Check Point NGFW OverviewUNIXBusinessApplication

Check Point NGFW is the #4 ranked solution in best firewalls. PeerSpot users give Check Point NGFW an average rating of 8.8 out of 10. Check Point NGFW is most commonly compared to Fortinet FortiGate: Check Point NGFW vs Fortinet FortiGate. Check Point NGFW is popular among the large enterprise segment, accounting for 41% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a educational organization, accounting for 31% of all views.
Check Point NGFW Buyer's Guide

Download the Check Point NGFW Buyer's Guide including reviews and more. Updated: June 2023

What is Check Point NGFW?

Check Point NGFW is a next generation firewall that enables safe usage of internet applications by blocking malicious applications and unblocking safe applications. Check Point NGFW, which uses deep packet inspection to identify and control applications, has features such as application and user control and integrated intrusion prevention (IPS), as well as more advanced malware prevention capabilities like sandboxing.

Check Point NGFW includes 23 firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance.

Benefits of Check Point's Next Generation Firewall

  • Robust security: Check Point NGFW delivers the best possible threat prevention with SandBlast Zero Day protection. The SandBlast protection agent constantly inspects passing network traffic for exploits and vulnerabilities. Suspicious files are then emulated in a virtual sandbox in order to detect and report malicious behavior.

  • Security at hyperscale: On-demand hyperscale threat prevention performance provides cloud level expansion and resiliency on premises.

  • Unified management: Check Point's SmartConsole makes it easy to manage and configure network security environments and policies. With the SmartConsole, users can manage all the firewall gateways and access logs and install databases from one location. Unified management control across the network increases the efficiency of security operations and reduces IT costs.
  • Continuous logging: Check Point NGFW’s Threat Management feature detects vulnerabilities and logs them. Using the logged data, users can easily create and implement efficient security policies.

  • Remote access: The remote access VPN provides a seamless connection for remote users.

Check Point NGFW is suitable for organizations of all sizes, from small businesses to larger enterprises.

Reviews from Real Users

Check Point NGFW stands out among its competitors for a number of reasons. Two major ones are its intrusion prevention feature as well as its centralized management, which makes it very easy to deploy firewall policies to many firewalls with one click.

Shivani J., a network security administrator, writes, "Check Point has a lot of features. The ones I love are the antivirus, intrusion prevention, and data loss prevention."

G., a network administrator at Secretaría de Finanzas de Aguascalientes, writes, “Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution. The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters.”

Arun J., a senior network engineer, notes, “The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them.”

Check Point NGFW was previously known as Check Point NG Firewall, Check Point Next Generation Firewall.

Check Point NGFW Customers

Control Southern, Optimal Media

Check Point NGFW Video

Check Point NGFW Pricing Advice

What users are saying about Check Point NGFW pricing:
"Check Point offers the same applications and features as Palo Alto for roughly a third of the price."

Check Point NGFW Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
User
Top 20
Scalable with seamless failover capabilities and excellent logging functionality
Pros and Cons
  • "The failover from one device to the other has been seamless and we find that we do not lose ongoing SIP calls or Teams chats."
  • "We find the GUI to be wrong and the CLI doesn't always show all of the connections."

What is our primary use case?

We needed to replace our external firewall solution as we were having issues with the HTTPS inspection on our previous solution and the level of support being provided was terrible, leaving us with an issue that could not be fixed for over six months. 

We had already deployed a new internal firewall solution but needed something that would protect that from external factors. We also needed a new solution to replace our client VPN solution. The Check Point solution gave us that as one whole solution instead of having to manage multiple services.

How has it helped my organization?

Our policy is to deny all outbound traffic unless we allow it, which can generate a lot of work to build a rule base that allows everything we need to get out. 

This solution has made managing connections out to the web much better due to the categorisation and app control that is available. Being able to say certain apps and services are allowed out, instead of finding all the relevant IPs, has massively reduced the workload. The ability to manage the Client VPN and relevant rules for that in the same location has also improved the way we work. Having links into AD for group membership recognition and having rules based around this has been very useful in improving the way remote users can access the network.

What is most valuable?

Logging has been excellent. Being able to see all logs from all the various firewalls at different sites in one window has made fault finding much easier. We can see how the traffic is moving through the sites and on which firewall. 

It has also been easy to see machines that may have had infections as we can report easily on devices trying to talk out to sites and services that are known to be dangerous. We have these set up as an HA pair on our main site and we have a lot of audio and video services that go out over the web. 

The failover from one device to the other has been seamless and we find that we do not lose ongoing SIP calls or Teams chats. 

What needs improvement?

The functionality of the S2S VPN service has been temperamental for us at times and is not always simple to manage or check the state of. 

