Try our new research platform with insights from 80,000+ expert users
Mohan Janarthanan - PeerSpot reviewer
Assosiate Vice President at Novac Technology Solutions
Real User
Top 5
Real-time prevention is there to protect against zero-day malware
Pros and Cons
  • "The CPU-based emulation is a better feature than any technologies not having that."
  • "The drawback is that I want to push the policy from my management console itself instead of on the Check Point device."

What is our primary use case?

I use it for UTM [Unified Threat Management]. I use a gateway firewall at the office.

What is most valuable?

Next Generation Firewall, along with Threat Emulation and Threat Extraction, is what I use. Real-time prevention is there to protect against zero-day malware and Check Point Sandbox.

And then, the CPU-based emulation is a better feature than any technologies not having that. Check Point has a CPU-based emulation. Normally, Fortinet and others, they do it differently. But these people work on a technology called CPU-based emulation. 

This CPU-based emulation is a unique CPU-level technology that catches malware before it has an opportunity to deploy or evade detection. They call it SandBlast. Check Point SandBlast Threat Emulation. That is a great feature, which they are using. It controls attempts to bypass OS security controls also. And then it avoids deep security.

I use our Check Point firewall for all the NATing of my applications. I use it for external traffic monitoring where my Internet links are connected, and I use it as a gateway.

What needs improvement?

The drawback is that I want to push the policy from my management console itself instead of on the Check Point device. For example, if I have two different firewalls, I want to push the policy to the gateway, and then it will take 10 to 20 minutes to roll back the policies. It should be applied faster.

For how long have I used the solution?

I have been using it for more than a year.  

Buyer's Guide
Check Point NGFW
June 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
856,873 professionals have used our research since 2012.

What do I think about the stability of the solution?

It is a stable product 99.4% of the time. 

What do I think about the scalability of the solution?

Check Point NGFW has a feature where it can top two of the firewalls, and then we can integrate the performance. 

It's a cluster kind of solution where they can integrate.  

How are customer service and support?

For the firewall, the support is good. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I also use CloudGuard Security Posture Management. I also used Fortinet.

The major difference, I feel, is the threat emulation. It's zero-day protection. The supply chain attack is very, very low compared to all firewall vendors. 

For example, being parallel to Palo Alto Networks or FortiGate and NFT OS or Check Point, that supply chain attack was very, very low in our Check Point firewall. And then the maintenance was very, very low compared to all.

That is my takeaway. My one of my takeaways before proceeding with my procurement decision was that there are two things: one is the security point. Another one is performance. The last one is very, very important. That is for the supply chain attack because we need to concentrate more on other products also. 

So I don't want to spend too much time on the maintenance part. So this supply chain attack was very, very less compared to other providers since we are using multiple firewalls. This particular firmware was very stable, and there was no need to update until unless it is necessary and shared by Check Point team. So my takeaway is that the supply chain attack was very less compared to all.

How was the initial setup?

If the person knows the technology and the basic functionalities of a firewall, they can integrate it very fast.

We took three days to deploy.

What about the implementation team?

Three people were involved: my IT security manager, myself, and one L3 engineer who deployed the product.

The architecture and functionalities are managed by me, and then the deployment is taken care of by our team members.

What's my experience with pricing, setup cost, and licensing?

Compared to Fortinet and Check Point, both are the same.

What other advice do I have?

Check Point is coming up withsome AI integration and some AI features. They are using threat emulation on the AI front, but they are also discussing the quantum processor, where they have integrated many new features.

Overall, I would rate it a nine out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Network Administrator at POET, LLC
Real User
Top 20
Efficiently manages large-scale firewall deployments and improves threat detection
Pros and Cons
  • "I would rate the overall solution ten out of ten."

    What is our primary use case?

    We use Check Point NGFW for edge firewalls as well as internal segregation firewalls. It easily allows us to separate critical traffic from non-critical office traffic.

    What is most valuable?

