We changed our name from IT Central Station: Here's why

Check Point Remote Access VPN OverviewUNIXBusinessApplication

Check Point Remote Access VPN is #3 ranked solution in top Remote Access tools and top Enterprise Infrastructure VPN tools. PeerSpot users give Check Point Remote Access VPN an average rating of 8 out of 10. Check Point Remote Access VPN is most commonly compared to Cisco AnyConnect Secure Mobility Client: Check Point Remote Access VPN vs Cisco AnyConnect Secure Mobility Client. Check Point Remote Access VPN is popular among the midsize enterprise segment, accounting for 63% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 27% of all views.
What is Check Point Remote Access VPN?

Provide users with secure, seamless remote access to corporate networks and resources when traveling or working remotely. Privacy and integrity of sensitive information is ensured through multi-factor authentication, endpoint system compliance scanning and encryption of all transmitted data.

Check Point Remote Access VPN was previously known as Check Point Remote Access VPN, Check Point Endpoint Remote Access VPN.

Check Point Remote Access VPN Buyer's Guide

Download the Check Point Remote Access VPN Buyer's Guide including reviews and more. Updated: January 2022

Check Point Remote Access VPN Customers

Osmose, International Fund for Animal Welfare (IFAW)

Check Point Remote Access VPN Video

Check Point Remote Access VPN Pricing Advice

What users are saying about Check Point Remote Access VPN pricing:
  • "My understanding is that the pricing and licensing are very competitive, and it's not one of their more expensive products. We buy licenses for the solution and have licenses for the endpoint servers."
  • "Organizations that already have the Check Point NGFW need to purchase an additional license to have access to the VPN functionality."
  • Check Point Remote Access VPN Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Network Security Engineer at a financial services firm with 51-200 employees
    Real User
    Top 10
    Allows everyone to work from home, which is mission-critical for our organization
    Pros and Cons
    • "It allows everyone to work from home. If no one could work from home, then we wouldn't have a company, especially now during COVID-19. It's mission-critical, especially since it's currently being used. If there is a problem with it, we would really be screwed. We would be hard-pressed because we would have to figure out what solution we're going to go with, how to deploy it, how long it would take to deploy it, and how we'd even get it on people's computers if we couldn't VPN to them. It would be near impossible to just change to a new VPN solution right now."
    • "When you want to deploy a new Check Point agent, it is really a pain in the butt. For example, Windows 10 now has updates almost every couple of months. It changes the versioning and things under the hood. These are things that I don't understand, because I'm not a Windows person. However, I know that the Check Point client is installed on the Windows machine, and if the Check Point client's not kept up-to-date, then it's functionality breaks. It has to be up-to-date with the Windows versions. Check Point has to update the client more often. Now, the problem is that the Check Point client is not easy to update on remote computers and it's not easy to deploy a new client."

    What is our primary use case?

    We use a Check Point Endpoint Remote Access VPN client along with Check Point SSL VPN, which allows users to connect to our firewall who don't have the client, e.g., if they have a MacBook, then we don't have a client for them. We allow them to connect to the firewall over the browser. That had a bunch of problems, but they have resolved those this year. 

    The use case is to allow people to connect to our firewall on-premise. We also have Check Point firewalls in the cloud, which people can connect to as well. Then they can access resources either in our on-premise environment that they need to access, such as, their computers, the Intranet, Salesforce, or our production applications. Also, in AWS, they can access other types of applications, like WorkSpaces, or our production applications there, which allows them to work. It lets them have access to their email, because they're not able to access their email unless they are VPN'd in, etc. 

    We keep everything locked down to the VPN. If that's not working, then our company will not be able to work. It was very finicky last year, and it's working now. It has been perfect this year.

    We don't use the Endpoint Remote Access VPN client for too much. We use its local firewall, which is valuable, but we don't really use SandBlast. I know you can add the SandBlast module along with all these other modules. We literally just use it so our users can connect on-prem.

    How has it helped my organization?

    Before we used the Check Point Endpoint Remote Access VPN solution, we were using a difficult VPN solution. It made us install a certificate on the user's laptop. That was very difficult to maintain for the IT department. When we gave out a new laptop, we would have to go and manually put the certificate on a laptop so they could then connect back to the on-prem. Where now, Check Point allows us to use an RSA token and PIN. It integrates with RSA, which is another solution that we use. RSA is a random generated key done every minute and another factor of authentication. With Check Point having that feature, it helped us a lot when we initially set it up.

    What is most valuable?

    The most valuable part would be allowing users to have a seamless connection to the Check Point firewall, which is what we use for controlling access to our on-premise area. Otherwise, we would have to get some other type of VPN solution that I don't know how well would work with the Check Point firewalls. Keeping it in the same ecosystem is good.

    What needs improvement?

    Currently, we're using Check Point Endpoint Remote Access VPN R70.30.03. That's the latest version of R70.30. We haven't upgraded to R80 yet, but all of our firewalls are R80. We've been through many iterations of the Endpoint VPN client. I remember awhile ago, it was very difficult to deploy and not have problems, but they've come a long way. Now, it's a lot better. 

    I have worked so much on this in the past with Check Point that they actually had their vice president of product development call me. I remember one of the things that I told him need room for improvement, which I still haven't seen: When you want to deploy a new Check Point agent, it is really a pain in the butt. For example, Windows 10 now has updates almost every couple of months. It changes the versioning and things under the hood. These are things that I don't understand, because I'm not a Windows person. However, I know that the Check Point client is installed on the Windows machine, and if the Check Point client's not kept up-to-date, then it's functionality breaks. It has to be up-to-date with the Windows versions. Check Point has to update the client more often. Now, the problem is that the Check Point client is not easy to update on remote computers and it's not easy to deploy a new client. 