We find the GUI to be wrong and the CLI doesn't always show all of the connections. 

From a general usability point of view, if you have not used Check Point before, the learning curve is steep. Perhaps managing and configuring the devices could be streamlined for people with less experience so that they can pick it up quicker. There needs to be extra wizards for the out-of-the-box builds.

Buyer's Guide
Check Point NGFW
June 2023
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
708,830 professionals have used our research since 2012.

For how long have I used the solution?

I've used the solution for six months.

What do I think about the stability of the solution?

On the firewall side and content filtering side of the solution, it has been faultless. There has been no real downtime to note and the access to the web via relevant rules has always worked as expected.

What do I think about the scalability of the solution?

We have a fairly small setup in the grand scheme of things, however, from what we have seen, the ability to add in new firewalls or increase the hardware spec seems very good and it would be easy to transition from older to newer hardware when the time comes.

How are customer service and support?

Due to the support model we signed up for, we don't deal directly with Check Point support. We deal with the vendor first and they will deal with any 1st/2nd and even most 3rd priority issues. They would then go to Check Point if they need more assistance on our behalf. The level of support and responsiveness of their support has been excellent. We're always getting at least a response within a few hours, even on a P3/P4 issue.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did have another solution, but due to an issue with the HTTPS inspection that the manufacturer was not able to properly rectify or fix for 6 months, we lost faith in their ability to provide adequate support going forward for any issues we might come across. 

How was the initial setup?

The setup was complex due to the nature of the Check Point firewalls and us having to make some config setup in one portal and others on the CLI. We also had to arrange the rule base via the management console. There could be 3 different places you need to make various changes. We also used private microwave links as redundancy for VPN connections and that had caused significant issues in getting set up as the link selection did not cooperate at first.

What about the implementation team?

We implemented via a vendor and I have to say their level of expertise was brilliant. Every question we threw at them, they were able to provide an answer to. 

What was our ROI?

It was not the cheapest solution to go for, but the amount of admin time that has been saved by the use of Check Point firewalls has definitely given us a great return, giving us more time to work on other aspects of our network. Also, being able to consolidate 2 solutions (Firewall and Client VPN) into one solution has saved more money and admin time. 

What's my experience with pricing, setup cost, and licensing?

We found that Check Point was very flexible with its pricing. We were looking at a spec of hardware in other solutions. We found that Check Point did not have a direct competitor, but to help with the bid, they managed to reduce the costs of their higher-spec hardware to make it competitive with the other solutions we were looking at. It's not our fault they did not produce the hardware of a similar spec. It's up to them to try and provide a solution that would make it a competitive solution. 

Which other solutions did I evaluate?

We looked at several other solutions in including Palo Alto at the top of the market and Sophos XG further down.

What other advice do I have?

I would say as good as the solution is, if you are looking to get the most out of it, you should look to get a company or consultant who knows the Check Point solution inside out to assist with the setup. We found a partner who specialized in Check Point and we would not have been able to get it to the stage we have without them.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
IT System Operations Manager at Hamamatsu Photonics KK
Real User
Top 20
Has a well-designed dashboard with great threat analysis reporting and good scalability
Pros and Cons
  • "Policy configuration has been consistent over the years, so there is not much of a learning curve as upgrades are released."
  • "The software licensing model is too complicated with all the various tiers of SKUs (i.e. per software blade). They need to simplify this for easier purchasing and renewing."

What is our primary use case?

Check Point is currently our perimeter firewall at various locations. We use their failover clustering with high availability option, which performs flawlessly. Upgrades are easy to perform and have always worked reliably for us. Technical support is always available to assist with these operations, which makes the process less stressful to the admins. 

We are also using their ISP Redundancy feature, which works as advertised - perfectly! It's easy to implement, especially with the awesome documentation from our engineer. We also use their Remote Access VPN offering and have really seen its value this past year, due to COVID-19. The VPN has been 100% rock solid, especially during the most critical times in our history.

How has it helped my organization?

As mentioned in the primary use case question, ISP Redundancy and VPN are the two primary use cases. When the pandemic hit, a sudden shift to a remote workforce was a major requirement for us, and we needed a reliable and stable firewall. Implementing ISP Redundancy helped ensure that, as well as having a tried and tested VPN solution. Upgrades have occurred during this time and manually planned failovers as well; every upgrade and test went smoothly and without issue. The last thing we could afford is an outage.

What is most valuable?

They offer very scalable solutions to extend compute resources if needed so initial sizing isn't too much of an issue as you can easily add more resources if needed. Reliability is a major factor in any hardware or software solution, and Check Point uses leading-edge hardware, and their software upgrade process is flexible for various deployment requirements. 

Policy configuration has been consistent over the years, so there is not much of a learning curve as upgrades are released. 

