totd Tip Of The Day : why don't we create some articles like Did you know? SmartConsole Tags or https://community.checkpoint.com/thread/7858-tip-of-the-day-clear-your-personal-display-settings (with a specific canvas, atotd tag and surely a validation from someone) so that SmartConsole can dynamically and randomly show at startup?

Neat idea

Like

one more.  

less intrusive debug options for troubleshooting 

refer to fw ctl zdebug - this is wrong... 

syslog parser (listening syslog from Wifi AP, ISE, etc. )   for identity awareness 

In my opinion a Radius-Server would be a nice product. The rules for a radius-Server can be displayed as a rule-set like that one for a Firewall. If you look to Cisco ACS it's terrible. The product itself is powerfull, but the form of presentation and configuration is terrible. If I look to Check Points ruleset, (which is great) I can imagine that a ruleset for a radius server can be presented the same way - with timeobjects, allowed sources users and Groups........

Just an idea.....

- Basically improve L2L VPN capability:

   1. VPN encryption domains definition per tunnel (community). Defining the local encryption per gateway instead of per community bring unnecessary complexity. At very minimum integrate subnet_for_range_and_peer with SmartConsole. 

   2. Improve vpn tu to provide information at what stage is the phase1 sa, for which encryption domains is given phase2 sa. some statistics for encrypted, decrypted packets.

   3. Improve route base vpn support. I haven't check what is the status lately with R80.x, but there were some limitations when enabling VTI - some parts of the accelerations were disabled. IMHO route base vpn is more flexible and easy to overcome overlapping encryption domains.

   4. Improve tunnel monitor methods, integrate DPD with SmartConsole

- I don't know how to define it, but something like - introduce only one (or two max) remote access vpn clients. Having SNX, enpoint security, endpoint security vpn, secureremote, checkpoint mobile is very complicated and misleading for the customer. It will be easy for the customer and for the administrator if you define: clientless and client ra vpn, while the the same application is used across all OSs, and also same client for SSL or IPsec based vpn.

make a webUI for VSX!

add CPview to SmartConsole

1. Standalone Endpoint Management Server so we can deploy solutions like AntiRansomware standalone as well as better deployment of the Endpoint clients using the Management server without having to rely on external tools to deploy.

2. More variety at the lower end of the appliances as there is quite a big gap between 7xx series and 3xxx series in terms of price and performance. Need to compete against other vendors' offerings for smaller clients.

3. Ability to pin on top the "Add objects" i.e. + window when you click inside a rule. Makes it easier to search and add separate objects or check rule in the background.

4. Better support to export logs as CSV. Even R80 is a bit limited.

5. More schedulable events e.g. move old logs to FTP, upgrade export etc... without having to write scripts / use cron.

6. Better upgrade facilities & rollback. Not really comfortable with cpuse. I personally preferred the legacy CLI option as it gave more visibility.

7. More training videos via CheckMates especially like the ones released introducing R80.

Standalone Endpoint Management is something we already offer as an Open Server/VM offering.

Our existing Smart-1 Appliances can also run Endpoint Management standalone as well.

More videos for CheckMates is definitely a request we hear a lot

Id like to see 2 features with checkpoint  :

1 - Automated Checkpoint call home feature for reporting bugs ,performance tuning when certain processes reach a certain threshold 

2 - Advanced Protection for PLC`s -programmable logic controllers ,with an ability to TAG ups`s , generator`s ,ACC`s  connected over IP.

Regards

Charles

Charles,

As I remember in regards to bulletpoint 2, is solved with appliance r1200..

Can protect modbus but many more.

In what kind of scada environment? Renewables??

Regards

Kim

We have a service offering for #1 called Check Point Pro: Check Point PRO Support | Check Point Software 

A lot of great ideas, keep them coming!

However, we do have to cut things off for balloting for voting.

I encourage all of you to vote for your favorite idea here: Birthday Celebration!

Are able to grant some resource like wiki.checkpoint.com some access right for CheckPoint partners? 

Is it possible?

Probably not the internal wiki.

I think we need to incorporate some UEBA technologies on the sandblast agent or maybe on the gateway