We use Check Point firewalls to secure our internal network from the outside world and to provide a good, comfortable, and secure environment for our employees.
We have various models from the R80 series, such as the R80.10 and the R80.30.
We use Check Point firewalls to secure our internal network from the outside world and to provide a good, comfortable, and secure environment for our employees.
We have various models from the R80 series, such as the R80.10 and the R80.30.
Before, we were using firewalls from Palo Alto. The benefit of the Check Point firewall is that it has more security features. It has antivirus signatures and additional features for which we should require additional hardware devices in the firewall. It also gives us a central management system, which was not present in the Cisco ASA.
Check Point's Next Generation Firewall has many good features. It has a central management system, and that means we do not have to go to each and every firewall to configure it. We can manage them with the central device.
There are also additional features, compared to a Layer 4 or Layer 3 firewall, such as AV signatures and devices, which are very helpful for securing the company's network.
The only thing which I think should be improved is that training should be increased. In my position I also interview potential employees and I haven't found many people in the market, nowadays, who are familiar with the Check Point firewall. They are more familiar with Palo Alto and Cisco ASA and they are more comfortable with them. Check Point is one of the good firewalls and training should be increased by the company so that more people are familiar with it and with their switches.
I have been using Check Point's firewalls for the last three-and-a-half years.
The stability is very good. The updates we get for the antivirus and the URL filtering sites are also very nice and happen very often. That is a good thing because there are various new attacks coming out but we get their updates on time.
In terms of the scalability, it is very easy to extend the utilization of Check Point firewalls. We did so in the past. We extended our environment in our organization and it was very easy to extend it.
We have around 4,000 to 5,000 people who are using the Check Point firewalls directly or indirectly. They are passing their traffic through it. Expansion of our usage completely depends on the organization. If they want to do so they will tell us and, if that happens, we will definitely go for Check Point firewalls.
We have used Check Point TAC to resolve our issues. We have had good support. They have good engineers there.
We were using Palo Alto and Cisco before and we replaced them with Check Points.
We used Palo Alto in a few of our sites, but we found Palo Alto was more expensive and its updates and services were also more expensive compared to the Check Point firewall.
Cisco is a very basic firewall in the market, and it has a limited set of features, compared to Palo Alto and Check Point. Palo Alto has rich features, but it is one of the more expensive firewalls in the market. The Check Point firewall is not too expensive, but it is also a third-generation firewall.
The drawback of the Check Point firewall is the lack of training materials. That should be increased.
We have a team of seven to eight people who have all installed and configured environments so the initial setup, for us, was a very straightforward process. And these are the people who handle maintenance of the firewall and manage it, during different shifts. They are all network engineers.
It took us between nine and 12 months to do the implementation. We have Check Point hardware so we followed the recommended, three-level architecture, in which there is a SmartConsole, the hardware security gateway firewall, and the central management device.
The pricing is good. It is less than Palo Alto's firewalls. Check Point has the same features as Palo Alto, but the licensing and cost of these firewalls are not too expensive. It is one of the best firewalls in the market in this range.
Check Point firewalls have many features. Before configuring it in an environment, you should know each and every feature of the firewall. You should also follow the three-level hierarchy which is recommended by Check Point.
There are a few add-on features for Check Point firewalls. I only learned that by using the firewalls. I'm very happy with the way Check Point is progressing. They continue to work on their firewalls even after making their name. That is something we should follow in our lives as well: Once we have made our name, we should not stop there. We should further build the reputation of the company and product.
We are very happy with the Check Point firewalls. The only thing missing, as I mentioned earlier, is that training should be increased for the firewall by the organization. Otherwise, we are very happy with investment in this solution.
We use it for VSX virtualization and we use it for normal firewall functions as well as NAT. And we use it for VPN. We don't use a mobile client, we just use the VPN for mobile users.
We are able to virtualize about four firewalls on one machine. Before, we needed to have four firewall hardware devices, physical devices, from Cisco. We had four appliances, but now, with Check Point, we just have one. We can manage them, we can integrate them, and we can increase connections using one and the other. It has broken down connection complexities into just a GUI.
Also, previously we had downtime due to memory saturation with our old firewalls. We were using Cisco ASA before. During peak periods, CPU utilization was high. Immediately, when we switched to Check Point, that was the first thing we started monitoring. What is the CPU utilization on the device? We observed that CPU utilization stayed around 30 percent, as compared to 70 percent with the Cisco we had before, although it was an old-generation Cisco. Now, at worst, CPU utilization goes to 35 percent. That gives us confidence in the device.
