Check Point

Firewalls (Gateways, VE, VSX, Edge)

Dashboard and Browsers

Change Tracking
Policy Analysis
Risk
Dashboard
Cleanup
Violations

Change Management

Rule and Object Usage Report
Change Management
Full Accountability
Display IPv6 objects
Graphical Policy
Real-time Monitoring
Create SecureChange ticket from Policy Browser for:
Rule Decommission
Rule Modification
Rule Recertification

Policy Analysis

Automatic Policy Generation (APG)
Policy Analysis
Object Lookup

Auditing and Reporting

Expired Rules Report
Auditing and Reporting

Topology

Calculate impact of NAT rules
Static Topology
Dynamic Topology
Calculate impact of VPN policies

Notes for Edge and Gateways:

  • Supports change management and rule usage when managed by a SmartCenter/Provider-1, but supports only change management when managed by LSM.

VSX notes:

  • Supports all features except OS-level monitoring for VSX hosts or VSX gateways.
  • Supports Vsys WARP interfaces in topology calculations.

Management Devices (CMA, Smart Center)

Dashboard and Browsers

Policy Analysis
Risk
Changes
Dashboard
Cleanup
Violations

Change Management

Rule and Object Usage Report
Change Management
Full Accountability
Display IPv6 objects
Graphical Policy
Change Window
Real-time Monitoring
Create SecureChange ticket from Policy Browser for:
Rule Decommission
Rule Modification

Policy Analysis

Automatic Policy Generation (APG)
Policy Analysis
Object Lookup

Auditing and Reporting

Expired Rules Report
Auditing and Reporting

Topology

Static Topology
Dynamic Topology
Calculate impact of NAT rules
Calculate impact of VPN policies
IPv6 routes
Path analysis with IPv6 addresses in source and destination

Notes for CMA and R80:

  • The Baseline Settings Compliance report is deprecated for Check Point R80.

  • R80 unattached network object does not recognized host in opsec.

  • Inline layers are supported for R80 gateways.

  • Partial support of Check Point CloudGuard integration with Azure (Supporting Check Point R80 and above)

  • After an upgrade, the revision may appear as modified in Compare Revisions:

    • Section headers may be shown as deleted and added
    • The revision shows legacy user access as a modified field on the revision although no change was done
    • Generate Report changes are not accurate
  • Supports the Last Hit field for both security rules and NAT rules.

Management Devices (MDS)

Dashboard and Browsers

Change Tracking
Policy Analysis
Risk
Dashboard
Cleanup
Violations

Change Management

Rule and Object Usage Report
Change Management
Full Accountability
Display IPv6 objects
Graphical Policy
Real-time Monitoring
Create SecureChange ticket from Policy Browser for:
Rule Decommission
Rule Modification
Rule Recertification

Policy Analysis

Automatic Policy Generation (APG)
Policy Analysis
Object Lookup

Auditing and Reporting

Auditing and Reporting
Expired Rules Report

Topology

Static Topology
Dynamic Topology
Calculate impact of VPN policies

Notes for MDS:

  • Partial support of Check Point CloudGuard integration with Azure (Supporting Check Point R80 and above)

  • Supports the Last Hit field for both security rules and NAT rules.