Here is the recording of our session
The winners of ten $100 gift cards are:
- Yahel Sofer
- Darren Fine
- Daniel Olah
- Matt Havlik
- Paolo Cerrito
- Sebastian D'Amico
- Spiros Kyriacopoulos
- Avinash Piare
- Joana Fernandes
- Alex Cortes
Q&A Transcript
How do we handle policy installation failures in a production cluster?
Failure will most of the time will show an error code. The error code meaning are listed here: https://support.checkpoint.com/results/sk/sk154435
After that I would recommend to check https://support.checkpoint.com/results/sk/sk179626
How are you dealing with Post-Quantum Encryption?
Post-Quantum encryption support exists in R82 and later releases of Security Gateway.
When will Check Point launch a complete ZTNA solution like Zscalar or Netskope?
We already have a complete ZTNA solution, and have replaced Zsclaer and Netskope in many customers with Harmony SASE. We are working tireless to address feature gaps. We have unique architecture, which we believe this is the best architecture that delivers the best speed with our Zero Distance SASE (Hybrid Architecture), for customers that are looking for speed and ease of use. Check Point SASE is the winner.
How does Check Point leverage AI/ML in Threat Prevention, and how is it different from traditional signature-based security?
For many years, machine learning - data driven - security is used in the ThreatCloud services backend. Here we use over 60 ML and AI engines empowering zero day threat prevention: https://www.checkpoint.com/solutions/threat-prevention/
Given the operational friction caused by non-RFC-aligned VPN behavior when integrating with third-party vendors, is improving standards compliance a current product priority?
We're working to simplify the VPN interoperability with many vendors. We already have simplified implementation for leading cloud providers.
Will there be a CPX event in 2026?
Check Point Engage events will replace CPX in 2026. More details here: https://community.checkpoint.com/t5/General-Topics/CPX-2026/m-p/265494
How does Check Point prevent against the threat generated by AI?
The Exposure management product does exactly this, it identifies the vulnerabilities and misconfiguration over your technologies, fuse this with unique intelligence and implement remediation to close the gaps within hours
AI has emerged and transformed into a kind of character with a dual personality, getting involved in both good and evil. What are Check Point's perspectives on the massive use of AI in its ecosystem?
In a nutshell, we believe organizations should embrace AI otherwise they will be left behind. We, at Check Point, believe we need to enable secure use of AI. This is why we're now talking about a new AI security pillar.
How does SandBlast prevent zero-day ransomware before signature is available?
Our Sandblast has two features: Threat Extraction that removes all active components of the file to deliver it fast. This is accompanied by our sandboxing solution, Threat Emulation that opens and verifies the original files in a safe environment.
Suppose a user reports clicking a phishing link that looks legitimate and bypassed email security. How do we investigate this in a Check Point environment?
We prevent the access in the first place, so that the user will never land on the phishing page.
PTC only support R81.10 which will be end of support this March. Will PTC support R82 in the future?
The R82 release does not support the TE2000XN model. Support for the TE250XN model is planned for the R82 Jumbo Hotfix Accumulator. This SK article will be updated accordingly: https://support.checkpoint.com/results/sk/sk173494
Will AI also be integrated in other features other than Security features? i.e. in management/operations that result in some errors that we face due to some misconfigurations on our end?
We use AI in the Management in multiple places:
- The AI Copilot to answer questions and investigate logs
- In the new policy blades - Policy Insights and Policy Auditor
- In AIOps which scans your gateways and management machines and looks for potential issues, including misconfigurations.
Also stay tuned for more announcements on this in 2026!
Given the emerging threat of AI-targeted attacks like prompt injection and model poisoning, how is Check Point adapting its threat intel and secure development lifecycle to validate and harden AI models used in products like Infinity AI Copilot?
We have many gates and guardrails on our development lifecycle. Some are general and some tailored for AI. But the most important security measure we use for protecting against AI prompt injection is using Lakera!
What role does CheckMates play in influencing product features or service enhancements?
