Check Point NGFW Reviews

We've been using Check Point Firewalls for about nine years, from the early Nokia boxes to the most recent OpenServer architecture. Next year we're finally going to upgrade to an appliance directly from Check Point.

Check Point Next-Generation Firewall (NGFW) is a very good firewall. It is one of the best firewalls that I have used. I would rate Check Point Next-Generation Firewalls (NGFWs) a nine out of ten. 

Also, Check Point has a great architecture, where you can just enable the software blades and deploy a secure service. 

Overall, it provides ease of deployment and ease of use.

All in all, I'm delighted with their security solution. Making configuring numerous layers of security policies easy to use was always one of the things I liked most about their firewall solution. 

You have multiple security layers that build upon each other, from the traditional security policy that is IP and port-based to application security, intrusion prevention, and their latest sandblast cloud-based malware detection. Everything is easily managed through their "SmartConsole" dashboard. 

It's valuable as a next-level network security appliance for your enterprise.

It comes with advanced features like web filtering, app filtering, user-based policies to restrict web and application uses, tunneling, restricting bandwidth uses according to policy, load balancing, etc., and helps to cover almost all network security requirements.

Our IT team has installed a firewall on all of our company's workstations and laptops to keep our own data and our customer's data secure. This program runs in the background and I don't even notice it, but it keeps me secure at work.

Configuration using the command line is not that simple and user-friendly.

There is no email security.

It's a bit confusing to configure at first. An example is having to set up separate source and destination NAT rather than a simple static mapping. Some configurations require accessing multiple different sections rather than being consolidated in one area. License subscriptions are a bit confusing as well for additional features.

The CLI is not very useful.

There's no option to import bulk address objects.

The firewall default rule 0 blocks rule matches to allowed traffic, even though allow rule is written.

I started using this solution in 2009.

I am very satisfied with this product.

I have been using Check Point firewalls for a few years now and I enjoy the interface.

It also integrates great with our other security tools.

The GUI is much more user-friendly than other Firewall vendors.

I use Check Point Next-Generation Firewalls since things are automated and updated frequently. I did not use a different solution. 

It's not the cheapest solution, however, it's one of the most advanced and competent.

I am not responsible for our manager's choice of this product. He said it's the best product to secure our network. 

Check Point licenses work very differently compared to other vendors. We need to purchase each blade in order to make it work, however, we can easily obtain a trial (evaluation) license from Check Point to get visibility for the blade. Check Point tries to maintain relationships with customers and they try to match their price with customer expectations.

It's used for a small business network which needed additional protection and threat prevention, remote work capabilities, and excellent support. It's capable of handling multiple public IPs and directing traffic to the appropriate interfaces.  The solution can handle multiple ISPs for backup or aggregation of traffic. 

The environment consists of eight PCs and six other devices which need Internet access and which must be protected.  The ability to restrict traffic to specific network addresses as well as the ability to block malicious hosts trying to get into the network has been great.

Check Point's Next Generation Firewall solution was perfect for reviewing logs, providing an initial layer of anti-virus/malware protection, and providing the support, when needed, to ensure that the product remained up-to-date.  

The ease of searching through the logs for specific incidents is outstanding and very easy to understand. In addition, the categories for web content blocking have been helpful for setting base traffic standards, can block P2P networks, social media, and content not suitable for business.

The protection has been outstanding! I have not had an infected machine behind the firewall since I first installed and started using NGFW. I appreciate the network health reports, the infected devices report, they make my job a lot easier by providing the information right there in the interface. 

With the web category blocking turned on, I can set it and forget it so that inappropriate business content is not brought into my network, it makes it easier to ensure that time isn't being wasted on non-business-related activities.

I really want to see geo-blocking as a feature of NGFW. Way too many hacking attempts from other countries are coming from where we don't travel. In addition, would like to see the VPN use MFA easily, just as another layer of protection.  

