Check Point NGFW Reviews

We use Check Point firewalls as perimeter firewalls which are restricting the organization's incoming and outgoing traffic and taking advantage of the redundancy capacity of internet providers, which provides fault tolerance when an internet provider has a fault. 

In addition, we use it for the publication of services and with an event viewer that allows us to view alerts about behavior and unusual traffic inside and outside the network. URL filtering and application control are perfect complements to the packet filtering that it offers as a firewall solution.

Check Point offers a reliable firewall solution with VPN options that have allowed us to establish secure and stable connections with other companies and users in a very simple way.

Simple and centralized administration has allowed us to manage all the firewall nodes from a single console, facilitating the deployment of firewalls through the network, since a large part of the configurations and access rules, as well as the protection controls, are managed from a single console and via centralized maintenance.

Check Point is a robust and reliable security solution, whose architecture and design allow centralized administration with a graphical interface that facilitates its management. 

The way in which it manages the nodes within a cluster architecture is excellent, offering fault tolerance which is, in my experience, practically imperceptible when one of the nodes fails. This is thanks to the fact that it maintains a table of shared connections between the nodes and the large number of variables that it takes into consideration to validate the health of the nodes.

As a firewall, Check Point is a great solution and in my experience, there is little that I could indicate how to improve.

That said, a point where it could improve is in the redundancy of the ISP. It should allow more than two internet providers in its configuration of "ISP Redundancy". This redundancy could be managed from variables such as the automatic calculation of the load level between internet lines or load distribution between internet lines in periods of pre-established hours, etc. All could be handled from the same graphical interface.

I have been using Check Point for more than 11 years.

Its stability is one of the selling points. It allows us to have great confidence in Check Point solutions.

The performance is excellent in the new appliances. The solution is very scalable and easy to integrate.

They have a good response time and their personnel have a good technical mastery.

I was using ASA, however, we switched to Check Point as it offered a centralized interface for managing all nodes in addition to having an excellent graphical interface that facilitates day-to-day operational activities.

The initial configuration is very simple and intuitive. Check Point offers a graphical configuration interface that makes the process simple and it is complete in just a few steps.

The provider we have used has highly qualified staff and offers excellent and professional services.

It has an acceptable cost considering the stability and the benefits that Check Point solutions offer.

We did not really look at other options. We are very confident with Check Point solutions and we take the stability it offers very seriously.

You must consider Check Point as your first NGFW option. 

On-premises

I am using Check Point Next Generation.

The solution boasts a host of features that we like. 

Tech support should be improved. There are times when the technical team fails to understand things at the ground-level. 

The dashboard can stand improvement. 

The solution is overly expensive. 

The initial setup is a bit complex. 

The solution is scalable. 

Technical support could be better, as the tech team at times does not manage to understand ground-level issues. 

The setup is somewhat on the easy side, but certain things are complex. While the solution is a little easier to manage than Palo Alto, I was forced to make comparisons between the two products. 

The price is too high. 

The solution is geared towards organizations hosting more than 50,000 employees.

Hybrid Cloud

It's our main firewall and the first line of protection from the outside! We use it to interconnect our remote locations (that use different vendors and equipment) and let the employees work remotely.

We're a small site with 300 users and this equipment is more than enough for us. We use almost all the blades and the equipment has run smoothly for years.

This NGFW monitors all the traffic outside of the main network, prevents malicious activities, and lets us easily manage network policies to shape our connections.

Stability and security are the best way to describe this solution. The attacks from the outside still exist, but now we're better protected. We can view everything that goes in and out of our network with all the information in one place. The drill-down is very helpful and easy to use. Currently, we can troubleshoot connection problems live and solve them in a couple of minutes. This is an improvement on the 1-2 hours with the old solution.

In 4 years we've only had one problem with the equipment (due to a malfunctioning UPS). That corrupted the boot of the equipment, but was easily solved with an fsck.

We basically use almost all the blades, since the IPS, Threat Emulation, Spam, etc., are essential for our work. However, currently, Mobile Access is the most valuable. The stability of the solution and the security it gives when working remotely is great. It lets our employees work from everywhere, anytime!

The AntiSpam/Mail blade was also one of the main reasons we went with this product since we hosted our email server locally. This was an extra layer of protection on top of the existing solution.

