Check Point NGFW Reviews

The primary use case for this solution is to protect the devices under the firewall.

There is a customer who has many switches and routers in their network. They are only protected by an old Cisco ASA firewall. So, the customer instead finds a new vendor or service, and thus we install the Check Point Firewall.

Since the customer has many devices, it takes quite some time to move the Cisco ASA firewall rules to the Check Point policies. However, Check Point has a function to import the policies so it takes less time to do so. Still, the rules that were imported are a mess so we still need to check them one by one and fix the errors before installing them in the customer environment.

The Check Point NGFW has improved the organization by helping with multi-tasking.

The Check Point Firewall that we have is better than the previous Cisco ASA as the firewall has IPS, anti-virus, and anti-bot installed into it at the same time. The IPS is frequently updated so the rules are always new and in place. The firewall IPS and anti-virus can also get other threat intelligence from the web so that the firewall will always have good protection that is up to date. 

The anti-bot is good as it can prevent the firewall from being protected from DDoS without creating any rules as it automatically blocks IPs that are sending too much information to the servers.

The features I found most valuable are the import, logging, and IPS.

The import makes it easier for us to copy the rules without starting from scratch, which will take lots of time. The next thing I find most valuable is the logging. The logging which is called Smartview can distill the logs into simple reports which makes it easier to see all the attacks and issues the firewall faces without diving deep into the logs. Lastly, the IPS is always new and up to date so the attacks that happen are always blocked.

The firewall can improved to make it more user-friendly. The firewall is somewhat not user-friendly as it has many sections and makes it complicated for a layman to understand where to put the policies and rules. 

The firewall also doesn't save the policies immediately after you save them, which means you need to do one more extra step in order for the new rules or policies to take effect. During my first time handling it, I did not understand why the rules and policies I put in didn't work until I found out that you need to click the install button until it takes effect.

We require local perimeter security in one of our workshops, which is why we require a new-generation firewall solution. The local equipment works for us to be able to provide perimeter security in our workshop.

Thanks to these Check Point Gateway devices and with the integration of many additional security solutions, we have protection against zero-day threats. In addition, we have the possibility of carrying out all the management from the Infinity security portal and can administer all our policies, view logs, and monitor devices, among other tasks.

Thanks to Check Point, we managed to carry out a better security implementation. By placing one in a workshop, we managed to solve issues with attacks and malware.

The solution is easy to administer thanks to its dashboards. The monitoring is really useful.

The most valuable aspects include:

The best improvements to be considered are:

• Improvements in the time and attention given to solutions for generated cases.
• Licensing that is more comfortable and affordable. Currently, some prices are very expensive.
• In terms of language in the application, they could better facilitate the handling of others.
  

This is an excellent product of the new generation, administered in the Infinity Portal. We have used the product for at least two years.

Previously, we had not carried out verifications of other devices.

I am using Check Point NGFW in an internet-facing manner thanks to the advanced features and security, like the SAM database.

If anyone wants to use the firewall as internet facing, then Check Point NGFW is the best option.

Our organization gets many attacks on our server, so we have installed Check Point firewall for internet-facing scenarios,

The SAM database and advanced blade are the most valuable aspects of the product.

The Check Point architecture and packet are very good.

We need further protection from future critical cyber attacks, as cyber-attacks are growing day by day, and every day new attack is happening in the real world.

There is a huge amount of revenue lost in the financial/banking sector due to cyber attacks, so we need to have something that can highly concentrate on future cyber attacks.

Check Point should release some new technology that no vendor has ever done before.

Check Point NGFW helps me as a network security engineer as it is easy to troubleshoot the issue and also its easy to clear all vulnerabilities in Check Point after upgrading.

I have been using this solution for five years.

The stability is good. 

The scalability is good.

They are awesome. They offer a high level of support.

Positive

I have used Cisco, however, due to multiple vulnerabilities, I have switched to Check Point.

The initial setup is straightforward.

The ROI is good. 

They offer good quality, therefore, the pricing doesn’t matter.

I have compared many vendors, including Sophos and Fortinet.

We use Check Point as well as Cisco. The firewall is used in order to continue filtering with VMware VMotion on different data centers. 

We have several data centers that are stretched. Our Check Point firewalls are used to filter north/south traffic.

