Check Point Security Management Reviews

With Security Management solution, we can manage and distribute security policies to firewall gateways. In large environment where there are dozens of Check Point appliances from Headquarter to branches, I deployed the Security Management with thousands of rules for an enterprise. I created different security packages for each gateway/cluster pair for administration purpose while maintaining separation and ease of policy installation. With every change request, we just need to configure the relating package and install to right gateways. Besides log dashboard in smartconsole is very useful and convenient for monitoring and tracking. It provides intuitive interface to search log, operation to filter is very to understand

With Check Point Security Management, we can:

- Manage and configure cluster for Check Point Gateways. Define security zones (internal, dmz, external) on interfaces.

- Add, modify, delete security rules, objects and install to gateways.

- Activate or de-activate blades like Mobile Access, IPS, URL Filtering, Application Control, Identity Awareness, Antivirus,... to the selected gateways and configure the security settings on them.

- Track and monitor security logs.

- send commands to the Management API. Supporting Management API helps automated tasks for daily operation or integrate with third-party solution SIEM/SOAR.

The most valuable feature is Management API. It has been supported since R80 and above. Why? For firewall administrators who handle many tasks daily on not only Check Point systems. They are flooded with their boring manual tasks but always got stuck with request tickets. For security analysts who work with numerous logs from many sources and take actions to stop attacks. Can analysist and protection be highly effective if they must take much time in implementing policies? All limitations above can be solved with Check Point Management API. The administrators can automate and improve their productivity in operation by scripting. The security analysts can immediately apply security settings on the firewall while saving their time and concentrate on their research job. This feature is very useful and Check Point works great job to support many security aspects with easy-to-understand guide.

In complex environment, the Security Management system manages many firewall gateways. There are thousands of security rules in the server and there are also other security settings about Check Point blades. Database in the server becomes large. Hence installing policy takes very long time to complete. Imagine that the administrators must process their daily tickets. They make configuration changes in Smart Console of Management Server for the first ticket, and while waiting for installation completion, then they receive the second ticket, a critical case, what should they do? This is only one of the situations that the administrators are facing in operation. Hope that Check Point can improve the processing time of installation.

More than 5 years

Check Point TAC team is very professional.

Positive

Only manage Check Point gateways by using Check Point Management Server. I used other firewall vendors like Cisco, Fortinet but Check Point is much better about stability and performance. So using central management for Check Point is best choice.

Easy of setup

I always implement by myself because it's very easy to implement.

Check Point Security Management is primarily used for managing our security gateways that are deployed in multiple offices around the world. We have 20+ gateways in total. 

Security management also has reporting functionality which can be passed off to our internal security team as well as our senior leadership team. 

SmartView is also a handy utility that allows our system admins to have insight into the network traffic which reduces the need to contact the network support team each time something is not functioning.

Check Point Security Management has improved the organization and it assists with easy manageability of all of our globally deployed gateways which if they were not centrally managed, would be very time-consuming to manage. 

The compliance blade provides detailed reports in regards to our policy configuration and global configuration of the gateways which can be easily read to determine if something needs to be actioned. It also contains multiple different other reports that can be utilized by various other departments.

The compliance is great. It verifies the overall compliance of all of the gateways and attached policies against standards. It offers ready-to-use reports that are detailed.

The SmartView monitor is helpful. Having the ability to give read-only access to our system admins where they can look into the firewall logs is a huge plus and reduces the load on the dependency of the network admins. Also, it is very handy in that it is a web console and not an application that needs to be installed on your computer to view the logs. 

It displays very nice dashboards.

Being a security appliance, there should be the ability for the Security Management server to send email alerts via authenticated email. One of our requirements from the organization is to not use unauthenticated email and to only use authenticated email which this does not support.

SmartConsole should be available for MacOS machines. Not every Network/Security administrator utilizes a Windows machine. Being a Mac user, I need to have a VM with SmartConsole installed in order to be able to manage my gateways. I have heard the newer versions allow management through a web version however I have not tested it as of this moment.

I've been using the solution for more than three years.

The solution is very stable.

In terms of scalability, the licensing is restrictive and are cookie-cutter solutions for a number of gateways.

