<rant>
Why is Checkpoint a piece of shit do you ask?

Because every time I'm working on their piece of shit management GUI from 1997 that only runs on Windows, I have to fucking open up an RDP from my Mac to a dedicated Windows VM.

Why the hell would you force me to run such a shitty operating system like Microsoft Windows in order to admin an even shittier firewall!?!?

It's fucking 2017!@# Other platforms have been introduced into the Enterprise!!! Try a fucking web GUI or an intuitive CLI like the rest of the modern world!

When you're creating and pushing a fucking a policy, something never fucking goes right with a "General Error Occured".

If you manage to find the sk number associated with a "General Error", from their fucking support center, it gives you 2346246 solutions that you gotta try each fucking one to find out the 792nd solution worked!@#

Then I have to call TAC and expect another cop-out run-around answer after being on the phone with them for 5 hours, while during the call I want to hit my head on my desk repeatedly to put me out of my fucking misery!

Their support website is under maintenance half the time.

When you call TAC, the support system that they use is down a quarter of the time, so they have to call you back 3 hours later.

Their URL filtering is garbage. The URL recategorization doesn't even work for some of the URL's I've defined.

The fucking ad-blocker prevents pages from even fucking loading!#@

When I'm trying to grep through a fucking log, their files are in some proprietary binary bullshit format.

If I need to change an obscure setting, I have to dig through 978352152 files just to change a 1 to a 0, after 9 hours of being on the phone with TAC.

Their 1100 Firewalls are shit and drop their IPSEC VPN connection until I have to re-push a stupid fucking policy. Their TACs have been scratching their heads on this one with bullshit answers after a few weeks.

The throughput on a Checkpoint site-to-site VPN sucks donkey dick!

Setting up Amazon Web Services VPC to Checkpoint VPN is the worst painful shit. I was able to achieve the same thing with Cisco and OpenSWAN in 5 minutes!@#

Three days later and the Checkpoint VPN to AWS STILL DOESNT FUCKING WORK!!!

There's 3 fucking versions of their software VPN client, which you're scrambling which one to download to find out none of them work. And uninstalling doesn't completely remove the fucking thing.

Their software has more fucking bugs than an African desert.

The messages in their console interface aren't even spelled correctly. That makes me question their coding. Even my shitty 1995 HTML skills are better.

Half the configuration never survives when upgrading their GAiA(S)(S) OS to the next version, which has me hesitant to upgrade to R80.xx!@#

There's too many fucking moving parts, and when there's something being blocked, you don't know which fucking blade is causing the problem because the logs aren't fucking reporting it!#@

Their Endpoint software is just as much if not a worse piece of shit too.

I've built better firewalls with just a barebones Linux install in the fucking past!

How many issues have I had with configuring Cisco PIX/ASA firewalls in my career? None that I can think of. Life was good.

How many issues have I had with configuring Juniper Netscreen firewalls in my career? One. Life was still good.

How many issues have I had with configuring Checkpoint firewalls in my career that I haven't listed here? I lost count.

Everyone who fucking love Checkpoint firewalls seemed to have never used any other fucking firewall before. That's like having only driven a fucking Geo Metro when you've never test-driven or owned a BMW.

What is there to like? SmartDashboard is shit. SmartLog is shit. SmartView Tracker is shit. SmartView Monitor is shit. Even someone from their staff said SmartView Tracker is shit.

Did I have a decision when purchasing Checkpoint firewalls? No. I inherited a bastard child that's been here longer than I have.

Will I be buying any Checkpoint products in the future? Fuck No!

Would I recommend any Checkpoint products to anyone in the future? Hell no.

Next-generation firefuckingwall my ass.

I'll be going with Palo Alto Networks on this one.

This is why I need scotch every night.

</rant>

If you swear by these stupid firewalls, then...


Now please excuse me while I try to lower my blood pressure.


*** UPDATE: I'm running Palo Alto Networks now and my life couldn't be any better. This is why you're losing market share Checkpoint and all your sales people are going to PAN. Take notes. ***