We changed our name from IT Central Station: Here's why
Firewall Engineer at a logistics company with 1,001-5,000 employees
User
Top 5Leaderboard
Scalable, stable, and configurable
Pros and Cons
  • "Check Point helps a lot with automatization which definitely reduces the effort to maintain the environment."
  • "The policy installation length is still too long. It was promised that the time would be severely reduced in newer versions, but it is still too long."

What is our primary use case?

We use Check Point Gateways for securing our data centers including DMZ networks as well as gateways for our branch offices around the world. They are connected via MPLS, internet, or site-to-site VPNs depending on the branch connectivity.

A minimum standard for the whole environment is the NGFW. Firewall rules according to our security policy. VPN for site-to-site tunnels to our own gateways or to partners and customers. IPS is set primarily to prevent, and for some signatures to detect. 

Application Control is still in the early stages.

How has it helped my organization?

Firewalling is one of Check Point's core business attributes, and it just works.

Creating site-to-site VPNs between Check Point Gateways that are within the same management is unbelievably easy. If you create VPNs for 3rd parties and there are mismatches or issues, you will see logs that help pinpoint issues or misconfiguration.

Application control help with identifying applications and therefore makes firewall rules easier since changing ports don't have to be adapted every time an application changes or updates.

What is most valuable?

Generally speaking, all features are well documented and the two platforms help with configuration. Documentation and knowledgebase articles in the user center as well as user recommendation within the forums are great. The Admin Guides are really well documented, but it's a lot to read.

Check Point helps a lot with automatization which definitely reduces the effort to maintain the environment. The best example would be the CDT tool which helps with decreasing the amount of time for upgrading whole environments.

What needs improvement?

The policy installation length is still too long. It was promised that the time would be severely reduced in newer versions, but it is still too long. R81 promises at least parallel policy installations, which help in larger environments.

Check Point's advantage (to be able to configure everything) is also a disadvantage. The environment is quite complex. Troubleshooting is not always easy as there are a lot of possible debugs that can be taken, and the support will not always send the right or necessary debugs. Some debugs also can cause a heavy load, so you have to keep an eye on what you troubleshoot.

For how long have I used the solution?

Our company has used Check Point for well over 10 years.

What do I think about the stability of the solution?

If it's running, it's stable. New setups have to be tested though.

What do I think about the scalability of the solution?

The solution can be scaled from very small branch offices to huge data centers or even cloud data centers.

How are customer service and technical support?

Support depends on how well you describe the issue and send information. Sometimes escalation is necessary.

How was the initial setup?

The more features (blades) are turned on, the more complex the environment becomes. If something goes wrong, you have to rule out several issues (hardware, blades, et cetera).

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
IT Consultant/Engineer at a computer software company with 11-50 employees
User
Great scalability with an updated management console and convenient implementation
Pros and Cons
  • "We found a very successful implementation of the virtual private network client, since, for some time now, everyone has been working from home."
  • "You need to merge all the old consoles into one new one and make the interface more convenient for the novice administrator."

What is our primary use case?

Our organization implements, maintains, and operates Check Point's firewall. 

Check Point solutions were implemented by our organization in accordance with the project documentation and further adjusted at the request of the customer. 

We ourselves also use a Check Point firewall in conjunction with a firewall from another vendor - both to protect our network perimeter and to test various functions and new emerging firewall capabilities and identify various bugs before they reach customers in the product environment.

How has it helped my organization?

We and our customers use almost the entire palette of capabilities of the firewall solution from Check Point. We use almost every feature, from anti-spoofing and network segmentation to URL filtering and intrusion prevention systems. We also willingly use virtual private networks from Check Point, both site to site and client to site. We also leverage the antivirus blade and anti-DDoS attacks. Some of our customers use Check Point capabilities for mobile devices, which are also successfully implemented in the firewall.

What is most valuable?

We found a very successful implementation of the virtual private network client, since, for some time now, everyone has been working from home. With the firewall from Check Point, this function is implemented very conveniently and securely. 

