reviewer02975255 - PeerSpot reviewer
Senior Manager at BDO Unibank
User
Great IPS and anti-malware security blades with responsive technical support
Pros and Cons
  • "The successful performance of the security blades has shown the value of the investment along with the comparable success of leveraging the NGFW over a separate specialized security solution."
  • "The current reporting capability needs to be parsed and edited to be appreciated by leadership."

What is our primary use case?

Our company undertook a network transformation and instead of implementing a separate IPS solution, we've opted for the NGFW of Check Point. We've leveraged the different security blades available in the Check Point NGFW. Besides the IPS blade, we've also leveraged the anti-malware threat intelligence blades for our gateways, especially for the perimeter. 

We've also enabled the IPS blade for our remote offices as part of the additional security layer for our smaller international offices and used both the IPS and anti-malware for our bigger offices. 

How has it helped my organization?

We've managed to reduce the CAPEX cost of the network transformation when we leveraged the versatility of the Check Point NGFW solution. 

Instead of purchasing separate solutions for the IPS, anti-malware, and threat intelligence, the security blades of the Check Point NGFW were just enabled. 

The software subscription cost is already included in the annual software and hardware maintenance cost which made the solution more cost-effective than having separate solutions wherein we need to maintain a separate subscription for each. 

What is most valuable?

Besides the basic firewall feature of the Check Point NGFW, we find the IPS and anti-malware security blades to be most valuable for our current implementation.

The IPS and anti-malware solutions have successfully identified and blocked potential threats from our perimeter. 

Though we are also using threat intelligence, we see more validation of the successful use of the IPS an anti-malware. 

The successful performance of the security blades has shown the value of the investment along with the comparable success of leveraging the NGFW over a separate specialized security solution. 

What needs improvement?

Overall, we are satisfied with the performance of the NGFW both from the functional and operational perspective. The solution has been proven effective in detecting and blocking potential and intentional threats to the company's internal network without impacting the performance of the appliance. 

What can be improved though is the capability of providing an executive summary report that can highlight the performance and operational effectiveness of the implemented security solution. The current reporting capability needs to be parsed and edited to be appreciated by leadership.

Buyer's Guide
Check Point NGFW
December 2023
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: December 2023.
745,775 professionals have used our research since 2012.

For how long have I used the solution?

We've been using Check Point NGFW for more than 4 four years.

What do I think about the stability of the solution?

Check Point NGFW has been very stable and very rarely do we encounter any performance issues due to hardware or software issues. 

What do I think about the scalability of the solution?

The solution is very scalable and easy to manage.

How are customer service and support?

Customer service and support are very responsive, and we get quick and fairly consistent turnaround times for the resolution. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used Cisco Firepower, however, we were not satisfied with its performance both functional and operational. 

How was the initial setup?

The initial setup was straightforward since the deployment is just the typical high-availability active standby implementation. 

What about the implementation team?

We implement through a vendor team. The vendor team is very competent and has consistently displayed their expertise in the technology. 

What was our ROI?

Unfortunately, our team does not have visibility on the ROI.

What's my experience with pricing, setup cost, and licensing?

If the implementation would require multiple gateways, consider leveraging the Infinity Total Protection. 

Which other solutions did I evaluate?

We no longer evaluated other options. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
reviewer98265120 - PeerSpot reviewer
Senior Technical Consultant at CDW
MSP
Improves environments, has helpful support, and offer great compute power
Pros and Cons
  • "The Check Point appliances are considered NGFW devices and can process both the ASA and FTD requirements on a single instance, removing the requirement for an expansion SSD module and/or additional hardware."
  • "We'd like an option that can convert other vendors' NGFW configurations to supported Check Point NGFW config for ease of migration."

What is our primary use case?

The customer purchased Check Point 6200 Firewalls to replace their aging Cisco ASA firewalls on the perimeter of their sites. The Cisco Firewalls must be replaced due to insufficient capacity.

It is envisioned that the initial migration will be a direct replica of the ASA configuration, with the client expanding the solution post-migration, with Check Point NGFW features.

This project consisted of the following deliverables:
• Rule base is migrated like for like, in which ASA Firewall zone-based rules will be converted to Check Point Parent/Child layered rules.
• Firewall zones to be imported and reviewed post migration by client.
• NAT rules will be migrated “as-is”.
• Geo-location rules from FTD will be honored and mapped into Check Point.
• Client-based blacklisting will be migrated into the solution, using external feeds via URL.
• A single IPS profile consisting of a clone of the vendor's “out-of-box” balanced profile (optimized).
• 1X site-to-site VPN.
• Integration into Client’s Cisco ISE solution for RADIUS-based admin authentication.
• NGFW licensing and blades to be installed on firewall devices, to allow features to be enabled in the future and expand the solution.

