We changed our name from IT Central Station: Here's why
Ümit Güler
Consultant at KoçSistem
Real User
Top 5
Good support, improves performance, stable, and scales well
Pros and Cons
  • "One of the most valuable features is performance improvement, wherewith ClusterXL and CoreXL, you can improve performance."
  • "Check Point should include additional management choices; for example, Check Point does not offer full management support via browser."

What is our primary use case?

I'm a consultant at a Check Point partner. I have deployed a lot of Check Point firewalls and support Check Point firewalls for our customers. Our customer environments are different. I have deployed standalone, cluster, and two-layered firewalls.

How has it helped my organization?

Check Point firewall products include a lot of modules including Application Control, IPS, Email security, Mobile access, Content Awareness, URL Filtering, Antivirus, Antibot, and DLP

Check Point meets our customers' requirements at the perimeter with an all-in-one solution. For example:

  • The IPS blade prevents attacks with updated signatures.
  • URL filtering policy control customers' users' internet activity.
  • Antivirus and antibot blade controls malicious activity and files.
  • Mobile access blades allow customers to access their sites from anywhere securely.

What is most valuable?

There are a lot of features that I have found valuable for our customers.

For example, active/active and active/standby high availability features are very useful. If you want to share traffic loads to both cluster members, you can use the active/active feature, whereas if you don't want to share traffic loads then you can prefer active standby. Your connections sync on both cluster members for either highly available choice, so your connections never lost.

One of the most valuable features is performance improvement, wherewith ClusterXL and CoreXL, you can improve performance.

What needs improvement?

Check Point should include additional management choices; for example, Check Point does not offer full management support via browser.

You should use Check Point Smart Console for management, although it is an EXE and is supported only on the MS Windows platform. If you are using Linux or Mac, you cannot manage Check Point. Instead, you need to use a virtual PC with the Windows OS installed, running inside Linux or Mac. Check Point states that this is a decision made for security reasons, but that certain management features can be done through the browser, although not fully.

For how long have I used the solution?

I have been using the Check Point firewall for more than 20 years.

What do I think about the stability of the solution?

This solution is very stable for all of our customers.

What do I think about the scalability of the solution?

One of our customers has more than 200 branch offices, which are protected by Check Point SMB appliances. All of these appliances are managed by Check Point SmartProvisioning. This customer has one Check Point cluster that secures server segments and another Check Point cluster to secure the client segment.

The latest product, Maestro is very good and scales well.

How are customer service and technical support?

Check Point support is very good and we are very satisfied.

Which solution did I use previously and why did I switch?

My company is working with different firewall products but I am a Check Point expert and only support their products.

How was the initial setup?

The initial setup is straightforward.

What about the implementation team?

All implementation is handled by our team.

What was our ROI?

There are different ROIs for each customer but our customers' ROIs are high, as expected.

What's my experience with pricing, setup cost, and licensing?

The pricing is high compared to competitors.

Which other solutions did I evaluate?

Our customers evaluate other products but a lot of them prefer Check Point.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: KocSistem A.S.
Flag as inappropriate
reviewer1582053
Security Engineer at Gosoft (Thailand)
User
Top 20
Easy-to-use console, good logging, effective traffic and access control features, responsive support
Pros and Cons
  • "From the logs, you can trace back to the rule with a click, which makes it easy to investigate cases."
  • "They have few predefined reports and it would be nice to increase them since the logs are excellent."

What is our primary use case?

I use Check Point NGFW for controlling traffic and controlling access to the production server. It is a HA (high availability) environment. It is easy to use failover solutions.

We use it on our disaster recovery (DR Site) and it runs smoothly.

How has it helped my organization?

In the office, Check Point Infinity is the only fully consolidated cybersecurity architecture that protects your business and IT infrastructure.

Integrating the most advanced threat prevention and consolidated management, the security gateway appliance is designed to prevent any cyber attack, reduce complexity, and lower costs.

Check Point gateways provide superior security beyond any Next-Generation Firewall (NGFW).

Best designed for network protection, these gateways are the best at preventing the fifth generation of cyber attacks.

Overall, for us, it improves the private cloud security and helps to prevent the spread of threats while consolidating visibility and management across our physical and virtual networks.

What is most valuable?

The most valuable feature is the next-generation firewall (NGFW) protection.

Check Point has long been a leader in the firewall market. It offers Quantum Security Gateways for a wide range of use cases and CloudGuard FWaaS and cloud security products too. NSS Labs scored Check Point just behind Palo Alto in security effectiveness and ahead of Palo Alto in TCO. Check Point’s management features are among the best in the business, but SD-WAN capabilities are lagging.

