We changed our name from IT Central Station: Here's why
Jagdeep Bhardwaj
Founder Director at digisec
Real User
Well-established product with great flexibility and user-interface
Pros and Cons
  • "The features that I have found most valuable are its flexibility and user interface. This is already a well-established product in the market for quite a long time, more than 20 years. They've got a huge customer base."
  • "In terms of what could be improved, I would say the application control and the visibility. I'd like granularity where you can have all the levels of policies that are defined, including the intel threat. It depends on what kind of intel threat the company has."

What is our primary use case?

Our customers primarily buy the solution to protect the network from malware at the perimeter of the Network. The next-gen firewalls help the customer to have an application-level control of the traffic.

What is most valuable?

The features that I have found most valuable are its flexibility and user interface. This is already a well-established product in the market for quite a long time, more than 20 years. They've got a huge customer base.

What needs improvement?

In terms of what could be improved, I'd like granularity where you can have all the levels of policies that are defined. 

In additional feature that could be added to this solution in the future is micro-segmentation, like Palo Alto has on the firewall itself.

For how long have I used the solution?

I began using Check Point Next Generation Firewall very recently, about four or five months ago.

What do I think about the stability of the solution?

We have an internal team for maintenance.

What do I think about the scalability of the solution?

In terms of scalability, what we have seen is that it has a big deployment right now. So it all depends on what kind of environment the customer has. If he's already a Check Point user, it is easy for them, but if it is migrating from one platform to another, it is a little complex. One more thing is that the skillset availability required for Check Point is, in terms of implementation, a little less compared to others. The resources and the technical stuff are there for implementation. You find fewer people on Check Point compared to Sophos or Fortinet or any other platform.

How was the initial setup?

The installation process, if it is a greenfield opportunity, is easy. If it is a migration from one platform to another, you need to have expertise on both the technologies. Let's say for example you're migrating from Fortinet to Check Point, or from Sophos to Check Point or Check Point to any other, you need to have expertise on the platform, even though you should have good experience in terms of migrating and technologies.

What other advice do I have?

In my experience, Check Point provides both in-depth experience and cost-effectiveness compared to Palo Alto. So, Check Point is good for customers already using Check Point and Palo Alto is for anybody who wants to have the latest and most advanced features and has a good budget.

On a scale of one to ten, I would rate Check Point NGFW an 8.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Network Security Engineer at R Systems
Real User
Top 20
Supports dynamic objects and provides effective antivirus
Pros and Cons
  • "The Next Generation Firewalls, the 64000 and 44000 series, provide us with support for large data centers and telco environments. They're quite reliable and provide great performance."
  • "The area where Check Point can improve is the antivirus, as it only provides a small number of updates for it. Updates should be more frequent."

What is our primary use case?

The Next Generation Firewalls, the 64000 and 44000 series, provide us with support for large data centers and telco environments. They're quite reliable and provide great performance.

How has it helped my organization?

There are a lot of features which help us in providing a more secure environment for our organization, such as when we have Active-Active.

What is most valuable?

The most valuable feature is that the scalable 64000 Next Generation Firewalls are designed to excel in large data centers and the telco environment as well. We have a lot of these types of customers, and these Check Point firewalls support them.

In addition 

  • it supports dynamic objects, which we use for security purposes
  • the antivirus is quite effective
  • the logging and tracking are quite easy
  • overall, it is easy to use.

What needs improvement?

The area where Check Point can improve is the antivirus, as it only provides a small number of updates for it. Updates should be more frequent.

In addition, the certification process is quite expensive. It should be a little cheaper so that everyone can be trained and certified and have better knowledge of Check Point's products.

For how long have I used the solution?

I have been using Check Point's firewalls for more than a year. My responsibilities include implementing changes on the firewalls and troubleshooting.

What do I think about the stability of the solution?

They're quite stable and quite good. Management is simple because we can implement a lot of changes on the firewalls through the central manager.

What do I think about the scalability of the solution?

They're quite scalable because they support large data centers, while offering reliability and performances as well.

How was the initial setup?

The initial setup is quite easy. You don't need much training for it. Deployment takes around one week.

We have different stages in the setup process and we follow all the stages. We have to give structure to the plan, outline what we need to do. That goes to our manager, our senior experts, for approval. Then we implement the changes after their approval. Once the changes are implemented, we have our team leaders who validate whether everything is good and as expected or not. Then we close it. This is the basic strategy we follow in our organization.

