Check Point NGFW OverviewUNIXBusinessApplication

Check Point NGFW is the #4 ranked solution in best firewalls. PeerSpot users give Check Point NGFW an average rating of 9.0 out of 10. Check Point NGFW is most commonly compared to Fortinet FortiGate: Check Point NGFW vs Fortinet FortiGate. Check Point NGFW is popular among the large enterprise segment, accounting for 56% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 19% of all views.
Check Point NGFW Buyer's Guide

Download the Check Point NGFW Buyer's Guide including reviews and more. Updated: November 2022

What is Check Point NGFW?

Check Point NGFW is a next generation firewall that enables safe usage of internet applications by blocking malicious applications and unblocking safe applications. Check Point NGFW, which uses deep packet inspection to identify and control applications, has features such as application and user control and integrated intrusion prevention (IPS), as well as more advanced malware prevention capabilities like sandboxing.

Check Point NGFW includes 23 firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance.

Benefits of Check Point's Next Generation Firewall

  • Robust security: Check Point NGFW delivers the best possible threat prevention with SandBlast Zero Day protection. The SandBlast protection agent constantly inspects passing network traffic for exploits and vulnerabilities. Suspicious files are then emulated in a virtual sandbox in order to detect and report malicious behavior.

  • Security at hyperscale: On-demand hyperscale threat prevention performance provides cloud level expansion and resiliency on premises.

  • Unified management: Check Point's SmartConsole makes it easy to manage and configure network security environments and policies. With the SmartConsole, users can manage all the firewall gateways and access logs and install databases from one location. Unified management control across the network increases the efficiency of security operations and reduces IT costs.
  • Continuous logging: Check Point NGFW’s Threat Management feature detects vulnerabilities and logs them. Using the logged data, users can easily create and implement efficient security policies.

  • Remote access: The remote access VPN provides a seamless connection for remote users.

Check Point NGFW is suitable for organizations of all sizes, from small businesses to larger enterprises.

Reviews from Real Users

Check Point NGFW stands out among its competitors for a number of reasons. Two major ones are its intrusion prevention feature as well as its centralized management, which makes it very easy to deploy firewall policies to many firewalls with one click.

Shivani J., a network security administrator, writes, "Check Point has a lot of features. The ones I love are the antivirus, intrusion prevention, and data loss prevention."

G., a network administrator at Secretaría de Finanzas de Aguascalientes, writes, “Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution. The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters.”

Arun J., a senior network engineer, notes, “The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them.”

Check Point NGFW was previously known as Check Point NG Firewall, Check Point Next Generation Firewall.

Check Point NGFW Customers

Control Southern, Optimal Media

Check Point NGFW Video

Check Point NGFW Pricing Advice

What users are saying about Check Point NGFW pricing:
  • "It is more expensive than Cisco ASA but cheaper than Palo Alto."
  • "The price of this product is not too costly and you do not need to pay for all of the features."
  • "The licensing is straightforward; there are only three types of licenses that include NGFW, NGTP, and SNBT, so the organization can choose its license according to their requirements."
  • "The cost of the pricing and licensing are okay. They are giving me a good product as far as I know. It is more expensive than Cisco, but cheaper than Palo Alto, which is fine. It has many good features, so it deserves a good price as well."
  • "They sell it in one box. In that one box, they sell Antivirus and Threat Prevention. They have everything, so we are not required to purchase additional IPS hardware for it."
  • Check Point NGFW Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Network Associate at a wireless company with 1,001-5,000 employees
    Real User
    Top 10
    Centrally managed, good antivirus and attack prevention capabilities, knowledgeable support
    Pros and Cons
    • "We have between five and ten firewalls on-premises, and if we want to configure or push the same configuration to all of the firewalls, then the centralized management system is very helpful."
    • "The level and availability of training should be improved."

    What is our primary use case?

    We use firewalls to protect our private environment from the public environment. My IT group is in charge of protecting the environment and maintaining safe usage of the internet. This product gives us a better, safer solution for the users within our company. 

    How has it helped my organization?

    Using this solution saves us time because nowadays, there are many malicious sites, as well as other threats and viruses on the internet. As it is now, we are not required to do anything because we have the antivirus and regular updates from Check Point. That is very helpful for us because when new viruses emerge, we just install the new signature and it works to protect us.

    What used to take me seven days to do, now takes me only five. However, this is not just a time benefit because it better protects our environment as well. I estimate a 20% to 30% reduction in the number of attacks, compared to before.

    What is most valuable?

    I like the antivirus, attack prevention, three-layer architecture, and data center management features.

    The antivirus updates are quite frequent, which is something that I like.

    Central management is a key feature. We have between five and ten firewalls on-premises, and if we want to configure or push the same configuration to all of the firewalls, then the centralized management system is very helpful. It means that we only have to push the configuration once and it gets published on all of the firewalls.

    What needs improvement?

    The level and availability of training should be improved. I have seen people that are not well trained on the Check Point firewall and the reason is simply that the quality of available training is poor compared to that of other firewalls on the market.

    The command-line interface (CLI) should be more user-friendly.

    Buyer's Guide
    Check Point NGFW
    November 2022
    Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
    653,522 professionals have used our research since 2012.

    For how long have I used the solution?

    I have been using Check Point NGFW for approximately four years, since 2017.

    What do I think about the stability of the solution?

    I work on the Check Point firewall five days a week and the stability is very good. In general, the updates to the software and antivirus are very stable. We have not faced any issues.