The L1/L2 agents seem inexperienced. Cases often need to be escalated. 

Negative

Yes, we did use something else. We switched as we were looking for something that had a bigger feature set.

We looked into SonicWall and Palo Alto.

The solution is used to manage security gateways. We use the management server to manage our firewalls, one at DR and the other at HQ. 

The Management servers are also used to manage security policies to determine who or what system should connect to what. This allows us to block applications that are not needed per department. For example, Facebook is blocked for everyone except the marketing team. This helps keep people more productive. We also use the rules to prevent users from visiting dangerous and illegal sites.  

It has helped improve work in our organization. Check Point Management tracks a lot of activities on the network such as who is connecting to what sites and applications. 

It has also provided visibility into who is connecting to the corporate network via VPN and at what time which helps us keep unauthorized users away. 

The interface also makes it easy for us to configure the VPN from the GUI rather than the command line, which makes it easy even for less experienced engineers to work with. 

The management also gives visibility into licenses and device-related information to help track how long you have till licenses expire and the software and hardware health of devices. 

The smart event feature is the most valuable. The consolidated logs give full network visibility. 

The smart console has been able to provide us with good detailed information and reports ranging from bandwidth, risky applications, IPS reports, VPN reports, and infected hosts on the network. 

Reports help determine which machines may be infected with bots if they indicate that they were trying to connect to command and control servers, smart event helps determine these machines by IP address or username. 

The IPS also indicates what attacks and from where we're trying to hit our organization which helps us twerk our settings accordingly to have the most security we can get. 

It could improve by showing DNS-specific information for connections to unknown public IPs. 

Check Point could also improve management by not having applications for each version released because we have to install a new application for every version it is not very nice. They could do that by moving management to the web so that we do not have to install a client for every version. 

The fact that you have to connect to two different applications for management, does not make it the most usable. It could be great to have a system setting and policy setting done from one interface. 

I've been using the solution for four years.

It's a very stable solution and Check Point is always doing proactive support to avoid any future problems or failures. Checkpoint support fixes bugs that they discover before the implemented production systems are affected. By logging a call with the customer and helping them remediate problems before they occur. 

It is reasonably scalable as you are able to manage five gateways with one management server at entry-level.

The solution offers very good customer support. The engineers respond on time and are available to help even if it means setting up a call to help you in implementing the given instructions.

Positive

The initial setup was straightforward. The prompt to install and the setup guide will get you through the process. When you're unclear, there are plenty of online resources to help.

We did the implementation in-house.

The solution is definitely worth it as it helps put policies that help people focus more on work than play to use company resources more efficiently.

We work with multiple clients managing their network firewalls. This includes many multi-national networks as well as local systems in the U.S.A. 

We primarily are utilizing these products for managing customer/client environments to modify access rules and other policies for controlling traffic to and from both internal and external networks as well as cloud-based Azure systems. 

Check Point management products are in use in all these networks, including both standard Single Management Servers as well as Multi-Domain Management servers.

Check Point Security Management has always made it simple and easy to manage all our firewall systems and firewall policies. 

Check Point Security Management systems, both standard Single Management Servers as well as Multi-Domain Management servers, have made it very simple and easy to perform daily functions such as adding new user hosts or destination servers to existing firewall policy rules and successfully managing large corporate networks easily from both our office space or from remote worker systems.

We love the ability to monitor performance in real-time, and gather critical information about network flows and traffic. 

The controls for creating, modifying, and editing firewall policies, firewall configurations, and other system operations are very simple and seamless. Accessing and viewing logging from many firewalls worldwide is also made very simple and intuitive with the ability to see both an overall picture of the logging, as well as the ability to filter down to the most specific traffic flows.

Sometimes there are some performance issues that cause certain operations to run slowly, however, that may just be due to the hardware it is running on needing to be stronger. Check Point could possibly lighten up the software code so that it is not as resource-intensive and will run more smoothly on a variety of hardware and cloud or virtual machine platforms. 

More ability for users to generate reports for traffic flows, firewall performance factors like CPU, memory usage, total bandwidth consumption, and tracing heavy traffic (elephant) flows would also be great.

I've used the solution for over seven years.

