Coming October 25: PeerSpot Awards will be announced! Learn more
Gulrez - PeerSpot reviewer
Manager at Kotak Mahindra Bank
Real User
Top 5
Good traffic visibility, integrates well with third-party solutions, and it's easy to implement
Pros and Cons
  • "The threat emulation blade and user identity awareness feature has helped us a lot in terms of perimeter security and have given us granular visibility of user access."
  • "Right now, with a larger user database and a high number of rules, it takes a bit of time for policy installation."

What is our primary use case?

The role NGFW plays is to protect the organization against Layer 7 network attacks.

The solution has helped us to guard our perimeter security on a wider level. This is not like plain vanilla firewall. We have got a wider visibility with the help of this next-generation firewall; it shows us the traffic flowing across the network and based upon that, we have made the modifications required to restrict access.

Also, the active cluster module has helped us to balance the load during peak hours. Since moving to the active-active module, we have got the much-needed breathing space.

How has it helped my organization?

It has helped us to inspect traffic, not only with a limited protocol base but on the application/service level inspection too.

The service base access policy has provided us with a next-level restriction, which wasn't there on old school firewalls.

The integrated threat & anti-bot blade gives us protection from zero-day attacks and these can be blocked using analysis & signature matching.

The integrated intrusion prevention blade not only gives an additional level of security but also cuts down the load to manage an extra device.

What is most valuable?

The threat emulation blade and user identity awareness feature has helped us a lot in terms of perimeter security and have given us granular visibility of user access.

The integration with third-party vendors is quite easy and well defined, which really helps you with the automation.

The integration of gateways with a centralized managed server gives you full control in a single place.

The setup and implementation are quite easy and the logs and reports are elaborative and effective for securing the network.

What needs improvement?

The one area that I would like to see a change in is policy installation. Right now, with a larger user database and a high number of rules, it takes a bit of time for policy installation. There is definitely some improvement in the R80 version; however, I believe that it should not take more than one minute to refresh the database. Also, there is a significant spike in gateway resource utilization during policy installation. 

The additional blades have an impact on resource utilization, hence scope of improvement is needed here too.

Buyer's Guide
Check Point NGFW
October 2022
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
636,406 professionals have used our research since 2012.

For how long have I used the solution?

I am using Check Point NGFW for the past five to six years for perimeter & internal security.

What do I think about the stability of the solution?

The solution is quite stable, however some issues also observed in new version release & same is fixed through hotfix/portfix once it is highlighted to the TAC 

What do I think about the scalability of the solution?

The new hyperscale module gives you the much-needed breathing space, which the industry was looking at for quite a long time.

How are customer service and support?

When it comes to technical support, Check Point is on another level. The support engineers are very well versed with the solution they are managing.

How was the initial setup?

The initial setup & integration was quite easy, and the support during migration was outstanding.

What about the implementation team?

It was a collaborative effort of our in-house and vendor teams. The support was good & quite appreciable.

What was our ROI?

It's good & the same as expected.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
System Engineer at Infosys
Vendor
User-friendly with a great Smart Console and easy management capabilities
Pros and Cons
  • "Everything is easily managed through their Smart Console dashboard. It's a very easy-to-understand dashboard that provides a detailed view."
  • "While not being cheap, their pricing models are competitive. In the pricing structure, however, they need improvement."

What is our primary use case?

The Check Point firewall is a reliable perimeter security product. Check Point gives me access to explore various security features in a single box (loaded with all features that an organization needs most). 

I can say I have been using it for one year and getting a grip on it and I will always try to implement it wherever it is required. 

When it comes to Check Point, there are great security features and a marvelous inbuilt design that caters to handling all threats, including zero-day attacks and perimeter security. I really like the user-friendly interface of the Smart Console dashboard and the maximum security is integrated.

How has it helped my organization?

The intruder blocking real-time is a great feature that does not even require policy installation or committing to something. This feature enables real-time attack mitigation along with full security access which helps our organization to improve its security factors. 

IPS detection is a big plus for me since it deeply scans the packet. 

URL fileting along with application control gives me the access to manage the least privilege to maximum rights on a single click.

What is most valuable?

The product provides multiple security layers that build upon each other, from the traditional security policy that is IP and port-based to application security, intrusion prevention, and their latest sandblast cloud-based malware detection. 

Everything is easily managed through their Smart Console dashboard. It's a very easy-to-understand dashboard that provides a detailed view. Check Point helps to resolve a lot of problems, such as showing our organization all known threats. 

It is easy to deploy and manage. 

The product offers a simple Web User Interface.

What needs improvement?