A firewall rule is the same on all systems, and I am very happy with the correlation and the display of the rules.

From the logs, you can trace back to the rule with a click, which makes it easy to investigate cases. It is also easy to search the log.

What needs improvement?

They have few predefined reports and it would be nice to increase them since the logs are excellent.

They should be quicker to release fixes for known vulnerabilities, including those related to Microsoft products.

If you make a mistake when creating rules, it is time-consuming to fix them. However, there is no problem with traffic processing. 

Sometimes you are forced to interact on several different levels. On the one hand, you put the rules in, and on the other, you put in the route. 

For how long have I used the solution?

I have been using Check Point NGFW for between five and six years.

How are customer service and technical support?

They have a good support team that is fast to respond. However, there are open cases that should be resolved in a more timely fashion.

Which solution did I use previously and why did I switch?

We used another solution prior to this one, but the updates were too slow and it was harder to monitor the log.

How was the initial setup?

The initial setup is very hard.

What about the implementation team?

The vendor implemented this product for us.

What was our ROI?

This product is a good investment and I expect a full return in approximately three years.

What's my experience with pricing, setup cost, and licensing?

The price of the appliance should be decreased.

Which other solutions did I evaluate?

 I evaluated several other solutions and compared them before choosing Check Point.

What other advice do I have?

This is a product that I recommend.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
565,304 professionals have used our research since 2012.
Security Engineer at Netpoleons
User
Good packet filtering and proxy firewalls with an excellent intrusion prevention system
Pros and Cons
  • "One of the solution's best features include a packet-filtering firewall that examines packets in isolation."
  • "One of the main features that need improvement is the rule filter export."

What is our primary use case?

What can you do about threats that get past simple packet inspection by a regular firewall? You could have a layer 3 firewall inspect the protocol and block known threats from certain URLs, however, what if it comes from a URL that has not been reported and is a socially engineered exploit designed to hijack your data? This is where a Layer 7 firewall will be able to inspect the application, known as payload inspection.

While this is possible to do with a Layer 3 firewall, it can be difficult due to the number of protocol messages in Layer 7. You would need to create a signature for each application you wanted to protect; however, network signatures tend to block legitimate data and increase your MTTR (mean time to resolve an issue).

Plus, having these signatures makes it hard to manage and keep up with by the IT staff. Relying on the power of AI and the cloud in order to leverage the Layer 7 firewall is key. The advantage of Layer 7 is its protocol awareness, which allows it to differentiate between different network traffic (application knowledge) and not just packets or flows that identify ports and IPs (Layer 3).

How has it helped my organization?

Let's say most of the traffic nowadays goes through HTTP, your web browser.

When you browse the web, what do you suspect happens? Your browser sends HTTP requests to servers around the world, and in return, you receive a response. Big data packets originate from business applications as well, such as file transfer protocols (FTP) or web services such as MapReduce or Twitters API. Oftentimes, a breach happens through these protocols, whereby a Layer 3 firewall could potentially let the threat in (such as SQL injection by default) without explicitly denying these requests.

What is most valuable?

The solution's best features include:

  • A packet-filtering firewall that examines packets in isolation and does not know the packet's context.
  • A stateful inspection firewall that examines network traffic to determine whether one packet is related to another packet.
  • A proxy firewall (aka application-level gateway) that inspects packets at the application layer of the Open Systems Interconnection (OSI) reference model.
  • A Next-Generation Firewall (NGFW) that uses a multilayered approach to integrate enterprise firewall capabilities with an intrusion prevention system (IPS) and application control.

What needs improvement?

One of the main features that need improvement is the rule filter export. All of the other vendors can export the filtered IPS as a PDF or CSV file, however, with the smart dashboard, it’s just not possible. One can only export the whole rule base and then search for the IPS, which is super time-consuming as you can’t send the whole rule base to a customer. You would get weird questions about certain rules such as why they are deployed or configured as they are, and maybe even get unwanted tips on how to change them.

For how long have I used the solution?

I've used the solution for four years.

Which solution did I use previously and why did I switch?

We did not previously use a different solution.

What's my experience with pricing, setup cost, and licensing?

The costs involved depend on your needs and budget.

Which other solutions did I evaluate?

We did not evaluate other options.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
reviewer1281831
Security and Network Engineer at a tech services company with 501-1,000 employees
Real User
Top 10
User-friendly configuration, good support, and trouble-free upgrades have made our jobs easier
Pros and Cons
  • "The rules are very easy to deploy and can be optimized pretty quickly."
  • "One of the main features that need improvement is the rule filter export."