So far, we have not experienced really serious issues with the stability of the platform.

Check Point Security Management is pretty robust at allowing the management of large numbers of firewalls - especially the Multi-Domain systems.

Though we do not need to utilize the support services often, they have always been prompt and courteous, and definitely knowledgeable.

Positive

Some of our clients have switched from other firewall solutions such as Fortinet or Palo Alto, however, they were not happy with these systems for various reasons.

These systems are pretty straightforward to install and implement.

Check Point seems to be reasonable with its pricing, and competitive in the market.

Sometimes our clients look at other options such as Palo Alto, or even a blend of these and Check Point.

We use Check Point Multi-Domain Management (Provider-1) to manage several customers with their firewalls as well as handle our internal administrators based on their rights.

Each domain (CMA) contains the customer's firewalls that are managed by us. Bigger customers with more than one domain use global objects as well as global rules so that administrators do not have to implement a local object for each domain.

Since this environment is bigger, we also use a dedicated log server for each domain. That way the logs reside in a different virtual log server.

When using global rules and objects it is possible to push changes to several domains at the same time without touching each individually.

Administration of all users within a single environment makes it easy, instead of connecting to management individually. Using templates for rights helps a lot too.

Last but not least, by only using one VM (or 2 if you include the log server), upgrading and patching are easier. You have a bigger maintenance window, but do not have to upgrade several Security Management Servers by themselves.

Using a single GUI with a single management IP makes things easier if you have to administrate several customers. In the Multi-Domain Environment, you are able to see an overview of all the different customers.

Several health checks are shown for the gateways in an overview so you don't always have to use a monitoring system in parallel since you see some states at a glance after logging in.

Having the possibility to use Smart Event to check for threats on a broader scale helps after a security incident and also makes it easier to check - instead of looking through different logs.

Troubleshooting is quite complicated within multi-domain management. If an issue arises, the local administrator has to keep in mind that there are other domains that could be also affected.

For each version, you have to download a new GUI. Sometimes the GUIs have fixes in them. If you need a new one, you have to inform and update all administrators too.

Some features still use the legacy GUI, however, as far as I know, it is planned to include this in newer versions (R81+). 

Unfortunately, there is still not a rule checker in place where you can insert SRC/DST/Port and it shows you which rule it matches.

I've used the solution for over 10 years.

The solution can scale, depending on the VM environment.

The installation process is quite easy.

As part of the Bank's Network Security Infrastructure team, it is our responsibility to manage different security products and devices that lay the foundation of the Bank's Security infrastructure network. Part of that responsibility also includes the implementation and policy update request arising from different business and support teams to make sure that application services comply with the security standards to protect all services of the bank and maintain reliability of the services across environment.

With a centralized Check Point Security Management solution, it makes it easier for our day-to-day operations to manage all Security Gateway Firewalls across the bank.

The Check Point Security Management has improved the management of all our Security Check Point Gateway Firewalls across the bank. 

With Security Management we are able to simplify our response and support for all our security network devices, which, compared to other products that need to be managed individually, the Check Point solution is far better and less daunting. 

The Security Management also includes the management of logs that is far more efficient, as it provides all the needed information required to investigate and understand how the gateways are accepting or blocking traffic from the gateways.

The Main Domain Log Management Server is what I find to be the most valuable feature for the Security Management of our environment. 

With the Main Domain Log Management Server, support teams are able to check and verify the information required in order to determine if any traffic is getting blocked or denied due to specific policy rule implementation, or even identify any traffic getting spoof or any other related events on the gateways. 

It has a central management log server that helps us to easily identify faults and issues in the environment, especially during outages and incidents during the implementation of policy rules.

It would be great if the SmartView Monitor could become integrated into the SmartView Console Platform. As it stands, performing a smart view monitor will still open the old R77 SmartView monitor session, which is a bit flaky and slow. If the SmartView monitor can be integrated in the R80.40 and R81 versions, that would be ideal in understanding the trends and graphs of how traffic is observed hitting the different Check Point Firewall Gateways that the Security Management controls. It will also help support teams to identify capacity limitations and have a foresight of what's happening in the environment at any given point in time.

I've been using the solution for 4 Years.

