Check Point NGFW Reviews

We use the product to secure our network, using all Check Point has to offer, including multi-domain servers, centralized log servers, gateways on-premise, and VSX. It has improved a lot with the last versions making day-to-day operations very user-friendly. 

I have used almost all the blades Check Point has and it's incredible what a Next-Generation firewall is capable of, including VPN, IPS, monitoring, mobile access, compliance, and more. The reports of the Smart Event console are also very useful. It's good to have a view of what's going on in our network. 

Since Check Point has Linux working on them, it gives us plenty of tools to adapt to any specific need we have.

In actuality, Firewalls are a must in any organization. Check Point's ability to adapt to any environment is their strength. The interface is very easy to understand, and the Smart Console can be configured to fit almost anything you need to.

When an issue appears, the logs are very easy to read, and that helps to identify the reason for the problem and solves it faster. The issues are not so annoying. 

The support Check Point gives is key. As the Firewall vendor, I recommend them. It's always great to work with them. For this reason, I am very satisfied with Check Point. Every doubt I had they were pleased to help with and we ab;e to provide a resolution. The technical services always replied in a very fast and effective way. The live chat is great as well. There is always someone willing to help. This makes working with Check Point a good experience.

Check Point expert mode is basically Linux, so working with that allows us to implement a variety of scripts.

In earlier versions, it was a bit hard to do migrations of Multi-Domain Servers/CMAs, nowadays, with +R80.30 it has gotten much easier. I cannot really think of many things to improve. 

One thing that could be useful is to have a website to analyze CP Infos. This way, it would be much faster to debug problems or check configurations. 

Another thing not very annoying but enough to comment on is when preparing a bootable UBS with the ISOMorphic (Check Point's bootable USB tool), it gives the option to attach a Hotfix. However, this usually causes corrupted ISO installations.

One thing to improve is the VSX gateway. It is quite complex to work with VSX and they are quite easy to break if you aren't familiar with them.

I've used the solution for three years.

With other products, I have used quite a lot of RMAs, usually for not the most important component, however, enough to need an RMA, such as FANs or PSUs.

With Check Point it's quite easy, if it's needed, to replace. You just install the correct version and hotfix and load a backup from the old device. After that, the new device is ready to go.

The scalability of Check Point is great. With the usage of Multi-Domain Servers, you can integrate all the devices into one console. You also always have the chance to expand creating new domains. Also, this distribution helps to have a very structured and organized management. It is always a very good thing when things don't go as expected and you need to solve any problem. Finding where the issue is in your organization is key.

The technical cases are replied to in a very fast and effective way. The live chat means there is always someone willing to help. This makes working with Check Point a good experience.

Positive

The most I have used are Forcepoint, Cisco, F5, FortiGate, and Palo Alto.

The initial setup is very straightforward and very guided. 

With the few replacements we need to do, there is very little downtime. It is worth the investment. The great support team behind Check Point is also worth the cost.

Check Point is not the cheapest manufacturer, however, it's worth the price.

I have been always on the side of Check Point, however, Palo Alto was another option we considered.

Having the option to use a UNIX-based shell instead of being forced to use GAIA, in this case, is great. It makes Check Point very customizable.

On-premises

I am using Check Point Next Generation.

The solution boasts a host of features that we like. 

Tech support should be improved. There are times when the technical team fails to understand things at the ground-level. 

The dashboard can stand improvement. 

The solution is overly expensive. 

The initial setup is a bit complex. 

The solution is scalable. 

Technical support could be better, as the tech team at times does not manage to understand ground-level issues. 

The setup is somewhat on the easy side, but certain things are complex. While the solution is a little easier to manage than Palo Alto, I was forced to make comparisons between the two products. 

The price is too high. 

The solution is geared towards organizations hosting more than 50,000 employees.

Hybrid Cloud

It's our main firewall and the first line of protection from the outside! We use it to interconnect our remote locations (that use different vendors and equipment) and let the employees work remotely.

