Check Point NGFW Reviews

I work for a large bank in Australia and the Check Point NGFW is used on the edge of the network. This strategic positioning allows the platform to provide extensive protection to internal systems from the internet, avoiding security threats on the most sensitive places on the network. 

Another factor in the positioning of the firewall is the protection from external partners connected to the internal network through VPN and MPLS tunnels. The solid performance and flexibility allow the platform to be trusted on this strategic spot.

Check Point NGFW has contributed to the success of the organization in keeping data safe through its powerful and flexible security features. 

In conjunction with the Check Point Management Platform, the firewalls provide an easy-to-use platform that facilitates and creates agility in the operation. The easiness to operate the platform creates a great value for the operation since it is easy to train people to work with the platform. 

Agility is also a key factor for the rapid response to business needs.

Even though Check Point NGFW provides a set of security features that enforce protection on the network, the most valuable aspect is also the most used feature: the plain and simple firewall component. This is the core of the product and works to a great extent without the need for all other available bells and whistles. 

What may sound obvious is actually an important point to be weighed, since several platforms in the market promise miracles but fail to deliver the basics. Check Point NGFW most definitely delivers a great, stable platform in that regard.

Although the GUI is simple to use and fairly comprehensive, more support via CLI would be beneficial for bulk operations. Repetitive tasks can surely be explored via API, however, oftentimes, tasks that are not worth automating can take longer than expected via GUI, while it could be easily tackled via CLI.

There should be better and more comprehensive reporting. This would also bring a lot of value to the platform by enhancing its capability of bringing transparency to the network.

I've used the solution for about three years.

The most recent software version is stable and reliable. There have been some issues in past versions, however, there have been no big ones in the most recent releases.

There are good scalability options through virtualisation. The platform can be expanded to multiple segments.

The support provided by the vendor either via professional services or an engineer is always spot on. They are quick to act and help.

This platform was already being used when I joined my company.

The initial setup can be cumbersome.

We did the implementation with vendor support.

As the platform delivers competent security enforcement with simplicity, the ROI is great. The easy-to-operate nature of the product means fewer hours spent by people struggling with things, while the network itself is constantly kept safe. 

The use of virtual firewalls within the platform should be considered for horizontal scaling and in order to increase the product's cost-effectiveness. 

I was not part of the evaluation process.

This is a great and stable platform overall. Performance and simplicity make this a good choice for any size of company.

We use Check Point Next Generation Firewalls as a perimeter firewall for all sites, including the DMZ, disaster recovery center, and branch offices. We also use IPS, Anti-Bot, Antivirus, Identity Awareness, Application Control, and URL Filtering blades at all gateways. At our main site, these blades provide additional security controls to our existing security solutions. For our branch offices, Check Point Next Generation Firewalls work as unified security products and we do not need to implement additional security solutions.

In addition to legacy firewall features, by using Check Point Next Generation Firewalls blade technology, you can improve your security. 

By using the smart console, you can control tens of gateways from a single point. The smart console also allows you to control all the blades from the same GUI. These features decrease our manpower needs. 

The identity awareness feature makes it easier to implement and manage firewall rules. 

The ease of configuring VPNs can be very useful especially for companies with lots of remote locations.

Check Point Next Generation Firewalls have numerous blade options such as Anti-bot, IPS, and URL filtering. In most cases, one box could be sufficient to use all these blades. You can manage all these blades from a single console. This feature lowers your administrative workload. 

If you have comparatively small branch offices, in addition to administrative workload, instead of spending money for security products such as proxy or IPS, Check Point Next Generation Firewalls could meet your requirements. 

If you have a long ruleset, you may experience performance issues on the GUI, and installing rule changes on gateways can take a comparatively long time. 

If you use Check Point firewalls for a long time, it is inevitable to have long rulesets over the years. The need for using different GUI applications for different versions can be confusing. A backward compatibility feature for smart console versions could be useful - especially if you are an enterprise customer, you probably need to use different versions at the same time. 

We have used the solution for 9+ years.

I am using Check Point Next Generation.

The solution boasts a host of features that we like. 