    We use Check Point NGFW for edge firewalls as well as internal segregation firewalls. It easily allows us to separate critical traffic from non-critical office traffic. Check Point ThreatCloud is excellent. Their central management console makes managing hundreds of firewalls very easy, and their antivirus that's part of the ThreatCloud is very good. Since implementing it, we have noticed a lot less getting through that maybe other antivirus within firewalls had failed to catch.

    What needs improvement?

    Pricing is high, but it's worth it. That's the main one.

    For how long have I used the solution?

    I have been using Check Point NGFW for over ten years.

    What do I think about the stability of the solution?

    Check Point NGFW is stable.

    What do I think about the scalability of the solution?

    Check Point NGFW has excellent scalability.

    How are customer service and support?

    Customer support is excellent.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We did previously use several solutions from SonicWall and other vendors, and Check Point was just a better overall solution for our environment.

    What about the implementation team?

    Make sure to get a good third-party consultant or something to assist you, as the learning curve is steep at first.

    What was our ROI?

    We have seen a good return on investment. However, I do not have any metrics I can easily share.

    What's my experience with pricing, setup cost, and licensing?

    All good. No issues.

    Which other solutions did I evaluate?

    We evaluated a few other companies. The main one, or the biggest competitor, was Palo Alto.

    What other advice do I have?

    Make sure, if you do not have any experience with Check Point, to get a good third-party consultant or something to assist, as the learning curve is steep at first, but well worth the end benefit. Reliability, customer support, and just overall excellence. I would rate the overall solution ten out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company does not have a business relationship with this vendor other than being a customer.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Check Point NGFW
    June 2025
    Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
    856,873 professionals have used our research since 2012.
    Pratik-Savla - PeerSpot reviewer
    Security and Compliance Architect at a manufacturing company with 1,001-5,000 employees
    Real User
    Top 5
    Filters internet access and controls applications
    Pros and Cons
      • "Sometimes, the firewall doesn't pick up on certain things. If an attacker is clever and uses a low-profile indicator, the firewall might flag an anomaly but not give enough information to decide if it's worth investigating. The threat intelligence component also has challenges. It doesn't always tie alerts to active campaigns or threat actor groups. We often have to do extra work and use other products to figure these out."

      What is our primary use case?

      The tool helps with VPN and connecting mobile devices. We also use it for identity security. It filters internet access and controls applications. The firewall has an intrusion prevention system and stops data loss. 

      What is most valuable?

      Internet access and filtering are important, and data loss prevention is definitely key. The threat access builder is useful. Application control is also big for us. We use it to check and block application downloads, looking for malicious or rogue software. This feature is very helpful.

      What needs improvement?

      Sometimes, the firewall doesn't pick up on certain things. If an attacker is clever and uses a low-profile indicator, the firewall might flag an anomaly but not give enough information to decide if it's worth investigating. The threat intelligence component also has challenges. It doesn't always tie alerts to active campaigns or threat actor groups. We often have to do extra work and use other products to figure these out.

      What do I think about the stability of the solution?

      I rate the solution's stability a seven out of ten. 

      What do I think about the scalability of the solution?

      I rate the tool's scalability an eight out of ten. My company has 2500 users. 

      How are customer service and support?

      The tool's support was responsive in critical situations, but for non-critical issues, they sometimes dropped the ball or didn't get back quickly enough. We had to do a lot of follow-ups and escalations to our technical account manager.

      How would you rate customer service and support?

      Neutral

      Which solution did I use previously and why did I switch?

      Before choosing Check Point NGFW, we used Palo Alto Networks. We switched because of issues with Palo Alto. Their customer support wasn't very responsive. Some policies weren't working right, letting things through that should've been blocked. We compared different pricing options and features before deciding on Check Point NGFW. The main differences between Palo Alto and Check Point NGFW were mostly in how they worked for us. They both offer good next-gen firewalls, but we had some problems with Palo Alto. Sometimes it wouldn't notify us quickly when something got through. Its prevention wasn't always as strong as we wanted.

