IT Central Station is now PeerSpot: Here's why

Check Point CloudGuard Network Security OverviewUNIXBusinessApplication

Check Point CloudGuard Network Security is #3 ranked solution in best Cloud Security companies and #8 ranked solution in best firewalls. PeerSpot users give Check Point CloudGuard Network Security an average rating of 8.4 out of 10. Check Point CloudGuard Network Security is most commonly compared to Azure Firewall: Check Point CloudGuard Network Security vs Azure Firewall. Check Point CloudGuard Network Security is popular among the large enterprise segment, accounting for 56% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 27% of all views.
Check Point CloudGuard Network Security Buyer's Guide

Download the Check Point CloudGuard Network Security Buyer's Guide including reviews and more. Updated: August 2022

What is Check Point CloudGuard Network Security?

Check Point CloudGuard provides unified cloud native security for all your assets and workloads, giving you the confidence to automate security, prevent threats, and manage posture – everywhere – across your multi-cloud environment.

Check Point CloudGuard Network Security was previously known as CloudGuard IaaS, Check Point vSEC, CloudGuard IaaS, Check Point Virtual Systems, Check Point CloudGuard Network Security.

Check Point CloudGuard Network Security Customers

Physicians Choice Laboratory Services, Helvetica Insurance

Check Point CloudGuard Network Security Video

Archived Check Point CloudGuard Network Security Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Senior System Engineer at Gas South
Real User
Secures our assets in the cloud while providing access to applications in our vendor hosted data centers via IPSEC tunnels
Pros and Cons
  • "We have found the overall functionality of the product to be exactly similar to the physical product. The one good advantage is that it is cloud-based and can be deployed either as a part of a scale set or one can shut down the virtual machine and adjust the physical parameters of the virtual machine easily and bring it right back up."
  • "I think they have pretty much mastered what can be done. There are some nuances like when you fail over from one cluster member to the other, the external IP address takes about two minutes to fail over."

What is our primary use case?

It secures our assets in the cloud while providing access to applications in our vendor hosted data centers via IPSEC tunnels. We also use it for endpoint vpn for all our users. We have it deployed in our cloud and it forms the gateway for all external connectivity and access to the assets in the cloud. We also have a backup site to site connection with our on premise data center so in case the primary connection to the cloud fails we can quick fail over to this backup connection and business can continue as normal .

How has it helped my organization?

We have it deployed in our cloud and it forms the gateway for all external connectivity and access to the assets in the cloud. CloudGuard IaaS has given us the complete redundancy that we have been designing and planning for over 2 years. CloudGuard provided the Gas South remote users with an alternate and secure connection into our completed IT infrastructure so that our remote users can log into CloudGuard end-user VPN over a secure and encrypted method and work as normal. This has come in very handy during this COVID-19 times.

What is most valuable?

We have found the overall functionality of the product to be exactly similar to the physical product. The one good advantage is that it is cloud-based and can be deployed either as a part of a scale set or one can shut down the virtual machine and adjust the physical parameters of the virtual machine easily and bring it right back up. Also if deployed as a cluster this can be done without any downtime at all since you can take down one virtual machine at a time to upgrade. Overall a very well designed product

What needs improvement?

I think they have pretty much mastered what can be done. There are some nuances like when you fail over from one cluster member to the other, the external IP address takes about two minutes to fail over. During this time there is an outage of service. On digging into this further I found that this is more on the cloud fabric and provider side than the actual Checkpoint CloudGuard side. The Cloud provider is taking that long to actually detach the Virtual IP Address (VIP) from one machine and fail it over to the other

Buyer's Guide
Check Point CloudGuard Network Security
August 2022
Learn what your peers think about Check Point CloudGuard Network Security. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
622,358 professionals have used our research since 2012.

For how long have I used the solution?

Almost two years.

Which solution did I use previously and why did I switch?

We have always been a Check Point customer.

What's my experience with pricing, setup cost, and licensing?

If you are a Microsoft Azure customer the setup is very simple. There is already a great template there ready for deployment. Read the deployment guide fully before attempting it. Licensing is built into the deployment but you will get billed separately as a market place deployment and does not get charged to your subscription. This is a bit frustrating but they are working on fixing this

Which other solutions did I evaluate?

We did look at bring in other alternate vendors before settling on CloudGuard. We did a POC of Fortinet.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
M Poczobut - PeerSpot reviewer
CISO and Senior Director Technical Operations at a insurance company with 201-500 employees
Real User
Extends required threat protection to all of our virtual assets, regardless of where they reside
Pros and Cons
  • "What's most valuable to me is that it's a contiguous solution that aligns well with the components that we've relied on and trusted from a traditional hardware, firewall, and unified threat management system. My engineers and analysts don't have to learn another platform. We have already entrusted our security controls to Check Point for perimeter and physical security, and now we can do so at the virtual layer as well, which is key to us."
  • "It's meeting our needs at this time. If I could make it better, it would be by making it more standalone. That would be beneficial to us. I say that because our current platform for virtualization is VMware. The issue isn't any fault of Check Point, it's more how the virtualization platform partners allow for that partnership and integration. There has to be close ties and partnerships between the vendors to ensure interoperability and sup-portability. There is only so far that Check Point, or any security vendor technology can go without the partnership and enablement of the virtualization platform vendor as it relies on "Service Insertion" to maintain optimal performance."

What is our primary use case?

Most security solutions traditionally have been protecting physical assets within an environment, or reliance on an inline hardware appliance. CloudGuard takes the security controls that were previously packaged with physical appliances in mind and extends them to the virtual infrastructure.

It's an add-on capability to an existing virtual infrastructure, such as an AWS, Azure, or even on-premise solutions. It adds a security layer on top of your existing infrastructure with zero latency.

We're hosting it ourselves on our hypervisors, as well as starting to do so in some of our private cloud instances. It's solely managed by us with a pair of consolidated management servers.

How has it helped my organization?

This virtual platform is unique in the way that it augments our existing physical controls through a centralized management system. When many organizations, like ours, went from physical servers to virtual servers and desktops, there was a blind spot there. We no longer had visibility into what was happening within our environment, and that extended to the cloud as well where it's difficult, if not impossible, to introduce hardware — firewalls and other security protection. This solution takes what is still required around intrusion detection/prevention, anti-malware, and other threat protection capabilities and extends it to all of our virtual assets, regardless of where they live, in a private or public cloud.

CloudGuard has closed a significant gap that we had in our environment. We were searching for the right solution for many years, to gain visibility into, and protection of, all of our virtual asset servers, desktops, and workloads. There have been other products throughout the years that provided a similar type of technology, but had we purchased and move forward with those, we would have seen a degradation of performance within our environment, as traffic would have to be what's considered "hair-pinning" and going in and out of the virtual environment to another either virtual or physical appliance. We intentionally delayed our purchase of this kind of solution because we were not satisfied with that architecture. We weren't willing sacrifice performance degradation on our network. That's really the big benefit of the CloudGuard, it is able to live within the same virtual instances as the other virtual assets and workloads.

