimal delay.

Automations for cloud integrations need to be expanded, and currently, developers have to manually configure APIs, which is not developer-centric. Improving this process could enhance the solution's scalability and efficiency.

I have used Check Point Remote Access VPN for two and a half years.

Some connectivity issues arise occasionally, especially when accessing the internet or using other applications. The installed client sometimes reconnects, possibly due to conflicts with existing VPN solutions.

The solution is extremely scalable, with an eight out of ten rating due to its mesh network and ability to build WireGuard tunnels. However, additional automation is required to enhance its enterprise features.

Customer service is excellent. Support is integrated into the product, making it easy to access without needing to search for contact information. There is an icon in the portal for online support, and Check Point local support promptly replies to queries.

Positive

On a scale of one to ten, I would rate the initial setup of Check Point Remote Access VPN as ten because it is super easy to set up.

The pricing is rated eight to 8.5 out of ten. The costs increase with the purchase of advanced features. Licensing issues need to be sorted as different features require separate licenses.

The best solution for small to medium businesses. Licensing issues need to be sorted out. For example, features like CASB and browser security should be bundled. Having automations will help scale to other scenarios.

I'd rate the solution ten out of ten.

We use Check Point Remote Access VPN to connect to the back-office applications.

Check Point Remote Access VPN could be more user-friendly.

I have been using Check Point Remote Access VPN for approximately two years.

Check Point Remote Access VPN is a stable solution.

We have approximately 2,000 users using this solution. We have plans to increase the usage of the solution.

My internal team does some technical support for our employees. I have not contacted the support from Check Point Remote Access VPN.

I have used Microsoft Defender Endpoint previously. I found it to be much more user-friendly than Check Point Remote Access VPN.

The installation of Check Point Remote Access VPN is straightforward. The time it takes for the client installation is two minutes. It is a standard installation.

I did the implementation myself. We have our IT department that is supporting and doing the maintenance of the solution.

There is a license required for this solution.

I rate Check Point Remote Access VPN a seven out of ten.

We use Check Point Remote Access VPN to provide access to employees and to the company resources, especially now that most people are working from home. That's the main use. We also use it for specific companies that give us remote support to some applications. They access our company servers and resources. We're using Remote Access VPN with a specific profile for them that only gives access to some.

We have two environments. Our firewalls and our perimeter firewalls are Check Point. The firewall connects to the internet and those firewalls are the ones that the people connect to for the Remote VPN. We have the Blade enabled and they access the company resources as if they were working at the office.

Remote Access VPN allows users to work from home very easily. They are very happy with the way they log in with RSA. That's why we use the Foo. It's very stable. We didn't have any issues.

Compared to Pulse Secure, Check Point saves us a couple of hours a week. It's easier to reverse when we have issues. At the moment, most of our company still uses Pulse Secure. But a year ago, we also started deploying some people on Check Point so that we have another option. If we don't want to renew with Pulse Secure the client says we can migrate everyone to Check Point as we already have some people working on the Check Point VPN. 20% of the company uses the Check Point VPN and the rest uses Pulse Secure, which is our main VPN, which is around 100 people.

The biggest advantage of Check Point Remote Access VPN is that we already use the Check Point firewall. We only needed to enable the feature and do the configuration in order to enable the VPN feature. We didn't need to buy or manage new hardware. This was a big advantage. 

The integration with two-factor authentication for Remote Access users is another valuable feature. In our case we use RSA.

Those two are the most valuable aspects that we have on the solution. It also gives us the possibility to securely connect to the company resources, without Check Point security measures.

Another good thing we like is that we already have all the logs from the firewall on the SmartPortal as the remote VPN also integrates into the firewall. We can see all the logs on the same tool because we also have a fully secure solution for Remote Access VPN. For full security, we need to manage the different hardware from the firewalls and the logs that are not in the same place. This is another valuable aspect of this solution. 

