Technical Support Check Point (TAC). Quick guide

  • Tutorial


When choosing a comprehensive protective equipment (UTM / NGFW) usually pay attention to the following characteristics:

  1. Price;
  2. Functional;
  3. Quality (backed by various reports and tests);
  4. Simplicity and ease of management;
  5. The popularity of the solution.

However, for some reason, most people always forget about another VERY important criterion - Technical Support (TAC) . Without adequate technical support, you run the risk of being left “alone” with your dear and “cool box”, which does not work as it should. From experience, I can say that most of the serious integrations of protective equipment cannot do without contacting Technical Support. In this article I will try to talk about Check Point technical support, its types, features, advantages and disadvantages.

1. Technical Support Centers


I think it is logical to start with a list of locations of technical support centers. The following map is relevant today:



i.e. centers in Dallas, Ottawa, Tel Aviv, Bangalore, Beijing, Tokyo and Melbourne. One of the largest centers is naturally located in Tel Aviv (Check Point - Israeli company). If you are in the European part of Russia, then with a probability of 99% your requests will go exactly to the Israeli center. This has its advantages:

  1. Time in Tel Aviv (GMT + 2) differs by only an hour from Moscow (GMT + 3), which means that the working day coincides with yours;
  2. In the Israeli center, a lot of specialists speak Russian !

The last point is especially useful since The official language of technical support is English. In my practice, there have been quite a few cases where a non-English speaking customer was provided with a Russian-speaking engineer.
Ottawa has a 24-hour (24/7/365) support center. If you create an urgent application (which requires immediate intervention) after hours, then most likely it will go to the Canadian center.
There is NO Technical Support Center (TAC) in Russia! But there are other options that we will discuss below.

2. Three ways to communicate with those. support


How can I contact technical support? There are three ways: Chat , Web-request through the Support Center and by Phone .



Naturally, all three options require active technical support. Let's consider each method in more detail.

2.1 Chat




Live Chat is available from the Support Center, a technical support portal. We talked a bit about this portal in a previous article . By clicking on it, it will be necessary to indicate what kind of question you have (technical or sales) and indicate your account-id (technical support is tied to it). After that, a small browser window will open in the form of a chat, where the correspondence with the specialist will go. If, within the framework of the chat, it is not possible to solve your problem, a ticket (case) will be automatically created, where all correspondence from the chat is transferred. The list of open tickets can be viewed by clicking on My Service Requests (see image above). The chat option is ideal when you have an urgent and uncomplicated (in your opinion) question. This way you contact a specialist as quickly as possible.

2.2 Web


From the same Support Center, you can create an application in those. Classic support - Open a Service Request. Again, it will be necessary to select the type of problem (technical, not technical), and then fill out the standard form:



One of the most important fields when creating an application is Severity. There are four types:

  • Low
  • Medium
  • High
  • Critical

Critical - the highest level and refers to situations from the category of "the entire network is down." When choosing this level of Severity, you will be contacted as soon as possible.
At the next stage, you will be able to add attachments (logs, screenshots), indicate your preferred method of contacting you (email, sms, call) and the ability to remotely access.

2.3 Phone


The telephone option is the fastest, but it requires good English communication skills. Phones:



2.4 Optional


Two more options are worth mentioning. After the case has already been created (in one way or another), updates to this ticket (answers or questions of engineers) will come to your mail. After that, it is not necessary to go to the tech portal. support to write an answer. You can reply directly from the mail. The ticket number is always present in the subject line - SR (service request). This number allows you to automatically update the case on the portal directly from your email message. In addition, Check Point engineers quite often practice remote connection in the sharing mode (as in webex, go-to-meeting, etc.). This allows you to solve problems most productively, because the specialist sees the problem with his own eyes, can see the necessary logs, settings, and so on.

3. Two main types of support


Check Point technical support is divided into two large types: Direct Support and Collaborative Support. I think the names speak for themselves. We will describe both types.

