reviewer1692972 - PeerSpot reviewer
User at PROWERS COUNTY HOSPITAL DISTRICT
User
Extremely stable with many great features and a helpful web GUI
Pros and Cons
  • "We used Check Point for implementation, and they are top-notch. They know the hardware and software better than anyone."
  • "I have had some issues in the past with the desktop client being slow to come up for logging in, and then slow to respond to screen changes, however, overall, it really hasn't been too bad."

What is our primary use case?

We are a Critical Access hospital with close to 1,000 endpoints and hundreds of users. We currently have multiple ISPs coming into the hospital for internet redundancy. There are multiple buildings on our campus that are connected with copper and fiber. We have had clinics in multiple cities attached to our network at various times. 

We installed the Check Point NGFW in our environment to act as our main firewall and gateway. This allows us to keep several of the vendor devices (lab analyzers and other third-party equipment) segregated on different VLANs so they have no access to our production VLAN. This system is also our VPN concentrator for several site to site VPNs and remote software VPN connections.

How has it helped my organization?

In the past 15+ years that I have run these firewalls, we have been able to make huge strides in increasing our security posture. This has been evidenced by our annual Security Risk Assessments run by a third party. Check Point is always coming out with new features that help make it easer to manage our security posture. We have received multiple comments from other organizations praising us for the speed and accuracy of setting up new site-to-site VPNs with the proper access. This is all possible because of the intuitive Check Point software.

What is most valuable?

There are many great features, however, with our last upgrade, we now have a web GUI that allows us to pull up multiple facets of the firewall environment. This feature has been very handy. There have been times we have a connectivity issue, and both sides are blaming each other. If I'm away from my desk and don't have my laptop, I can quickly bring up the interface on my phone and search through the logs, rule base, and VPN communities to help quickly troubleshoot the problem. I can't say it enough - this has been invaluable.

What needs improvement?

Overall, this is a great system, and I'm struggling to come up with things that I think should be improved. 

I have had some issues in the past with the desktop client being slow to come up for logging in, and then slow to respond to screen changes, however, overall, it really hasn't been too bad. 

For additional features in the next release, I would like to see more change functions available in the new Web GUI version. This is still a new offering from the company, therefore, I can only assume it will get better as customers make suggestions/requests.

Buyer's Guide
Check Point NGFW
December 2022
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
655,711 professionals have used our research since 2012.

For how long have I used the solution?

I've used the solution for over 15 years.

What do I think about the stability of the solution?

This system has been rock solid in our environment. I have even run beta software to try out new features. I trust the company and their top-notch support staff to keep us running smoothly.

What do I think about the scalability of the solution?

This system has been very scalable. Check Point offers multiple security 'blades' that let you start out small, and increase as needed without having to drop a bunch of money on new hardware.

How are customer service and support?

I rarely have critical issues, however, when I do, I can call and get an engineer rather quickly. For most of my issues, I utilize the online support portal and/or knowledge base articles.

How would you rate customer service and support?

Positive

How was the initial setup?

We had engineers online with us to help us get everything setup. They have done this many times, and they were able to give us a lot of information to help prep the environment. This left us with minimal downtime.

What about the implementation team?

We used Check Point for implementation, and they are top-notch. They know the hardware and software better than anyone.

What was our ROI?

That is difficult to calculate. We have had hospitals and clinics drop like flies to ransomware, DDOS attacks, and other issues. The financial impact of something like that would be huge. You can't put a price on safety. 

We are trying to do the best we can in an ever-changing landscape of cyber dangers, and we feel that Check Point has been a great name to hang our safety on. In the 15+ years I've been working with Check Point, I have only changed out the hardware twice. We pay an annual fee to cover licenses and support. In general, this is a great investment.

What's my experience with pricing, setup cost, and licensing?

We purchased this through a VAR, so your mileage may vary when it comes to cost and initial service for setup. 

The licensing can be a bit tricky when you have more than one appliance. That said, they are very open and explain how it all works. They give the ability to set up trials of all the different license 'blades' to let you try before you buy.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Integration engineer at S21sec
User
Top 20
Great technical support, adapts well to any environment, and works well with Linux
Pros and Cons
  • "The technical services always replied in a very fast and effective way."
  • "One thing to improve is the VSX gateway. It is quite complex to work with VSX and they are quite easy to break if you aren't familiar with them."

