Check Point NGFW Reviews

It can function as either a standalone appliance or as part of a clustered solution, offering flexibility to suit the needs of various customers, ranging from small businesses to large enterprises. We have experience working with a diverse clientele across different industries, leveraging Check Point's solutions to provide comprehensive network security tailored to each organization's requirements.

Extracting data from the logs and utilizing the log analyzer tool provides valuable insights and enhances the product's overall effectiveness.

Managing a smaller number of firewalls is straightforward, but as the scale increases, especially with numerous firewall instances, the complexity grows significantly. Scalability should be improved.

I have been working with it for twenty years.

It offers good stability capabilities.

We've encountered challenges related to scalability, particularly with its performance slowing down as the volume of objects in the network grows.

While most engineers are typically responsive, there may be variations in their availability and response times. I would rate its customer service and support eight out of ten.

Positive

I also work with Fortinet, and I find it preferable because it offers a wider range of options. Additionally, its integrated package functions exceptionally well, with seamless coordination between services.

The initial setup process is typically straightforward for most customers. However, when comparing Check Point with other solutions like FortiGate, there's a notable difference in how policy rules are implemented. With Check Point, you need to install the entire policy each time you want to make changes, whereas FortiGate allows for more streamlined updates by simply accepting the modifications. This can sometimes add complexity to installing a new policy with Check Point.

The deployment time varies depending on the scale of the project. For small cases, it may only take a couple of minutes, while larger-scale deployments can span up to a month. Having a skilled engineer is crucial; one proficient engineer can handle the job effectively. Maintenance is relatively straightforward.

While it may be slightly more expensive, when compared with competition it is reasonable. Licenses are renewed annually.

Overall, I would rate it nine out of ten.

We brought all of our cloud platforms to Microsoft Azure. We needed a tool that would give us the security of regulating access control so that we could monitor our environment in case something was penetrating our internal network.

This was the primary movement for which the Check Point NGFW tool was acquired since we needed our collaborators to have secure access to the company's resources and applications since this tool provides us with the alerts and corrections that must be made when finding a security breach in our environment.

Check Point NGFW also provides a great capacity of features that help us apply them to the organization. It has web filtering limited to third parties, SSL encryption, and the application's administration is very simple and centralized since it helps us a lot in reporting and generating alerts.

The organization needed a tool that would provide various security functionalities in the organization, and so far, Check Point NGFW has helped us a lot. It has helped us by applying access control policies and limiting access to third parties and only those who must enter the organization to use resources and applications.

The application behaved very well with the Azure resources in the cloud; it helped us to prevent several security holes found with web filtering and internal DDoS attack.

Check Point NGFW can quickly identify where the attacks are coming from, provides detailed and complete information on the attacks, and provides zero-day attacks in real-time.

One of the valuable characteristics of Check Point NGFW is that it presents very centralized management. Due to this, it's improved our security throughout the organization and outside of it. Many collaborators work from their homes or different places and help us filter, limit of access to packet inspection with flexibility and speed that was not previously possible.

Other characteristics are the records that it shows us and generates depending on its configuration and they are very visible to be able to attack and correct in time, or when superiors ask us for administrative information in that part it provides great value.

As such, the tool provides what is expected in its security functionality. However, some points must be improved, such as the latency in the GUI entry. It takes a while to register and allow access to the administrative panel.

Another point where customer service should be improved, both in the administrative and technical fields. Support cases have been generated several times, and it takes time for the case to be resolved. In addition to that, the solutions need to attend to us. It takes a long time to coordinate a call since they do not handle a comprehensive schedule.

This solution has been used for approximately one year in the company.

The stability of the tool is good. We have not presented any problem even when an update is made.

The scalability presented by the tool is very good and flexible.

The experience has not been very good. That is one of the points that must be improved.

Positive

There was no type of tool that would supply these qualities.

The configuration of the tool is very simple and quick to install.

The installation was done jointly with an engineer provided by the supplier, and his capacity was good.

The prices are competitive. However, it is worth making an investment since, in the future, the profit will be seen against any environmental attack.

Check Point manages a good cost in its products and it is worth making the investment since this can prevent a collapse in the organization.

