Check Point NGFW Reviews

I use it for UTM [Unified Threat Management]. I use a gateway firewall at the office.

Next Generation Firewall, along with Threat Emulation and Threat Extraction, is what I use. Real-time prevention is there to protect against zero-day malware and Check Point Sandbox.

And then, the CPU-based emulation is a better feature than any technologies not having that. Check Point has a CPU-based emulation. Normally, Fortinet and others, they do it differently. But these people work on a technology called CPU-based emulation. 

This CPU-based emulation is a unique CPU-level technology that catches malware before it has an opportunity to deploy or evade detection. They call it SandBlast. Check Point SandBlast Threat Emulation. That is a great feature, which they are using. It controls attempts to bypass OS security controls also. And then it avoids deep security.

I use our Check Point firewall for all the NATing of my applications. I use it for external traffic monitoring where my Internet links are connected, and I use it as a gateway.

The drawback is that I want to push the policy from my management console itself instead of on the Check Point device. For example, if I have two different firewalls, I want to push the policy to the gateway, and then it will take 10 to 20 minutes to roll back the policies. It should be applied faster.

I have been using it for more than a year.  

It is a stable product 99.4% of the time. 

Check Point NGFW has a feature where it can top two of the firewalls, and then we can integrate the performance. 

It's a cluster kind of solution where they can integrate.  

For the firewall, the support is good. 

Positive

I also use CloudGuard Security Posture Management. I also used Fortinet.

The major difference, I feel, is the threat emulation. It's zero-day protection. The supply chain attack is very, very low compared to all firewall vendors. 

For example, being parallel to Palo Alto Networks or FortiGate and NFT OS or Check Point, that supply chain attack was very, very low in our Check Point firewall. And then the maintenance was very, very low compared to all.

That is my takeaway. My one of my takeaways before proceeding with my procurement decision was that there are two things: one is the security point. Another one is performance. The last one is very, very important. That is for the supply chain attack because we need to concentrate more on other products also. 

So I don't want to spend too much time on the maintenance part. So this supply chain attack was very, very less compared to other providers since we are using multiple firewalls. This particular firmware was very stable, and there was no need to update until unless it is necessary and shared by Check Point team. So my takeaway is that the supply chain attack was very less compared to all.

If the person knows the technology and the basic functionalities of a firewall, they can integrate it very fast.

We took three days to deploy.

Three people were involved: my IT security manager, myself, and one L3 engineer who deployed the product.

The architecture and functionalities are managed by me, and then the deployment is taken care of by our team members.

Compared to Fortinet and Check Point, both are the same.

Check Point is coming up withsome AI integration and some AI features. They are using threat emulation on the AI front, but they are also discussing the quantum processor, where they have integrated many new features.

Overall, I would rate it a nine out of ten.

We use Check Point NGFW for edge firewalls as well as internal segregation firewalls. It easily allows us to separate critical traffic from non-critical office traffic.

We use Check Point NGFW for edge firewalls as well as internal segregation firewalls. It easily allows us to separate critical traffic from non-critical office traffic. Check Point ThreatCloud is excellent. Their central management console makes managing hundreds of firewalls very easy, and their antivirus that's part of the ThreatCloud is very good. Since implementing it, we have noticed a lot less getting through that maybe other antivirus within firewalls had failed to catch.

Pricing is high, but it's worth it. That's the main one.

I have been using Check Point NGFW for over ten years.

Check Point NGFW is stable.

Check Point NGFW has excellent scalability.

Customer support is excellent.

Positive

We did previously use several solutions from SonicWall and other vendors, and Check Point was just a better overall solution for our environment.

Make sure to get a good third-party consultant or something to assist you, as the learning curve is steep at first.

We have seen a good return on investment. However, I do not have any metrics I can easily share.

All good. No issues.

We evaluated a few other companies. The main one, or the biggest competitor, was Palo Alto.