What is our primary use case?

We use the product to secure our network, using all Check Point has to offer, including multi-domain servers, centralized log servers, gateways on-premise, and VSX. It has improved a lot with the last versions making day-to-day operations very user-friendly. 

I have used almost all the blades Check Point has and it's incredible what a Next-Generation firewall is capable of, including VPN, IPS, monitoring, mobile access, compliance, and more. The reports of the Smart Event console are also very useful. It's good to have a view of what's going on in our network. 

Since Check Point has Linux working on them, it gives us plenty of tools to adapt to any specific need we have.

How has it helped my organization?

In actuality, Firewalls are a must in any organization. Check Point's ability to adapt to any environment is their strength. The interface is very easy to understand, and the Smart Console can be configured to fit almost anything you need to.

When an issue appears, the logs are very easy to read, and that helps to identify the reason for the problem and solves it faster. The issues are not so annoying. 

What is most valuable?

The support Check Point gives is key. As the Firewall vendor, I recommend them. It's always great to work with them. For this reason, I am very satisfied with Check Point. Every doubt I had they were pleased to help with and we ab;e to provide a resolution. The technical services always replied in a very fast and effective way. The live chat is great as well. There is always someone willing to help. This makes working with Check Point a good experience.

Check Point expert mode is basically Linux, so working with that allows us to implement a variety of scripts.

What needs improvement?

In earlier versions, it was a bit hard to do migrations of Multi-Domain Servers/CMAs, nowadays, with +R80.30 it has gotten much easier. I cannot really think of many things to improve. 

One thing that could be useful is to have a website to analyze CP Infos. This way, it would be much faster to debug problems or check configurations. 

Another thing not very annoying but enough to comment on is when preparing a bootable UBS with the ISOMorphic (Check Point's bootable USB tool), it gives the option to attach a Hotfix. However, this usually causes corrupted ISO installations.

One thing to improve is the VSX gateway. It is quite complex to work with VSX and they are quite easy to break if you aren't familiar with them.

For how long have I used the solution?

I've used the solution for three years.

What do I think about the stability of the solution?

With other products, I have used quite a lot of RMAs, usually for not the most important component, however, enough to need an RMA, such as FANs or PSUs.

With Check Point it's quite easy, if it's needed, to replace. You just install the correct version and hotfix and load a backup from the old device. After that, the new device is ready to go.

What do I think about the scalability of the solution?

The scalability of Check Point is great. With the usage of Multi-Domain Servers, you can integrate all the devices into one console. You also always have the chance to expand creating new domains. Also, this distribution helps to have a very structured and organized management. It is always a very good thing when things don't go as expected and you need to solve any problem. Finding where the issue is in your organization is key.

How are customer service and support?

The technical cases are replied to in a very fast and effective way. The live chat means there is always someone willing to help. This makes working with Check Point a good experience.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

The most I have used are Forcepoint, Cisco, F5, FortiGate, and Palo Alto.

How was the initial setup?

The initial setup is very straightforward and very guided. 

What was our ROI?

With the few replacements we need to do, there is very little downtime. It is worth the investment. The great support team behind Check Point is also worth the cost.

What's my experience with pricing, setup cost, and licensing?

Check Point is not the cheapest manufacturer, however, it's worth the price.

Which other solutions did I evaluate?

I have been always on the side of Check Point, however, Palo Alto was another option we considered.

What other advice do I have?

Having the option to use a UNIX-based shell instead of being forced to use GAIA, in this case, is great. It makes Check Point very customizable.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point NGFW
December 2022
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
655,711 professionals have used our research since 2012.
Network Engineer at Pevans EA Ltd
User
Good intrusion prevention and virtualized security with remote access VPNs for partner sites
Pros and Cons
  • "Check Point offers virtualized systems, making it easy to scale."
  • "Currently, upgrades are quite cumbersome."

What is our primary use case?

We've used the solution for perimeter and DMZ security as we host a website that is accessible online.

On the perimeter, we have Check Point acting as the entry point to our web server farm with load balancers. The access policy is configured with the least privilege, only allowing connections that are part of business requirements.

Intrusion prevention is enabled in prevent mode to detect and block well-known vulnerabilities and attacks. The device connects to Check Point's cloud for updates on signatures to new threats. 