What is most valuable?

What's most valuable to me is that it's a contiguous solution that aligns well with the components that we've relied on and trusted from a traditional hardware, firewall, and unified threat management system. My engineers and analysts don't have to learn another platform. We have already entrusted our security controls to Check Point for perimeter and physical security, and now we can do so at the virtual layer as well, which is key to us. It really augments their current stack of capabilities. It all aligns well under their umbrella of their Infinity architecture, which we have adopted.

What needs improvement?

It's meeting our needs at this time. If I could make it better, it would be by making it more standalone. That would be beneficial to us. I say that because our current platform for virtualization is VMware. The issue isn't any fault of Check Point, it's more how the virtualization platform partners allow for that partnership and integration. There has to be close ties and partnerships between the vendors to ensure interoperability and sup-portability. There is only so far that Check Point, or any security vendor technology can go without the partnership and enablement of the virtualization platform vendor as it relies on "Service Insertion" to maintain optimal performance. 

We are frequently in contact with Check Point's Diamond Support, Product Development Managers as well as their sales team, as we look to keep apprised of where the product ius and should be going. Most of our requests have been around our physical assets, the physical UTM devices — Check Point Maestro, as an example — as well as their endpoint systems. There has not been anything at this time where we've said, "We wish CloudGuard did X differently." CloudGuard, in my opinion, having recently talked with them, is continously improving and is incorporating some of their recently acquired capabilities, such as Dome9 cloud compliance. Those are areas I have been evaluating and looking to add to my environment. My preference would be that it be included in my CloudGuard subscription licensing, and not an add-on; But that's the only thing that I could say that would be beneficial to us as an enhancement to the system.

For how long have I used the solution?

We've been using Check Point CloudGuard IaaS for about three years.

What do I think about the stability of the solution?

The stability has been great. There has been no concern at all. We have not had any known downtime or issues to speak of.

What do I think about the scalability of the solution?

Scalability was well thought out and designed. I've spoken about this at several Check Point CPX events. Throughout the instances that we have, if a single Check Point CloudGuard instance is overloaded due to event load, it will intelligently redirect that workload to another service on a different host, so that it's not delaying the interrogation of the traffic.

It's being used throughout our environment. We will increase usage only when we augment our cloud offerings.

Users, in this case, are the IT security and networking folks that support it and rely on these controls being effective. They analyze the output of the event interrogation. Right now, I have three resources supporting CloudGuard. I don't have dedicated staff for maintaining the solution. They're shared resources who work on other network and security devices. From an operational standpoint, it's a fraction of an FTE that is required.

How are customer service and technical support?

Check Point's technical support for this solution, overall, is very good. Check Point has architected this solution well enough that it has similar, if not the same, code base as the physical devices. It doesn't appear to be a big lift and can leverage the same support engineers for CloudGuard as we would have for our physical devices.

Which solution did I use previously and why did I switch?

We never found a solution we were satisfied with, and which would not affect our overall operational performance.

How was the initial setup?

I was not personally involved in the initial deployment, as I'm the CISO of the organization, but I was closely engaged with my engineers. The CloudGuard portion of our installation and setup was extremely simple, in comparison to the integrated component on the virtualization side of things. Check Point made it extremely easy to deploy and configure, especially because it's done from our consolidated management devices that we're already familiar from our physical unified threat management devices.

The delays in deployment were mostly due to the virtualization side of things. If it was just CloudGuard alone, we probably could have had that done in about six to eight weeks. But there were several starts and stops due to the accompanying VMware component, which has really extended, I hate to say it, over 12 months.

In terms of our implementation strategy, the intent is that every host in our environment that serves up virtual assets and workloads would have an instance of CloudGuard installed on it. And then all respective HTTP/HTTPS traffic would be routed through Check Point for visibility and interrogation, so that if any of its threat controls determined that an asset was rogue or infected due to some malicious insider or outsider, it would automatically quarantine that device. We have tested that and it worked successfully.

What about the implementation team?

We installed it with the help of Check Point-badged engineers. To be honest, we had to ask for a new lead engineer. And once that occurred, the project implementation went very smoothly.

What was our ROI?

ROI is a very difficult metric in the security space. We've been fortunate that we haven't had an event in which we would say that because of CloudGuard our MTTD and MTTR was low and we quickly identified and stopped a malicious adversary.

However, we are now more confident in our security controls and visibility. CloudGuard plays a significant role in our SOAR (Security Orchestration Automation and Response) initiative. We can now automate the isolation of an infected machine with the help of CloudGuard.  This in itself is the best ROI as it doesn't require manual intervention to detect and respond.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing of this is much more digestible than that of its hardware equivalent. I've found, in times past, especially on the hardware side of things, that the licensing support and maintenance could be very daunting to understand. If that has scared folks away in the past, CloudGuard is much simpler. 

Licensing is simply by the number of hosts that you are looking to protect within your environment. It makes it much easier to ensure that you are covering your environment.

If you are not already a Check Point customer for the UTM and the SmartEvent, there likely would be an additional cost, beyond the standard CloudGuard licensing, if you wanted the reporting. It's a unique instance where we already had an established infrastructure of Check Point devices on our network, and then we added CloudGuard to it. Had we started with CloudGuard, and only had virtual assets to protect, it is possible that there would be additional cost. I would urge folks to look into what it would cost to add the reporting capabilities and log event management.

Which other solutions did I evaluate?

We looked at offerings from Cisco (ACI), Illumio and Gigamon. This was about three-and-a-half years ago.

The main differentiator, and the reason we selected Check Point, is how it integrated with our virtualization platforms. It lived there natively. It had the least amount of overhead to interrogate the traffic within our environment. It also aligned well with our consolidated reporting and management solutions that we have come to rely on from our Check Point physical UTM devices.

What other advice do I have?

Intently know and understand the integration points within your environment. It is a great security solution, but understand how integrated it is with, and what level of partnership there is between, Check Point and the virtualization platform that you're looking to add it on top of.

The biggest lesson I have learned is that the Check Point CloudGuard features, although good, are only as good as the accompanying virtual platform and its level of integration. I have to be honest: Overall, this is the ideal solution for us and our organization, but it is slightly more complex. There are newer competitive products that take a different stance, that are agent-based. We did not want — and this is another key distinction — a solution that wasn't agent-based in which we had to deploy a piece of software on each and every virtual endpoint. Having this done at the hypervisor level definitely was the right strategy for us. However, the lesson learned, with this type of solution, is that it is very important to understand the nuances of your virtualization platform and what is required on that side to enable the Check Point CloudGuard.