Make sure, if you do not have any experience with Check Point, to get a good third-party consultant or something to assist, as the learning curve is steep at first, but well worth the end benefit. Reliability, customer support, and just overall excellence. I would rate the overall solution ten out of ten.

On-premises

The tool helps with VPN and connecting mobile devices. We also use it for identity security. It filters internet access and controls applications. The firewall has an intrusion prevention system and stops data loss. 

Internet access and filtering are important, and data loss prevention is definitely key. The threat access builder is useful. Application control is also big for us. We use it to check and block application downloads, looking for malicious or rogue software. This feature is very helpful.

Sometimes, the firewall doesn't pick up on certain things. If an attacker is clever and uses a low-profile indicator, the firewall might flag an anomaly but not give enough information to decide if it's worth investigating. The threat intelligence component also has challenges. It doesn't always tie alerts to active campaigns or threat actor groups. We often have to do extra work and use other products to figure these out.

I rate the solution's stability a seven out of ten. 

I rate the tool's scalability an eight out of ten. My company has 2500 users. 

The tool's support was responsive in critical situations, but for non-critical issues, they sometimes dropped the ball or didn't get back quickly enough. We had to do a lot of follow-ups and escalations to our technical account manager.

Neutral

Before choosing Check Point NGFW, we used Palo Alto Networks. We switched because of issues with Palo Alto. Their customer support wasn't very responsive. Some policies weren't working right, letting things through that should've been blocked. We compared different pricing options and features before deciding on Check Point NGFW. The main differences between Palo Alto and Check Point NGFW were mostly in how they worked for us. They both offer good next-gen firewalls, but we had some problems with Palo Alto. Sometimes it wouldn't notify us quickly when something got through. Its prevention wasn't always as strong as we wanted.

We felt Palo Alto's traffic inspection was only partial, not checking everything thoroughly. Check Point NGFW seemed to offer better inspection. Check Point NGFW also had better threat intel and application control. With Palo Alto, we couldn't see all our applications, only some of them. This caused shadow IT problems. Cost was also a factor in our decision.

The initial setup of Check Point NGFW is relatively straightforward. It's similar to other firewalls I've used and not too complex. If you have all the prerequisites in place, it's fairly easy to set up. On a scale of one to ten, with ten being the easiest, I'd rate the setup process around seven or eight.

The deployment takes about a week. We had a deployment process that involved going through change management, getting approvals, notifying stakeholders like the infrastructure team, and deploying the solution.

We used a consultant for the deployment because we were dealing with other initiatives and it was a tight situation timing-wise, even though we could have done it in-house.

Aside from the consultant, we had two or three staff members involved in the deployment. Their job roles were mainly on the security side - security architects, engineers, and analysts. Their roles were fluid, so they could take on various tasks if they had the knowledge or interest. For maintaining the solution, the number of staff required depends on the scale of the deployment. In our setup, about two people were in charge as the main points of contact.

I saw definite operational impacts from using Check Point NGFW. It helped prevent breaches, data security issues, and security incidents. We constantly saw attempts being blocked and picked up by the firewall. This was an improvement over Palo Alto, where some things got through without being detected. With Check Point NGFW, we got a significant return on investment because it prevented a major incident from happening and escalating.

I rate the solution's pricing an eight out of ten. It costs around 100,000-200,000 dollars per month. Besides standard licensing fees, we paid extra for enterprise-level premium support. There were also onboarding costs factored in. These additional costs made it more expensive overall. The total cost was around 100,000 dollars, which was challenging for our budget. Check Point was also pricey, not much different from Palo Alto Networks. However, we decided switching to Check Point was better because it offered more capabilities for a similar price.

I rate the overall solution a seven out of ten. 

Hybrid Cloud

Amazon Web Services (AWS)

My main use case for Check Point NGFW is as a way to serve as an internal firewall for most of our network security operations and remote access.

A specific example of how Check Point NGFW helps with operations and remote access in my organization is that we've seen improved security and protection. In addition to the security features of the firewall, we are integrating it for VPN use.