    What do I think about the scalability of the solution?

    It is very easy to scale and extend usage. We started with five firewalls and now there are approximately ten. There is not much effort required to scale and it is not very complex.

    Directly or indirectly, there are between 2,000 and 3,000 people using it. Whenever their traffic is required to be sent to the internet from the office environment, the traffic passes through the firewall.

    How are customer service and support?

    We are very happy with our experience with technical support. They are very knowledgeable and the process for resolving tickets or problems is fast. We have had incidents dealt with quickly by their team. 

    Which solution did I use previously and why did I switch?

    Prior to Check Point, we were using Cisco ASA and we are still using it today. The reason for implementing Check Point is that we wanted more advanced features. What we found was that after 2017, we needed better protection for our environment, and that is something that comes with advanced firewalls such as Check Point and Palo Alto.

    I'm very happy with the Check Point firewall because it includes many features that are missing from Cisco ASA. Also, it offers a better and easier experience.

    One of the significant differences is that Cisco ASA does not have a central management system. If we want to configure 10 firewalls with the same configuration, it is not possible to push them all at once. Instead, you have to configure them one by one. Apart from that, the antivirus and threat management need additional hardware because the functionality is not present in Cisco ASA. 

    One of the positive points about Cisco ASA is that the training is very good, and it is available on the internet. This makes it easy to use for somebody who is new to the product. This is unlike the case with Check Point, where quality training is not available.

    How was the initial setup?

    We found the initial setup to be straightforward, as we have many experienced people in our team and they have worked with Check Point firewalls. 

    We used the central management functionality a lot, and we initially configured five or six firewalls. It took between six and seven months for the complete deployment.

    Our implementation strategy included the three-layer architecture, the centralized management system, the console, and the web UI. We followed the process that was recommended by Check Point.

    What about the implementation team?

    Our in-house team was in charge of the deployment. We have a team of seven people that work in shifts, and we did all of the work, with some support from Check Point.

    Six or seven people in different shifts are required for maintenance. At any given time, we generally work with two or three people during the same shift. I think that two people working at the same time are sufficient.

    What was our ROI?

    We have seen ROI and when you consider the features like central management, antivirus, and threat management, it is a good investment.

    We did have cost savings, moving to Check Point from Cisco ASA. We required additional hardware devices, such as an IPS solution, antivirus, and threat management. In addition, we needed too many resources because we had so many individual ASA firewalls. There was no central management system, so more staff were required.

    Ultimately, with Check Point, we needed fewer people and we also saved on the cost of hardware.

    What's my experience with pricing, setup cost, and licensing?

    The price of this solution is average; not too high and not too low. It is more expensive than Cisco ASA but cheaper than Palo Alto.

    After the first package of licenses, we have not needed to purchase additional ones. When our license expires then we will purchase another one. 

    Which other solutions did I evaluate?

    We also evaluated a solution by Palo Alto and we chose Check Point because it was more cost-friendly.

    What other advice do I have?

    The biggest lesson that I have learned from using this product is that it is good to see a company like Check Point is continuously working on the quality of their product, and we should learn from that. It is good to improve over time because it is very easy to get into the market, but it is not too easy to sustain. 

    My advice for anybody who is implementing this firewall is to ensure that they are trained completely because it is not easy to use. Moreover, there is not much training available online, so you want to have trained with the device. This is a product with many features, which are pros, but these same features can become cons if you are not using it with complete knowledge.

    In summary, this is a good product and they have been improving continuously, but there are still some areas to improve.

    I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    User
    Top 20
    Scalable with seamless failover capabilities and excellent logging functionality
    Pros and Cons
    • "The failover from one device to the other has been seamless and we find that we do not lose ongoing SIP calls or Teams chats."
    • "We find the GUI to be wrong and the CLI doesn't always show all of the connections."

    What is our primary use case?

    We needed to replace our external firewall solution as we were having issues with the HTTPS inspection on our previous solution and the level of support being provided was terrible, leaving us with an issue that could not be fixed for over six months. 

    We had already deployed a new internal firewall solution but needed something that would protect that from external factors. We also needed a new solution to replace our client VPN solution. The Check Point solution gave us that as one whole solution instead of having to manage multiple services.

    How has it helped my organization?

    Our policy is to deny all outbound traffic unless we allow it, which can generate a lot of work to build a rule base that allows everything we need to get out. 

    This solution has made managing connections out to the web much better due to the categorisation and app control that is available. Being able to say certain apps and services are allowed out, instead of finding all the relevant IPs, has massively reduced the workload. The ability to manage the Client VPN and relevant rules for that in the same location has also improved the way we work. Having links into AD for group membership recognition and having rules based around this has been very useful in improving the way remote users can access the network.

    What is most valuable?

    Logging has been excellent. Being able to see all logs from all the various firewalls at different sites in one window has made fault finding much easier. We can see how the traffic is moving through the sites and on which firewall. 

    It has also been easy to see machines that may have had infections as we can report easily on devices trying to talk out to sites and services that are known to be dangerous. We have these set up as an HA pair on our main site and we have a lot of audio and video services that go out over the web. 

    The failover from one device to the other has been seamless and we find that we do not lose ongoing SIP calls or Teams chats. 

    What needs improvement?

    The functionality of the S2S VPN service has been temperamental for us at times and is not always simple to manage or check the state of. 

    We find the GUI to be wrong and the CLI doesn't always show all of the connections. 