Their threat analysis reporting from their management console is very comprehensive and easy to use. Their web-based dashboard is well designed and offers many out-of-the-box reporting, and provides admins extensive customizations.

What needs improvement?

The pricing is on the high end, specifically with the software licensing, although they are flexible on some levels, and offer hardware buyback options when upgrading. 

The software licensing model is too complicated with all the various tiers of SKUs (i.e. per software blade). They need to simplify this for easier purchasing and renewing. 

Customer support is not always as responsive with solutions as you might need. They do provide on-the-spot assistance when upgrading, which is great. However, there are times when an issue is reported and it may take a week or two before a solution is provided.

For how long have I used the solution?

We have been using Check Point firewalls for 20+ years. We originally used the Nokia hardware platform, which was not technically NGFW at the time, however, the OS and its configuration have maintained some similarities over the years. It keeps getting better every release.

What do I think about the stability of the solution?

Lately, stability is 100% reliable. Earlier generation firewalls were a bit unreliable, however, as Check Point acquired third-party hardware. For example, their Nokia acquired security appliances had a firmware that worked, until they started to modify the firmware (IPSO 6.0 was solid, but problems started with our upgrade to R75), then it became less stable; frequent crashes, settings not saving, high availability issues, frequent reboots required.  Eventually, we upgraded to their NGFW offerings.  Their newer hardware, and firmware R77.x was released, and we have been stable ever since.  Upgrades to R80.x have been flawless, HA works as expected, and we have had zero performance issues.

What do I think about the scalability of the solution?

They are very scalable. If you need more computing resources, adding more hardware is easily done.

How are customer service and support?

Customer support is not always as responsive to finding solutions as you might need. They do provide on-the-spot assistance when upgrading, which is great. However, there are times when an issue is reported and it may take a week or two before a solution is provided.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have always used Check Point.

How was the initial setup?

Setup was very straightforward and easy. We did have the assistance of our Check Point engineer, which is just awesome.

What about the implementation team?

We implemented through Check Point directly.

What was our ROI?

I do not measure ROI financially, although personally speaking, we have definitely gotten back every dollar we've spent by having reliable and secure infrastructure.

What's my experience with pricing, setup cost, and licensing?

The setup cost is not a challenge at all. Check Point engineers work directly with you throughout the whole process. The pricing is high, for the hardware and software, although discounts are negotiable. The software blade licensing is broken down into many flavors, depending on your needs. It is very a la carte and provides various product offerings, including endpoint management, VPN, disk encryption, etc.

Which other solutions did I evaluate?

We did review a few competitors during a possible migration plan. The proof of concept did not yield better results, so we stayed with Check Point. We reviewed Cisco, Palo Alto, and SonicWall.

What other advice do I have?

If you don't need/use their a la carte software blades (FDE, Ransomware, etc.) you can always add on later. They are very accommodating with trial licensing to test in a proof of concept way. If you already have other third-party products that perform those functions, you can bundle Check Point's and save a bit of money consolidating them.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point NGFW
June 2023
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: June 2023.
708,830 professionals have used our research since 2012.
PeerSpot user
Cybersecurity Operations Engineer at a tech services company with 201-500 employees
Real User
Top 5Leaderboard
Easy to install, protects well, and offers an excellent GUI
Pros and Cons
  • "It is always on the top of the list of best firewall solutions."
  • "The routing rules and some more network settings should be listed on the Check Point Smart Console instead of GAIA Web GUI."

What is our primary use case?

I have been using this solution as a perimeter firewall. 

Our organization has ISP-based DDoS protection on the outer attack surface. Then, we have Check Point Next Generation Firewall with an IPS module as a second layer of protection. And then, we have Check Point Access Control, Application, and URL filtering, anti-virus, and anti-bot modules enabled. We also have the cloud-based Check Point Threat Emulation solution and different segmentations on Check Point Firewall as a DMZ zone, internal zone, and external zone. Our internal zones have different segments to improve our security level. We apply it by dividing our network into different VLANs by using the Check Point solution.

How has it helped my organization?

Check Point is the first vendor in which we found the stateful firewall terminology. It is always on the top of the list of best firewall solutions. 

Financially, the benefit of Check Point is very high when I compare it with an average firewall solution. At the end of the day, the benefits it provides are already higher than I paid. 

Our business performance is already doubled by the help of Check Point. If we need to talk about efficiency of administrators while managing a security  solution, I consider it as one of the most important item. 

Thanks to Check Point, our security team can easily handle different problems in time.

What is most valuable?

Check Point gateway and management installation are very easy. After the console-based installation steps, you can continue on the web GUI interface. This is very valuable. It doesn't let you make a simple mistake, which might be a reason to install all the systems from the beginning. It has been designed to give you flexibility as much as needed; not more, not less. It prevents human mistakes, basically.

