Check Point NGFW Reviews

We are working with Check Point NGFW as an internet firewall, a data center firewall, and a core firewall. We also deal with customers using the Maestro firewall for data centers.

One of the main advantages I have seen with Check Point NGFW is centralized management. The number of vulnerabilities is very few compared to commodity products, so customers don't have to worry even if it is exposed to the internet. Specific features include threat prevention, threat cloud, Infinity Portal for centralized cloud management, URL filtering, content awareness blade, identity awareness blade, and VPN blades. Customers only need to subscribe to what they require, so resources are free for other uses.

Check Point NGFW should concentrate more on the SMB market, as solutions in this space are not as strong in security. In terms of SD-WAN technology, Check Point's offerings are not as mature as competitors. There are some issues during initial setup, particularly with establishing connectivity with the Infinity Portal.

I have been working with Check Point NGFW for one year.

During initial setup, deployment teams usually face issues establishing the initial connectivity with the Infinity Portal.

As far as I have seen, Check Point NGFW is very stable. I have worked with Check Point products for 15 years and haven't found any stability or performance issues.

Check Point NGFW is very scalable. They offer multiple solutions from SMBs to enterprise data centers, making it an easily scalable solution with no issues in scalability.

We have escalated issues to Check Point technical support multiple times and have received timely and very good responses, especially from the local support team available in our country.

Positive

I have worked with almost all the major products: Fortinet, Palo Alto, Cisco ASA, and FTD.

There can be issues during the initial setup, particularly with establishing connectivity with the Infinity Portal.

I am currently in presales and not directly involved in deployment, but I have been part of a deployment team before.

Compared to other solutions, the pricing of Check Point NGFW is high. However, for customers particularly concerned with security, such as in enterprises, data centers, financial sectors, or government sectors, the pricing is justified. If a customer is not highly focused on security, a less expensive firewall may suffice.

I have experience with major vendors such as Fortinet, Palo Alto, Cisco ASA, and FTD.

I would recommend Check Point NGFW due to their long history of providing secure solutions and their pioneering stateful inspection technology. Their threat cloud is one of the richest AI clouds available. They also offer strong R&D, which results in fewer vulnerabilities in their products. Overall, I rate Check Point NGFW an eight out of ten.

On-premises

We use Check Point NGFW for enterprise firewalling, VPN, data loss prevention (DLP), user authentication, and zero-trust connectivity. All the functions of Check Point NGFW are utilized.

The most valuable features in my experience include perimeter firewalling, cloud and mobile security, application control, URL filtering, DLP, threat prevention, intrusion protection, and safeguarding against malware, botnets, and zero-day attacks. Check Point NGFW's multi-layered security architecture enhances data protection strategies by unifying security management, which is crucial in environments with too many separate products. The application and identity-based inspection are critical for understanding the data packets within the network.

The primary area for improvement would be the configuration process. While Check Point NGFW is not inherently difficult to configure, it might be intimidating for newcomers. Other products, like FortiGate, are perceived as more intuitive because they are easier to configure from the start. This has led to a perception that may affect market share.

I have been working with Check Point NGFW for many years, probably around ten years.

I have encountered stability issues primarily with VPN, which required a code upgrade. However, overall stability is high, and I rate it a nine out of ten.

Check Point NGFW is quite scalable. I have used units that never exceeded their capacity. If specified correctly, even the smaller boxes offer high session and bandwidth rates, making the solution highly scalable, even up to telco-level requirements.

My experience with Check Point's technical support has been positive, especially during setup processes. Even challenging issues like those with VPNs have been resolved efficiently with their help.

Positive

The initial setup of Check Point NGFW can be daunting for new users, but once you understand it, the setup is straightforward. For me, it's an eight out of ten in terms of ease of the initial setup.

The perception is that Check Point NGFW is expensive, especially when all software modules are included. For larger enterprises with comprehensive service requirements, it is reasonably priced. However, in the medium-sized business market, it can be seen as expensive, leading to switches to alternatives like Fortinet.

I rate Check Point NGFW an eight out of ten. It's a solid solution, particularly for large enterprise businesses, especially in banking and government, where there is always a need to diversify between different products. The overall product rating I would give is an eight.

On-premises

I use it for UTM [Unified Threat Management]. I use a gateway firewall at the office.

Next Generation Firewall, along with Threat Emulation and Threat Extraction, is what I use. Real-time prevention is there to protect against zero-day malware and Check Point Sandbox.