You're relying heavily on the partnership and the capabilities of that virtualization platform. Going in, understand the degree of that partnership and the respective road maps of each, because the CloudGuard solution is only as good as the capabilities it has with the virtualization platform. That's especially true for large enterprises that want to constantly move workloads around and have their rule set follow in an event where they're having to ensure that systems are always alive and always protected.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Check Point CloudGuard Network Security
August 2022
Learn what your peers think about Check Point CloudGuard Network Security. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
622,358 professionals have used our research since 2012.
RAMAKRISHNANV V - PeerSpot reviewer
Senior Security Architect at a computer software company with 10,001+ employees
Real User
Auto-scaling and zero touch are major security features
Pros and Cons
  • "Auto-scaling and zero touch are valuable features."
  • "Zero touch removes any independence for configuring."

What is our primary use case?

My experience with the solution has mainly been implementing it with an auto-scaling on behalf of my clients. My job was to migrate an on-prem firewall to AWS cloud. I'm a senior security architect. 

What is most valuable?

I think one of the valuable features is the auto-scaling, which is based on traffic and  automatically spins one more firewall and adds it to the management server. The zero touch is also a valuable feature. After re-tagging the next internal load balancer within Check Point, it automatically writes up a mac rule and an access rule. As long as you're adding a server into the internal load balancer, you won't need to touch anything. In a Check Point firewall, the mac rules and access rules are automatically written up. Zero touch means there is no need to insert rules again when you're adding servers internally. 

What needs improvement?

There is definitely some improvement required. We currently use a deployment template provided by AWS each time. If I want to clean up the IaaS I have to use the IaaS template which should not be necessary. Secondly, because it's zero touch, I cannot write up any rules in the firewall. I understand these features might have been built particularly for zero-touch but from the perspective of a network and firewall engineer, some independence to configure something on the firewall would be appreciated. 

An additional feature that could improve the solution would be to enable both automatic and manual control that would allow the engineer complete control over the firewall.

What do I think about the stability of the solution?

The solution is generally stable although it crashed one time while I was implementing. 

What do I think about the scalability of the solution?

The solution is absolutely scalable. 

How are customer service and technical support?

The technical support is excellent.

What other advice do I have?

My advice to anyone wanting to implement this solution would be to religiously follow the guidelines. 

I would rate this solution an eight out of 10. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
CTO at a healthcare company with 10,001+ employees
Real User
Secure, reliable, and has good technical support
Pros and Cons
  • "The most valuable feature for us is the cluster support."
  • "Our biggest complaint concerns the high resource usage for IDP/IPS, as we cannot turn on all of the features even with new hardware."

What is our primary use case?

We use this solution as our perimeter firewall. 

What is most valuable?

The most valuable feature for us is the cluster support. We have been using this for a long time, so it is not a feature from the latest version.

What needs improvement?

We would like to be able to scale out such that we can increase performance within a cluster with more active nodes.

Our biggest complaint concerns the high resource usage for IDS/IPS, as we cannot turn on all of the features even with a recent hardware upgrade.

A great enhancement for this solution would be an active-active or multi-active scalability.

As we need to fulfill higher bandwidth demands due to increased cloud usage and research-driven data exchange, we might need to look for other vendors with more competitive pricing.

For how long have I used the solution?

I have been using this solution for two years.

What do I think about the stability of the solution?

This is a stable solution.

Six months ago, we updated our version to the most recent one.

What do I think about the scalability of the solution?

The scalability of this solution is limited, which is why we have started looking for alternatives. Currently, we have about twenty-thousand users.

How are customer service and technical support?

Technical support for this solution is good. They have a quick response and the solution was available within a short period.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

How was the initial setup?

This initial setup of this solution is complex.

The preparation for deployment took two days, and the deployment itself took about two hours.

We have three staff who are responsible for maintaining the firewall, although there are more tasks that they handle, in addition to it.

What about the implementation team?

We enlisted the help of a service provider to assist us with the implementation. 

What's my experience with pricing, setup cost, and licensing?

The price of this solution could be improved. We pay approximately ‎€150,000 ($166,000 USD) per year. We receive four days of support every year from our service provider before we have to contact Check Point. 

Which other solutions did I evaluate?

We did not evaluate other options before choosing this solution, although we are currently considering alternative solutions from Forcepoint and Fortinet.

What other advice do I have?

My advice for anybody who is considering this solution is to start by identifying high-bandwidth use cases. If you have any, and you have a high-security requirement, then I suggest considering other options.

This is a secure and reliable solution for us, although we are a bit disappointed with the limited scalability and resource consumption.  

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Security Engineer at a government
Real User
All-in-one-box solution with easy configuration and great routing
Pros and Cons
  • "As per the solution's blade design, there are many options. For example, you have to buy a UTM blade and an advanced malware blade, etc. If the blade license is there, we can configure from the firewall GUI."
  • "If you compare the GUI with the Palo Alto and Forcepoint in the Cisco, they're very easy. Check Point, due to its design, is a little bit complex. They should make the GUI easy to use so that anyone can understand it easily, like Fortinet's GUI. Many companies end up using Fortinet because the GUI is very easy, and there's no need for training. They just deploy the box and do the configuration."

What is most valuable?

As per the solution's blade design, there are many options. For example, you have to buy a UTM blade and an advanced malware blade, etc. If the blade license is there, we can configure from the firewall GUI. 

The net policy and routing are also great features.

What needs improvement?

If you compare the GUI with the Palo Alto and Cisco, they're very easy. Check Point, due to its design, is a little bit complex. They should make the GUI easy to use so that anyone can understand it, like Fortinet's GUI. Many companies end up using Fortinet because the GUI is very easy, and there's no need for training. They just deploy the box and do the configuration.

Also, we have to inform customers that with Check Point there's no need to purchase any routing device. Check Point can do that routing as well as the Firewall and the IPS. The marketing should be stronger, to show that customers only need one box to handle all the features. It will be cost-effective and enhance the performance and value, but because of their poor marketing, customers don't realize this.

In the future, a color string would be powerful. Sandboxing should also be offered. Many people want the Trend Sandbox but not on the cloud. In the Middle East, there is a policy for Sandboxing that states it should be on Trend as per the government law. They have Sandboxing solutions on the cloud, but they have to bring the solution onto Trend also. Palo Alto has Wildfire, Cisco has Talos, and Forcepoint has one available as well.

In the future, routing protocols should be more supported like OSPF and BGP. There needs to be integration with the SDN. I don't know if SDN is there or not in Check Point, but SDN is one of the major requirements nowadays.

For how long have I used the solution?

I've been using the solution for one month.

What do I think about the stability of the solution?

The solution is very stable.

What do I think about the scalability of the solution?

We just deployed the solution, so scalability I cannot speak to right now. But, as per Gartner and NSS Lab, they're allegedly very good. I don't think there will be an issue with scalability.

Which solution did I use previously and why did I switch?

I am currently also working on Cisco ASA, Fortinet, and Palo Alto.

What about the implementation team?

I'm an Operation Engineer; I handle the deployments myself. 

What's my experience with pricing, setup cost, and licensing?

Compared to Cisco Firepower Threat Defense, the solution is cheap. However, not as cheap as Fortinet or Palo Alto. If clients have smaller budgets, we would have to advise one of those instead.

