This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
israelfds95
MVP Gold
MVP Gold
‎2026-02-19 01:54 PM

Check Point SD-WAN – Suggested Enhancements

The launch of SD-WAN in the Check Point portfolio was a major step forward, strengthening its value in modern connectivity and security architectures. Adoption has been growing rapidly here in Brazil, and likely globally as well.

Through multiple deployments and ongoing support of Check Point SD-WAN projects, I’ve identified opportunities for improvement—particularly in policy management and rule creation, which can feel slower and less fluid than expected in production environments. Improving responsiveness and usability would significantly enhance both the administrator experience and SD-WAN’s competitive positioning.

I’ve already shared some of this feedback through the Infinity Portal, but I’d like to bring the discussion to the CheckMates community and hear your experiences as well.

Here are some suggested enhancements for Check Point SD-WAN:

Policy Organization (Sections for Rules)

Currently, SD-WAN policies in the Infinity Portal lack structured organization. As the rule base grows, navigation and management become increasingly complex and less efficient.

Introducing rule sections—similar to what we have in SmartConsole—would significantly improve readability, maintainability, and operational control.

Copy, Paste, and Drag-and-Drop Capabilities

In SmartConsole, we can easily copy and paste objects or drag and drop them between rules. This operational flexibility is something that is currently missing in the SD-WAN portal.

Being able to duplicate rules, copy multiple objects, or move elements across policies would streamline daily administration and reduce configuration time.

“Discard ALL Changes” Button Placement

The “Discard ALL Changes” button is currently hidden under Support > System or within the Publish menu.

Positioning it directly next to the Publish button would greatly improve visibility and usability, especially in fast-paced operational scenarios.

Overlay VPN with Firewalls Managed by Other SMS/MDS, Smart-1, or Infinity Portal Tenants

I work with multiple customers who operate independently but require site-to-site connectivity—particularly government-related institutions.

Enabling SD-WAN overlay VPN control between Check Point firewalls managed by different SMS/MDS servers, Smart-1 appliances, or separate Infinity Portal tenants would be a powerful competitive differentiator.

I recognize that this may be technically complex, but it would bring significant value and be very well received by customers.

SD-WAN VPN Overlay Control with Third-Party Peers

The ability to manage VPN overlays with third-party peers directly through Check Point SD-WAN would further increase flexibility and strengthen multi-vendor integration capabilities.

Optional On-Premises SD-WAN Policy Management

The Infinity Portal–based SD-WAN model brings strong centralized orchestration and cloud-driven innovation, which is valuable in many environments.

However, some organizations operate in scenarios where continuous internet connectivity, strict compliance requirements, or full local control are critical. In these cases, relying exclusively on cloud-based management can present operational or regulatory challenges.

Providing an optional on-premises SD-WAN policy management capability, such as a dedicated SD-WAN policy tab within SmartConsole, would complement the current model.

This would create a more unified management experience, reduce operational fragmentation, and minimize context switching for administrators, while preserving the strengths of the Infinity Portal.

I understand that some enhancements—such as cross-management overlays—may be complex to implement. However, improvements like rule sections and copy/paste or drag-and-drop functionality would already represent a substantial step forward in operational efficiency.

(1)
12 Replies
israelfds95
MVP Gold
MVP Gold
‎2026-02-19 06:31 PM

What do you think about this? Do you think someone from the Check Point SD-WAN team might be able to see these ideas?

the_rock
MVP Diamond
MVP Diamond
‎2026-02-19 07:11 PM

Amazing bro, great work.

Best,
Andy
"Have a great day and if its not, change it"
(1)
israelfds95
MVP Gold
MVP Gold
‎2026-02-20 06:34 AM
In response to the_rock

I believe that if some of those improvements were implemented, they would already significantly enhance the SD-WAN policy management experience.

Have you been using SD-WAN with many customers?

Lukhaos357
Explorer
‎2026-02-20 05:18 AM

Great work bro!!

(1)
PhoneBoy
Admin
Admin
‎2026-02-20 08:44 AM

On-prem SD-WAN management is already slated for R82.20, if I remember what @Amit_Navon said correctly. 🙂

(1)
israelfds95
MVP Gold
MVP Gold
‎2026-02-20 09:00 AM
In response to PhoneBoy

That would be great. What did you think about the other improvement ideas?

0 Kudos
PhoneBoy
Admin
Admin
‎2026-02-23 01:29 PM
In response to israelfds95

Those seem logical to me.
Of course you'll get two of these just by having the management on-premise 🙂

0 Kudos
Amit_Navon
Employee
Employee
‎2026-02-20 09:03 AM

Thanks @israelfds95 

I will review each of the items and comment.

In R82.20 we will merge the SD-WAN management into the smart console allowing 100% on-premise management. 

3rd party VPN will be enabled already on an R82.10 JHF as part for  enhanced SASE integration.

Best Regards,

 

Amit Navon

Product Manager

SD-WAN

 

(1)
israelfds95
MVP Gold
MVP Gold
‎2026-02-20 02:08 PM
In response to Amit_Navon

Thank you, @Amit_Navon

I am very encouraged by the improvements that R82 is already delivering. I have been closely following SK180605 regarding Quantum SD-WAN, particularly the limitations that are being addressed. The R82 release, along with the upcoming R82.10 versions and R82.20, R82.00.XX, is introducing significant enhancements, which I find extremely positive and highly competitive for the solution.

This year, I will continue leading and deploying multiple projects. I currently have four in progress—three involving Maestro with SD-WAN, and another project involving 37 remote 2550 appliances deployed with SD-WAN in a star topology, centralized on 9700 data center gateways. I have been deeply involved in the implementation and operation of SD-WAN and related technologies across several complex and strategic environments.

I will continue sharing updates as I gain further insights from these deployments.

0 Kudos
WiliRGasparetto
MVP Diamond
MVP Diamond
‎2026-02-20 02:08 PM

I strongly agree with both points especially these two usability gaps, because they directly impact day-to-day operational efficiency and change safety.

Copy / Paste / Drag-and-Drop in SD-WAN Portal.

“Discard ALL Changes” button placement

Overall, both changes are small from a UI standpoint but high-impact for operational reliability and admin speed.

(1)
Amit_Navon
Employee
Employee
‎2026-02-23 04:29 AM
In response to WiliRGasparetto

@israelfds95 @WiliRGasparetto 

Thanks for the valuable feedback.

As SD‑WAN management moves into SmartConsole, we will align with the full SmartConsole change‑management model, including a clear and visible Discard option. We already plan to introduce rule sections that improves SD‑WAN policy readability and scalability, EA is due Q2 2026.

Drag‑and‑drop within the policy will also be supported to ease rule organization (object‑tree drag‑and‑drop will not be supported).

Regarding overlay VPN across different management domains, this falls under VPN over SD‑WAN. While externally managed VPNs exist, cross‑SMS/MDS or multi‑tenant scenarios are still under evaluation.

3rd party VPN will be enabled already on an R82.10 Q3 JHF as part for enhanced SASE integration.

Appreciate the engagement—feedback like this directly shapes our roadmap.

Keep sharing such, we will respond.

Best Regards,

Amit Navon

Product Manager

SD-WAN

Check Point Software Technologies

 

(1)
israelfds95
MVP Gold
MVP Gold
‎2026-02-23 04:40 AM
In response to Amit_Navon

Thank you very much @Amit_Navon  , this is great news, and all the improvements will make the Check Point SD-WAN even more competitive in the market. I'm excited. If I notice any more relevant improvement ideas beyond those already coming, I will update you. Thank you for your attention.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events