It has a very important role! Senior R&D and Product Managers look at CheckMates to get a feel for potential problems that exist in the field. In addition, we look at posts related to our products to see what people like or dislike. CheckMates is also a great place for us to share info about new features and hear from you what you'd like us to further improve or enhance.
The infusion/diffusion of ElasticXL into main train & Maestro sets up the stage for what will probably be the most advanced and adaptive redundancy infrastructure in the industry. Is there any accelerated endeavor to fill in the gaps in the roadmap?
Yes, we are actively closing the gaps. A big one that was just closed is the support for UPPAK. Which is now available for ElasticXL and Maestro.
Regarding with AI, are you going to use the AI capabilities to prepare the playbooks for incidents by itself and also proactive responses?
Stay tuned for exciting announcements about this in 2026!
Playblocks in the Infinity Portal already allows you to activate various playbooks. You can use the out-of-the-box ones, or create your own (even using AI and natural language). We are definitely looking at even more advanced capabilities by leveraging AI reasoning and agentic capabilities to be even smarter with automating responses for security or operational events.
Will SmartConsole Web support more features in the near future? When can we uninstall SmartConsole from our computers?
We're investing a lot in Web SmartConsole. We keep releasing new features every month and will continue to do so in 2026. We hope that by the end of this year, many customers can get by without having to install the Desktop application. There will remain a ""long tail"" of features that are less common and will take longer to cover.
How does Check Point reduce false positives in IPS and Anti-Malware?
We are constantly monitoring the activity of IPS and AV in the field. Customers sharing telemetry data (you can opt in or opt-out) and use this data to improve signatures. You can see that signatures are getting updated over time. Check the videos here https://community.checkpoint.com/t5/Check-Point-for-Beginners/Videos-Configuring-Access-Control-and-...
What is the Check Points perspective regarding alternative solutions different than VPN technologies?
In some deployments, use of VPNs (Site-to-Site) is not suitable. You may want to explore Harmony SASE as connectivity backbone and then using Wireguard to connect to your on-premises office.
Do the new simplicity features in R82.20 mentioned require newer models of appliances? Or they work in older appliance models too?
As long as the appliance is under support and can install R82.20, you can get the new simplicity features. The features do not depend on the latest models. Obviously some features that are compute intensive may work better / faster on the new models.
One of my customer runs workloads on on-prem data center and AWS and Azure. So how does Check Point provide unified security across this hybrid environment?
It depends on your deployment, but we offer security components that run in the cloud (CloudGuard Network Security, i.e. virtual firewalls, CloudGuard WAF, which integrates with web stacks, and CNAPP-type functionality via our partnership with Wiz).
Are planning to include customizable reports in CloudGuard WAF?
We are working on customization for our general reporting infrastructure in the Infinity Portal. It will be first rolled out in Infinity Events, and later other applications (such as WAF) will be able to add the new capabilities as well.
Cloud instances scale dynamically. How does Check Point handle IP changes without breaking security policies?
We have updatable objects and other object types - check out this video on CheckMates https://community.checkpoint.com/t5/Security-Gateways/Hands-on-Access-and-Application-Control/m-p/25...
What is granular application control in SASE?
The ability to control granular actions in applications like Salesforce, creating record.
Why would an enterprise choose Check Point SD-WAN instead of traditional MPLS for branch connectivity?
SD-WAN allows saving MPLS costs as you can achieve application specific traffic steering. Quantum SD-WAN does not make any compromise on security so customers stay protected while saving costs.
Will there be new features only implemented in Web SmartConsole?
Right now our strategy is to include every feature developed in web, also in the Desktop SmartConsole application. The way we do this is we host web frames within the app, so we don't need to develop it twice.
It's possible that, as adoption will increase for Web SmartConsole, we may revisit this strategy and start to develop some features for web only. It's likely that those won't include things you cannot live without. Maybe some UX goodies that are easier in web.
We want to give to normal users the access of basic FW-Logs. Is this also in plan or is there any solution which can let normal users have very very basic access to FW Logs and to check if their servers and clients are working fine (DROP or Access).
