Wednesday, January 4, 2017

Check Point support - are you happy with it?

One of the recurring complaints around Check Point is about support. Every third post at CPUG mentions CP support being slow, ineffective, sometimes calling names.

Even in the latest Gartner Magic Quadrant for Enterprise Network Firewalls 2016 report, one of the cautions says:

 -  Gartner receives anecdotal reports from clients about support issues, mostly focused on the time it might take to get appropriate escalation. Gartner analysts recognize that this is inevitable for a vendor of this scale, but note that the frequency of issues is, of late, slightly higher than its direct competitors. Check Point has recently extended the support quality metrics it monitors to address this issue and monitor its progress.

I am personally not convinced Check Point support is the ultimately worst of all. I have seen some cases with other security and technology vendors and can say one's support experience with Check Point could sometimes be seemed as swift and easy in comparison.

I have also seen quite a few positive examples about Check Point support, mostly with more expensive Diamond plans, but also with some basic cases.

Support experience is a function of many factors: severity of an issue, an understanding of one's own security system and networks, and of course, an understanding of what to expect in the first place. I have seen many occurrences when SLAs and timing were completely misunderstood by a customer. I have even published a quick guide for support plans in 2015.

Granted, support can always be better. There are no magic bullets and "fix all" checkboxes, although sometimes Check Point seems to do miracles while fixing your things.

What is your own experience with Check Point support? Is it adequate, good, bad, mediocre, fantastic? What would you improve? What are you happy with?

Please do not hesitate to share in the comments.

Tuesday, December 6, 2016

CP vs PAN - time for big words

I have mentioned in the past Check Point starting a new game against competitors, much more aggressive and less hesitant when it comes to calling names.

It has just got even more interesting. There is a jpeg chart circulating on LinkedIn where PAN is attacked as never before.

 See full size

I could not trace this pic to its source, actually. Check Point people are distributing it as is, without any link to an origin. The URL below its title leads to the old "facts vs hype" page on the Check Point web site. Google search also does not recognise the image yet.

What is interesting here is that several PAN marketing statements are called lies.

In my 20 years in this business I have never seen this word used in a marketing campaign or in a competitive analysis materials. Does it mean someone at Check Point snapped? I am also curious if this is something official, or yet another vague attempt to stay civil while being outraged, like in case of anti-PAN videos in the middle of 2016.

I wonder if this is even something Check Point would be able to acknowledge as its own graphics...

UPDATE: the author of the picture is Nick McKerrall, according to his own words.

Monday, November 7, 2016

Ken Finley is no longer CP certification manager

As I have learned the last week, Kenneth Finley is no longer with Check Point.

For many years Ken was a certification manager in the Educational Services. He started working with Check Point in 1999. He was behind most of our certification exams, feedback collection and statistics.

I am lucky enough to meet him in person on several occasions. He is a highly intelligent individual and a very nice person.

I would like to give him my regards for all these long years of hard work to make Check Point certification better.

We appreciate you efforts, Ken. I wish you all the best in his future endeavours. Take care and see you around.

With respect,

Monday, October 24, 2016

Software Blade licensing is no more

Check Point has quite rough and dramatic history of changing the licensing models. We have seen licensing per feature and then licensing bundles. Not so long ago Check Point had put in place so called "Software Blade" licensing model, where each security device required so-called container and blade licenses.

As some experts predicted, that licensing model did not last.

Just a few days ago Check Point has renewed the price list that renders Software Blade licensing model obsolete.

Effectively, there are no more licensing blades and containers. Instead, the new licenses exist as a set of simplified and bundled functionality packages, breaking  down for management, gateways and endpoint security.

Let's have a quick look on what's changed for management and gateway functionality.

1. Management

Management licenses allow customers to manage only a limited amount of gateways: 5, 10, 25, 50 and 150. These licenses are not additive, except for 150 GWs option, where add-ons of 50 GWs are available.

Multi-domain options have 5 and 10 domains variants and allow adding more domains with additional license.

All management features (software blades) are available for any of the management license out of the box. It is also important to mention that both Compliance and SmartEvent features are not based on subscription. Just one year is included in the original MGMT license.

2. Security Gateway

There are no significant changes for GW appliances, but open server licenses are now mimicking appliance licensing model.

Although licensing does not have container notion anymore, it actually defined amount of allowed CPU cores for open servers. According to CP, total amount of CPU cores on your open server is now enforced by license. It will be impossible to use 16-core machine with 8-core license. Of course, amount of CPU cores is not additive.

GW functionality is no longer flexible and comes with two packages (NGTP and NGTX)*. NGTX package is mandatory for all variants of inline Threat Extraction implementations.

The new licensing is already in the price list, although the license guide document is not updated.

According to some semi-official information, Check Point will allow customers to run on pre-existing licenses for some time. It is unclear if current implementations will have to go through license conversion. It is also likely that such conversion will be compulsory in case of extending existing functionality with some new features and licenses.

Personally, I am wondering if Check Point has any plans to retire Software Blades terminology once and for all. Without licensing component, it is very unreasonable to call security features and functionalities Software Blades.

*there is an exception for 2 core open server licensing, where FW only option is also available.

Wednesday, June 29, 2016

Check Point new game - front assault on competitors

In my previous post I have mentioned some early signs that Check Point is going ready to confront its competitors more actively.

Today's Check Point main page starts with a link to a very strong competitive message.

Following the link, one gets to a page where multiple security vendors are mentioned openly. although the actual detailed report is available only after registering one's name and email.

This is definitely a new page in Check Point fight for its market share. 

To support this blog and Check Point Video Nuggets project, send your donations to

You can also subscribe to Indeni tech news via this link.

Thursday, June 16, 2016

Who is behind Check Point in a "bash-a-competitor" game?

There is marketing and aggressive marketing.

As you know, some security companies do the latter, with miraculous results. One known company not only managed to usurp "Next Generation" name used by Check Point back in 2000, but also claim even bolder things, like invention of stateful inspection and modern firewalls.

Not surprisingly, market responds positively to your one's bold messages regardless of actual technological superiority behind them.

Some ask, why Check Point is not doing something similar? Doesn't it have something bold to talk about and to show? Where is all competitive bashing and crashing information?  

I personally think that most of CP decision makers seem it beneath them, letting technology to talk for itself. We all know that does not really work.

It is still to early to say whether the company is ready to change its marketing  strategy, but apparently there are some modest attempts to go into "hit it with a stick" type of game. Here are some examples.

Moti Sagey, a celebrated security evangelist at Check Point, posted some time ago a link to a video bashing efficiency of PAN firewalls. That stirred long discussion where Moti was accused of running "anonymous"  YouTube channel with some other similar videos of that kind.

Apparently there is another YouTube channel, also seeming to be anonymised, comparing different security vendors ATP features with Check Point.

My question is whether those attempts are some personal efforts or they are authorised by CP. And if latter, why the company is keeping it on a low flame. Is there a wish to enter "bash-a-competitor" game after all? I wish I knew.

Anyhow, if you go by the links, you can enjoy some recent and very educational videos.

To support Check Point Video Nuggets project send your donations to

To support this blog subscribe to Indeni tech news via this link.

Monday, June 13, 2016

Check Point adds R80 hardware recommendations to the Release Notes

Last month I have mentioned that R80 Release Notes document does not mention HW details for R80 installation.

I am glad to let you know this is no longer the case. Last week Check Point added a small section "Open Server Hardware Recommendations" to the document.

Well done, Check Point. Also, thanks to Dan Suleiman for bringing this to my attention.

To support Check Point Video Nuggets project send your donations to

To support this blog subscribe to Indeni tech news via this link.