Tech support should be improved. There are times when the technical team fails to understand things at the ground-level. 

The dashboard can stand improvement. 

The solution is overly expensive. 

The initial setup is a bit complex. 

The solution is scalable. 

Technical support could be better, as the tech team at times does not manage to understand ground-level issues. 

The setup is somewhat on the easy side, but certain things are complex. While the solution is a little easier to manage than Palo Alto, I was forced to make comparisons between the two products. 

The price is too high. 

The solution is geared towards organizations hosting more than 50,000 employees.

It's our main firewall and the first line of protection from outside attacks. We use it to interconnect our remote locations (that use different vendors and equipment) and let the employees work remotely. We're a small site with 300 users and this equipment is more than enough for us. We use almost all the blades and the equipment has run smoothly for years. This NGFW monitors all the traffic outside of the main network, prevents malicious activities, and lets us easily manage network policies to shape our connections.

We have a lot of flexibility now, and a leg up identifying zero-day threats. We have multiple ways of doing policies now that we didn't have before. The options are more robust than previous products and I would say that we're pleased with the product. The reports I'm getting are that we're satisfied, even impressed, with the options Check Point offers.

There is a scope of improvement in detecting zero-day threats using the SandBlast technology, by introducing emulation of Linux-based operating systems. We have also observed issues while using the products with SSL decryption. There is room for improvement in application-based filtering, as with other firewalls available in the market today. Check Point has improved its application filtering capabilities in the recent past and their latest version, R80, is more capable but still, creating an application-based filter policy is a little cumbersome.

It's a NGFW with all of the capabilities required to protect for next-generation attacks at the perimeter level. The module or Security features that are provided as part of the base license with Check Point include (VPN, IPS, Application Control, and Content Awareness) which itself is strong enough to protect the organization.

The packet inspections have been a strong point. Our identity collectors have also been helpful. In many ways, Check Point has been a step up from the SonicWall that we had in-house before that. There's a lot of additional flexibility that we didn't have before.

I would like there to be a way to run packets that capture more easily in the GUI environment. Right now, if we want to read packet captures, we have to do so from the command line.

The biggest improvement they could make is having one software to install on all three levels of their products, so that the SMBs, the normal models, and the chassis would all run the same software. Now, while there is central management, everything that has to be configured on the gateway itself works differently on the three kinds of devices.

I started using the solution 3 months ago.

The web interface was easy for me. The configuration is logical, so it's easy to use and easy to understand how to protect, how to open a port, how to manage, and how to route a device. That's why I prefer Check Point. It's robust and I never have issues with the hardware.

The scalability is quite good. You can scale well across locations for not too much cost. If a company needs to expand, it can do so relatively easily.

Also, cost-wise, it's very affordable to scale up. It's not expensive to add hardware and licenses as needed. They make upgrading very cheap.

We have 200 people on the solution. That said, they are using it with an IPsec tunnel. They don't use all of the capabilities of the hardware. They are using it just to encrypt tunneling between the sites.

Technical support has been excellent

Yes, we were previously using SonicWall but security is less robust in comparison to Check Point.

The initial setup is very easy.

We implemented it through a vendor called S G Informatics India Pvt Ltd.

The level of expertise I would rate at 10 out of 10.

I would recommend going into Check Point solutions. Although Check Point has the option of implementing your firewall on a server, I would advise implementing it on a perimeter device because servers have latency. It's best to deploy it on a dedicated device. Carry out a survey to find out if the device can handle the kind of workload you need to put through it. Also, make it a redundant solution, apart from the Management Server, which can be just one device. Although I should note that, up until now, we have not had anything like that ourselves.

We have looked into Sophos.

The most valuable features are the security blades and the ease of managing the policies, searching logs for events, and correlating them.

Check Point is very strong as compared to the other vendors in the market.

The solution offers a very good centralized management console. 

It works well even for small deployments. 

The perimeter security is excellent. 

It works well even for cloud environments and has been very useful during COVID when people weren't necessarily in the office. 

The creation of policies is simple. It's easy to configure them when we need to.

We have found the troubleshooting process to be very easy and helpful.

The GUI is simple and straightforward. 