While not being cheap, their pricing models are competitive. In the pricing structure, however, they need improvement. 

I would love to see an SSL offloading feature that is not there right now. I am following many forums related to Check Point and it seems like they are going to launch it very soon. SSL Offloading will be very helpful for NBFC and for financial institutes.'

The Check Point NGFW OS is a historically grown OS. It has been on the market for a long time and has many releases. It is a very complex system. All features are done in software - no extra hardware chips are installed.

For how long have I used the solution?

I have been using this solution for almost a year.

What do I think about the stability of the solution?

This solution is one of the best solutions in terms of stability.

What do I think about the scalability of the solution?

It is highly scalable.

Which solution did I use previously and why did I switch?

I have been using this solution from the start as it was recommended by my organization.

What's my experience with pricing, setup cost, and licensing?

The pricing is a little bit high, although I have no issue with the licensing or setup. It is easy to use.

Which other solutions did I evaluate?

I have stuck to this solution as I read reviews before and it was all positive in regards to Check Point NGFW. I did not use a different solution.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point NGFW
October 2022
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: October 2022.
636,406 professionals have used our research since 2012.
Network Security Engineer at Fujairah Port
User
Economical with great features and very good bot services
Pros and Cons
  • "The initial setup is straightforward."
  • "There is nothing more that I need in terms of improvement."

What is our primary use case?

We use the solution for securing all of our servers facing the public network, site-to-site VPN, and SSL VPN like the webserver, e-services, and many other such applications. I have been using the below-mentioned modules:

  • Application Control
  • SSL Inspection
  • URL Filter
  • IPS/IDS
  • Virus Scanner
  • ATP
  • DNS Sinkhole
  • File Content Scan (Archived Content)
  • Link Protection
  • Safe Search
  • VPN
  • Anti Bot/Anti-Spam
  • Threat Emulation/Extraction

I can say each and every module has benefited my organization and I would highly recommend others to deploy Check Point solutions.

How has it helped my organization?

We have good peace of mind now, after deploying this solution. We could easily defend against zero-day attacks and day-to-day vulnerabilities.

Since the time we deployed the solution, we are 100% safe and secure.

At present, the newly deployed solution is being used for reverse proxy, the site-to-site VPN, and SSL VPN along with the proxy for a few of the machines.

Their threat emulations and Bot Services are a must-try. 

You can just deploy it, sit back, and relax without any issues.

What is most valuable?

The most valuable features include:

  • Application Control
  • SSL Inspection
  • URL Filter
  • IPS/IDS
  • Virus Scanner
  • ATP
  • DNS Sinkhole
  • File Content Scan (Archived Content)
  • Link Protection
  • Safe Search
  • VPN
  • Anti Bot/Anti-Spam
  • Threat Emulation/Extraction

Each and every module provides 100% accuracy. 

Their threat emulations and Bot Services are excellent.

Additionally, they have an excellent support team working around the clock. The engineers have excellent knowledge and provide us with a resolution in a very timely manner.

I have been using Check Point technology since 2011 and recently I have deployed new NGFW, the upgraded version, in a cluster along with the management box.

What needs improvement?

Check Point updates and upgrades are in a timely manner. There is nothing more that I need in terms of improvement.

Additionally, they have an excellent support team working around the clock. Check Point engineers have excellent knowledge and have provided us with the resolution in a timely manner.

I have been using Check Point technology since 2011 and recently I have deployed the new NGFW. It's the upgraded version and we have it in a cluster along with the management box.

For how long have I used the solution?

I've used the solution for the last ten years.

What do I think about the stability of the solution?

The solution is highly stable.

What do I think about the scalability of the solution?

The solution is highly scalable.

How are customer service and support?

Customer service is excellent.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did use a different solution originally. We changed to Check Point for achieving high levels of security.

How was the initial setup?

The initial setup is straightforward.

What about the implementation team?

We implemented through a vendor team and I would rate them at a 10 out of 10.

What was our ROI?

It's excellent and the management is very satisfactory.

What's my experience with pricing, setup cost, and licensing?

It's a very economical option.

Which other solutions did I evaluate?

We evaluated Palo Alto and Cisco.

What other advice do I have?

It's an excellent solution and offers the best support.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Ümit Güler - PeerSpot reviewer
Consultant at KoçSistem
Real User
Top 5
Good support, improves performance, stable, and scales well
Pros and Cons
  • "One of the most valuable features is performance improvement, wherewith ClusterXL and CoreXL, you can improve performance."
  • "Check Point should include additional management choices; for example, Check Point does not offer full management support via browser."

What is our primary use case?

