Check Point NGFW Reviews

We're using Check Point NGFW for network security, intrusion detection, intrusion prevention, application control, DDoS attack protection, sandblast, mobile device management, identity-based access control, reporting, access control policy, scalability, state-of-the-art security gateway, support, threat prevention, accelerated policy installation, concurrent security policy installation, advanced routing, easy upgrading, logging and monitoring, smart events, and smart console.

Check Point has improved our organization's security posture, especially the IBAC, application control, IPS, and IDS. It's easy to set policies on the firewall, which has greatly simplified cleanup and management.

We recently upgraded from R80.10 to R40, and we've had an overwhelmingly positive experience with this version. Our visibility of threats and vulnerabilities has improved. Check Point added new features and revamped its reporting and analysis.

Check Point's rule management helped us simplify access control. At one point, we had more than 1,000 access control policies, and it was challenging to manage them all. We cut it down to 300 policies using Check Point's management features, and we are still working on reducing this further to achieve the best way to manage policies. Its logging and monitoring enable us to trace and investigate suspicious traffic.

Check Point doesn't warn us when rules are about to expire. It was also inconvenient that we had to change hardware when we upgraded. It would be nice if they made the new version compatible with current hardware or if it only required a minor upgrade.

I would also like it if Check Point cut the number of steps needed to upgrade from R77 to R81. They should also make it possible to convert access control policies from the firewall to the management server and to downgrade from a higher version to a lower one. 

I've been using Check Point NGFW for six years.

The solution has been stable, and Check Point promptly delivers patches and updates.

I rate Check Point support nine out of 10. When we need help, they're always fast and efficient. Check Point's customer service is one of the major reasons we've stuck with this solution.

Positive

We adopted Check Point because of the cost and support.

If you have the right training, you can set up Check Point with minimal supervision.

Before you buy, check which features you need, and if possible, I recommend signing up for at least a three-year license.

We considered several vendors, including Fortinet, Cisco, Huawei, Sophos, and Barracuda.

The primary use case is for safeguarding against various threats. Our organization utilizes NGFW for secure on-premises computing, particularly for users in sectors like government, banks, and government departments who prefer to maintain their private computing environments.

It performs excellently, primarily focusing on on-premises infrastructure. It's a lightweight solution, requiring minimal storage, resources, and memory to operate effectively. This flexibility makes it easy to deploy on on-premises infrastructure.

One area that they should prioritize is enhancing security gateways for protection against cyberattacks. Currently, these gateways are not fully optimized within the NGFW framework. Originally developed for on-premises infrastructure, they lack features tailored for cloud-based systems.

We have been using it for two years now.

It provides good stability.

Scalability isn't necessary when upgrading infrastructure components such as database servers and application servers, as there's no need to scale the NGFW accordingly. However, if the organization has a limited number of endpoints and users, scalability isn't a priority. The need for scalability typically arises when the company offers cloud-based solutions rather than on-premises solutions.

The customer support is exceptional and their team is well-prepared to address user inquiries, having a deep understanding of the typical questions users may ask. I would rate it ten out of ten.

Positive

We have collaborated with various vendors including VMware, Cisco, Fortinet, and Juniper Networks in the past. However, after attending numerous tech conferences and evaluating different solutions, we decided to switch to Check Point. Upon thoroughly examining their offerings, we concluded that Check Point's solutions best suit our needs.

The initial setup was straightforward.

We secured a significantly lower price for the NGFW as we negotiated during its implementation in our organization. The vendor offered a special promotion at the time, providing us with this solution at a highly discounted rate through the marketplace.

For those still reliant on on-premises infrastructure, NGFW is a trustworthy choice, offering robust security features suitable for various third-party checks and requirements. Overall, I would rate it nine out of ten.

We use it as NGWF for the DMZ area on our data center. 

We deployed HA configuration of Check Point Quantum 6200 to protect our user connection to the internet and to protect the server farm in our data center. 

In our first year, we got free access to the full capability of SandBlast, the Check Point solution for sandboxing features. We tested, yet felt the sandbox is not quite needed in our environment and thus changed the subscription for the second year and forward to the standard feature. 

Check Point can also be integrated with third-party solutions like SIEM and so on. 

Check Point has an awesome price-to-benefit ratio, netting you an awesome throughput of IDS/IPS capability compared to Palo Alto, Cisco, and so on. 

The first year also comes with a free SandBlast tier license, so you can test the full capability of Check Point to see if your companies might benefit from it or not. 

We also integrate our Check Point with SIEM Splunk and it integrates flawlessly without a hassle. If you are looking for a one-stop solution for cybersecurity, you should check out Check Point's portfolio!

The features we find valuable for our companies are:

- remote access VPN

- L4 and L7 firewall rules

- unified management platform provided by Smart-1

- management platform can be deployed on-premise or on the cloud

- full threat prevention by SandBlast

- support integration with 3rd party security vendors like Splunk, Qradar, etc

- high throughput for IDS/ IPS and NGFW only

- easy to scale up using Maestro

- built-in email security solution, endpoint protection, sandboxing, alert to administrator

The distributor support capability is quite lacking as the problem/incident is rarely solved on the distributor level and instead escalated to the principal. This makes the troubleshooting process too long and the people involved are too many. 

Socialization of new licensing or new features can be improved also. Principals and distributors need to work together closely to inform their customers so that we can stay updated about the latest trends and or threats/bugs that might happen in our Check Point gear.

We've been using Check Point for around two to three years. We use it primarily as NGFW and as sandboxing for zero-day threats.

Check Point is quite stable with new releases periodically throughout the year.

It is very easy to scale up or scale out and Maestro can improve the scalability a lot.

The response is quick and technical support gives clear answers.

Positive

We used Cisco Firepower and we felt that Check Point is more mature.

The initial setup is straightforward. The firewall and management setup is quite similar to other brands.

We implemented the solution through our in-house engineer.

We have witnessed ROI within four years.

Check Point provides quite reasonable pricing and licensing schemes.

We also evaluated Palo Alto and Fortinet.

Check Point is great for comprehensive security solutions.

We use the solution for the DMZ firewall. It's very common and very easy to make configuration, Having IPsec for tunneling solutions with third-party routers and firewalls with other branch offices is very helpful. 

It offers support for segmentation networks. 

The geolocation feature makes it so that our company can easily allow or block a location of IP and can integrate with our SOC or our log management system. 

URL filtering is very powerful for blocking malicious connections. 

The user interface is very cool and easy to use. It has anti-DDOS protection which is very useful too.

The solution is very helpful. Using Check Point helps our security team with mitigation and prevention with an easy user interface and configuration. 

Anti-malware and URL filtering can mitigation many malicious activity and log for event easy for us to send to our security operation center team, for internet solutions we use load balancing method with a round-robin algorithm which is very very helpful for internal user solution for accessing the internet with redundant availability.

URL filtering and anti-malware protection at=re the most useful as those can mitigate many malicious events and make connections between users and the internet safe. It's faster with the load balancing method and supports a round-robin algorithm. This firewall in our environment has high availability or cluster system which makes our availability higher, especially for business continuation plans. Support for troubleshooting and maintenance cases is great. They are very helpful and fast at solving many problems.

The network automation and security automation could be better. We need integration with more third-party security solutions.

We need two-factor authentication solutions for the virtual private network solution. We need a firewall or NGAV/EDR with lightweight resources that is still powerful for blocking and preventing attacks and malicious activity. 

We need enhancement for our perimeter for our security zone, especially for network access control with portal authentication. 

I've been using the solution for five years.

We did use a different solution. We switched as we need more enhancements. 

We also looked into Fortinet.

Our branch offices and customer sites require Internet access for the on-site staff and remote access capabilities for after-hours and remote support.

The Check Point firewalls allow us to provide site-to-site VPN, client VPN, web/app filtering, and IPS functionalities.

Client VPN is leveraged by site staff due to the majority of our sites requiring 24-hour support and also allows centralized teams to remotely assist with multiple sites globally.

We also use these at locations to provide security when our stand-alone network requires connectivity to the customer's network.

Check Point's solution is both affordable and easy to manage for the small business applications that we utilize them for. Due to the great pricing and support, we can afford to deploy the firewalls in a high-availability solution providing greater uptime and less worry. 

The price point of their equipment also means that we can often purchase a more robust solution compared to some competitors and Check Point's inclusion of more advanced features, such as IPS, by default, is a great selling point.

We greatly appreciate the ease of configuring firewall policy ACL rules and how the seamless integration with VPN users and user groups provides the ability to granularly restrict access. The uncomplicated configuration ensures that mistakes are avoided and rules are easily audited.

Having the ability to set an expiration date for remote access VPN users simplifies the process and increases security by ensuring that stale accounts and not forgotten.

In general, we find that CheckPoint offers a great balance between ease of use and configurability.

The one thing I have been continually asking for is a more robust certification process including self-paced study material similar to Cisco's Security certification track. Not everyone can afford the time and money to attend the official in-person classes offered by Check Point. Even if someone was not interested in fully pursuing a certification, offering certification guides is often a method that IT professionals follow in order to learn about a specific topic and keep for reference.

An area that I sometimes find lacking is the information provided by the system when performing troubleshooting issues such as site-to-site VPN tunnels. The logs provide general information regarding what is happening but often, it leaves you wanting additional details. This also ties back into the lack of training and knowledge required to utilize the more advanced features of the command line.

We have been using Check Point NGFW for more than five years.

We have never had a device or software failure in the more than five years that we have been using Check Point devices. To date, we are extremely happy with the performance.

The few times that we required customer service, they have been extremely helpful and knowledgeable. I would rate them on par with the other top-tier companies.

We previously utilized Cisco firewalls but the cost structure of the hardware, licensing, and support became prohibitive. Check Point offered a more robust solution at an affordable price point.

The initial setup was extremely quick and easy, and the deployment time for a new site is often under a day.  

The price point and licensing was the main factor in moving away from Cisco and migrating all of our sites to Check Point. They offered more features for a lower cost than competitors, and the licensing model was easy to understand.

We evaluated NGFWs from Cisco, Palo Alto, and Fortinet in addition to the Check Point.

My company had the need to replace the existing firewall cluster of our data center, due to the end of support and end of life of the model. The choice of our next firewall depended on the following:

1) Ease of use

2) Ease of deployment

3)Centralized Management

4) Remote Access VPN Support

5) Strong Forums and Community

6) Strong Technical Support in case of any failure

7) Training of administrators via vendor certifications

8) Reporting capabilities for capacity planning

We have many site-to-site VPNs with our partners; they access our platform via site-to-site VPNs, remote access VPNs, and the internet.

With the outstanding capabilities of Check Point, we managed to have stable site-to-site VPNs with all our partners and with every other vendor's devices. The remote access capabilities and features are considered very strong, since the settings are excessive, and focused on each customer's need. 

The IPS engine and all threat prevention features are considered stable. Central management of every firewall spread all over the world is achieved by setting up an SMS server, which makes our lives easier.

SMS server is considered very valuable, as Central management of every firewall spread all over the world is achieved by setting it up.

Remote Access VPN is used by our company for work-from-home purposes of our employees and for partners that need to access our resources.

Reporting of network interface traffic is very valuable since capacity planning for the next quarter or year takes place, and provides us with valid data.

Firewall access rules contain the negative choice.

IPS engine protects our infrastructure from malicious events.

NAT counters, ACL Counters.

Monitoring of the site-to-site VPNs and administration of the site-to-site VPNs (bring tunnel down, bring tunnel up) should be improved, as this will make the troubleshooting process easier, if something goes wrong, in order to understand which side has the issue.

As a company, we have the need to pass traffic from one site to site VPN to another, and this is not achieved directly via ACL policies; we need to create another VS environment in order to achieve it.

SmartEvent Settings and Policy GUI, and the rest of external apps should be improved.

I've used the solution for three years.

The device is being used for perimeter security devices across multiple clients across sites. Check Point has not only improved our organization - it also has given us holistic perimeter and endpoint security protection throughout the enterprise.  

Our sites across the globe have Check Point perimeter protection.

Pros include:

• Internal Network Protection from outside network
• VPN connectivity for secure data transmission across multiple vendors
• File download antivirus security
• URL Filtering
• Application filtering
• Malicious domains blocking

The solution has helped out organization stay safe with its depth application filter, URL filtering, and SSL inspection. It's mitigated a significant amount of risk for corporate users as well as to host services at our terminal that need access from the internet. By far, it's the best security solution one can adopt for their organization. 