    They need to improve deploying a new Endpoint Remote Access VPN client and updating existing Endpoint Remote Access VPN clients. Especially if you want to deploy a new one, it's not an easy process. Their software doesn't really support creating a new Endpoint Remote Access VPN client. There is a lot of manual activity. They need to automate it better. You have to create a generic client, download it to a computer, and install it to the computer. Then, you have to find a file deep inside the directory that it creates. It's like a text file, then you take that text file out and edit the settings in it. For example, I have to tell it to connect to a site which contains our firewalls or else it's like a phone with no phone numbers and I have to put in the phone numbers. This should be done when I download the client the first time from their GUI, but it is not. Instead, I have to install a generic blank version on a computer, find a text file, and edit the text file with the sites of firewalls that the users have to connect to specific to my company. I have to make other setting changes in that version, save it, reboot the computer, find the file again, take that file out of the computer, upload it to GUI, and deploy a new version. Then, I install it after I uninstalled the old one. Of course, all the uninstalls require reboots. So, I am rebooting it like five times now. After that, I have to install it and check the settings. Half the time they don't save the way you want them to save. It is very tedious and terrible. 

    Even learning that process was a nightmare, because it's not like they have a nice article that explains it to you. They don't. I was bumping my head up against the wall with support for almost six or seven months trying to figure that out. Half of them didn't even know how to do it. That was miserable. But now that I'm an expert on it, I can probably do it within a half a day to three days depending on if it gives me problems or not. That's still miserable, and it should be as easy as: I upload the new version of the client, put in the information that I want it to have on the settings, click download, and install, then it works. It should be that easy. There's really no reason why it's not, except for they didn't improve that process nor have they developed that area. It makes me think that their interest isn't in VPN solutions, even though it should be because it's something that they offer. Otherwise, their support is great.

    For how long have I used the solution?

    About seven or eight years.

    What do I think about the stability of the solution?

    Since it was fixed in November, it's been 100 percent solid and stable. It's been solid as far as Endpoint Remote Access VPN is concerned. I would say their SSL VPN isn't always solid, but I don't think it's necessarily their fault. I think it's because companies, like Apple and Google, change their browsers and operating systems. This messes up Check Point's ability to allow the connection as far as Java updates or other types of security features that they enable. They also don't let you run the application without administrative rights or in sandbox. I have seen a lot of things break because of other companies' involvement in their products. 

    As far as the connection is concerned, recently it's been stable. If you had asked me that a couple years ago, it was miserable. It was like the bane of my existence. Now, it's working great. 

    I manage the solution, though technically it's my team. They don't work on it if they don't have to. If they have to, then they ask me questions.

    What do I think about the scalability of the solution?

    It is pretty scalable as far as adding more users. I don't see that as being an issue. All we have to do is buy more licenses and it's easy to add the license headcount, then more users can be added just as simply.

    We have 200 to 250 users in our company.

    We will definitely be increasing to have more users since our company was just purchased by a very large company. This will make us grow.

    How are customer service and technical support?

    Their Endpoint Remote Access VPN support team tries to fix whatever problems that are there and incorporate those issues into the next Endpoint Remote Access VPN client that they release for everyone, which is great. I know that last year specifically, I worked with the Endpoint Remote Access VPN support for nine months. We were having disconnects. Some users would get disconnected from their VPN five times in a day. Throughout nine months of working with them, providing logs, providing TCP dumps from the firewall, and all the information they needed, they were able to give us a new client where our users didn't have any more disconnects. They did something where they made it more resilient. So, if there's a problem, the client has more time to talk back to the endpoint or firewall. That is huge since this entire year our whole company has been working from home. 

    Last year, we had a few people working from home every week, or maybe a tenth of the company works from home permanently. However, if we hadn't fix that issue by November of last year, then having everyone work from home and getting disconnected five times a day would have been an utter nightmare. It probably would (100 percent) been the end of Check Point at our company, because I know our CIO already doesn't really like Check Point. We keep it around because my team believes in it. But if no one could work, because no one could VPN, that definitely would have been the end of Check Point.

    This wasn't something they could just fix or something that I could fix or configure. It literally took nine months of troubleshooting and ongoing fixing with their development team in Israel, where they were making new code for the input client, which we got. It worked and we're still running that client today. That was huge. If I had to say something really good, it would be that their support helped us and fixed that issue.

    Which solution did I use previously and why did I switch?

    We did use something else previously. I want to say it was some kind of a VNC Viewer things with a certificate. It's very basic and crappy. 

    We switched because we need more features, like the RSA token involvement. We also like that we were using another Check Point solution and could integrate with that.

    How was the initial setup?

    The initial setup wasn't too complex. I think their documentation is pretty good for the initial setup. It took a little while, but it wasn't difficult. We did the deployment successfully in probably two months on our own, without them doing anything, by just reading the documentation and having other stuff going on too. We didn't just focus on this deployment.

    I just wished the upgrade process was easy and the configuration initial process was easier. In the past six months, they did a fix, where if I push out a new install to users, it doesn't reboot their computer. Now, it will install their client and not reboot.

    They need to keep up with Windows updates faster. There have been a couple of times where Windows is updated and they didn't have a new version ready for when Windows was ready, which means the clients that are running on the newer version of Windows won't be able to VPN. If they can keep up to speed with that, then it would be good.

    What about the implementation team?

    I've done this twice already because I know that we didn't upgrade it. I built out two new servers for it. I have a primary and a policy server. We have a primary endpoint server. Then, we have a secondary, which is called a policy server. This is operational because our clients will connect round robin to one, then the other. It's just that one of them has more precedence over the other as far as enforcing policy. We have those in two different environments, and they're virtual. All the standard things that go along with setting up a virtual environment.