I'm a consultant at a Check Point partner. I have deployed a lot of Check Point firewalls and support Check Point firewalls for our customers. Our customer environments are different. I have deployed standalone, cluster, and two-layered firewalls.

How has it helped my organization?

Check Point firewall products include a lot of modules including Application Control, IPS, Email security, Mobile access, Content Awareness, URL Filtering, Antivirus, Antibot, and DLP

Check Point meets our customers' requirements at the perimeter with an all-in-one solution. For example:

  • The IPS blade prevents attacks with updated signatures.
  • URL filtering policy control customers' users' internet activity.
  • Antivirus and antibot blade controls malicious activity and files.
  • Mobile access blades allow customers to access their sites from anywhere securely.

What is most valuable?

There are a lot of features that I have found valuable for our customers.

For example, active/active and active/standby high availability features are very useful. If you want to share traffic loads to both cluster members, you can use the active/active feature, whereas if you don't want to share traffic loads then you can prefer active standby. Your connections sync on both cluster members for either highly available choice, so your connections never lost.

One of the most valuable features is performance improvement, wherewith ClusterXL and CoreXL, you can improve performance.

What needs improvement?

Check Point should include additional management choices; for example, Check Point does not offer full management support via browser.

You should use Check Point Smart Console for management, although it is an EXE and is supported only on the MS Windows platform. If you are using Linux or Mac, you cannot manage Check Point. Instead, you need to use a virtual PC with the Windows OS installed, running inside Linux or Mac. Check Point states that this is a decision made for security reasons, but that certain management features can be done through the browser, although not fully.

For how long have I used the solution?

I have been using the Check Point firewall for more than 20 years.

What do I think about the stability of the solution?

This solution is very stable for all of our customers.

What do I think about the scalability of the solution?

One of our customers has more than 200 branch offices, which are protected by Check Point SMB appliances. All of these appliances are managed by Check Point SmartProvisioning. This customer has one Check Point cluster that secures server segments and another Check Point cluster to secure the client segment.

The latest product, Maestro is very good and scales well.

How are customer service and technical support?

Check Point support is very good and we are very satisfied.

Which solution did I use previously and why did I switch?

My company is working with different firewall products but I am a Check Point expert and only support their products.

How was the initial setup?

The initial setup is straightforward.

What about the implementation team?

All implementation is handled by our team.

What was our ROI?

There are different ROIs for each customer but our customers' ROIs are high, as expected.

What's my experience with pricing, setup cost, and licensing?

The pricing is high compared to competitors.

Which other solutions did I evaluate?

Our customers evaluate other products but a lot of them prefer Check Point.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: KocSistem A.S.
PeerSpot user
Senior Network Engineer at Siltronic
User
Great packet filtering and authentication with good documentation
Pros and Cons
  • "The documentation is simple to understand and is easily available."
  • "The upgrade is something we would like to be improved in the future as the frequency of hotfixes is too much, and by the time we finish the one round, we already have the new version released and are required to upgrade."

What is our primary use case?

We are using these Next Generations Firewalls to segregate and protect our data center and business-critical data from the user LAN. 

We have some of the resources behind these firewalls which should be allowed to a certain set of users only. This is done using the authentication against the Active Directory groups and only the designated users are allowed to access the contents based on the firewall rules. 

Along with this, we use IPS and Antivirus features to protect our most critical network.

How has it helped my organization?

The solution is great and simple to implement. It has improved the security posture and overall management of this segregated network.

We have this deployed globally across multiple sites and it's very easy to manage compared to other vendors. 

We have been using this solution now for a few years and never came across any issues. 

The documentation is simple to understand and is easily available. 

The support is also observed to be good and we never had to escalate the cases due to support issues.

What is most valuable?

We have been using Check Point NGFW to protect the business-critical data from the other networks and provide secured access to the users best on the authentication, integrated with the Active Directory. 

We have been using packet filtering, stateful inspection, and VPN awareness along with user authentication and have not observed any performance issues in the last several years. If you are looking for a solid solution that is very stable in nature, this is the best choice.

What needs improvement?

We have been using CheckPoint NGFW for quite some time now, and the only thing that could be improved is the upgrade procedure and the frequency of the hotfixes we get. 

We have this deployed in multiple sites globally and managed via the central management server. The upgrade is something we would like to be improved in the future as the frequency of hotfixes is too much, and by the time we finish the one round, we already have the new version released and are required to upgrade. We would like to see some improvement in this area.

For how long have I used the solution?

I've used the solution for 15 years.

What do I think about the stability of the solution?

The stability is rock solid.

What do I think about the scalability of the solution?

The solution is easily scalable.