Another area of improvement would be a click to block when there are attempted hacks. While the infected device blocking is a good start, you should block traffic from the originator of the traffic; it would be great to be able to do that with any traffic. 

Also, it would be helpful to set thresholds on attempts and then autoblock that traffic for X amount of time, or permanently.

I've used the solution for six years.

I have not had any issues with the device for the past six years; it has just worked.  By that I mean that unlike some cheaper firewalls (consumer grade), the Checkpoint NGFW is enterprise grade, I never had to reboot the firewall to get traffic working again, I would just leave it up and running until a firmware upgrade was available and after the upgrade, the firewall would automatically reboot, but aside from those times, firewall was on 24/7.

The solution is very scalable. There are a lot of different types of devices to choose from.

Anytime I needed support, they've worked with me until the issue has been resolved.  I'd give them an A+.

Positive

We used Watchguard, however, we needed better protection and also wanted to try out Check Point NGFW as I'd heard good things about it.

The initial setup was straightforward. I just needed to figure out how to migrate policies (recreate them) from a different vendor to Check Point. It was relatively easy to figure out and there has extensive documentation available.

We handled the initial setup in-house

Peace of mind is my real ROI.

The pricing is a little on the high side, however, the protection afforded is worth it.

I did not evaluate other solutions. I previously utilized devices from Sonicwall and Watchguard.

Do your research and size the appliance correctly.

We use it as a firewall solution with built-in VPN capabilities, anti-virus, and malware detection. It has good blocking abilities and is easy to set up and maintain.  

They allow VOIP traffic to pass through the firewall as well to onsite PBXes. The firewalls themselves are for SMB environments, with between five and 25 users at different sites and in different states.  

Employees regularly work from home, so a VPN solution is a necessity to allow for remote file shares and or/remote desktop through a encrypted VPN tunnel.  

With the added ability to have multiple VPN methods to connect, the solution has worked well for remote workers who are either utilizing the Check Point VPN client or the SSL VPN web client.

The throughput with full threat detection is adequate for the Internet circuit installed at most of the client locations and is in fact better than the previous firewall solution.

The support has been great whenever Check Point has been contacted. They help resolve an issue or explain how to perform some necessary action. 

For the most part, the NGFW is easy to understand and set up and there are, of course, advanced options if a non-standard problem arises.

The reporting feature has been helpful to get a quick understanding of network traffic and threats identified. Even if a false positive is identified, it's been helpful to perform more of a deep dive into what triggered the detection and to certify that there is a problem or that there isn't a problem.

Anti-virus and anti-malware on the NGFW device have been pretty solid and have caught many threats before they entered the network.

The event logs are relatively informative and can provide information on why traffic was accepted or rejected.

Geo-blocking would be very useful. There are too many attempts to infiltrate by non-country users. I can block access by IP address or IP network, however, a country-level blocking would be more useful and much quicker to implement.

It would also be nice to have a smaller home user device that could automatically contact the main firewall and establish a VPN connection. This would be great for remote users to secure their work PC at home.

On the front page of the appliance, it lists current threats identified. It would be helpful if clicking on the threat took you to the exact logs instead of showing all host logs as you still have to scroll through the host logs to find the information you are looking for.

I have been using Check Point since 2016. It's been a little over five years.

We've had very few issues; the builds themselves haven't had any issues.

The solution is very scalable; Check Point has a variety of NGSW devices that can scale with the user base.

Support is excellent, quick to respond, and quick to provide a resolution to any problem.

Positive

We used Watchguard. We switched due to the threat protection and we felt that Check Point did a better job of providing protection.

The initial setup is straightforward and plug and play for a basic configuration to get you started. You can then begin building the NAT and policy rules, which are easy enough to do.

We implemented the solution in-house.

The malware blocking capabilities more than paid for the cost of the device and license.

I'd advise users to size their appliance correctly before purchasing it.

We did not evaluate other options. 