Check Point was always our first option. With this type of solution, many security teams are from Check Point.

The tool behaves well. The only improvement that I have seen that is necessary is to improve the latency when entering the application and they must improve the support.

My primary use case of Check Point's firewalls is to provide in-depth network filtering with advanced threat prevention, which can be set up simply using autonomous threat prevention where the firewall learns about the environment and then actions threat prevention based upon that. The threat prevention can also be custom-built for your environment. 

I also use the Check Point Always On VPN for remote endpoints, which allows users to authenticate and connect to the VPN pre-login without any input from the users.

It has improved my organization due to the in-depth security it provides. Check Point has a lot of security-focused features that provide a great level of network security. It has improved the security posture of the organization due to the granularity that can be set in the policies, such as using access roles to set user-based access, and time-based rules to only apply a specific firewall rule at a specific time. It has also improved my organization because of the in-depth troubleshooting steps that are made available to the end user, meaning we can troubleshoot issues easily, and troubleshooting steps can get very advanced.

I have found the VPN and the application control/URL filtering the most valuable features. The main reason for this is that the VPN blade allows easy VPN setup between two VPN gateways, allowing for not only site-to-site VPNs but also for remote users to connect to the Check Point gateways. This feature is easy to set up. Also, users can troubleshoot the VPNs very in-depth.

The application control and URL filtering features are valuable since they allow very granular control of what is coming in and out of a network. Instead of just allowing certain Layer 4 ports in/out of the network, specific applications can be allowed, which not only can tighten a security posture. It makes administering the product easier as, when a new app is rolled out, it can simply be added to the policy.

One feature that could be improved is the internet object in the application control/URL filtering blade. In most deployments, this works as it says it will. However, the object is based on topology, not internet IP ranges. This means that in certain scenarios (and likely a non-standard deployment), the internet object can not refer to the internet. This can be bypassed by creating a networking group containing class A, B & C networks and using this in the policy, right-clicking the group and ticking 'negate.' 

Another improvement would be to improve the simplicity of deploying SAML as an authentication option when connecting using a remote access VPN. Check Point's deployment guide is very in-depth. However, the process could be simpler.

I've used the solution for three years.

The stability is very good.

The scalability is good.

Support is very good from Check Point.

Positive

The initial setup can be straightforward or complex depending on the complexity of the environment. Usually, it is fairly straightforward.

We implemented the solution in-house.

My company had the need to replace the existing firewall cluster of our data center, due to the end of support and end of life of the model. The choice of our next firewall depended on the following:

1) Ease of use

2) Ease of deployment

3)Centralized Management

4) Remote Access VPN Support

5) Strong Forums and Community

6) Strong Technical Support in case of any failure

7) Training of administrators via vendor certifications

8) Reporting capabilities for capacity planning

We have many site-to-site VPNs with our partners; they access our platform via site-to-site VPNs, remote access VPNs, and the internet.

With the outstanding capabilities of Check Point, we managed to have stable site-to-site VPNs with all our partners and with every other vendor's devices. The remote access capabilities and features are considered very strong, since the settings are excessive, and focused on each customer's need. 

The IPS engine and all threat prevention features are considered stable. Central management of every firewall spread all over the world is achieved by setting up an SMS server, which makes our lives easier.

SMS server is considered very valuable, as Central management of every firewall spread all over the world is achieved by setting it up.

Remote Access VPN is used by our company for work-from-home purposes of our employees and for partners that need to access our resources.

Reporting of network interface traffic is very valuable since capacity planning for the next quarter or year takes place, and provides us with valid data.

Firewall access rules contain the negative choice.

IPS engine protects our infrastructure from malicious events.

NAT counters, ACL Counters.

Monitoring of the site-to-site VPNs and administration of the site-to-site VPNs (bring tunnel down, bring tunnel up) should be improved, as this will make the troubleshooting process easier, if something goes wrong, in order to understand which side has the issue.

As a company, we have the need to pass traffic from one site to site VPN to another, and this is not achieved directly via ACL policies; we need to create another VS environment in order to achieve it.

SmartEvent Settings and Policy GUI, and the rest of external apps should be improved.