Check Point NGFW has positively impacted my organization by providing a significant reduction in security breaches, along with improved visibility and granular control over our applications and users. It has also improved network performance and stability.

An example of how having granular control has helped my team in a real situation is that we are looking at application traffic and blocking malicious content for improved network performance and stability. We can also optimize bandwidth utilization, and regarding reduced breaches, we've seen it detect threats before they actually happen to our internal network. About enhanced visibility, we are looking at the ability to identify and control applications for users.

The best features Check Point NGFW offers in my experience include the centralized management console, which stands out to me, and it has a variety of tools such as policy management.

The value of the centralized management console and policy management for me is that it offers insight into all our policies that we administer, along with all the devices that we use regarding Check Point in the organization. This saves time during administration and configuration, especially for new users and new policies.

It saves us quite a bit of time compared to the way we managed things before, as it takes about a minute or so to spin up policies and push them through the organization network. I appreciate that we can create a template which we can use for multiple deployments regarding policies, which saves a lot of time. I also appreciate the reporting feature which gives elaborate reports for events.

I believe Check Point NGFW can be improved by making its initial configuration and deployment easier in the future because the first-time setup is really hard.

The first-time setup was difficult because when we looked at the documentation, I made a suggestion to get clearer guidance.

I've been using Check Point NGFW for about a year and a half now.

My experience with the deployment process was that it's a bit complex for first-time users.

Check Point NGFW is stable for us, and we have experienced no crashes or downtime.

The customer support is great, and I have had to reach out to them; issues are resolved in a timely manner.

I would rate the customer support an eight out of ten.

Before using Check Point NGFW, we had Sophos Firewall, and we switched because we wanted to try something new, but also Check Point proved to provide more enhanced features and tools.

Overall, the initial setup with Check Point NGFW is a bit complex.

The complexity of the configuration for first-time users arises from the guide and documentation, which, as I said earlier, is not straightforward. We received training later on, which enhanced our usage with the appliance.

We have seen a return on investment in terms of reduced incidents, as we've seen a reduction in security incidents.

Prior to choosing Check Point NGFW, we evaluated other options such as Huawei.

My advice to others looking into using Check Point NGFW is that they would need to evaluate their organizational needs, especially network and security-wise, before making a decision on what option to purchase on the market regarding firewalls and security appliances.

My company has a business relationship with this vendor, as we are both a partner and a reseller.

I rate Check Point NGFW eight out of ten.

On-premises

We were looking for a solution to simplify our hybrid cloud infrastructure. We wanted something that could manage both our on-premises and cloud environments seamlessly. Nutanix offered that unified management plane. We also needed to improve our disaster recovery capabilities.

It's been really good. It simplified our operations significantly. We're able to manage everything from a single pane of glass, which has been a huge time saver.

The Prism Central management console is excellent. It gives us a centralized view of our entire infrastructure. Also, the built-in disaster recovery capabilities have been essential. We've tested failover scenarios, and they worked flawlessly. It simplified our operations significantly. We're able to manage everything from a single pane of glass, which has been a huge time saver.

The initial setup was a little complex, but Nutanix support helped us through the process. Also, licensing can be a bit complicated.

We've been using it for about two and a half years now.

Nutanix support helped us through the process when the initial setup was complex.

Positive

The initial setup was a little complex, but Nutanix support helped us through the process.

Licensing can be a bit complicated.

Absolutely. Especially for companies looking to simplify hybrid cloud management and improve disaster recovery.

Hybrid Cloud

Other

My company is an IT service provider. We suggest customers choose the Check Point next-generation firewall along with other OEMs for their environment. Once they choose (and confirm the product with model capabilities), we migrate the existing firewall to the new firewall. 

I have deployed multiple Check Point products. Based on my experience and its effective features, I do suggest customers go with Check Point NGFW. I love its security profiles which effectively secure the organization's LAN, DC, and DMZ network.