    From a general usability point of view, if you have not used Check Point before, the learning curve is steep. Perhaps managing and configuring the devices could be streamlined for people with less experience so that they can pick it up quicker. There needs to be extra wizards for the out-of-the-box builds.

    For how long have I used the solution?

    I've used the solution for six months.

    What do I think about the stability of the solution?

    On the firewall side and content filtering side of the solution, it has been faultless. There has been no real downtime to note and the access to the web via relevant rules has always worked as expected.

    What do I think about the scalability of the solution?

    We have a fairly small setup in the grand scheme of things, however, from what we have seen, the ability to add in new firewalls or increase the hardware spec seems very good and it would be easy to transition from older to newer hardware when the time comes.

    How are customer service and support?

    Due to the support model we signed up for, we don't deal directly with Check Point support. We deal with the vendor first and they will deal with any 1st/2nd and even most 3rd priority issues. They would then go to Check Point if they need more assistance on our behalf. The level of support and responsiveness of their support has been excellent. We're always getting at least a response within a few hours, even on a P3/P4 issue.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We did have another solution, but due to an issue with the HTTPS inspection that the manufacturer was not able to properly rectify or fix for 6 months, we lost faith in their ability to provide adequate support going forward for any issues we might come across. 

    How was the initial setup?

    The setup was complex due to the nature of the Check Point firewalls and us having to make some config setup in one portal and others on the CLI. We also had to arrange the rule base via the management console. There could be 3 different places you need to make various changes. We also used private microwave links as redundancy for VPN connections and that had caused significant issues in getting set up as the link selection did not cooperate at first.

    What about the implementation team?

    We implemented via a vendor and I have to say their level of expertise was brilliant. Every question we threw at them, they were able to provide an answer to. 

    What was our ROI?

    It was not the cheapest solution to go for, but the amount of admin time that has been saved by the use of Check Point firewalls has definitely given us a great return, giving us more time to work on other aspects of our network. Also, being able to consolidate 2 solutions (Firewall and Client VPN) into one solution has saved more money and admin time. 

    What's my experience with pricing, setup cost, and licensing?

    We found that Check Point was very flexible with its pricing. We were looking at a spec of hardware in other solutions. We found that Check Point did not have a direct competitor, but to help with the bid, they managed to reduce the costs of their higher-spec hardware to make it competitive with the other solutions we were looking at. It's not our fault they did not produce the hardware of a similar spec. It's up to them to try and provide a solution that would make it a competitive solution. 

    Which other solutions did I evaluate?

    We looked at several other solutions in including Palo Alto at the top of the market and Sophos XG further down.

    What other advice do I have?

    I would say as good as the solution is, if you are looking to get the most out of it, you should look to get a company or consultant who knows the Check Point solution inside out to assist with the setup. We found a partner who specialized in Check Point and we would not have been able to get it to the stage we have without them.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Check Point NGFW
    November 2022
    Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
    653,522 professionals have used our research since 2012.
    Network Security Engineer at a tech services company with 10,001+ employees
    Real User
    Top 10
    Good support, granular policy configuration options, and a good VPN that facilitates remote working
    Pros and Cons
    • "There are many useful features including the Office VPN, which provides us with a seamless connection for users who are working remotely."
    • "The study material for Check Point needs to be improved, as well as the cost for certification."

    What is our primary use case?

    The purpose of using the firewall is to protect the users from the external network, internet. Apart from that, we have set up IPsec tunnels between two different sites, and for internal usage, between two different zones, we use these firewalls as well.

    Our environment consists of a 3-tier architecture, which is recommended by Check Point. We use the central management system to manage our 3-tier architecture, and we use the Smart Console as well.

    How has it helped my organization?

    This solution has improved the way our organization functions in multiple ways. For example, during the pandemic situation, things completely shifted. People who are working from the office are now working from home, and it is our responsibility, as network security engineers, to monitor the home users. We do not want them to access any blacklisted sites and we want to make sure that they are protected from threats and risks from the internet.

    With the Office Mode VPN, it would not be possible to manage work from home because the security would not be in place. We have more granular security options with this firewall.

    What is most valuable?

    There are many useful features including the Office VPN, which provides us with a seamless connection for users who are working remotely. This is helpful for our employees that are working from home, as they get the same office environment as if they were on-premises. It is also helpful for us as an organization because we have good control and visibility over their data, including network traffic packets.

    What needs improvement?

    There are two major areas that need to be improved.

    The study material for Check Point needs to be improved, as well as the cost for certification. One of my friends recently completed the certification and it was costlier than other firewall security certificates.

    The reports are generally good but there is not much control. We would like to have more filters. Essentially, we want more granular reporting.

    For how long have I used the solution?

    I have been using Check Point NGFW since 2018.

    What do I think about the stability of the solution?

    There are no issues with stability that we have found. It is a good brand, and it is one of the oldest and finest firewalls on the market right now.

    What do I think about the scalability of the solution?

    Scalability is not a problem. It has both UI and CLI-based options to configure it, and it is not difficult to extend or scale. We have between four and six deployments and we plan to continue using it in the future. As we are growing, we will continue to expand its usage.

    We have about 12 people working directly with Check Point NGFW. There are approximately 4,000 users who are indirectly using it, as their traffic passes through the firewall. It is used by the entire organization.

    How are customer service and technical support?

    We have support available from the Check Point TAC team. Our experience with them has been pretty good. We haven't had any issues or problems communicating with them or getting a solution from them.

    Which solution did I use previously and why did I switch?