Having access to those logs affects our security operations because if a user calls the support but does not have access to the VPN, we can see on the same tool on the SmartPortal. If he's being blocked on the firewall policy, you can see it with the VPN profile.

If the user is using Foo, we need to go to the Check Point firewall to see the Check Point firewall log on the perimeter firewall, to see if the user is crossing the firewall to get the Foo. Then we need to go to the supplier to see that the logs are there. So we need to go to two places.

We are very happy with the Windows client. You log in with the VPN for the full client, you do the log in there. But for Linux machines, they don't have a full client to install. It is important because we have some users that use Linux and they don't have a specific application from Check Point to use. That is something that could be improved. 

I have been using Check Point Remote Access VPN for around one year. 

We don't have any stability issues.

It is very scalable in a way that we can share the configuration for Remote VPN amongst our perimeter firewall so we can implement the Remote VPN with the same profiles and the same configuration easily on all of them. It's very scalable.

We are still studying the possibility of migrating everyone to Check Point VPN, but a decision has to be made because we still have a lot of people using Pulse Secure.

We haven't used technical support specifically for Remote Access VPN. We use it for other products, but not for this one. In general, their support is good, especially if you work with the Israel team. Because of the time zones, we try to call when they are available. The support is usually in. The other ones are also good but in most cases, the Israel team is better.

Our team finds that Pulse Security is a bit difficult to configure. It's not very straightforward. We are used to it now. Management is easier on Check Point. Our managers wanted us to have to study some alternatives to Pulse Secure so that if the price was too high, or if we wanted to move to another solution, we would already have an idea about other solutions. We chose Check Point as we already had the firewall. It has worked well until now. We already have some people using the Check Point VPN and we are ready to move everyone. 

Pulse Secure was more difficult because of all the things that you need to for the setup. You need to do four or five things to set up a profile and some of them don't make any sense. It's difficult for a person that's never used Pulse to understand the philosophy of the configuration and to create different profiles. It's not very straightforward.

The initial setup was straightforward, especially because we already have the firewall implemented. So we only needed to enable the features and do some configurations, which were not hard to do. They were really fit. 

It took two days. We did our own thing. The implementation strategy was to first have only two or three users from the IT team to test it. Then we allowed it to extend to some teams.

Two team members did the deployment. 

We require three full-time network security engineers for maintenance. We manage all the solutions on the security side of our company. Specifically Remote Access VPN requires three hours of maintenance a week.

The return on investment is that we have a stable VPN solution to provide our employees, which is very important. Especially now with the virus, we have more than 50% of people working from home and using the VPN solutions. Our return on investment is the ability to allow people to work remotely in a secure way and a stable VPN.

As far as I'm aware, Check Point is on the same line of pricing with Pulse at the moment. It's not any different. It is in line with the competition. There are no additional costs that I'm aware of. 

It's not hard to deploy the solution. Remote Access VPN is easier to deploy than some other solutions like Pulse Secure.

If you already have a Check Point firewall, this remote solution is a win-win because you don't need to buy, manage, or do a hardware refresh when you enter the end of life. You will have centralized logs on the same tools. If you have a Check Point firewall, this solution is the best for you.

I would rate Check Point Remote Access VPN a nine out of ten. 

It works very well. I would say it's almost the perfect solution. As far as I'm aware, it's one of the oldest solutions from Check Point. So it's very, very stable. They have a lot of years of working with it.

In our current dynamic, we are using this solution to provide access to data and some business applications over the internet.

Our users find the interface very comfortable to use.

There is always room for innovation and the addition of new features.

We have been using this VPN for more than ten years.

With respect to stability, Check Point has been running smoothly and we haven't had any issues.

We have about 500 people using this solution in our company during the COVID-19 pandemic. Prior to that, we had an average of 100 daily users.

We are satisfied with the support.

We are always searching to see if there is anything new in the market.

Currently, Check Point is meeting all of our requirements. That said, there is always a chance of innovation and something new.

I would rate this solution a nine out of ten.

