Check Point Technical Support (TAC). Quick Start Guide

When choosing a comprehensive protection (UTM / NGFW), the following characteristics are usually taken into account:

1. Price;
2. Functional;
3. Quality (supported by various reports and tests);
4. Simplicity and ease of management;
5. The popularity of the solution.

However, for some reason the majority always forget about another VERY important criterion - Technical Support (TAC) . Without adequate technical support, you run the risk of being "one on one" with your path and a "cool box" that does not work as it should. From experience, I can say that the majority of serious security integration cannot do without contacting Technical Support. In this article I will try to tell you about Check Point technical support, its types, features, advantages and disadvantages.
')

1. Technical Support Centers

I think it is logical to start with a list of locations of technical support centers. Today the following map is relevant:



Those. centers in Dallas, Ottawa, Tel Aviv, Bangalore, Beijing, Tokyo and Melbourne. One of the largest centers is naturally located in Tel Aviv (Check Point - Israeli company). If you are located in the European part of Russia, then with a 99% probability your requests will be sent to the Israeli center. This has its advantages:

1. The time in Tel Aviv (GMT + 2) differs by only one hour from Moscow time (GMT + 3), which means that the working day coincides with yours;
2. In the Israeli center a lot of specialists speak Russian !

The last point is especially useful because The official technical support language is English. In my practice, there were quite a few cases when a non-English speaking customer was provided with a Russian-speaking engineer.
Ottawa has a 24-hour support center (24/7/365). If you create an urgent request (which requires immediate intervention) during off-hours, then most likely it will go to the Canadian center.
Technical Assistance Center (TAC) in Russia NO! But there are other options that we will discuss below.

2. Three ways to communicate with those. support

How can I contact technical support? There are three ways: Chat , Web request through the Support Center and by phone .



Naturally, all three options require active technical support. Consider each method in more detail.

2.1 Chat

Chat (Live Chat) is available from the Support Center - technical support portal. We talked a little about this portal in the previous article . Clicking on it will be necessary to indicate what kind of question you have (technical or sales) and specify your account-id (technical support is attached to it). After that, a small browser window will open in the form of a chat, where correspondence with a specialist will take place. If, within the chat, you cannot solve your problem, a ticket (case) will be automatically created, where all correspondence from the chat will be transferred. The list of open tickets can be viewed by clicking on My Service Requests (see picture above). The chat option is perfect when you have an urgent and uncomplicated (in your opinion) question. Thus, you as soon as possible contact a specialist.

2.2 Web

From the same Support Center, you can create an application in those. support in a classic way - Open a Service Request. Again, it will be necessary to select the type of probes (technical, non-technical), and then fill in the standard form:



One of the most important fields when creating an application is Severity. There are four types:

• Low
• Medium
• High
• Critical

Critical - the highest level and refers to situations from the category of "the whole network lay." When choosing this level of Severity, you will be contacted as soon as possible.
The next step will be the ability to add attachments (logs, screenshots), specify the preferred way to contact you (email, sms, call) and the possibility of remote access.

2.3 Phone

The phone call option is the fastest, but it requires you to have good communication skills in English. Phones:

2.4 Optional

It is worth mentioning two more options. After the case has already been created (one way or another), updates to this ticket (answers or questions from engineers) will be sent to your email. After that, it is not necessary to enter the portal of those. support to write the answer. You can reply directly from the mail. The subject of the letter is always present ticket number - SR (service request). This number allows you to automatically update the case on the portal directly from your email message. In addition, Check Point engineers often practice remote connection in a shared mode (as in webex, go-to-meeting, etc.). This allows the most productive to solve problems, because the expert sees with his own eyes the problem, can see the necessary logs, settings, and so on.

3. Two main types of support

Check Point technical support is divided into two large types: Direct Support and Collaborative Support. I think the names speak for themselves. Let's write out both types.