What is our primary use case?

The Check Point NGFW is the best product that I have ever used. It has pluses and minuses, as do others, but the usability, simplicity, and the configuration abilities are very user-friendly. After a while, other vendors just don’t come close to it.

The second thing is that is just works and it does it with ease. The upgrades and bug fixes are frequent and well documented. Also, the patches just work ;-)

There are some negatives but as I already said, they aren’t many and from my point of view, we can see past them.

How has it helped my organization?

It has made our lives and working in the company a lot easier. We have a better overview of the logs and what happens with the traffic in our company. Which means that the search for the certain logs is easy, quick and smooth. The overview of the logs is also very good as it is very detailed. The installation is allot quicker as it was before what also helps us with the implementation of the firewall rules. The rule consolidation is also very important as we have more than 60 fw rule change requests per day.

What is most valuable?

The rules are very easy to deploy and can be optimized pretty quickly. The R80 has a great feature on how the rules are processed, which costs less in terms of CPU and threads than it did before.

The features that are integrated into the firewall are very useful for our everyday use. Examples of these are the log manager, the firewall monitor commands, and the Linux commands. These are all very useful and helpful.

The VPN tunnels are easy to set up once you understand how they have to be configured.

What needs improvement?

One of the main features that need improvement is the rule filter export. All of the other vendors can export the filtered IPS as a PDF or CSV file, but with the smart dashboard, it’s just not possible. One can only export the whole rule base and then search for the IPS, which is super time-consuming as you can’t send the whole rule base to a customer. You would get weird questions about certain rules, why they are deployed or configured as they are, and maybe even get unwanted tips on how to change them.

For how long have I used the solution?

We have been using Check Point NGFW for eight years.

What do I think about the stability of the solution?

In terms of stability, this solution is very good.

What do I think about the scalability of the solution?

The scalability is high.

How are customer service and technical support?

The technical support is very good.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

How was the initial setup?

The initial setup is very easy.

What about the implementation team?

I implemented and deployed Check Point NGFW alone.

What's my experience with pricing, setup cost, and licensing?

Maybe the pricing is a bit high but you get the durability and the duration.

Which other solutions did I evaluate?

We evaluated Palo Alto and Cisco ASA.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Consultant at Capgemini
Vendor
Top 5
Easy to scale with good IPS features and helpful technical support
Pros and Cons
  • "If there is a critical issue observed, the Check Point support team can create a custom package that we can deploy on the gateway to mitigate critical issues/bug fixes."
  • "Sometimes we need to find a resolution by ourselves as the solution's knowledge base is not enough."

What is our primary use case?

We are using this product as a firewall which does have the capacity to block the IPS signature as well. 

It is highly accurate for the IPS engine and has the best-in-class log monitoring and report generating facility in the firewall. 

It is easy to manage, as it has a centralized management console. We are using the firewall as a VPN service as well. It is very easy to troubleshoot the issue with the VPN. We are using IPSEC features where we can enable tunnels with the client and we can safely communicate with vendors due to encryption.

How has it helped my organization?

Checkpoint NGFW improved the security posture of our network infrastructure to the point where we can use antivirus, IPS, and antibot features to tighten up the security. We can also use URL filtering where we can block malicious URLs in communications. We can easily stop and detect Day-Zero attacks. 

The throughput of the firewall is very big for data transitions. The antivirus also includes DPI (deep packet inspection), which examines the data within the packet itself rather than only looking at packet headers. This enables users to identify, categorize, or block packets with malicious data more effectively. 

What is most valuable?

The IPS feature is the most valuable feature. We can block zero-day attacks within stipulated time intervals. The up-gradation activities are much simpler when we are dealing with Check Point firewalls. 

If there is a critical issue observed, the Check Point support team can create a custom package that we can deploy on the gateway to mitigate critical issues/bug fixes. 

The support reachability is very promising, as we can directly connect with them via call or chat from the support portal.

What needs improvement?

Sometimes the KB article does not include all the steps. There is a chance for improvement in the content of global KB articles. It's nearly impossible to add an exception for threat prevention services - such as antivirus and anti-bot. You will be stuck with Indicators of compromise marked as detecting only, caching issues, and random effects. There is no clear way to report incorrect classification to support. 

Sometimes we need to find a resolution by ourselves as the solution's knowledge base is not enough.

For how long have I used the solution?

I have been using this solution for five years.