How has it helped my organization?

The Client wishes for the ASA firewalls to be replaced with a Check Point systems solution, which consists of 6200 Plus Appliances. 

The initial requirement was to migrate the configuration in an “as-is” state, with the necessary licensing purchased and installed to enable expansion of the solution with next-generation feature sets in the future.

The solution was able to meet and exceed the client's requirements thereby improving the client's environment.

The management server is software-based.

Firewalls and licensing include:
• FW
• IPS

The solution provides a single pane of glass management of rules/logging.

The solution supports IPsec tunnels FOR 1X IPsec VPNs.

The solution integrates with the client’s Cisco ISE RADIUS solution for administrative access.

What is most valuable?

The compute power of the appliance is great. The Check Point appliances are considered NGFW devices and can process both the ASA and FTD requirements on a single instance, removing the requirement for an expansion SSD module and/or additional hardware.

What needs improvement?

We'd like an option that can convert other vendors' NGFW configurations to supported Check Point NGFW config for ease of migration.

Check Point configuration options can be very enormous and overwhelming.
Check Point comes with a very lean learning curve even though they offer a robust knowledge base. 

A lot of configuration cannot be accomplished via the web interface or the smart dashboard software and must be done manually via the command line interface.

I'd like to see some built-in automation for the firewall alerts/events to trigger an automated response or recovery.

For how long have I used the solution?

I've used the solution for three years.

What do I think about the stability of the solution?

The solution is stable with frequent version and management updates.

What do I think about the scalability of the solution?

The solution is highly scalable and expandable.

How are customer service and support?

The solution offers great customer support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used a different solution and needed more processing power and functionality which this had compared to industry competitors.

How was the initial setup?

The setup was straightforward yet third-party device migration contained a lot of manual configuration conversions.

What about the implementation team?

I implemented this myself.

What's my experience with pricing, setup cost, and licensing?

Pricing can be relatively more expensive when compared to industry peers, however, the functionality makes up for the price difference.

Which other solutions did I evaluate?

We also evaluated:

What other advice do I have?

This is a great overall solution.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Check point Partner
Flag as inappropriate
PeerSpot user
Buyer's Guide
Check Point NGFW
December 2023
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: December 2023.
745,775 professionals have used our research since 2012.
Technical Engineer at a tech services company with 11-50 employees
Real User
Robust network security with advanced features, user-friendly management, and good scalability
Pros and Cons
  • "Its greatest asset lies in its user-friendly interface, making it exceptionally suitable and reliable for managing gateways."
  • "When it comes to Check Point's small business gateway series, there might be a need for hardware upgrades, as configuring them can sometimes be a bit challenging."

What is our primary use case?

The primary use case is to enhance security by safeguarding the internet connection for both servers and users.

What is most valuable?

Its greatest asset lies in its user-friendly interface, making it exceptionally suitable and reliable for managing gateways.

What needs improvement?

When it comes to Check Point's small business gateway series, there might be a need for hardware upgrades, as configuring them can sometimes be a bit challenging.

For how long have I used the solution?

I have been working with it for two years.

What do I think about the stability of the solution?

I would rate its stability capabilities eight out of ten.

What do I think about the scalability of the solution?

I would rate its scalability abilities eight out of ten.

How are customer service and support?

Seeking solutions from them can be quite challenging and often takes a while, which then impacts our workload. I would rate it seven out of ten.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I have some experience with Juniper, WatchGuard, Cisco, and Fortinet.

How was the initial setup?

The initial setup is relatively complex.

What about the implementation team?

Deployment duration varies based on the customer's specific conditions. On average, an installation might take around twenty minutes.

What's my experience with pricing, setup cost, and licensing?

The best solutions tend to come with a higher price tag. If something is inexpensive, it often implies a compromise in quality. The solution is indeed costly. I would rate it eight out of ten.

What other advice do I have?

Overall, I would rate it eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Stef Xen - PeerSpot reviewer
Network Engineer at a tech vendor with 201-500 employees
Vendor
Good remote access, reporting, and firewall rules
Pros and Cons
  • "With the outstanding capabilities of Check Point, we managed to have stable site-to-site VPNs with all our partners and with every other vendor's devices."
  • "SmartEvent Settings and Policy GUI, and the rest of external apps should be improved."