Which solution did I use previously and why did I switch?

It's been a long time since we started using this. When we decided to expand several years before and we decided to go ahead with Check Point and continued with Check Point. We reviewed a lot of other products from different vendors, however, his was chosen as the best by our engineering team and we decided to stick with this.

How was the initial setup?

The set up is very simple and more straightforward than we thought.

What's my experience with pricing, setup cost, and licensing?

The setup cost is pretty much the same as compared to the other vendors. The initial pricing could be slightly better, however, the licensing and maintenance cost is much better compared to the other similar products in the market.

Which other solutions did I evaluate?

Cisco and PaloAlto were the other options evaluated.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
reviewer1582053 - PeerSpot reviewer
Security Engineer at Gosoft (Thailand)
User
Top 10
Easy-to-use console, good logging, effective traffic and access control features, responsive support
Pros and Cons
  • "From the logs, you can trace back to the rule with a click, which makes it easy to investigate cases."
  • "They have few predefined reports and it would be nice to increase them since the logs are excellent."

What is our primary use case?

I use Check Point NGFW for controlling traffic and controlling access to the production server. It is a HA (high availability) environment. It is easy to use failover solutions.

We use it on our disaster recovery (DR Site) and it runs smoothly.

How has it helped my organization?

In the office, Check Point Infinity is the only fully consolidated cybersecurity architecture that protects your business and IT infrastructure.

Integrating the most advanced threat prevention and consolidated management, the security gateway appliance is designed to prevent any cyber attack, reduce complexity, and lower costs.

Check Point gateways provide superior security beyond any Next-Generation Firewall (NGFW).

Best designed for network protection, these gateways are the best at preventing the fifth generation of cyber attacks.

Overall, for us, it improves the private cloud security and helps to prevent the spread of threats while consolidating visibility and management across our physical and virtual networks.

What is most valuable?

The most valuable feature is the next-generation firewall (NGFW) protection.

Check Point has long been a leader in the firewall market. It offers Quantum Security Gateways for a wide range of use cases and CloudGuard FWaaS and cloud security products too. NSS Labs scored Check Point just behind Palo Alto in security effectiveness and ahead of Palo Alto in TCO. Check Point’s management features are among the best in the business, but SD-WAN capabilities are lagging.

A firewall rule is the same on all systems, and I am very happy with the correlation and the display of the rules.

From the logs, you can trace back to the rule with a click, which makes it easy to investigate cases. It is also easy to search the log.

What needs improvement?

They have few predefined reports and it would be nice to increase them since the logs are excellent.

They should be quicker to release fixes for known vulnerabilities, including those related to Microsoft products.

If you make a mistake when creating rules, it is time-consuming to fix them. However, there is no problem with traffic processing. 

Sometimes you are forced to interact on several different levels. On the one hand, you put the rules in, and on the other, you put in the route. 

For how long have I used the solution?

I have been using Check Point NGFW for between five and six years.

How are customer service and technical support?

They have a good support team that is fast to respond. However, there are open cases that should be resolved in a more timely fashion.

Which solution did I use previously and why did I switch?

We used another solution prior to this one, but the updates were too slow and it was harder to monitor the log.

How was the initial setup?

The initial setup is very hard.

What about the implementation team?

The vendor implemented this product for us.

What was our ROI?

This product is a good investment and I expect a full return in approximately three years.

What's my experience with pricing, setup cost, and licensing?

The price of the appliance should be decreased.

Which other solutions did I evaluate?

 I evaluated several other solutions and compared them before choosing Check Point.

What other advice do I have?

This is a product that I recommend.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security Engineer at Netpoleons
User
Good packet filtering and proxy firewalls with an excellent intrusion prevention system
Pros and Cons
  • "One of the solution's best features include a packet-filtering firewall that examines packets in isolation."
  • "One of the main features that need improvement is the rule filter export."

What is our primary use case?

What can you do about threats that get past simple packet inspection by a regular firewall? You could have a layer 3 firewall inspect the protocol and block known threats from certain URLs, however, what if it comes from a URL that has not been reported and is a socially engineered exploit designed to hijack your data? This is where a Layer 7 firewall will be able to inspect the application, known as payload inspection.

While this is possible to do with a Layer 3 firewall, it can be difficult due to the number of protocol messages in Layer 7. You would need to create a signature for each application you wanted to protect; however, network signatures tend to block legitimate data and increase your MTTR (mean time to resolve an issue).

Plus, having these signatures makes it hard to manage and keep up with by the IT staff. Relying on the power of AI and the cloud in order to leverage the Layer 7 firewall is key. The advantage of Layer 7 is its protocol awareness, which allows it to differentiate between different network traffic (application knowledge) and not just packets or flows that identify ports and IPs (Layer 3).