What do I think about the stability of the solution?

The stability is good.

What do I think about the scalability of the solution?

We can easily scale the gateways with a few simple clicks. 

How are customer service and support?

Technical support is great.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did use a different solution. Check Point provides better visibility where security is concerned. 

How was the initial setup?

The setup was very straightforward

What about the implementation team?

We can implement it by ourselves.

What was our ROI?

The ROI is double annually.

What's my experience with pricing, setup cost, and licensing?

It is pretty cheap as far as the setup cost, pricing, and/or licensing are concerned.

Which other solutions did I evaluate?

We looked at Palo Alto firewalls.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Senior infrastructure technical lead at Westpac Bank
User
Super technical support, scalable, and has very useful dashboards
Pros and Cons
  • "Objects search and tracker logs are useful."
  • "The pricing could be better."

What is our primary use case?

The solution is primarily used for firewall protection for an enterprise environment, The Check Point firewalls are implemented on the perimeter (DMZ) and Secure Access Domain (SAD) environments. 

We use physical VSLS clusters but have many virtual systems (Vsys) configured for different sub purposes. The Entire management domain is protected by Check Point firewall virtuals running on multiple physical boxes.

We have multiple virtual routers configured on the physical firewalls which connect L3 connectivity to other domains. The Perimeter DMZ firewall protects the boundary zone Environments 

How has it helped my organization?

Check Point firewalls have helped our organization to securely promote the traffic flow in a secure way that is fast and swift.

There's faster identification of customer traffic issues identifies via a smart view tracker and centralized management of rules. It has an ease of access policy and a human-readable format.

We have multiple virtual routers configured on the physical firewalls which connect with L3 connectivity to other domains. The Perimeter DMZ firewall protects the boundary zone environments.

What is most valuable?

Dashboards for rules management and trackers for firewall logs capture are useful.

Traffic flow in Check Point is very structured so that it is easy to understand the path it checks to understand which elements come first and which elements come later.

The smart log compiles from multiple CMAs is an important feature that is very attractive. 

The MDM dashboard is very organized compared to other vendors. The use of CLI tools like TCPDUMP and FW monitor are very useful in verifying the traffic logs.

Objects search and tracker logs are useful.  

What needs improvement?

To combine CLI routing and GUI application in a way that both interact together would be ideal.

The pricing could be better. In general, the Check Point solutions are not cheap, however, you could try to negotiate on the overall contract, especially if you are purchasing a lot of hardware.

In the CLI, while viewing configs, there is no easy way to snapshot configs. 

For how long have I used the solution?

I've used the solution for more than 15 years.

What do I think about the stability of the solution?

The product is very stable.

What do I think about the scalability of the solution?

The solution is scalable.

How are customer service and support?

Technical support is super.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We switched from Cisco to Check Point. Cisco was CLI-based and cumbersome with rulesets.

How was the initial setup?

The setup is straightforward as there are many videos available on the net to practice with.

What about the implementation team?

We had vendor involvement.

What was our ROI?

It serves the purpose and primarly gets the best output.

What's my experience with pricing, setup cost, and licensing?

The pricing is high. In general, the Check Point solutions are not cheap, however, you could try to negotiate on the overall contract, especially if you are purchasing a lot of hardware.

Which other solutions did I evaluate?

Yes, the vendor ran through the options and based their decision on the company security standards.

What other advice do I have?

We are satisfied with the product and support.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Checkpoint firewall has helped organisation to securely promote the traffic flow in secure way that is fast and swift.
Flag as inappropriate
PRAPHULLA DESHPANDE
Sr. Security Analyst at Atos
MSP
Top 5
Great GUI with a good centralized management console and helpful technical support
Pros and Cons
  • "The initial setup is very straightforward."
  • "They could make the licensing a bit easier to deal with, especially for enterprise-level options."

What is most valuable?

Check Point is very strong as compared to the other vendors in the market.

The solution offers a very good centralized management console. 

It works well even for small deployments. 

The perimeter security is excellent. 

It works well even for cloud environments and has been very useful during COVID when people weren't necessarily in the office. 

The creation of policies is simple. It's easy to configure them when we need to.

We have found the troubleshooting process to be very easy and helpful.

The GUI is simple and straightforward. 

The sandbox environment on offer has been great. 

The support has been super-helpful. They've always been great, even at a pre-sales level.

The initial setup is very straightforward. 

What needs improvement?

From a stability standpoint, sometimes when upgrading to a new version, there are some stability issues. The device occasionally may stop responding. 

It would be beneficial if they offered better load balancing. 

