How Customers Use Check Point Firewalls Around the Globe

How Customers Use Check Point Firewalls Around the Globe
0

#1

Originally published at: https://indeni.com/state-of-the-check-point-users/

To keep your business online and ensure critical devices, such as Check Point firewalls, meet operational excellence standards it is helpful to compare your environment to a third party data set. As part of the Indeni Automation Platform, customers have access to Indeni Insight which benchmarks adoption of the Check Point capabilities and user behavior to adhere to ITIL best practices. Having a third party data set is extremely helpful for network and security engineers to answer questions such as:

  • Should I consider upgrading to the latest version?
  • Is this a common issue in other environments, or am I alone?
  • Input into future appliance and software purchases
We recently published a report around the Palo Alto Networks Automation Trends, and the data is coming in for Check Point as well. See below for a few of the early takeaways. Please comment below with the questions you have around Check Point such as, should I upgrade to R80.10? Your feedback will help shape the final report!

Sneak Peak: 2018 Check Point Trends


Top Software Platforms used by Indeni Check Point Customers:

  • Gaia - 76.47%
  • Ipso - 11.76%
  • Secureplatform - 11.76%

Top issues found from a performance and configuration standpoint:

Performance-related and ongoing issues:

  • High CPU usage per core(s)
  • Interface nearing maximum Tx throughput
  • Firewall kernel table limit approaching
  • DNS server response time slow
  • VPN tunnel(s) down
  • Aggressive Aging enabled
  • Required interface(s) down
  • Next hop (router) inaccessible
  • Repeated failed login attempts by a user
  • Core dump files found
Configuration related issues:
  • Some VSes have high CPU usage
  • In CoreXL a single core shouldn't handle both interface interrupts and fw worker
  • Critical configuration files mismatch across cluster members
  • Software end of support nearing
  • Static routing table does not match across cluster members
  • License expiration nearing
  • Network interface duplex does not match across cluster members
  • Configuration changed but not saved
  • Certificate authority not accessible
  • Certificate(s) has expired
Check out the potential issues that could appear in Check Point GAiA, GAiA Embedded, IPSO and Secure Platform environments on the Indeni Check Point Solution Page.

Ready to benchmark your network ? Try Indeni today and enable Indeni Insight at set up.