The solution has improved organizations via:

1. Ease of deployment: We can easily implement and deploy the check Point NGFW.

2. Deep Inspection: It inspects traffic beyond just port number and IP address.

3. Threat Prevention: It has multiple security features and we can enable and integrate these features like IPS(Intrusion Prevention System), Anti-Bot Protection, and SandBoxing.

4. Organizations can enable Multi-Factor Authentication (MFA) in their network environment to verify their identity before they access the network. this feature keeps the integrity of the LAN network.

My favorite feature of Check Point NGFW is its "deep traffic inspection capability" due to the fact that:

1. It provides deep-level control over the network activity, allowing you to prioritize critical traffic first based on organization requirements.

2. It analyzes application behavior to detect suspicious activity.

3. We integrate with Sandbox technology to safely detonate and analyze zero-day threats. 

4. It also blocks the application and prevents them from accessing the organization's LAN network.

5. It gets a regular zero-day signature update.

During my initial level implementation of check Point NGFW, I faced issues troubleshooting. The problem was with its command line. 

Check Point runs on Linux and its command line is Linux-based. However, at the time, I was not familiar with Linux commands, and I invested lots of time in finding the Linux command and understanding the meaning, then went for troubleshooting.

It would be very helpful if the OEM provided all the Linux commands in a way that we could easily understand and follow the steps to configure or troubleshoot the issue using the command line.

For the last year, I have been implementing and deploying Check Point NGFW in multiple client environments. 

Its NAT automation and routing intelligence are excellent. We are not required to configure NAT rules separately; we can enable them while creating an object. We are also not required to configure reverse routing for LAN subnets.

At this time, Check Point NGFW is more stable than other options.

The scalability is wonderful.

Customer service and support are good. However, they can be enhanced.

Positive

We do not choose the solution. Rather, we provide multiple solutions to the customer.

The solution is easy to implement.

We are from the vendor side. We can help implement the solution. 

As of now, everything is good as per the market scenario.

We did not evaluate other options. 

On-premises

We use the Check Point Next Generation Firewall for whitelisting and blacklisting of addresses. It's part of our identity management solution and is utilized for inbound and outbound traffic services. 

Additionally, it is integrated with our DMZ, managing traffic from an IP addressing scheme. We also use it for monitoring different types of classified and nonclassified applications.

Check Point has improved our organization's ability to manage both classified and nonclassified applications securely, ensuring they pass through multiple layers of security within our firewall infrastructure.

One of the most valuable features is the ability to whitelist and blacklist sources to control access to our ecosystem, ensuring secured SaaS application access. It provides robust security across classified and nonclassified applications and integrates well with our existing infrastructure.

The graphical user interface (GUI) could benefit from some updates, although it is generally satisfactory in its current form.

The solution is stable, and I have the utmost confidence in its software stability.

The application is very scalable, allowing us to manage security across different network layers and support various applications and activities.

Customer support quality depends on the person you interact with. However, the support team we engaged was knowledgeable and well-versed with the application, allowing us to resolve any potential issues effectively.

Positive

We switched to Check Point due to cost and maintenance benefits. The previous solutions required significant resources to handle network and communication alignment during upgrades.

The initial setup is straightforward, with no significant issues arising from the box configuration.

Our implementation team comprised about thirty individuals, including supervisors for each stage, to manage testing, validation, staging, and production.

We conducted a detailed analysis and determined a high return on investment. Maintenance and stability were key factors contributing to a favorable ROI.

We found the pricing reasonable, ensuring the product was not overpriced. However, I am not familiar with the exact cost details.

I would absolutely recommend this solution to others for its robust security and scalability.

I'd rate the solution ten out of ten.

On-premises

We needed stateful inspection, logging, integration with Active Directory, and the ability to monitor devices using standard SNMP for use cases. Now, with the tool's Skyline product and OpenTelemetry, we can monitor it through Prometheus and Grafana. It has all the features we needed when we certified the solution.