3.1 Direct Support

As the name suggests, this is direct technical support from the vendor. All your requests go directly to Check Point. At the same time, Direct Support has four levels: Standart, Premium, Elite, Diamond.

• Standart is the cheapest option. Provides the possibility of limited access to the Check Point knowledge base (expert-level articles that are sometimes really needed are not available). You can contact technical support only on weekdays and during business hours (9 x 5). All requests go to the first line of support. The reaction time is 4 hours.
• Premium is the most balanced option. You get full access to the knowledge base, you can contact support at any time. Requests will get to the more “advanced” engineers bypassing the first line. The reaction time is 30 minutes.
• Elite - not available in Russia for some legislative reasons. The key advantage is that the Check Point engineer can go directly to the customer to solve problems.
• Diamond is a Premium + dedicated technical support engineer who knows your infrastructure. Moreover, he has a laboratory stand that repeats exactly your settings, which allows you to solve problems much faster.

Formally, there is the Diamond Plus level. In this case, it is possible to consult with a specialist in terms of design, security settings, etc. Those. you get a personal engineer. He will also take care of the correctness and optimality of the Check Point settings.

3.2 Collaborative Support

In this case, customer support is provided by Check Point Partner. As a rule, it is a system integrator or distributor. To do this, the partner must have the status of CCSP (Certified Collaborative Support Provider) . The holder of this status should have its own technical support service, certified specialists and a laboratory stand to reproduce the problems of the customer.
Those. When choosing this type of support (collaborative), the first line for the customer is the partner, not Check Point. This has several advantages:

1. You get a Russian-speaking support;
2. You can negotiate with a partner any SLA other than what Check Point provides. For example, the ability to handle weekends in critical situations (even with Co-Standart support);
3. With a partner is much easier to agree on the departure of a specialist in place.

In addition, if you use the services of a system integrator to implement Check Point solutions, then it is desirable that it has the status of CCSP. Those. so that the same integrator can provide technical support for you. In fact, in this case for the support you can contact the same engineer who initially set up everything and already knows your infrastructure. This is almost like a dedicated engineer for the Diamond level (of course, if your partner is competent), only for much less money.
It is worth noting that if a partner cannot solve the problem on his own, then he already turns to the vendor and he conducts a dialogue with him.
Collaborative Support also has several levels of support:



I see no reason to paint the levels, everything seems to be clear. I repeat that such parameters as the operating time (9x5 or 24x7) and the response time depends on the stipulated conditions with your Russian partner. Co-Elite level in Russia is not available.

4. Check Point PRO

This type of support was announced relatively recently. They called it, of course, pathetic - Next Generation Support. In fact, this is an additional service, which is hung to the acquired level of support, whether it be Standart or Premium. It is worth noting that the service is very useful. The prefix PRO does not mean “professional”, but “ proactive ”. With PRO support, Check Point specialists in real time monitor the technical state of your security gateways and server management. Parameters such as RAM, HDD, CPU, interfaces, power supplies, rotational speed of coolers, various alerts, etc. are monitored. When a problem arises, a ticket is automatically created in TAC, even before you yourself discovered it. For example, the cooler on the device broke. In a normal situation, you may not notice this, because this breakdown will not instantly manifest. PRO support understands that in the future this will lead to overheating of the device and its breakage. Thus, an application is created before something happens.
An important point, PRO support is NOT monitoring information security events, i.e. this is not a SOC. This is monitoring the “health” of your device.

5. Check Point Incident Response Team

Another service that can be added to the subscription is the Incident Response Team. As the name implies, this is a team that must respond to information security incidents. Those. when the customer was under attack. Check Point specialists can quickly connect to the solution of the problem, collect the necessary logs, traffic dumps, carry out a full-fledged toseniku, restore systems to work. You can contact them not only with a subscription, but also via the hotline. Read more about the service here . We will not paint it in detail, because This is a whole topic for a separate article.