      We felt Palo Alto's traffic inspection was only partial, not checking everything thoroughly. Check Point NGFW seemed to offer better inspection. Check Point NGFW also had better threat intel and application control. With Palo Alto, we couldn't see all our applications, only some of them. This caused shadow IT problems. Cost was also a factor in our decision.

      How was the initial setup?

      The initial setup of Check Point NGFW is relatively straightforward. It's similar to other firewalls I've used and not too complex. If you have all the prerequisites in place, it's fairly easy to set up. On a scale of one to ten, with ten being the easiest, I'd rate the setup process around seven or eight.

      The deployment takes about a week. We had a deployment process that involved going through change management, getting approvals, notifying stakeholders like the infrastructure team, and deploying the solution.

      We used a consultant for the deployment because we were dealing with other initiatives and it was a tight situation timing-wise, even though we could have done it in-house.

      Aside from the consultant, we had two or three staff members involved in the deployment. Their job roles were mainly on the security side - security architects, engineers, and analysts. Their roles were fluid, so they could take on various tasks if they had the knowledge or interest. For maintaining the solution, the number of staff required depends on the scale of the deployment. In our setup, about two people were in charge as the main points of contact.

      What was our ROI?

      I saw definite operational impacts from using Check Point NGFW. It helped prevent breaches, data security issues, and security incidents. We constantly saw attempts being blocked and picked up by the firewall. This was an improvement over Palo Alto, where some things got through without being detected. With Check Point NGFW, we got a significant return on investment because it prevented a major incident from happening and escalating.

      What's my experience with pricing, setup cost, and licensing?

      I rate the solution's pricing an eight out of ten. It costs around 100,000-200,000 dollars per month. Besides standard licensing fees, we paid extra for enterprise-level premium support. There were also onboarding costs factored in. These additional costs made it more expensive overall. The total cost was around 100,000 dollars, which was challenging for our budget. Check Point was also pricey, not much different from Palo Alto Networks. However, we decided switching to Check Point was better because it offered more capabilities for a similar price.

      What other advice do I have?

      I rate the overall solution a seven out of ten. 

      Which deployment model are you using for this solution?

      Hybrid Cloud

      If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

      Amazon Web Services (AWS)
      Disclosure: My company does not have a business relationship with this vendor other than being a customer.
      PeerSpot user
      Works at Sybyl
      Real User
      Top 5
      Centralized management and policy tools improve security operations and reduce breaches
      Pros and Cons
      • "Check Point NGFW has positively impacted my organization by providing a significant reduction in security breaches, along with improved visibility and granular control over our applications and users."
      • "The first-time setup was difficult because when we looked at the documentation, I made a suggestion to get clearer guidance."

      What is our primary use case?

      My main use case for Check Point NGFW is as a way to serve as an internal firewall for most of our network security operations and remote access.

      A specific example of how Check Point NGFW helps with operations and remote access in my organization is that we've seen improved security and protection. In addition to the security features of the firewall, we are integrating it for VPN use.

      How has it helped my organization?

      Check Point NGFW has positively impacted my organization by providing a significant reduction in security breaches, along with improved visibility and granular control over our applications and users. It has also improved network performance and stability.

      An example of how having granular control has helped my team in a real situation is that we are looking at application traffic and blocking malicious content for improved network performance and stability. We can also optimize bandwidth utilization, and regarding reduced breaches, we've seen it detect threats before they actually happen to our internal network. About enhanced visibility, we are looking at the ability to identify and control applications for users.

      What is most valuable?

      The best features Check Point NGFW offers in my experience include the centralized management console, which stands out to me, and it has a variety of tools such as policy management.

      The value of the centralized management console and policy management for me is that it offers insight into all our policies that we administer, along with all the devices that we use regarding Check Point in the organization. This saves time during administration and configuration, especially for new users and new policies.