Integration with Active Directory, IPS, standard VPN, and the firewall itself are the most valuable features for us. We haven't yet certified or aren't using Application Control, anti-bot, or anti-virus features.

Significant improvements have been made in the product. I started working with the R65 code and then upgraded to R74.40. When they transitioned from R77.30 to R80.x, they made major back-end modifications, switching from a flat file system to Solaris and Postgres. This was a big step that neither customers nor their support staff were fully prepared for.

Now, they're adding more features due to the increased flexibility of the new back-end. The main improvement I'd suggest is better preparation when introducing new features. Before releasing, they must train their support staff to troubleshoot these new features. The transition from R77.30 to R80.x was problematic due to a lack of preparation by Check Point, customers, and support.

Sizing is crucial, but we've never had issues with the products we've sized for each environment. The Maestro solution provides a lot of flexibility. On a scale of one to ten, with ten being the highest scalability, I'd rate it a ten.

I use Palo Alto firewalls. Check Point NGFW was the first to invent the stateful inspection firewall. They focus more on security and try to keep their motto of "keep security simple". They don't get bogged down in marketing or complicated terminology when using their products.

Even enabling a firewall blade on Palo Alto requires learning about different sync ports, how sync ports differ between chassis, and navigating through multiple GUI tabs for configuration. It's not as straightforward.

On the other hand, Check Point NGFW has kept things very simple for deployment. You set it up once, and then you can repeat the same process repeatedly.

On a scale of one to ten, with ten being the easiest, I'd rate the initial setup as ten. The process is straightforward: you rack and stack, configure the management code, create a standard policy, establish SIC, and push the policy. This process has remained consistent over the years.

For deployment, it took us longer than the typical two weeks because we had to design solutions for different scenarios. Check Point offers various options, such as clustering solutions, Maestro solutions, and standalone solutions. We had different use cases—some required standard clusters with ClusterXL, while others needed scalability solutions like Maestro. We also had to factor in sizing considerations.

The certification process took about the same amount of time as other products. We've been using the Maestro solution for a while now, so when new platforms are released, there isn't much change required beyond certifying the new hardware and ensuring backward compatibility with our certified solution.

Initially, it took a little more than two weeks to certify. However, the actual deployment still follows the same standard process and is actually easier now than it was in the past.

We call the team responsible for deploying certified solutions to the service delivery team. It's made up of two groups: build services and service delivery. The build services team works with our networking team to ensure our network and peering devices are set up right to host the firewall.

The service delivery team focuses more on the firewall itself. We need about three or four extra people from build services for firewall deployment. They act as go-betweens with the network team, ensuring our firewall solution works well with the peering devices when we put it in place. The build services team is important because they ensure everything fits together properly when we set up our firewall.

For maintenance, the solution is pretty stable. We have a global team, but a separate team handles regular firewall changes and daily operations. For support, we have about ten people total - three groups of three people each. This team manages around 1200 firewalls, including Check Point and Palo Alto devices.

Check Point NGFW is much cheaper than other platforms, including Palo Alto. Its scalability, especially with the Maestro solution, is a big advantage. If you're looking for good security at a reasonable price with a good return on investment, I believe Check Point NGFW is the way to go.

I've been dealing with Check Point NGFW for my entire career. I started with their Stateful Inspection feature. The term "Next Generation Firewall" is just marketing. Check Point's UTM product was designed from the ground up with next-generation features. They have a feature called Blaze. Besides stateful inspection firewalls and VPNs, they offer IPS, application control, URL filtering, antivirus, and antibot. You can also integrate it with third-party tools like Active Directory for authentication. This combination of features is what's called a next-generation firewall.

Other vendors use terms like app ID or user ID. They focus less on ports and more on ensuring services match their intended use. For example, if port 22 is enabled, it should be for SSH service, not something else. We use both Check Point NGFW and other products. I think if you commit to one vendor's approach, it can be hard to switch late.