The solution is ideal for use and deployment in a large infrastructure environment.

The solution is very efficient. You can add more gateways in the environment and manage on the same management server as it has a centralized design.

We have diamond support and they are very helpful and detailed during explanations for any issues we are facing. The diamond support that we get definitely provides full life cycle support. It brings reliability to the product when you have great support from Check Point.

At the moment, we have a co-existing infrastructure with other security network devices, and we can definitely see the benefit of having the Check Point Security Management application in our infrastructure.

The setup was straightforward as the SmartConsole associated with the Security Management is GUI-friendly and anyone can easily access and manage it.

One of the Professional Service members we work with is very attentive to detail and ready to support our team during difficult times - including the implementation and consultation of the Check Point Products. The professional service on offer is really great as you do not often get someone from a vendor that knows the inside and out of the product dedicated to your own infrastructure.

I would advise others that it's definitely a great investment to have Security Management across your infrastructure.

We have other options with other vendors such as Juniper, with their Security Director, and JSpace, but nothing can compare with how the Check Point Security Management performs.

If you have a manageable security infrastructure, the cost, pricing, or licensing will be far outweighed by the reliability and stability of how a properly managed environment is.

We are using it on the cloud for cloud segmentation and as a VPN for users. We have been implementing Checkpoint on Azure's cloud for configuring scale sets for internal and external firewalls and as a gateway group active/standby for the VPN. The solution is implemented using a Multiple Entry Point feature. This allows us to use the same URL deplyed for all users and let them connect to the nearest node. We use other features like IPS, Threat Control, and Antivirus/Antibot for protecting our servers. We wanted to implement the SCV feature but it's not working. We've been working with support for months without a resolution.

It has allowed global worldwide access to our cloud infrastructure. It gives us the possibility to improve security on the Azure cloud as well. 

It features NGFW provided by checkpoint with all of the capabilities that are required to protect for Next Generation protection from attacks at perimeter level The module and security features that are provided as part of the base license with Checkpoint include the VPN, IPS, Application Control, and Content Awareness which offers strong protection for the organization. The main problem is that the support in terms of solving any issue is not very good.

The unique management using Smart Console for all Firewalls is very useful. Also, the management of policies and the log page allows for easy troubleshooting and configuration using a single pane of glass. The new release R81 allows a very fast installation of policies on the firewalls.

The MEP feature had a lot of problems during the implementation, needing configuration of TXT file via the CLI, however, at the end of the implementation, it is working well and has given us a very good advantage on the VPN solution in our company. I hope to see other useful features in the next release.

I've found the solution was a bit unstable. It would be better to improve the stability of the service. Another thing that needs to be improved is the Checkpoint support. Very often they were not able to solve the problems that we had. Sometimes to solve problems you need to install a new Hotfix or Custom release - and that can generate some side effects that can create instability problems. It's necessary to improve the support - especially the one that is provided in India.

We had done an upgrade 2 months ago.

It's improving with new releases.

It's very scalable.

The experience has not been very good.

Yes, we were using on-prem products with Cisco Anyconnect VPN solutions. We switched to Checkpoint and moved the VPN solution to the cloud.

Yes, it was a bit complex.

We had a good level of expertise, and we also used Checkpoint professional services directly.

We hope to have ROI in 3 years.

Licensing is very granular. You can easily select the best solution and feature that fits to you.

We did not evaluate other options.

They should improve the support and the stability of the system. When there are issues, it is not very easy to solve problems using the support they offer. Other vendors like Cisco have better support. This is very important for Enterprise companies - even more than new features.

Our primary use case is to have a centralized server to manage all of our Check Point firewalls, which are around 30 clusters of firewalls. We also use it to have a place where we can see, call, and centralize the logs.

Every day we have new projects and new applications that need to be delivered. We need to open flows on the firewall from one point to the other. Check Point helps our security team to create the policies in a centralized way, where we can even copy policies from one firewall to the other.

It saves us a lot of time, and it's very easy to use. We can clone objects and drag and drop. It's much easier than a few years ago where we used to have Cisco firewalls and we needed to do it on the command line. Check Point is much easier. We can very quickly place trainees to work in policy creation.