What other advice do I have?

There are two deployment model modes in Check Point. One is a gateway level and one is a no gateway all-in-one box solution. With the gateway level, only hardware will be there, all operating systems are stored in a VMware and if there are any issues in the hardware, you just replace the box; all of your policies will be saved into VMware.

The all-in-one box you have the GUI policies and also the gateway so it's secure. If there is an issue in the box - like failure or downtime - all of the networks will be affected.

I would rate the solution eight out of ten. We haven't been using it too long, so we haven't had a chance to look at all aspects of the solution. I would recommend Check Point to customers because it is an affordable option.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Siju Siju - PeerSpot reviewer
Assistant Manager IT Projects at Mustafa Sultan
Real User
Reliable solution with a unique architecture that creates flexibility in the deployment
Pros and Cons
  • "A unique architecture makes this product stand out from other solutions."
  • "It can be difficult to install properly without prior training"

What is our primary use case?

We install the solution for our customers and Check Point is our preferred solution in any firewall deployment. The two-layer architecture with the administration and security makes a difference and in every instance, we know who the user is.

The touch features are very different than other brands. From the feedback I get from my customers, Check Point is the best.

How has it helped my organization?

Check Point gives us a strong solution that we can depend on when deploying it for clients.

What is most valuable?

The most valuable features are within the unique architecture that creates flexibility in the deployment.

What needs improvement?

The knowledge base that is available is limited and it is on a closed network where only a customer or certified engineer will know about it. A beginner who wants to learn about the product actually has to enroll in training or get certified and have a valid license or certification to access information. That is something I find strange as most users would like to know about it. The new users would like to be able to see those areas and what type of concerns or any configuration issues they may have before deciding to work with the product. To me, that is a simple open-mindedness. In terms of the availability of the system and functionality of the product, there's no concern. But the problem is that efficient VSX (Virtual System Extension) deployment is complicated. Most of our customers are afraid to deploy any configuration changes because they are afraid something will happen.

It's not the same situation as with other products. I guess the reason behind it is the kind of architecture which they are using. There are more possibilities to crash than other products. That is the feedback I normally get from end-users, but even so, for us, I would say it's one of the best product.

For how long have I used the solution?

We've been using this product for over two years.

What do I think about the stability of the solution?

Check Point is very stable. I would say that initially there were a couple of issues we had during deployments. But now we have climbed the learning curve of the product and all installations are very stable. We have most clients running on version 7.3 and didn't upgrade most further from there because we know that 7.3 is stable and it is what we are running most of the customers now.

What do I think about the scalability of the solution?

Scalability is fine. In fact, we are demonstrating the hyper scale with most of the customer now. There is no doubt about the scalability and it is not a problem.

How are customer service and technical support?

Up until now, we have not had to register with technical support from Check Point. If we needed help we got support with the presale technical support team from our region. He was able to help us internally. The team helps us to get products stable. Up until now, we did not contact them. It is not very transparent. They approach resolutions through a partner and the partner solves the case. They seem to mostly depend on partners for the resolution of issues.

Which solution did I use previously and why did I switch?

We deploy a variety of products for our clients depending on their needs. Check Point is one of the most reliable.

How was the initial setup?

I would say that the installation is straightforward when you have learned about the architecture. Before that, the installations may be a little confusing.

What about the implementation team?

We are partners with Check Point so we handle the installations and deployment. In the beginning, we did have some engineers from Check Point assist us in the initial installations, but after that it was fine and we were able to manage it by ourselves.

What's my experience with pricing, setup cost, and licensing?

Check Point pricing is high. It is a sector where there is heavy competition so it does not help when trying to sell the product. But one thing is that the sales chain is fantastic. The price is usually the most difficult thing when we discuss Check Point with customers, their feedback is that it is not a competitively inexpensive product. Clients want to know why that is and if we could scale the price. Check Point can have more presence in the market, but if they want it to compete, they have to come down in price a little more. I would say 20 to 30% lower. The product is fine.

What other advice do I have?

The web application firewall is commonly used in most firewalls now. If they can add that as a feature, it would be a very strong scenario. When we use Check Point on a perimeter or a DMZ zone, the first thing that clients ask is if there is wireless protection. Check Point has IPS (Intrusion Prevention System) but it does not have wireless protection. So if production is using the cloud if they can integrate mobile app protection, mobile shielding, there's more value for Check Point, but if they include that, Check Point could be the very best firewall option.

On a scale from one to ten, when one is the worst and ten is the best, I would rate Check Point as an eight. It needs to do better in pricing and with broader features for mobile.

One thing that I learned from multiple installations of Check Point is that you have to train the customer before implementing. Unless the customer is already a highly skilled security engineer so that they know what they can get out of the product, they will not be as satisfied. Otherwise, just before the deployment, we have them go for training so they understand the product and what it can do.

They will be happier and they won't choose to go with another product in the future. Even with my engineers who understand many other products, I trained them properly before I send them out for deployments. Check Point is not a product that if you don't know you can just install without knowing anything about it. You have to know the architecture first. You have to know each and every option than work on the product. Then it will be far better and say no to certain features which are not important to use. On the other hand, knowing it is available is fantastic and becomes an option in the right situations.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
it_user919560 - PeerSpot reviewer
Consultant at a government with 10,001+ employees
Consultant
A good firewall solution that's extremely stable and can scale easily
Pros and Cons
  • "The IPS, application and URL filtering, as well as Identity Awareness, are all very valuable features."
  • "Sometimes, if you aren't familiar with the solution, it can be a bit complex, but it does become easier to use with time. However, every time they launch a new version, it becomes more complex and you need to take time to get familiar with all the changes. For every version that they upgrade, you need to upskill yourself."

What is our primary use case?

We primarily use the solution as firewall security for our clients.

What is most valuable?

The IPS, application and URL filtering, as well as Identity Awareness, are all very valuable features.

What needs improvement?

Reporting needs improvement. It's difficult to utilize properly. Currently, I'm in a situation whereby a client of ours is looking for reporting on their organizational unit. Check Point has failed to do that. We've been trying to do it for the past month and we haven't been able to. We've also gotten techs from Check Point to call us to help and we just can't get the solution to do what we need it to do.

Sometimes, if you aren't familiar with the solution, it can be a bit complex, but it does become easier to use with time. However, every time they launch a new version, it becomes more complex and you need to take time to get familiar with all the changes. For every version that they upgrade, you need to upskill yourself. 

For how long have I used the solution?

I've been using the solution for three years.

What do I think about the stability of the solution?

The stability of the solution is fantastic.

What do I think about the scalability of the solution?

The scalability potential of the solution is great. We use the solution quite extensively. We do plan to increase usage in the future.

How are customer service and technical support?

If I were rating technical support out of ten, I would give it a seven. They're inconsistent. Sometimes you do get guys from Check Point to help you out and then sometimes you don't. Sometimes it's hard getting a hold of them.

Which solution did I use previously and why did I switch?

We didn't previously use a different solution.