We're a small site with 300 users and this equipment is more than enough for us. We use almost all the blades and the equipment has run smoothly for years.

This NGFW monitors all the traffic outside of the main network, prevents malicious activities, and lets us easily manage network policies to shape our connections.

Stability and security are the best way to describe this solution. The attacks from the outside still exist, but now we're better protected. We can view everything that goes in and out of our network with all the information in one place. The drill-down is very helpful and easy to use. Currently, we can troubleshoot connection problems live and solve them in a couple of minutes. This is an improvement on the 1-2 hours with the old solution.

In 4 years we've only had one problem with the equipment (due to a malfunctioning UPS). That corrupted the boot of the equipment, but was easily solved with an fsck.

We basically use almost all the blades, since the IPS, Threat Emulation, Spam, etc., are essential for our work. However, currently, Mobile Access is the most valuable. The stability of the solution and the security it gives when working remotely is great. It lets our employees work from everywhere, anytime!

The AntiSpam/Mail blade was also one of the main reasons we went with this product since we hosted our email server locally. This was an extra layer of protection on top of the existing solution.

Threat and Application control are also very important to us.

I do prefer to manage everything from only one point of entry/one application. Some things can only be configured from the smart console and others from the smart dashboard. This is the only handicap in this solution. It would be ideal to manage everything from one central place.

Instead of using a windows application to manage the equipment, it would be better to use a web app to configure the solution from a browser.  I know that it's not as powerful (you can't do everything from there), but then we could manage the solution and troubleshoot from any device.

It's faster to see the event logs on a webpage than it is to see them in the smart console.

I've used the solution for 4 years.

It's very stable. It's also the main reason I love the solution.

During this time i never had to manually restart the equipment because of connectivity problems or because of CPU/memory degradation performance. Sometimes these values get high, but i never lose Throughtput, the equipment continues to run smoothly. We used to restart our older firewall at least 2 times per month.

In the beginning, because we use the spam blade, the memory usage was always high, and the administration was a little bit slow. But Checkpoint provided us an extra memory upgrade and after that we never had administration problems. If we don't have internet connection it's allways the ISP, it was never because of the firewall.

Although I only have one unit, I know that it scales perfectly.

We only had one problem with this equipment. That was because it couldn't boot properly due to disk corruption (malfunction UPS), however, searching the technical Check Point forums it was easy to find a solution to the problem at hand.

We managed to solve the problem without contacting customer service at all.

We used to have Zyxel products, but they were aging and couldn't let us connect at faster speeds.

The setup was easy. It didn't take long to have it up and running.

The only concern for us was the remote sites - since it was different vendors. However, we had everything documented and prepared and due to that, it went flawlessly.

It was also easy to create access policies.

The implementation was through a vendor, and the installation went really well. The consultant was Check Point certified and explained everything in detail.

Later on, we added new remote sites to the configuration (in-house) without any problem. We didn't need to check with the vendor.

It's not easy to calculate, however, given the stability and security of the solution, it's elevated. There are no bulletproof solutions. That said, now we can rest a bit more because our assets are more protected than they were a couple of years ago.

The setup cost, pricing, and licensing can be a bit expensive, but, I promise, it's completely worth the cost.

I evaluated Fortinet and Check Point.

It simply works like a charm. The stability and trust in the vendor are also very important to us.

On-premises

We use firewalls to protect our private environment from the public environment. My IT group is in charge of protecting the environment and maintaining safe usage of the internet. This product gives us a better, safer solution for the users within our company. 

Using this solution saves us time because nowadays, there are many malicious sites, as well as other threats and viruses on the internet. As it is now, we are not required to do anything because we have the antivirus and regular updates from Check Point. That is very helpful for us because when new viruses emerge, we just install the new signature and it works to protect us.

What used to take me seven days to do, now takes me only five. However, this is not just a time benefit because it better protects our environment as well. I estimate a 20% to 30% reduction in the number of attacks, compared to before.

I like the antivirus, attack prevention, three-layer architecture, and data center management features.