The sandbox environment on offer has been great. 

The support has been super-helpful. They've always been great, even at a pre-sales level.

The initial setup is very straightforward. 

From a stability standpoint, sometimes when upgrading to a new version, there are some stability issues. The device occasionally may stop responding. 

It would be beneficial if they offered better load balancing. 

They could make the licensing a bit easier to deal with, especially for enterprise-level options. 

We primarily use the solution for security, as a next-generation firewall that we use in our environments. It is very good at detection and prevention. However, we are still exploring use cases.

While the solution is mostly stable, we do find that we have stability issues moving to different versions. You run the risk of the device not responding in some cases. 

The scalability is possible, however, it's based on requirements. When we get a new solution, we plan out for the next four or five years. It can scale so long as you design it properly at the outset. 

Technical support is helpful and responsive. We're quite satisfied with the level of service we can expect. They are very good.

I've also worked with Palo Alto and Cisco. 

The initial setup is extremely straightforward. You don't even have to be overly technical to manage it. They make it very easy. It's not overly complex or difficult.

The licensing is okay. Clients can go for a one, three, or five-year license. 

Sometimes it's complicated to put new licensing on existing devices. If we have issues, we can raise questions with the sales management team and they are always very helpful. Larger, enterprise-level devices, in particular, can be a bit complex to deal with. 

We are integrated partners and we provide services to the customers.

I didn't get any chance to work on version 80.40, however, a lot of the customers are on versions 80.10, 80.20, and 80.40.

I would encourage users and companies to use Check Point. It's quite a good solution. I find it to be a better solution than, for example, Palo Alto.

I'd rate the solution at a ten out of ten.

We primarily use the solution for perimeter security - including DMZ and as an internet firewall. We use Check Point Firewalls as the first line of defense from the internet and they are also used to segregate the internet, DMZ, and internal networks. Check Point VSX technology is used to split the hardware into multiple virtual firewalls to cater to different environments so they are well segregated. We have BGP running on the firewalls, such as all of our network devices in our environment, to learn and advertise routes. Check Point does a decent job with BGP and does an excellent job as a perimeter firewall.

Check Point was brought into our environment as a perimeter security device to replace the Juniper NetScreen which was originally used as the perimeter firewall. When Juniper announced the end of life of NetScreen devices, we decided to go with Check Point mainly because of the ease of management and also because Check Point was an Industry leader and Juniper was still in the initial stages of building their own firewalls using JunOS. With the introduction of Check Point with the VSX features, we could use BGP instead of the tedious static routes that we had in place with the old NetScreen.

The VSX has been great. The ability to split single hardware into multiple virtuals along with support for dynamic routing using BGP is very useful for our environment.

We like the management console. The Check Point smart dashboard has made things easier for administration and we've been able to manage all the Check Point devices from one place which is very useful.

The operations support is great. There is a smart log system that is very good for troubleshooting and reporting. We also use the CLI for troubleshooting purposes (for the likes of FWMonitor and tcpdump) while the FW rules are managed via the smart console which does wonders for operations support.

It is common for any network device to compromise on stability when more and more features are packed into it. It may work for small organizations when they want a single device to do everything for security. However, it is a big issue for us as a large financial institution when even a small outage costs dearly. Check Point, being our perimeter firewall, has failed quite a few times mainly when handling BGP. I would like less CPU-intensive features to be introduced to replace the existing heavy-duty processes. They may already have a lot of features, so the enhancement of existing features could focus on robustness rather than introducing new features.

I've been using the solution for three years.

With the upgrade to R80, the solution has become more stable. We have had outages because of the gateways failure while running BGP with older versions. After the upgrade, we havent had such outages.

With the latest upgrades of R80, Check Point has bettered its performance, and hence, scalability has improved a lot. Also, there are multiple NG features that can be utilized that makes it more suitable for multiple solutions.

They offer very good customer support; they're always available and capable.

We previously used NetScreen and they were at their end of life.

Check Point has its own design that is a little complex compared to other products. This has a 3-tier architecture and we need management servers and gateways separate. I would still say its not much of a hassle building it.