They could make the licensing a bit easier to deal with, especially for enterprise-level options. 

For how long have I used the solution?

We primarily use the solution for security, as a next-generation firewall that we use in our environments. It is very good at detection and prevention. However, we are still exploring use cases.

What do I think about the stability of the solution?

While the solution is mostly stable, we do find that we have stability issues moving to different versions. You run the risk of the device not responding in some cases. 

What do I think about the scalability of the solution?

The scalability is possible, however, it's based on requirements. When we get a new solution, we plan out for the next four or five years. It can scale so long as you design it properly at the outset. 

How are customer service and technical support?

Technical support is helpful and responsive. We're quite satisfied with the level of service we can expect. They are very good.

Which solution did I use previously and why did I switch?

I've also worked with Palo Alto and Cisco. 

How was the initial setup?

The initial setup is extremely straightforward. You don't even have to be overly technical to manage it. They make it very easy. It's not overly complex or difficult.

What's my experience with pricing, setup cost, and licensing?

The licensing is okay. Clients can go for a one, three, or five-year license. 

Sometimes it's complicated to put new licensing on existing devices. If we have issues, we can raise questions with the sales management team and they are always very helpful. Larger, enterprise-level devices, in particular, can be a bit complex to deal with. 

What other advice do I have?

We are integrated partners and we provide services to the customers.

I didn't get any chance to work on version 80.40, however, a lot of the customers are on versions 80.10, 80.20, and 80.40.

I would encourage users and companies to use Check Point. It's quite a good solution. I find it to be a better solution than, for example, Palo Alto.

I'd rate the solution at a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
IT cloud network engineer
Junior Network Specialist - Cloud Operations Engineer at a computer software company with 5,001-10,000 employees
Real User
Top 10
VPN is easy to configure while the CLI allows us to automate things
Pros and Cons
  • "One of the most valuable features is the data center object integration with Azure. We are using Azure a lot and there is very nice synchronization between the objects in Azure, and it's very easy to implement rules using this feature."
  • "The NAT services part needs improvement. It's not sophisticated. It needs functions like range assignment for NATing. The way you assign a list of IPs for NATing is too simple. It just allows you to use pools."

What is our primary use case?

We use them to protect our edge infrastructure and for interconnecting our sites using the VPN.

What is most valuable?

One of the most valuable features is the data center object integration with Azure. We are using Azure a lot and there is very nice synchronization between the objects in Azure, and it's very easy to implement rules using this feature.

Other valuable features include: 

  • the VPN — it's quite easy to configure it and it provides us with an easy way to interconnect our sites.
  • the CLI, for automating things
  • it is very easy to manage, to make backups, and to configure
  • the support and the graphical user interface.

What needs improvement?

The NAT services part needs improvement. It's not sophisticated. It needs functions like range assignment for NATing. The way you assign a list of IPs for NATing is too simple. It just allows you to use pools.

There could also be improvement to the automation. They should provide a tool for creating and maintaining rules.

For how long have I used the solution?

I have been using Check Point firewalls for more than five years.

What do I think about the stability of the solution?

The stability is an eight out of 10 because we have had some problems with URL filtering, with the domain filtering in particular. When the domain is under a CDN, it sometimes gives us problems because there is more than one IP for each domain.

We have also had problems with data center objects or Azure objects where we have created a rule and the rule stops working. We opened a case with Check Point and they answered us. We installed fixes and it looks like it's working now.

What do I think about the scalability of the solution?

The scalability is quite nice at the firewall level. It gives us the possibility of implementing clusters and high-availability.

We are also working on an Azure implementation and it looks good. We have not yet deployed to the Azure Check Point implementation, but it promises a lot.

We have about 200 employees and, on the administrative side, there are 12 to 15 people working with the Check Point solution. They are mostly networking infra engineers. We are using about 40 percent of the firewall capacity. We don't currently have plans to increase capacity.

How are customer service and technical support?

We are satisfied with the support. When we have a problem, it's very easy to contact the support center and they give a fast response. I would give their support a nine out of 10.

Which solution did I use previously and why did I switch?

I have worked with the Cisco ASA firewalls and with firewalls from manufacturers like MikroTik.

What was our ROI?

It's hard to measure ROI, but our sense of security, as a company, is good with Check Point.

What's my experience with pricing, setup cost, and licensing?

In terms of quality versus price, Check Point is very balanced.

What other advice do I have?

The biggest lesson I have learned from using Check Point firewalls is that if you know how to work with Linux, you will be able to manage almost all the features.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.