We changed our name from IT Central Station: Here's why
Cyber Security Consultant at Capgemini
Vendor
Top 20
Easy to use and very complete with competitive pricing
Pros and Cons
  • "While not being cheap, their pricing models are competitive."
  • "There is no clear way to report incorrect classification to support and a business is neither happy nor forgiving when they cannot receive mail from a crucial business partner."

What is our primary use case?

It's a unified policy table that combines threat prevention and segmentation policies. 

Smart Event allows consolidated event management and exporting features is very useful when we need to deal in reports, since, for some time now, everyone has been working from home and on the firewall from Check Point. 

This function is implemented very conveniently and securely. The VPN over this firewall works as well as a standard VPN device. All in all, I'm delighted with their security solution. It is making configuring numerous layers of security policies easy to use and it always has been one of the things I liked most about their firewall solution.

How has it helped my organization?

Check Point firewalls are one of the most easy-to-use complete firewall solutions on the market. They protect our LANs against intruders, offer VPN for site-to-site connections, and haven't had a major issue in about 15 years. 

While not being cheap, their pricing models are competitive. 

A better approach to security focuses on prevention, blocking malware and other threats was difficult before they entered the network. By blocking the infection of “patient zero,” an NGFW with real-time prevention eliminates risk, damage, and cost to the organization.

What is most valuable?

It provides an SSL inspection facility. The SSL/TLS protocol improves the privacy and security of traffic by wrapping network communications in a layer of encryption and applying robust authentication. While this is a major benefit for data security, cyber threat actors also use SSL/TLS to conceal their activities on the network. An NGFW must go beyond signature-based detection to use technologies capable of detecting and remediating novel and zero-day threats.  

Sandboxing (including static, dynamic, and behavioral analysis) is great.

What needs improvement?

It's nearly impossible to add an exception for threat prevention services - like antivirus and anti-bot. You will be stuck with Indicators of Compromise marked as detect only, caching issues, and random effects. 

There is no clear way to report incorrect classification to support and a business is neither happy nor forgiving when they cannot receive mail from a crucial business partner. 

The KBs article should also be improved as all the global KB articles do not provide all the activity steps related to every issue.

For how long have I used the solution?

I have been using this product for the last five years.

Which solution did I use previously and why did I switch?

I have not used any other product.

What's my experience with pricing, setup cost, and licensing?

The setup is very easy with minimal cost for licensing as well.

Which other solutions did I evaluate?

I have not used any other product.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Security Solution Architect
Real User
Top 20
Top-notch when it comes to network security
Pros and Cons
  • "On the firewall side, the security efficacy is good."
  • "This solution requires management software that is sold separately; it's actually a different appliance altogether."

What is our primary use case?

We use this solution for perimeter security and data center security.

What is most valuable?

On the firewall side, the security efficacy is good. The interface for application filtering and application-based policies is also good. They have good roadmap on the cloud as well.

What needs improvement?

This solution requires management software that is sold separately; it's actually a different appliance altogether. For smaller customers or smaller environments, this becomes an added entity in the environment. Not to mention, they'll also have to invest a lot in the necessary management stations. If that came built-in, it would really benefit smaller businesses. 

The performance when you enable decryption could be improved. That's a CPU-intensive task. Many customers struggle if they try to implement decryption — it can really hamper the performance. It's probably something to do with the appliance or the hardware design. This needs to be examined further.

For how long have I used the solution?

I have been using Check Point NGFW for roughly five years. 

What do I think about the stability of the solution?

This solution is quite stable. Performance-wise, I have seen customers using this solution for years without issue. 

What do I think about the scalability of the solution?

There are different models available. Sizing can be done accordingly. They have a good range of versions available for small to large data centers. So, scalability is definitely there. 

How are customer service and technical support?

As I am not an end-user, I haven't really had any contact with support. Still, none of my customers have had any complaints regarding support.

How was the initial setup?

The initial setup was fairly easy. Still, compared to other vendors, the learning curve is a bit complex. 

What's my experience with pricing, setup cost, and licensing?

Compared with Palo Alto and Cisco, the price of this solution is quite fair. Compared to Fortinet and other vendors, it's probably a little bit on the higher side. Really, it all depends on what you get at the end of the day.

What other advice do I have?

Overall, on a scale from one to ten, I would give this solution a rating of eight. 

I would definitely recommend this solution. It's a good platform for perimeter security. In an enterprise, you need good security. There's endpoint security, network security, and cloud security. Check Point's strongest point is network security; they still need to catch up on endpoint and cloud security. If you're interested in integrating all of these tools, then there are better products available. However, as far as network security is concerned, Check Point is really good.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Flag as inappropriate
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,599 professionals have used our research since 2012.
Security Manager at FPT
Real User
A next generation firewall solution with a useful SmartEvent feature
Pros and Cons
  • "I like the SmartEvent feature. When we see a threat, SmartEvent can create a rule for that. SmartEvent works with the SmartCenter to block a threat attack with a block monitor. The SmartCenter has the management for all the firewalls and data centers in a single dashboard."
  • "It could be more stable and scalable. Check Point price and support could be better."