How was the initial setup?

The initial setup is straightforward. The time it takes to deploy depends on the organization.

What about the implementation team?

We handled the implementation ourselves.

Which other solutions did I evaluate?

I am familiar with Fortinet, although I didn't do a direct comparison. I did compare other solutions as well.

What other advice do I have?

For those who want to implement the solution, they should make sure they have a very strong networking background.

I would rate the solution eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user583365 - PeerSpot reviewer
Head of Cyber Security Department at NGT Group
Real User
Completely closes the potential vulnerability channel and has excellent scanning and reporting
Pros and Cons
  • "We find Check Point valuable because they are 100% focused on security. It totally closes the potential vulnerability channel. We can check our mail and our attachments and we can scan everything easily. We get an immediate report about the situation of the attachments. We can discover if the target's security attack was started from phishing, etc. We also enjoy using the additional features that protect our internal customer from targeted attacks."
  • "The stability of the solution could be improved, but this is the problem of all the solutions in the market. This isn't just a problem specific to Check Point."

What is our primary use case?

We are able to use the solution for cloud protection and in parallel with or just for network protection. In our scenario, we use it as a border network firewall, which is based on a virtual environment and we're using it for the border protection of our network. 

What is most valuable?

We find Check Point valuable because they are 100% focused on security. It totally closes the potential vulnerability channel. We can check our mail and our attachments and we can scan everything easily. We get an immediate report about the situation of the attachments. We can discover if the target's security attack was started from phishing, etc. We also enjoy using the additional features that protect our internal customer from targeted attacks.

What needs improvement?

The stability of the solution could be improved, but this is the problem of all the solutions in the market. This isn't just a problem specific to Check Point.

For how long have I used the solution?

I've been using the solution for four years.

What do I think about the stability of the solution?

The stability is good. It's really good compared with Palo Alto, Fortinet, and Cisco, most of all. But it definitely can be better.

What do I think about the scalability of the solution?

The scalability of the solution is good. Right now, the solution protects about 400 customers.

How are customer service and technical support?

The solution's technical support is good. If we have problems, we can speak directly to Check Point, or we can speak to one of their partners or a local partner. The solution has a great community that surrounds it.

How was the initial setup?

The initial setup was complex because we were using a complex networking architecture. It took us about two days to implement the solution. For administration of all of this infrastructure, we need two people. For deployment and maintenance, we need just one person.

What about the implementation team?

We used the implementation guide provided by the company to assist with deployment.

What's my experience with pricing, setup cost, and licensing?

Our licensing is yearly at a fixed cost.

The solution has a very flexible pricing model. It can provide the same level of security and performance, but in parallel, can be subscription-based.

What other advice do I have?

The solution is the on-premises deployment model which we use in our server environment.

We are an integration company, and although we deal with other solutions, we mainly focus on Check Point.

The solution is a great mix of user experience, flexibility, security features, and cost. After five years, I believe the total cost ownership will be much cheaper than any competitor.

The advice I would give to others interested in implementing is that this solution does have security problems. Not Check Point, per se, but in the network environment. The security recommendation from the Check Point and from us is to use the VSX in the internal network. It should not protect your border because there are some issues around bugs, etc. It could cause vulnerabilities if it's used this way. 

I would rate this solution eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user819654 - PeerSpot reviewer
Network Consultant Engineer at a tech services company with 11-50 employees
Consultant
Excellent technical support but the zero-day threat detection needs improvement
Pros and Cons
  • "The program is very stable."
  • "It is a very expensive program and there are additional costs despite the standard licensing fees."

What is our primary use case?

Our primary use case of this solution is for security.

What is most valuable?

The IPs and the VPN are the most valuable features of this solution.

What needs improvement?

I would like to see an improvement on the zero-day threat detection. It is also not very user-friendly, so it would be great if it could be less complicated and easier to operate. The dashboard needs to be easier to use.

Also, if the solution could be cheaper, it would really help, because it is very expensive. 

I would like to see sand boxing added to the new version.

For how long have I used the solution?

I have been using Check Point Virtual Systems for ten years now.

What do I think about the stability of the solution?

The program is very stable.

How are customer service and technical support?

The technical support is excellent and they always responded when we had an issue.

How was the initial setup?

The initial setup wasn't too complicated, but it wasn't very easy and straightforward. Deployment took us about a week. 

What's my experience with pricing, setup cost, and licensing?

It is a very expensive program and there are additional costs despite the standard licensing fees. So I would like to see it being more affordable in the future.

What other advice do I have?

I will recommend this program to others and my rating is seven out of ten. I do recommend that users should always use the checkpoints and backup as often as they can.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user715161 - PeerSpot reviewer
Director at InfoGuardian
Real User
An expandable solution that can be upgraded on-demand and as required
Pros and Cons
  • "The most valuable feature of this solution is that you can start off with a simple firewall and expand it to UTM."
  • "The management console can be simplified because at the moment, it is a bit of a challenge to use."

What is our primary use case?

We are a solution reseller, and we also assist our clients with support. This is one of the solutions that we provide to our customers.

This solution can be deployed in many ways. It is available in the cloud on AWS and Azure. You can install it in a virtual machine, you can have it as a hybrid, and you can have it on-premises.

What is most valuable?

The most valuable feature of this solution is that you can start off with a simple firewall and expand it to UTM. You don't have to buy a UTM to start off with, but rather, you can buy a simple firewall and upgrade it. The simple firewall comes with many of the UTM features, in any case.

What needs improvement?

The management console can be simplified because at the moment, it is a bit of a challenge to use.

I would like to see support for software-defined wirings in the next release of this solution.

For how long have I used the solution?

I have been working with this solution for eighteen years.

What do I think about the stability of the solution?

I've got Check Point systems that have not been rebooted in two years, so it is quite stable.

What do I think about the scalability of the solution?

This solution is quite scalable, but it requires hardware upgrades from time to time. Or, if you go with a virtual environment then it is very scalable because you start with one CPU and can increase to twenty-four CPUs.

How are customer service and technical support?

Technical support for this solution is fairly good. We have got enough skill in our business to do most of it, but once you raise a call with support, they give you quite the fast and effective answer.

How was the initial setup?

The initial setup of this solution is in-between, but more on the complex side. It's not the most complex product that I've worked with, but definitely not the simplest product that I've worked with.

What's my experience with pricing, setup cost, and licensing?

The price of this solution varies from small to extremely expensive. On average, it is normally on the lower end, being less expensive than Palo Alto or Cisco.

What other advice do I have?

The biggest lesson that I have learned from this solution is to never assume that something is simple, because there's always a hidden snag that we run into.