What is our primary use case?

My company had the need to replace the existing firewall cluster of our data center, due to the end of support and end of life of the model. The choice of our next firewall depended on the following:

1) Ease of use

2) Ease of deployment

3)Centralized Management

4) Remote Access VPN Support

5) Strong Forums and Community

6) Strong Technical Support in case of any failure

7) Training of administrators via vendor certifications

8) Reporting capabilities for capacity planning

We have many site-to-site VPNs with our partners; they access our platform via site-to-site VPNs, remote access VPNs, and the internet.

How has it helped my organization?

With the outstanding capabilities of Check Point, we managed to have stable site-to-site VPNs with all our partners and with every other vendor's devices. The remote access capabilities and features are considered very strong, since the settings are excessive, and focused on each customer's need. 

The IPS engine and all threat prevention features are considered stable. Central management of every firewall spread all over the world is achieved by setting up an SMS server, which makes our lives easier.

What is most valuable?

SMS server is considered very valuable, as Central management of every firewall spread all over the world is achieved by setting it up.

Remote Access VPN is used by our company for work-from-home purposes of our employees and for partners that need to access our resources.

Reporting of network interface traffic is very valuable since capacity planning for the next quarter or year takes place, and provides us with valid data.

Firewall access rules contain the negative choice.

IPS engine protects our infrastructure from malicious events.

NAT counters, ACL Counters.

What needs improvement?

Monitoring of the site-to-site VPNs and administration of the site-to-site VPNs (bring tunnel down, bring tunnel up) should be improved, as this will make the troubleshooting process easier, if something goes wrong, in order to understand which side has the issue.

As a company, we have the need to pass traffic from one site to site VPN to another, and this is not achieved directly via ACL policies; we need to create another VS environment in order to achieve it.

SmartEvent Settings and Policy GUI, and the rest of external apps should be improved.

For how long have I used the solution?

I've used the solution for three years.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Implementation Specialist at NTT Security
Real User
Top 5
User-friendly with good dashboards and helpful support
Pros and Cons
  • "The Check Point firewall features for Next Generation Firewalls are excellent."
  • "Bug Fixes and enhancement requests should be remediated earlier, as we have multiple dependencies and auditors are forced to have the latest possible environments."

What is our primary use case?

Our customer has been the best in stock trading; they observed that in peak hours or business hours buying and selling the stocks was time-consuming.

When they reached out to the firewall team, we checked the disk space, memory, and HDD we didn't notice much difference.

However, we monitored the interface utilization, and 1 GB was choking up and being consumed. The cpstat status on the interface level monitor and bundling the multiple interfaces fixed the issue.

How has it helped my organization?

We have been fixing the performance and also found that the solution offers:
1. A user-friendly dashboard with all the information available in front view and we view according to our requirements in graphical, statistically, etc.
2. Check Point firewall can combine all locations in one Check Point management console so that we can monitor everything with alert configuration.
3. We have multiple options for SIC resetting.
4. We can monitor the complete organization (for RAM, Memory, Disk, and CPU) and alert handle monitoring. We can now easily handle failovers.

What is most valuable?

The Check Point firewall features for Next Generation Firewalls are excellent. Through scripts, we can easily push firewall rules, extract, and import as per availability. Scripting is the best way to support the firewall functionality and it's been supported by all major versions. We can monitor all types of logs (traffic logs, management logs, and active logs). 

The firewall is EDR-supported; we can block or allow the URLs as per phishing or detection. 

Firewall flow and logs analysis is awesome.  

What needs improvement?

Bug Fixes and enhancement requests should be remediated earlier, as we have multiple dependencies and auditors are forced to have the latest possible environments.

Check Point's major version should have an extended time than the default time mentioned in the end-of-life policy document with additional prices.

As for deployment, we follow best practices for long-term support services. Tools must be introduced and supportive in analyzing the data, flow, and threats. We have to introduce the scripting part to work seamlessly.

For how long have I used the solution?

I've been using the solution for more than ten years.

What do I think about the stability of the solution?

The stability offers high performance.

What do I think about the scalability of the solution?

The scalability offers high performance.

How are customer service and support?

The support is the best in the marketplace.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did not use a different solution. It's the best in the marketplace and stronger than any other firewall. We can trust it 100%.

How was the initial setup?