About 500 to 600 employees work on Check Point firewalls in our organization and they have different roles. For example, I handle network and security admin. There are also security associates, consultants, and analysts.

What's my experience with pricing, setup cost, and licensing?

The pricing of Check Point's firewalls is good. It is not that expensive.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
565,304 professionals have used our research since 2012.
Sreegith Sreedharan Nair
Senior Network Engineer at LTI - Larsen & Toubro Infotech
Real User
Centralized management, good VPN functionality, provides valuable insights into our traffic
Pros and Cons
  • "The SmartView monitor and SmartReporter help us to monitor and report on traffic."
  • "Integration with a third-party authentication mechanism is tricky and needs to be planned well."

What is our primary use case?

We have deployed Check Point firewalls for perimeter security and also for filtering East-West traffic. 

Check Point helps in improving perimeter security along with giving insights into different kinds of traffic and attacks.

Isolation between different tiers of APPs is critical for us and Check Point is utilized for handling high traffic volumes of East-West traffic.

We are leveraging the VPN module on the perimeter firewall for users to access the VPNs. VPN authentication is integrated with RSA for multi-factor authentication.

How has it helped my organization?

We have reduced the number of firewalls using the VSX cluster from Check Point. This reduced management overhead to a great extent. Also, the stability of clustered firewall helps us in meeting SLAs with clients.

Check Point firewalls can be tuned for one-off cases like allowing out-of-sync packets for a source-destination pair, which is a feature that helped us tackle application issues. 

We have deployed VPN firewalls in multiple data centers, which help with load sharing and redundancy for the VPN traffic.

Managing all of our user VPNs, customer VPNs, and Cloud VPN tunnels' endpoint encryption from a single management portal is helping us.

What is most valuable?

VSX helps to reduce the physical footprint on datacenter racks.

The SmartView monitor and SmartReporter help us to monitor and report on traffic.

Centralized management and management high availability give the ability to manage firewalls in a DR scenario. 

Features such as the ability to simultaneously edit the rule base by multiple admins and revert to a previous rule base revision are very useful.

Having a separate appliance for logging helps us in meeting the security audit requirements, without having an overhead on management.

What needs improvement?

Configurations can be complex in some situations and need experienced engineers for managing the solution.

Integration with a third-party authentication mechanism is tricky and needs to be planned well.

SmartView monitor can be enhanced to display granular details of gateways with a single click. Also, having the ability to generate alerts from the Smart Monitor would be a nice feature.

For how long have I used the solution?

We have been using Check Point firewalls for the last eight years.

How are customer service and technical support?

Support might take a long time to resolve issues in rare scenarios.

What other advice do I have?

My advice for anybody who is implementing this solution is to always keep an identical configuration, even interface statuses, in a VSX cluster before an upgrade to minimize upgrade failures.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager for Operations, Security and Management at REN - Rede Energeticas Nacionais, S.A.
Real User
Top 10
Identity awareness and application control features help secure our network
Pros and Cons
  • "The most valuable features for us are identity awareness, IDS and IPS, and application control."
  • "The speed of technical support is very slow and is something that should be improved."

What is our primary use case?

Our primary uses for the Check Point NGFW are network segmentation, identity awareness, and application control.

What is most valuable?

The most valuable features for us are identity awareness, IDS and IPS, and application control.

What needs improvement?

The speed of technical support is very slow and is something that should be improved.

For how long have I used the solution?

We have been using Check Point firewalls for about 20 years.

What do I think about the stability of the solution?

There were times in the past when it wasn't as stable as it is now. However, with the current version, we have been running for the past year without any issues.

What do I think about the scalability of the solution?

Our company has about 1,000 users that generate traffic that passes through the firewall. Beyond that, we haven't had much need to scale.

How are customer service and technical support?

The technical support is very slow.

Which solution did I use previously and why did I switch?

The two firewalls that we having implemented are Check Point and Fortinet.

I have also worked with Juniper but it does not have all of the advanced features that Check Point has, such as application control and identity awareness.

How was the initial setup?

The initial setup is pretty simple. The amount of time required for deployment depends on the number of rules that need to be configured. The initial setup can be done in one day, and the post-setup configuration depends on the rules to be applied.

What about the implementation team?

The initial setup was completed by a partner, who was a certified system integrator.

Our in-house team handles maintenance.

What's my experience with pricing, setup cost, and licensing?

This product is not cheap and there are additional costs that depend on what model or package that you buy. If you need more features then you may have to buy additional modules. In our case, we knew what we wanted in advance so there were no additional costs.