And then, the CPU-based emulation is a better feature than any technologies not having that. Check Point has a CPU-based emulation. Normally, Fortinet and others, they do it differently. But these people work on a technology called CPU-based emulation. 

This CPU-based emulation is a unique CPU-level technology that catches malware before it has an opportunity to deploy or evade detection. They call it SandBlast. Check Point SandBlast Threat Emulation. That is a great feature, which they are using. It controls attempts to bypass OS security controls also. And then it avoids deep security.

I use our Check Point firewall for all the NATing of my applications. I use it for external traffic monitoring where my Internet links are connected, and I use it as a gateway.

The drawback is that I want to push the policy from my management console itself instead of on the Check Point device. For example, if I have two different firewalls, I want to push the policy to the gateway, and then it will take 10 to 20 minutes to roll back the policies. It should be applied faster.

I have been using it for more than a year.  

It is a stable product 99.4% of the time. 

Check Point NGFW has a feature where it can top two of the firewalls, and then we can integrate the performance. 

It's a cluster kind of solution where they can integrate.  

For the firewall, the support is good. 

Positive

I also use CloudGuard Security Posture Management. I also used Fortinet.

The major difference, I feel, is the threat emulation. It's zero-day protection. The supply chain attack is very, very low compared to all firewall vendors. 

For example, being parallel to Palo Alto Networks or FortiGate and NFT OS or Check Point, that supply chain attack was very, very low in our Check Point firewall. And then the maintenance was very, very low compared to all.

That is my takeaway. My one of my takeaways before proceeding with my procurement decision was that there are two things: one is the security point. Another one is performance. The last one is very, very important. That is for the supply chain attack because we need to concentrate more on other products also. 

So I don't want to spend too much time on the maintenance part. So this supply chain attack was very, very less compared to other providers since we are using multiple firewalls. This particular firmware was very stable, and there was no need to update until unless it is necessary and shared by Check Point team. So my takeaway is that the supply chain attack was very less compared to all.

If the person knows the technology and the basic functionalities of a firewall, they can integrate it very fast.

We took three days to deploy.

Three people were involved: my IT security manager, myself, and one L3 engineer who deployed the product.

The architecture and functionalities are managed by me, and then the deployment is taken care of by our team members.

Compared to Fortinet and Check Point, both are the same.

Check Point is coming up withsome AI integration and some AI features. They are using threat emulation on the AI front, but they are also discussing the quantum processor, where they have integrated many new features.

Overall, I would rate it a nine out of ten.

We use Check Point NGFW for edge firewalls as well as internal segregation firewalls. It easily allows us to separate critical traffic from non-critical office traffic.

We use Check Point NGFW for edge firewalls as well as internal segregation firewalls. It easily allows us to separate critical traffic from non-critical office traffic. Check Point ThreatCloud is excellent. Their central management console makes managing hundreds of firewalls very easy, and their antivirus that's part of the ThreatCloud is very good. Since implementing it, we have noticed a lot less getting through that maybe other antivirus within firewalls had failed to catch.

Pricing is high, but it's worth it. That's the main one.

I have been using Check Point NGFW for over ten years.

Check Point NGFW is stable.

Check Point NGFW has excellent scalability.

Customer support is excellent.

Positive

We did previously use several solutions from SonicWall and other vendors, and Check Point was just a better overall solution for our environment.

Make sure to get a good third-party consultant or something to assist you, as the learning curve is steep at first.

We have seen a good return on investment. However, I do not have any metrics I can easily share.

All good. No issues.

We evaluated a few other companies. The main one, or the biggest competitor, was Palo Alto.

Make sure, if you do not have any experience with Check Point, to get a good third-party consultant or something to assist, as the learning curve is steep at first, but well worth the end benefit. Reliability, customer support, and just overall excellence. I would rate the overall solution ten out of ten.

On-premises

The tool helps with VPN and connecting mobile devices. We also use it for identity security. It filters internet access and controls applications. The firewall has an intrusion prevention system and stops data loss. 

Internet access and filtering are important, and data loss prevention is definitely key. The threat access builder is useful. Application control is also big for us. We use it to check and block application downloads, looking for malicious or rogue software. This feature is very helpful.