We handled everything through Check Point PS. They were very good.

I can't really comment, as I do not have much idea about this space.

The solution is priced well in the market in order to compete with the other products.

I wasn't in the organization when the evaluation happened. However, I know Juniper SRX was one of the solutions looked at as we are using them for our internal firewalls.

As a next-generation firewall, this product is capable of handling all kinds of threats that might try to attack the network, including events such as DDoS attacks. 

The compliance part of the product has been very useful to our organization. There are many useful reports from this firewall device. For example, it can tell us how much of our network has compliance with the guidelines that are in place.

The product is very easy to use.

It's quite a stable solution.

The scalability is very good.

The solution is easy to install and deploy.

The product could always be even more stable and secure, as it would improve protection.

As we aren't using the very latest iteration, it's hard to say which features are lacking, as some might have been added in the latest releases we haven't yet migrated over to.

The pricing could always be more competitive.

Technical support needs to be more helpful.

I've been using the solution for the last six months or so. It's been less than a year, and therefore, it hasn't been that long. 

The stability is good. There are no bugs and glitches. It doesn't crash or freeze. It's reliable. 

The solution offers good scalability. If a company needs to expand it, it can do so. It's not hard.

We have 50 users on the solution right now.

I would say that technical support could be better. We also use Cisco, and, in comparison, Cisco's support is way better in terms of how helpful and responsive they are. We aren't as satisfied with Check Point. They need to be faster, friendlier, and much more knowledgeable. 

Right now I am using Check Point and Cisco ASA.

The initial setup is not overly complex or difficult. It's pretty straightforward.

The deployment doesn't take long either. It's a fast process.

You only really need two people for deployment and maintenance for most setups.

I handled the implementation myself. I did not need the assistance of an integrator or consultant. 

The solution could work to make the pricing a bit lower. It's similar in cost to Palo Alto, however, if it was lower, it would make them more competitive. 

We are a customer and an end-user. We don't have a business relationship with Check Point. 

We are not using the latest version of the solution, however, I cannot speak to the actual version number. We might be a version or two behind the latest update.

I'd rate the solution at an eight out of ten. We've largely been quite pleased with its capabilities.

I would recommend the solution to other users and companies. 

The next-generation firewalls are used on the perimeter within a couple of data centers. There are lots of firewalls and we are trying to consolidate everything in the final solution. The MDS and VSX are real solutions that are easing the consolidation across different domains to make management easier. It also improves the overall solution from the operations perspective where BAU teams can leverage different Check Point product lines, like Smart Log, to support customers on a daily basis.

There is a lot of legacy traffic from other vendors that has been migrated to Check Point which has resulted in a lot of stability in our environment. Moreover, consolidation happening across different legacy environments is being enhanced by the usage of MDS and VSX solutions offered by Check Point. This is making things easier from both a migration and implementation perspective. It offers easy management architecture, and, with Smart Log, makes life easier for the operations engineers and different teams working with Check Point products.

The most valuable feature of Check Point is the Centralized Management (MDS) and Virtualization (VSX) for the firewalls. Using these features provides enhanced security with reduced cost across different domains and tenants with complete segregation from the policies database and a user traffic perspective. Using these features is proving to be scalable as things are virtualized and the resources can be increased or decreased as per the demand or usage from a project perspective.

The product or services can be improved from the cost and the pricing perspective. There are a lot of other competitors in the market providing similar solutions with more low-cost options. There is no doubt that the great three-tier architecture of Check Point is great, however, when the cost is considered, it proves to be a bit expensive as compared to other products in the market. Also, the licensing and maintenance costs are quite high. Maintaining these solutions proves to be a bit costly to organizations from a day-to-day perspective.

I've used the solution for five years.

The stability is excellent.

The scalability is really good.

We are satisfied with the level of support.

Yes, we have used a different solution previously and have switched because of the great performance that Check Point offers.

The initial setup is pretty straightforward.

Yes, and we had a good experience.

The ROI meets our expectations.

The cost is quite high for Check Point products.

Yes, however, I prefer not to say which.

Overall, the solution and product line are good but more competitive pricing can be offered.