Check Point Security Management Reviews

Our primary use case is to have a centralized server to manage all of our Check Point firewalls, which are around 30 clusters of firewalls. We also use it to have a place where we can see, call, and centralize the logs.

Every day we have new projects and new applications that need to be delivered. We need to open flows on the firewall from one point to the other. Check Point helps our security team to create the policies in a centralized way, where we can even copy policies from one firewall to the other.

It saves us a lot of time, and it's very easy to use. We can clone objects and drag and drop. It's much easier than a few years ago where we used to have Cisco firewalls and we needed to do it on the command line. Check Point is much easier. We can very quickly place trainees to work in policy creation.

The features we like and find the most valuable are the ways we can manage the policy, create objects, and drag and drop objects in our daily operation. It makes our daily operation on the firewall management much easier than going, for example, to one firewall, then going to the other. We have a centralized point of managing the firewall in terms of firewall policy and in terms of threat prevention policy where we can easily review the antivirus policy. It has a good description of which protection we are applying to the IPS on the antivirus. It's very clear and easy to use.

The SmartConsole chooses which application communicates with the manager and allows us to create the policies and also look at the log of the traffic that is crossing all the firewalls. We can manage and also see the logs of what is happening on the firewalls.

I would like for Check Point to add some features like the Smart Monitor on the R77 that are available on the SmartConsole of the R80. Now, we need to open a different application to have access to it. There are some applications that worked in the past but were not too integrated with a new application that communicates with the manager. There are some applications that should be integrated into the SmartConsole. I don't know if they will be, but everything should be on the SmartConsole and we shouldn't need to open another application.

The migration from R77 Manager to R80 is a major upgrade. It's not very easy to do. There should be some kind of Wizard for a direct upgrade from the R77 to the R80. There should be an easy way for the customers to do the upgrade.

We have been using Check Point Security Management for three years. 

It has been very stable. We don't have many complaints about stability. Once every three months or so, there are some processes on the management server that we get stuck on and we need to restart the services. After we restart, we get back to normal.

It's very scalable for our use case. We have two security managers. We have one primary and one backup to manage all of our firewall infrastructure, and we have no problem with it. We always have a new firewall. 

There are around eight people who work with this solution in my company. They're network engineers. 

My colleague and I are responsible for the maintenance. 

We have a 100% adoption rate for all of the Check Point Firewalls. We all use this manager to manage the Check Point infrastructure.

We don't have any issues with support. The support is very good, especially if you work with the Israel group, but on this specific product, as this is a core product of Check Point, I would say all of the groups work fairly well.

We also have experience with Fortinet but it's like comparing apples to oranges. 

The initial migration from R77 to the R80 was a bit complex. We had the help of a third-party company for the migration phase. We needed to export from the old manager and import it to the new one. There were some modifications we needed to do. It's not very straightforward. They had more experience in those kinds of migrations. 

We have already done some upgrades and they are very easy and straightforward. For this migration, we needed to prepare the servers side by side to the old one, and we needed to do the initial configuration. It took like at least one week to prepare and to migrate it that way.

We do see ROI because we save a lot of time and we can have new team members working with the firewall very quickly. We save at least eight hours a week.

The pricing is in line with its competition, like Fortinet. 

Sometimes applying licensing in products gets a bit messy. We will apply for a license on the manager, specifically for the firewall, but you still see the firewall complaining it doesn't have any rights. In this case, we need vendor support to fix this kind of situation.

We need to devise whether we need to have remote sessions with regard to why the firewall is complaining. There must be some kind of protection for the people not to flip licenses that they shouldn't. Sometimes when you buy a new firewall, the licensing is not straightforward to apply. After we fix it, we never have issues again.

This solution is overall our favorite Check Point product. It's a product that you need to have if you have a Check Point Firewall. If you have a Check Point Firewall, you need to have to Check Point Security Management. You cannot manage the firewalls directly, you need to have the manager.

I think it's the best product Check Point has and is the one that makes the difference. When you compare it to, for example, Fortinet, which has a manager that is web-based, it's not as easy to use and easy to drag and drop objects. The way to see the logs is not as good. It works better than web-based FortiManager, for example.

Palo Alto is also web-based, but me and my team, all of us prefer the SmartConsole over the way we have to manage FortiGate. It's very easy to search for rules on the policy, Check Point is much easier than the competition.

The competitors work well but Check Point works better.

If you refresh the page, you will lose what you did. Even the screen resolution is dependent on the browser. Drag and drop is not as good as with Check Point. It's by far the best product we have to manage firewalls. I think the thing that makes the difference on the other Check Point firewalls.

My advice would be to try the SmartConsole before deciding if you want to go ahead with buying Check Point Firewalls and the manager. You can install the application in any Windows, computer, or Windows server and try the SmartConsole in demo mode.

I would rate Check Point Security Management a nine out of ten. 

We are using this product on a daily basis for creating policies, managing gateways, and managing licenses. Currently, our Check Point Management Server version is R80.40.