    Prior to Check Point, we were using Cisco ASA.

    The problem with Cisco ASA is that it is a purely CLl-based firewall. Check Point is not only UI and CLI-based, but it is also a next-generation firewall. It has many different and more advanced features, compared to Cisco ASA.

    For example, in Cisco ASA, we can use only two gateways in active-active mode, but with this product, we can use five gateways at a time. Another difference is that the Cisco ASA policy configuration options are not as granular as Check Point.

    How was the initial setup?

    The initial setup process was very straightforward.

    Our deployment took between seven and eight months, which included replacing our Cisco ASA firewall. It began with the planning, then implementation, followed by validation, and then we replaced the existing firewall. It would have been a little complex for us, but we did it all in a very straightforward manner.

    What about the implementation team?

    We have a very good in-house engineering team that does the setup and configuration. We did not require any third-party assistance because we have had full training on it.

    Our deployment included seven or eight people who were working in different shifts. Similarly, we have three to four network security engineers working in shifts who maintain it. This includes things like dealing with tickets for updating policies.

    What was our ROI?

    We are happy with the return that we are getting from this firewall.

    Rather than money, this product is saving the security of our organization. This is the first thing that we were looking for, before deploying this firewall in our organization. We know that ASA is cheaper than Check Point, but our concentration was making the environment more secure.

    Cost-wise, it is more expensive than Cisco ASA, but the returns include better security and more granular options. We are happy with that. We were not looking to save money but rather, providing a safer environment for our users.

    What's my experience with pricing, setup cost, and licensing?

    The price of this product is not too costly and you do not need to pay for all of the features. It is more expensive than Cisco ASA, yet cheaper than a similar product by Palo Alto. The cost varies, depending on the service. For example, we have opted for Geo Protection, which is something that costs extra, but we wanted that feature.

    Which other solutions did I evaluate?

    We did not evaluate other options. We only compared the differences between our existing Cisco ASA implementation and Check Point.

    What other advice do I have?

    The biggest lesson that I have learned from using this product is that the TAC team is very knowledgeable and supportive. If I want to understand something or if I have doubts, then usually clear it up and make sure that I understand the logic. I have learned a lot from them.

    This is a product that is rich in features and my advice for anybody who is deploying it for the first time is to learn about them in advance. It is a little bit different than a CLI-based firewall and I recommend learning about all of the features before deploying it.

    At this point, we are happy with the results that we are getting from Check Point, and are not looking to replace it. It works as we were expecting before it was deployed.

    I would rate this solution a ten out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Basil Dange - PeerSpot reviewer
    Senior Manager at a financial services firm with 10,001+ employees
    Real User
    Top 5Leaderboard
    Good support, flexible, scales well, and provides centralized policy management
    Pros and Cons
    • "It provides access to the Internet for corporate resources in a secure manner."
    • "The firewall throughput or performance reduces drastically after enabling each module/blade."

    What is our primary use case?

    The primary use is to protect the organization from any kind of attack. It is able to isolate, secure, and control every device on the network at all times. Solutions should have the ability to block infected devices from accessing corporate data and assets.

    It provides access to the Internet for corporate resources in a secure manner. Our resources are used to host applications and services that are accessible to end-users over the Internet.

    It is used to provide required/limited access for third parties who want to connect to our corporate network. Access is granted based on application type and should be independent of port or protocol.

    It provides next-generation protection including IPS/Web Filtering/SSL decryption and more. 

    It offers centralized policy management capabilities for all firewalls.

    How has it helped my organization?

    This solution was able to provide access to our internet-based resources using our application/FQDN.

    The license offers different modules for NGTP and SNBT. It provides multiple functionality or blades, which can be enabled on the firewall depending upon organizational requirements.

    Other than stateful packet filtering with the NGTP license, it provides blades such as IPS/URL/VPN/Application Control/content awareness/Anti-Bot/Anti-Virus/Anti-Spam. With SNBT, it provides additional security using the SandBlast Threat Emulation and SandBlast Threat Extraction for Zero-day attacks in real-time.

    Any file, before it reaches an endpoint, is executed in a virtual environment for analysis. Based on the verdict and configured policy, a decision will be made as to whether it should be delivered to the endpoint or not.

    What is most valuable?

    It provides the flexibility to use any module with the NGTP and SNBT license. Depending upon the requirements, the blades/module can be enabled on the firewall security gateway and it can be deployed easily.

    In case SSL decryption or IPS need to be enabled on any security gateway, it is simple to do. We can go ahead and enable the module/blade and then create a policy, deploy it, and it will start to work.

    It has a default five-user license for Mobile/SSL VPN, so the organization can check the solution any time or can even provide access to critical users on an as-needed basis, without getting the OEM involved, all on the same box.

    For smaller organizations with the correct sizing of the appliance, they can use the full security solution on a single box. It will provide financial benefits along with reducing the cost of purchasing additional solutions or appliances. 

    For example:

    • URL Filtering Module: It can replace the proxy solution for on-premises users with integration of application control and the Identity module. Active Directory access can be provided based on the User ID and the website or application.
    • SSL VPN or SSL decryptor, and more. 
    • Core assignment for each interface, which can be done using the CLI. If the administrator determines that a particular interface requires more compute, he can manually assign additional cores accordingly. This is done by enabling hyperthreading on the firewall. 
    • The policy can be copied from any security gateway and pasted onto another one.

    What needs improvement?

