Who rated this post

The launch of SD-WAN in the Check Point portfolio was a major step forward, strengthening its value in modern connectivity and security architectures. Adoption has been growing rapidly here in Brazil, and likely globally as well.

Through multiple deployments and ongoing support of Check Point SD-WAN projects, I’ve identified opportunities for improvement—particularly in policy management and rule creation, which can feel slower and less fluid than expected in production environments. Improving responsiveness and usability would significantly enhance both the administrator experience and SD-WAN’s competitive positioning.

I’ve already shared some of this feedback through the Infinity Portal, but I’d like to bring the discussion to the CheckMates community and hear your experiences as well.

Here are some suggested enhancements for Check Point SD-WAN:

Policy Organization (Sections for Rules)

Currently, SD-WAN policies in the Infinity Portal lack structured organization. As the rule base grows, navigation and management become increasingly complex and less efficient.

Introducing rule sections—similar to what we have in SmartConsole—would significantly improve readability, maintainability, and operational control.

Copy, Paste, and Drag-and-Drop Capabilities

In SmartConsole, we can easily copy and paste objects or drag and drop them between rules. This operational flexibility is something that is currently missing in the SD-WAN portal.

Being able to duplicate rules, copy multiple objects, or move elements across policies would streamline daily administration and reduce configuration time.

“Discard ALL Changes” Button Placement

The “Discard ALL Changes” button is currently hidden under Support > System or within the Publish menu.

Positioning it directly next to the Publish button would greatly improve visibility and usability, especially in fast-paced operational scenarios.

Overlay VPN with Firewalls Managed by Other SMS/MDS, Smart-1, or Infinity Portal Tenants

I work with multiple customers who operate independently but require site-to-site connectivity—particularly government-related institutions.

Enabling SD-WAN overlay VPN control between Check Point firewalls managed by different SMS/MDS servers, Smart-1 appliances, or separate Infinity Portal tenants would be a powerful competitive differentiator.

I recognize that this may be technically complex, but it would bring significant value and be very well received by customers.

SD-WAN VPN Overlay Control with Third-Party Peers

The ability to manage VPN overlays with third-party peers directly through Check Point SD-WAN would further increase flexibility and strengthen multi-vendor integration capabilities.

Optional On-Premises SD-WAN Policy Management

The Infinity Portal–based SD-WAN model brings strong centralized orchestration and cloud-driven innovation, which is valuable in many environments.

However, some organizations operate in scenarios where continuous internet connectivity, strict compliance requirements, or full local control are critical. In these cases, relying exclusively on cloud-based management can present operational or regulatory challenges.

Providing an optional on-premises SD-WAN policy management capability, such as a dedicated SD-WAN policy tab within SmartConsole, would complement the current model.

This would create a more unified management experience, reduce operational fragmentation, and minimize context switching for administrators, while preserving the strengths of the Infinity Portal.

I understand that some enhancements—such as cross-management overlays—may be complex to implement. However, improvements like rule sections and copy/paste or drag-and-drop functionality would already represent a substantial step forward in operational efficiency.