Check Point NGFW Reviews

We use this solution for permissions regarding access ports and services. We also use Check Point Remote Access VPN as an endpoint VPN. We use it for site-to-site configuration. 

All of the traffic that comes through our sites passes through our firewall. Basically, everyone, including our staff and clients, passes through our firewall. In other words, we have thousands of users using this solution.

The NGFW has helped our compliance to regulations authorities such as PCIDSS. It has has helped the bank create secure connections to vendors and third party service providers as well as remain stay protected from attacks and intrusion attempts.

The management of services, including forming access lists with the services we have, connecting servers to servers, permissions between servers and users — this is all great. In addition, Check Point has a really cool GUI.

The end-user VPN could be improved. It could benefit from some modification. 

The VPN timeout feature needs to be improved. When we try to connect to the VPN, it times out before we can even enter our user name and password. If you can't prove you are who you say you are within seven to ten seconds, it just kicks you out.

1 year +

Check Point has actually failed twice within the last year. The first failure was a disk failure. Check Point offers a software solution, they don't actually offer hardware. They will only provide you with the software and licenses. Because of this, when our disk failed, we had to wait for them to ship in some new hardware for us to fix the issue.

Aside from the disk failure issue, a month ago, our Check Point device froze. We don't exactly know what caused it to happen. It caused the entire organization to go down for about two to three hours until we found out that Check Point was not allowing anything to pass through. Our Check Point is clustered, so primarily it's supposed to have a failover feature. For some reason, the failover feature didn't work. When the primary gateway went down, it affected everyone.

We've not tried to expand Check Point. We have two sites. We have a primary site and a secondary site that is off-prem. For this reason, we planned big. We planned for a high amount of availability for our two sites. We use clusters of four gateways: two gateways are in one cluster, and another two gateways are in another cluster. If one goes down, it switches to the other. If the second goes down, it switches to the other DR site. We've got backups of everything. 

The technical support is very responsive. We have a vendor that acts as a buffer between us and Check Point. In our country, these companies all have a local vendor that pushes their product.

When we contacted our vendor, our vendor called Check Point and as they were talking, Check Point shipped the hard disk, to fix the issue I mentioned earlier. They just placed the order immediately, while we were still talking. We think that they knew that delivery was going to take about five days — it was actually very fast.

The initial setup and deployment were straightforward. We deployed it with RADIUS servers;  it was not complex at all.

From scratch to finish, deployment took about a month. It took this long because we had to convert all of our existing configurations from Cisco Firewall to Check Point. We had to get help from our vendor to do this. He had to manually convert each and every command from our existing Cisco device to Check Point — that took a while. This was the main reason that deployment took so much time.

The end-user VPN didn't take much time to deploy. Neither did the site-connecting with the VPN — that took a day or two to deploy.

I think our licensing is on a yearly basis, but it could be every three years. Either way, it's not more than three years — that I am certain of.  

The pricing was actually what made us go for Check Point. Palo Alto was much more expensive. Check Point offers the same applications and features as Palo Alto for roughly a third of the price.

We evaluated Palo Alto, Cisco (which we were using), and we also evaluated Check Point — which we ended up with.

I would recommend Check Point to others. We are still learning as we're just about a year into using it, but so far, the support and the solution in general has been good. I'd recommend Check Point, especially to users that are looking for an affordable solution. 

Check Point also has a great community. They have this community where users can go to share ideas. They also have great networks. 

Overall, on a scale from one to ten, I would give this solution a rating of eight. Cisco dominated the African market until Check Point came along. 

In our logistics setup, we employ Check Point NGFW across various critical areas. For instance, we use it to secure different database applications within our systems, ensuring robust protection for our operations. Whether it is managing updates, maintaining standby reliability, or enhancing system performance, Check Point NGFW plays a vital role in safeguarding our logistics infrastructure.

Using Check Point in our system has provided several benefits. Firstly, it ensures secure access for authorized users while preventing unauthorized access from public users. Secondly, it enables us to monitor application usage closely, identifying any suspicious activity such as repeated failed login attempts. 

Check Point NGFW provides essential security, featuring no-obligation access for secure connections, strong intrusion prevention, and comprehensive antivirus protection.

One area for improvement in Check Point NGFW is the support process. It can be challenging to open a technical support case through the customer portal, often requiring additional steps to open the case.

I have been working with Check Point NGFW since 2015.

We have not experienced any major stability issues with Check Point NGFW.

Check Point NGFW is fairly scalable.

The technical support is decent. I would rate them as an eight out of ten.

Positive

Setting up a new Check Point NGFW is generally straightforward for us. With our experience and familiarity with the process, we can handle it without encountering any significant issues. We are used to creating simulations and implementing improvements, which facilitates the setup process, even at an intermediary level. We usually require two engineers for the deployment process, along with additional resources like network switches, PCs, and testing equipment.