Threat and Application control are also very important to us.

I do prefer to manage everything from only one point of entry/one application. Some things can only be configured from the smart console and others from the smart dashboard. This is the only handicap in this solution. It would be ideal to manage everything from one central place.

Instead of using a windows application to manage the equipment, it would be better to use a web app to configure the solution from a browser.  I know that it's not as powerful (you can't do everything from there), but then we could manage the solution and troubleshoot from any device.

It's faster to see the event logs on a webpage than it is to see them in the smart console.

I've used the solution for 4 years.

It's very stable. It's also the main reason I love the solution.

During this time i never had to manually restart the equipment because of connectivity problems or because of CPU/memory degradation performance. Sometimes these values get high, but i never lose Throughtput, the equipment continues to run smoothly. We used to restart our older firewall at least 2 times per month.

In the beginning, because we use the spam blade, the memory usage was always high, and the administration was a little bit slow. But Checkpoint provided us an extra memory upgrade and after that we never had administration problems. If we don't have internet connection it's allways the ISP, it was never because of the firewall.

Although I only have one unit, I know that it scales perfectly.

We only had one problem with this equipment. That was because it couldn't boot properly due to disk corruption (malfunction UPS), however, searching the technical Check Point forums it was easy to find a solution to the problem at hand.

We managed to solve the problem without contacting customer service at all.

We used to have Zyxel products, but they were aging and couldn't let us connect at faster speeds.

The setup was easy. It didn't take long to have it up and running.

The only concern for us was the remote sites - since it was different vendors. However, we had everything documented and prepared and due to that, it went flawlessly.

It was also easy to create access policies.

The implementation was through a vendor, and the installation went really well. The consultant was Check Point certified and explained everything in detail.

Later on, we added new remote sites to the configuration (in-house) without any problem. We didn't need to check with the vendor.

It's not easy to calculate, however, given the stability and security of the solution, it's elevated. There are no bulletproof solutions. That said, now we can rest a bit more because our assets are more protected than they were a couple of years ago.

The setup cost, pricing, and licensing can be a bit expensive, but, I promise, it's completely worth the cost.

I evaluated Fortinet and Check Point.

It simply works like a charm. The stability and trust in the vendor are also very important to us.

On-premises

We use this solution for permissions regarding access ports and services. We also use Check Point Remote Access VPN as an endpoint VPN. We use it for site-to-site configuration. 

All of the traffic that comes through our sites passes through our firewall. Basically, everyone, including our staff and clients, passes through our firewall. In other words, we have thousands of users using this solution.

The NGFW has helped our compliance to regulations authorities such as PCIDSS. It has has helped the bank create secure connections to vendors and third party service providers as well as remain stay protected from attacks and intrusion attempts.

The management of services, including forming access lists with the services we have, connecting servers to servers, permissions between servers and users — this is all great. In addition, Check Point has a really cool GUI.

The end-user VPN could be improved. It could benefit from some modification. 

The VPN timeout feature needs to be improved. When we try to connect to the VPN, it times out before we can even enter our user name and password. If you can't prove you are who you say you are within seven to ten seconds, it just kicks you out.

1 year +

Check Point has actually failed twice within the last year. The first failure was a disk failure. Check Point offers a software solution, they don't actually offer hardware. They will only provide you with the software and licenses. Because of this, when our disk failed, we had to wait for them to ship in some new hardware for us to fix the issue.

Aside from the disk failure issue, a month ago, our Check Point device froze. We don't exactly know what caused it to happen. It caused the entire organization to go down for about two to three hours until we found out that Check Point was not allowing anything to pass through. Our Check Point is clustered, so primarily it's supposed to have a failover feature. For some reason, the failover feature didn't work. When the primary gateway went down, it affected everyone.

We've not tried to expand Check Point. We have two sites. We have a primary site and a secondary site that is off-prem. For this reason, we planned big. We planned for a high amount of availability for our two sites. We use clusters of four gateways: two gateways are in one cluster, and another two gateways are in another cluster. If one goes down, it switches to the other. If the second goes down, it switches to the other DR site. We've got backups of everything. 

The technical support is very responsive. We have a vendor that acts as a buffer between us and Check Point. In our country, these companies all have a local vendor that pushes their product.