The initial setup was complex.

What about the implementation team?

We handled the setup in-house.

What's my experience with pricing, setup cost, and licensing?

Definitely, every sector [banks, finance, corporate, etc] should have a Check Point Firewall for strengthening/securing the environment.

Which other solutions did I evaluate?

We did not evaluate other options.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
IT Manager at Gainwell Technologies
User
Easy to use and manage with helpful support
Pros and Cons
  • "Check Point NGFW has helped us to significantly reduce our risk of cyberattacks by providing comprehensive protection against a wide range of threats, including malware, viruses, ransomware, phishing attacks, and zero-day threats."
  • "It can be expensive, especially for small businesses."

What is our primary use case?

Check Point NGFW is a critical component of our security infrastructure. It provides comprehensive next-generation firewall (NGFW) security for our perimeter and DMZs, protecting us from a wide range of cyber threats, including malware, viruses, ransomware, phishing attacks, and zero-day threats.

Check Point NGFW uses a variety of advanced technologies to protect our network, including intrusion prevention, application control, and threat intelligence. It is also able to detect and block sophisticated cyberattacks that traditional firewalls cannot.

How has it helped my organization?

Check Point NGFW has helped us to significantly reduce our risk of cyberattacks by providing comprehensive protection against a wide range of threats, including malware, viruses, ransomware, phishing attacks, and zero-day threats. 

It has also improved our network performance and reliability by optimizing traffic flow and reducing latency. 

We are confident that Check Point NGFW will continue to protect our network from the latest cyber threats due to its advanced security features and its team of experts who are constantly monitoring and updating the product.

What is most valuable?

As a security professional with over ten years of experience, I've seen firsthand the devastating impact that cyberattacks can have on organizations of all sizes. That's why I'm so passionate about using the best possible security solutions to protect my clients.

One of my favorite security solutions is Check Point NGFW. It provides comprehensive protection against a wide range of cyber threats, including malware, viruses, ransomware, phishing attacks, and zero-day threats. It is also designed to deliver high performance even in the most demanding environments, and it can be scaled to meet the needs of organizations of all sizes.

I've also found Check Point NGFW to be very easy to use and manage, even for users with limited IT expertise. This is important to me because I want to make sure that my clients can focus on their business without having to worry about complex security solutions.

Overall, I highly recommend Check Point NGFW to any organization that is looking for a comprehensive and effective security solution.

What needs improvement?

There are a few areas where Check Point NGFW could be improved. First, it can be expensive, especially for small businesses. Second, it can be complex to configure and manage, especially for users with limited IT expertise. Finally, its licensing model can be complex and confusing.

Despite these areas for improvement, I still highly recommend Check Point NGFW to any organization that is looking for a comprehensive and effective security solution. I am confident that Check Point will continue to improve its products in the future, and I am excited to see what new features and capabilities they come up with next.  

One thing I would like to see in the next release is an AI-powered threat detection and prevention system that can automatically identify and block new and emerging threats.

For how long have I used the solution?

We've been a Check Point customer for over 21 years, and we've always felt that they are a trusted partner in our cybersecurity efforts.

What do I think about the stability of the solution?

Overall, I'm very impressed with the stability of Check Point NGFW. It's a powerful security solution that can meet the needs of organizations of all sizes.

What do I think about the scalability of the solution?

One of the things that I appreciate most about Check Point NGFW is its flexibility. It can be deployed in a variety of ways, including physical appliances, virtual machines, and cloud-based instances. This makes it easy to scale your security infrastructure up or down as needed.

How are customer service and support?

I've always been impressed with the responsiveness and expertise of Checkpoint's customer service and support team.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have never used a different solution. We have been using Check Point NGFW since we first launched our network 21 years ago, and we have been very satisfied with its performance and reliability.

How was the initial setup?

The complexity of the initial setup of Check Point NGFW depends on the size and complexity of your network, as well as the features and capabilities that you need.  

If you have a large enterprise with a complex network or need to configure all of the features and capabilities of Check Point NGFW, I would highly recommend that you engage Check Point Professional Services to help you with the setup process.

What about the implementation team?

We have always used Check Point Professional Services to assist with our implementation.  They are very knowledgeable and can save you a lot of time and frustration.

What was our ROI?

To maximize the ROI of Check Point NGFW, it is important to choose the right deployment model, use Check Point's security services, and keep the software up to date.

What's my experience with pricing, setup cost, and licensing?