A lot of our clients are complimentary companies, like the electrical company. They need Check Point Remote Access VPN, or even another similar solution. I tell them that I already have the VPN solution in our company.

In terms of improving the service, I think they could add more features, like the security to block off the doors, or create another hatch, something like this. They could make the features safer, add malware to make my mail and the Kryon system safer and to protect data at an earlier stage.

I have been using Check Point for about one year.

I have not heard any complaints from the clients regarding its stability. I think it's stable for them.

Not all of our clients who use Check Point VPN are in Thailand. Some government agencies, like the Electric City Company, are in Thailand. They use it formally. Their IT and telecom departments, those who require a secure network, are using it.

I have not contacted customer support yet because I take care of any issues from here. That's why I don't have their programming disk because I take care of it myself, including the configuration and the DSL in Check Point.

We still use other products.

The initial setup is not complex. Plus, we've got the Kryon system. So these systems make it easier for the user. We have known this product for a while, that's why it's not a problem to configure the system.

I don't have any advice yet.

On a scale of one to ten, I'd give Check Point Remote Access VPN a seven.

The differentiator for this solution is the management interface that we find very good and provides a single view for all endpoints. The solution offers SmartLog that allows quick searches. The compliance modules are also very interesting.

I cannot see the full effect of the antibot solution because it relies on having access to the DNS queries, which might not go through the Check Point firewall when you're using it for perimeter networks. In this case Check Point will not identify the actual source of the DNS queries associated with antibot activity. This may be related to the customer architecture, however, and not due to product limitation. I don't know if it can be improved on the Check Point side or not.

The solution should allow for the automatic identification of destinations. 

We have a URL qualification on the on-premises deployment model; this should also be the case on the cloud. The automatic classification should be done by the cloud team instead of having to specify or subscribe to a RSS for the information, we should be able to have an object that represents such cloud services. It's possible that Check Point already allows for this, but if they don't they should.

We've been using the solution for about 20 years.

The solution is very stable.

The stability depends on the setup. If the solution resides on a specific appliance, it is not scalable. It has a fixed capacity. However, if you move it onto different environments, cloud environments, it will become scalable. Right now, we have about 4,000 users in the current network and about 500 remote access users.

Technical support is reasonable. It depends on the level of support you are willing to pay for, however. You can choose to have a company working for you with intermediate support with Check Point, or you can choose to have direct advanced support.

The initial setup has a moderate amount of complexity. It's acceptable. However, the graphical display of the user chart of network usage, and the ability to zero in on the current graphics could be improved.

We currently only use the on-premises deployment model, although we may extend into the cloud in the future. We're aware of the cloud's capabilities, but we're not using it because we don't have a large infrastructure expression there.

In terms of advice, I'd suggest that others implementing the solution make sure training happens on their teams. Most products can have lots of features, but if you do not have proper knowledge, you will not be able to make use of those features.

I'm very satisfied with this solution; I'd rate it eight out of ten.

We primarily use the solution to have a secure connection and to offer security integration with our remote office as well as some other companies.

The ability to create your trigger data domains is the solution's most valuable feature.

The solution should include the ability to integrate the equipment's functionality with others. For example, we would like Checkpoint to be able to integrate easily to the public key infrastructure. According to Checkpoint, there is no use case for this right now. 

The interface itself needs improvement. When you need to create something, you have to go through a lot of steps. It needs to be simplified. 

The solution has been very scalable for us up until now. Currently, we have two data centers and we are running two Checkpoints for the facility to spread the workload.

The process is mainly straightforward. 

We started only with the firewall components and this part was straightforward. Once we started to implement the VPN, we had to work with the reseller. Now, we are handling it ourselves.

We handled the implementation ourselves with the assistance of resellers.

We are using the on-premises deployment model.

Checkpoint is very strong and very reliable. I would advise that those considering implementing the product go to a Checkpoint training session before implementing the solution. It's good to be familiar with the product beforehand.

I'd rate the solution ten out of ten.