Sometimes, the firewall doesn't pick up on certain things. If an attacker is clever and uses a low-profile indicator, the firewall might flag an anomaly but not give enough information to decide if it's worth investigating. The threat intelligence component also has challenges. It doesn't always tie alerts to active campaigns or threat actor groups. We often have to do extra work and use other products to figure these out.

I rate the solution's stability a seven out of ten. 

I rate the tool's scalability an eight out of ten. My company has 2500 users. 

The tool's support was responsive in critical situations, but for non-critical issues, they sometimes dropped the ball or didn't get back quickly enough. We had to do a lot of follow-ups and escalations to our technical account manager.

Neutral

Before choosing Check Point NGFW, we used Palo Alto Networks. We switched because of issues with Palo Alto. Their customer support wasn't very responsive. Some policies weren't working right, letting things through that should've been blocked. We compared different pricing options and features before deciding on Check Point NGFW. The main differences between Palo Alto and Check Point NGFW were mostly in how they worked for us. They both offer good next-gen firewalls, but we had some problems with Palo Alto. Sometimes it wouldn't notify us quickly when something got through. Its prevention wasn't always as strong as we wanted.

We felt Palo Alto's traffic inspection was only partial, not checking everything thoroughly. Check Point NGFW seemed to offer better inspection. Check Point NGFW also had better threat intel and application control. With Palo Alto, we couldn't see all our applications, only some of them. This caused shadow IT problems. Cost was also a factor in our decision.

The initial setup of Check Point NGFW is relatively straightforward. It's similar to other firewalls I've used and not too complex. If you have all the prerequisites in place, it's fairly easy to set up. On a scale of one to ten, with ten being the easiest, I'd rate the setup process around seven or eight.

The deployment takes about a week. We had a deployment process that involved going through change management, getting approvals, notifying stakeholders like the infrastructure team, and deploying the solution.

We used a consultant for the deployment because we were dealing with other initiatives and it was a tight situation timing-wise, even though we could have done it in-house.

Aside from the consultant, we had two or three staff members involved in the deployment. Their job roles were mainly on the security side - security architects, engineers, and analysts. Their roles were fluid, so they could take on various tasks if they had the knowledge or interest. For maintaining the solution, the number of staff required depends on the scale of the deployment. In our setup, about two people were in charge as the main points of contact.

I saw definite operational impacts from using Check Point NGFW. It helped prevent breaches, data security issues, and security incidents. We constantly saw attempts being blocked and picked up by the firewall. This was an improvement over Palo Alto, where some things got through without being detected. With Check Point NGFW, we got a significant return on investment because it prevented a major incident from happening and escalating.

I rate the solution's pricing an eight out of ten. It costs around 100,000-200,000 dollars per month. Besides standard licensing fees, we paid extra for enterprise-level premium support. There were also onboarding costs factored in. These additional costs made it more expensive overall. The total cost was around 100,000 dollars, which was challenging for our budget. Check Point was also pricey, not much different from Palo Alto Networks. However, we decided switching to Check Point was better because it offered more capabilities for a similar price.

I rate the overall solution a seven out of ten. 

Hybrid Cloud

Amazon Web Services (AWS)

My main use case for Check Point NGFW is as a way to serve as an internal firewall for most of our network security operations and remote access.

A specific example of how Check Point NGFW helps with operations and remote access in my organization is that we've seen improved security and protection. In addition to the security features of the firewall, we are integrating it for VPN use.

Check Point NGFW has positively impacted my organization by providing a significant reduction in security breaches, along with improved visibility and granular control over our applications and users. It has also improved network performance and stability.

An example of how having granular control has helped my team in a real situation is that we are looking at application traffic and blocking malicious content for improved network performance and stability. We can also optimize bandwidth utilization, and regarding reduced breaches, we've seen it detect threats before they actually happen to our internal network. About enhanced visibility, we are looking at the ability to identify and control applications for users.

The best features Check Point NGFW offers in my experience include the centralized management console, which stands out to me, and it has a variety of tools such as policy management.

The value of the centralized management console and policy management for me is that it offers insight into all our policies that we administer, along with all the devices that we use regarding Check Point in the organization. This saves time during administration and configuration, especially for new users and new policies.

It saves us quite a bit of time compared to the way we managed things before, as it takes about a minute or so to spin up policies and push them through the organization network. I appreciate that we can create a template which we can use for multiple deployments regarding policies, which saves a lot of time. I also appreciate the reporting feature which gives elaborate reports for events.