With BGP on Gaia, when one of the clusters is unreacheable, the traffic is rerouted to another cluster. 

We also use VSX which is really a very good product for macrosegmentation.

The management of the firewall and advanced routing is great. It's easy to use and troubleshoot.

We need east/west Check Point firewalls in order to do micro-segmentation. A good solution for us is a solution that can be installed on différent systems (Linux, Windows K8S, bare metal, etc.) and can have centralized management.

Troubleshooting is also a big feature that will be necessary in this use case. 

I've used the solution for many years.

We also looked at Ciscos ASA and Fortigate.

We have a very robust implementation of firewalls for a central site, a contingency site, and five agencies, all connected by MPLS. In each perimeter firewall, we apply the security features of FW, IPS, AV, and AB. Additionally, we have a VPN concentrator for VPN S2S and C2S.

Over time, Check Point's solutions have had fewer security breaches than their competitors, which is why they remain in high categories and quadrants, as they are a very robust technology. As pioneers in information security, Check Point has been innovating year after year in information security.

Since we implemented this architecture in our client, we have not had any security breach exploited and the organization maintains communication with its different sites through MPLS and VPN to secure and encrypt the traffic that passes through said connection.

In addition to the different security features that Check Point security solutions have, their integration with other technologies makes the security environment a complete security type.

Apart from the technological and innovative solution, a point in favor of Check Point is the support provided by the manufacturer, since over time, we have not had any case that is not resolved, they have a good escalation process and highly qualified staff. 

The process of opening a case has different options that are convenient.

Check Point could do better to include acceleration technologies like SD-WAN in an integrated or embedded way to provide these new features that Check Point never had and is of great importance in the market.

Its competitors have this SD-WAN technology, if it were not for the fact that Check Point has been more stable historically, this value would weigh negatively for Check Point when choosing a solution.

If Check Point includes this feature, they will be able to cover those architectures where traffic between sites must be protected and accelerated.

I have been using Check Point for ten years. It is a very mature and robust technology. R81 is a very stable version and always has great security features.

I consider that they have good support engineers at each level of escalation, according to the criticality of the issue.

Positive

I do use other technologies, however, Check Point is historically more stable for me, as they have had fewer exploitable security breaches.

Check Point has a good cost-benefit ratio.

We also evaluated Fortinet, Palo Alto, and Watchguard.

We've been using Check Point Firewalls for about nine years, from the early Nokia boxes to the most recent OpenServer architecture. Next year we're finally going to upgrade to an appliance directly from Check Point.

Check Point Next-Generation Firewall (NGFW) is a very good firewall. It is one of the best firewalls that I have used. I would rate Check Point Next-Generation Firewalls (NGFWs) a nine out of ten. 

Also, Check Point has a great architecture, where you can just enable the software blades and deploy a secure service. 

Overall, it provides ease of deployment and ease of use.

All in all, I'm delighted with their security solution. Making configuring numerous layers of security policies easy to use was always one of the things I liked most about their firewall solution. 

You have multiple security layers that build upon each other, from the traditional security policy that is IP and port-based to application security, intrusion prevention, and their latest sandblast cloud-based malware detection. Everything is easily managed through their "SmartConsole" dashboard. 

It's valuable as a next-level network security appliance for your enterprise.

It comes with advanced features like web filtering, app filtering, user-based policies to restrict web and application uses, tunneling, restricting bandwidth uses according to policy, load balancing, etc., and helps to cover almost all network security requirements.

Our IT team has installed a firewall on all of our company's workstations and laptops to keep our own data and our customer's data secure. This program runs in the background and I don't even notice it, but it keeps me secure at work.

Configuration using the command line is not that simple and user-friendly.

There is no email security.

It's a bit confusing to configure at first. An example is having to set up separate source and destination NAT rather than a simple static mapping. Some configurations require accessing multiple different sections rather than being consolidated in one area. License subscriptions are a bit confusing as well for additional features.

The CLI is not very useful.

There's no option to import bulk address objects.

The firewall default rule 0 blocks rule matches to allowed traffic, even though allow rule is written.

I started using this solution in 2009.

I am very satisfied with this product.

I have been using Check Point firewalls for a few years now and I enjoy the interface.

It also integrates great with our other security tools.

The GUI is much more user-friendly than other Firewall vendors.

