Check Point Can’t Go It Alone
I used to have to support this little product called
FireWall-1 VPN-1 from Check Point. I even wrote a couple of books about it. Even today, I still have to deal with the occasional Check Point "issue." It's an occupational hazard. Meanwhile, I saw this letter from Richard Stiennon at Network World and I had lots of bad memories come rushing back to me.
The crux of his piece suggests that Check Point should turn their product into something that runs only on specific hardware they sell. Certainly they are one step away from doing that with their "Secure Platform" that is basically a purpose-built distribution of Linux with VPN-1 and friends loaded in it. While that sounds like a great idea in theory, I think it would be suicide for Check Point to do this, or at least more painful than Stiennon suggests it would be.
First of all, Check Point has contracts with Crossbeam, Nokia, and a few other hardware makers. Presumably, there is something in those contracts that forbids Check Point from entering this market directly, though I've been involved in situations in the distant past where Check Point was selling Secure Platform into an account against a partner who was selling Check Point and Nokia to that same account. It may not be against their contracts, but it's certainly not kosher business. While I have no direct knowledge this is still happening today, I wouldn't be surprised to hear that it was happening either.
Second, these hardware partners provide technical support to their customers instead of Check Point. I'll use Nokia as an example since that is the vendor I am most familiar with for obvious reasons. People who buy Nokia hardware will call either Nokia directly or a reseller, depending on the level of support bought. Either way, the call comes into Nokia and is either handled directly, if it is a configuration issue or a problem specific to Nokia hardware or operating system, or if needed, the call is escalated to Check Point. In short, Check Point deals with less support calls as a result of these hardware partners.
A move away from hardware partners will mean higher costs that Check Point will have to bear, lower margins–hardware is lower margins than just software–and a lot of disgruntled customers and partners with possible legal repercussions. I don't think Check Point can afford to make that move, but then again I've seen Check Point make lots of moves that I would consider ill-advised.