If I have to say just one thing as the most valuable; I will say it is the most reliable firewall solution in the world. It is easy to prove that when I compare the number of CVEs which are published in a year among firewall vendors.

What needs improvement?

The routing rules and some more network settings should be listed on the Check Point Smart Console instead of GAIA Web GUI. It might be a little bit confusing when an administrator remembers the location of the settings. Also, it is hard to manage the settings by always jumping from GAIA Web-based graphical user interface to Java based Smart Console dashboard. Also, Check Point Next Generation Firewall has a very detailed and well-organized CP view on the console on both CLISH and expert (/bin/bash) shells; which gives an administrator a real-time monitoring option on the console.

For how long have I used the solution?

I have been using it for more than six years.

What do I think about the stability of the solution?

On a heavy load, I haven't experienced packet loss or inconsistent behaviors.

What do I think about the scalability of the solution?

In the beginning, I would consider Check Point solution as not scalable enough. However, after Maestro architecture, it is extremely scalable now. The organizations does not have to pay a lot of money to plan for the next 2-3 years. They are flexible enough to allow for the extension of their systems by adding another module like a blade.

How are customer service and support?

The customer service and support team respond in minutes. If it is a critical issue, you can reach them in seconds via chat.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I used Palo Alto and Fortinet firewalls before. From Fortinet to Palo Alto it was a big change. 

Fortinet was not a good enough solution as compared to PA. Then, due to finances and some other reasons, I switched to the Check Point and it was one of the best decisions in my life.

How was the initial setup?

The initial setup is straightforward. You just need to define disk allocation for logs and system files and backup files as an amount. Then you can continue with Web GUI to set up network, DNS, etc. settings. Then you complete your setup by installing the Smart Console interface.

What about the implementation team?

The Check Point support team is one of the best. When I need them, they can escalate the ticket to an appropriate level of engineer to fix the problem.

What was our ROI?

As a security solution in this kind of market, prestige and being reliable cannot be measured with money. It costs more than a million dollars to have a defacement attack. The costs to prevent this kind of attack cannot be measured with money, in my opinion.

What's my experience with pricing, setup cost, and licensing?

I'd advise others to worry about changing their firewall habits from any vendor to Check Point. It will be one of the best decisions of their life. If you have time and money to take care of other vendors, go ahead. However, if you are smart enough to manage your money and time, don't be afraid to give a chance to Check Point solution.

Which other solutions did I evaluate?

I did get some PoCs from other vendors such as Sophos and some other firewall vendors which are focused on small-size organizations mostly.

What other advice do I have?

I recommend to all system managers and security administrators to try all the enterprise firewall solutions. Then, most likely the final decision will be to use the Check Point Next Generation firewall.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
TitleNetwork Manager at Destinology
User
Top 20
Very configurable with good VPN clients and a helpful smart view tracker
Pros and Cons
  • "As a system administrator my favourite part of Check Point is the smart view tracker. This alone is a must-have tool for tracking all traffic traversing the Check Point appliance."
  • "The only downside to Check Point, is, due to the vast expanse of configurable options, it does become easily overwhelming."

What is our primary use case?

Our business houses just over 100 staff, along with over 200 devices ranging from mobile to tablets, computers, laptops, and Servers. 

We use a Check Point 5100 cluster running R80.40 to protect our business from external threats. 

Our network is also extended to the likes of Microsoft Azure, Amazon AWS, and other 3rd parties utilizing secure VPN tunnels terminating on our Check Point 5100 cluster. 

Our business also offers the ability of hybrid working - which is only possible with our Check Point solution.

How has it helped my organization?

Prior to using Check Point, we had a Draytek small business firewall, the Draytek would often hard lock, which resulted in the loss of internet connectivity for the business. The only way around this was to reboot the Draytek device which in turn would lose logging data as to what was causing the issue. 

Moving onto Check Point completely solved this problem. The hardware is much more capable and the logging and alerting functionality means, should anything happen (like it did with the Draytek), we would have visibility on the logs which would give us a direction for troubleshooting and mitigation. 

What is most valuable?

Check Point offers a secure VPN client. We distribute to our agents via group policy. Our agents can then connect to our network when working from home - which was a game-changer due to the recent pandemic situation. 

Check Point also offers a mobile app capsule connect which, as a system administrator, has proven very useful when a high-priority issue occurs. I am able to connect to my internal network via a phone or tablet - which has proven useful in some scenarios. 

As a system administrator my favourite part of Check Point is the smart view tracker. This alone is a must-have tool for tracking all traffic traversing the Check Point appliance. It makes troubleshooting much easier. This software alone sets Check Point out in front of the competition.

