1.  Geoprotection flexibility- countries a,b,c can hit this site, while d,e,f can hit this one, instead of on or off for the country.

2.  There's a handy export button to export objects, how about the handy import button?  

3.  recreate all the canned reports from smart reporter in smart event.

4.  finish integrating the legacy apps.  

There is one more thing strange in my mind.

In R80.10, Security Gateway get interface with topology, it will also create Network object base our IPv4 static routes.

That is everybody known thing.

But the new network object can not display and can not be search out in Object Panel or Object explorer.

But it can display and be search out when we try to add object in Source or Destination.

Before R80, without this issue.

Hope this can be corrected in the feature.

Adding an option to add an IP to GUI users so the GUI user can login only if the IP matches to the mentioned IP . Fortinet already have this feature.

hi

1. VPN-domain per VPN-community. only one VPN domain makes it hard to configure several VPNs when you have large internal network ranges and want only a subnet as part of this VPN
2. a "rule checker" or "rule assistant". I know CP is working on something like that ...
3. a "performance assistant". if monitoring sees high CPU/memory usage it could recommend actions ..
br

reinhard

What about integrating some sort of WAN-optimization into Site2Site VPN? So that services like eg. cifs gets optimized over VPN. I have seen quite a few companies using third-party products for this, to optimize trafic between all their Check Point protected offices.

Still some of the features like https inspection etc.. opens in R77.30 for R80. Also Smart event and https inspection is not stable in R80. it would be great if Checkpoint resolve such issues in R80.20 or in further versions.

Wouldn’t it be nice if SmartConsole is the place to be where you can push tweaks like kernel parameters and other manual customizations to the Security Gateway? So that everything is in the management database (something like the VSX config). At this moment you need to have a good backup or documented every manual tweak you’ve done in the past. Unfortunately I see a lot of environments where it is not documented and then it will cost a lot of time to find them. It will also save time when upgrading to a new major version. Just a thought.

Smart Console Client for Mac or web based management!!

1) Fully integrate Geo Protection into the Access Control policy layers; make country objects directly selectable in the source/destination of rules.

2) Perform Geo Protect drops in SecureXL (if enabled), not the Firewall Path.  SecureXL already performs antispoofing drops and country-based drops with fw samp in the Accelerated Path, this shouldn't be difficult to do with Geo Protection as well.

3) Improve reporting done by fwaccel stat indicating why templating rate (Connections/sec) is zero (i.e. Anti-bot enabled, more than just "Firewall" checked in first policy layer).

4) Permit use of Security Zones in NAT rules, would make converting NAT rules from other vendors' zone-based firewalls much easier.

5) Add support for what other vendors call "NAT Oversubscription" that generally allows more than 50k concurrent hidden connections behind a single IP address.

7) Directly publish CPU and memory specifications of appliances, instead of users having to figure it out on their own

😎 Permit the definition of "FastXL templates" directly in SecureXL that forces internal, trusted traffic (i.e. backups) into the Accelerated path with a minimum of inspection.  Add all the warnings and caveats you want...

9) By default force all gateway kernel syslog messages issued by INSPECT/SecureXL into the regular firewall logs visible through SmartConsole/SmartLog.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Pure Checkpoint SD-WAN solution or tie up with current sd-wan solutions as a security add-on.

Application base routing (Layer 7)

Load balance (ISP Redundancy) more than two ISP Links

Great idea! 


I've have been working on idea of including windows logs into SmartEvents so one could use it as a light SEIM product.

I actually think SmartEvent is a strong product especially with the google like search feature. I use it every days basically.


In stead of using a 3rd party product like nx why not then using your own tool like WinEventToCPLog. I can now today include Event logs from a Windows server 2016 into SmartEvent. Great. 

It would be great to have a WinEventToCPLog agent installed on a windows server to include smnp traps, difffent kind of windows logs file - like dhcp.log, dns.log or IIS log.


Hope this is an idea that can be implemented and used.

Easy O365 hybrid migration interface.

A easy why to create O365 addresses and automatically updates of these ip scopes when Microsoft changes their scope.