Our current use case with R80.40 is Geo policy. We have applied Geo policies to block traffic from some malicious countries such as China, but over the past few weeks, we observed suspicious activity in our logs. There are some IPs showing as Singapore-based addresses, but when we checked in details, they are showing up as IPs from China. Due to that, the traffic is being dropped as per our configuration.

We have configured multiple gateways in a single dashboard. Currently, we have four gateways that are all clustered on our Security management server. We are easily managing all of the location gateways, so it is very easy for us and helpful to create the same rules, groups, or objects. We have to create only a single object and we add that onto a rule, which is the best way for us to manage.

We are also managing all device (gateway) logs on a single dashboard, which is very helpful for us.

The most valuable feature for me is Identity Awareness.

Earlier, we were creating policies with a machine IP-based policy. Whenever a user's machine was changed we had to manually change that machine IP to streamline the user access without their work being interrupted. That was a very hard task for me but now, with this identity awareness blade, we are creating users with their user ID.

If any user changes desk location or something else, we map the user ID-based access. It is a one-time activity and we are very happy with it.

Currently we have option to create rule with Access Role, but it is also asking network as well, so my suggestion if we mapped user and machine both then the network should be not compulsory. 

This will reduce our effort to creating rules.

Above is only my suggestion for access role rule type

We have been using Check Point Security Management for the last five years.

This solution is stable, although there is some room for improvement.

We have to perform each task in a different environment before publishing new features.

We did not use another solution prior to this one.

If you have Check Point in your perimeter,  the security management server will reduce your incidents by 30%.

We did not evaluate other options.

Overall, this is a very good solution.

Our company works in developing and delivering online gambling platforms. The Check Point Gateways are the core security solution we use to protect our DataCenter environment located in Asia (Taiwan). The environment has about ~50 physical servers as virtualization hosts, and we have two Check Point HA Clusters consist of 2x5400 hardware appliances, managed by an OpenServer Security Management server on a Virtual Machine (KVM), all running on R80.10 with the latest Jumbo Hotfix Accumulators installed (Take 275). The Security Management server has the following blades activated - Network Policy Management, Logging & Status, User Directory, Compliance, SmartEvent Server, Provisioning.

The overall security of the environment has been greatly improved by the Check Point solution. Before implementing that, we have to rely on the Cisco ACLs and Zone-Based firewall that we had configured on the switches and routers, which in fact was just a simple stateful firewall, and all the devices had to be managed locally via SSH. Now, with the Check Point Security Management server in place, we have a central endpoint to manage all the security aspects for the environment - the SmartConsole. That helped to decrease the management overhead, as well as to improve the usability and feasibility of the security.

As the security administrator, who is responsible for the day-to-day tasks (e.g. creating new firewall rules, monitoring the security alerts and incidents etc.) and the maintenance (e.g. installing the new Jumbo Hotfixes), I find the Check Point Security Management R80.10 to be the great solution. 

Now everything is configured in one place - the unified SmartConsole, which helps me in saving the working time and not jumping from one console or dashboard to another constantly. The interface is cozy and modern. I especially like built-in searching capabilities - you may not just find the objects, but also see where exactly it is used across the whole security policy. Also, now the latest logs may be seen in the security policy as well, per matched rule. 

I like that the Compliance software blade is available for free with the Security Management server purchase, but it is free for only one year - after that, you have to buy an additional license to continue using it. I think such an important feature is vital for the management server, and should not be licensed separately. 

Also, the SmartConsole application used for management is currently available only for Microsoft Windows OSes. I think many administrators use macOS and Linux, so it would be nice to have native apps for these platforms as well.

My current company has been using the Check Point Security Management for about three years, starting late 2017.

The Check Point Security Management server version R80.10 we use is stable and mature solution.

One virtual machine we use for the Security Management is enough for managing 2 clusters, and there is a huge "space" if we decide to scale the DataCenter up.

We have had several support cases opened with the Check Point, but none of them was connected with the Security Management. In. general, I think some cases took to long to be resolved by the Check Point support team - up to one month.

We used local ACLs and Zone-Based firewall on Cisco switches and routers, that's incompatible with the centralized management solution like Check Point Security Management.

The setup was straightforward, and the configuration part was easy and understandable - we didn't use any consulting services for that.

The solution has been implemented by in-house team, since we have the Check Point Certified engineer among the technical team.

The Check Point solutions in general are not cheap, so your company should have a dedicated budget for security.

We didn't evaluate other vendors.

There's a demo of the Security Management available for free - just download and install the SmartConsole application, and you could see the interface and most of the features available.

Check Point plays a crucial role in enhancing our security firewall solution in our company. It has brought significant improvements, including features like spam and anti-spam measures, intrusion prevention (IPS), and advanced filtering.

The most valuable feature for me is the firewall. Whether it's five stars or even higher, the analytics reports it provides are truly impressive. They offer valuable Key Performance Indicators (KPIs) that shed light on various situations and different logs.

They could offer educational courses to help individuals improve their knowledge and skills.