What needs improvement?

Check Point is very feature-rich. There aren't any features missing or that I am awaiting in a future release. 

The only downside to Check Point, is, due to the vast expanse of configurable options, it does become easily overwhelming - especially if your coming from a small business solution like Draytek. 

Check Point comes with a very steep learning curve. However, they do offer a solid knowledge base. Some issues I have encountered in my five years have only been resolvable via manually editing configuration files and using the CLI. Users need to keep this in mind as not everything can be configured via the web interface or their smart dashboard software. 

For how long have I used the solution?

I've used the solution for five years.

What do I think about the stability of the solution?

The solution was not always stable when running the older R77.30 version. Paired with a mid-spec box, we did find some issues with performance on more than one occasion, specifically the network would slow to a halt until a system reboot, there was nothing within the error logging and our external SOC couldnt find anything either. We'd often when updating the firewall policy it would fail to deploy usually taking around three or four policy pushes each taking about 20 minutes. We are now running much faster hardware with the later R80.30 release and those issues have completely disappeared.

What do I think about the scalability of the solution?

Scaling is dependant on the size of your network. Check Point does offer a wide range of lower to high spec appliances depending on your scale set.

How are customer service and support?

I've only had two instances using their support as we have a third party on contract for third-line issues that I cannot resolve. They were prompt yet not shy about pointing out potential issues with third parties and it not being their appliance. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used Draytek. It didn't offer the security features that Check Point does and we were a victim to a successful attack from external sources which Check Point would have caught. We also found the hardware of Draytek was too underpowered to handle the size of our network. 

How was the initial setup?

A third party installed the appliances initially. It is a complex process, as Check Point is vast in features and very configurable. You find yourself using the web interface, their own management software smart dashboard, and a mixture of CLI and config files to get your end result. 

What about the implementation team?

We implemented it through a vendor team. Their level of expertise ranged as we moved through three separate technicians during our installation which was problematic. I wouldn't use this particular vendor again. That said, this was nothing against Check Point. 

What was our ROI?

You cannot put a price on security. Check Point is a field leader. However, it comes at a high price. 

What's my experience with pricing, setup cost, and licensing?

If you have no experience with Check Point and you are on a deadline, it's essential you find a company certified to help with the deployment and configuration. The feature set is rich however, it's not always user-friendly. 

Pricing, including licensing, is very expensive compared to alternate products such as Sophos, Barracuda, or FortiGate

Which other solutions did I evaluate?

We evaluated Fortigate, Sophos XG, and Barracuda. However, ultimately the decision boiled down to our parent company already using Check Point. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network security engineer at Fidelity Bank
Real User
Top 20
Cisco dominated the African market until Check Point came along
Pros and Cons
  • "Check Point has a really cool GUI."
  • "The end-user VPN could be improved. It could benefit from some modification."

What is our primary use case?

We use this solution for permissions regarding access ports and services. We also use Check Point Remote Access VPN as an endpoint VPN. We use it for site-to-site configuration. 

All of the traffic that comes through our sites passes through our firewall. Basically, everyone, including our staff and clients, passes through our firewall. In other words, we have thousands of users using this solution.

How has it helped my organization?

The NGFW has helped our compliance to regulations authorities such as PCIDSS. It has has helped the bank create secure connections to vendors and third party service providers as well as remain stay protected from attacks and intrusion attempts.

What is most valuable?

The management of services, including forming access lists with the services we have, connecting servers to servers, permissions between servers and users — this is all great. In addition, Check Point has a really cool GUI.

What needs improvement?

The end-user VPN could be improved. It could benefit from some modification. 

The VPN timeout feature needs to be improved. When we try to connect to the VPN, it times out before we can even enter our user name and password. If you can't prove you are who you say you are within seven to ten seconds, it just kicks you out.

For how long have I used the solution?

1 year +

What do I think about the stability of the solution?

Check Point has actually failed twice within the last year. The first failure was a disk failure. Check Point offers a software solution, they don't actually offer hardware. They will only provide you with the software and licenses. Because of this, when our disk failed, we had to wait for them to ship in some new hardware for us to fix the issue.

Aside from the disk failure issue, a month ago, our Check Point device froze. We don't exactly know what caused it to happen. It caused the entire organization to go down for about two to three hours until we found out that Check Point was not allowing anything to pass through. Our Check Point is clustered, so primarily it's supposed to have a failover feature. For some reason, the failover feature didn't work. When the primary gateway went down, it affected everyone.

What do I think about the scalability of the solution?

We've not tried to expand Check Point. We have two sites. We have a primary site and a secondary site that is off-prem. For this reason, we planned big. We planned for a high amount of availability for our two sites. We use clusters of four gateways: two gateways are in one cluster, and another two gateways are in another cluster. If one goes down, it switches to the other. If the second goes down, it switches to the other DR site. We've got backups of everything. 