    We had to create the policy on the new endpoint server, which isn't too complicated. It includes a list of ports that we needed for our users to be able to use certain applications, like their chat and VoIP, because it has a local firewall. That took some time, like a week building that policy out and testing it. It's really about making sure that it can connect to the endpoint server through the main firewall. Then, it gets its policy from the endpoint server that it downloads and enforces on the local firewall, allowing for the connection to the main firewall. I wouldn't say it was too complicated as far as deployment strategy goes.

    What was our ROI?

    We have seen ROI. It allows everyone to work from home. If no one could work from home, then we wouldn't have a company, especially now during COVID-19. It's mission-critical, especially since it's currently being used. If there is a problem with it, we would really be screwed. We would be hard-pressed because we would have to figure out what solution we're going to go with, how to deploy it, how long it would take to deploy it, and how we'd even get it on people's computers if we couldn't VPN to them. It would be near impossible to just change to a new VPN solution right now. Without physical access to the machines, it makes things much more difficult.

    What's my experience with pricing, setup cost, and licensing?

    My understanding is that the pricing and licensing are very competitive, and it's not one of their more expensive products. We buy licenses for the solution and have licenses for the endpoint servers.

    Which other solutions did I evaluate?

    I believe we did evaluate other option, but I know that we were leaning strongly towards Check Point.

    What other advice do I have?

    My advice would be to have patience. Make sure you get a Tier 3 support person. Setting up the servers and everything is easy, but deploying the Endpoint VPN client is not easy. They need to have someone walk them through the process of creating the Trac file that contains the settings for the client. That is hard.

    There is the endpoint server, which is on-prem, and easy to set up like any other appliance that any network engineer or systems administrator should know how to do. That is easy. But if you want to deploy the client, which most people want to deploy the client, and have any type of configured settings on it, then know that it is not just a generic client. That's the hard part. My advice would be to reach out to support and have them help you with it.

    I remember not knowing how to deploy the Trac file and struggling immensely. I was unable to deploy the client and get people working, which is my job and what I'm supposed to do. Learning how to do that, being familiar with the process, and actually doing what I'm expected to do at work, which is let people be connected to the firewall, that was my biggest lesson.

    I would rate it a seven and a half out of 10.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    ITCS user
    Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
    Real User
    Top 5Leaderboard
    Enables users to easily work from home
    Pros and Cons
    • "The biggest advantage of Check Point Remote Access VPN is that we already use the Check Point firewall. We only needed to enable the feature and do the configuration in order to enable the VPN feature. We didn't need to buy or manage new hardware. This was a big advantage."
    • "We are very happy with the Windows client. You log in with the VPN for the full client, you do the log in there. But for Linux machines, they don't have a full client to install. It is important because we have some users that use Linux and they don't have a specific application from Check Point to use. That is something that could be improved."

    What is our primary use case?

    We use Check Point Remote Access VPN to provide access to employees and to the company resources, especially now that most people are working from home. That's the main use. We also use it for specific companies that give us remote support to some applications. They access our company servers and resources. We're using Remote Access VPN with a specific profile for them that only gives access to some.

    We have two environments. Our firewalls and our perimeter firewalls are Check Point. The firewall connects to the internet and those firewalls are the ones that the people connect to for the Remote VPN. We have the Blade enabled and they access the company resources as if they were working at the office.

    How has it helped my organization?

    Remote Access VPN allows users to work from home very easily. They are very happy with the way they log in with RSA. That's why we use the Foo. It's very stable. We didn't have any issues.

    Compared to Pulse Secure, Check Point saves us a couple of hours a week. It's easier to reverse when we have issues. At the moment, most of our company still uses Pulse Secure. But a year ago, we also started deploying some people on Check Point so that we have another option. If we don't want to renew with Pulse Secure the client says we can migrate everyone to Check Point as we already have some people working on the Check Point VPN. 20% of the company uses the Check Point VPN and the rest uses Pulse Secure, which is our main VPN, which is around 100 people.

    What is most valuable?

    The biggest advantage of Check Point Remote Access VPN is that we already use the Check Point firewall. We only needed to enable the feature and do the configuration in order to enable the VPN feature. We didn't need to buy or manage new hardware. This was a big advantage. 

    The integration with two-factor authentication for Remote Access users is another valuable feature. In our case we use RSA.

    Those two are the most valuable aspects that we have on the solution. It also gives us the possibility to securely connect to the company resources, without Check Point security measures.

    Another good thing we like is that we already have all the logs from the firewall on the SmartPortal as the remote VPN also integrates into the firewall. We can see all the logs on the same tool because we also have a fully secure solution for Remote Access VPN. For full security, we need to manage the different hardware from the firewalls and the logs that are not in the same place. This is another valuable aspect of this solution. 

    Having access to those logs affects our security operations because if a user calls the support but does not have access to the VPN, we can see on the same tool on the SmartPortal. If he's being blocked on the firewall policy, you can see it with the VPN profile.

    If the user is using Foo, we need to go to the Check Point firewall to see the Check Point firewall log on the perimeter firewall, to see if the user is crossing the firewall to get the Foo. Then we need to go to the supplier to see that the logs are there. So we need to go to two places.

    What needs improvement?

    We are very happy with the Windows client. You log in with the VPN for the full client, you do the log in there. But for Linux machines, they don't have a full client to install. It is important because we have some users that use Linux and they don't have a specific application from Check Point to use. That is something that could be improved. 

    For how long have I used the solution?