Our network security is based heavily on Check Point products. We secure our Internet gateway with Check Point. We also secure our production and other very important systems and solution that are mission-critical with Check Point NGFW. For an extra layer of security, we heavily use Check Point Identity Awareness to make Client IP-based rules obsolete. We control the access via dedicated Active Directory Security to groups. These user groups are used instead of IP Client Subnet ranges, increasing our security.

The Check Point Management makes troubleshooting and log analytics very comfortable. Our Engineers only need a few seconds to see if a connection is dropped or allowed, et cetera. This makes fulfilling these standard tasks easy for the operation team. The easy ruleset management helps us not lose the overview over the Check Point Firewall (NGFW) rulesets in daily operation. Good security should always be simple and clean and this product helps to make our environment more secure against any attacks from the outside.

We are using the classic firewalling, the Intrusion Preventions System (IPS) and we also use Check Point Identity Awareness. The most useful feature is for sure the classic firewalling, however, we could get this feature also from other vendors. The most valuable feature is the highly integrated NGFW features such as the IPS or Check Point Identity Awareness, which makes Check Point the best choice on the market. They have been leading the market for 20 years. This is deserved, in our opinion.

Check Point, of course, has flaws. As a Check Point Engineer, you must also be a Junior Linux Engineer as many things are happening on the command line in daily operation and almost all the time during troubleshooting. This makes learning Check Point a little bit harder than other firewall brands. The licensing was always a pain and is still a pain to deal with. 

For the next release, we would like to have better ruleset cleanup tools that are already included. It would make security management tools obsolete.

We've used Check Point for almost ten years.

We are using Check Point NGFW for controlling the traffic on our entire network. It controls the traffic and access of the networks and also the traffic outside of our network. The firewalls are used in and HA-Setup.  

The features we use are application and URL-filtering, anti-bot/virus, and sandboxing functions. It is also used for Site2Site VPNs and endpoint VPNs. For us, the Check Point NGFW is the center of network traffic and security. 

We use the new features of Check Point to reduce standalone systems. 

In the past few years, the attacks and risks have grown. That's why we introduced a NGFW. All the securtiy risks can be minimized with the product. Especially if you route the whole network trafiic over the firewall. You can filter malicious sites and traffic and can analyze the entirety of traffic. The URL filter works much better and is much stronger than our other previous solution. 

In the case of migrating or patching, it is very easy due to the fact that you can transfer the whole ruleset and settings from your old device. Patching is very easy and we've never had problems.

If you have an HA Setup you will have zero downtime. Teams and VoIP traffic will also not get stuck; you would notice anything while switching to the backup module. 

The quality of the patches and hotfixes is great. We never had any issues during or after patching. All patches and hotfixes are well documented and if you have any issues the KB is very helpful. 

The log is very clear and can be filtered very easily. If you need to analyze not only the connection you can use the CLI to dump TCP packets. 

The activation of additional features is very easy and well documented.

Sometimes, the firewall has its peculiarities which you have to know especially when you want to set up a Site2Site VPN with a third-party vendor - specifically if you want to set up IKEv2. 

The debugging of VPN tunnels is very stressful. Sometimes you don't know what the firewall negotiates with the other site, so you have to use the command-line for the VPN debugging. However, if you use both sites, the setup is very easy. 

The speed could be better when installing policy changes. In the beginning, we didn't have all features active. Now, it is all active and it takes some time to install. This is sometimes annoying if you forget a small change.

We've been using this solution for several years. This is our 3rd Check Point firewall.

We use Check Point for VPN access for all employees, as a rule. We also used it as a filter, a firewall, and it's the front line of our access to the Internet.

It has VPN access for our employees and it controls access, barring intrusion for non-authorized access.

The URL filter is activated to filter access to our employees. We use filtering for VPN access.

The configuration is one of the best features of this product.

When this product was purchased approximately 12 years ago it was the top of the line.

The product has been working very well.

I don't have any issues with the software of this solution. It works as is expected.