There are a few areas where Check Point NGFW could be improved. First, it can be expensive, especially for small businesses. Second, it can be complex to configure and manage, especially for users with limited IT expertise. Finally, its licensing model can be complex and confusing.

Despite these areas for improvement, I still highly recommend Check Point NGFW to any organization that is looking for a comprehensive and effective security solution. I am confident that Check Point will continue to improve its products in the future, and I am excited to see what new features and capabilities they come up with next.

Which other solutions did I evaluate?

We evaluated Cisco ASA Firewall before choosing Check Point NGFW.

What other advice do I have?

A few months ago, one of my clients was targeted by a sophisticated ransomware attack. Check Point NGFW was able to detect and block the attack before it could cause any damage. My client was very grateful for Check Point NGFW's protection, and I was relieved that I was able to help them avoid a costly and disruptive attack.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Saurabh Lahoti - PeerSpot reviewer
Network Engineer at Worldline Global
User
Intuitive with a user-friendly management interface and is accessible to non-technical staff
Pros and Cons
  • "Check Point firewalls have significantly improved our ability to detect and prevent threats."
  • "It requires enhanced automation tools for regulatory compliance to ease the burden of compliance reporting and auditing."

What is our primary use case?

The implementation of Check Point firewalls has been a transformative experience for our organization. It has significantly improved our cybersecurity posture, enabling us to detect and prevent threats more effectively, streamline management, and stay agile in the face of evolving security challenges. 

With Check Point, we are not just securing our data, we are also protecting our brand and reputation. The value they bring to our organization is immeasurable, making them an essential component of our overall cybersecurity strategy.

How has it helped my organization?

In today's ever-evolving digital landscape, cybersecurity is paramount for any organization. For our company, the implementation of Check Point firewalls has proven to be a pivotal moment in our ongoing quest to bolster our cybersecurity defenses. These firewalls have not only improved our security measures but have also positively impacted our overall business operations.

In our industry, adhering to stringent compliance regulations is paramount. Check Point firewalls help us ensure compliance with industry-specific regulations and standards, such as HIPAA, GDPR, or PCI DSS. This compliance assurance has eased the audit process and instilled trust among our clients.

What is most valuable?

Check Point firewalls have significantly improved our ability to detect and prevent threats. The robust threat intelligence capabilities, coupled with real-time monitoring, have allowed us to swiftly respond to potential security breaches. As a result, we have experienced a noticeable decrease in security incidents and data breaches, which ultimately translates into cost savings and a bolstered reputation.

As our organization grows, so does the volume of data we need to protect. Check Point firewalls have proved scalable and can handle increased traffic and the addition of new services without compromising performance. This scalability ensures that our security measures are always aligned with our business growth.

One of the standout features of Check Point firewalls is their user-friendly management interface. This intuitive platform has streamlined firewall management, making it accessible to both our in-house IT team and non-technical staff. This has resulted in a more efficient use of resources and time, allowing our IT personnel to focus on other critical tasks.

What needs improvement?

The product needs comprehensive reporting and analytics capabilities to help organizations gain insights into their security posture and demonstrate compliance to stakeholders.

It requires enhanced automation tools for regulatory compliance to ease the burden of compliance reporting and auditing.

The solution needs to tighten security by facilitating easy integration with MFA solutions to enhance user authentication.

It needs to integrate automation and orchestration capabilities to streamline incident response and automate routine security tasks, reducing the workload on security teams.

As containerization and microservices become more prevalent, it needs to provide security solutions that protect these modern application architectures effectively. Features like runtime protection and security scanning for containers can be beneficial.

For how long have I used the solution?

I've used the solution for almost five years now.

What do I think about the stability of the solution?

Check Point firewalls are quite robust and resilient.

What do I think about the scalability of the solution?

Check Point firewalls have proved scalable and can handle increased traffic and the addition of new services without compromising performance.

How are customer service and support?

The technical support is recommended. I'd give them an A++++.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I did not previously use a different solution. 

How was the initial setup?

The initial setup was straightforward.

What about the implementation team?

We deployed the solution using Check Point's PS Support. Their team is highly experienced and professional.

What was our ROI?

It's worth the cost.

What's my experience with pricing, setup cost, and licensing?

Initially, the cost of the investment might seem high compared to other vendors. However, in the long run, it might prove to be economical and cost-efficient.

Which other solutions did I evaluate?