The pricing for Check Point NGFW tends to be higher compared to other options in the market, especially for high-end models. In comparison with enterprise-grade firewalls like Palo Alto, Check Point is among the more expensive choices.

My recommendation for organizations considering implementing Check Point NGFW is to prioritize selecting high-end models for optimal performance and security. Check Point NGFW offers robust protection for networks and data, allowing businesses to maintain their operations with confidence. Overall, I would rate Check Point NGFW as an eight out of ten.

I use the solution in my company since the solution serves as a firewall and functions on a DMZ network while also providing public-facing services. I serve my company's customers as a firewall administrator.

My company's customers have benefited from the solution's performance, especially when dealing with a huge amount of traffic. Check Point is a well-known name in the security industry that opts for functionalities like signature-based detection and beyond.

The most valuable feature of the solution is the Quantum Intrusion Prevention System (IPS). I also like the solution's functionality, like autonomous threat prevention.

The complexity involved in the solution's initial setup phase and deployment process is an area of concern where improvement is required.

I have been using Check Point NGFW for two years. I work as the solution's integrator. Speaking about the version, I use Check Point Quantum 6400 Next Generation Firewalls.

So far, I haven't faced any issues related to the solution's stability.

Scalability-wise, I rate the solution a nine out of ten.

If I take into consideration my company's customers who use the solution, then I would have to say that there are around 300 to 400 users.

I have availed the services provided by the solution's technical support. My company engages with the solution's local partner to avail the services provided by Check Point's technical support team.

Compared to Palo Alto and Fortinet, Check Point provides good internal performance, especially for big-scale enterprises and entities, making it a tool that is not just suitable for SMEs or mid-sized companies. Check Point is, however, pricier than other solutions.

The initial setup of Check Point NGFW is quite complex. When it comes to the product's setup phase, the engineer should understand the product, and instead of understanding the firewall, it is important to know how to manage or be an admin.

The solution is deployed on an on-premises model.

The solution's deployment is complex.

My company's customers have seen a return on investment from the use of Check Point NGFW.

I rate the pricing of Check Point NGFW a five on a scale of one to ten, where one is high price, and ten is low price.

I take care of the solution's maintenance part, and I feel that it is a straightforward process.

Check Point NGFW is good for big companies.

I rate the overall solution an eight out of ten.

We require local perimeter security in one of our workshops, which is why we require a new-generation firewall solution. The local equipment works for us to be able to provide perimeter security in our workshop.

Thanks to these Check Point Gateway devices and with the integration of many additional security solutions, we have protection against zero-day threats. In addition, we have the possibility of carrying out all the management from the Infinity security portal and can administer all our policies, view logs, and monitor devices, among other tasks.

Thanks to Check Point, we managed to carry out a better security implementation. By placing one in a workshop, we managed to solve issues with attacks and malware.

The solution is easy to administer thanks to its dashboards. The monitoring is really useful.

The most valuable aspects include:

The best improvements to be considered are:

• Improvements in the time and attention given to solutions for generated cases.
• Licensing that is more comfortable and affordable. Currently, some prices are very expensive.
• In terms of language in the application, they could better facilitate the handling of others.
  

This is an excellent product of the new generation, administered in the Infinity Portal. We have used the product for at least two years.

Previously, we had not carried out verifications of other devices.

Check Point offers excellent security.

Check Point is a bit difficult to use and manage so it would be nice to see some improvement in those areas.

This is a stable solution.

This is a scalable solution. We have about twenty customers that are using the solution currently.

I have not needed to contact support.

The initial setup was a bit complex only because there are no vendors to help with the installation requiring you to need to be trained.

Other competitors would be Fortinet and Palo Alto.

Check Point is more complex than Fortinet and less complicated than Palo Alto.

I would recommend this solution to anyone with an eye for security and would rate it a seven out of ten.

I use the solution for VPN mostly, for the IDS and prevention and detection. I use it for security exploits, like HTTPS exploits.

I also use Check Point NGFW as a federation. I use it to connect to my other sites. We have five of them, mostly in cities where we need a high bandwidth.

I use it as well as a VM. We use it a lot because we have all fiber optic connections, so we could use almost all of that. The federation is beautiful because I can transfer all traffic to my main site where I can use just one link to the internet, and I can use it as a proxy as well. It is good to keep control and security.

In terms of what could be improved, we have a cluster with two nodes and usually we have some problems when process gets really high and it has to choose which services it keeps going. I would like to have a better solution here, like if instead of just one we could use both at the same time. It would be good if it could work together. Then when one has a failure or something like that, the other one is there to transfer, to take all the services and keep working. They have an integration between the nodes but I would like to use both of them working together. In the solution they could both be active, instead of active and passive. I would like them to add backup features to Check Point Firewall.

Many companies are going to the cloud. In future releases, it would be nice to have a cloud integration so we could work in a hybrid form for some years, like some services in the cloud and others on-premises. So it would be nice to have some features in this sense.