      It saves us quite a bit of time compared to the way we managed things before, as it takes about a minute or so to spin up policies and push them through the organization network. I appreciate that we can create a template which we can use for multiple deployments regarding policies, which saves a lot of time. I also appreciate the reporting feature which gives elaborate reports for events.

      What needs improvement?

      I believe Check Point NGFW can be improved by making its initial configuration and deployment easier in the future because the first-time setup is really hard.

      The first-time setup was difficult because when we looked at the documentation, I made a suggestion to get clearer guidance.

      For how long have I used the solution?

      I've been using Check Point NGFW for about a year and a half now.

      What was my experience with deployment of the solution?

      My experience with the deployment process was that it's a bit complex for first-time users.

      What do I think about the stability of the solution?

      Check Point NGFW is stable for us, and we have experienced no crashes or downtime.

      How are customer service and support?

      The customer support is great, and I have had to reach out to them; issues are resolved in a timely manner.

      I would rate the customer support an eight out of ten.

      Which solution did I use previously and why did I switch?

      Before using Check Point NGFW, we had Sophos Firewall, and we switched because we wanted to try something new, but also Check Point proved to provide more enhanced features and tools.

      How was the initial setup?

      Overall, the initial setup with Check Point NGFW is a bit complex.

      The complexity of the configuration for first-time users arises from the guide and documentation, which, as I said earlier, is not straightforward. We received training later on, which enhanced our usage with the appliance.

      What was our ROI?

      We have seen a return on investment in terms of reduced incidents, as we've seen a reduction in security incidents.

      Which other solutions did I evaluate?

      Prior to choosing Check Point NGFW, we evaluated other options such as Huawei.

      What other advice do I have?

      My advice to others looking into using Check Point NGFW is that they would need to evaluate their organizational needs, especially network and security-wise, before making a decision on what option to purchase on the market regarding firewalls and security appliances.

      My company has a business relationship with this vendor, as we are both a partner and a reseller.

      I rate Check Point NGFW eight out of ten.

      Which deployment model are you using for this solution?

      On-premises
      Disclosure: My company does not have a business relationship with this vendor other than being a customer.
      Flag as inappropriate
      PeerSpot user
      reviewer2700741 - PeerSpot reviewer
      Senior Cyber Security Engineer at a computer software company with 501-1,000 employees
      Real User
      Top 20
      Unified management streamlines hybrid cloud operations and boosts disaster recovery, while initial setup complexity poses challenges
      Pros and Cons
      • "We've tested failover scenarios, and they worked flawlessly."
      • "Licensing can be a bit complicated."

      What is our primary use case?

      We were looking for a solution to simplify our hybrid cloud infrastructure. We wanted something that could manage both our on-premises and cloud environments seamlessly. Nutanix offered that unified management plane. We also needed to improve our disaster recovery capabilities.

      How has it helped my organization?

      It's been really good. It simplified our operations significantly. We're able to manage everything from a single pane of glass, which has been a huge time saver.

      What is most valuable?

      The Prism Central management console is excellent. It gives us a centralized view of our entire infrastructure. Also, the built-in disaster recovery capabilities have been essential. We've tested failover scenarios, and they worked flawlessly. It simplified our operations significantly. We're able to manage everything from a single pane of glass, which has been a huge time saver.

      What needs improvement?

      The initial setup was a little complex, but Nutanix support helped us through the process. Also, licensing can be a bit complicated.

      For how long have I used the solution?

      We've been using it for about two and a half years now.

      How are customer service and support?

      Nutanix support helped us through the process when the initial setup was complex.

      How would you rate customer service and support?

      Positive

      How was the initial setup?

      The initial setup was a little complex, but Nutanix support helped us through the process.

      What's my experience with pricing, setup cost, and licensing?

      Licensing can be a bit complicated.

      What other advice do I have?

      Absolutely. Especially for companies looking to simplify hybrid cloud management and improve disaster recovery.

      Which deployment model are you using for this solution?