When we contacted our vendor, our vendor called Check Point and as they were talking, Check Point shipped the hard disk, to fix the issue I mentioned earlier. They just placed the order immediately, while we were still talking. We think that they knew that delivery was going to take about five days — it was actually very fast.

The initial setup and deployment were straightforward. We deployed it with RADIUS servers;  it was not complex at all.

From scratch to finish, deployment took about a month. It took this long because we had to convert all of our existing configurations from Cisco Firewall to Check Point. We had to get help from our vendor to do this. He had to manually convert each and every command from our existing Cisco device to Check Point — that took a while. This was the main reason that deployment took so much time.

The end-user VPN didn't take much time to deploy. Neither did the site-connecting with the VPN — that took a day or two to deploy.

I think our licensing is on a yearly basis, but it could be every three years. Either way, it's not more than three years — that I am certain of.  

The pricing was actually what made us go for Check Point. Palo Alto was much more expensive. Check Point offers the same applications and features as Palo Alto for roughly a third of the price.

We evaluated Palo Alto, Cisco (which we were using), and we also evaluated Check Point — which we ended up with.

I would recommend Check Point to others. We are still learning as we're just about a year into using it, but so far, the support and the solution in general has been good. I'd recommend Check Point, especially to users that are looking for an affordable solution. 

Check Point also has a great community. They have this community where users can go to share ideas. They also have great networks. 

Overall, on a scale from one to ten, I would give this solution a rating of eight. Cisco dominated the African market until Check Point came along. 

On-premises

We have a pretty small office and therefore, a small network environment, and the SMB appliances from Check Point were a perfect fit and exactly what we were looking for in order to improve our overall security posture in the office.

It was critical for us to be able to secure our network, including intrusion detection and prevention along with threat emulation and extraction for zero-day threat help, and Check Point fit perfectly.

After implementing the solution, we were able to get through a third-party penetration test of our network without issue.

Check Point NGFW has improved our organization by making our corporate network much more secure. Once our SMB appliance was installed, configured, and up and running, we could rest a little easier knowing that unauthorized access to our network just became much more difficult.

By turning on the various software blades, intrusion detection and prevention were in place, we had threat emulation and extraction in place, etc. It was a one-stop-shop for us and gave users on our network a certain peace of mind knowing that there was something in place to help keep them safe from malicious actors.

There are many aspects of Check Point NGFW that are valuable and important to our organization, but I'd say the top three are intrusion detection and prevention, threat emulation, and threat extraction. These three features have set a good baseline of security on top of the normal application URL filtering and other services of the firewall.

The way in which a computer is immediately isolated if it starts behaving badly and I get a notification of an infected computer is also extremely nice and a great feature.

When first looking into the Check Point offerings, it was fairly confusing trying to determine the differences between the different offerings. Specifically, SMBs versus other models, and which one would work best within my environment for my use case. I think we ended up in a good spot after speaking with a reseller in the area, but it would have been nice to be able to get there independently.

The WatchTower app that can be used to access the SMB appliance remotely is a nice touch, but it doesn't allow for many actions to be taken and therefore is relegated to mostly notifications. At that point, it requires me to gain local access to go further. It would be nice to add more features to the WatchTower app to be able to perform certain administrative functions without the need for local access. 

We have been using Check Point NGFW for two years.

This product is stable and we have had no issues.

We did not use another solution prior to this one.

Easy setup and configuration by a non-network/security person.

Check Point brings good value for the money and is competitive in the market.

We evaluated Fortinet FortiGate but Check Point seemed like a better fit for us in terms of features and value.

On-premises

We use the solution for full-scale integration and end-to-end management at the organization in a distributed deployment. The deployment/installation is quite easy.

Check Point NGFW is the best in terms of comprehensive protection against network threats and security against malware and phishing attacks. It smoothly restricts these via anti-phishing algorithms. 

Check Point NGFW source package covers all the bases - application control, NAT, DLP, routing, content awareness, VPN, desktop security, and much more. 

It is scalable, provides end-to-end resolution and customized productive services like providing a complete solution for perimeter protection that blocks the traffic based on an IP address or on applications and content. This makes Check Point NGFW a highly promising and more or less a complete solution.   

Check Point NGFW proved to be highly scalable, secure, and stable, among other alternatives to multiple firewalls present in the market. 

