- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
As part of our First Birthday celebration, we are having an awards ceremony.
For awards, you need categories and voting!
Over the course of this week, we will share some of the categories and solicit nominations for said categories.
See the complete list of categories and voting instructions here: https://community.checkpoint.com/community/about-checkmates/blog/2018/05/08/checkmates-first-birthda...
This category is about ideas that you wish Check Point would develop into a product/service offering, or improvements to existing ones.
I polled some folks inside Check Point that aren't in R&D and got plenty of suggestions.
Here are a few of them:
Now, it's your turn, CheckMates community: what's your Idea of the Year?
Please leave your suggestions below as comments.
A few disclaimers/notes:
Voting is now open for the above categories.
We will take your votes until 25th May 2018 @ 11:59pm Pacific Daylight Time.
A vote will enter you into a raffle for a Check Point 1490 Appliance!
80.20 will introduce new network-objects called "online services". this should cover your need 😉
totd Tip Of The Day : why don't we create some articles like Did you know? SmartConsole Tags or https://community.checkpoint.com/thread/7858-tip-of-the-day-clear-your-personal-display-settings (with a specific canvas, atotd tag and surely a validation from someone) so that SmartConsole can dynamically and randomly show at startup?
Neat idea
Like
one more.
less intrusive debug options for troubleshooting
refer to fw ctl zdebug - this is wrong...
syslog parser (listening syslog from Wifi AP, ISE, etc. ) for identity awareness
In my opinion a Radius-Server would be a nice product. The rules for a radius-Server can be displayed as a rule-set like that one for a Firewall. If you look to Cisco ACS it's terrible. The product itself is powerfull, but the form of presentation and configuration is terrible. If I look to Check Points ruleset, (which is great) I can imagine that a ruleset for a radius server can be presented the same way - with timeobjects, allowed sources users and Groups........
Just an idea.....
- Basically improve L2L VPN capability:
1. VPN encryption domains definition per tunnel (community). Defining the local encryption per gateway instead of per community bring unnecessary complexity. At very minimum integrate subnet_for_range_and_peer with SmartConsole.
2. Improve vpn tu to provide information at what stage is the phase1 sa, for which encryption domains is given phase2 sa. some statistics for encrypted, decrypted packets.
3. Improve route base vpn support. I haven't check what is the status lately with R80.x, but there were some limitations when enabling VTI - some parts of the accelerations were disabled. IMHO route base vpn is more flexible and easy to overcome overlapping encryption domains.
4. Improve tunnel monitor methods, integrate DPD with SmartConsole
- I don't know how to define it, but something like - introduce only one (or two max) remote access vpn clients. Having SNX, enpoint security, endpoint security vpn, secureremote, checkpoint mobile is very complicated and misleading for the customer. It will be easy for the customer and for the administrator if you define: clientless and client ra vpn, while the the same application is used across all OSs, and also same client for SSL or IPsec based vpn.
make a webUI for VSX!
add CPview to SmartConsole
1. Standalone Endpoint Management Server so we can deploy solutions like AntiRansomware standalone as well as better deployment of the Endpoint clients using the Management server without having to rely on external tools to deploy.
2. More variety at the lower end of the appliances as there is quite a big gap between 7xx series and 3xxx series in terms of price and performance. Need to compete against other vendors' offerings for smaller clients.
3. Ability to pin on top the "Add objects" i.e. + window when you click inside a rule. Makes it easier to search and add separate objects or check rule in the background.
4. Better support to export logs as CSV. Even R80 is a bit limited.
5. More schedulable events e.g. move old logs to FTP, upgrade export etc... without having to write scripts / use cron.
6. Better upgrade facilities & rollback. Not really comfortable with cpuse. I personally preferred the legacy CLI option as it gave more visibility.
7. More training videos via CheckMates especially like the ones released introducing R80.
Standalone Endpoint Management is something we already offer as an Open Server/VM offering.
Our existing Smart-1 Appliances can also run Endpoint Management standalone as well.
More videos for CheckMates is definitely a request we hear a lot
Id like to see 2 features with checkpoint :
1 - Automated Checkpoint call home feature for reporting bugs ,performance tuning when certain processes reach a certain threshold
2 - Advanced Protection for PLC`s -programmable logic controllers ,with an ability to TAG ups`s , generator`s ,ACC`s connected over IP.
Regards
Charles
Charles,
As I remember in regards to bulletpoint 2, is solved with appliance r1200..
Can protect modbus but many more.
In what kind of scada environment? Renewables??
Regards
Kim
We have a service offering for #1 called Check Point Pro: Check Point PRO Support | Check Point Software
A lot of great ideas, keep them coming!
However, we do have to cut things off for balloting for voting.
I encourage all of you to vote for your favorite idea here: Birthday Celebration!
Are able to grant some resource like wiki.checkpoint.com some access right for CheckPoint partners?
Is it possible?
Probably not the internal wiki.
I think we need to incorporate some UEBA technologies on the sandblast agent or maybe on the gateway
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY