Re: What is your Check Point Idea of the Year? - Page 3

PhoneBoy · ‎2018-05-07

As part of our First Birthday celebration, we are having an awards ceremony.

For awards, you need categories and voting!

Over the course of this week, we will share some of the categories and solicit nominations for said categories.

See the complete list of categories and voting instructions here: https://community.checkpoint.com/community/about-checkmates/blog/2018/05/08/checkmates-first-birthda...

This category is about ideas that you wish Check Point would develop into a product/service offering, or improvements to existing ones.

I polled some folks inside Check Point that aren't in R&D and got plenty of suggestions.

Here are a few of them:

Cloud-based Endpoint Management
Automatic performance tuning based on hardware/policy configuration
Threat-hunting Platform

Now, it's your turn, CheckMates community: what's your Idea of the Year?

Please leave your suggestions below as comments.

A few disclaimers/notes:

There are no guarantees that any idea suggested will be developed, even the "Idea of the Year" .
From the suggestions below, we will choose 3-5 ideas which will be put up for voting during the week of 14th May.
Preference will be given to ideas that come from customers and partners, though Employees are welcome to participate as well.
"Likes" and "discussion" around specific ideas will influence (but not wholly determine) the final list, so if you like something someone has suggested, let it be known!

Voting

Voting is now open for the above categories.

We will take your votes until 25th May 2018 @ 11:59pm Pacific Daylight Time.

A vote will enter you into a raffle for a Check Point 1490 Appliance!

Reinhard_Stich · ‎2018-05-16

80.20 will introduce new network-objects called "online services". this should cover your need 😉

XBensemhoun · ‎2018-05-17

totd Tip Of The Day : why don't we create some articles like Did you know? SmartConsole Tags or https://community.checkpoint.com/thread/7858-tip-of-the-day-clear-your-personal-display-settings (with a specific canvas, atotd tag and surely a validation from someone) so that SmartConsole can dynamically and randomly show at startup?

Information Security enthusiast, CISSP, CCSP

PhoneBoy · ‎2018-05-17

Neat idea

Moti · ‎2018-05-21

Like

Neil_ZInk · ‎2018-05-17

one more.

less intrusive debug options for troubleshooting

refer to fw ctl zdebug - this is wrong...

Longson_Ho1 · ‎2018-05-17

syslog parser (listening syslog from Wifi AP, ISE, etc. ) for identity awareness

Sascha_Hasenst1 · ‎2018-05-18

In my opinion a Radius-Server would be a nice product. The rules for a radius-Server can be displayed as a rule-set like that one for a Firewall. If you look to Cisco ACS it's terrible. The product itself is powerfull, but the form of presentation and configuration is terrible. If I look to Check Points ruleset, (which is great) I can imagine that a ruleset for a radius server can be presented the same way - with timeobjects, allowed sources users and Groups........

Just an idea.....

Astardzhiev · ‎2018-05-18

- Basically improve L2L VPN capability:

1. VPN encryption domains definition per tunnel (community). Defining the local encryption per gateway instead of per community bring unnecessary complexity. At very minimum integrate subnet_for_range_and_peer with SmartConsole.

2. Improve vpn tu to provide information at what stage is the phase1 sa, for which encryption domains is given phase2 sa. some statistics for encrypted, decrypted packets.

3. Improve route base vpn support. I haven't check what is the status lately with R80.x, but there were some limitations when enabling VTI - some parts of the accelerations were disabled. IMHO route base vpn is more flexible and easy to overcome overlapping encryption domains.

4. Improve tunnel monitor methods, integrate DPD with SmartConsole

- I don't know how to define it, but something like - introduce only one (or two max) remote access vpn clients. Having SNX, enpoint security, endpoint security vpn, secureremote, checkpoint mobile is very complicated and misleading for the customer. It will be easy for the customer and for the administrator if you define: clientless and client ra vpn, while the the same application is used across all OSs, and also same client for SSL or IPsec based vpn.

Andreas_Kraik · ‎2018-05-18

make a webUI for VSX!

add CPview to SmartConsole

Bharat_B · ‎2018-05-18

1. Standalone Endpoint Management Server so we can deploy solutions like AntiRansomware standalone as well as better deployment of the Endpoint clients using the Management server without having to rely on external tools to deploy.

2. More variety at the lower end of the appliances as there is quite a big gap between 7xx series and 3xxx series in terms of price and performance. Need to compete against other vendors' offerings for smaller clients.

3. Ability to pin on top the "Add objects" i.e. + window when you click inside a rule. Makes it easier to search and add separate objects or check rule in the background.

4. Better support to export logs as CSV. Even R80 is a bit limited.

5. More schedulable events e.g. move old logs to FTP, upgrade export etc... without having to write scripts / use cron.

6. Better upgrade facilities & rollback. Not really comfortable with cpuse. I personally preferred the legacy CLI option as it gave more visibility.

7. More training videos via CheckMates especially like the ones released introducing R80.

PhoneBoy · ‎2018-05-18

Standalone Endpoint Management is something we already offer as an Open Server/VM offering.

Our existing Smart-1 Appliances can also run Endpoint Management standalone as well.

More videos for CheckMates is definitely a request we hear a lot

Charles_Njora · ‎2018-05-18

Id like to see 2 features with checkpoint :

1 - Automated Checkpoint call home feature for reporting bugs ,performance tuning when certain processes reach a certain threshold

2 - Advanced Protection for PLC`s -programmable logic controllers ,with an ability to TAG ups`s , generator`s ,ACC`s connected over IP.

Regards

Charles

Kim_Moberg · ‎2018-05-18

Charles,

As I remember in regards to bulletpoint 2, is solved with appliance r1200..

Can protect modbus but many more.

In what kind of scada environment? Renewables??

Regards

Kim

Best Regards
Kim

PhoneBoy · ‎2018-11-26

We have a service offering for #1 called Check Point Pro: Check Point PRO Support | Check Point Software

PhoneBoy · ‎2018-05-18

A lot of great ideas, keep them coming!

However, we do have to cut things off for balloting for voting.

I encourage all of you to vote for your favorite idea here: Birthday Celebration!

RickLin · ‎2018-05-21

Are able to grant some resource like wiki.checkpoint.com some access right for CheckPoint partners?

Is it possible?

PhoneBoy · ‎2018-05-21

Probably not the internal wiki.

Pablo_Barriga · ‎2018-12-06

I think we need to incorporate some UEBA technologies on the sandblast agent or maybe on the gateway

Are you a member of CheckMates?

What is your Check Point Idea of the Year?

Voting