All,
I am glad to hear that I am not alone in my opinion about
lousy checkpoint TAC support. Glad to hear that a lot of
people in this list feel the same way that I do.
I work for a Sevice Provider, probably the biggest in the
world. We're running Checkpoint on Nokia appliances. In
my group, we manage several hundreds firewalls via
Checkpoint Provider-1.
Given the importance that we're probably the biggest checkpoint
customer in the world, you would think that Checkpoint would
go out of its way to help us fix the problem instead of ignoring
us. However, as someone in this list would say, "they just
ignored us and hoping we never call back". My company does pay
for checkpoint support and maintenance damn it. We have a
dedicate SE from checkpoint to manage our account since we're one
of their biggest customers but he never returns our calls or emails.
When Checkpoint does get around and engage in fixing the problems,
most of their recommendations have been absolutely useless. A lot
of times, I've found the solutions in this list. As I've said
before, I have two tickets open with Checkpoint for almost 3 months
without resolutions. It takes them weeks to respond and when they
do, they ask me to do stupid things in my production environments
which I won't do. Like someone in this said, they just hope the
problem will go away and I will not call them back. Sometimes, I
feel like the technical expertise from Checkpoint TAC engineer is
no better than I am. There are many more incidents with Checkpoint
TAC prior to these. One time, I was setting up Provider-1 NG with AI
R55 in Active/Standby with Active/Standby CMA. When both CMA
comes up in collision mode, the TAC engineer response is: "since
you're still running it in a test environment, just pretend this never
happens. We'll worry about it when you actually roll it out in your
production environment".
On the other hand, we have Cisco Advanced Network Services support
from Cisco and their TAC engineers are second to none. Cisco
Security products are not as good and easy to use than checkpoint
their TAC support is awesome. They will hold my hands all they way
through the troubleshooting process. Furthermore, they are very
pro-active in helping me fixing the problems. In my seven years
working with Cisco TAC, I have NOT had any bad experiences with
Cisco. Cisco SE dedicated to my company is also pro-active in
helping us instead of screwing us like Checkpoint. The same thing
can be said with Juniper as well.
Because of this, my company starts bringging in other vendors such
as NetScreen/Juniper and we are taking a second look at Cisco Pix.
NetScreen already has NetScreen Security Manager (NSM) which is
similar to Checkpoint Provider-1 which will help us in managing lot
of firewalls. Cisco is also developing a product that will help us
managing lot of firewalls as well. Once my company feels that these
products from Cisco and Juniper are ready to go, we'll start migrating
our existing customers from Checkpoint to either NetScreen or Cisco Pix
and new customers will be using either Netscreen or Cisco Pix as well.
I already start telling new customers to use Cisco Pix or Netscreen.
A few months ago, I told both R&D Engineering managers from Cisco and
Juniper the following: "Your TAC support is excellent. If you can
improve your security products and make it easier to use, a lot of
people will start abandoning Checkpoint products and start using
Cisco or Juniper".
Checkpoint firewall is a good product but it will not be a good product
if people who use the product has nowhere to turn to or worse, they just
get ignored by Checkpoint itself.
I hope that checkpoint sees this as a "warning" shot and starts getting
its act together.
Enough of my rambling. Checkpoint TAC makes me go crazy almost
all the time.
cisco4ng
P.S. Regarding my analogy about Checkpoint TAC charging $500/hour for
TAC support with no guarantee that the problem is solved and a pretty hooker
costs much less than $500. Well, at least with a hooker, she can not guarantee
to solve my problem but at least I get something out of it. Wish I can say
the same thing about Checkpoint. For any females in this list, I apologize
if I offend you in anyway. That is not my intention.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