3.1 Direct Support


As the name implies, this is direct technical support from the vendor. All your inquiries go directly to Check Point. At the same time, Direct Support has four levels: Standart, Premium, Elite, Diamond.



  • Standart is the cheapest option. Provides limited access to the Check Point knowledge base (expert-level articles that are sometimes really needed are not available). You can contact technical support only on business days and during business hours (9 x 5). All requests fall on the first line of support. The reaction time is 4 hours.
  • Premium is the most balanced option. You get full access to the knowledge base, you can contact support at absolutely any time. Requests will already reach more “advanced” engineers bypassing the first line. The reaction time is 30 minutes.
  • Elite - not available in Russia for any legislative reasons. A key advantage is that a Check Point engineer can go directly to the customer to solve problems.
  • Diamond is a Premium + dedicated technical support engineer who knows your infrastructure. Moreover, he has a laboratory bench repeating exactly your settings, which allows you to solve problems much faster.

Formally, there is still a Diamond Plus level . In this case, it is possible to consult with a specialist regarding design, security settings, etc. Those. you get a personal engineer. He will take care of the correctness and optimality of the Check Point settings.

3.2 Collaborative Support


In this case, technical support is provided by the Check Point Partner. As a rule, this is a system integrator or distributor. For this, the partner must necessarily have the status of CCSP (Certified Collaborative Support Provider) . The holder of this status should have its own technical support service, certified specialists and a laboratory stand to reproduce the problems of the customer.
Those. when choosing this type of support (collaborative), the first line for the customer is the partner, not Check Point. This provides several advantages:

  1. You get a Russian-speaking support;
  2. You can negotiate with your partner any SLA other than what Check Point provides. For example, the ability to contact on weekends in critical situations (even with Co-Standart support);
  3. With a partner, it’s much easier to arrange a specialist’s departure to the place.

In addition, if you use the services of a system integrator to implement Check Point solutions, then it is desirable that he has CCSP status. Those. so that the same integrator can provide technical support for you. In fact, in this case, for support you can contact the same engineer who initially set up everything and already knows your infrastructure. It's almost like a dedicated engineer for the Diamond level (of course, if your partner is competent), only for much less money.
It is worth noting that if the partner cannot solve the problem on his own, then he is already contacting the vendor and he is conducting a dialogue with him.
Collaborative Support also has several support levels:



I see no reason to paint the levels, everything seems to be clear. I repeat that such parameters as the operating time (9x5 or 24x7) and the reaction time depend on the agreed conditions with your Russian partner. Co-Elite level is not available in Russia.

4. Check Point PRO


This type of support was announced relatively recently. They called him, of course, pathos - Next Generation Support. In fact, this is an additional service that is hung to the acquired level of support, whether it be Standart or Premium. It is worth noting that the service is very useful. The prefix PRO does not mean “professional”, but “ proactive" With PRO support, Check Point experts in real time monitor the technical status of your security gateways and server management. Parameters such as RAM, HDD, CPU, interfaces, power supplies, cooler speed, various alerts, etc. are monitored. If there is any problem, a ticket is automatically created in TAC, even before you discovered it yourself. For example, a cooler broke on the device. In a normal situation, you may not notice this, because this breakdown will not occur immediately. PRO support understands that in the long run this will lead to overheating of the device and its breakdown. Thus, the application is created even before something happened.
An important point, PRO support is NOT monitoring information security events, i.e. This is not an SOC. This monitoring is precisely the “health” of your device.

5. Check Point Incident Response Team




Another service that you can add to your subscription is the Incident Response Team. As the name implies, this is a team that must respond to information security incidents. Those. when the customer was under attack. Check Point specialists can quickly connect to solve the problem, collect the necessary logs, traffic dumps, conduct full-fledged forensics, and restore the systems to work. You can contact them not only if you have a subscription, but also on the hot line. Read more about the service here . We will not describe it in detail, because this is a whole topic for a separate article.