I believe Check Point NGFW can be improved by making its initial configuration and deployment easier in the future because the first-time setup is really hard.

The first-time setup was difficult because when we looked at the documentation, I made a suggestion to get clearer guidance.

I've been using Check Point NGFW for about a year and a half now.

My experience with the deployment process was that it's a bit complex for first-time users.

Check Point NGFW is stable for us, and we have experienced no crashes or downtime.

The customer support is great, and I have had to reach out to them; issues are resolved in a timely manner.

I would rate the customer support an eight out of ten.

Before using Check Point NGFW, we had Sophos Firewall, and we switched because we wanted to try something new, but also Check Point proved to provide more enhanced features and tools.

Overall, the initial setup with Check Point NGFW is a bit complex.

The complexity of the configuration for first-time users arises from the guide and documentation, which, as I said earlier, is not straightforward. We received training later on, which enhanced our usage with the appliance.

We have seen a return on investment in terms of reduced incidents, as we've seen a reduction in security incidents.

Prior to choosing Check Point NGFW, we evaluated other options such as Huawei.

My advice to others looking into using Check Point NGFW is that they would need to evaluate their organizational needs, especially network and security-wise, before making a decision on what option to purchase on the market regarding firewalls and security appliances.

My company has a business relationship with this vendor, as we are both a partner and a reseller.

I rate Check Point NGFW eight out of ten.

On-premises

We use Check Point NGFW for network security purposes, where we have configured VPN, site-to-site VPNs, and advanced threat prevention for protecting our network infrastructure.

We utilize Check Point NGFW for network security, implementing the firewall for different aspects, such as threat prevention for securing our network and using tunnels to connect our different branches to one another.

In my experience, Check Point NGFW offers some of the best features.

VPN is one of those standout features.

The best features of Check Point NGFW are the site-to-site VPN capability, the advanced feature of VPN configuration, threat prevention, and advanced URL filtering, having all the security features present in the next generation firewall.

Check Point NGFW improves our security positively. The security improvement has improved significantly by using Check Point NGFW.

The pricing is a little bit high, so it should be considered from a customer aspect.

I have been using Check Point NGFW for almost one and a half years.

In my experience, Check Point NGFW is stable with no issues regarding reliability.

Check Point NGFW has been easy to scale as our needs have grown.

The customer support was good, and we just need to raise a ticket from the customer support portal where the device has been registered, and we received instant support from the technical engineer.

I would rate the customer support between nine to ten; the support was excellent.

Positive

I did not use a different solution before Check Point NGFW.

The initial setup with Check Point NGFW is a little bit complex for those who are new to it.

Check Point NGFW has definitely shown improvement in terms of time and money cost-wise.

The pricing, setup cost, and licensing were straightforward, but the pricing is a little bit high compared to other vendors such as FortiGate and Sophos.

We considered FortiGate as one of the options before choosing Check Point NGFW.

I advise others looking into using Check Point NGFW to understand their infrastructure, scenario, and needs, and then decide on scalability before choosing Check Point NGFW.

We are partners with Check Point, but we are not a customer in other business relationships. As a partner, we work with different vendors such as Sophos, FortiGate, Check Point NGFW, and ASA.

On a scale of one to ten, I would rate Check Point NGFW a ten; it is excellent.

On-premises

[Answer to 'If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?' from the text]

We were looking for a solution to simplify our hybrid cloud infrastructure. We wanted something that could manage both our on-premises and cloud environments seamlessly. Nutanix offered that unified management plane. We also needed to improve our disaster recovery capabilities.

It's been really good. It simplified our operations significantly. We're able to manage everything from a single pane of glass, which has been a huge time saver.

The Prism Central management console is excellent. It gives us a centralized view of our entire infrastructure. Also, the built-in disaster recovery capabilities have been essential. We've tested failover scenarios, and they worked flawlessly. It simplified our operations significantly. We're able to manage everything from a single pane of glass, which has been a huge time saver.

The initial setup was a little complex, but Nutanix support helped us through the process. Also, licensing can be a bit complicated.

We've been using it for about two and a half years now.

Nutanix support helped us through the process when the initial setup was complex.

Positive

The initial setup was a little complex, but Nutanix support helped us through the process.

Licensing can be a bit complicated.

Absolutely. Especially for companies looking to simplify hybrid cloud management and improve disaster recovery.

Hybrid Cloud

Other