I've used the solution for three years.

Check Point Next Generation Firewall is one of the most secure and stable firewalls present in the market. the integration & implementation of Check Point Next Generation firewall took place due to security concerns, and we were impressed by what this product brings with it.

The integration of Check Point Next Generation Firewall in my organization has taken over one year or so, and it helps to segregate the internal network and build a secure VLAN that separates every department.

Scalability, end-to-end resolution, and customized productive services make Check Point Next Generation Firewall far better than the alternatives present in the market. It has services like navigation, control, and filtering that ensure that all users stay connected to business applications and helps restrict traffic.

The integration of Check Point Next Generation Firewall proved to be highly productive and scalable, and everything was offered at a lower price.

Check Point Next Generation Firewall helped out us drive innovation and growth in our organization. It provided a safe passage for system and data security via its services of navigation, control, and filtering. The product ensures that all users stay connected to business applications and helps restrict traffic.

Overall, the Check Point Next Generation Firewall protects us from all types of internal and external threats while being easy to use and set up.

The integration of the Check Point Next Generation Firewall in my organization has taken over one year. It helps to segregate the internal network and build a secure VLAN that separates every department.

We like the scalability, end-to-end resolution, and customized productive services. This makes Check Point Next Generation Firewall far better than any alternative present in the market.

It offers services like navigation, control, and filtering, which ensure that all users stay connected to business applications.

Check Point Next Generation Firewall Protects systems from all types of internal and external threats.

Check Point Next Generation Firewall requires frequent updates. They need to build a more user-friendly dashboard and have the implementation of more active VPN support.

Apart from this, Check Point Next Generation Firewall customer support service needs to be improved. They need to offer quicker resolution and maintenance during downtime.

Check Point Next Generation Firewall Protects from all types of internal and external attacks and is a must-have software for professionals and organizations.

It has been more than one year since I integrated Check Point NGFW.

I haven't been in integration with any other solution.

We decided on this solution after looking at reviews and comparing prices. Check Point proved to be the best option in the end. 

I would advise others to go for it. It's easy to set up and available at lower pricing than alternatives.

No, we did not evaluate other options. We just compared other alternatives from some review websites and decided to go for Check Point.

It's a must-integrate solution for professionals and organizations.

The primary use of Check Point NGFW is as a firewall that gives us the control of allowing in non-threatening traffic in and blocking malicious traffic. It is also a valuable tool that allows us to interconnect our remote sites via IPSEC VPN. 

This, alongside all of the basic blades such as Application Control, allows us to be granular when choosing what applications we allow within our organization and additionally filters based on categories combined with identity awareness. This allows us to be as granular as we would like with specific users/departments within our organization.

Check Point NGFW was one of the top contenders when we were looking to implement a new firewall strategy. 

We have had some issues with VPN tunnels specific to AWS, which were eventually resolved after a lengthy case however, other than that, the features offered are all great, and the firewall has done its job to my expectation. 

It is, however, difficult at times to read the actual documentation for the blades/appliance as it would appear that sometimes the terminology is incorrect or skewed, which leads to a longer implementation time.

As with any firewall, IPSEC VPN is the critical functionality. Not every organization has the budget to implement MPLS or SD-WAN, which makes IPSEC the go-to for site-to-site connectivity. 

Another critical blade/feature is the application control blade in combination with URL filtering. These two security features, tied together with identity awareness, are a game changer and allows an admin to be as granular as possible when blocking specific applications or allowing a specific application to a specific user/department within the organization

Being on R80.40, I am sure a bunch of features have already been implemented that I am not currently taking advantage of. However, one feature I have yet to see implemented is authenticated email support for alerts generated via the GW or SMS. As a security product, it is mind-blowing that this is not a thing today, and it only relies on SMTP un-authenticated to send emails to administrators. However, I'm not sure if that really applies to the firewall itself or if it is more so a topic of discussion for the SMS.

I've used the solution for five years.

We switched from SonicWall back in the day due to the feature sets available at the time.

We also evaluated Palo Alto.

We have deployed this software to provide comprehensive security beyond the Next Generation Firewall (NGFW). 