6. Equipment Replacement (RMA)

What happens if the “piece of iron” breaks? With active technical support, you can quickly create a request in the TAC (chat, web, call) and after confirmation by the Check Point engineer, the procedure of equipment replacement - RMA - will be initiated. New equipment comes from the nearest warehouse and usually takes 1 - 3 days. For example, from personal experience, a new device was delivered to Makhachkala in 3 days. If you do not have a fault-tolerant configuration (not a cluster) and the network is “lying”, then the priority will certainly be higher, but you will hardly receive the device any faster than 1 day. Again, in this case, it is good to have an integrating partner who can lend the device for a while if idleness is critical. Or you need to take care of this in advance and choose a cluster configuration.
It should be noted that before the beginning of the RMA, no one will torture you for a long time by collecting logs or dragging out time. Those. You can count on a very quick decision.

7. Quality technical support

Now I would like to discuss the quality and adequacy of Check Point technical support. Of course, this will be a subjective opinion and perhaps someone had a different experience, which you can safely share in the comments.
As an integrator with CCSP status, we often have to work with Check Point technical support. During this time we managed to highlight the main advantages and disadvantages of this cooperation.
Pros:

1. All cases are solved. If the manual says that Check Point supports this or that function, but it suddenly does not work properly, then tech support will work with you until the problem is solved. If it is suddenly discovered that this is a “bug” in the system, then a patch will be issued specifically for you that fixes this problem. Again, from experience I can say that tech support only refuses cases when a device is demanded of something that it should not be able to initially.
2. Support with remote access. As the saying goes: "Instead of a thousand words." Sometimes it is very difficult to explain in words (or in the screenshots) what is happening and it is easier to show. Check Point specialists will never mind connecting to you and working on a problem together. This is especially important when the problem needs to be solved in a short time.
3. The possibility of escalation of the problem. If for some reason or another you are not satisfied with the work of the TAC engineer, you can change it fairly quickly using the case escalation mechanism (this button is available in the support center of the web portal). After that, your application will be transferred to another and most likely more qualified engineer. In technical support Checkpoint there are several levels of engineers, followed by the most “strong” engineer.
4. Excellent knowledge base. If you have a problem with the device, then with a 95% probability its solution is already described in the Check Point Knowledge Base. The main thing is to be able to use it. Perhaps we will describe some tricks for working with the database in the following articles. The knowledge base very often helps out and allows you to quickly solve problems without contacting those. support

Now the cons:

1. They deal with cases only with clearly formulated questions. The question from the category of "how to configure ..." is not a ride. Most likely you will be thrown off a link to one of the manuals and asked to handle a more specific problem. Those. nobody will teach you. If this does not suit you, then it is worth considering an option with support from a partner, i.e. Collaborative support. As a rule, it is much easier to negotiate with a partner.
2. To work with those. support needs to have certain knowledge, to be able to work on the command line and to be guided in the Check Point documentation. No one will explain to you how to connect via ssh to the device or how to copy the log file. At a minimum, you should be a confident user of linux systems, be able to use Check Point utilities such as cpinfo and migrate export . Perhaps in the following articles we will write it down.
3. English language support. Perhaps for some this is the biggest minus. Earlier, I wrote that quite often it is possible to find a Russian-speaking engineer, but these are only concessions made by the vendor (due to the presence of specialists speaking our language). If you do not speak English at all, and Russian-speaking engineers at this point will be busy, then you risk to be in a situation where you simply can not explain your problem. As I wrote earlier, if you need exactly the Russian ones. support, then look towards Collaborative support with a partner from Russia.

8. Result

To summarize all of the above (and our own experience), we can conclude that Check Point technical support is at a decent level. Various options for the types and levels of support allow you to choose the optimal solution for any company. In my opinion, Collaborative Support (support from the Russian partner) is the best option, but here it is a matter of taste. In the end, the type of support can always be changed.

PS The article is based on the webinar of Denisov Valery (Check Point Company). I would also like to thank Dmitry Zakharenko (RRC company) for help in preparing the article.