I would like to see more integration with other infrastructures. We are considering Cisco because it is more integrated, and the network limits of the solution are better.

Recently, we experience a problem with the hardware because it was too old, it was blocked. The hardware failed, but the software did not. With older hardware, it is a problem because our network is growing every year. The solution is not at maximum performance. 

It does not have the performance that we require. The network is not the same as it was 12 years ago. There are several logs.

We are looking for a cheaper product that is more integrated than our Cisco Network appliance.

It may also need to support other types of architecture.

The only reasons we are looking at other solutions are price and integration.

Check Point was installed in the company approximately 12 years ago.

The stability is good.

We are a company with 1,200 employees, and approximately 700 are using this solution.

We have five HP Servers, and we have a cluster in different geographic locations. 

Check Point has been installed in an HP-certified server. It is not an appliance, it is an HP Server.

We have one or two professionals who work on the platform.

It is not a cheap solution, which is why we are looking for another one.

We are currently evaluating new firewall solutions because the Check Point that we have was installed approximately 12 years ago, and wanted to change to a next-generation firewall.

The HP Server works fine without any maintenance, but it needs to be taken care of. We did not, which caused a disk to fail. We have one or maybe two that are working. I don't have any complaints about the HP Server. It was sized for that network load at that time.

I would rate Check Point a ten out of ten. It works as expected.

Nowadays, there are many threats and it's necessary to have an automatic process to defend your organization. The Check Point NGFW is a good solution for this use case.

For my organization, CheckPoint NGFW helped us with enforcing threat prevention.

Threat prevention capabilities are a natural extension of next-generation firewalls' deep packet inspection capabilities. As the traffic passes through the device, they also inspect the traffic for known exploits of existing vulnerabilities (IPS).

Files can be sent off-device to be emulated in a virtual sandbox to detect malicious behavior, named sandbox security.

I think that the main benefit of an NGFW is the ability to safely enable the use of Internet applications that empower users to be more productive while blocking less desirable applications.

I think that the most valuable feature is the prevention of known and zero-day threats because they are constantly trying to access your company and compromise its data. It is very important to have your solution always update for this.

I think that another important feature is that it is a cloud solution. More and more companies have all of their systems in the cloud and the threats are pointing here.

The features that a next-generation firewall includes are application and user control, integrated intrusion prevention, advanced malware detection such as sandboxing, and leverages threat intelligence feeds.

Check Point products have many places that need to be improved, but they are constantly upgrading.

I have been using Check Point NGFW since 2015.

Check Point has a good support department and they are always ready to help you.

Previously, I used Fortinet but Check Point provides us with more features.

I used this solution for the first time in 2015 when I worked for a local Internet Service Provider. At that point, I used the R77.30 console and I saw all of the good features that it provided.

Now, I use R80.30 in my current company and these products are the best in the market. This company is going to be at the forefront and you can complete your solution with other products in their portfolio.

Today’s next-generation network firewall can be found deployed on-premises at the edge of enterprises and branch offices, on-premises at internal segment boundaries, in public clouds such as Amazon (AWS), Microsoft Azure, and the Google Cloud Platform. They are also deployed in private clouds.

The licensing includes the cost of support.

We evaluated many others options including solutions by Fortinet, Palo Alto, SonicWall, etc.

We think that Check Point is the best because they are at the forefront.

We use several of the blades. We use it for regular access control, but we also use the application control. We use HTTPS inspection and threat prevention. We use the Mobile Access blades as well IPS.

We have a Smart-1 205 as our management server and for the gateway we've got 3200s.

Over time, we've enabled different blades on the firewall. We started off with the access control policy, and since then we enabled the HTTPS inspection and the IPS blade. That's helped reduce our risk landscape as a whole.

The simplicity of the access control is the most valuable feature for us. It gives us the ability to easily identify traffic that is either being allowed or denied to our network. The ease of use is important to us. The more difficult something is to use, the more likely it is that you'll experience some type of service failure. When we do have issues, with the Check Point SmartConsole being as simple as it is to navigate, it makes it easy for us to identify problems and fix them, to minimize our downtime.