This software provides advanced analytics on any security measures that can have a great impact on our applications. 

It blocks malware attacks that can destroy data and leak confidential information to unauthorized parties. Check Point NGFW has helped the company to set up security policies that enhance the effective transfer of files and secure browsing strategies. There is improved prevention of external threats to data and increased production across the networking infrastructure.

Check Point NGFW has helped the company in the prevention of cyber attacks that could affect operations and slow down production. 

The intelligence reports from the real-time insights have helped members to avoid risks and plan efficiently for the future. 

Security threats that we used to experience before we deployed this product have been reduced, and the networking channels are ever safe. 

Sharing documents under secure infrastructure has increased the confidence of employees and enhanced faster implementation of tasks and projects.

The software provision of uncompromising security models across all the company applications has stimulated increased production. 

It has given the IT team full control and setup authority to scale down and deploy security to the most demanding platforms. 

The solution is safeguarding our financial databases and always has prevented fraud while giving employees peace of mind. 

The software has enabled us to come up with a unified dashboard that can monitor all accounting operations and investigate when there are security loopholes that can lead to data mismanagement.

The current features have a full set of security models that can protect any organization's information from ransomware attacks. 

When installed on Windows, the system with low storage space slows down. It is not compatible with all mobile devices and this may be unfair to some users. The next release can be more compatible with Windows and mobile devices for increased efficiency. 

I have experienced the best environment while working with this platform. All the data across the transactional records is ever secure under Check Point NGFW and I am proud of that great step ahead.

I've used the solution for nine months.

This platform is stable in the prevention of ransomware attacks.

I have been impressed by the performance of this software since we deployed it.

The customer support team has been always been responsive and interactive with our members.

Positive

I have not used a similar solution.

The setup was straightforward.

The deployment was done through the vendor team.

The current ROI is 35%.

The setup cost is good and the solution is affordable.

I evaluated other options. However, the company settled on Check Point NGFW due to its performance.

This is a great solution for many organizations that require stable data security.

I have a relatively small infrastructure, with a VMware Vsphere running all my servers on virtual machines. My network consists of approximately 30 workstations. The Check Point NGFW helps detect attacks against enterprise applications. 

It can enforce application functionality specific controls, monitor application data and content, and monitor HTTP, HTTPS, SMTP and other application protocols for better protection. I can audit applications running on my network, monitor their content and data, identify hosts on which applications are running, and identify users of the applications.

I have been using the Check Point NGFW as a primary firewall with all policies and rules configured on it. It helps as an Intrusion Detection System. This has improved my network performance as it illuminates suspicious activities before they reach the network. 

The network monitoring tool allows me to know who and what is hogging all the bandwidth and therefore apply it to remediate action and hence improve network performance. The Check Point NGFW helps me with QOS, during these times of work from home and virtual meetings, I can easily allocate required bandwidth to MS Teams, Zoom, and WebEx.

The most valuable features are the application and user control. This allows me to allow applications that encourage productivity and limit those that hinder productivity. The Network Address Translation (NAT) will always be a valuable feature as it allows me to turn my private cloud to the public at the click of a button and have secure control over the accessible servers/applications. sandboxing is also a valuable feature that allows the NGFW to act as an anti-malware, this would be largely helpful to prevent or minimize ransomware attacks.

Although very efficient, the product could be developed in a way that does not take a lot more system resources. It would be very useful if the Check Point NGFW was able to learn the environment and its user's real-time activities and automatically send only logs of interest to the security admin to actually force the security admin to review these logs since the logs are useless if not reviewed. Implementation and setup should be made as easy as possible. At times a misconfigured NGFW because of its complexity will be more of a vulnerability than protection.

I've used the solution for four years.

The stability is very good.

The scalability is very good.

Technical support is always on point.

Positive

We did use a different product. The previous solution was actually more complex to set up and had a high price.

The individual setup was complex. However, with the support of an expert on the solution, it became straightforward.

We used a vendor team. Their level of expertise was acceptable.

The ROI is on the positive side.

I'd advise users to find a local vendor of the solution they are looking into and compare all middleman pricing.

We also looked at Cisco Firepower.