Managed Firewall As a Service TechTalk August 2024...

Share your Cyber Security Insights
On-Stage at CPX 2025

Learn More

Simplifying Zero Trust Security
with Infinity Identity!

Watch Now

CheckMates Toolbox Contest 2024
Make Your Submission for a Chance to WIN up to $300 Gift Card!

LEARN MORE!

CheckMates Go:
What's New in R82

LISTEN NOW

Create a Post

Slides are below the Q&A, which is below the video.

(view in My Videos)

What do you mean with “colocation”? Is this any customer DC or only specified colocation DCs from certain providers?

Digital Realty and Iron Mountain today, primarily in US locations. We are looking at other providers (Equinix) and other locations in the near future.

Does Managed Firewall also include WAF and API protection?

Not as part of this offering, but it is something we can do as part of Infinity Global Services.

Is this applicable for customers with on-premise SMB gear?

The offering discussed here is specific to customers hosting equipment in one of our supported Datacenter providers. For managing on-premise gear, this could be done as part ofInfinity Global Services or an offering from a local Check Point partner.

Do you have command line access to “your” firewall? Especially to do Packet Traces (with self designed filters)

As this is a fully managed service, this is not possible.

What is SLA for change requests?

SLA's are based on priority on response times but two hour response is the default for critical requests etc.

Given many enterprise customers have change control, how are Check Point changes (upgrades, maintenance) communicated to the client?

As part of the onboarding process, we discuss specific change control processes and ensure we are aligned with the customer requirements. We can also provide a template for customers that do not have these processes in place.

Who handles last mile between managed firewall colo and on-premises network?

We will monitor the connection to the managed firewall location, but it is not something that is supplied by Check Point.

Does this offering allow the customer to make policy changes (new rules, new VPNS, etc)? Or do they have to submit change requests to Check Point for implementation? Or both?

The customer submits a ticket to IGS and Check Point will implement policy changes

So all internet traffic comes through the customer's colo uplink (so they get billed for traffic), then goes from customer's switches to the MFaaS network cage via the cross-connect, processed by MFaaS, then back to the cross-connection to the customer network. Double round trip over that cross-connection?

Correct, we inspect the traffic, clean it and send it back.

Where we can learn more about this offering?

Please reach out to services@checkpoint.com for more information.

What level of granularity the customer can subscribe to as part of the managed service? Security Group, VSX?

It's a Virtual System in a VSX Maestro configuration.

2599 KB

0 Replies