What other advice do I have?

Overall, I am pretty happy with Check Point firewalls. My advice for anybody who is implementing this product is to get somebody with experience to help choose the correct, stable version, and assist with the configuration. All of the new features take time to implement properly, but if the correct steps are followed then they won't run into problems when the system goes into production. 

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Network Security Administrator at a financial services firm with 10,001+ employees
Real User
Great protection, very stable, and offers excellent management
Pros and Cons
  • "The firewall rule writing and object creation are the best and simplest I've seen on a firewall."
  • "When we hit a bug, the support team recommends some hotfix, and if we upgrade to that, we have to uninstall it before we apply some newer jumbo hotfix."

What is our primary use case?

We are a financial institution and we use Check Point as a firewall that is positioned for external connections, like the Internet, leased lines, and site-to-site VPNs for other companies. Check Point protects our mobile applications connected to the internet, as well as the main company website. Some firewalls are positioned on some of our HQs.

We're on version R80.40 (some minor firewalls are on R80.30) and we use 13000, 23000, and 26000 series appliances. We use Application Control, Identity Awareness, IPS, URL Filtering, Anti-bot, Antivirus, Threat extraction, and Threat emulation blades.

How has it helped my organization?

I've been in the same company for 11 years, and Check Point has been running in a stable manner for our company's main internet connection (and 7 years before that).

It has protected our main applications successfully without any performance drops, and with its flawless logging capabilities, we were able to pinpoint any issues every time.

The management is also the best among any other firewall, with the convenience to create the objects and rules on the same page. This has helped us save time on operations. We can use APIs to create objects and rules to easily finish some projects.

What is most valuable?

The best features are the stability and the performance of the firewall and its software blades, simplicity to write the firewall rules on its GUI, and its logging capabilities.

The firewalls are working stably, without any interruptions. As we planned our capacity well, we've never had any performance issues.

The firewall rule writing and object creation are the best and simplest I've seen on a firewall (I've looked at 6 different vendors). I often wonder why the other vendors don't do it Check Point's way.

To see the logs, we can search like a search engine, and we can combine different search strings to pinpoint the interesting traffic.

What needs improvement?

The product can be improved with fewer hotfixes, and if more generally available jumbo hotfixes were used.

We don't often hit bugs. It's perfectly normal for an NGFW device as other vendors are always fixing bugs too. However, when we hit a bug, the support team recommends some hotfix, and if we upgrade to that, we have to uninstall it before we apply some newer jumbo hotfix. If those fixes were included in a fast manner in the jumbo hotfix (as jumbo hotfixes are tested thoroughly for general availability), it would be ideal.

For how long have I used the solution?

I've used the solution for 11 years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Director at TechPlayr
Real User
Centralized architecture, with good support, but the scalability could be improved
Pros and Cons
  • "We have not had any issues with the firewall."
  • "Check Point can scale but at times we have experienced some issues."

What is our primary use case?

We deploy solutions for customers. We don't engage in buying. 

We are both consultants and implementers.

What is most valuable?

We have not had any issues with the firewall.

Support is good and it's centralized architecture.

What needs improvement?

We are also working on load balancers. We don't have the option to work more with load balancers, we would like to see what else can come out of this in terms of security.

Technical support and scalability both require improvement.

For how long have I used the solution?

I have been working with Check Point NGFW for the last ten years.

What do I think about the scalability of the solution?

Check Point can scale but at times we have experienced some issues.

How are customer service and support?

Palo Alto is better compared to Check Point. I would rate Palo Alto as superior support to Fortinet or Check Point.

Which solution did I use previously and why did I switch?

We used to work with Fortinet for approximately five years, and the Palo Alto Appliances was some time back.

I believe the Palo Alto support is excellent, and it has more features than Fortinet. Many businesses, in my opinion, are choosing Palo Alto.

Palo Alto support is very good.

Fortinet's main issue is the support. We can't take it to the enterprise level because the Fortinet support is not very good.

What's my experience with pricing, setup cost, and licensing?

Check Point has previously held a large market share, but perhaps not recently. I think that the price point in India is a bit different. Check Point offers options. I don't see that Check Point is very high, but it is geared more towards enterprises.

Which other solutions did I evaluate?

We have evaluated Palo Alto Networks VM-Series to see what was available, and recently, I researched the Azure VM series to know how it worked.

What other advice do I have?