How are customer service and technical support?

The technical support is very responsive. We have a vendor that acts as a buffer between us and Check Point. In our country, these companies all have a local vendor that pushes their product.

When we contacted our vendor, our vendor called Check Point and as they were talking, Check Point shipped the hard disk, to fix the issue I mentioned earlier. They just placed the order immediately, while we were still talking. We think that they knew that delivery was going to take about five days — it was actually very fast.

How was the initial setup?

The initial setup and deployment were straightforward. We deployed it with RADIUS servers;  it was not complex at all.

What about the implementation team?

From scratch to finish, deployment took about a month. It took this long because we had to convert all of our existing configurations from Cisco Firewall to Check Point. We had to get help from our vendor to do this. He had to manually convert each and every command from our existing Cisco device to Check Point — that took a while. This was the main reason that deployment took so much time.

The end-user VPN didn't take much time to deploy. Neither did the site-connecting with the VPN — that took a day or two to deploy.

What's my experience with pricing, setup cost, and licensing?

I think our licensing is on a yearly basis, but it could be every three years. Either way, it's not more than three years — that I am certain of.  

The pricing was actually what made us go for Check Point. Palo Alto was much more expensive. Check Point offers the same applications and features as Palo Alto for roughly a third of the price.

Which other solutions did I evaluate?

We evaluated Palo Alto, Cisco (which we were using), and we also evaluated Check Point — which we ended up with.

What other advice do I have?

I would recommend Check Point to others. We are still learning as we're just about a year into using it, but so far, the support and the solution in general has been good. I'd recommend Check Point, especially to users that are looking for an affordable solution. 

Check Point also has a great community. They have this community where users can go to share ideas. They also have great networks. 

Overall, on a scale from one to ten, I would give this solution a rating of eight. Cisco dominated the African market until Check Point came along. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
IT Manager at a comms service provider with 51-200 employees
Real User
Top 20
Great mobile access with good security and excellent stability
Pros and Cons
  • "The AntiSpam/Mail blade was also one of the main reasons we went with this product since we hosted our email server locally. This was an extra layer of protection on top of the existing solution."
  • "It would be ideal to manage everything from one central place."

What is our primary use case?

It's our main firewall and the first line of protection from the outside! We use it to interconnect our remote locations (that use different vendors and equipment) and let the employees work remotely.

We're a small site with 300 users and this equipment is more than enough for us. We use almost all the blades and the equipment has run smoothly for years.

This NGFW monitors all the traffic outside of the main network, prevents malicious activities, and lets us easily manage network policies to shape our connections.

How has it helped my organization?

Stability and security are the best way to describe this solution. The attacks from the outside still exist, but now we're better protected. We can view everything that goes in and out of our network with all the information in one place. The drill-down is very helpful and easy to use. Currently, we can troubleshoot connection problems live and solve them in a couple of minutes. This is an improvement on the 1-2 hours with the old solution.

In 4 years we've only had one problem with the equipment (due to a malfunctioning UPS). That corrupted the boot of the equipment, but was easily solved with an fsck.

What is most valuable?

We basically use almost all the blades, since the IPS, Threat Emulation, Spam, etc., are essential for our work. However, currently, Mobile Access is the most valuable. The stability of the solution and the security it gives when working remotely is great. It lets our employees work from everywhere, anytime!

The AntiSpam/Mail blade was also one of the main reasons we went with this product since we hosted our email server locally. This was an extra layer of protection on top of the existing solution.

Threat and Application control are also very important to us.

What needs improvement?

I do prefer to manage everything from only one point of entry/one application. Some things can only be configured from the smart console and others from the smart dashboard. This is the only handicap in this solution. It would be ideal to manage everything from one central place.

Instead of using a windows application to manage the equipment, it would be better to use a web app to configure the solution from a browser.  I know that it's not as powerful (you can't do everything from there), but then we could manage the solution and troubleshoot from any device.

It's faster to see the event logs on a webpage than it is to see them in the smart console.

For how long have I used the solution?

I've used the solution for 4 years.

What do I think about the stability of the solution?

It's very stable. It's also the main reason I love the solution.

During this time i never had to manually restart the equipment because of connectivity problems or because of CPU/memory degradation performance. Sometimes these values get high, but i never lose Throughtput, the equipment continues to run smoothly. We used to restart our older firewall at least 2 times per month.

In the beginning, because we use the spam blade, the memory usage was always high, and the administration was a little bit slow. But Checkpoint provided us an extra memory upgrade and after that we never had administration problems. If we don't have internet connection it's allways the ISP, it was never because of the firewall.