The antivirus updates are quite frequent, which is something that I like.

Central management is a key feature. We have between five and ten firewalls on-premises, and if we want to configure or push the same configuration to all of the firewalls, then the centralized management system is very helpful. It means that we only have to push the configuration once and it gets published on all of the firewalls.

The level and availability of training should be improved. I have seen people that are not well trained on the Check Point firewall and the reason is simply that the quality of available training is poor compared to that of other firewalls on the market.

The command-line interface (CLI) should be more user-friendly.

I have been using Check Point NGFW for approximately four years, since 2017.

I work on the Check Point firewall five days a week and the stability is very good. In general, the updates to the software and antivirus are very stable. We have not faced any issues.

It is very easy to scale and extend usage. We started with five firewalls and now there are approximately ten. There is not much effort required to scale and it is not very complex.

Directly or indirectly, there are between 2,000 and 3,000 people using it. Whenever their traffic is required to be sent to the internet from the office environment, the traffic passes through the firewall.

We are very happy with our experience with technical support. They are very knowledgeable and the process for resolving tickets or problems is fast. We have had incidents dealt with quickly by their team. 

Prior to Check Point, we were using Cisco ASA and we are still using it today. The reason for implementing Check Point is that we wanted more advanced features. What we found was that after 2017, we needed better protection for our environment, and that is something that comes with advanced firewalls such as Check Point and Palo Alto.

I'm very happy with the Check Point firewall because it includes many features that are missing from Cisco ASA. Also, it offers a better and easier experience.

One of the significant differences is that Cisco ASA does not have a central management system. If we want to configure 10 firewalls with the same configuration, it is not possible to push them all at once. Instead, you have to configure them one by one. Apart from that, the antivirus and threat management need additional hardware because the functionality is not present in Cisco ASA. 

One of the positive points about Cisco ASA is that the training is very good, and it is available on the internet. This makes it easy to use for somebody who is new to the product. This is unlike the case with Check Point, where quality training is not available.

We found the initial setup to be straightforward, as we have many experienced people in our team and they have worked with Check Point firewalls. 

We used the central management functionality a lot, and we initially configured five or six firewalls. It took between six and seven months for the complete deployment.

Our implementation strategy included the three-layer architecture, the centralized management system, the console, and the web UI. We followed the process that was recommended by Check Point.

Our in-house team was in charge of the deployment. We have a team of seven people that work in shifts, and we did all of the work, with some support from Check Point.

Six or seven people in different shifts are required for maintenance. At any given time, we generally work with two or three people during the same shift. I think that two people working at the same time are sufficient.

We have seen ROI and when you consider the features like central management, antivirus, and threat management, it is a good investment.

We did have cost savings, moving to Check Point from Cisco ASA. We required additional hardware devices, such as an IPS solution, antivirus, and threat management. In addition, we needed too many resources because we had so many individual ASA firewalls. There was no central management system, so more staff were required.

Ultimately, with Check Point, we needed fewer people and we also saved on the cost of hardware.

The price of this solution is average; not too high and not too low. It is more expensive than Cisco ASA but cheaper than Palo Alto.

After the first package of licenses, we have not needed to purchase additional ones. When our license expires then we will purchase another one. 

We also evaluated a solution by Palo Alto and we chose Check Point because it was more cost-friendly.

The biggest lesson that I have learned from using this product is that it is good to see a company like Check Point is continuously working on the quality of their product, and we should learn from that. It is good to improve over time because it is very easy to get into the market, but it is not too easy to sustain. 

My advice for anybody who is implementing this firewall is to ensure that they are trained completely because it is not easy to use. Moreover, there is not much training available online, so you want to have trained with the device. This is a product with many features, which are pros, but these same features can become cons if you are not using it with complete knowledge.

In summary, this is a good product and they have been improving continuously, but there are still some areas to improve.

I would rate this solution an eight out of ten.

On-premises

The solution is easy to use. I like the monitoring the most.

All the advanced features of automation, especially the first installation of tunnels, need improvement. Also, in terms of configuration, in terms of tuning, and fine-tuning the system, I think they do make it a bit hard for users. Right now, we need to teach admins, the network and security admins about system fine-tuning in terms of load balancing between CPUs, assignment of processes. I don't think a network admin or a system admin should deal with it in terms of when we are speaking about the firewall or networking device. It should be automatic.

I've been using the solution for five to six years.

It's a stable solution. There are about 15,000 users installed behind the firewall.

It's a scalable solution. It's very good.

It's easy to install Check Point, but not in the case of a large environment and multiple clusters. This is an ongoing project I can't tell you how long deployment takes. It's a huge network that I have. I have three people maintaining the solution.

I have a basic network firewall and not the advanced feature, full feature security system. I think they are the best. Still, for instance, when installing a tunnel in Check Point vs installing a tunnel in Cisco, the difference is that in Check Point nothing makes sense, and in Cisco you have the duration capability, the hierarchy of the configuration.

I would rate this solution as 8 out of 10. Mostly because of configuration problems - problems with configuring VPNs, and panels, etc.

We use the solution for network security, perimeter security, DMZ, antibot, antivirus, endpoint protection, email security, sandblast, and DLP. The environment is a multi-environment and consists of multiple networks, segmented and managed by a management server. These firewalls protect the network, external and internal. 

We are also protecting several customers and it allows remote access connection from anywhere in a secure way.

There are also site-to-site VPNs with different customers, vendors, and cloud providers, using the highest security encryption algorithms.

The organization is more secure. These firewalls work as expected. We have a perimeter and network segmentation well defined and firewall features and blades like IPS, Identity awareness, antibot, antivirus, threat prevention, endpoint security, and DLP, all allow the organization to have most of the security components centralized which allows for easier maintenance and monitoring. 

In relation to the monitoring, Check Point has tools that allow the administrator to track the traffic, and identify threats, attacks, and also check the forensics to understand what happened in case of a breach and ensure it won't happen again.

The most valuable elements include:

Smart View Tracker: To check the traffic logs easily. This is the best logging tool for me so far. You can identify almost everything from the logs, using a smart view tracker.

Smart Dashboard: allows for rule creation and administration and management and is user-friendly. The administration allows you to copy and paste rules, move the order, and create objects, pretty easily. It is very handy.

CPUSE: A Smart way to upgrade firewall software versions. You can easily verify if you can upgrade to the desired version, download the right package and upgrade, and also check the status of the upgrade. It's a great tool.

Error logs can be more specific. Sometimes the error shows only a general error and the solution could be hard to find or difficult to apply. 

Documentation can be improved. It has been improved, however, when you search for errors, in relation to documentation and how to solve it, sometimes it is not that simple to find the right solution. Troubleshooting errors could be sometimes difficult and some tools are only available for the Check Point support team. 

The price is also a factor to take into account. Other competitors offer low prices in relation to Check Point and the executive team may opt for the cheapest vendor (if you have to compare to another good one yet note a cheaper price).

I've used the solution for ten years.

The solution offers good scalability.

The solution offers good customer service and good support.

Positive

I have been using Check Point since the beginning.

The initial setup is straightforward.

We handled the setup in-house.

The solution is super stable.

The pricing could be better, however, the vendor is excellent and I strongly recommend it.

I did not evaluate other options.

Hybrid Cloud

We use Check Point NGFW for perimeter protection of our network from the internet. We also use it for threat protection at the network level and the endpoint level.

We provide implementation, installation, and support services. We know about all types of firewalls, and we work with all types of installations. We usually use appliances, but in test environments, we use virtual appliances.

It is easy to use, and its management is the best. Check Point has a great unified management solution for firewalls and security products. 

Their technical support can be better. In addition, when we need to use it in a government environment, we face a lot of legal issues related to different types of certifications. It would be better to improve it for these issues.