In addition, the way Check Point built their solution, there is a Management Server that you do your administration on. You have the main security gateway, so it's like they broke them down into two devices. Previously, on the Cisco, everything was in one box: both the management and the gateway were in one box. With Check Point breaking it into two boxes, if there's a failure point, you know it's either in the management or the security gateway. The management is segmented from the main security gateway. If the security gateway is not functioning properly, we know that we have to isolate the security gateway and find out what the problem is. Or if the management is not coming up or is not sending the rules to the security gateway, we know there's something wrong with it so we isolate it and treat it differently. Just that ability to break them down into different parts, isolating them and isolating problems, is a really nice concept.
And with the security gateway there are two devices, so there's also a failover.
The way we use the VPN is usually for partners to connect with. We want a secure connection between our bank and other enterprises so we use the VPN for them. Also, when we want to secure a connection to our staff workstations, when employees want to work from home, we use a VPN. That has been a very crucial feature because of COVID-19. A lot of our people needed to work remotely.
The VPN part was actually one of the most complex parts for us. It was not easy for us to switch from Cisco, because of one particular part of the integration: connecting the Check Point device to an Entrust server. Entrust is a solution that provides two-factor authentication. We got around it by using another server, a solution called RADIUS.
It was very difficult to integrate the VPN. Until now, we still don't know why it didn't work. With our previous environment, Cisco, it worked seamlessly. We could connect an Active Directory server to a two-factor authentication server, and that to the firewall. But when we came onboard with Check Point, the point-of-sale said it's possible for you to use what you have on your old infrastructure. We tried with the same configurations, and we even invited the vendor that provided the stuff for us, but we were not able to go about it. At the end of day they had to use a different two-FA solution. I don't if Check Point has a limitation in connecting with other two-FAs. Maybe it only connects with Microsoft two-FA or Google two-FA or some proprietary two-FA. They could work on this issue to make it easier.
Apart from that, we are coming from something that was not so good to something that is much better.
I have been using the Check Point Next Generation Firewall for 10 months.
The stability of Check Point's firewall, for what we use it for now, is pretty good. Especially, with the licensing of blades and the way they script it down into different managers. You have a part that manages blades, you have the part that manages NAT, and you have the part that manages identity. The VSX is another one on its own. So it is very stable for us.
When we add more load to it, when we go full-blown with what we want to use the device for, that will be a really good test of strength for the device. But for now the stability is top-notch.
They scale well.
All information passes through the firewall. We have about 8,000-plus users, including communicating with third-party or the networks of other enterprises that we do business with.
We've not used technical support. We asked our questions of the vendor that deployed and he was quite free and open in providing solutions. Anytime we call him we can ask. He was like our own local support.
There is also a Check Point community, although we've not really been active there, but you can go and ask questions there too, apart from support.
The initial setup was pretty straightforward.
It took a while about a month, but it was not because of the complexity. It was because we gave them what we already have on the ground. We were on Cisco before and they had to come up with a replica of the configurations for Check Point. When they got back to us we had to make some corrections, and there was some back-and-forth before everything finally stabilized.
Four our day-to-day administrative work, we have about four people involved.
We used a Check Point partner for the installation. I was involved in the deployment, meaning that while they were deploying I was there. They even took us through some training.
We have surely seen ROI compared to the other vendors I mentioned, in terms of costs. And we tested all the firewall features to see if it is doing what it says can do. And so far so good, it's excellent. It's a good return.
Check Point offers good solutions, but it won't kill your budget.
Going into Next-Generation firewalls, you should know what the different blades are for, and when you want to buy a solution, know what you want to use that solution for. If it's for your normal IP rule set, for identity awareness, content awareness, for VPN, or for NAT, know the blades you want. Every solution or every feature of the firewall has license blades. If you want to activate a feature to see how that feature handles the kind of work you give, and it handles it pretty well, you can then move to other features.
We evaluated Palo Alto, Fortinet FortiGate, and Cisco FirePOWER.
Check Point was new to the market so we had to ask questions among other users. "How is this solution? Is it fine?" We got some top users, some top enterprises, that said, "Yes, we've been using it for a while and it's not bad. It's actually great." So we said, "Okay, let's go ahead."
I would recommend going into Check Point solutions. Although Check Point has the option of implementing your firewall on a server, I would advise implementing it on a perimeter device because servers have latency. So deploy it on a dedicated device. Carry out a survey to find out if the device can handle the kind of workload you need to put through it.
Also, make it a redundant solution, apart from the Management Server, which can be just one device. Although I should note that up until now, we have not had anything like that.