Using the show logs API, you could build something like this relatively easily.
Our organization requires a static IP assignment per user/workstation to access our financial core for member/transaction processing. The assigned static IP assigned then gets allocated a dedicated VDI-like console with explicit permissions and configurations. How can the static IP assignment be achieved with the implementation of Harmony SASE?
We are working to add ability to select dedicated DNS record name per user and device. This should answer your need, we expect it to be released in the second half of 2026.
When will SD-WAN be supported for Scalable Platforms (Chassis, Maestro)?
R82.10 Release
Autonomous firewall is also a huge step forward, opening to DevSecOps at a scale without comparison in the industry. Is there an attempt to upgrade the policy installation mechanism and communication protocols toward an REST API driven architecture ?
In R82, we provide a mechanism called Dynamic Layer, which allows you to install a specific policy to a specific gateway using a REST API. More details here: https://community.checkpoint.com/t5/Security-Gateways/Dynamic-Layer-in-R82-Direct-Gateway-API-Policy...
As the use of artificial intelligence becomes widespread within organizations, there is an increasing risk that employees may unintentionally share sensitive or business-critical information with AI tools. How we are planning to prevent it?
We have GenAI protect for exactly this protection.
https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/SaaS-Admin-Guide/Content/Topi...
When utilizing the SaaS AI capabilities together with an on-prem Management, what kind of data will be transferred TO the cloud, what kind of connections are established in either direction on-prem-to cloud or cloud-to-on-prem?
Once you onboard to Infinity Services, the on-premises management opens an outbound encrypted tunnel to our cloud. We don't need any incoming connectivity from the cloud to your management, so it can be behind NAT or Firewall.
Regarding the data that is transferred to the cloud, each product should have documentation that states what is transferred.
For example, AI Copilot will send the prompt that you typed, and will also transfer the outputs of various APIs it will run to fulfill your request. So if it needs to search logs to answer your question, it will run a log query and the results of that query will be sent to the cloud for the AI to process. But it does not send all your logs, only the first batch of logs that answer the query.
Policy Insights will send your policy rules and ""hitcount telemetry"" which is a compression of the different accepted networking paths. It will not send full log data or sensitive information.
Any plan to further improve the easiness of rollout of TLS decryption? Support of e.g. direct and transparent proxy modes?
We have introduced a lot of improvents in R82 - have you seen this video ? https://community.checkpoint.com/t5/Security-Gateways/Hands-on-HTTPS-Inspection-Oct-25/m-p/259207/hi...
One of the issue with Smart-1 Cloud is the delay of the log in the SaaS.
We have a few development tasks for this year aimed at reducing the delay of log ingestion in Smart-1 Cloud. We acknowledge the customer feedback that they want to see the logs much faster.
Will Check Point consider to allow hybrid log configuration in the future?
It's not something that is on our short term roadmap, but we are not completely against it for the future.
What if anything new can we look forward to with Harmony SASE?
In 2026, we are going to continue and accelerate the development of our SASE platform, with focus on AI and Data Security, Scalable Cloud Backbone and Digital Experince Monitoring. Additionally, we recently added support for branch interenet security as well as sercure enterprise browser for BYOD
Is there a plan to adopt ElasticXL+VSNext along with Open Servers?
Yes, we do plan to certify these for open servers.
In the SASE roadmap, would it be possible to include connectivity to the on-premises network where the primary connection is a traditional site-to-site VPN, and if an issue occurs, it automatically fails over to a tunnel created through the connector option?
It is in our plans to offer Hybrid Mesh Traffic Steering, which will cover this use case.
For organizations with hybrid environment, what new capabilities should we watch out for in 2026?
The market is adopting Exposure Management and evolving from finding and prioritizing risk to safely reducing it. This requires combining threat intelligence, contextual exposure analysis, and validated remediation into a single, continuous operational flow so that exposure dwell time is reduced without disrupting the business.