Before we used Check Point, we faced many issues such as latency, business interruptions, etc. In a single bundle we have the all solutions we need - like application/URL filtering, and threat emulation/extraction. In one single platform, we can manage everything with no need for a separate console to check/manage the features and behaviors. It has improved the performance and has minimal latency.

The most valuable aspects include:

Security Management. In a single console, we can manage the policies. It includes all the included bundles, features, and monitoring of logs.

Packet Filtering. This is used to examine every packet of data passing through your network. 

Built-in High Availability. A standard backup feature should be included if you cannot risk losing your firewall. 

Bandwidth control and monitoring. It's important to control the use of the bandwidth you have available.

Policy verification/validation. Check Point provides a convenient abstraction for bundling the validation of data against an expectation suite. 

They could improve by lowering prices. The source package is a bit more expensive than its competitors. We've had some downtime issues

Improvements in the time and attention given to solutions for generated cases.  Licensing that is more comfortable and affordable.

Check Point NGFW Firewall requires frequent updates to build more user-friendly dashboards.

A few services of Check Point NGFW require immediate improvements, like the customer support portal and the ads management on the platform.

Sometimes the KB article does not include all the steps. There is a chance for improvement in the content of global KB articles.

I've used the solution for eight or more years. 

On-premises

The primary use case for this solution is to protect the devices under the firewall.

There is a customer who has many switches and routers in their network. They are only protected by an old Cisco ASA firewall. So, the customer instead finds a new vendor or service, and thus we install the Check Point Firewall.

Since the customer has many devices, it takes quite some time to move the Cisco ASA firewall rules to the Check Point policies. However, Check Point has a function to import the policies so it takes less time to do so. Still, the rules that were imported are a mess so we still need to check them one by one and fix the errors before installing them in the customer environment.

The Check Point NGFW has improved the organization by helping with multi-tasking.

The Check Point Firewall that we have is better than the previous Cisco ASA as the firewall has IPS, anti-virus, and anti-bot installed into it at the same time. The IPS is frequently updated so the rules are always new and in place. The firewall IPS and anti-virus can also get other threat intelligence from the web so that the firewall will always have good protection that is up to date. 

The anti-bot is good as it can prevent the firewall from being protected from DDoS without creating any rules as it automatically blocks IPs that are sending too much information to the servers.

The features I found most valuable are the import, logging, and IPS.

The import makes it easier for us to copy the rules without starting from scratch, which will take lots of time. The next thing I find most valuable is the logging. The logging which is called Smartview can distill the logs into simple reports which makes it easier to see all the attacks and issues the firewall faces without diving deep into the logs. Lastly, the IPS is always new and up to date so the attacks that happen are always blocked.

The firewall can improved to make it more user-friendly. The firewall is somewhat not user-friendly as it has many sections and makes it complicated for a layman to understand where to put the policies and rules. 

The firewall also doesn't save the policies immediately after you save them, which means you need to do one more extra step in order for the new rules or policies to take effect. During my first time handling it, I did not understand why the rules and policies I put in didn't work until I found out that you need to click the install button until it takes effect.

On-premises

I am using Check Point NGFW in an internet-facing manner thanks to the advanced features and security, like the SAM database.

If anyone wants to use the firewall as internet facing, then Check Point NGFW is the best option.

Our organization gets many attacks on our server, so we have installed Check Point firewall for internet-facing scenarios,

The SAM database and advanced blade are the most valuable aspects of the product.

The Check Point architecture and packet are very good.

We need further protection from future critical cyber attacks, as cyber-attacks are growing day by day, and every day new attack is happening in the real world.

There is a huge amount of revenue lost in the financial/banking sector due to cyber attacks, so we need to have something that can highly concentrate on future cyber attacks.

Check Point should release some new technology that no vendor has ever done before.

Check Point NGFW helps me as a network security engineer as it is easy to troubleshoot the issue and also its easy to clear all vulnerabilities in Check Point after upgrading.

I have been using this solution for five years.

The stability is good. 

The scalability is good.

They are awesome. They offer a high level of support.

Positive

I have used Cisco, however, due to multiple vulnerabilities, I have switched to Check Point.

The initial setup is straightforward.

The ROI is good. 

They offer good quality, therefore, the pricing doesn’t matter.

I have compared many vendors, including Sophos and Fortinet.

On-premises