A convenient new version of the firewall management console, which, starting with the R80 version, has become standard for many Check Point blades, however, unfortunately, not for all. You still need to use older consoles to manage some features. For example, to access the monitoring blade, I need the old console, but the new console should start it.

What needs improvement?

You need to merge all the old consoles into one new one and make the interface more convenient for the novice administrator. Until now, the initial settings as well as subsequent changes to the "iron" part of the firewall, namely its interfaces, routing, or DCCP settings, you must use the web interface through a browser. This is inconvenient. Of course, you can use the command-line for these purposes, however, this also complicates the configuration process for the administrator and requires a well-known habit.

For how long have I used the solution?

I've used the solution for six years.

What do I think about the stability of the solution?

There is room for improvement in terms of stability.

What do I think about the scalability of the solution?

The scalability is great.

How are customer service and support?

Technical support could sometimes be better.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I have used and still use solutions from Sophos, however, in Check Point, some functions are implemented more conveniently. For example, work with logs.

How was the initial setup?

Before installing, I recommend to go through the training.

What about the implementation team?

I handled the implementation myself.

What was our ROI?

The ROI is good.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,599 professionals have used our research since 2012.
Network, Systems and Security Engineer at SOLTEL Group
Real User
Top 5
Good support, provides deep packet inspection, and offers sandbox capabilities
Pros and Cons
  • "I think that the most valuable feature is the prevention of known and zero-day threats because they are constantly trying to access your company and compromise its data."
  • "Check Point products have many places that need to be improved, but they are constantly upgrading."

What is our primary use case?

Nowadays, there are many threats and it's necessary to have an automatic process to defend your organization. The Check Point NGFW is a good solution for this use case.

How has it helped my organization?

For my organization, CheckPoint NGFW helped us with enforcing threat prevention.

Threat prevention capabilities are a natural extension of next-generation firewalls' deep packet inspection capabilities. As the traffic passes through the device, they also inspect the traffic for known exploits of existing vulnerabilities (IPS).

Files can be sent off-device to be emulated in a virtual sandbox to detect malicious behavior, named sandbox security.

I think that the main benefit of an NGFW is the ability to safely enable the use of Internet applications that empower users to be more productive while blocking less desirable applications.

What is most valuable?

I think that the most valuable feature is the prevention of known and zero-day threats because they are constantly trying to access your company and compromise its data. It is very important to have your solution always update for this.

I think that another important feature is that it is a cloud solution. More and more companies have all of their systems in the cloud and the threats are pointing here.

The features that a next-generation firewall includes are application and user control, integrated intrusion prevention, advanced malware detection such as sandboxing, and leverages threat intelligence feeds.

What needs improvement?

Check Point products have many places that need to be improved, but they are constantly upgrading.

For how long have I used the solution?

I have been using Check Point NGFW since 2015.

How are customer service and technical support?

Check Point has a good support department and they are always ready to help you.

Which solution did I use previously and why did I switch?

Previously, I used Fortinet but Check Point provides us with more features.

I used this solution for the first time in 2015 when I worked for a local Internet Service Provider. At that point, I used the R77.30 console and I saw all of the good features that it provided.

Now, I use R80.30 in my current company and these products are the best in the market. This company is going to be at the forefront and you can complete your solution with other products in their portfolio.

How was the initial setup?

Today’s next-generation network firewall can be found deployed on-premises at the edge of enterprises and branch offices, on-premises at internal segment boundaries, in public clouds such as Amazon (AWS), Microsoft Azure, and the Google Cloud Platform. They are also deployed in private clouds.

What's my experience with pricing, setup cost, and licensing?

The licensing includes the cost of support.

Which other solutions did I evaluate?

We evaluated many others options including solutions by Fortinet, Palo Alto, SonicWall, etc.

