Check Point NGFW pros and cons

We have between five and ten firewalls on-premises, and if we want to configure or push the same configuration to all of the firewalls, then the centralized management system is very helpful.

The failover from one device to the other has been seamless and we find that we do not lose ongoing SIP calls or Teams chats.

There are many useful features including the Office VPN, which provides us with a seamless connection for users who are working remotely.

It provides access to the Internet for corporate resources in a secure manner.

It is easy to control from the central management system. For example, if we have 10 firewalls, and we want to push that same configuration among them, we can use this solution's central management system to do that simultaneously. So, there is time saving in that way. The time savings does depend on the situation. For example, if I am running half an hour of work on each firewall, that will take around 300 minutes. However, if I do this work from the central management system, then it will only take 30 minutes to push the same configuration to those same 10 devices.

Policy configuration has been consistent over the years, so there is not much of a learning curve as upgrades are released.

It is always on the top of the list of best firewall solutions.

As a system administrator my favourite part of Check Point is the smart view tracker. This alone is a must-have tool for tracking all traffic traversing the Check Point appliance.

It creates granular security policies based on users or groups to identify, block or limit the usage of web applications.

Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution.

The level and availability of training should be improved.

We find the GUI to be wrong and the CLI doesn't always show all of the connections.

The study material for Check Point needs to be improved, as well as the cost for certification.

The firewall throughput or performance reduces drastically after enabling each module/blade.

While the logs are very good and easy to understand, when you want to download these customized logs, they don't have as many features compared to competitive firewalls.

The software licensing model is too complicated with all the various tiers of SKUs (i.e. per software blade). They need to simplify this for easier purchasing and renewing.

The routing rules and some more network settings should be listed on the Check Point Smart Console instead of GAIA Web GUI.

The only downside to Check Point, is, due to the vast expanse of configurable options, it does become easily overwhelming.

Although Check Point provides annual updates to the Gaia platform, integration with other OEMs is difficult.

The equipment is complex, so you need guidance from specialized people or those who constantly work with Check Point. Better forums and information manuals could be provided so that users from different institutions can have more access to the information.