Please share with the community what you think needs improvement with Check Point Security Management.
What are its weaknesses? What would you like to see changed in a future version?
Support is the main area that they need to improve. Our support experience is not very smooth. We are based in Africa, and we don't know whether it is because of our region. I would like a feature where there is a workflow to provide authorization to some users before they're able to create and apply rules. Such a feature should be integrated with the management. It should not be in the box that comes with it.
It is very difficult to recover policies from the gateway in case if you lose your security management server, and don't have a backup. The backup functionality (Migrate export command), which covers policies, can not be operated from the GUI. Instead, we have to log into the CLI and generate a file then take it out. For those not familiar with the Command Line interface, there should be an option in the GUI for operating backups. There should also be an option to automatically schedule the backup. The smart dashboard is a very heavy application. If we could directly connect & manage firewalls from the Management server itself then it would make it very easy.
I would like for Check Point to add some features like the Smart Monitor on the R77 that are available on the SmartConsole of the R80. Now, we need to open a different application to have access to it. There are some applications that worked in the past but were not too integrated with a new application that communicates with the manager. There are some applications that should be integrated into the SmartConsole. I don't know if they will be, but everything should be on the SmartConsole and we shouldn't need to open another application. The migration from R77 Manager to R80 is a major upgrade. It's not very easy to do. There should be some kind of Wizard for a direct upgrade from the R77 to the R80. There should be an easy way for the customers to do the upgrade.
Currently we have option to create rule with Access Role, but it is also asking network as well, so my suggestion if we mapped user and machine both then the network should be not compulsory. This will reduce our effort to creating rules. Above is only my suggestion for access role rule type
I like that the Compliance software blade is available for free with the Security Management server purchase, but it is free for only one year - after that, you have to buy an additional license to continue using it. I think such an important feature is vital for the management server, and should not be licensed separately. Also, the SmartConsole application used for management is currently available only for Microsoft Windows OSes. I think many administrators use macOS and Linux, so it would be nice to have native apps for these platforms as well.
It depends on the user, but all of the checkpoints need improvement. The only place I need a bit of an update, for example, is in the endpoint management. There are some policies that are embedded that you have to examine if you have sensitive users. For some applications, the default acts as a manager. However, in a system with a history of being breached or where users are given access based on their job function, we seem to have issues particularly there. The reporting should be improved in future releases. It needs to be very explicit. This is very important.
As for improvement, again, the bandwidth regulation is an issue - it is not up to my expectations. If they could improve that it would be good. In future releases I'd like to see better integration with other applications and solutions. Also, the cost of the license is too high, it's too expensive.
The client of the management needs to be improved. The solution is a bit slow. The speed should be improved. If there is a possibility to use the URL instead of client management in a future release, that would be ideal. In the last version from 80.20, there are some issues around SSNA Diction. I would like this to be improved.
We had a lot of problems with the VPN blade on the solution. We sometimes have trouble with the performance of the solution. Maybe some performance tuning options could be added in a future release. There should be more visibility about which blade in your firewall is causing the latency. That would be nice as well.
The usability of the solution could be improved.
I would like the ability to have an overview, cross-site: One portal that does all firewalls.
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.
Let the community know what you think. Share your professional opinion!