    I have been using Check Point Remote Access VPN for around one year. 

    What do I think about the stability of the solution?

    We don't have any stability issues.

    What do I think about the scalability of the solution?

    It is very scalable in a way that we can share the configuration for Remote VPN amongst our perimeter firewall so we can implement the Remote VPN with the same profiles and the same configuration easily on all of them. It's very scalable.

    We are still studying the possibility of migrating everyone to Check Point VPN, but a decision has to be made because we still have a lot of people using Pulse Secure.

    How are customer service and technical support?

    We haven't used technical support specifically for Remote Access VPN. We use it for other products, but not for this one. In general, their support is good, especially if you work with the Israel team. Because of the time zones, we try to call when they are available. The support is usually in. The other ones are also good but in most cases, the Israel team is better.

    Which solution did I use previously and why did I switch?

    Our team finds that Pulse Security is a bit difficult to configure. It's not very straightforward. We are used to it now. Management is easier on Check Point. Our managers wanted us to have to study some alternatives to Pulse Secure so that if the price was too high, or if we wanted to move to another solution, we would already have an idea about other solutions. We chose Check Point as we already had the firewall. It has worked well until now. We already have some people using the Check Point VPN and we are ready to move everyone. 

    Pulse Secure was more difficult because of all the things that you need to for the setup. You need to do four or five things to set up a profile and some of them don't make any sense. It's difficult for a person that's never used Pulse to understand the philosophy of the configuration and to create different profiles. It's not very straightforward.

    How was the initial setup?

    The initial setup was straightforward, especially because we already have the firewall implemented. So we only needed to enable the features and do some configurations, which were not hard to do. They were really fit. 

    It took two days. We did our own thing. The implementation strategy was to first have only two or three users from the IT team to test it. Then we allowed it to extend to some teams.

    What about the implementation team?

    Two team members did the deployment. 

    We require three full-time network security engineers for maintenance. We manage all the solutions on the security side of our company. Specifically Remote Access VPN requires three hours of maintenance a week.

    What was our ROI?

    The return on investment is that we have a stable VPN solution to provide our employees, which is very important. Especially now with the virus, we have more than 50% of people working from home and using the VPN solutions. Our return on investment is the ability to allow people to work remotely in a secure way and a stable VPN.

    What's my experience with pricing, setup cost, and licensing?

    As far as I'm aware, Check Point is on the same line of pricing with Pulse at the moment. It's not any different. It is in line with the competition. There are no additional costs that I'm aware of. 

    What other advice do I have?

    It's not hard to deploy the solution. Remote Access VPN is easier to deploy than some other solutions like Pulse Secure.

    If you already have a Check Point firewall, this remote solution is a win-win because you don't need to buy, manage, or do a hardware refresh when you enter the end of life. You will have centralized logs on the same tools. If you have a Check Point firewall, this solution is the best for you.

    I would rate Check Point Remote Access VPN a nine out of ten. 

    It works very well. I would say it's almost the perfect solution. As far as I'm aware, it's one of the oldest solutions from Check Point. So it's very, very stable. They have a lot of years of working with it.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Learn what your peers think about Check Point Remote Access VPN. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
    564,599 professionals have used our research since 2012.
    Alex Tremblay
    Cyber Security Manager at H2O Power
    Real User
    Top 5
    Scalable with a unified platform and good integration
    Pros and Cons
    • "The solution has been solid for me for over five years."
    • "The ability to allow split-tunneling while still following our corporate policy needs to be on the table."

    What is our primary use case?

    In our environment, we have many users working remotely. It's important to control the flow of traffic coming and going to these remote employees, and isolate traffic when used for business purposes. We have to allow our remote users to access services from home as though they were in the office. However, at the same time, we need to control that traffic and make sure it conforms to our policy. Our environment is complex and requires advanced policies to look at traffic in very unique ways from different users. Check Point's policy management has allowed us to do that.

    How has it helped my organization?

    At the beginning of the pandemic, everyone rushed to get their employees working from home. Luckily for us, we already had a strong structure around how remote access would work and had it set up for many employees. 

    With the groundwork in place, the transition to remote work was made easy by simply adjusting the policy (configuration). In part, this is because we were already prepared for a remote workforce, and that preparation came from within our organization, however, if it weren't for Check Point enabling us to adjust rapidly, then it would not have been an easy transition.

    What is most valuable?

    The unified platform view is great. Being able to manage NGFW alongside our Remote Access Policies allows us to control traffic in one way. Be it if our users are at home or in the office the same policy applies to them allowing us to have one corporate view on the traffic within our organization.

    Being able to integrate the policy with things like Active Directory groups, Azure cloud objects, RADIUS integration, and load balancing capabilities is wonderful. All of these things are built into their NGFW policy which we leverage to implement on our Remote Access policy.

    What needs improvement?

    The ability to allow split-tunneling while still following our corporate policy needs to be on the table. Right now, in order to allow the same policy to apply, the users' traffic must be routed up to our NGFW before going out to the internet. Having a method to apply the same policy to the client for outbound traffic while connected to the VPN would be huge.

    Some things like the compliance aspect of the VPN Client can be updated to bring it a little more modern. It's very useful for checking things like Windows Updates levels before connecting, however, it could use a facelift since it's still quite old-looking.

    For how long have I used the solution?

    I've been managing Check Point's Remote Access VPN for five years at my current employment, and had used it before at a previous employer.

    What do I think about the stability of the solution?

    The solution has been solid for me for over five years.

    What do I think about the scalability of the solution?

    I get the impression this could scale up to whatever you need. Scaling issues might only be moving to clustered resources and setting up load balancing on gateways. Once you get big enough you should be able to scale up to your needs.