How has it helped my organization?

Let's say most of the traffic nowadays goes through HTTP, your web browser.

When you browse the web, what do you suspect happens? Your browser sends HTTP requests to servers around the world, and in return, you receive a response. Big data packets originate from business applications as well, such as file transfer protocols (FTP) or web services such as MapReduce or Twitters API. Oftentimes, a breach happens through these protocols, whereby a Layer 3 firewall could potentially let the threat in (such as SQL injection by default) without explicitly denying these requests.

What is most valuable?

The solution's best features include:

  • A packet-filtering firewall that examines packets in isolation and does not know the packet's context.
  • A stateful inspection firewall that examines network traffic to determine whether one packet is related to another packet.
  • A proxy firewall (aka application-level gateway) that inspects packets at the application layer of the Open Systems Interconnection (OSI) reference model.
  • A Next-Generation Firewall (NGFW) that uses a multilayered approach to integrate enterprise firewall capabilities with an intrusion prevention system (IPS) and application control.

What needs improvement?

One of the main features that need improvement is the rule filter export. All of the other vendors can export the filtered IPS as a PDF or CSV file, however, with the smart dashboard, it’s just not possible. One can only export the whole rule base and then search for the IPS, which is super time-consuming as you can’t send the whole rule base to a customer. You would get weird questions about certain rules such as why they are deployed or configured as they are, and maybe even get unwanted tips on how to change them.

For how long have I used the solution?

I've used the solution for four years.

Which solution did I use previously and why did I switch?

We did not previously use a different solution.

What's my experience with pricing, setup cost, and licensing?

The costs involved depend on your needs and budget.

Which other solutions did I evaluate?

We did not evaluate other options.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Cyber Security Consultant at Capgemini
Real User
Top 5
Easy to scale with good IPS features and helpful technical support
Pros and Cons
  • "If there is a critical issue observed, the Check Point support team can create a custom package that we can deploy on the gateway to mitigate critical issues/bug fixes."
  • "Sometimes we need to find a resolution by ourselves as the solution's knowledge base is not enough."

What is our primary use case?

We are using this product as a firewall which does have the capacity to block the IPS signature as well. 

It is highly accurate for the IPS engine and has the best-in-class log monitoring and report generating facility in the firewall. 

It is easy to manage, as it has a centralized management console. We are using the firewall as a VPN service as well. It is very easy to troubleshoot the issue with the VPN. We are using IPSEC features where we can enable tunnels with the client and we can safely communicate with vendors due to encryption.

How has it helped my organization?

Checkpoint NGFW improved the security posture of our network infrastructure to the point where we can use antivirus, IPS, and antibot features to tighten up the security. We can also use URL filtering where we can block malicious URLs in communications. We can easily stop and detect Day-Zero attacks. 

The throughput of the firewall is very big for data transitions. The antivirus also includes DPI (deep packet inspection), which examines the data within the packet itself rather than only looking at packet headers. This enables users to identify, categorize, or block packets with malicious data more effectively. 

What is most valuable?

The IPS feature is the most valuable feature. We can block zero-day attacks within stipulated time intervals. The up-gradation activities are much simpler when we are dealing with Check Point firewalls. 

If there is a critical issue observed, the Check Point support team can create a custom package that we can deploy on the gateway to mitigate critical issues/bug fixes. 

The support reachability is very promising, as we can directly connect with them via call or chat from the support portal.

What needs improvement?

Sometimes the KB article does not include all the steps. There is a chance for improvement in the content of global KB articles. It's nearly impossible to add an exception for threat prevention services - such as antivirus and anti-bot. You will be stuck with Indicators of compromise marked as detecting only, caching issues, and random effects. There is no clear way to report incorrect classification to support. 

Sometimes we need to find a resolution by ourselves as the solution's knowledge base is not enough.

For how long have I used the solution?

I have been using this solution for five years.

What do I think about the stability of the solution?

The stability is good.

What do I think about the scalability of the solution?

We can easily scale the gateways with a few simple clicks. 

How are customer service and support?

Technical support is great.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did use a different solution. Check Point provides better visibility where security is concerned. 

How was the initial setup?

The setup was very straightforward

What about the implementation team?

We can implement it by ourselves.

What was our ROI?

The ROI is double annually.

What's my experience with pricing, setup cost, and licensing?

It is pretty cheap as far as the setup cost, pricing, and/or licensing are concerned.

Which other solutions did I evaluate?

We looked at Palo Alto firewalls.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2022
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.