What is our primary use case?

I use CheckPoint in our data center to control the internet and to enable threat prevention. I then integrate it into my center and to my events.

What is most valuable?

I like the SmartEvent feature. When we see a threat, SmartEvent can create a rule for that. SmartEvent works with the SmartCenter to block a threat attack with a block monitor. The SmartCenter has the management for all the firewalls and data centers in a single dashboard.

What needs improvement?

It could be more stable and scalable. Check Point price and support could be better.

For how long have I used the solution?

I have ten years of experience using Check Point NGFW.

What do I think about the stability of the solution?

Check Point NGFW could be more stable. I think the problem is that the kernel sometimes won't play ball and isn't stable. Sometimes, they have a block, and we have to spend a lot of time fixing it. In contrast, I think Palo Alto and Fortinet are more stable.

What do I think about the scalability of the solution?

Check Point NGFW could be more scalable. I think Palo Alto has more plugins and features, and Check Point needs more features. However, Check Point integration is very complex.

How are customer service and technical support?

Check Point support could be better. I think Palo Alto has a very clear pricing model. When we have an issue, we create a ticket and receive fast service from Palo Alto. It's good.

How was the initial setup?

The initial setup, in my experience, isn't simple as Fortinet and Palo Alto. It would be better if the person doing it has experience. 

What about the implementation team?

I implemented this solution by myself.

What's my experience with pricing, setup cost, and licensing?

The price could be better. I think Palo Alto pricing is high, and Check Point isn't much better. FortiGate is cheaper. I think when I implemented this solution, I recommended buying a yearly subscription.

Which other solutions did I evaluate?

When I choose a solution for a customer, I must verify the features, current specifications and make recommendations. When we use an all-in-one firewall solution, we usually recommend using a Palo Alto external firewall. This is because Fortinet has an SD-WAN solution and firewalls, and Palo Alto is the same. But I don't think Check Point has one. When a customer doesn't want to implement many solutions, we recommend using Fortinet or Palo Alto.

What other advice do I have?

On a scale from one to ten, I would give Check Point NGFW an eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
reviewer1697127
User at a insurance company with 201-500 employees
User
Stable with good virtual patching and excellent filtering of URLs
Pros and Cons
  • "The VPN tunnels are very effective in terms of stability and quick connection."
  • "The interface can be more user-friendly in terms of design and the location of critical and commonly used icons."

What is our primary use case?

The environment in which it was deployed is a financial institution that requires high availability, confidentiality, and integrity of information within the supporting infrastructure. The NGFW is used specifically for the VPN, firewalling and it also serves as virtual patching in the event of zero-day vulnerabilities that are very common within some well know client desktop computers and servers.

How has it helped my organization?

Initially, I was using the Cisco ASA5500 series firewall. I never believed there could be better firewall devices in terms of ease of setup and management. The NGFW from Check Point has increased my confidence in terms of performance and ease of configuration with its intuitive interface. It supports the VPN configuration without any unnecessary latency and packet dropping.                                                                                                                              

It blocks over 97% of threats!                                          

What is most valuable?

VPN, firewalling, and virtual patching are the most valuable aspects for me. The NGFW is so effective that I can go to sleep and vacation. Check Point products rarely have vulnerabilities that put the whole organization at risk, unlike some other firewall products.

The VPN tunnels are very effective in terms of stability and quick connection.

Virtual patching is useful as a workaround for zero-day vulnerabilities.                           

It offers excellent filtering of URLs.

What needs improvement?

The interface can be more user-friendly in terms of the design and location of critical and commonly used icons.

They could add a web user Interface.

For how long have I used the solution?

I have been using the Check Point NGFW since 2018 when it was deployed in my company.

What do I think about the stability of the solution?

The stability is awesome and it puts me in a no-worries mood!

What do I think about the scalability of the solution?

The scalability is awesome.

How are customer service and support?

Technical support is friendly and awesome.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I did use Cisco ASA. The administration was grueling coupled with some nefarious vulnerabilities and the cost of ownership.

How was the initial setup?

The initial deployment was demanding due to my network architecture, not because of the product.

What about the implementation team?

The implementation was done through a vendor.

What was our ROI?

We've seen ROI at 6 months to 1 year.

However, the ROI was realized within weeks of deployment.

What's my experience with pricing, setup cost, and licensing?

The solution is reasonably priced relative to some other brands.