I also evaluated Fortinet and Cisco ASA.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
reviewer09751353 - PeerSpot reviewer
Network Engineer at Upstream
Vendor
Easy to use and free of bugs with a good Smart Console
Pros and Cons
  • "mart Console simplifies the management of current policies and objects, making it effortless to track an object's usage or identify unused objects, thus ensuring a tidy configuration."
  • "In the past year, we faced severe downtime that lasted many days due to a misconfiguration."

What is our primary use case?

We use the solution for our data center firewall on-premises. We have deployed a VSX Cluster that currently holds three virtual firewalls. We have several site-to-site VPNs established with our partners and hundreds of policies applied. 

We had a custom configuration in our previous policy for which we were passing traffic from one VPN tunnel to another transparently. With Check Point we had to create a new virtual firewall in order to keep it working, so from one firewall we ended up with two rerouting traffic from one firewall to another and changing NAT in order to keep this solution running. 

Finally, we created another (third) virtual firewall and configured it to be only a remote access SSL VPN firewall and to be used as a backup if our primary in our HQ fails while the other two firewalls handle production traffic. 

How has it helped my organization?

We selected this solution in order to replace the Cisco ASA we used to have. 

The features the CP firewall has combined with a very attractive price led us to this decision. The migration was smooth and all the features we needed have been configured easily and worked as expected. Additionally, the SmartConsole and the Log Event viewer made our every day to day tasks easier. 

Also, we were provided with a trial license for the compliance blade and the IPS which are truly amazing. I believe that the compliance blade will be used soon by our company in order to assist with the ISO certificate we are trying to get. 

Since we have already deployed an AWAF on our premises we didn't use the IPS but the features presented definitely would increase the security level. 

Although we use it as our data center firewall, it would be ideal for our HQ Office with all the security features it provides.

What is most valuable?

I appreciate the Smart Console for its ease of use and clarity in managing configurations. It's user-friendly and free of software bugs. Smart Console simplifies the management of current policies and objects, making it effortless to track an object's usage or identify unused objects, thus ensuring a tidy configuration. 

Additionally, the hit count feature proves highly valuable, enabling policy prioritization based on usage frequency and facilitating verification of traffic alignment with newly created policies. Furthermore, implementing 2FA for SSL VPN users was a straightforward process, notably without the need for additional costs, unlike the FortiTokens required for our primary SSL VPN.

Additionally, the quick and seamless option to revert to a previous configuration revision is highly valuable. The logs tab serves as a helpful tool for troubleshooting. 

It's worth noting that we've experienced no CPU or memory issues, and the system is highly responsive.

What needs improvement?

The only downside is that we are not able to have redundant VPN tunnels with our cloud environments. We tried many guides suggested by the CheckMates community and have not been able to easily capture packets in a PCAP file as we used to do with the ASDM Packet Capture Wizard.

Finally, in the past year, we faced severe downtime that lasted many days due to a misconfiguration. Support wasn't able to detect it. We are allowed to add an automatic NAT in an object and install it in all three virtual firewalls that we have. I cannot imagine a real case that needs this option. This option should be totally removed. 

The destination MAC address for this object was flapping between the three virtual MAC addresses of the FW leading to a packet loss in our service up to 30%. Our manager found the root cause at the end.

For how long have I used the solution?

I've used the solution for three to four years.

What do I think about the stability of the solution?

In the past four years that we have had Check Point, we haven't faced any stability issues. It is a stable solution.

What do I think about the scalability of the solution?

Our cluster is oversized for our needs so we haven't reached any system limits in order to face an issue or at least observe its behavior. Our solution covers our current needs and can easily handle any additional load.

How are customer service and support?

Technical support is average. From my last experience, it was my manager who found the root cause of the downtime. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

As noted earlier, our transition to this solution marked a shift from our previous Cisco ASA Cluster setup. Check Point's prominent position in the network industry and the compelling price point offered made it too appealing to overlook.

How was the initial setup?

The initial setup and the configuration migration were done by an integrator who specializes in such migrations. It was complex enough yet very well-planned and organized.

What about the implementation team?

The implementation was done by a very qualified vendor team.

What was our ROI?

Since I am in the engineering department, I can't evaluate the actual income or costs of handling our production traffic with this solution.

What's my experience with pricing, setup cost, and licensing?

I'm not sure what was evaluated. It depends on the company's unique existing infrastructure and needs.

Which other solutions did I evaluate?

We evaluated offers for Cisco, Fortinet, and Palo Alto solutions.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2023
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.