Create a Post
Showing results for 
Search instead for 
Did you mean: 


Hello Dear,

I am newcomer to Checkpoint solutions but I always knew they were the best in the field of Firewall.

My employer had a market in a bank which also its first market with the solution of Checkpoint and what made it possible to have this market is especially its "SandBlast" Blades Extraction & Emulation. But this has left grievances, discontent with the old provider of this bank that already provides FORTIGATE solutions.

We will have a big meeting with this client and the other suppliers ; providers like FORTIGATE. So let me ask you a few questions to be ready to convince, reassure the customer again to have chosen Checkpoint as Firewall solution:

1- You will see attached a type of topology for a transitional phase where the Appliance is in the local network to be like a proxy

a-What are the advantages and disadvantages of this architecture.

b-The good practices of this architecture to allow the solution to be efficient.


2- What are the main particularities and the differences between of Checkpoint's SandBlast and other SandBoxing like Forti Sandbox (Fortinet)

3- Is It possible for the Checkpoint NGTX to inform other security equipment of the signature of detected malware? If YES how and if NO how to solve this problem?

4- To finish according to you why choose CheckPoint?


I am very grateful for the help you will give me and your answers will allow me to also reassure myself of the CheckPoint solutions because I am a pure product of Cisco.

Thanks to you.



2 Replies

Moderation note:

Please avoid multiple posting into different section. 

You second post is now deleted.

Thanks for your understanding

0 Kudos

Proxies are generally less efficient, though in some environments they are required.

This might be a better discussion to have with someone in your local Check Point office or reseller.

SandBlast can prevent in real-time the first time it sees something.

Does Fortinet do this? I would encourage you to read their product documentation carefully.

Other Check Point gateways are immediately informed when one instance of SandBlast sees a malicious file so other gateways can block it.

For other non Check Point gateways, you could probably pull the necessary data out of the logs to have other gateways block on it.

On Why Check Point, I would offer the following (slightly older but the basic points are still valid): WHY CHECK POINT – THE FOUR POINTS 


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events