Which other solutions did I evaluate?

We did not evaluate other options.

What other advice do I have?

It is the best amongst the rest.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Pardeep Sharma
Network security engineer at a tech services company with 1,001-5,000 employees
Real User
Top 5
Supports site-to-site and remote VPN, good sandboxing capabilities, and it's reliable
Pros and Cons
  • "All of the features are very valuable, but the most valuable features are the sandboxing and the advanced IPS/IDS."
  • "The command line is very difficult to use, which is one of the biggest drawbacks of this solution."

What is our primary use case?

We use this solution for the VPN, from site-to-site and remote.

We also use it for advanced IPS, IDS, malware protection, and the sandbox. The sandboxing functionality is one of the best features.

What is most valuable?

All of the features are very valuable, but the most valuable features are the sandboxing and the advanced IPS/IDS.

What needs improvement?

The web filtering and CLI commands need to be improved. 

The CLI command is very difficult to deploy. 

If you are an engineer and considering configuring through the command line, you can't. The command line is very difficult to use, which is one of the biggest drawbacks of this solution.

The initial setup could be simplified.

Technical support is another big drawback and needs to be improved.

In the next release, there should be improvements made to the sandboxing functionality.

What do I think about the stability of the solution?

It's a very reliable solution. There are no issues with the stability of it.

What do I think about the scalability of the solution?

Currently, Check Point NGFW is the most scalable firewall on the market.

We have more than 500 users in our organization.

We will continue to use this solution and we plan to increase the sandboxing feature, which is the best feature of Check Point.

How are customer service and technical support?

The technical support is not good, which is the biggest drawback to Check Point. They will never compare to Cisco. Cisco's technical support is the best.

Which solution did I use previously and why did I switch?

I have also used Cisco, which is more expensive but the support is better.

How was the initial setup?

The initial setup was very complex.

It can take 20 to 30 days to deploy to the network.

What's my experience with pricing, setup cost, and licensing?

It is less expensive than Palo Alto.

Licensing is on a yearly basis and I am happy with the pricing.

Which other solutions did I evaluate?

I also considered the Palo Alto Next-Generation Firewall. I evaluated this solution and compared the price.

We chose Check Point because the price for Palo Alto is very high.

What other advice do I have?

If you are looking for deep security and have a good budget for security and firewalling then I would recommend Check Point, as it will meet the requirements.

Every product has its drawbacks and advantages, but I am very happy with this solution. In my opinion, this is the best firewall in the market at the current time.

I would rate this solution a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
ChandanSingh
Senior Technical Consultant at Ivalue Infosolution
Consultant
Top 10
Feature-rich, easy to deploy, security oriented, and offers scalability and great throughput
Pros and Cons
  • "The most valuable feature is the Stateful Inspection, which was developed by Check Point."
  • "No product is perfect and there is always room for improvement."

What is our primary use case?

I am a Check Point distributor and the Next-Generation Firewall is one of the products that I am dealing with. My customers use this as part of their security solution that covers mobile devices, computers, their network, cloud, SD-WAN, IoT devices, IP phones, IP cameras, and others.

How has it helped my organization?

Checkpoint has provided Security to the entire data center. 

What is most valuable?

This is a feature-rich product and all of them are useful.

The most valuable feature is the Stateful Inspection, which was developed by Check Point.

The throughput is very good with Check Point. Checkpoint ThreatCloud is the largest threat intelligence database. 

Checkpoint management is a single pane of glass from where you can manage all the CP solutions from a single point be it on-prem or cloud or hybrid.

What needs improvement?

There is always room for improvement and CP Dev team is on right path.

For how long have I used the solution?

I have been working with Check Point firewalls for more than five years.

What do I think about the stability of the solution?

This is a stable firewall. It is very good.

What do I think about the scalability of the solution?

Scalability and throughput are very high. They have also launched a solution called Check Point Maestro, which provides cloud-level scalability on-premises. This makes it very scalable.

Which solution did I use previously and why did I switch?

My customers use firewall products from several vendors, including Sophos. Sometimes they replace their existing firewalls, and at other times, they run Check Point in parallel.

How was the initial setup?

The initial setup is very simple. This solution can be installed on-premises or on the cloud.

It takes between 30 and 45 minutes to deploy.

What about the implementation team?

Our in-house team does the installation for our clients. We also handle support, depending on what level of support the client has. Sometimes, they go directly to the OEM.

What other advice do I have?

Until earlier this year, the consolidated management was application-based and required installation. As of recently, they have launched web-based management, as well as cloud-based management. This is an upgrade that I had been waiting for because we no longer have to go to the dashboard. Instead, we just enter the IP into chrome and you get the dashboard on the web page, without having to install anything.