What do I think about the scalability of the solution?

Although I only have one unit, I know that it scales perfectly.

How are customer service and technical support?

We only had one problem with this equipment. That was because it couldn't boot properly due to disk corruption (malfunction UPS), however, searching the technical Check Point forums it was easy to find a solution to the problem at hand.

We managed to solve the problem without contacting customer service at all.

Which solution did I use previously and why did I switch?

We used to have Zyxel products, but they were aging and couldn't let us connect at faster speeds.

How was the initial setup?

The setup was easy. It didn't take long to have it up and running.

The only concern for us was the remote sites - since it was different vendors. However, we had everything documented and prepared and due to that, it went flawlessly.

It was also easy to create access policies.

What about the implementation team?

The implementation was through a vendor, and the installation went really well. The consultant was Check Point certified and explained everything in detail.

Later on, we added new remote sites to the configuration (in-house) without any problem. We didn't need to check with the vendor.

What was our ROI?

It's not easy to calculate, however, given the stability and security of the solution, it's elevated. There are no bulletproof solutions. That said, now we can rest a bit more because our assets are more protected than they were a couple of years ago.

What's my experience with pricing, setup cost, and licensing?

The setup cost, pricing, and licensing can be a bit expensive, but, I promise, it's completely worth the cost.

Which other solutions did I evaluate?

I evaluated Fortinet and Check Point.

What other advice do I have?

It simply works like a charm. The stability and trust in the vendor are also very important to us.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior System Administrator at Seminole Electric Cooperative, Inc.
User
Great application control and HTTPS inspection with flexible management capabilities
Pros and Cons
  • "In the four years I have worked on the five firewalls we have not had any downtime caused by stability issues."
  • "The improvement could come from better monitoring of traffic data in and out of the firewall."

What is our primary use case?

We use five NGFWs for four of our sites, with our primary site having an active/backup HA pair. All sites are running anti-virus/malware/bots as well as HTTPS Inspection, IPS/IDS, threat emulation, application filtering, and identity awareness. These are our first line of defense at the perimeter of our network and we have seen a decrease in the number of detections on our endpoints. We've also implemented these firewalls to handle our external VPN connections from remote clients. We've had a few small hiccups, however, there was nothing Check Point support wasn't able to resolve.

How has it helped my organization?

This solution has improved our organization by allowing us to use one management point where everyone can see the current state, future changes, and logging for our perimeter. We've been able to streamline our staff to use one primary and two backup users for support. Previously, we did not have a good way to allow Remote Users to VPN directly to our network. Once we implemented and worked with Check Point, they showed us what their solution was capable of and worked with us to allow 300 remote workers to connect to our network and share policies. 

What is most valuable?

We've found threat emulation, application control (with identity awareness), and HTTPS inspection to be the most valuable aspects. It allows managers the flexibility to grant access to high-risk sites based on groups/roles and yet still be protected with threat emulation and HTTPS inspection. We've seen the rate of detection on our endpoints plummet. 

I've found that, over the last 4 years, they have constantly improved the user interface (SmartConsole) as they have moved away from four Control panels for different functions and are constantly adding new features with no impact on our availability during upgrades.

What needs improvement?

The improvement could come from better monitoring of traffic data in and out of the firewall. I'd also like to see more built-in automation in regards to activity against the firewall to trigger an automatic response for a period of time.

There is currently no way to allow a user to have access for X period of time. I also find that keeping up with the IPS additions to be a three-stage process which includes having to go to email to see new updates, reviewing those updates on the firewall, and then making necessary changes. I would like to see these new IPS updates shown as a notification when I log in (as an alert) so I can review and modify from one pane.

For how long have I used the solution?

I have been using this solution for four years, however, they've been installed for six years at our company.

What do I think about the stability of the solution?

In the four years I have worked on the five firewalls we have not had any downtime caused by stability issues. We've had more issues with our ISP/people hitting the ISP equipment, for example there have been three accidents at the near by intersection that has damage the network cabinet or digging has cut the line.

We haven't had any issues where the Firewall has had a memory leak, rebooted, corrupted or had a NIC fail. 

What do I think about the scalability of the solution?

Our team didn't account for a vast increase in workload as new features were added to our firewall (HTTPS inspection, threat emulation, etc.) and therefore we bought the lowest tier for what we thought we would need. We've found that this is a little too strenuous on our gateway and are working on purchasing more powerful firewalls based on the recommendation of our local Check Point engineer.  

How are customer service and support?

I've always been able to get in contact with Check Point at the right level within their SLA. Everyone has been helpful with tickets requiring escalation.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have not been here while a different solution has been used. We do use a separate brand of firewall internally to prevent an exploit against Check Point, allowing someone to penetrate the perimeter and the internal firewall containers.