The features we like and find the most valuable are the ways we can manage the policy, create objects, and drag and drop objects in our daily operation. It makes our daily operation on the firewall management much easier than going, for example, to one firewall, then going to the other. We have a centralized point of managing the firewall in terms of firewall policy and in terms of threat prevention policy where we can easily review the antivirus policy. It has a good description of which protection we are applying to the IPS on the antivirus. It's very clear and easy to use.

The SmartConsole chooses which application communicates with the manager and allows us to create the policies and also look at the log of the traffic that is crossing all the firewalls. We can manage and also see the logs of what is happening on the firewalls.

I would like for Check Point to add some features like the Smart Monitor on the R77 that are available on the SmartConsole of the R80. Now, we need to open a different application to have access to it. There are some applications that worked in the past but were not too integrated with a new application that communicates with the manager. There are some applications that should be integrated into the SmartConsole. I don't know if they will be, but everything should be on the SmartConsole and we shouldn't need to open another application.

The migration from R77 Manager to R80 is a major upgrade. It's not very easy to do. There should be some kind of Wizard for a direct upgrade from the R77 to the R80. There should be an easy way for the customers to do the upgrade.

We have been using Check Point Security Management for three years. 

It has been very stable. We don't have many complaints about stability. Once every three months or so, there are some processes on the management server that we get stuck on and we need to restart the services. After we restart, we get back to normal.

It's very scalable for our use case. We have two security managers. We have one primary and one backup to manage all of our firewall infrastructure, and we have no problem with it. We always have a new firewall. 

There are around eight people who work with this solution in my company. They're network engineers. 

My colleague and I are responsible for the maintenance. 

We have a 100% adoption rate for all of the Check Point Firewalls. We all use this manager to manage the Check Point infrastructure.

We don't have any issues with support. The support is very good, especially if you work with the Israel group, but on this specific product, as this is a core product of Check Point, I would say all of the groups work fairly well.

We also have experience with Fortinet but it's like comparing apples to oranges. 

The initial migration from R77 to the R80 was a bit complex. We had the help of a third-party company for the migration phase. We needed to export from the old manager and import it to the new one. There were some modifications we needed to do. It's not very straightforward. They had more experience in those kinds of migrations. 

We have already done some upgrades and they are very easy and straightforward. For this migration, we needed to prepare the servers side by side to the old one, and we needed to do the initial configuration. It took like at least one week to prepare and to migrate it that way.

We do see ROI because we save a lot of time and we can have new team members working with the firewall very quickly. We save at least eight hours a week.

The pricing is in line with its competition, like Fortinet. 

Sometimes applying licensing in products gets a bit messy. We will apply for a license on the manager, specifically for the firewall, but you still see the firewall complaining it doesn't have any rights. In this case, we need vendor support to fix this kind of situation.

We need to devise whether we need to have remote sessions with regard to why the firewall is complaining. There must be some kind of protection for the people not to flip licenses that they shouldn't. Sometimes when you buy a new firewall, the licensing is not straightforward to apply. After we fix it, we never have issues again.

This solution is overall our favorite Check Point product. It's a product that you need to have if you have a Check Point Firewall. If you have a Check Point Firewall, you need to have to Check Point Security Management. You cannot manage the firewalls directly, you need to have the manager.

I think it's the best product Check Point has and is the one that makes the difference. When you compare it to, for example, Fortinet, which has a manager that is web-based, it's not as easy to use and easy to drag and drop objects. The way to see the logs is not as good. It works better than web-based FortiManager, for example.

Palo Alto is also web-based, but me and my team, all of us prefer the SmartConsole over the way we have to manage FortiGate. It's very easy to search for rules on the policy, Check Point is much easier than the competition.

The competitors work well but Check Point works better.

If you refresh the page, you will lose what you did. Even the screen resolution is dependent on the browser. Drag and drop is not as good as with Check Point. It's by far the best product we have to manage firewalls. I think the thing that makes the difference on the other Check Point firewalls.

My advice would be to try the SmartConsole before deciding if you want to go ahead with buying Check Point Firewalls and the manager. You can install the application in any Windows, computer, or Windows server and try the SmartConsole in demo mode.

I would rate Check Point Security Management a nine out of ten.