    How are customer service and support?

    Support has been great 98% of the time. There's always one bad experience, yet, overall I wouldn't rate them based on that. If they need to get their experts online to help solve a problem, they have plenty and are willing to work through really deep subjects. I never worry with their support.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    At our organization, we did not use another solution before this. That said, I have used other products in the past. It's been many years, so I'm sure those other vendors have had time to update their products too, however, since I've been managing Remote Access with Check Point, I've always been really impressed.

    How was the initial setup?

    Setting up the VPN Clients is simple once you've already got the gateway in place. If you have to setup the Gateway, it will take a bit of knowledge and expertise.

    What about the implementation team?

    Our in-house team set it up. That said, I have been working with network devices for a long time.

    What was our ROI?

    ROI on the VPN User license itself returns within a couple of months of you using it. However, if you have to make the investment into buying gateways for the product, then the ROI could be one year (if your whole organization is working from home), or up to three years if you barely use it.

    What's my experience with pricing, setup cost, and licensing?

    You need to be an NGFW customer already. Otherwise, you'll need to purchase the gateways in order to terminate the VPN. That much should be obvious to anyone. Once you have the gateway in place, there is a VPN User license you need to purchase, however, it is very minimal in cost compared to other infrastructure.

    Which other solutions did I evaluate?

    We inherited the Check Point when we took over. Then, when the topic of remote access came up, it made sense to use what we had and just buy additional licensing rather than buy a whole new product.

    What other advice do I have?

    Check Point products are typically not cheap, however, I've found it's often due to the fact that you can do a lot with it. 

    I recommend Check Point products to anyone who is going to have the time and expertise to administer them. You're going to be able to do what you want to do, engineer a design that works for you. If you want to just plug it in and forget about it, then this might not be the product for you. That said, for those who do just want to plug something in and forget about it, I warn you to be cautious. When it comes to Remote Access, you don't want to ignore this. You want to be looking at it and you want to monitor it, otherwise attackers will take advantage of that weakness. This is where Check Point allows you to monitor the edge, while granularly controlling it.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Global IT Network and Security Service Senior Specialist at a manufacturing company with 1,001-5,000 employees
    Real User
    Top 20
    Reasonably priced and scalable but you need to use the CLI for a lot of configurations
    Pros and Cons
    • "I found the MEP feature the most valuable. This has improved users' latency allowing the users to connect to the nearest Azure Check Point VM."
    • "You have no ability to reserve a total number of licenses. The VPN user licenses are assigned per gateway, and if you enable MEP function is not so easy to size the gateway licenses."

    What is our primary use case?

    We've used Check Point VPN to move from an on-premise VPN Cisco product to a VPN built on the cloud. We decided to use Check Point as it was fully integrated with Microsoft Azure and present on the Azure marketplace. We deployed this solution on different subscriptions and used the MEP function to reduce users' latency on the VPN. The implementation has not been very easy, and the implementation of MEP has taken months. There were a lot of hotfixes to install, and the CLI configuration on the files had to be done. The configuration, in fact, can't be implemented using a GUI.

    How has it helped my organization?

    The solution has allowed us to remove the on-premise VPN solution and to remove firewalls from the data center. The solution implemented on the cloud allows us to easily scale in cases of increased users - such as during the pandemic, where all users had been moved to Smart working and to a VPN. In fact, in February of 2020, when we closed all of our offices and gave all users the possibility to work from home, we had licenses and CPU problems on-prem. The Check Point solution offered us an unlimited number of users and that made the solution very scalable.

    What is most valuable?

    I found the MEP feature the most valuable. This has improved users' latency allowing the users to connect to the nearest Azure Check Point VM. 

    The Multiple Entry Point (MEP) is a feature that provides high availability and load sharing solution for VPN connections. A security gateway on which the VPN module is installed provides a single point of entry to the internal network. It is the security gateway that makes the internal network "available" to remote machines. If a security gateway should become unavailable, the internal network is no longer available as well. An MEP environment has two or more security gateways to both protect and enable access to the same VPN domain, providing peer security gateways with uninterrupted access.

    What needs improvement?

    The main problem with Check Point is that some configuration can be done with the smart console in GUI, however, some others need to connect to the firewall via the CLI on SSH and therefore you will need to modify the local file on the firewall with VI. 

    ASA is so easy to reserve some static IPs based on users, however, in Check Point, it is really difficult to do so. In addition, you can't reserve as static some IP that you are assigned dynamically to a local pool. 

    You have no ability to reserve a total number of licenses. The VPN user licenses are assigned per gateway, and if you enable the MEP function is not so easy to size the gateway licenses. 

    The configurations that you do to modify local files are not reflected in the GUI via the smart console. 

    For how long have I used the solution?

    We have been using this solution since 2020.

    What do I think about the stability of the solution?

    The solution isn't really stable. Maybe the last versions of R80.40 and R81 were more stable, however, the upgrade (if you have another old version) is really difficult and you have to rebuild the solution (if you are on Azure cloud).

    What do I think about the scalability of the solution?

    The solution is really scalable. You have to know that if you want to scale the solution you will have to configure and rebuild an SMS server with high CPU/memory resources, however.

    How are customer service and technical support?

    Unluckily the experience with support, especially in India, is really poor. It's best if you open a case using the Israeli team as that one is better.

    Which solution did I use previously and why did I switch?

    Yes, we were using CIsco ASA on-premises. We switched because we were moving our data center infrastructure onto the cloud.

    How was the initial setup?

    At first, the implementation was not easy to set up. We found many bugs and we had to install different hotfixes and upgrade the version more than one time.

    What about the implementation team?