I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
RicardoGranados - PeerSpot reviewer
RicardoGranadosCibersecurity Pre-Sales at a tech services company with 10,001+ employees
Real User

Auto-Scale Palo Alto Networks VM-Series Firewalls in a Public Cloud Environment
For environments that require an automatic deployment as scale out of the security services is required, you can
combine bootstrapping with additional automation that monitors the security services and, when performance limits
are reached, triggers (CloudWatch) the automatic deployment and bootstrap of a new firewall to the security layer.
Auto-scaling works differently in every environment because tools that are specific to each public cloud environment
monitor and trigger the firewall deployment. Auto-scaling in AWS uses AWS services such as Lambda, Amazon Cloud-
Watch, S3, and SNS, in addition to the APIs and bootstrapping on the firewalls. In Azure, you use AppInsights and
Virtual Machine Scale Sets to monitor the environment and trigger the automatic deployment of a new firewall. You
can use a number of metrics in order to trigger the auto-scale event. Examples include:
• Data Plane CPU Utilization %
• GP Gateway Utilization %
• Active Sessions
• Data Plane Packet Buffer Utilization %
• SSL Proxy Session Utilization %
• Session Utilization %
Just like in the previous example, you must create the bootstrap container before automatic scale-out. The automation
monitors the appropriate metric on the existing firewalls, and after the value is higher than allowed for the right amount
of time, the scale-out event triggers the same firewall deployment as in the previous example. After the firewall is deployed and has a configuration provided by Panorama, the auto-scale automation adds the new firewall to the backend pool of the load balancer, ensuring that traffic load is appropriately distributed to the new firewall.

Operational Response to a Changing Environment
In virtual private data center and public cloud environments where new compute instances are created as needed for
scale, the administrative overhead in managing security policy can be cumbersome. Using dynamic address groups in
security policy allows for agility and prevents disruption in services or gaps in protection.
The VM-Monitoring Agent on the firewall can pull IP address and tag information from the cloud environment. Predefined dynamic address groups use the tag information to automatically associate IP addresses to pre-defined rules in the security policy. When there are multiple firewalls in the environment, they all can monitor the same source for IP and tag information. This provides the firewalls a dynamic but consistent view of the resources within the environment.
Dynamic address groups allow the firewall security policy to respond to a changing environment, but the applications
running in the environment must be well known for the appropriate dynamic address groups and security policy rules
to be created. Configuration automation can be used to provide a security policy that automatically is configured when
new applications are deployed to the environment.

Security Response Based on Log Information
Although log information alone can be extremely valuable to a security administrator, manually sifting through the logs
and responding to security events takes too long and requires too many administrative resources. Automated security
actions in the firewall can respond when a previously identified scenario presents itself in the logs. For example, when
Panorama sees a correlation event, it can use the source IP address from the log and use auto-tagging to attach a predefined tag, such as “Compromised.”
You can configure a dynamic address group on the firewall that is associated to the IP addresses with the “Compromised” tag. You can then create a security policy that blocks the traffic or enforces multi-factor authentication (MFA) for these endpoints that uses the dynamic address group as the source. If the user on the endpoint is malicious, MFA blocks their attempt to move laterally within the network, protecting sensitive data.
If the user continues to attempt to move laterally, Panorama can automatically use additional tags to block the IP and
HTTP log forwarding to log an incident. Panorama can use the ServiceNow ticketing system HTTP API to create a ticket so that the operations team is aware of this action on the endpoint. They can then investigate the incident, remediate the endpoint if needed, and remove the associated tags the apply the enhanced security policy.

Security Response to Improper Cloud Environment Configuration
RedLock cloud security provides organizations configuration security alerting for AWS, Azure, and GCP environments
and provides integrations that allow remediation to be automated. Using auto-remediation, organizations can make
sure alerts are automatically remediated before they, or malicious actors, even know there’s an issue. For example,
reconfiguring a security group rule that allows ingress traffic from the public Internet and opening a ticket with Service-
Now for tracking minutes after it’s been created.
RedLock uses the following automation process to remediate issues:
1. Using the cloud environment’s API, continuously perform checks against the configured signatures and policies.
2. If the resulting analysis determines a signature did not pass, send the failed alert to an integration such as
ServiceNow or AWS Simple Notification Service (SNS).
3. The AWS SNS service triggers the workflow automation and launches the AWS Lambda auto-remediation
function.
4. Using the AWS API, auto-remediate and fix the offending issue.
5. Send the resulting logs to AWS CloudWatch.

Network and Security Manager at a financial services firm with 1,001-5,000 employees
Real User
Our network performance has increased since implementing this solution

What is our primary use case?

This solution is very important for our network. We use it for the data on our servers and for our internet connections. We also use it for all of our user devices to connect to outside corporations. The IPS on our devices prevents any issues from occurring. We use the on-prem version of this solution.

What is most valuable?

We currently upgraded our devices to a new version. We have noticed a performance increase. We tested filtering features and it's an interesting feature that helps us with our tasks. We don't need very complex features.

For how long have I used the solution?

We have been using Check Point for about two years.

What do I think about the stability of the solution?

It's a high-performance device. The network performance is also really good. We check how much time it takes for the servers. Our network performance has increased since using this solution. 

How are customer service and technical support?

We have a local consultant for this solution. They can handle most of the operations with my team. We work together with the consultant sometimes for complicated scenarios like migration.

How was the initial setup?

The initial setup is difficult. It took me three tries to get it right. The setup took two or three hours. We migrated from an old to a new one. It's not so complex but Check Point is complex in comparison to other firewalls. For example, Palo Alto is easier to install than Check Point. 

What's my experience with pricing, setup cost, and licensing?

We negotiate every deal to get a discount for a higher number of devices. 

What other advice do I have?

I would rate it a nine out of ten and I would recommend this solution. Their support team should be faster because sometimes when we need support their responses are late. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Network Engineer at a marketing services firm with 1,001-5,000 employees
Real User
This solution has provided the security that we were lacking on the cloud
Pros and Cons
  • "It is scalable. It's a cloud solution, so it's easy to implement and manage."
  • "I like how straightforward it is and simple it is to implement in the cloud."
  • "The product can still grow."

What is our primary use case?

Our primary use case of this solution is cloud protection for MC65 Operating System, AWS, and Microsoft.

How has it helped my organization?

Right now, we have a hybrid infrastructure. We needed security on the cloud, and this solution has provided the security that we were lacking.

What is most valuable?

  • Traps prevention
  • Security on the cloud

What needs improvement?

The product can still grow.

What do I think about the stability of the solution?

It is fast. It provides what we need at the moment, and it's still growing.

What do I think about the scalability of the solution?

It is scalable. It's a cloud solution, so it's easy to implement and manage.

How are customer service and technical support?

Technical support is fair. I have had some good support technicians when I call in. 

Which solution did I use previously and why did I switch?

We were not on the cloud before. We're a big Check Point customer. Our secure perimeter is checkpoint, so we needed security for the cloud. So, it was a pretty easy decision right there. We evaluated other vendors, but it was easy decision.

How was the initial setup?

The initial setup was straightforward, not complex.

What about the implementation team?

We did our own deployment. We used a reseller for buying the product, but not for the implementation.

Which other solutions did I evaluate?

We also looked at Cisco's cloud products since we have a lot of Cisco products.