      Hybrid Cloud

      If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

      Other
      Disclosure: My company does not have a business relationship with this vendor other than being a customer.
      Flag as inappropriate
      PeerSpot user
      Suraj Varma - PeerSpot reviewer
      Network Security Engineer at Digitaltrack
      Real User
      Top 5
      Good analysis and integration with an easy deployment
      Pros and Cons
      • "It gets a regular zero-day signature update."
      • "During my initial level implementation of check Point NGFW, I faced issues troubleshooting. The problem was with its command line."

      What is our primary use case?

      My company is an IT service provider. We suggest customers choose the Check Point next-generation firewall along with other OEMs for their environment. Once they choose (and confirm the product with model capabilities), we migrate the existing firewall to the new firewall. 

      I have deployed multiple Check Point products. Based on my experience and its effective features, I do suggest customers go with Check Point NGFW. I love its security profiles which effectively secure the organization's LAN, DC, and DMZ network.

      How has it helped my organization?

      The solution has improved organizations via:

      1. Ease of deployment: We can easily implement and deploy the check Point NGFW.

      2. Deep Inspection: It inspects traffic beyond just port number and IP address.

      3. Threat Prevention: It has multiple security features and we can enable and integrate these features like IPS(Intrusion Prevention System), Anti-Bot Protection, and SandBoxing.

      4. Organizations can enable Multi-Factor Authentication (MFA) in their network environment to verify their identity before they access the network. this feature keeps the integrity of the LAN network.

      What is most valuable?

      My favorite feature of Check Point NGFW is its "deep traffic inspection capability" due to the fact that:

      1. It provides deep-level control over the network activity, allowing you to prioritize critical traffic first based on organization requirements.

      2. It analyzes application behavior to detect suspicious activity.

      3. We integrate with Sandbox technology to safely detonate and analyze zero-day threats. 

      4. It also blocks the application and prevents them from accessing the organization's LAN network.

      5. It gets a regular zero-day signature update.

      What needs improvement?

      During my initial level implementation of check Point NGFW, I faced issues troubleshooting. The problem was with its command line. 

      Check Point runs on Linux and its command line is Linux-based. However, at the time, I was not familiar with Linux commands, and I invested lots of time in finding the Linux command and understanding the meaning, then went for troubleshooting.

      It would be very helpful if the OEM provided all the Linux commands in a way that we could easily understand and follow the steps to configure or troubleshoot the issue using the command line.

      For how long have I used the solution?

      For the last year, I have been implementing and deploying Check Point NGFW in multiple client environments. 

      Its NAT automation and routing intelligence are excellent. We are not required to configure NAT rules separately; we can enable them while creating an object. We are also not required to configure reverse routing for LAN subnets.

      What do I think about the stability of the solution?

      At this time, Check Point NGFW is more stable than other options.

      What do I think about the scalability of the solution?

      The scalability is wonderful.

      How are customer service and support?

      Customer service and support are good. However, they can be enhanced.

      How would you rate customer service and support?

      Positive

      Which solution did I use previously and why did I switch?

      We do not choose the solution. Rather, we provide multiple solutions to the customer.

      How was the initial setup?

      The solution is easy to implement.

      What about the implementation team?

      We are from the vendor side. We can help implement the solution. 

      What's my experience with pricing, setup cost, and licensing?

      As of now, everything is good as per the market scenario.

      Which other solutions did I evaluate?

      We did not evaluate other options. 

      Which deployment model are you using for this solution?

      On-premises
      Disclosure: My company has a business relationship with this vendor other than being a customer: My company is an IT service provider. So we implement, deploy, and migrate the NGFW in various customer environments.
      PeerSpot user
      Sr. Cyber Security and Solutions Architect at a consultancy with 201-500 employees
      Real User
      Robust security and seamless integration enhance classified application management
      Pros and Cons
      • "One of the most valuable features is the ability to whitelist and blacklist sources to control access to our ecosystem, ensuring secured SaaS application access."
      • "I would absolutely recommend this solution to others for its robust security and scalability."
      • "The graphical user interface (GUI) could benefit from some updates."