We are using the solution for the perimeter. It's used as a core firewall, with almost all transactions passing through the firewall. For instance, in a cellular phone company, all transactional authorizations pass through the firewall, while in a bank, authorizations for branches and ATMs go through the firewall. The main customers are in the BFSI, telcos, industry manufacturing, and other large enterprise sectors.
Check Point's solutions allow organizations to operate securely with a reliable core firewall in place, ensuring that transactions proceed smoothly.
The Check Point firewall is used as a core firewall offering high reliability with at least two synchronized data centers, creating a fault-tolerant configuration. It is considered a very stable platform with minimal bugs.
Technically, there is no need for improvement. That said, they need to be more aggressive and protect more of the channels on the commercial side. Additionally, the user interface could be more user-friendly.
We have been using Check Point solutions for over twenty-five years, since the very beginning.
The firewall is highly stable, being described as one of the most reliable, with a stable platform and few bugs.
Using the Maestro technology, the firewall has good scalability. It allows for flexibility and growth by stacking clippings without needing to change the chassis.
Customer service is generally good. With Diamond or Diamond Plus service for banks, the support level meets customer expectations. The internal team of Check experts also ensures issues are resolved efficiently.
Positive
We are familiar with and have supported other solutions like Fortinet, Palo Alto, and Cisco yet primarily do business with Check Point.
Initial setup can be complex, especially in large or redundant deployments. Expertise is required to manage configurations, especially with complex operations and a high volume of users and VPNs.
The implementation team has around 20 people, with a total group including maintenance and support numbering 60.
Monetizing the risk is complex, and despite having software for calculating ROI in security, traditional calculations like the FAIR methodology do not apply efficiently in Latin America.
Check Point and Palo Alto solutions are among the more expensive options, but once a platform is adopted, switching is difficult. Clients tend to stay with the same brand for extended periods.
We have evaluated solutions from Fortinet, Palo Alto, and Cisco, however, the main offering is Check Point.
I'd rate the solution eight out of ten.
We primarily use Check Point NGFW for network segmentation and traffic control. It effectively segments our network into zones, allowing us to manage and secure traffic flows between different segments.
The platform's technical support services need enhancement.
The product is highly scalable and crucial for our large-scale deployment needs. Its scalability is a ten out of ten.
The technical support is generally responsive, although there have been occasional delays in accessing specialized assistance tailored to our needs.
Positive
The deployment was handled by dedicated experts within our organization, ensuring a smooth setup. While I didn't oversee the technical aspects directly, our team found the process straightforward, minimizing operational disruptions.
The product is on the higher end of the cost spectrum, but the investment is justified by its high-quality performance and reliability, which are paramount for our security infrastructure.
Check Point NGFW has consistently provided stable operation which is critical for our organization's security needs.
Managing firewall rules and policies is intuitive and efficient. The interface allows us to quickly adapt to new security requirements and maintain compliance with organizational policies.
I highly recommend it for organizations seeking robust network security.
Overall, I rate it an eight.
The implementation of Check Point firewalls has been a transformative experience for our organization. It has significantly improved our cybersecurity posture, enabling us to detect and prevent threats more effectively, streamline management, and stay agile in the face of evolving security challenges.
With Check Point, we are not just securing our data, we are also protecting our brand and reputation. The value they bring to our organization is immeasurable, making them an essential component of our overall cybersecurity strategy.
In today's ever-evolving digital landscape, cybersecurity is paramount for any organization. For our company, the implementation of Check Point firewalls has proven to be a pivotal moment in our ongoing quest to bolster our cybersecurity defenses. These firewalls have not only improved our security measures but have also positively impacted our overall business operations.
In our industry, adhering to stringent compliance regulations is paramount. Check Point firewalls help us ensure compliance with industry-specific regulations and standards, such as HIPAA, GDPR, or PCI DSS. This compliance assurance has eased the audit process and instilled trust among our clients.
Check Point firewalls have significantly improved our ability to detect and prevent threats. The robust threat intelligence capabilities, coupled with real-time monitoring, have allowed us to swiftly respond to potential security breaches. As a result, we have experienced a noticeable decrease in security incidents and data breaches, which ultimately translates into cost savings and a bolstered reputation.
As our organization grows, so does the volume of data we need to protect. Check Point firewalls have proved scalable and can handle increased traffic and the addition of new services without compromising performance. This scalability ensures that our security measures are always aligned with our business growth.
One of the standout features of Check Point firewalls is their user-friendly management interface. This intuitive platform has streamlined firewall management, making it accessible to both our in-house IT team and non-technical staff. This has resulted in a more efficient use of resources and time, allowing our IT personnel to focus on other critical tasks.