What other advice do I have?

Look into it. I like how straightforward it is and simple it is to implement in the cloud. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Senior Network Engineer at a transportation company with 10,001+ employees
Real User
Enables us to move into the cloud without having to change a lot of our internal processes and retrain staff but it has more maturing to do
Pros and Cons
  • "Moving into the cloud without having to change a lot of our internal processes and retrain staff is one of the biggest benefits of this solution."
  • "I would like to see more focus on east-west traffic inspection and AWS."

What is our primary use case?

Our primary use case is for major cloud vendors: AWS and Azure. 

How has it helped my organization?

Moving into the cloud without having to change a lot of our internal processes and retrain staff is one of the biggest benefits of this solution. 

What is most valuable?

It is what we use mainly for on-premise. That is really what has us using the product, as it is sort of our standard for data centers.

What needs improvement?

I would like to see more focus on east-west traffic inspection and AWS.

Things are changing very quickly in the cloud. There is a lot more maturing that needs to happen as far as CloudGuard goes, specifically more around some cloud native type situations where everything is being shoehorned through one or multiple VMs is not optimal.

What do I think about the stability of the solution?

We definitely have to watch new versions and deploy them in a smart way, but that is the way with any type of software.

What do I think about the scalability of the solution?

The scalability depends on the situation. Some situations are not very scalable. High scalability, in AWS, without matting is just not there. It's more of an AWS problem than it is a Check Point problem.

How are customer service and technical support?

We are receiving our technical support through a partner. Therefore, we do not really engage directly with Check Point that much. We use the partner for technical support matters, who is great.

Which solution did I use previously and why did I switch?

We did not use anything previously. Going to the cloud was a new requirement for us.

How was the initial setup?

The initial setup was just as straightforward as setting up a physical Check Point box would have been.

What about the implementation team?

We implemented in-house by deploying it ourselves.

What was our ROI?

We don't really track the ROI on this.

Which other solutions did I evaluate?

We also considered Fortinet. Check Point has better overall integration with Azure.

I was part of the decision-making process.

What other advice do I have?

I would rate it a six out of ten. 

Other vendors typically are working with hardware acceleration and various other products, which you can't get in the cloud. One of the key things that made us more comfortable with Check Point is this is only thing that they do. It's the same exact thing as they are doing on-premise for the most part.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Rakesh Rawat - PeerSpot reviewer
Network Engineer at Acliv Technologies Pvt Ltd
Real User
Enables us to monitor what comes over to our network and we can then check the dashboard and work accordingly
Pros and Cons
  • "The most valuable feature is the monitoring. We can easily monitor what kind of stuff comes over to our network and we can then check the dashboard and work accordingly."
  • "The initial setup was a bit complex."

What is our primary use case?

We use this solution to secure networks. We block unwanted malware. 

How has it helped my organization?

We have a development team who asked us to open reports. We asked that they initiate traffic to see what is blocking them. We then give them reports and after that, they ask to open the report for the traffic application and we work accordingly.

What is most valuable?

The most valuable feature is the monitoring. We can easily monitor what kind of stuff comes over to our network and we can then check the dashboard and work accordingly.

What needs improvement?

I would like for them to develop guides. If you compare it with Cisco, you can just type out any problem you're having regarding Cisco and you will easily get a solution. With Check Point, it's not easy to get a solution.

For how long have I used the solution?

Three to five years.

What do I think about the scalability of the solution?

We maxed out scalability. 

How was the initial setup?

The initial setup was a bit complex. Is take two or three months to implement and we have to continuously work on it. We needed two to three engineers for deployment. 

Which other solutions did I evaluate?

We researched the top firewall solutions and settled on Check Point and Palo Alto. Comparatively, both are good. 

What other advice do I have?

Ultimately Palo Alto is a very advanced firewall. This firewall can easily identify what application is running behind the network.

I would rate this solution an eight out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
PeerSpot user
IT Security Consultant at Cilnet
Consultant
We consolidated from multiple consoles and clusters into an all-in-one cluster solution

How has it helped my organization?

We consolidated from three management consoles and three clusters to only one, which is a big improvement. 

What is most valuable?

In general, Check Point VSX is a good solution. Its blades and VSLS (Virtual System Load Sharing) work fine.

What needs improvement?

Having a web UI in the VSX (or something similar) would be nice. However, you can do everything in the CLI.

For how long have I used the solution?

Less than one year.

Which solution did I use previously and why did I switch?

We are replacing three old cluster ASA firewalls and concentrating it into an all-in-one VSX cluster. This allows our central management have more time for other tasks.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Information Security Analyst at a non-profit with 1,001-5,000 employees
Real User
Multiple virtual firewalls on one box are extremely useful
Pros and Cons
  • "Monitoring using SmartConsole and all its features is extremely easy, and I find SmartEvent an excellent monitoring tool for spotting threats and user behaviour."
  • "The multiple virtual firewalls on one box are extremely useful and the interconnection with virtual switches is simple and easy to understand."
  • "We have Microsoft CASB cloud app security and it's one of the least compatible firewalls. They really need to look at this, as both Check Point and Microsoft are major players. Why aren't they compatible? If we had Palo Alto then we wouldn't have this problem."

How has it helped my organization?

Monitoring using SmartConsole and all its features is extremely easy, and I find SmartEvent an excellent monitoring tool for spotting threats and user behaviour.

What is most valuable?

The multiple virtual firewalls on one box are extremely useful and the interconnection with virtual switches is simple and easy to understand.

We need a product that is logical and for which we can find people skilled who are interested in learning it. Check Point is always a winner, as its an industry standard.

What needs improvement?

We have Microsoft CASB cloud app security and it's one of the least compatible firewalls. They really need to look at this, as both Check Point and Microsoft are major players. Why aren't they compatible? If we had Palo Alto then we wouldn't have this problem.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

No stability issues, not even once. The firewall is set up and and the various parts are interconnected. It works just fine. R80.1 is also a major improvement.

What do I think about the scalability of the solution?

No scalability issues but I don't think we are utilizing the device to its maximum capability.

How are customer service and technical support?

Good. We go with a distributor but they work okay. It is a lot more reliable with the latest OS than it used to be.

Which solution did I use previously and why did I switch?

No previous solution. It's always been Check Point, though before the virtual firewall we used to have a Juniper fw. Now we are just Check Point because for the threats we face now, I don't think we need different firewalls at different layers.

How was the initial setup?

The issue normally is getting SIC working between the gws and the management server. Actually it's reasonably straightforward, though you have to get it right. It used to be you had to have a certain type of disk drive but this is a better solution.

What's my experience with pricing, setup cost, and licensing?

Look into this carefully and be sure you use all you buy. We haven't bought SandBlast or the bot solution but they look effective.

Which other solutions did I evaluate?

We did not evaluate other solutions. It was decided we would stay with Check Point.

What other advice do I have?