    We implemented the solution via a hybrid approach. Check Point professional service is really good, however, our third-party implementation team was not very good.

    What was our ROI?

    At the moment, we have not reached the ROI point.

    What's my experience with pricing, setup cost, and licensing?

    I'd advise users to pay attention to the sizing of the solution. There is not an intermediate number of licenses. It's very easy to go to unlimited users licenses.

    Which other solutions did I evaluate?

    We have gone with the Check Point solution due to its cheap price. Other options we considered were Palo Alto with Global Protect, Zscaler with ZPA, and Cisco Firepower implemented on Cloud.

    What other advice do I have?

    I suggest that if you want to implement this Check Point solution you should have good knowledge of the system as well as a system integrator or direct contacts in Check Point. In case of any issue, the support is poor and it's not easy to solve issues using technical support. 

    Which deployment model are you using for this solution?

    Private Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Basil Dange
    Senior Manager at a financial services firm with 10,001+ employees
    Real User
    Top 5Leaderboard
    Supports multifactor authentication and clientless login, but the GUI should be more user-friendly
    Pros and Cons
    • "Organizations that already use the Check Point NGFW Solution do not require any additional hardware, which makes the implementation straightforward and reduces the time to go live."
    • "The fully-featured security module is only supported on Windows and Mac systems, which means that organizations with Linux will face issues providing secure access."

    What is our primary use case?

    We use Check Point Remote Access VPN to provide access to our corporate network and resources to remote users in a secure way. Users have access that is limited or defined by the server.

    Access is granted for identified devices post-posture validation. 

    Access should be provided via VPN using multifactor authentication other than username/credentials. Users are able to connect from anywhere at anytime using both mechanisms (i.e. User VPN client or browser). 

    This solution mitigates or minimizes data leakage issues.

    It is stable and scalable and requires minimal management and access provisioning.

    How has it helped my organization?

    This solution has improved our organization by providing access to corporate resources in a secure fashion. It uses complete end-to-end encryption from the end-user machine to the VPN device.

    Access policies are created on the firewall for restricting access to resources and applications based on the user profile/policy.

    Our security gateway is integrated with Active Directory and access to resources/applications is provided based on the security group created in Active directory.

    This product has inbuild/native integration with MFA solutions.  

    It does not require any additional hardware in cases where the organization already has the Check Point NGFW. The mobile access blade and remote access VPN can be enabled on the same security gateway. Check Point provides a common dashboard and management console used in conjunction with the NGFW.

    Multiple access can be provided using multiple realms, based on the user ID or security group, and access can be provided accordingly. Each realm will have a pool of IP addresses for which access will be provisioned on the firewall.

    What is most valuable?

    Organizations that already use the Check Point NGFW Solution do not require any additional hardware, which makes the implementation straightforward and reduces the time to go live. The only requirement is to purchase an additional license from Check Point, and then enable the mobile access blade. After this, the solution is ready to roll out and provide access based on the configured policy. 

    Access is restricted based on user ID, security group, and device type. 

    Access is provisioned post-posture policy validation and it offers protection against users connecting to the corporate network from non-corporate devices, which minimizes data leakage possibilities. 

    Access is available from browsers or VPN clients using MFA. This is helpful in cases where the machine does not have the client installed or the client is corrupted.

    We are able to restrict access based on geo-location and device type. Devices can be Android, iOS, Windows, or Linux.

    It provides threat prevention capabilities while uses connect via VPN for Windows devices.

    What needs improvement?

    Access is provisioned based on a single L3 tunnel being established between the endpoint and the VPN device. If an attacker gains access to this session then all of the tunnel traffic is compromised. It needs to move to next-generation style access, provisioning such as per-app VPN.

    The GUI interface for configuring the SSL VPN is not user-friendly and requires expertise. 

    Devices are exposed over the internet and it can lead to a security threat.

    When a critical patch needs to be applied to the VPN, downtime is required for the entire NGFW. This can impact the business when it has a single security gateway.

    This product cannot manage sudden user growth, as each security gateway has limitations in terms of performance and throughput.

    The fully-featured security module is only supported on Windows and Mac systems, which means that organizations with Linux will face issues providing secure access. Specifically, modules such as Threat prevention, Access control, and Incident analysis are supported only on Windows and Mac.

    What do I think about the stability of the solution?

    It's very stable in terms of downtime, although it required updates.

    What do I think about the scalability of the solution?

    The solution can be easily scaled by adding a security gateway.

    How are customer service and technical support?

    The Check Point technical support is excellent.

    Which solution did I use previously and why did I switch?

    We used Aventail SonicWALL as a standalone product. We switched because it was expensive in terms of management and maintenance. As we already had Check Point NGFW, it was easy to enable the VPN on the same device.

    How was the initial setup?

    Enabling the VPN was simple and straightforward with the purchase of an additional license from the OEM. Once we acquired the license, it involved enabling the module on the security gateway. The solution was ready to go live within 10-15 minutes.

    What about the implementation team?

    The implementation was completed by our in-house team with the assistance of the OEM.

    What's my experience with pricing, setup cost, and licensing?

    Organizations that already have the Check Point NGFW need to purchase an additional license to have access to the VPN functionality.

    Which other solutions did I evaluate?

    We evaluated Pulse and Citrix before choosing this option. 

    What other advice do I have?

    Traditional VPNs that work on L3 or L4, with a single VPN tunnel, are typically hosted on-premises. As organizations are adopting cloud computing, it makes sense to have a VPN solution hosted on the cloud for better control and security.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    SaifKhan1
    Network Security Engineer at a consumer goods company with 201-500 employees
    Real User
    Top 5
    Easy to download, set up, and configure
    Pros and Cons
    • "The solution offers high scalability as far as adding more users."
    • "This is the best version we are using, however, if some changes can be made in the next release, I'd like to see adjustments to the time period and internet connectivity."