The product needs comprehensive reporting and analytics capabilities to help organizations gain insights into their security posture and demonstrate compliance to stakeholders.
It requires enhanced automation tools for regulatory compliance to ease the burden of compliance reporting and auditing.
The solution needs to tighten security by facilitating easy integration with MFA solutions to enhance user authentication.
It needs to integrate automation and orchestration capabilities to streamline incident response and automate routine security tasks, reducing the workload on security teams.
As containerization and microservices become more prevalent, it needs to provide security solutions that protect these modern application architectures effectively. Features like runtime protection and security scanning for containers can be beneficial.
I've used the solution for almost five years now.
Check Point firewalls are quite robust and resilient.
Check Point firewalls have proved scalable and can handle increased traffic and the addition of new services without compromising performance.
The technical support is recommended. I'd give them an A++++.
Positive
I did not previously use a different solution.
The initial setup was straightforward.
We deployed the solution using Check Point's PS Support. Their team is highly experienced and professional.
It's worth the cost.
Initially, the cost of the investment might seem high compared to other vendors. However, in the long run, it might prove to be economical and cost-efficient.
I also evaluated Fortinet and Cisco ASA.
We have multiple customers that use this product. Integrated logging is the best around.
It's clear and does the job it's supposed to do.
We typically install this as the network edges and encourage our customers to have one at each location. Some prefer to backhall the smaller sites to the main branch where it handles all the inspection and rules.
We also set up multifactor SSL VPN solutions at the main location which allows visibility into remote worker traffic. Overall, it's used mostly by small to medium businesses.
We have been able to sell this product for a long time as it's highly rated and has a deep feature set. We have probably sold millions of dollars worth of Check Point products over the years.
When the customer comes to us wanting the most protection we typically suggest Check Point first. Our engineers enjoy being able to quickly deploy a solution and have the familiarity with the product to be able to troubleshoot it quickly once it's deployed. For the most part, we train our customers to be able to manage it themselves.
Mostly the logging features of the Check Point NGFW are the most valuable. Being able to search in clear text is simple for the customer and for troubleshooting an environment.
I also like that you can get trial licenses for just about every product solution. This allows us to suggest a feature, implement it, and then show the customer that it has value. We tend to retain the customer on that product for the long term once it has been deployed and they are able to see what it's doing to protect them.
The only thing holding it back is the price. It's too expensive for mid-market companies. There are other platforms that have emerged that have a similar feature set, however, are more difficult to deploy. This is really only a problem for the engineers as the customer doesn't care how many hours the engineer has to put in to make it work in their environment. If the Check Point product came in at a lower price point it would make it easier for the customer to see the value in cost, thus making it easier for us to sell.
I've used the solution for seven years.
It has been the most stable for a long time. That track record is something that you can show the customer.
The product is highly scalable especially if you integrate the orchestration solution.
Support is hit or miss lately. They have lost too many good reps to other companies.
Positive
We have used other solutions, however, we continue to use Check Point NGFW.
The initial setup is simple once you have the appropriate infrastructure setup. Once Check Point gets away from the central management solution and allows for on-box management it will make small businesses happier.
I am part of the vendor team. We do a good job implementing it, although sometimes it takes too much time to deploy a product.
We tell the customer that the ROI is the protection they are receiving and the stability of the product.
We tell customers truthfully it's the best product, however, it has the highest cost and you'll pay for each license.
We are always evaluating other solutions for our customers. Palo Alto and Fortigate are the top two others at the moment.
They just need to get the pricing down or do a better job of bundling the licensing.
The customer's use case involves employing it to safeguard their internal applications from external threats. They utilize various gateway features, including user identity-based policy, anti-spam, antivirus, IPS, anti-BOT, and other security measures, effectively creating a robust defense against a wide range of potential risks.
The primary focus is on safeguarding the customer's internal applications, especially for traders. When it comes to security, the main advantage lies in risk mitigation, akin to insurance.
The most valuable feature is its unique inspection model, which was initially a basic firewall inspection. Over time, they've developed and refined this model to cater specifically to trade-related intelligence. It is now a crucial and central component of their security infrastructure.
From an administrative perspective regarding Check Point NGFW, there are two key suggestions to improve efficiency. Firstly, administrators should be able to create a unified policy which means that when administrators set up policies in Check Point, they should have the flexibility to configure different security profiles and other security parameters all within the same access policy, simplifying the process. Secondly, the upgrade process for Check Point Firewalls currently involves extended downtime as it often requires a fresh installation. This downtime can last up to around sixty minutes, causing disruptions to business operations. To enhance the user experience, Check Point should consider adopting an incremental upgrade approach, similar to competitors like Palo Alto or Fortinet, as it would help minimize downtime and streamline the upgrade process, making it more efficient and user-friendly.