I use Check Point Next-Generation Firewalls since things are automated and updated frequently. I did not use a different solution. 

It's not the cheapest solution, however, it's one of the most advanced and competent.

I am not responsible for our manager's choice of this product. He said it's the best product to secure our network. 

Check Point licenses work very differently compared to other vendors. We need to purchase each blade in order to make it work, however, we can easily obtain a trial (evaluation) license from Check Point to get visibility for the blade. Check Point tries to maintain relationships with customers and they try to match their price with customer expectations.

We currently use Check Point's firewall for our data center. We use Check Point firewall for providing the first layer of security to web application servers and intranet servers. It is robust and easy to upgrade, which makes it less stressful for the administrators. Its failover clustering option also works seamlessly.

The Check Point firewall is used to secure our environments. It also allows us to set up tunnels between our various sites.

We use it for the publication of services, as well as a notification system that reports on user behavior and unusual traffic - both within and outside of the network. 

Over the years, we have experienced various types of attacks on our company, and, without the help of the Next Generation CheckPoint Firewall, we would have lost.

The spoofing feature helps us to prevent various attacks in our organization.

The firewall policy designing and implementation allow for inline policies that make for clearer teaching on the correct use of policies as well as a more readable list. We can also run policies with two or more people simultaneously without problems or the risk of developing the wrong policy.

The initial sizing is not a problem. You can easily add more resources if needed. Reliability is a major factor in any hardware or software solution, and Check Point uses cutting-edge hardware. Their software upgrade process is flexible for different deployment requirements. 

Their threat analysis reporting in their management console is comprehensive and easy to use. The web-based dashboard is well designed and offers a wide variety of out-of-the-box reporting. It offers admins extensive customization.

The list of site-to-site VPN configuration options is long. They can become confusing and communication with other vendors when deploying VPNs is not the strongest. It's totally different from any other VPN vendor I've encountered.

It lists the current threats identified on the appliance's front page. It would be easier to find information by clicking on the threat and clicking the exact logs, rather than all host logs.

The smart console is heavy. It would be better if it was like the web-based consoles that Palo Alto and Fortigate FW offer.

I've been using the solution for more than a year.

We initially started using the Check Point device for the VPN blade.  

After using the VPN blade for several months and using the hardware interface we found it very easy to use.  

The small business hardware device was powerful and easy to set up. We started using the firewall and Nat shortly after that. 

Having additional features like the threat prevention that has IPS antivirus antibot and threat emulation we're all added bonuses. This also gives us a piece of mind for the safety of our business.  

Securing our organization was our main goal. Check Point, with threat prevention which includes IPS antivirus antibot and threat emulation has better secured our business from the internet.  

With the auto-updates made simple and knowledgeable support personnel, it has freed up our time to focus on other IT strategies.  

Utilizing the Check Point support team has allowed us to configure and use other money-saving features like VPN tunneling to remote offices, while still remaining secure in our systems.

Check Point VPN has been most valuable to our organization. Having a hardware solution that allows our remote users to connect securely to our business is extremely valuable. 

The ease of use, setup and configuration backed by the knowledgeable support of Check Point has made this a smooth and easy setup. Our users can get connected securely, anywhere. When connected with our Check Point VPN endpoint, users get the same security and prevention from the threat prevention module as the rest of the devices on our network.

As a small business, IT expenditures are always a tough call and hard sell. With every business connected to the internet these days, firewalls and threat prevention are very important for any business of any size. Check Point's small business devices are a great fit for most any business. However, including some sort of menu or grouping for VOIP would help the small business area that has limited support. Check Point support is very knowledgeable and can also help in this area as they've helped our business evolve as well.

I've been using the solution for 20 years.

The hardware units are solid. It is a stable solution. While you're subscription is active checkpoint fully supports your hardware and will replace if you have any uncorrectable issues.  After 20 years, I've only had to do a hardware replacement once.  Once setup, they just do what their supposed to do.

The solution is very scalable. Configurations can be imported to other units.  Many levels of hardware and software are available.

Customer service has always been very knowledgeable about their products.

Positive

We used to use Norton VPN. We switched due to the fact that we had issues with the system.

The product offers a simple basic setup.

We handled the implementation in-house.

There are different levels of protection and yearly maintenance on offer.

We did not evaluate other options previously. 

The support is great.