We think that Check Point is the best because they are at the forefront.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Service Manager Datacenter LAN
User
Great Anti-Bot and application control features but administration of routing should be on the central dashboard
Pros and Cons
  • "The QoS blade is very good for controlling traffic such as Windows patches, mail traffic and other stuff."
  • "The client for the central tools is very big - maybe using web access in future releases, similar to other vendors should be possible."

What is our primary use case?

We primarily use the solution for central administration and management of a lot of locations worldwide. That's the main task for this solution for our Central IT Team. Central logging and troubleshooting are 2nd level topics that are great to handle with the SmartDashboard and other tools.

We started in the past with base features and checked the NGFW features. Application Control gives us the option to permit applications and not just some IP address lists. Before we had so much manual work for dealing with firewall rules.

For some topics, we've given the Service Desk permissions and it's working great.

How has it helped my organization?

We have so many standalone firewalls. The central management of Check Point with different sessions/permissions is great. We can administrate all topics smoothly. The Application Control brings us to the next level of controlling cloud apps and other stuff.

Anti-Bot and the IPS are good features to check/defend our servers and company. We can prevent servers easily for vulnerabilities from/to the public internet and we can see what traffic/actions is active on our lines. 

Our Security Operation Center is very happy about the solutions too due to the fact that they have so much transparency.

What is most valuable?

QoS, Anti-Bot, IPS, and Application Control are the main features we're using.

The QoS blade is very good for controlling traffic such as Windows patches, mail traffic and other stuff. In the past, sometimes we had no control and couldn't help when too much traffic had occurred.

Anti-Bot is great at preventing our clients and corporate network from calling the central control.

IPS is good in protecting our systems in DMZ zones when patching of servers sometimes can't be done.

Application control for controlling Cloud Apps like MS Teams, M365 Apps, or others, is perfect. Previously, we had only IP Lists for stuff like this.

What needs improvement?

Administration of the routing and system settings should be moved to the central dashboard. It's not good to go to all GAIA Interfaces to change settings there.

The client for the central tools is very big - maybe using web access in future releases, similar to other vendors should be possible.

The firmware for the Check Point Firewalls is very big. It takes a long time when we are using small lines for data transfers. Other vendors have updates lower than 100MB. For Check Point often we need a minimum of 2GB.

For how long have I used the solution?

I've used the solution for nine years.

What do I think about the scalability of the solution?

The scalability is great.

Which solution did I use previously and why did I switch?

We previously used Watchguard. It was not so good with different vendors for some features.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Network administrator at IHSS
User
Good security management with great anti-malware and a helpful sandbox feature
Pros and Cons
  • "The performance has been very good."
  • "The anti-spam needs improvement."

What is our primary use case?

This is the perimeter firewall and manages all security facing towards the internet,

It's a distributed solution composed of a Security Gateway and a Security Manager. It controls all the traffic from the LAN to the Internet and the VPN tunnels for connections with external partners. We control the traffic to the internet with blades as URL filtering to manage the bandwidth, limit the use of this resource, and apply the security policies as well as protect the LAN network against advanced threats from the internet to the servers and PCs. 

How has it helped my organization?

This solution applies NGFW features to the inside and outside traffic of the networks. The other options did not have sandboxing, reports, and the same advantages as Check Point.

We have a small firewall from another vendor. The solution is working with limitations, as it was designed with Check Point as a security solution for the perimeter with more security features for covering our network requirements and specifications and preventing advanced threats from the internet to our servers and PCs. 

What is most valuable?

The sandbox feature is great.

The Sandblast blade is a very powerful solution that works against archives infected with ransomware.

The anti-malware is quite effective as many applications can be infected with any kind of malware with the goal of interrupting the productivity of our work equipment.

The reporting is great.

With this solution, we have had many kinds of logs and a very friendly way to view them. Now can we know what is happening within the network's traffic.

The performance has been very good. 

This security solution has grown more options and has expanded slots, including RAM slots, Optical Fiber slots, and various other features.

What needs improvement?

The anti-spam needs improvement.