I have been working with it for two years now.

It provides good stability features. I would rate it eight out of ten.

I would rate its scalability capabilities nine out of ten.

In my previous company, I had experience using Fortinet and Palo Alto.

I find that the setup process is somewhat distinct from other solutions. I believe that having some guidance from the website or tutorials would make it easier.

I strongly recommend this solution because it's a highly effective and reliable choice. I would rate it nine out of ten.

We use the solution for ensuring the on-premise and cloud-based infrastructure through the Check Point gateway solution. We're applying the solution to the endpoint and running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance. 

As compared to the other vendors like CISCO ASA, Juniper, and other vendors it's nice to see maximum futures in the single firewall. The site and remote VPN deployment are very easy and troubleshooting the issues is also very easy.

The cluster solution made our job easier any fault to the device will not halt entire internet connectivity. In that case of the performance, we have zero-downtime upgrades and VPN solution deployments.

Check Point Software Technologies (Check Point for short) is a company operating exclusively in the field of Information Security and covering four main areas:

1. Network Security on the perimeter and inside Data Centers.
2. Cloud Security: Public, Private, and Hybrid.
3. Endpoint Security for both Windows and Macs.
4. Mobile Security for Android and iOS devices.

The solution offers ClusterXL, Secure XL, and Core XL.

When working with it, you will encounter three main components: Security gateway, security management server, and Smart Console. 

Customer support is very good and they have depth knowledge on the particular technology which helps us in fixing the problems ASAP. 

Remote and site-site VPNs we can easily deployable and maintenance  upgrade of the tunnel parameters becomes very easy as this is having the simple smart console access to the gateways. 

Also the multi-domain smart dashboard is another capability to manage multiple firewall through the single console.

The application filtering and URL filtering could be better.

They need to improve on this kind of technology as the Palo alto is ahead of the application-based and zero-trust-based approach also the cloud-based application control also user identification through the LDAP and other user directory settings to provide the proper solution.

Check Point has a complex range of reporting tools, some of which can take time to learn and be comfortable with. 

It is advised to make the processes simpler.

Need to have simple scripting and automation methodology to automate the networking operations.

I've used the solution for more than six years.

It's stable.

It's a good product that's scalable.

Technical support is nice.

Positive

I used Cisco ASA. Large-scale deployment and integration are very difficult in Cisco ASA.

The solution is straightforward.

We implemented it with the help of a vendor.

The ROI is good

I did evaluate ASA, Palo Alto, and Firepower solutions.

I mainly use this solution for endpoint security, to capture data with a secure approach.

Our data is the most important thing, therefore, it's essential that it be secured. Checkpoint has been very effective in terms of threat management and comprehensive protection against vulnerabilities, and it has given us confidence that our data is not going anywhere. 

The tracking of new threats could be improved.

I've been working with this solution for a couple of years.

Check Point's stability is good.

My experience with technical support has been good.

The initial setup is straightforward.

The return on investment is that our data is safe, Check Point offer upgrades, and we get the best possible cost-effective price.

I looked at Sophos, but Check Point's security coverage is better.

I would definitely recommend this solution to anybody thinking of implementing it. I would give it a rating of nine out of ten.

This solution is used to control OPC's. You are also able to generate reports with it.

Our organization is now able to easily see if our computers are running smoothly or not.

This solution is easy to install and deploy. It is also user-friendly.

I would like for users to have more control over the platform in the next release. Right now, the system is very central and general requiring new rules to be created that better-suite our requirements.

I have been using this solution since 1993.

This is a stable solution.

This is a scalable solution, we currently have three to four hundred users.

We hardly contact Check Point support thanks to help from our partner. However, if there is an issue neither of us can resolve, we open a case with Check Point and they are able to resolve the issue quickly.

We were using Symantec for its antivirus and backup capabilities, but now that Check Point offers antivirus, we are only using Symantec for backups. And Check Point is one fourth of the price!

The initial setup was not complex. There was still a bit to learn with the program, but it was not complex. Initial installation took about a day and a half and it took one week for deployment in total after running some tasks.

We had support from a Check Point partner perform the initial setup. We now have four members of our technical group maintaining the solution.

Check Point is much cheaper than the competition ($4/server as compared to $17/server).

I would rate this solution an eight out of ten (nine for its antivirus capabilities).

We use this solution to manage and configure all of our firewalls distributed across multiple remote locations. We can do it with a single interface where policies are created, managed, and distributed across all locations.

Check Point Security Management has improved our organization because all corporate firewalls can be managed with a single interface. Many objects are common in the policies of the various sites, thus saving time when it is necessary to create or modify access policies.

Check Point Security Management has a beautiful interface for viewing logs and access reports. You can create many filters and run queries from a modern graphical interface without resorting to shell commands.

The graphical interface is nice but it is a bit heavy. Even installing the policies is often a very slow activity. Sometimes it happens that the rules are scattered in several points such as global properties, security policy, and/or application policy and it is difficult to find the point where to intervene

I've been using Check Pont for 15 years.