6. Equipment Replacement (RMA)


What happens if the hardware breaks? With active technical support, you can quickly create a request in TAC (chat, web, call) and, after confirmation by the Check Point engineer, an equipment replacement procedure, RMA , will be initiated . New equipment is delivered from the nearest warehouse and usually takes 1 to 3 days. For example, from personal experience, a new device was delivered to Makhachkala in 3 days. If you do not have a fault-tolerant configuration (not a cluster) and the network is “lying”, then the priority will certainly be higher, but faster than 1 day, you are still unlikely to receive a device. Again, in this case, it is good to have an integrator partner who can lend the device for a while in case of critical downtime. Or you need to take care of this in advance and choose a cluster configuration.
It is worth noting that before the start of RMA, no one will torture you for a long time by collecting logs or pulling time. Those. You can count on a very quick decision.

7. Quality technical support


Now I would like to discuss the quality and adequacy of Check Point technical support. Of course this will be a subjective opinion and maybe someone had a different experience, which you can safely share in the comments.
As an integrator with CCSP status, we often have to work with Check Point technical support. During this time, we managed to highlight the main pros and cons of this cooperation.
Pros:

  1. All cases are solved. If the manual says that Check Point supports a particular function, but it suddenly does not work properly, then technical support will work with you until the problem is resolved. If you suddenly discover that this is a “bug” in the system, a patch will be specially released for you that will fix this problem. Again, from experience I can say that tech support refuses cases only when the device requires something that it should not be able to do initially.
  2. Support with remote access. As the saying goes: "Instead of a thousand words." Sometimes it is very difficult in words (or in screenshots) to explain what is happening and easier to show. Check Point experts never mind connecting with you and working on a problem together. This is especially important when the problem needs to be solved in a short time.
  3. The possibility of escalating the problem. If you are for one reason or another dissatisfied with the work of the TAC engineer, you can quickly change it using the case escalation mechanism (this button is available in the support center of the web portal). After that, your application will be transferred to another and most likely more qualified engineer. There are several levels of engineers in the technical support of Checkpoint that are monitored by the most “strong” engineer.
  4. Great knowledge base. If you have a problem with the device, then with a 95% probability its solution is already described in the Check Point knowledge base. The main thing is to be able to use it. Perhaps we will describe several tricks for working with the database in the following articles. The knowledge base very often helps out and allows you to quickly solve problems without contacting those. support.

Now the cons:

  1. They deal with cases only with clearly formulated questions. The question from the category of “how to configure ...” will not work. Most likely you will be thrown a link to one of the manuals and asked to handle a more specific problem. Those. nobody will educate you. If this does not suit you, then it is worth considering the option with support from a partner, i.e. Collaborative support. As a rule, it is much easier to agree with a partner.
  2. To work with those. support you need to have certain knowledge, be able to work on the command line and navigate the Check Point documentation. No one will explain to you how to connect via ssh to a device or how to copy a log file. You should at least be a confident user of linux-systems, be able to use such Check Point utilities as cpinfo and migrate export . Perhaps in the following articles we will write it down.
  3. English language support. Perhaps for some this is the biggest minus. Earlier, I wrote that it is quite often possible to find a Russian-speaking engineer, but these are only concessions made by the vendor (due to the availability of specialists who speak our language). If you do not speak English at all, and the Russian-speaking engineers are busy at this moment, then you run the risk of being in a situation where you simply cannot explain your problem. As I wrote earlier, if you need a Russian tech. support, then look towards Collaborative support with a partner from Russia.

8. Summary


To summarize all of the above (and our own experience), we can conclude that Check Point technical support is at a decent level. Various types of support types and levels allow you to choose the best solution for any company. In my opinion, Collaborative Support (support from a Russian partner) is the most optimal option, but here it’s a matter of taste. In the end, the type of support can always be changed.

PS If you have any questions about setting up and optimizing Check Point, feel free to contact us.

PSS The article is based on the Denisov Valery webinar (Check Point company). I would also like to thank Dmitry Zakharenko (RRC company) for his help in preparing the article.

Also popular now: