A specific example of how Check Point NGFW helps with operations and remote access in my organization is that we've seen improved security and protection. In addition to the security features of the firewall, we are integrating it for VPN use.
Tech Support Engineer at Sybyl
Centralized management and policy tools improve security operations and reduce breaches
Pros and Cons
- "Check Point NGFW has positively impacted my organization by providing a significant reduction in security breaches, along with improved visibility and granular control over our applications and users."
- "The first-time setup was difficult because when we looked at the documentation, I made a suggestion to get clearer guidance."
What is our primary use case?
My main use case for Check Point NGFW is as a way to serve as an internal firewall for most of our network security operations and remote access.
How has it helped my organization?
Check Point NGFW has positively impacted my organization by providing a significant reduction in security breaches, along with improved visibility and granular control over our applications and users. It has also improved network performance and stability.
An example of how having granular control has helped my team in a real situation is that we are looking at application traffic and blocking malicious content for improved network performance and stability. We can also optimize bandwidth utilization, and regarding reduced breaches, we've seen it detect threats before they actually happen to our internal network. About enhanced visibility, we are looking at the ability to identify and control applications for users.
What is most valuable?
The best features Check Point NGFW offers in my experience include the centralized management console, which stands out to me, and it has a variety of tools such as policy management.
The value of the centralized management console and policy management for me is that it offers insight into all our policies that we administer, along with all the devices that we use regarding Check Point in the organization. This saves time during administration and configuration, especially for new users and new policies.
It saves us quite a bit of time compared to the way we managed things before, as it takes about a minute or so to spin up policies and push them through the organization network. I appreciate that we can create a template which we can use for multiple deployments regarding policies, which saves a lot of time. I also appreciate the reporting feature which gives elaborate reports for events.
What needs improvement?
I believe Check Point NGFW can be improved by making its initial configuration and deployment easier in the future because the first-time setup is really hard.
The first-time setup was difficult because when we looked at the documentation, I made a suggestion to get clearer guidance.
Buyer's Guide
Check Point NGFW
July 2025

Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
861,390 professionals have used our research since 2012.
For how long have I used the solution?
I've been using Check Point NGFW for about a year and a half now.
What was my experience with deployment of the solution?
My experience with the deployment process was that it's a bit complex for first-time users.
What do I think about the stability of the solution?
Check Point NGFW is stable for us, and we have experienced no crashes or downtime.
How are customer service and support?
The customer support is great, and I have had to reach out to them; issues are resolved in a timely manner.
I would rate the customer support an eight out of ten.
Which solution did I use previously and why did I switch?
Before using Check Point NGFW, we had Sophos Firewall, and we switched because we wanted to try something new, but also Check Point proved to provide more enhanced features and tools.
How was the initial setup?
Overall, the initial setup with Check Point NGFW is a bit complex.
The complexity of the configuration for first-time users arises from the guide and documentation, which, as I said earlier, is not straightforward. We received training later on, which enhanced our usage with the appliance.
What was our ROI?
We have seen a return on investment in terms of reduced incidents, as we've seen a reduction in security incidents.
Which other solutions did I evaluate?
Prior to choosing Check Point NGFW, we evaluated other options such as Huawei.
What other advice do I have?
My advice to others looking into using Check Point NGFW is that they would need to evaluate their organizational needs, especially network and security-wise, before making a decision on what option to purchase on the market regarding firewalls and security appliances.
My company has a business relationship with this vendor, as we are both a partner and a reseller.
I rate Check Point NGFW eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 11, 2025
Flag as inappropriate
Sr. Cyber Security and Solutions Architect at a consultancy with 201-500 employees
Robust security and seamless integration enhance classified application management
Pros and Cons
- "One of the most valuable features is the ability to whitelist and blacklist sources to control access to our ecosystem, ensuring secured SaaS application access."
- "I would absolutely recommend this solution to others for its robust security and scalability."
- "The graphical user interface (GUI) could benefit from some updates."
What is our primary use case?
We use the Check Point Next Generation Firewall for whitelisting and blacklisting of addresses. It's part of our identity management solution and is utilized for inbound and outbound traffic services.
Additionally, it is integrated with our DMZ, managing traffic from an IP addressing scheme. We also use it for monitoring different types of classified and nonclassified applications.
How has it helped my organization?
Check Point has improved our organization's ability to manage both classified and nonclassified applications securely, ensuring they pass through multiple layers of security within our firewall infrastructure.
What is most valuable?
One of the most valuable features is the ability to whitelist and blacklist sources to control access to our ecosystem, ensuring secured SaaS application access. It provides robust security across classified and nonclassified applications and integrates well with our existing infrastructure.
What needs improvement?
The graphical user interface (GUI) could benefit from some updates, although it is generally satisfactory in its current form.
What do I think about the stability of the solution?
The solution is stable, and I have the utmost confidence in its software stability.
What do I think about the scalability of the solution?
The application is very scalable, allowing us to manage security across different network layers and support various applications and activities.
How are customer service and support?
Customer support quality depends on the person you interact with. However, the support team we engaged was knowledgeable and well-versed with the application, allowing us to resolve any potential issues effectively.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We switched to Check Point due to cost and maintenance benefits. The previous solutions required significant resources to handle network and communication alignment during upgrades.
How was the initial setup?
The initial setup is straightforward, with no significant issues arising from the box configuration.
What about the implementation team?
Our implementation team comprised about thirty individuals, including supervisors for each stage, to manage testing, validation, staging, and production.
What was our ROI?
We conducted a detailed analysis and determined a high return on investment. Maintenance and stability were key factors contributing to a favorable ROI.
What's my experience with pricing, setup cost, and licensing?
We found the pricing reasonable, ensuring the product was not overpriced. However, I am not familiar with the exact cost details.
What other advice do I have?
I would absolutely recommend this solution to others for its robust security and scalability.
I'd rate the solution ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Nov 17, 2024
Flag as inappropriateBuyer's Guide
Check Point NGFW
July 2025

Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
861,390 professionals have used our research since 2012.
Student at a university with 5,001-10,000 employees
Integrates with with Active Directory, IPS, standard VPN, and the firewall
Pros and Cons
- "Integration with Active Directory, IPS, standard VPN, and the firewall itself are the most valuable features for us. We haven't yet certified or aren't using Application Control, anti-bot, or anti-virus features."
- "Significant improvements have been made in the product. I started working with the R65 code and then upgraded to R74.40. When they transitioned from R77.30 to R80.x, they made major back-end modifications, switching from a flat file system to Solaris and Postgres. This was a big step that neither customers nor their support staff were fully prepared for."
What is our primary use case?
We needed stateful inspection, logging, integration with Active Directory, and the ability to monitor devices using standard SNMP for use cases. Now, with the tool's Skyline product and OpenTelemetry, we can monitor it through Prometheus and Grafana. It has all the features we needed when we certified the solution.
What is most valuable?
Integration with Active Directory, IPS, standard VPN, and the firewall itself are the most valuable features for us. We haven't yet certified or aren't using Application Control, anti-bot, or anti-virus features.
What needs improvement?
Significant improvements have been made in the product. I started working with the R65 code and then upgraded to R74.40. When they transitioned from R77.30 to R80.x, they made major back-end modifications, switching from a flat file system to Solaris and Postgres. This was a big step that neither customers nor their support staff were fully prepared for.
Now, they're adding more features due to the increased flexibility of the new back-end. The main improvement I'd suggest is better preparation when introducing new features. Before releasing, they must train their support staff to troubleshoot these new features. The transition from R77.30 to R80.x was problematic due to a lack of preparation by Check Point, customers, and support.
What do I think about the scalability of the solution?
Sizing is crucial, but we've never had issues with the products we've sized for each environment. The Maestro solution provides a lot of flexibility. On a scale of one to ten, with ten being the highest scalability, I'd rate it a ten.
Which solution did I use previously and why did I switch?
I use Palo Alto firewalls. Check Point NGFW was the first to invent the stateful inspection firewall. They focus more on security and try to keep their motto of "keep security simple". They don't get bogged down in marketing or complicated terminology when using their products.
Even enabling a firewall blade on Palo Alto requires learning about different sync ports, how sync ports differ between chassis, and navigating through multiple GUI tabs for configuration. It's not as straightforward.
On the other hand, Check Point NGFW has kept things very simple for deployment. You set it up once, and then you can repeat the same process repeatedly.
How was the initial setup?
On a scale of one to ten, with ten being the easiest, I'd rate the initial setup as ten. The process is straightforward: you rack and stack, configure the management code, create a standard policy, establish SIC, and push the policy. This process has remained consistent over the years.
For deployment, it took us longer than the typical two weeks because we had to design solutions for different scenarios. Check Point offers various options, such as clustering solutions, Maestro solutions, and standalone solutions. We had different use cases—some required standard clusters with ClusterXL, while others needed scalability solutions like Maestro. We also had to factor in sizing considerations.
The certification process took about the same amount of time as other products. We've been using the Maestro solution for a while now, so when new platforms are released, there isn't much change required beyond certifying the new hardware and ensuring backward compatibility with our certified solution.
Initially, it took a little more than two weeks to certify. However, the actual deployment still follows the same standard process and is actually easier now than it was in the past.
We call the team responsible for deploying certified solutions to the service delivery team. It's made up of two groups: build services and service delivery. The build services team works with our networking team to ensure our network and peering devices are set up right to host the firewall.
The service delivery team focuses more on the firewall itself. We need about three or four extra people from build services for firewall deployment. They act as go-betweens with the network team, ensuring our firewall solution works well with the peering devices when we put it in place. The build services team is important because they ensure everything fits together properly when we set up our firewall.
For maintenance, the solution is pretty stable. We have a global team, but a separate team handles regular firewall changes and daily operations. For support, we have about ten people total - three groups of three people each. This team manages around 1200 firewalls, including Check Point and Palo Alto devices.
What's my experience with pricing, setup cost, and licensing?
Check Point NGFW is much cheaper than other platforms, including Palo Alto. Its scalability, especially with the Maestro solution, is a big advantage. If you're looking for good security at a reasonable price with a good return on investment, I believe Check Point NGFW is the way to go.
What other advice do I have?
I've been dealing with Check Point NGFW for my entire career. I started with their Stateful Inspection feature. The term "Next Generation Firewall" is just marketing. Check Point's UTM product was designed from the ground up with next-generation features. They have a feature called Blaze. Besides stateful inspection firewalls and VPNs, they offer IPS, application control, URL filtering, antivirus, and antibot. You can also integrate it with third-party tools like Active Directory for authentication. This combination of features is what's called a next-generation firewall.
Other vendors use terms like app ID or user ID. They focus less on ports and more on ensuring services match their intended use. For example, if port 22 is enabled, it should be for SSH service, not something else. We use both Check Point NGFW and other products. I think if you commit to one vendor's approach, it can be hard to switch late.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Senior Solution Consultant at a tech services company with 51-200 employees
Centralized control and AI boost security while support faces challenges
Pros and Cons
- "Check Point NGFW has positively impacted my organization by improving security and reducing incidents."
- "In my experience, Check Point NGFW is not stable."
What is our primary use case?
My main use case for Check Point NGFW is perimeter security, and we use it on-prem.
I use Check Point NGFW for perimeter security specifically in our data centers.
What is most valuable?
The best features Check Point NGFW offers are centralized manage control and centralized load manage control.
The AI power enhances the features of Check Point NGFW.
The AI powered features provide real time threat detection.
Check Point NGFW has positively impacted my organization by improving security and reducing incidents.
We have seen a 2% reduction in incidents.
What needs improvement?
Check Point NGFW could be improved if support was better.
My experience with support has shown that there are delays.
For how long have I used the solution?
I have been using Check Point NGFW for three years.
What do I think about the stability of the solution?
In my experience, Check Point NGFW is not stable.
What do I think about the scalability of the solution?
The scalability of Check Point NGFW is satisfactory.
How are customer service and support?
I find the customer support to be very challenging.
I would rate the customer support a seven on a scale of one to ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
Before using Check Point NGFW, I was using Dell SonicWALL, and we switched to Check Point NGFW because it is a better solution than Dell SonicWALL.
How was the initial setup?
The initial setup with Check Point NGFW has been straightforward.
What was our ROI?
I have seen a return on investment with Check Point NGFW in terms of time saved and fewer people needed for operations.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup costs, and licensing has been straightforward.
Which other solutions did I evaluate?
Before choosing Check Point NGFW, I also evaluated options such as Palo Alto.
What other advice do I have?
I don't have anything else to add about my use case.
I don't have anything else to add about the needed improvements, as of now.
My advice to others looking into using Check Point NGFW is to go for it.
I think Check Point NGFW is a great product, and other customers should experience it.
On a scale of one to ten, I would rate Check Point NGFW an eight.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 15, 2025
Flag as inappropriateGood security and filtering with great next-gen firewall features
Pros and Cons
- "I love the application filter, as the user cannot access any applications that are not relevant to them."
- "They just need to improve the technical support and professional services in India."
What is our primary use case?
The primary use case of many organizations is to protect their environments from outside cyber threats across multiple layers of infrastructure. For example:
1. At a perimeter level, it protects the network at the parameter; many organizations use this firewall.
2. It provides scalability and seamless traffic flow in a network.
3. It has all-in-one next-generation features, so many organizations save money using this firewall.
How has it helped my organization?
Check Point NGFW helps in many ways, including:
1. Using the application filter feature, I can block all the unwanted applications which are not used in the organization. Due to this, less bandwidth is used in the network. This leads to a cost cut in the ISP bill.
2. With the help of URL filtering, I can block very easily. If this is not blocked, users may surf malicious websites or download malicious files.
3. Evaluation licensing helps us to conduct POCs and explain all features to customers.
What is most valuable?
I love the application filter, as the user cannot access any applications that are not relevant to them. This reduces the likelihood that someone may access an application that contains a malicious link or file that the user may download, which in turn reduces ransomware attacks and DDoS attacks.
What needs improvement?
They just need to improve the technical support and professional services in India. We have received many complaints about them from clients and also face the same issue ourselves.
For how long have I used the solution?
For the past one and half years I have been using Check Point Firewall for security.
What do I think about the stability of the solution?
We have a good impression of stability.
What do I think about the scalability of the solution?
The performance is very good; there is no issue with performance.
Which solution did I use previously and why did I switch?
I've only deployed Check Point Firewalls and have used other older Check Point devices that reached EoL.
How was the initial setup?
The initial set up is simple. Users just need to run the wizard to set up, and they are done.
What about the implementation team?
I deployed the solution for many customers in the banking sector.
What's my experience with pricing, setup cost, and licensing?
Costing and licensing are high as compared to other OEMs.
Which other solutions did I evaluate?
I mostly work on Check Point; others which I have evaluated include Cisco and Fortigate.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Reporting is quite easy and good, and you can see traffic in real-time but complex rule management
Pros and Cons
- "The firewall scanning, like antivirus scanning and malware scanning, are very good. Blocking the user is also very easy."
- "If you want to make a rule for a specific connection, like assigning some users to one ISP and other users to another ISP, you have to use another device, like a third-party firewall intervention."
What is our primary use case?
Mostly enterprise customers use it for their system security as their main firewall. For example, some customers have multiple backup connections, including fiber connections, for redundancy.
They use Check Point as the main firewall, and others use it for email scanning and file scanning to detect any vulnerabilities.
What is most valuable?
The firewall scanning, like antivirus scanning and malware scanning, are very good. Blocking the user is also very easy. If you want to block a user, we can just do it within the solution.
The reporting is quite easy and good, and you can see traffic in real-time. But compared to Sophos, Sophos is still better. There are still areas in Check Point that need to be improved.
What needs improvement?
It's actually quite good, but the only problem we faced was during COVID when people wanted to work from home.
We had to use third-party software to give users access because the Check Point option didn't work as expected. So we used Check Point in the front, but we used third-party software for the virtualization of the applications and everything.
When using redundant connections, sometimes there are issues like one connection going down and switching to another connection. Also, breaking rules can be complicated.
For example, if you want to make a rule for a specific connection, like assigning some users to one ISP and other users to another ISP, you have to use another device, like a third-party firewall intervention and routing, to get the desired results. Other than that, it's good performance-wise.
For how long have I used the solution?
I've been working with Check Point for the past six or seven years. We always work with the latest version.
What do I think about the stability of the solution?
It's very stable. No issues there.
What do I think about the scalability of the solution?
It's scalable.
How are customer service and support?
Our clients have raised questions to technical support. They all have accounts, so we give them the login details. They send an email to support and get a support request. But normally, we try to handle everything on our own.
If there's something we can't handle, like a firmware-level issue, only then do we get support from Check Point.
Which solution did I use previously and why did I switch?
It depends on the client requirements also. Some government agencies need Check Point, and some clients need others like Cisco or Sophos. After Cisco, a lot of clients have changed to Sophos. So, we provide solutions depending on the client's requirements.
How was the initial setup?
The initial setup is straightforward, just like any other normal firewall.
- Deployment strategy:
The deployment process depends on the client. For example, if it's an existing customer with an existing firewall, we first see what their current requirements are from the existing firewall, what they need to implement but cannot, or what challenges they are having.
Then we compare the features of the existing firewall and Check Point firewall, and we tell them what the rules will be, like incoming and outbound rules. We try to see what is the fastest way, without any downtime, how we can point or configure the checkpoint.
Then, after that, we do the testing, because almost all of the offices need that. So, normally, once we set it up, we give them one month for testing. Normally, for a better line or something, we just use a certain IT department or a sub-department for testing. After that, if it's okay, we hand it over.
In a nutshell:
Requirement Analysis → Feature Comparison → Rule Definition → Testing and Validation → Phased Rollout → Client Acceptance
- Deployment time:
Normally, for a site, more or less, less than one month. It depends on the number of users. If there are a very large number of users, like 600,000, then it will take around one month or more.
- Deployment resources:
Normally, we have two technicians working. One is from the Philippines, trained in Sophos and Check Point. We don't need many more staff for the implementation.
- Maintenance:
It's very easy. Only the licensing. Every year, we have to pay, but sometimes clients talk about the cost. Also, very recently, there was a ransomware issue. The only issue is, for example, if it's ransomware, and it doesn't get detected by Check Point and gets infected from another source, we have to prove that it's not from the outside but from the inside. Because there are a lot of case scenarios like this, those are the things mostly.
- Integration capabilities:
Integration is a little bit challenging. It's much easier for integration with other applications and domains. When integrating with a domain, there are still some small issues. For example, when applying a group from the domain controller, we sometimes need to test a firewall and do some reporting. There are small issues like that for the integration of LDAP. Other than that, it's good. It can pull up the users and groups, but there are some minor issues when we apply them.
What was our ROI?
It's effective and good.
What's my experience with pricing, setup cost, and licensing?
Compared to Sophos and others, Check Point pricing is good for the current market.
Which other solutions did I evaluate?
In terms of features, Check Point and other firewalls are almost the same. There are no special or advanced features.
What other advice do I have?
I can recommend it to other people. Overall, I would rate it a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
Managing Director at NRD Bangladesh Limited
A good firewall that provides protection against malware
Pros and Cons
- "The solution's most valuable feature is CDR (content disarm and reconstruction)."
- "I want better (DPI) Deep Packet Inspection in Check Point NGFW."
What is our primary use case?
My customer is one of the big banks in Bangladesh, and they use the solution to protect themselves from malware.
What is most valuable?
The solution's most valuable feature is CDR (content disarm and reconstruction). The Infiniti Portal feature helps manage the firewall and get a proper report, which is required for management. Capacity and Maestro are good features that can produce better firewall speed.
What needs improvement?
I want better (DPI) Deep Packet Inspection in Check Point NGFW. The solution should include some behavioral features to detect the malware smartly.
What do I think about the stability of the solution?
Check Point NGFW is a very stable solution.
I rate the solution’s stability nine and a half out of ten.
What do I think about the scalability of the solution?
Around 20 small and medium businesses are using the solution. The solution's scalability is really good. It has a feature called Maestro, which can increase bandwidth by three terabytes.
I rate the solution's scalability an eight out of ten.
How are customer service and support?
The solution provides good technical support.
How would you rate customer service and support?
Positive
How was the initial setup?
On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup an eight out of ten.
What's my experience with pricing, setup cost, and licensing?
Check Point NGFW is not a cheap solution. Customers often need to pay a premium for its services.
On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven out of ten.
What other advice do I have?
Check Point NGFW is a good firewall. You can mount it into your firewall in every country and have the report. You can find out how good it is. Customers can change this firewall or determine the efficiency of other firewalls, including Check Point. After 15 days, they can see the report, which is a good feature.
Overall, I rate the solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. consultant
Security Analyst at Cognizant
A robust solution that can handle heavy workloads and user traffic well
Pros and Cons
- "The solution is robust and can handle heavy workloads and user traffic well. The product is good."
- "The tool's support is lacking. We find almost all its features useful, except for some challenges with VPN."
What is our primary use case?
We use Check Point NGFW as our data center and branch location firewalls.
What is most valuable?
The solution is robust and can handle heavy workloads and user traffic well. The product is good.
What needs improvement?
The tool's support is lacking. We find almost all its features useful, except for some challenges with VPN.
For how long have I used the solution?
I have been working with the product for ten years.
What do I think about the stability of the solution?
I rate the product's stability an eight out of ten.
What do I think about the scalability of the solution?
I rate the tool's scalability an eight out of ten. My company has 5000 users.
How was the initial setup?
The initial setup can be complex, especially for BGP configurations. I'd rate it a five out of ten for ease of setup. It's neither too hard nor too easy - it depends on your requirements. We deployed it on-premises. The initial deployment of our enterprise-grade device took about three months. We need about two people for maintenance, mainly for operational changes when needed.
What about the implementation team?
We mostly did the deployment ourselves, with some professional services support from Check Point. Three to four people were involved in the deployment, including one from Check Point to validate our work.
What other advice do I have?
The Harmony bundle is interesting, with many new features, but we're not evaluating it much as we're moving to FortiGate. We're not planning to increase the usage of Check Point NGFW. We're looking into SD-WAN and moving towards FortiGate.
I rate the overall solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros
sharing their opinions.
Updated: July 2025
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
OPNsense
Sophos XG
Cisco Secure Firewall
Palo Alto Networks NG Firewalls
Meraki MX
Azure Firewall
WatchGuard Firebox
SonicWall TZ
Sophos UTM
Juniper SRX Series Firewall
Sophos XGS
Fortinet FortiGate-VM
SonicWall NSa
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How does Check Point NGFW compare with Fortinet Fortigate?
- Is Palo Alto Networks NG Firewalls better than Check Point NGFW?
- Which would you recommend - Azure Firewall or Check Point NGFW?
- Is Check Point's software compatible with other products?
- What do you recommend for a corporate firewall implementation?
- Comparison of Barracuda F800, SonicWall 5600 and Fortinet
- Sophos XG 210 vs Fortigate FG 100E
- Which is the best network firewall for a small retailer?
- When evaluating Firewalls, what aspect do you think is the most important to look for?
- Cyberoam or Fortinet?