Make sure you can make use of the virtual firewalls and read up on the device or take a course before you implement. Or, if you get it installed, make sure you have the right devices in the right virtual firewalls.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Co-founder & CTO at a tech services company with 11-50 employees
Real User
Top 20
Valuable features include centralized management using the MDM solution and the log management module.

What is most valuable?

Valuable features include centralized management using the MDM solution of Check Point and the Log Management module. The latest version of VSX supports all blades of Check Point's security suite.

I get maximum flexibility as I can use a standard management server to manage all virtual gateways along with a dedicated log server for each virtual gateway. Sometimes I can use a single server to manage all virtual gateways.

How has it helped my organization?

Earlier versions only supported the Firewall and VPN feature. Now I can run Anti-Bot/Anti-Virus, URL and App Filtering, Threat Emulation, and other blades.

I can assign weights to each virtual gateway depending on how critical each virtual gateway is.

The VSLS feature provides linear scalability so I can keep adding hardware (maximum of eight) to meet my performance expectations.

What needs improvement?

It is somewhat difficult to upgrade the entire hardware without downtime.

For how long have I used the solution?

We have been implementing this solution to many customers in India and the SAARC region for seven years now. This is one of the most popular virtual firewall products in the industry.

What do I think about the stability of the solution?

We have not encountered any problems with stability.

What do I think about the scalability of the solution?

A sufficient amount of planning is required to deploy a solution that is scalable. However, as Check Point allows an Open Server to deploy its VSX solution, scalability is not a problem once the base hardware is chosen appropriately.

How are customer service and technical support?

Support is one area where efforts should be required from Check Point. Customers having multiple, more than ten, gateways are encouraged to consider Diamond Support services.

Which solution did I use previously and why did I switch?

We did not use any other solution previously.

How was the initial setup?

Engineers having less than three years of hands-on experience on Check Point products may find this product somewhat challenging. However, the best part is, once the product is deployed, there is no difference between virtual gateway and physical gateway from the operational perspective.

What's my experience with pricing, setup cost, and licensing?

Check Point pioneered this product, so don't look anywhere else if you are looking for a stable and scalable product with top-notch security blades.

Which other solutions did I evaluate?

We did not evaluate any alternative products.

What other advice do I have?

Choose your implementation partner very carefully. Choose someone who has done multiple, large-scale implementations and can show proof of the same in terms of customer references through emails or phone calls.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are a value added partner of Check Point in India.
PeerSpot user
VikasSharma - PeerSpot reviewer
Senior Security Engineer at a financial services firm with 1,001-5,000 employees
Real User
The product is stable but we had issues when we had really old hardware that had a less than stable OS.

What is most valuable?

The ability to host multiple virtual systems, categorize them based on their function and importance and the ease of use with which these can be deployed.

How has it helped my organization?

We do not need to keep provisioning hardware each time there is a requirement for a new firewall. Having a physical server capable of hosting many virtuals and also provide performance and redundancy is a big benefit and hence our preference for VSX.

What needs improvement?

Each new version does offer a new set of features plus also incorporates bug fixes identified during the life cycle of the previous product. Hence, this product keeps on maturing as newer versions are released.

For how long have I used the solution?

More than 15 years.

What was my experience with deployment of the solution?

Not from a product point of view. The critical aspect here is proper planning, performing several dry runs and identifying potential issues to the best possible extent. It's really about planning and testing prior to implementing.

What do I think about the stability of the solution?

No, because we keep on top of our installations. We maintain them by performing routine maintenance, and hot-fix applications. Stability wise the product is stable but we had issues when we had really old hardware that had a less than stable OS.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

Excellent – the vendor always supports us and is very proactive. We have excellent relations with the vendor.

Technical Support:

Definitely excellent. It’s a pleasure to talk with the tech support people and know they fully understand the issues – this gives us a sense of comfort.

Which solution did I use previously and why did I switch?

No previous solution used.

How was the initial setup?

It was simple. That is because the solution is architectured and designed from the ground up and the relevant teams were involved from the beginning.

What about the implementation team?

We did an in-house implementation.

What was our ROI?

Cannot give exact figures but we have made a lot of saving by implementing this product in our organization.

Which other solutions did I evaluate?

We were clear on our options – no we did not choose any other options save for the most important ones.

What other advice do I have?

Think of VSX as similar to VMware ESX solution. It will, in the long run, save a lot of money with the return it gives to the company. It is easy to maintain by a capable support team and can easily fit within the network where there is a requirement.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user249372 - PeerSpot reviewer
it_user249372Senior Security Consultant with 501-1,000 employees
Vendor

We have found VSX solutions to have lot of issues in our customers networks... Also hard troubleshooting and some anomalies are common. More than one customer feel safer with phisical Check Point appliances rather than VSX and decided to roll-back after some time of use (12 months of production). I can't raccomend this product, if you're looking to firewall instance virtualization, look further and you can find more mature solutions.

PeerSpot user
Senior InfoSec Engineer at a tech services company with 10,001+ employees
Consultant
Very intuitive ACL menu and design. A powerhouse firewall appliacnce

Valuable Features:

Easy to setup and use as its based off Redhat Intuitive ACL menu for writing rules Pre-populated common ports Customizable ports Suite of tools to report and troubleshoot network conditions

Room for Improvement:

At the beginning the design can be overwhelming, where to start Getting used to the CLI syntax but do-able

Other Advice:

This enterprise class firewall appliance is great and very intuitive menu. Great for inline firewall access control to work with Cisco or any vendor switch. It has a suite of applications to help you setup virtual firewalls and provide redundancy or bandwidth to whatever application or service you are providing.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Manager of Infrastructure with 51-200 employees
Vendor
It has improved the way our organization functions in terms of visualization, simplicity, manageability, and support.

Valuable Features

Most of all, depends upon your environment.

Improvements to My Organization

It has improved the way our organization functions in terms of visualization, simplicity, manageability, and support.

Room for Improvement

Areas for improvement include other Security Features like AntiVirus, AntiSpam, DLP etc.

Use of Solution

I have been using this solution for a decade.

Deployment Issues

No issues with deployment.

Stability Issues

No issues with stability but it completely depends on how you/ at what stage you implement. Additionally, what features you enable.

Scalability Issues

No. You need to look upon sizing, one should never oversize nor undersize. Detail understanding is a requirement one needs to keep in mind.

Customer Service and Technical Support

Customer Service: Good customer service.Technical Support: Good technical support.

Initial Setup

The initial setup was normal.

Implementation Team

Vendor, but internal team should be aware of the technology.

ROI

Recently we have upgraded to new model, now looking into 3yrs cost, this is the first year. So cant say much.

Other Solutions Considered

Yes, we evaluated Cisco.

Other Advice

Only advice I can give is that whatever product you select, it's important to keep in mind your Requirements, Budget, and POC.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point CloudGuard Network Security Report and get advice and tips from experienced pros sharing their opinions.
Updated: August 2022
Buyer's Guide
Download our free Check Point CloudGuard Network Security Report and get advice and tips from experienced pros sharing their opinions.