    This is a zone-based firewall, which differs from other firewall solutions available on the market. It changes the way the admin manages firewall policy. The administrator has to be careful while defining policy because it can lead to configuration errors, allowing unwanted access.

    For example, if a user needs to access the internet on the HTTPS port, then the administrator has to create a policy as below, rather than using NAT for assigning the user's machine to a public IP.

    Source: User machine
    Destination: any
    Port: HTTPS
    Action: allow (for allowing the user's machine access)

    This has to be done along with the below policy:

    Source: User machine
    Destination: Other Zone created on Firewall
    Port: HTTPS
    Action: block 

    The two policies, together, mean that the user's machine will not be able to communicate with any other L3 Network created on the firewall.

    The firewall throughput or performance reduces drastically after enabling each module/blade.

    It does not provide for standalone configuration on the security gateway. Instead, you need to have a management server/smart console for managing it. This can be deployed on a dedicated server or can be deployed on the security gateway itself.

    For how long have I used the solution?

    I have been using the Check Point NGFW for more than eight years.

    What do I think about the stability of the solution?

    This solution is very much stable and does not require frequent changes in architecture. The patch frequency is limited and it does not require frequent maintenance windows in terms of downtime.

    What do I think about the scalability of the solution?

    This firewall is very much scalable. The introduction of Maestro has changed the concept of hyperscaling.  

    How are customer service and technical support?

    The technical support is excellent. The center is located in major cities in India along with the Check Point presales team.

    Which solution did I use previously and why did I switch?

    We did not use another solution prior to this one. We have been using Check Point for a long time.

    How was the initial setup?

    During the initial setup, support is excellent. It is a well-known OEM and they have people ready to resolve any issue that should arise.

    What about the implementation team?

    Our in-house team deployed it with support from the OEM.

    What's my experience with pricing, setup cost, and licensing?

    Cost-wise, it cheaper than industry leaders such as Palo Alto. The licensing is straightforward; there are only three types of licenses that include NGFW, NGTP, and SNBT, so the organization can choose its license according to their requirements.

    Which other solutions did I evaluate?

    We have evaluated solutions by Juniper, Cisco, and Palo Alto.

    What other advice do I have?

    Before implementing the security gateway, you need to be sure about the license and modules that you are going to enable. This includes determining the proper size, as it can affect throughput drastically after enabling each module. This is especially true for SSL decryption.

    The architecture needs to be studied before finalizing, as the configuration is done remotely using the centralized smart console. All of the security gateways need to be connected to the management server for any policy configuration, and they should be available at all times.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Sr. Network Engineer at a tech services company with 1,001-5,000 employees
    Real User
    Top 10
    Easy to control from the central management system, providing us time savings
    Pros and Cons
    • "It is easy to control from the central management system. For example, if we have 10 firewalls, and we want to push that same configuration among them, we can use this solution's central management system to do that simultaneously. So, there is time saving in that way. The time savings does depend on the situation. For example, if I am running half an hour of work on each firewall, that will take around 300 minutes. However, if I do this work from the central management system, then it will only take 30 minutes to push the same configuration to those same 10 devices."
    • "While the logs are very good and easy to understand, when you want to download these customized logs, they don't have as many features compared to competitive firewalls."

    What is our primary use case?

    I work as an internal network team member. We protect the company environment from outside threats, outside viruses, and ransomware attacks. It is kind of an IT administrator job.

    They are protecting internal security as well as giving us security from the outside world or public environment. 

    How has it helped my organization?

    It protects the environment. It gives advanced features to our company, like Antivirus, more granular security policies, and more control over the traffic, e.g., what we want to allow or deny to our environment. 

    What is most valuable?

    What I like about this firewall is it has a central management system. We can configure or monitor a number of firewalls at a time from the central management system. 

    They have a logging system where we can have our logs visible. The logs are easy to view and understand. 

    What needs improvement?

    While the logs are very good and easy to understand, when you want to download these customized logs, they don't have as many features compared to competitive firewalls. 

    Check Point has a very good Antivirus feature. However, compared to the competition in the market, it is lacking somewhere. In my last organization, I worked with Palo Alto Networks as well. I found that while they both have an antivirus feature, the Palo Alto antivirus feature is much better. Check Point should improve this feature. It is a good feature, but compared to Palo Alto, it lacks.

    For how long have I used the solution?

    I have been using it for the last three years, since 2017.

    What do I think about the stability of the solution?

    Check Point is already a very big name in the market. Our software updates, even the Antivirus updates, are very stable in the market. There are no problems with its stability.

    Performing maintenance for a solution takes around 12 people. Maintenance is something that our team is capable of. Internally, we have had many training sessions on Check Point Firewall. Our seniors have managed that for us so we are capable of doing it. Most of our BAU is done by us.

    What do I think about the scalability of the solution?

    Scalability is very easy. I haven't found anything that is the issue with the scalability of this firewall. If you have complete knowledge of it, the scalability is not tough.

    How are customer service and technical support?

    I used their assistance many times. The experience with them is sometimes very good. They give the best solution in a short amount of time. Two out of 10 times, I feel that they are only looking to close their tickets. They are keen to do that. My personal experience with the support is an eight out of 10.

    Which solution did I use previously and why did I switch?

    We currently use Check Point and Cisco ASA. The purpose for the company is to increase the security. They were only using Cisco ASA Firewall, which is kind of a degrading firewall right now because it lacks many features, which are advanced in Check Point Firewall. With Cisco ASA, we need to purchase additional IPS hardware. But, for Check Point, we do not require that. Also, if we want the same configuration for multiple firewalls at a time, then Cisco ASA does not support that. We have to create the same policy in each firewall.