      What is our primary use case?

      We use the Check Point Next Generation Firewall for whitelisting and blacklisting of addresses. It's part of our identity management solution and is utilized for inbound and outbound traffic services. 

      Additionally, it is integrated with our DMZ, managing traffic from an IP addressing scheme. We also use it for monitoring different types of classified and nonclassified applications.

      How has it helped my organization?

      Check Point has improved our organization's ability to manage both classified and nonclassified applications securely, ensuring they pass through multiple layers of security within our firewall infrastructure.

      What is most valuable?

      One of the most valuable features is the ability to whitelist and blacklist sources to control access to our ecosystem, ensuring secured SaaS application access. It provides robust security across classified and nonclassified applications and integrates well with our existing infrastructure.

      What needs improvement?

      The graphical user interface (GUI) could benefit from some updates, although it is generally satisfactory in its current form.

      What do I think about the stability of the solution?

      The solution is stable, and I have the utmost confidence in its software stability.

      What do I think about the scalability of the solution?

      The application is very scalable, allowing us to manage security across different network layers and support various applications and activities.

      How are customer service and support?

      Customer support quality depends on the person you interact with. However, the support team we engaged was knowledgeable and well-versed with the application, allowing us to resolve any potential issues effectively.

      How would you rate customer service and support?

      Positive

      Which solution did I use previously and why did I switch?

      We switched to Check Point due to cost and maintenance benefits. The previous solutions required significant resources to handle network and communication alignment during upgrades.

      How was the initial setup?

      The initial setup is straightforward, with no significant issues arising from the box configuration.

      What about the implementation team?

      Our implementation team comprised about thirty individuals, including supervisors for each stage, to manage testing, validation, staging, and production.

      What was our ROI?

      We conducted a detailed analysis and determined a high return on investment. Maintenance and stability were key factors contributing to a favorable ROI.

      What's my experience with pricing, setup cost, and licensing?

      We found the pricing reasonable, ensuring the product was not overpriced. However, I am not familiar with the exact cost details.

      What other advice do I have?

      I would absolutely recommend this solution to others for its robust security and scalability.

      I'd rate the solution ten out of ten.

      Which deployment model are you using for this solution?

      On-premises
      Disclosure: My company does not have a business relationship with this vendor other than being a customer.
      Flag as inappropriate
      PeerSpot user
      reviewer2540445 - PeerSpot reviewer
      Student at a university with 5,001-10,000 employees
      Real User
      Top 5
      Integrates with with Active Directory, IPS, standard VPN, and the firewall
      Pros and Cons
      • "Integration with Active Directory, IPS, standard VPN, and the firewall itself are the most valuable features for us. We haven't yet certified or aren't using Application Control, anti-bot, or anti-virus features."
      • "Significant improvements have been made in the product. I started working with the R65 code and then upgraded to R74.40. When they transitioned from R77.30 to R80.x, they made major back-end modifications, switching from a flat file system to Solaris and Postgres. This was a big step that neither customers nor their support staff were fully prepared for."

      What is our primary use case?

      We needed stateful inspection, logging, integration with Active Directory, and the ability to monitor devices using standard SNMP for use cases. Now, with the tool's Skyline product and OpenTelemetry, we can monitor it through Prometheus and Grafana. It has all the features we needed when we certified the solution.

      What is most valuable?

      Integration with Active Directory, IPS, standard VPN, and the firewall itself are the most valuable features for us. We haven't yet certified or aren't using Application Control, anti-bot, or anti-virus features.

      What needs improvement?

      Significant improvements have been made in the product. I started working with the R65 code and then upgraded to R74.40. When they transitioned from R77.30 to R80.x, they made major back-end modifications, switching from a flat file system to Solaris and Postgres. This was a big step that neither customers nor their support staff were fully prepared for.