I've been using Check Point NGFW since 2018. For two years now.

It is stable.

I couldn't tell you about the scalability. I don't know. I know that we can use a federation, but I think it is scalable because we can buy additional licenses. As I mentioned, right now we have five working together, but we can buy until 50 or a 100, so I guess that it is scalable because you can keep increasing.

The initial setup is hard. We came from another Cisco solution and even then it is hard, especially talking about the traffic. So we had to inspect the traffic and sometimes we had to do a lot of configurations. It would be nice if it was easier.

It took about three months to deploy.

It would be nice if it was easier to set up and to maintain.

Right now we keep a contract with a company in Brazil, so we hardly talk to Check Point itself and we don't like it very much. In most cases we have to search and look into the database to really find the solution, so it could be better.

I'd say that Check Point NGFW is a good product but it's hard to set up and keep it going, so we had to invest in some training and we have to keep at least two employees just to keep it working.

On a scale of one to ten, I would give Check Point NGFW an eight.

Our organization implements, maintains, and operates Check Point's firewall. 

Check Point solutions were implemented by our organization in accordance with the project documentation and further adjusted at the request of the customer. 

We ourselves also use a Check Point firewall in conjunction with a firewall from another vendor - both to protect our network perimeter and to test various functions and new emerging firewall capabilities and identify various bugs before they reach customers in the product environment.

We and our customers use almost the entire palette of capabilities of the firewall solution from Check Point. We use almost every feature, from anti-spoofing and network segmentation to URL filtering and intrusion prevention systems. We also willingly use virtual private networks from Check Point, both site to site and client to site. We also leverage the antivirus blade and anti-DDoS attacks. Some of our customers use Check Point capabilities for mobile devices, which are also successfully implemented in the firewall.

We found a very successful implementation of the virtual private network client, since, for some time now, everyone has been working from home. With the firewall from Check Point, this function is implemented very conveniently and securely. 

A convenient new version of the firewall management console, which, starting with the R80 version, has become standard for many Check Point blades, however, unfortunately, not for all. You still need to use older consoles to manage some features. For example, to access the monitoring blade, I need the old console, but the new console should start it.

You need to merge all the old consoles into one new one and make the interface more convenient for the novice administrator. Until now, the initial settings as well as subsequent changes to the "iron" part of the firewall, namely its interfaces, routing, or DCCP settings, you must use the web interface through a browser. This is inconvenient. Of course, you can use the command-line for these purposes, however, this also complicates the configuration process for the administrator and requires a well-known habit.

I've used the solution for six years.

There is room for improvement in terms of stability.

The scalability is great.

Technical support could sometimes be better.

Neutral

I have used and still use solutions from Sophos, however, in Check Point, some functions are implemented more conveniently. For example, work with logs.

Before installing, I recommend to go through the training.

I handled the implementation myself.

The ROI is good.

The Check Point firewall is a reliable perimeter security product. Check Point gives me access to explore various security features in a single box (loaded with all features that an organization needs most). 

I can say I have been using it for one year and getting a grip on it and I will always try to implement it wherever it is required. 

When it comes to Check Point, there are great security features and a marvelous inbuilt design that caters to handling all threats, including zero-day attacks and perimeter security. I really like the user-friendly interface of the Smart Console dashboard and the maximum security is integrated.

The intruder blocking real-time is a great feature that does not even require policy installation or committing to something. This feature enables real-time attack mitigation along with full security access which helps our organization to improve its security factors. 

IPS detection is a big plus for me since it deeply scans the packet. 

URL fileting along with application control gives me the access to manage the least privilege to maximum rights on a single click.

The product provides multiple security layers that build upon each other, from the traditional security policy that is IP and port-based to application security, intrusion prevention, and their latest sandblast cloud-based malware detection. 

Everything is easily managed through their Smart Console dashboard. It's a very easy-to-understand dashboard that provides a detailed view. Check Point helps to resolve a lot of problems, such as showing our organization all known threats. 

It is easy to deploy and manage. 

The product offers a simple Web User Interface.

While not being cheap, their pricing models are competitive. In the pricing structure, however, they need improvement. 

I would love to see an SSL offloading feature that is not there right now. I am following many forums related to Check Point and it seems like they are going to launch it very soon. SSL Offloading will be very helpful for NBFC and for financial institutes.'

The Check Point NGFW OS is a historically grown OS. It has been on the market for a long time and has many releases. It is a very complex system. All features are done in software - no extra hardware chips are installed.

I have been using this solution for almost a year.

This solution is one of the best solutions in terms of stability.

It is highly scalable.

I have been using this solution from the start as it was recommended by my organization.

The pricing is a little bit high, although I have no issue with the licensing or setup. It is easy to use.

I have stuck to this solution as I read reviews before and it was all positive in regards to Check Point NGFW. I did not use a different solution.