    What is our primary use case?

    With this solution, we can:

    1) Securely and privately access our data from anywhere with the Check Point VPN. 

    2) Connect securely from any device and any asset.

    3) Have 2FA enabled while connecting to the VPN in an official mail. If any person has your VPN credential, he can initiate contact for security codes to connect to the VPN.

    4) Integrate our data.

    5) View VPN events from the console.

    6) Easily install and connect the VPN. 

    7) Provide colleagues with secure and seamless remote access to the corporate network.

    8) Get a full picture with complete network visibility.

    How has it helped my organization?

    The product has improved the organization by:

    1) Deploying high performance. Check Point's private VPN gateways can secure our colleagues/teams working remotely with dedicated IPs and provides private resource access. It empowers our personnel to connect with relevant access permissions to access corporate resources.

    2) Ensure a user of our organization aligns with traffic privacy with one of many tunneling protocols so that all transmitted data is completely encrypted. The level of security provided by Check Point ensures that only authorized connections are established, so if users are connected, they are protected.

    What is most valuable?

    The solution's most valuable aspects include:

    1) Ease of install and ease of use.

    2) 2FA Security.

    3) Seamless access.

    4) Integration with our data.

    5) The ability to view VPN events from the console.

    6) The ability to manage all our devices from one platform and easily secure and segment their access to resources. 

    7) Providing authorized least privileged access for all devices.

    8) The ability for our entire global organization to work more securely and to allow us to deploy private and dedicated networks in more than one location.

    9) The level of security provided by Check Point. It ensures that only authorized connections are established, so if users are connected, then they are protected.

    What needs improvement?

    This is the best version we are using, however, if some changes can be made in the next release, I'd like to see adjustments to the time period and internet connectivity. 

    For example, when my internet is not working properly, then the VPN disconnects all of sudden and if I want to connect again, I need to do so with credentials and 2FA. In the next release, if the product could program in a hold time then disconnect the VPN due to the internet's fluctuation, that would be ideal as it would improve the way we can monitor our network visibility.

    For how long have I used the solution?

    I've been using Check Point Remote access VPN from a Client perspective for eight months.

    What do I think about the stability of the solution?

    It is perfectly stable as far as the VPN is concerned because when I used the older version(R.77) of checkpoint Remote VPN then that time there was points of stablility concern but after the upgradation checkpoint VPN(R.80) perfectly worked on stability part and now it is stable for windows and MAC OS.

    What do I think about the scalability of the solution?

    The solution offers high scalability as far as adding more users. I don't see that as being an issue.

    We have 330-350 users in our company who are using the Check Point VPN.

    How are customer service and support?

    Technical support is good and helpful when needed. Whenever I was stuck, I was able to get a solution. This was provided by the Check Point TAC support and services team and they were helpful.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I used Forticlient VPN also. However, the Forticlient VPN had no visibility on traffic and we required better security for our organization.

    How was the initial setup?

    The product is easy to download, set up, and configure. The official site documentation is pretty good and helps you to understand the process in order to get the VPN connected.

    What about the implementation team?

    I implemented it myself both in-house as well as for our client.

    What's my experience with pricing, setup cost, and licensing?

    In terms of the cost:

    1) It's easy to set up and download from the official Check Point site.

    2) It's easy to connect the VPN by putting in the gateway address, credentials, and the 2FA. 

    3) I don't know about exact pricing as it's not a part of my job. I'm a technical person. Our sales team knows all the pricing and licensing details.

    Which other solutions did I evaluate?

    I did not really look at other options. My first experience was with Forticlient, however, I wanted more security so I chose the Check Point VPN solution and I'm happy with using it. 

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Senior Vice President, Technology for the Americas at Engel & Völkers Development GmbH
    Real User
    Top 20
    Great scalability, good technical support, and integrates extremely well with the Check Point firewall
    Pros and Cons
    • "The biggest advantage of Check Point Remote Access VPN is that we already use the Check Point firewall. We only needed to enable the feature and do the configuration in order to enable the VPN feature. We didn't need to buy or manage new hardware."
    • "For Linux machines, they don't have a full client to install. For the users that utilize Linux, there needs to be an equivalent."

    What is our primary use case?

    We use Check Point Remote Access VPN to provide access to employees, vendors, and advisors. They access the company resources - especially now that most people are working from home over the course of the last year. We also use it for specific companies that give us remote support to some applications, such as our parent company. Our admins access our company servers and resources. We're using Remote Access VPN with specific profiles for them that only give access to some resources.

    We have three distinct environments. Server, DMZ, and User/SHOP. The firewall connects to the internet and those firewalls are the ones that the people connect to for the Remote VPN. We have the Blade enabled and they access the company resources as if they were working at the office.

    How has it helped my organization?

    The headache of connecting has been removed. It's very stable and we don't have any issues with it connecting. We have a large majority of people that were using nothing and always coming to the office. However, since the last year, we have a whopping 75% of users that have switched to using Check Point Remote Access VPN. The biggest advantage of Check Point Remote Access VPN is that we already use the Check Point firewall. We only needed to enable the feature and do the configuration in order to enable the VPN feature. We didn't need to buy or manage new hardware. This was a big advantage.

    What is most valuable?

    The biggest advantage of Check Point Remote Access VPN is that we already use the Check Point firewall. We only needed to enable the feature and do the configuration in order to enable the VPN feature. We didn't need to buy or manage new hardware. This was a big advantage. 

    The integration with two-factor authentication for remote access users is another valuable feature. In our case we use RSA.