A weakness with the Check Point solutions is the anti-spam, as they have a partnership with some solutions for anti-spam. They should have their own solution. We have email provided through Office 365 and they have their own way to fight spam and, due to this, we haven't bothered looking into anti-spam options. That said, Check Point is the most adapted to our necessities.

I consider the price of this solution high. It is very good, however, the prices are high - it's like buying a car.

For how long have I used the solution?

I've been using the solution since 2018.

Which solution did I use previously and why did I switch?

We changed from an older solution as it worked for five years and was old. It wasn't equipped for the new generation threats.

What's my experience with pricing, setup cost, and licensing?

The price should be considered, however, it shouldn't be the only reason you choose the solution, or not.

Which other solutions did I evaluate?

We also evaluated WatchGuard, Palo Alto, and FortiGate.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Security product manager at RRC
Reseller
Top 20
An easy-to-use and easy-to-manage protection solution at a reasonable price
Pros and Cons
  • "It is easy to use, and its management is the best. Check Point has a great unified management solution for firewalls and security products."
  • "Their technical support can be better. In addition, when we need to use it in a government environment, we face a lot of legal issues related to different types of certifications. It would be better to improve it for these issues. Check Point doesn't have a SOAR system. They work with Siemplify, but it is an integration with another vendor. It would be great if Check Point has an integrated SOAR system."

What is our primary use case?

We use Check Point NGFW for perimeter protection of our network from the internet. We also use it for threat protection at the network level and the endpoint level.

We provide implementation, installation, and support services. We know about all types of firewalls, and we work with all types of installations. We usually use appliances, but in test environments, we use virtual appliances.

What is most valuable?

It is easy to use, and its management is the best. Check Point has a great unified management solution for firewalls and security products. 

What needs improvement?

Their technical support can be better. In addition, when we need to use it in a government environment, we face a lot of legal issues related to different types of certifications. It would be better to improve it for these issues.

Check Point doesn't have a SOAR system. They work with Siemplify, but it is an integration with another vendor. It would be great if Check Point has an integrated SOAR system.

For how long have I used the solution?

We have been dealing with Check Point firewalls in our company for more than 20 years.

What do I think about the stability of the solution?

It is quite stable, but it can vary based on the version.

What do I think about the scalability of the solution?

It is scalable. We can use the Maestro solution from Check Point for scalability. We can add new appliances as the company grows. If we need more performance and throughput, we can add additional appliances and have more performance. Check Point Maestro is the best solution for scalability.

How are customer service and technical support?

Their technical support can be better.

How was the initial setup?

Its initial setup is easy for me. The deployment duration varies. A simple deployment takes two or three days. A complex deployment that involves a cluster configuration or appliance replacement can take up to five days.

What's my experience with pricing, setup cost, and licensing?

Its price is reasonable. If we compare its TCO for three years, it is more reasonable than some of the other vendors such as Fortinet, Palo Alto, etc.

What other advice do I have?

I would recommend this solution. It is a great solution for endpoint protection and threat prevention. I have been working with Check Point products for a very long time. Check Point is one of our best vendors, and they make great products. 

I would advise others to learn about firewalls and other Check Point solutions. They have a lot of different solutions. If you choose their firewall, it would be useful to know more about other solutions. It would be one of the ways to improve the protection of your network with Check Point.

I would rate Check Point NGFW a ten out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
Flag as inappropriate
mervemetin
Network Security Engineer at Türkiye İş Bankası
Real User
Top 10
User-friendly and offers multilayered, innovative, and flexible protection against a variety of threats
Pros and Cons
  • "Check Point is very administrator-friendly and the SmartDashboard is easy to use."
  • "The SmartUpdate interface is a little bit crowded if your company has a lot of software items."

What is our primary use case?

We have a big environment with nearly fifteen multi-vendor clusters. We are using firewalls mainly for layer three access rules. But nowadays, application-layer-based security and threat prevention are also important. We are using IPS and antivirus blades actively, too.

In the Intrusion Prevention System blade, we are using a lot of different signatures and actions according to the impact, severity, and cost of the specified signature. The antivirus blade is also in the same logic as the Intrusion Prevention System.