      Now, they're adding more features due to the increased flexibility of the new back-end. The main improvement I'd suggest is better preparation when introducing new features. Before releasing, they must train their support staff to troubleshoot these new features. The transition from R77.30 to R80.x was problematic due to a lack of preparation by Check Point, customers, and support.

      What do I think about the scalability of the solution?

      Sizing is crucial, but we've never had issues with the products we've sized for each environment. The Maestro solution provides a lot of flexibility. On a scale of one to ten, with ten being the highest scalability, I'd rate it a ten.

      Which solution did I use previously and why did I switch?

      I use Palo Alto firewalls. Check Point NGFW was the first to invent the stateful inspection firewall. They focus more on security and try to keep their motto of "keep security simple". They don't get bogged down in marketing or complicated terminology when using their products.

      Even enabling a firewall blade on Palo Alto requires learning about different sync ports, how sync ports differ between chassis, and navigating through multiple GUI tabs for configuration. It's not as straightforward.

      On the other hand, Check Point NGFW has kept things very simple for deployment. You set it up once, and then you can repeat the same process repeatedly.

      How was the initial setup?

      On a scale of one to ten, with ten being the easiest, I'd rate the initial setup as ten. The process is straightforward: you rack and stack, configure the management code, create a standard policy, establish SIC, and push the policy. This process has remained consistent over the years.

      For deployment, it took us longer than the typical two weeks because we had to design solutions for different scenarios. Check Point offers various options, such as clustering solutions, Maestro solutions, and standalone solutions. We had different use cases—some required standard clusters with ClusterXL, while others needed scalability solutions like Maestro. We also had to factor in sizing considerations.

      The certification process took about the same amount of time as other products. We've been using the Maestro solution for a while now, so when new platforms are released, there isn't much change required beyond certifying the new hardware and ensuring backward compatibility with our certified solution.

      Initially, it took a little more than two weeks to certify. However, the actual deployment still follows the same standard process and is actually easier now than it was in the past.

      We call the team responsible for deploying certified solutions to the service delivery team. It's made up of two groups: build services and service delivery. The build services team works with our networking team to ensure our network and peering devices are set up right to host the firewall.

      The service delivery team focuses more on the firewall itself. We need about three or four extra people from build services for firewall deployment. They act as go-betweens with the network team, ensuring our firewall solution works well with the peering devices when we put it in place. The build services team is important because they ensure everything fits together properly when we set up our firewall.

      For maintenance, the solution is pretty stable. We have a global team, but a separate team handles regular firewall changes and daily operations. For support, we have about ten people total - three groups of three people each. This team manages around 1200 firewalls, including Check Point and Palo Alto devices.

      What's my experience with pricing, setup cost, and licensing?

      Check Point NGFW is much cheaper than other platforms, including Palo Alto. Its scalability, especially with the Maestro solution, is a big advantage. If you're looking for good security at a reasonable price with a good return on investment, I believe Check Point NGFW is the way to go.

      What other advice do I have?

      I've been dealing with Check Point NGFW for my entire career. I started with their Stateful Inspection feature. The term "Next Generation Firewall" is just marketing. Check Point's UTM product was designed from the ground up with next-generation features. They have a feature called Blaze. Besides stateful inspection firewalls and VPNs, they offer IPS, application control, URL filtering, antivirus, and antibot. You can also integrate it with third-party tools like Active Directory for authentication. This combination of features is what's called a next-generation firewall.

      Other vendors use terms like app ID or user ID. They focus less on ports and more on ensuring services match their intended use. For example, if port 22 is enabled, it should be for SSH service, not something else. We use both Check Point NGFW and other products. I think if you commit to one vendor's approach, it can be hard to switch late.

      Disclosure: My company does not have a business relationship with this vendor other than being a customer.
      PeerSpot user
      Buyer's Guide
      Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
      Updated: June 2025
      Buyer's Guide
      Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.