I'm leaning toward the now cloud. The appliance base has now been removed. We are now concentrating our efforts on the Azure Cloud, AWS, and other similar platforms. I believe that people must mature in order to work on it. That's where things stand. As a result, we must learn how this is implemented on cloud platforms.

I would rate Check Point a seven out of ten but NGFW a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Gerry Moore
Head Of Technical Operations at Boylesports
Real User
Top 5
Easy to manage, eliminates having to remove old hardware, and has multiple capabilities in a single box
Pros and Cons
  • "The best feature is the ability to increase the capacity of the solution by exactly what you add, not losing anything for High Availability."
  • "One of the biggest disappointments is the GUI."

What is our primary use case?

This is a complex high availability solution growing by over 100% per year. The complexity of the business environment made the ability to increase capacity without having to remove previous hardware much easier.

We have a large online presence with users needing realtor access to our environment. 

How has it helped my organization?

The improvements to our business are easy to explain. It is faster, easy to use, and there are multiple capabilities all in one box. The best examples are the endpoint and anti-virus options.

The ability to add more firewalls and increase the capabilities, rather than remove the hardware, is an exceptional step forward. No competitor was able to compete with this. Not having to continually replace hardware year after year was a massive driver in the decision-making process. The throughput going up by 100% with each added device is exceptional.

What is most valuable?

There are many features we have found good.

The best feature is the ability to increase the capacity of the solution by exactly what you add, not losing anything for High Availability. This feature alone will save us as we increase the number of devices in the stack.

Having so many top-end products in one box also assists in managing this device. URL filtering and anti-virus and other services are easy to deploy but assist in getting your company a good name.

The Infinity product seems amazing but we have a long way to go before saying it is successful.

What needs improvement?

One of the biggest disappointments is the GUI. I felt it was a little bit more clunky than some competitors. The screens don't flow as easily as they should. Improving user experience will further elevate this product.

The way the management console operates is not user-friendly, either. It needs to become less intrusive. The user experience is not as high as it should be due to the problems with the user interface. The newer products in the range seem to address my concerns, which I have had for even the older products.

For how long have I used the solution?

I have been using Check Point NGFW for six months.

Which other solutions did I evaluate?

Having leading-class firewalls with massive growth possibilities made the purchasing decision much easier. Having carried out a few PoCs, the obvious decision was the Check Point solution of Maestro and 6500s in a high availability environment.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Manager, Information Technology at a financial services firm with 10,001+ employees
Real User
Top 20
We can add application signature in the same rule base & don't have to create a different policy for that
Pros and Cons
  • "Now we can add application signature in the same rule base & don't have to create a different policy for that."
  • "They should integrate all blades to use a single policy rather than multiple."

What is our primary use case?

The firewall is the primary use case of this solution & IPS is secondary use case of the solutions.

We are looking forward to Sandblast solutions.

We also use it for cloud expansions 

The Check Point NGFWs brought up the security level with the help of the advanced software blades - we use Application Control, URL Filtering, IPS, Anti-Bot, and Antivirus. The setup was simple, and the performance is great - we have significant resources to expand the environment in the future without disabling any blades and thus maintaining the security on the same, high level.

How has it helped my organization?

It has improved the security posture of the organization by implementing this solution.

Now we can add application signature in the same rule base & don't have to create a different policy for that.

Advanced networking and routing features - we use Proxy ARP to announced virtual IPs to ISP and bing domain names to it; BGP for dynamic routing over IPSec VPN tunnels to other environments, and Policy-Based Routing for connecting to two ISPs.

What is most valuable?

  • Easiness while working on all blade of firewalls 
  • Flexibility in NAT rules 
  • The new Policy Layers feature for building up the Access Control policy - the rules are now more understandable and efficient.
  • Also, even so, the new SmartConsole is declared to be unified starting from version R80.10, there are still some features that have to be configured in the old SmartDashboard (e.g. Mobile Access policy and Antivirus), or on the Gaia OS level (all the routing features).

What needs improvement?

  • Offline Sandblast solution, which should send malicious sources to other security solutions.
  • TAC Support level to be enhanced 
  • More details to be included while VPN troubleshooting, using GUI representation 
  • Integrate all blades to use a single policy rather than multiple.

For how long have I used the solution?

I have been using Check Point for more than 14 years.

Which solution did I use previously and why did I switch?

We are using Palo Alto and Check together.

What's my experience with pricing, setup cost, and licensing?

Cost is negotiable always & matches the expectations and licences are flexible and are added advantage. 

Which other solutions did I evaluate?

We evaluated other solutions.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.