This is a very good product, although there is always room for improvement.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PRAPHULLA  DESHPANDE
Associate Consult at Atos
Real User
Top 5Leaderboard
The vulnerability assistance via report management detects host and network vulnerability
Pros and Cons
  • "Apart from it having very good features, I personally like the vulnerability assistance via report management which detects host and network vulnerability."
  • "Heavy load causes a higher CPU to peek which causes us to need to reboot the device. Malicious activity database corrupts the directory or path and restoring it takes a lot of time."

What is our primary use case?

Check Point leading industry provides a complete solution that is required to perimeter security along with deep packet inspection for network traffic.

Check Point not only acts as a traditional firewall but it provides you with complete security for users who work from home. Work from home users observed that Check Point gives 100 % functionality without any trouble.

It offers centralized management to customers where they have an IT member so there Check Point management can work properly. It is available in a smaller range to higher. Customers can get it at an affordable price. 

How has it helped my organization?

As we vendor, we deployed the Check Point firewall in many organizations and they are renewing its license as they trust the product and support.

Whatever feature they want is possible with Check Point and 80.20 later versions are coming in, that feature set was previously not available. Customers are satisfied. 

What is most valuable?

No other firewall provides a feature set in log monitoring and threat detection blades.

Apart from it having very good features, I personally like the vulnerability assistance via report management which detects host and network vulnerability.

Most customers need reports which define how many users are infected, how many viruses and malware there is, botnet traffic firewall deteted all this type of information. Check Point is in a very easy and understandable format based on logs history.

What needs improvement?

Sometimes the stability related application, URL filtering, and troubleshooting issues take longer than expected. I observed some feature set that is very easy to add from the deployment team but Check Point needs a longer procedure so customers relating those features with Check Point firewall and Palo Alto.

Heavy load causes a higher CPU peek which causes us to need to reboot the device. Malicious activity database corrupts the directory or path and restoring it take a lot of time .

We receive performance but sometimes there are stability-caused issues. 

For how long have I used the solution?

I have been using Check Point for three years. 

What do I think about the stability of the solution?

Check Point can defend Palo Alto if they work on stability.

How are customer service and technical support?

Tech support is very helpful and provides the right solution.

Which solution did I use previously and why did I switch?

We went from Sophos to Check Point.

How was the initial setup?

The initial setup was simple.

What about the implementation team?

We are only vendors.

What's my experience with pricing, setup cost, and licensing?

The pricing is really negotiable based on other competitor solutions.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Jagdeep Bhardwaj
Founder Director at digisec
Real User
Well-established product with great flexibility and user-interface
Pros and Cons
  • "The features that I have found most valuable are its flexibility and user interface. This is already a well-established product in the market for quite a long time, more than 20 years. They've got a huge customer base."
  • "In terms of what could be improved, I would say the application control and the visibility. I'd like granularity where you can have all the levels of policies that are defined, including the intel threat. It depends on what kind of intel threat the company has."

What is our primary use case?

Our customers primarily buy the solution to protect the network from malware at the perimeter of the Network. The next-gen firewalls help the customer to have an application-level control of the traffic.

What is most valuable?

The features that I have found most valuable are its flexibility and user interface. This is already a well-established product in the market for quite a long time, more than 20 years. They've got a huge customer base.

What needs improvement?

In terms of what could be improved, I'd like granularity where you can have all the levels of policies that are defined. 

In additional feature that could be added to this solution in the future is micro-segmentation, like Palo Alto has on the firewall itself.

For how long have I used the solution?

I began using Check Point Next Generation Firewall very recently, about four or five months ago.

What do I think about the stability of the solution?

We have an internal team for maintenance.

What do I think about the scalability of the solution?

In terms of scalability, what we have seen is that it has a big deployment right now. So it all depends on what kind of environment the customer has. If he's already a Check Point user, it is easy for them, but if it is migrating from one platform to another, it is a little complex. One more thing is that the skillset availability required for Check Point is, in terms of implementation, a little less compared to others. The resources and the technical stuff are there for implementation. You find fewer people on Check Point compared to Sophos or Fortinet or any other platform.

How was the initial setup?

The installation process, if it is a greenfield opportunity, is easy. If it is a migration from one platform to another, you need to have expertise on both the technologies. Let's say for example you're migrating from Fortinet to Check Point, or from Sophos to Check Point or Check Point to any other, you need to have expertise on the platform, even though you should have good experience in terms of migrating and technologies.

What other advice do I have?

In my experience, Check Point provides both in-depth experience and cost-effectiveness compared to Palo Alto. So, Check Point is good for customers already using Check Point and Palo Alto is for anybody who wants to have the latest and most advanced features and has a good budget.

On a scale of one to ten, I would rate Check Point NGFW an 8.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.