    Those two are the most valuable aspects that we have on the solution. It also gives us the possibility to securely connect to the company resources, without Check Point security measures.

    Another great thing is that we already have all the logs from the firewall on the SmartPortal as the remote VPN also integrates into the firewall. We can see all the logs on the same tool because we also have a fully secure solution for Remote Access VPN. For full operational security, we need to manage the different hardware from the firewalls and the logs that are not in the same place. This is another valuable aspect of this solution.

    Having access to those logs affects our security operations because if a user calls the support but does not have access to the VPN, we can see on the same tool on the SmartPortal and troublshoot. 

    What needs improvement?

    We don't have any specific complaints. We are very happy with the Windows client. You log in with the VPN for the full client, you do the log in right from the software itself. For Linux machines, they don't have a full client to install. For the users that utilize Linux, there needs to be an equivalent. The documentation of the software needs to be more accessible. If an end-user wants to have access to customized training from the company, that should be able to be built-in. I would add that feature. 

    For how long have I used the solution?

    I've been using the solution for around 1.5 years.

    What do I think about the stability of the solution?

    The stability is good. It's a never-fail.

    What do I think about the scalability of the solution?

    The scalability is great. We deploy to 5000+ users.

    How are customer service and technical support?

    It's second to none but we haven't needed it a lot. 

    Which solution did I use previously and why did I switch?

    We used to use Fortinet. We switched because it was hard to deploy. 

    How was the initial setup?

    Just pull the trigger on a 3rd party. Not complex at all. 

    What about the implementation team?

    We used both a vendor and in-house talent. 

    What was our ROI?

    The ROI was instant and around 54%.

    What's my experience with pricing, setup cost, and licensing?

    Go with a third party and get it set up correctly. It may be costly but it's worth it. 

    Which other solutions did I evaluate?

    We didn't evaluate anything else. I knew a vendor and had used the software before. 

    What other advice do I have?

    Get this software installed as soon as possible. It's a smart move. 

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Manuel Briones
    Voice and data infrastructure specialist at a tech services company with 1,001-5,000 employees
    User
    Top 5Leaderboard
    Great VPN connection that helps extend infrastructure and is perfect for remote worker access
    Pros and Cons
    • "Scalability is great. We have been able to grow as a corporation due in part to this type of solution."
    • "Without a doubt and with the new trends in technology, Check Point should already have a blade with a 2MFA solution and not through some other vendor."

    What is our primary use case?

    Since the beginning of the COVID-19 pandemic, this solution has helped us a lot. We had to move around 6000 people so that they could work from home. It was a challenge for us, however, it was something we managed to do successfully in collaboration with other areas by providing them with a certificate created by Check Point with a .p12 extension and with the peer configuration in their VPN client. 

    Now, we are integrating this solution with a 2MFA solution in order to provide better security for authentication of people as day by day the threats and new viruses are always a risk. Sometimes, people do not have that instinct of having to secure their workstations, therefore, we do it for them through the VPN connection.

    How has it helped my organization?

    Connection through VPN has helped us with the connection to corporate. This type of connection has been very useful to us since, as infrastructure personnel, we can establish a connection to our corporate to make a connection either RDP or directly to services in order to be able to carry out any work activity or review any report by the operational part in order to speed up response times. We can connect to our network equipment by SSH, RDP, or via the web, however, only when we have this type of secure connection.

    What is most valuable?

    One of the features that has helped us the most with our solutions has been the P2P connection through an IPsec VPN. It has allowed us to extend our infrastructure and grow with new clients. Previously, we had around 15 corporate clients. Through the COVID-19 pandemic, we have managed to grow and now have around 35 new corporate clients and more than 6 people connected by VPN. This has forced us to increase our infrastructure to be able to support all these connections and to have a stable, reliable, and, above all, scalable solution that can interconnect more clients.

    What needs improvement?

    We have not migrated to the R81 version and I do not doubt that it will have some improvements compared to the version we use today. 

    Without a doubt and with the new trends in technology, Check Point should already have a blade with a 2MFA solution and not through some other vendor. This type of integration would undoubtedly give it a better reach and greater market with new security trends top of mind. 

    I know that everything is moving to a cloud environment, however, for all those corporates that still do not trust such an environment, it would be favorable to offer a 2MFA service in a solution tested through a blade or in the cloud. 

    For how long have I used the solution?

    I've used the solution for more than five years.

    What do I think about the stability of the solution?

    The remote workers were experiencing issues like disconections, no IP avaliables from the DHCP, or unable to connect because the server didnt responde to a ping, however this issue was fix after we instlalled the JHF 125 on each gateway and after the upgrade, everythig has been working OK, but before that Check Point didn´t have a fix for that manner.

    What do I think about the scalability of the solution?

    Scalability is great. We have been able to grow as a corporation due in part to this type of solution.

    How are customer service and support?

    They have been with us when we needed help. We don't have any complaints about their level of service.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We did use a different solution and we switched due to the fact that Check Point is more secure and has more features for the type of connections we need.

    How was the initial setup?

    It was a straightforward setup.

    What about the implementation team?

    The product was integrated with in-house personnel.

    What was our ROI?

    We've seen about a 40% ROI.

    What's my experience with pricing, setup cost, and licensing?

    Check Point is an expensive solution, however, it has more features and is more secure than other options.

    Which other solutions did I evaluate?

    Ae evaluated AnyConnect and Palo Alto.

    What other advice do I have?

    We would like them to add a 2MFA feature in the future. This is our direct request.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    Buyer's Guide
    Download our free Check Point Remote Access VPN Report and get advice and tips from experienced pros sharing their opinions.