I have been working with it for about ten years.
It provides good stability features. I would rate it six out of ten.
Scalability is achievable in the cloud environment. By following the appropriate processes, you can configure automated scanning and other necessary functions to ensure it.
From a technical support perspective, there is room for improvement in Check Point's services. They have increasingly outsourced a significant portion of their support, primarily to third parties. This outsourcing has raised concerns, as it often results in longer resolution times and troubleshooting processes. In my experience, working with Level 3 engineers is more satisfactory and efficient, whereas Level 1 and Level 2 support can sometimes fall short of expectations and extend the time required to address issues.
Neutral
When comparing Check Point to Fortinet and Palo Alto solutions, there are several advantages and disadvantages to consider. One key advantage of Check Point is its robust logging capabilities. Administrators can access detailed traffic flow information, providing valuable insights into network activity. Another strength is the trust associated with Check Point. They pioneered the concept of "stateful firewall," which has established a strong foundation for trust in their security solutions and is built on their extensive experience and history in the field.
The initial setup is a medium-level complexity task.
When deploying on AWS cloud, I typically opt for CloudFormation templates to facilitate the setup of Check Point. This approach offers the advantages of infrastructure as code. When it comes to on-premises deployments, the process is manual and involves tasks such as physical cable connections, configuring interfaces, setting up routes, and defining network policies. For a typical mid-sized project, a single person is usually sufficient for the cloud deployment, taking no more than two hours if the implementation plan is well-defined and the design is in place.
The cost can vary depending on the specific model and feature set requirements, as well as the unique value it offers to the organization. The price may be perceived as relatively high when compared to the features and capabilities they provide.
My advice for anyone considering it would be to begin by thoroughly understanding their specific needs and requirements. It's crucial to assess budget constraints and security priorities. If an organization has a sufficient budget and prioritizes a robust security posture, I would recommend considering Fortinet. They often provide a more comprehensive security exposure when compared to Check Point. For organizations with legacy systems or a strong preference for Check Point's Endpoint solutions, my advice is to segregate the management and gateway components. Avoid running both on the same platform to prevent complexity and potential issues. Separating these functions can lead to a smoother and more efficient operation. Overall, I would rate it six out of ten.
We are using Firewall Intrusion Prevention and URL Filtering, and we just purchased the Endpoint Protection package for our workstations.
It is deployed on-premises. We have two Check Point systems in place. We have one that's between our business network and the outside world, and we also have one that's between our business network and our internal SCADA system.
We haven't updated to version 81, so we're still at version 80.
It has provided us with great protection from threats. I've been here 30 years, and we've had two incidents, and none of them were within the time we've used Check Point.
The console or the single interface on the blades is most valuable.
The only thing that we've seen is instances where console and administrative interfaces get locked up or freeze, and we have to get the machine rebooted.
I have been using this solution for probably 10 years.
I would rate it a nine out of 10 in terms of stability.
Its scalability is very good. Our entire force is about 190 people, and most of them use it at some point just because they are going out to the internet and have that protection for the workstations.
It is being used extensively. Everyone is using it, and we do have plans to increase the functionality on the device.
They provide really good support. I would rate them a five out of five.
I can't remember the product, but what we had initially was an entry-level device. It was a single-purpose firewall. We went up to an enterprise solution that had additional features.
It was pretty simple to transfer the old firewall configuration to the new one. So, it was pretty straightforward and easy. I would rate it a four out of five in terms of effortlessness.
It took over a month. We ran two systems. We built a new system for a couple of weeks before switching over completely.
We used a consultant. Our experience with them was very good.
For deployment and maintenance, we have five people on our staff. We have to do some maintenance on it. It's pretty much scheduled to rotate between us so that we keep our skills fresh.
We've not done an initial study on any kind of ROI. We rarely do. In positives, we try to perform a yearly risk assessment of our systems, and we find very few vulnerabilities. So, it is doing what it's supposed to. It is keeping us safe.
Its cost is a little higher than other products.
We evaluated other options, but I don't remember their names. We basically went to the consultant we deal with for security-related things and said, "What's out there? What do you recommend?" He gave us three and recommended that the Check Point was probably the lead one.
I would advise comparing it to the other products.
I would rate it a nine out of 10. It has served us very well and given us very few headaches.