It's:

• Reduced attacks on DMZ servers
• Blocked access of malicious destinations hit by internal users
• Complete visibility about what is going and what is coming via internet
• Check Point is the industry’s unified cybersecurity architecture that protects businesses against sophisticated 5th generation cyber-attacks.
• Having multiple checkpoint products under the same roof provides consolidated security.
• Ultimately saving cost by having better centralized solution

The solution has a lot of valuable aspects, including:

• IPS & IDS
• Sandbox (Threat Emulation & Extraction)
• Ease of management
• Reports for analysis
• Better technical support
• Stateful inspection
• Application-aware boxes
• Threat detection capabilities
• Hyperscaling

Data loss prevention, compliance, threat emulation, and other blades overall make this a robustly unified platform for the implementation and management of security controls.

Since it is Layer 7, we are able to get down to the application level and block certain applications from even running.

Since it has an IPS in place, we are able to see possible attacks that have been prevented by the firewall.

The perimeter antivirus can be improved. It's not as good as other leaders.

Additional features that could be good to have/improved include:

• Modular capabilities 
• Integration with VMware and NSX products per client requirement
• 3rd Party support product is very limited 

The solution can integrate with other vendors to form IPsec connectivity with redundancy - which is only possible now between the CP to CP FW only.

The licensing part is a bit tricky. The product can simplify this further for ease of use.

They need to work on log size optimization.

Antivirus signatures should be updated in real-time.

We've used the solution for the last eight years.

The stability is very good.

The scalability is very good.

Technical support has been great.

Positive

We did not use a different solution previously.

The initial setup is straightforward. 

We had a vendor assist us.

We haven't used other products.

We also looked at FortiGate and Palo Alto.

Currently, I'm working as a Lead Security Architect in the healthcare industry. We have two data centers, multiple branch offices, multiple cloud subscriptions, and over 200 employees. Our operation is mission-critical and requires it to be up and running 24/7. We need to protect multiple applications that are developed in-house, sensitive data including PHI, Financial, intellectual property, et cetera.

Check Point NGFW and its security modules have been our security solution for the past six years to protect all of our assets, including our cloud subscriptions.

Check Point Next Generation Firewalls are key components in protecting our assets and information. Their security modules are very easy to use and understand. Also, it's one of the most user-friendly interfaces I’ve had the opportunity to use and I’ve had the chance to work with more than four firewall solutions.

Their reporting and logs modules are amazing. It provides a level of detail and visibility that we haven't had before. It’s useful to understand what is happening on our network and has been very successful in blocking attacks and providing options for executive summaries. 

Being able to manage all the security gateways for our multiple sites in a single management console and share policies has been very beneficial.

The Remote Access VPN has been crucial to us, especially during this pandemic. We had to be on lockdown for a couple of months and being able to deploy a remote workforce with Check Point VPN was a crucial part of our business continuity strategy.

The logs and reporting are very easy to use and manage. Also, the IPS and IDS are critical components to keeping our network secure. They are very easy to configure and there are multiple templates that can be used out of the box that provides maximum protection to our network.

The support offers the best services I have experienced. It's better than any other IT vendor.

Check Point Firewalls haven't failed me during the past six years that I have been using them. 

If I had to mention anything that I would like to see some improvement on, it’s on the internet load balancing options. Internet load balancing provides either active/passive or active/active load balancing, however, I would like to see more options that provide SD-WAN capabilities while also allowing for more than two links. I know this can be performed with other network devices, however, adding the option as part of the NGFW would be awesome.

I have been using Check Point for 6 years now.

I've never had a single issue on any of my security gateways.

I haven't had the opportunity to scale, however, I have seen many demos of maestro architecture, and it looks awesome.

As I mentioned before, Check Point support is one of the best services from any IT vendor I have experienced. They answer very quickly and also provide solutions most of the time within the first call.

I have used multiple solutions in the past. We migrated from Cisco ASA to Check Point six years ago and have never looked back. Our old ASA required additional hardware components for additional security services.

The product is very easy to set up.

The implementation was performed by a vendor team in combination with our in-house security team.

My peace of mind is the ROI.

Check Point is not the cheapest firewall solution, but you get what you pay for. It's super reliable and their service is great.

I had the opportunity to review Palo Alto and Fortinet.

I'd advise other users to give it a try.