    How was the initial setup?

    We have our own on-premises firewalls, not cloud-based. The production time took around nine to 12 months' time. The setup was completed during this time.

    We follow the three-tier architecture for this firewall, which is also recommended by Check Point. We have the central management device as well as the web console and firewall.

    What about the implementation team?

    For the deployment process, there were only four senior network engineers involved from our company.

    What was our ROI?

    It is easy to control from the central management system. For example, if we have 10 firewalls, and we want to push that same configuration among them, we can use this solution's central management system to do that simultaneously. So, there is time saving in that way. The time savings does depend on the situation. For example, if I am running half an hour of work on each firewall, that will take around 300 minutes. However, if I do this work from the central management system, then it will only take 30 minutes to push the same configuration to those same 10 devices.

    What's my experience with pricing, setup cost, and licensing?

    They sell it in one box. In that one box, they sell Antivirus and Threat Prevention. They have everything, so we are not required to purchase additional IPS hardware for it.

    The cost of the pricing and licensing are okay. They are giving me a good product as far as I know. It is more expensive than Cisco, but cheaper than Palo Alto, which is fine. It has many good features, so it deserves a good price as well.

    Which other solutions did I evaluate?

    I have experience with Palo Alto Networks Firewalls and Cisco ASA Firewall. Compared to these solutions, Check Point has a very good, understandable log viewer. It is easy to view and understand the logs, which helps a lot while doing troubleshooting or making new security policies for the organization. Also, it is very easy to create new security policy rules.

    The Check Point Antivirus feature lacks in comparison to Palo Alto Networks. Also, compared to other competitive solutions, the training for Check Point available right now is very expensive as well as the certification is little expensive.

    What other advice do I have?

    Get properly trained. When I entered this organization, I struggled with this firewall. There are very few good quality training programs available in the market. Or, if it is available, then it is very expensive. So, I advise new people to get properly trained because it has many feature sets, and if they do not use them with the proper knowledge, then it could worsen their situation.

    I am happy with the organization's progress, as they work hard on their product. It is a good lesson from a personal level: We should work hard and improve ourselves. 

    I would rate this solution as a nine out of 10.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    IT System Operations Manager at Hamamatsu Photonics KK
    User
    Top 20
    Has a well-designed dashboard with great threat analysis reporting and good scalability
    Pros and Cons
    • "Policy configuration has been consistent over the years, so there is not much of a learning curve as upgrades are released."
    • "The software licensing model is too complicated with all the various tiers of SKUs (i.e. per software blade). They need to simplify this for easier purchasing and renewing."

    What is our primary use case?

    Check Point is currently our perimeter firewall at various locations. We use their failover clustering with high availability option, which performs flawlessly. Upgrades are easy to perform and have always worked reliably for us. Technical support is always available to assist with these operations, which makes the process less stressful to the admins. 

    We are also using their ISP Redundancy feature, which works as advertised - perfectly! It's easy to implement, especially with the awesome documentation from our engineer. We also use their Remote Access VPN offering and have really seen its value this past year, due to COVID-19. The VPN has been 100% rock solid, especially during the most critical times in our history.

    How has it helped my organization?

    As mentioned in the primary use case question, ISP Redundancy and VPN are the two primary use cases. When the pandemic hit, a sudden shift to a remote workforce was a major requirement for us, and we needed a reliable and stable firewall. Implementing ISP Redundancy helped ensure that, as well as having a tried and tested VPN solution. Upgrades have occurred during this time and manually planned failovers as well; every upgrade and test went smoothly and without issue. The last thing we could afford is an outage.

    What is most valuable?

    They offer very scalable solutions to extend compute resources if needed so initial sizing isn't too much of an issue as you can easily add more resources if needed. Reliability is a major factor in any hardware or software solution, and Check Point uses leading-edge hardware, and their software upgrade process is flexible for various deployment requirements. 

    Policy configuration has been consistent over the years, so there is not much of a learning curve as upgrades are released. 

    Their threat analysis reporting from their management console is very comprehensive and easy to use. Their web-based dashboard is well designed and offers many out-of-the-box reporting, and provides admins extensive customizations.

    What needs improvement?

    The pricing is on the high end, specifically with the software licensing, although they are flexible on some levels, and offer hardware buyback options when upgrading. 

    The software licensing model is too complicated with all the various tiers of SKUs (i.e. per software blade). They need to simplify this for easier purchasing and renewing. 

    Customer support is not always as responsive with solutions as you might need. They do provide on-the-spot assistance when upgrading, which is great. However, there are times when an issue is reported and it may take a week or two before a solution is provided.

    For how long have I used the solution?

    We have been using Check Point firewalls for 20+ years. We originally used the Nokia hardware platform, which was not technically NGFW at the time, however, the OS and its configuration have maintained some similarities over the years. It keeps getting better every release.

    What do I think about the stability of the solution?

    Lately, stability is 100% reliable. Earlier generation firewalls were a bit unreliable, however, as Check Point acquired third-party hardware. For example, their Nokia acquired security appliances had a firmware that worked, until they started to modify the firmware (IPSO 6.0 was solid, but problems started with our upgrade to R75), then it became less stable; frequent crashes, settings not saving, high availability issues, frequent reboots required.  Eventually, we upgraded to their NGFW offerings.  Their newer hardware, and firmware R77.x was released, and we have been stable ever since.  Upgrades to R80.x have been flawless, HA works as expected, and we have had zero performance issues.

