Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Admin
Admin

What is your Check Point Idea of the Year?

As part of our First Birthday celebration, we are having an awards ceremony.

For awards, you need categories and voting!

Over the course of this week, we will share some of the categories and solicit nominations for said categories.

See the complete list of categories and voting instructions here: https://community.checkpoint.com/community/about-checkmates/blog/2018/05/08/checkmates-first-birthda... 

This category is about ideas that you wish Check Point would develop into a product/service offering, or improvements to existing ones.

I polled some folks inside Check Point that aren't in R&D and got plenty of suggestions.

Here are a few of them:

  • Cloud-based Endpoint Management
  • Automatic performance tuning based on hardware/policy configuration
  • Threat-hunting Platform

Now, it's your turn, CheckMates community: what's your Idea of the Year?

Please leave your suggestions below as comments.

A few disclaimers/notes:

  • There are no guarantees that any idea suggested will be developed, even the "Idea of the Year" Smiley Happy.
  • From the suggestions below, we will choose 3-5 ideas which will be put up for voting during the week of 14th May.
  • Preference will be given to ideas that come from customers and partners, though Employees are welcome to participate as well.
  • "Likes" and "discussion" around specific ideas will influence (but not wholly determine) the final list, so if you like something someone has suggested, let it be known!

Voting

Voting is now open for the above categories.

We will take your votes until 25th May 2018 @ 11:59pm Pacific Daylight Time. 

A vote will enter you into a raffle for a Check Point 1490 Appliance!

77 Replies
Highlighted
Contributor

80.20 will introduce new network-objects called "online services". this should cover your need 😉

0 Kudos
Highlighted
Advisor

totd Tip Of The Day : why don't we create some articles like Did you know? SmartConsole Tags or https://community.checkpoint.com/thread/7858-tip-of-the-day-clear-your-personal-display-settings (with a specific canvas, atotd tag and surely a validation from someone) so that SmartConsole can dynamically and randomly show at startup?

Highlighted
Admin
Admin

Neat idea Smiley Happy

Highlighted
Admin
Admin

Like Smiley Happy

Highlighted
Collaborator

one more.  

less intrusive debug options for troubleshooting 

refer to fw ctl zdebug - this is wrong... 

Highlighted
Contributor

syslog parser (listening syslog from Wifi AP, ISE, etc. )   for identity awareness 

0 Kudos
Highlighted
Contributor

In my opinion a Radius-Server would be a nice product. The rules for a radius-Server can be displayed as a rule-set like that one for a Firewall. If you look to Cisco ACS it's terrible. The product itself is powerfull, but the form of presentation and configuration is terrible. If I look to Check Points ruleset, (which is great) I can imagine that a ruleset for a radius server can be presented the same way - with timeobjects, allowed sources users and Groups........

Just an idea.....

Highlighted
Contributor

- Basically improve L2L VPN capability:

   1. VPN encryption domains definition per tunnel (community). Defining the local encryption per gateway instead of per community bring unnecessary complexity. At very minimum integrate subnet_for_range_and_peer with SmartConsole. 

   2. Improve vpn tu to provide information at what stage is the phase1 sa, for which encryption domains is given phase2 sa. some statistics for encrypted, decrypted packets.

   3. Improve route base vpn support. I haven't check what is the status lately with R80.x, but there were some limitations when enabling VTI - some parts of the accelerations were disabled. IMHO route base vpn is more flexible and easy to overcome overlapping encryption domains.

   4. Improve tunnel monitor methods, integrate DPD with SmartConsole

- I don't know how to define it, but something like - introduce only one (or two max) remote access vpn clients. Having SNX, enpoint security, endpoint security vpn, secureremote, checkpoint mobile is very complicated and misleading for the customer. It will be easy for the customer and for the administrator if you define: clientless and client ra vpn, while the the same application is used across all OSs, and also same client for SSL or IPsec based vpn.

Highlighted
Participant

make a webUI for VSX!

add CPview to SmartConsole

Highlighted
Participant

1. Standalone Endpoint Management Server so we can deploy solutions like AntiRansomware standalone as well as better deployment of the Endpoint clients using the Management server without having to rely on external tools to deploy.

2. More variety at the lower end of the appliances as there is quite a big gap between 7xx series and 3xxx series in terms of price and performance. Need to compete against other vendors' offerings for smaller clients.

3. Ability to pin on top the "Add objects" i.e. + window when you click inside a rule. Makes it easier to search and add separate objects or check rule in the background.

4. Better support to export logs as CSV. Even R80 is a bit limited.

5. More schedulable events e.g. move old logs to FTP, upgrade export etc... without having to write scripts / use cron.

6. Better upgrade facilities & rollback. Not really comfortable with cpuse. I personally preferred the legacy CLI option as it gave more visibility.

7. More training videos via CheckMates especially like the ones released introducing R80.

Highlighted
Admin
Admin

Standalone Endpoint Management is something we already offer as an Open Server/VM offering.

Our existing Smart-1 Appliances can also run Endpoint Management standalone as well.

More videos for CheckMates is definitely a request we hear a lot Smiley Happy

0 Kudos
Highlighted
Explorer

Id like to see 2 features with checkpoint  :

1 - Automated Checkpoint call home feature for reporting bugs ,performance tuning when certain processes reach a certain threshold 

2 - Advanced Protection for PLC`s -programmable logic controllers ,with an ability to TAG ups`s , generator`s ,ACC`s  connected over IP.

Regards

Charles

0 Kudos
Highlighted
Advisor

Charles,

As I remember in regards to bulletpoint 2, is solved with appliance r1200..

Can protect modbus but many more.

In what kind of scada environment? Renewables??

Regards

Kim

Best Regards
Kim
0 Kudos
Highlighted
Admin
Admin

We have a service offering for #1 called Check Point Pro: Check Point PRO Support | Check Point Software 

0 Kudos
Highlighted
Admin
Admin

A lot of great ideas, keep them coming!

However, we do have to cut things off for balloting for voting.

I encourage all of you to vote for your favorite idea here: Birthday Celebration!

0 Kudos
Highlighted
Advisor

Are able to grant some resource like wiki.checkpoint.com some access right for CheckPoint partners? 

Is it possible?

0 Kudos
Highlighted
Admin
Admin

Probably not the internal wiki.

0 Kudos
Highlighted

I think we need to incorporate some UEBA technologies on the sandblast agent or maybe on the gateway

0 Kudos