I would like there to be a way to run packet captures more easily in the GUI environment. Right now, if we want to read packet captures, we have to do so from the command line.

We have been using Check Point's NGFWs for as long as I've been with the Department of Mental Health, so it's three years that I've personally been using them.

Based on other networking hardware that I've used, I would say the Check Point NGFWs are just as stable, if not more so. We rarely have any issues. In the past, I've experienced networking hardware often needing to be rebooted. That's not something that happens with these devices. They're on 24/7 and we have next to no downtime. I can't think of a time in my three years here that one of the devices has gone down and caused us any downtime.

We've already purchased a new management server from Check Point, and it will be replacing our 205 appliance. They make it easy. These devices inter-operate together, so if we need more resources, for example, on the management end, we're able to buy that server and replace our old one and scale up as needed.

As far as users are concerned, we have 70 locations throughout the State of South Carolina with a total of 400 to 500 devices that can be connected at any point in time.

I would think we have plans to increase our usage. We work in tele-psychiatry, for the State of South Carolina, and telemedicine right now is a hot topic. I see it very likely that our usage could double and triple in the coming years.

We've had an issue with licenses not populating to a new device, but that is the only thing we've ever called them for in relation to replacing or adding in a new device.

They're very helpful. They're easy to get in touch with. It's not like you're sitting there on hold for hours at a time, and they're quick to get back to you. It might be that they're taking packet captures and analyzing them and then getting back to you. It's a quick turnaround. I can't think of any time we've ever had to wait more than 24 hours to get an answer on an issue we've had.

I have set up replacements and it's very straightforward. It's very easy. It's much easier than some of the other network equipment that I've had to deal with. Check Point provides a wizard that walks you through the process and that streamlines the entire process. They also provide instructions on how to go about getting to the wizard and the process that we needed to take to complete that configuration. It was relatively painless.

The replacement was configured in one day and deployed the next, with no issues.

There are five of us in our company who have management access. I'm the network administrator, and I've got four IT technicians who work under me and assist in the firewall configuration and deployment.

I don't believe we've ever had to actually call Check Point to assist with anything. It's pretty straightforward. The wizard does most of the work and we have all the instructions we need. It's pretty much all done in-house.

I definitely feel it's been worth our investment. Check Point is there to help when we need them. Our downtime has been very minimal, and when we do have issues, they're there to help us. They're there to get us back up and running as quickly as possible. It's definitely been worth its weight.

One of the main reasons that we went with Check Point is that they provide a good solution for a firewall but at an affordable price. As a state agency, we can't afford Cisco Firepower. It's just out of our budget to be able to pay for something where licensing and hardware are so expensive. Check Point has really met our needs for a budget-friendly solution.

We pay a yearly support fee in addition to the standard licensing fees with Check Point.

I've worked with Cisco routers and firewalls. I've worked with Ruckus switches and routers, and Aruba access points.

A drawback with these products is their stability. Almost all other networking devices I've seen need to be rebooted over time. If they're left unattended for extended periods of time, we experience some sort of downtime. That is not an issue with our Check Point products.

Do your research and look into cloud solutions. Check Point offers many cloud services, and that's where everything's moving, towards the future. Research the different appliances and solutions that Check Point offers and find out what works best for your particular situation.

The biggest lesson I have learned from using Check Point's firewalls is not to be afraid to call for help. There are times where I may be trying to figure something out myself, when in all reality, all I need to do is call Check Point customer support. They'll explain to me why something is configured a certain way, or if there's a better way that I could go about configuring something, and things of that nature. They have been very helpful and have saved me time, anytime I've called.

I can't think of any additional features their NGFW needs that we don't already have access to. I know there are features such as moving the dashboard toward the cloud, and I think that's beneficial, but it's something they already offer. We just don't take advantage of it right now.