I helped administer the CheckPoint commercial version of this before 2010 in a large enterprise (Checkpoint Integrity it was badged as). Really good product though we did have some bugs with it - I do remember the developers from Israel got involved and were very capable.

It mostly worked exactly as you would want a desktop firewall to, and integrated nicely with Cisco VPN tech, so you could ensure Integrity was operating correctly before fully opening up the tunnel for access to corporate assets.