    What do I think about the scalability of the solution?

    They are very scalable. If you need more computing resources, adding more hardware is easily done.

    How are customer service and support?

    Customer support is not always as responsive to finding solutions as you might need. They do provide on-the-spot assistance when upgrading, which is great. However, there are times when an issue is reported and it may take a week or two before a solution is provided.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We have always used Check Point.

    How was the initial setup?

    Setup was very straightforward and easy. We did have the assistance of our Check Point engineer, which is just awesome.

    What about the implementation team?

    We implemented through Check Point directly.

    What was our ROI?

    I do not measure ROI financially, although personally speaking, we have definitely gotten back every dollar we've spent by having reliable and secure infrastructure.

    What's my experience with pricing, setup cost, and licensing?

    The setup cost is not a challenge at all. Check Point engineers work directly with you throughout the whole process. The pricing is high, for the hardware and software, although discounts are negotiable. The software blade licensing is broken down into many flavors, depending on your needs. It is very a la carte and provides various product offerings, including endpoint management, VPN, disk encryption, etc.

    Which other solutions did I evaluate?

    We did review a few competitors during a possible migration plan. The proof of concept did not yield better results, so we stayed with Check Point. We reviewed Cisco, Palo Alto, and SonicWall.

    What other advice do I have?

    If you don't need/use their a la carte software blades (FDE, Ransomware, etc.) you can always add on later. They are very accommodating with trial licensing to test in a proof of concept way. If you already have other third-party products that perform those functions, you can bundle Check Point's and save a bit of money consolidating them.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    erdemerdag - PeerSpot reviewer
    Cybersecurity Operations Engineer at a tech services company with 201-500 employees
    Real User
    Top 5Leaderboard
    Easy to install, protects well, and offers an excellent GUI
    Pros and Cons
    • "It is always on the top of the list of best firewall solutions."
    • "The routing rules and some more network settings should be listed on the Check Point Smart Console instead of GAIA Web GUI."

    What is our primary use case?

    I have been using this solution as a perimeter firewall. 

    Our organization has ISP-based DDoS protection on the outer attack surface. Then, we have Check Point Next Generation Firewall with an IPS module as a second layer of protection. And then, we have Check Point Access Control, Application, and URL filtering, anti-virus, and anti-bot modules enabled. We also have the cloud-based Check Point Threat Emulation solution and different segmentations on Check Point Firewall as a DMZ zone, internal zone, and external zone. Our internal zones have different segments to improve our security level. We apply it by dividing our network into different VLANs by using the Check Point solution.

    How has it helped my organization?

    Check Point is the first vendor in which we found the stateful firewall terminology. It is always on the top of the list of best firewall solutions. 

    Financially, the benefit of Check Point is very high when I compare it with an average firewall solution. At the end of the day, the benefits it provides are already higher than I paid. 

    Our business performance is already doubled by the help of Check Point. If we need to talk about efficiency of administrators while managing a security  solution, I consider it as one of the most important item. 

    Thanks to Check Point, our security team can easily handle different problems in time.

    What is most valuable?

    Check Point gateway and management installation are very easy. After the console-based installation steps, you can continue on the web GUI interface. This is very valuable. It doesn't let you make a simple mistake, which might be a reason to install all the systems from the beginning. It has been designed to give you flexibility as much as needed; not more, not less. It prevents human mistakes, basically.

    If I have to say just one thing as the most valuable; I will say it is the most reliable firewall solution in the world. It is easy to prove that when I compare the number of CVEs which are published in a year among firewall vendors.

    What needs improvement?

    The routing rules and some more network settings should be listed on the Check Point Smart Console instead of GAIA Web GUI. It might be a little bit confusing when an administrator remembers the location of the settings. Also, it is hard to manage the settings by always jumping from GAIA Web-based graphical user interface to Java based Smart Console dashboard. Also, Check Point Next Generation Firewall has a very detailed and well-organized CP view on the console on both CLISH and expert (/bin/bash) shells; which gives an administrator a real-time monitoring option on the console.

    For how long have I used the solution?

    I have been using it for more than six years.

    What do I think about the stability of the solution?

    On a heavy load, I haven't experienced packet loss or inconsistent behaviors.

    What do I think about the scalability of the solution?

    In the beginning, I would consider Check Point solution as not scalable enough. However, after Maestro architecture, it is extremely scalable now. The organizations does not have to pay a lot of money to plan for the next 2-3 years. They are flexible enough to allow for the extension of their systems by adding another module like a blade.

    How are customer service and support?

    The customer service and support team respond in minutes. If it is a critical issue, you can reach them in seconds via chat.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I used Palo Alto and Fortinet firewalls before. From Fortinet to Palo Alto it was a big change. 

    Fortinet was not a good enough solution as compared to PA. Then, due to finances and some other reasons, I switched to the Check Point and it was one of the best decisions in my life.

    How was the initial setup?

    The initial setup is straightforward. You just need to define disk allocation for logs and system files and backup files as an amount. Then you can continue with Web GUI to set up network, DNS, etc. settings. Then you complete your setup by installing the Smart Console interface.

    What about the implementation team?

    The Check Point support team is one of the best. When I need them, they can escalate the ticket to an appropriate level of engineer to fix the problem.

    What was our ROI?