How was the initial setup?

I was not involved with the initial setup. That said, I have brought up three new sites, and adding a new firewall to our infrastructure has gone off without a hitch.

What about the implementation team?

We handled the implementation in-house.

What's my experience with pricing, setup cost, and licensing?

Check Point Firewalls are more expensive from what I have seen compared to the competition and the yearly licensing does periodically increase. We've seen an increase of 8% over one year (new features were wrapped into the license). 

Which other solutions did I evaluate?

I was not involved with the evaluation process; I was told that Cisco Firewalls and SonicWall were evaluated at that time.

What other advice do I have?

You're paying a premium price, for what is a premium product and support. I have opened several tickets with their support team and have had excellent service each time.  

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
IT Manager at a transportation company with 501-1,000 employees
User
Easy to set up, stable, and offers excellent technical support
Pros and Cons
  • "The packet inspections have been a strong point."
  • "I would like there to be a way to run packets that capture more easily in the GUI environment. Right now, if we want to read packet captures, we have to do so from the command line."

What is our primary use case?

It's our main firewall and the first line of protection from outside attacks. We use it to interconnect our remote locations (that use different vendors and equipment) and let the employees work remotely. We're a small site with 300 users and this equipment is more than enough for us. We use almost all the blades and the equipment has run smoothly for years. This NGFW monitors all the traffic outside of the main network, prevents malicious activities, and lets us easily manage network policies to shape our connections.

How has it helped my organization?

We have a lot of flexibility now, and a leg up identifying zero-day threats. We have multiple ways of doing policies now that we didn't have before. The options are more robust than previous products and I would say that we're pleased with the product. The reports I'm getting are that we're satisfied, even impressed, with the options Check Point offers.

There is a scope of improvement in detecting zero-day threats using the SandBlast technology, by introducing emulation of Linux-based operating systems. We have also observed issues while using the products with SSL decryption. There is room for improvement in application-based filtering, as with other firewalls available in the market today. Check Point has improved its application filtering capabilities in the recent past and their latest version, R80, is more capable but still, creating an application-based filter policy is a little cumbersome.

What is most valuable?

It's a NGFW with all of the capabilities required to protect for next-generation attacks at the perimeter level. The module or Security features that are provided as part of the base license with Check Point include (VPN, IPS, Application Control, and Content Awareness) which itself is strong enough to protect the organization.

The packet inspections have been a strong point. Our identity collectors have also been helpful. In many ways, Check Point has been a step up from the SonicWall that we had in-house before that. There's a lot of additional flexibility that we didn't have before.

What needs improvement?

I would like there to be a way to run packets that capture more easily in the GUI environment. Right now, if we want to read packet captures, we have to do so from the command line.

The biggest improvement they could make is having one software to install on all three levels of their products, so that the SMBs, the normal models, and the chassis would all run the same software. Now, while there is central management, everything that has to be configured on the gateway itself works differently on the three kinds of devices.

For how long have I used the solution?

I started using the solution 3 months ago.

What do I think about the stability of the solution?

The web interface was easy for me. The configuration is logical, so it's easy to use and easy to understand how to protect, how to open a port, how to manage, and how to route a device. That's why I prefer Check Point. It's robust and I never have issues with the hardware.

What do I think about the scalability of the solution?

The scalability is quite good. You can scale well across locations for not too much cost. If a company needs to expand, it can do so relatively easily.

Also, cost-wise, it's very affordable to scale up. It's not expensive to add hardware and licenses as needed. They make upgrading very cheap.

We have 200 people on the solution. That said, they are using it with an IPsec tunnel. They don't use all of the capabilities of the hardware. They are using it just to encrypt tunneling between the sites.

How are customer service and technical support?

Technical support has been excellent

Which solution did I use previously and why did I switch?

Yes, we were previously using SonicWall but security is less robust in comparison to Check Point.

How was the initial setup?

The initial setup is very easy.

What about the implementation team?

We implemented it through a vendor called S G Informatics India Pvt Ltd.

The level of expertise I would rate at 10 out of 10.

What's my experience with pricing, setup cost, and licensing?

I would recommend going into Check Point solutions. Although Check Point has the option of implementing your firewall on a server, I would advise implementing it on a perimeter device because servers have latency. It's best to deploy it on a dedicated device. Carry out a survey to find out if the device can handle the kind of workload you need to put through it. Also, make it a redundant solution, apart from the Management Server, which can be just one device. Although I should note that, up until now, we have not had anything like that ourselves.

Which other solutions did I evaluate?

We have looked into Sophos.

What other advice do I have?

The most valuable features are the security blades and the ease of managing the policies, searching logs for events, and correlating them.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2023
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.