Check Point doesn't have a SOAR system. They work with Siemplify, but it is an integration with another vendor. It would be great if Check Point has an integrated SOAR system.

We have been dealing with Check Point firewalls in our company for more than 20 years.

It is quite stable, but it can vary based on the version.

It is scalable. We can use the Maestro solution from Check Point for scalability. We can add new appliances as the company grows. If we need more performance and throughput, we can add additional appliances and have more performance. Check Point Maestro is the best solution for scalability.

Their technical support can be better.

Its initial setup is easy for me. The deployment duration varies. A simple deployment takes two or three days. A complex deployment that involves a cluster configuration or appliance replacement can take up to five days.

Its price is reasonable. If we compare its TCO for three years, it is more reasonable than some of the other vendors such as Fortinet, Palo Alto, etc.

I would recommend this solution. It is a great solution for endpoint protection and threat prevention. I have been working with Check Point products for a very long time. Check Point is one of our best vendors, and they make great products. 

I would advise others to learn about firewalls and other Check Point solutions. They have a lot of different solutions. If you choose their firewall, it would be useful to know more about other solutions. It would be one of the ways to improve the protection of your network with Check Point.

I would rate Check Point NGFW a ten out of ten. 

We use this product for providing perimeter security, as well as advanced threat protection capabilities to critical infrastructure. The solution is expected to deliver high-performance throughput for voluminous traffic continuously. 

We are using these gateways for multiple functionalities such as:

• Perimeter Gateways
• Anti - APT (Advanced Persistent Threat)
• Anti Malware / Anti Virus
• SSL Inspection
• Network Intrusion Prevention System
• Private Threat Cloud

All of our solutions are expected to run in high availability and have good resiliency. 

Check Point NGFW is the first perimeter security solution used in our environment and it is able to deliver the expected results. Specifically, it supports high-performance throughput for voluminous traffic.

The vendor has proven capability of identifying known threats, which can be seen while managing the firewall. The OEM has identified a roadmap in line with the emerging threat landscape and evolves the product to counter these threats. 

The central management console has helped with segregation, where planned interventions with management consoles do not have any impact on production or critical business traffic.

Next-Generation Threat Prevention capabilities provide security in a high-traffic load, ensuring detection and prevention of known threats by AME, AV, and Sandblast technologies. 

We are also using the system to create VPN gateways for our multiple partners and we haven't faced any issues with them.

 Check Point gateways are a stable product that can run without any issues until a major upgrade or vulnerability mitigation is required.

The support has been reasonable and they were able to minimize the impact during critical incidents.

There is a scope of improvement in detecting zero-day threats using the SandBlast technology, by introducing emulation of Linux-based operating systems. We have also observed issues while using the products with SSL decryption.

There is room for improvement in application-based filtering, as with other firewalls available in the market today. Check Point has improved its application filtering capabilities in the recent past and their latest version, R80, is more capable but still, creating an application-based filter policy is a little cumbersome. 

We have been using the Check Point NGFW for the past four years.

This solution is very much stable and does not require frequent changes in architecture. The patch frequency is limited, which reduces the downtime requirements.

This NGFW is very much scalable; however, I am not sure about other components such as PTC, etc.

Technical support is a mixed experience. Most of the time, issues are handled well in a timely manner but some issues have lingered for a very long time, causing multiple iterations.

We did not use another similar solution prior to this one.

As we use a lot of components from Check Point, the setup was a little complex in terms of deployment and traffic handling.

We had assistance from the vendor's professional services team to ensure smooth deployment. It was a green field project so the deployment was easy. The team deployed on implementation had expertise with the solution.

The ROI for security is the confidence that the solution is able to deliver the expected outcome. This includes stability, Threat Prevention capabilities, Granular policies, etc.

Licensing is pretty straightforward and is based on the blades available, such as NGFW, NGTP, and NGTX. Generally speaking, the pricing is in line with other players in the industry.

We evaluated products by Fortinet and Palo Alto.

In summary, this is a good solution that is stable, and I recommend it.

On-premises