    As a security solution in this kind of market, prestige and being reliable cannot be measured with money. It costs more than a million dollars to have a defacement attack. The costs to prevent this kind of attack cannot be measured with money, in my opinion.

    What's my experience with pricing, setup cost, and licensing?

    I'd advise others to worry about changing their firewall habits from any vendor to Check Point. It will be one of the best decisions of their life. If you have time and money to take care of other vendors, go ahead. However, if you are smart enough to manage your money and time, don't be afraid to give a chance to Check Point solution.

    Which other solutions did I evaluate?

    I did get some PoCs from other vendors such as Sophos and some other firewall vendors which are focused on small-size organizations mostly.

    What other advice do I have?

    I recommend to all system managers and security administrators to try all the enterprise firewall solutions. Then, most likely the final decision will be to use the Check Point Next Generation firewall.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    TitleNetwork Manager at Destinology
    User
    Very configurable with good VPN clients and a helpful smart view tracker
    Pros and Cons
    • "As a system administrator my favourite part of Check Point is the smart view tracker. This alone is a must-have tool for tracking all traffic traversing the Check Point appliance."
    • "The only downside to Check Point, is, due to the vast expanse of configurable options, it does become easily overwhelming."

    What is our primary use case?

    Our business houses just over 100 staff, along with over 200 devices ranging from mobile to tablets, computers, laptops, and Servers. 

    We use a Check Point 5100 cluster running R80.40 to protect our business from external threats. 

    Our network is also extended to the likes of Microsoft Azure, Amazon AWS, and other 3rd parties utilizing secure VPN tunnels terminating on our Check Point 5100 cluster. 

    Our business also offers the ability of hybrid working - which is only possible with our Check Point solution.

    How has it helped my organization?

    Prior to using Check Point, we had a Draytek small business firewall, the Draytek would often hard lock, which resulted in the loss of internet connectivity for the business. The only way around this was to reboot the Draytek device which in turn would lose logging data as to what was causing the issue. 

    Moving onto Check Point completely solved this problem. The hardware is much more capable and the logging and alerting functionality means, should anything happen (like it did with the Draytek), we would have visibility on the logs which would give us a direction for troubleshooting and mitigation. 

    What is most valuable?

    Check Point offers a secure VPN client. We distribute to our agents via group policy. Our agents can then connect to our network when working from home - which was a game-changer due to the recent pandemic situation. 

    Check Point also offers a mobile app capsule connect which, as a system administrator, has proven very useful when a high-priority issue occurs. I am able to connect to my internal network via a phone or tablet - which has proven useful in some scenarios. 

    As a system administrator my favourite part of Check Point is the smart view tracker. This alone is a must-have tool for tracking all traffic traversing the Check Point appliance. It makes troubleshooting much easier. This software alone sets Check Point out in front of the competition.

    What needs improvement?

    Check Point is very feature-rich. There aren't any features missing or that I am awaiting in a future release. 

    The only downside to Check Point, is, due to the vast expanse of configurable options, it does become easily overwhelming - especially if your coming from a small business solution like Draytek. 

    Check Point comes with a very steep learning curve. However, they do offer a solid knowledge base. Some issues I have encountered in my five years have only been resolvable via manually editing configuration files and using the CLI. Users need to keep this in mind as not everything can be configured via the web interface or their smart dashboard software. 

    For how long have I used the solution?

    I've used the solution for five years.

    What do I think about the stability of the solution?

    The solution was not always stable when running the older R77.30 version. Paired with a mid-spec box, we did find some issues with performance on more than one occasion, specifically the network would slow to a halt until a system reboot, there was nothing within the error logging and our external SOC couldnt find anything either. We'd often when updating the firewall policy it would fail to deploy usually taking around three or four policy pushes each taking about 20 minutes. We are now running much faster hardware with the later R80.30 release and those issues have completely disappeared.

    What do I think about the scalability of the solution?

    Scaling is dependant on the size of your network. Check Point does offer a wide range of lower to high spec appliances depending on your scale set.

    How are customer service and support?

    I've only had two instances using their support as we have a third party on contract for third-line issues that I cannot resolve. They were prompt yet not shy about pointing out potential issues with third parties and it not being their appliance. 

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We used Draytek. It didn't offer the security features that Check Point does and we were a victim to a successful attack from external sources which Check Point would have caught. We also found the hardware of Draytek was too underpowered to handle the size of our network. 

    How was the initial setup?

    A third party installed the appliances initially. It is a complex process, as Check Point is vast in features and very configurable. You find yourself using the web interface, their own management software smart dashboard, and a mixture of CLI and config files to get your end result. 

    What about the implementation team?

    We implemented it through a vendor team. Their level of expertise ranged as we moved through three separate technicians during our installation which was problematic. I wouldn't use this particular vendor again. That said, this was nothing against Check Point. 

    What was our ROI?

    You cannot put a price on security. Check Point is a field leader. However, it comes at a high price. 

    What's my experience with pricing, setup cost, and licensing?

    If you have no experience with Check Point and you are on a deadline, it's essential you find a company certified to help with the deployment and configuration. The feature set is rich however, it's not always user-friendly. 

    Pricing, including licensing, is very expensive compared to alternate products such as Sophos, Barracuda, or FortiGate

    Which other solutions did I evaluate?

    We evaluated Fortigate, Sophos XG, and Barracuda. However, ultimately the decision boiled down to our parent company already using Check Point. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
    Updated: November 2022
    Product Categories
    Firewalls
    Buyer's Guide
    Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.