How has it helped my organization?

Multilayered protection is provided thanks to Check Point. For instance, security is achieved both on the endpoint side, as well as the firewall side.

Another example is that we can prevent critical and high-risk applications from being reached through the internal network by utilizing the application blade.

All of the blades, except URL filtering, are in the same interface and provide big savings when leading the security operations.

What is most valuable?

Firstly, inline layer technology is helpful because it will classify the traffic according to different security groups. This means that we can isolate them totally and it will also prevent human error because you are limiting source, destination, service, and application parameters at the top of the inline layer rule.

Check Point is very administrator-friendly and the SmartDashboard is easy to use.

The Blades and security features are also very innovative and up-to-date.

With the IPS blade, the administrator can write signature-based exceptions for specific users. This provides flexibility to except specific connections from specific signatures.

The cloning and copy/paste operations are very useful.

What needs improvement?

The SmartUpdate interface is a little bit crowded if your company has a lot of software items.

As an administrator, one should know how to troubleshoot by issuing related CLI commands before or after upgrading gateways, or the management server, in case of a problem.

Hardware problems on Check Point devices, such as those related to NIC or disk problems, may occur at times. In cases such as this, the support team is available and does what is needed, including the RMA process if necessary.

For how long have I used the solution?

We have been using Check Point for 10 years.

What do I think about the scalability of the solution?

In my opinion, scaling is very important and it must be done ahead of time. I would suggest considering scale three years in advance, as opposed to just the present.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

What's my experience with pricing, setup cost, and licensing?

Licensing issues may be confusing at times.

Which other solutions did I evaluate?

We did not evaluate other products before choosing Check Point NGFW.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
System administrator at BINDER GmbH
User
Offers quality patches and hot fixes and has very clear logs
Pros and Cons
  • "The activation of additional features is very easy and well documented."
  • "The debugging of VPN tunnels is very stressful."

What is our primary use case?

We are using Check Point NGFW for controlling the traffic on our entire network. It controls the traffic and access of the networks and also the traffic outside of our network. The firewalls are used in and HA-Setup.  

The features we use are application and URL-filtering, anti-bot/virus, and sandboxing functions. It is also used for Site2Site VPNs and endpoint VPNs. For us, the Check Point NGFW is the center of network traffic and security. 

We use the new features of Check Point to reduce standalone systems. 

How has it helped my organization?

In the past few years, the attacks and risks have grown. That's why we introduced a NGFW. All the securtiy risks can be minimized with the product. Especially if you route the whole network trafiic over the firewall. You can filter malicious sites and traffic and can analyze the entirety of traffic. The URL filter works much better and is much stronger than our other previous solution. 

In the case of migrating or patching, it is very easy due to the fact that you can transfer the whole ruleset and settings from your old device. Patching is very easy and we've never had problems.

What is most valuable?

If you have an HA Setup you will have zero downtime. Teams and VoIP traffic will also not get stuck; you would notice anything while switching to the backup module. 

The quality of the patches and hotfixes is great. We never had any issues during or after patching. All patches and hotfixes are well documented and if you have any issues the KB is very helpful. 

The log is very clear and can be filtered very easily. If you need to analyze not only the connection you can use the CLI to dump TCP packets. 

The activation of additional features is very easy and well documented.

What needs improvement?

Sometimes, the firewall has its peculiarities which you have to know especially when you want to set up a Site2Site VPN with a third-party vendor - specifically if you want to set up IKEv2. 

The debugging of VPN tunnels is very stressful. Sometimes you don't know what the firewall negotiates with the other site, so you have to use the command-line for the VPN debugging. However, if you use both sites, the setup is very easy. 

The speed could be better when installing policy changes. In the beginning, we didn't have all features active. Now, it is all active and it takes some time to install. This is sometimes annoying if you forget a small change.

For how long have I used the solution?

We've been using this solution for several years. This is our 3rd Check Point firewall.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.