We are peering with Partners via Site-to-Site VPNs for Services.

How has it helped my organization?

1. It's offering perimeter security to publicly accessible sites. There's better security at the edge and DMZ with the use of access policies. 

2. The activation of Intrusion Prevention Blades offers better security at the perimeter and between DMZ Zones. IPs also have prebuilt security profiles making deployments of IPS fast and efficient, and exceptions to the rule base are easy.

3. The use of a remote access VPN is used to connect to partner sites.

4. Check Point offers virtualized systems, making it easy to scale. Instead of buying new equipment, we have set up virtual systems for the DC and user networks.

What is most valuable?

1. Intrusion prevention. Preventing and detecting well know vulnerabilities to our publicly accessible systems is easy. Inbuilt predefined security profiles can be deployed out of the box.

2. Virtualized security. Virtualized products are used to provide more scalability and ease of administration to the network.

3. Identity awareness. Granular policies on the firewall are based on identities.

4. Site-to-site VPN. We can make connections with partners securely.

5. Reporting. Prebuilt reports that are already in a well-presented manner could be presented to management.

6. Access Policy and NAT rules base.

What needs improvement?

1. Complexity in upgrades. Currently, upgrades are quite cumbersome. I would prefer the click of a button and process upgrades.

2. Pricing. The pricing is quite high as compared to other industry firewalls (such as Cisco or Fortinet).

3. Documentation. They have to improve on providing more documentation and examples for certain features online. In other sections, it feels shallow and we could use more information and examples.

4. Complexity in system tweaks. There are some knobs that need to be tweaked at the configuration files on the CLI which can be considered complex.

5. Check Point Virtual Security. The features take a bit more time to be released as compared to physical gateways.

For how long have I used the solution?

I've used the solution from 2017 until now.

What do I think about the stability of the solution?

A word of caution, especially on new software: you might hit a couple of bugs. Therefore, the general recommendation is to wait for a few takes before upgrading to a major version.

With older versions it's stable.

What do I think about the scalability of the solution?

The solution offers high-performance devices ranging from small to big data centers.

Virtual Security offers up to 13 connected gateways helping with managed security.

How are customer service and support?

First-line support is hit or miss, and at times getting an engineer to assist on the call can take hours.

Opening tickets on the Check Point platform is ok with the first response depending on the workload of the engineers.

This is one place Check Point needs to improve.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Previously we were using Cisco ASA 5585. However, the performance was not reliable, and scaling would have been an issue.

We opted to go with Check Point, which could handle high performance and scaling was easier. Check Point also offered IPS features which were easier. Check Point also had better reporting and management tools.

How was the initial setup?

The initial setup was a bit complex since we were deploying virtual systems.

The interface configurations, access policy, VPNs, and NAT setup were easy. The complexity was in understanding how Check Point handles virtualized security instead of physical security gateways.

What about the implementation team?

The initial implementation was with the help of a vendor with good knowledge of the product.

What was our ROI?

It's used to protect the organization from security threats and provide connectivity to our applications which is the main platform for business. That's the ROI we've noted.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing for Check Point are high.

Which other solutions did I evaluate?

Due to experience with Check Point, we did not evaluate other options (like Fortigate or Palo Alto).

What other advice do I have?

Generally, Check Point is a good product with a lot of security features that I would recommend to any organization.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
reviewer1531134 - PeerSpot reviewer
Cybersecurity Engineer at Insurance Company
Real User
Top 20
Good support and knowledge base, centrally managed, and flexible
Pros and Cons
  • "The easy and standardized management interface, now with a complete and functional API mechanism, provides the administrator several ways of managing the solution."
  • "Several of the security modules including IPS, URL Filtering, and Anti-Virus, are based on HTTPS inspection, losing relevant security capabilities if you don't implement it in your network."

What is our primary use case?

We were looking for an easy, centrally-managed firewall infrastructure as we were using a standalone solution that was difficult to operate and maintain because it was composed of several different systems.

We needed a solution that had support for virtual systems, and we needed such flexibility without increasing the cost by too much.

On the other hand, comparing within the sector, Check Point NGFW has a good stack of security mechanisms (modules, aka blades in CKP terminology) that are easy to implement and use.

How has it helped my organization?

The virtual systems solution (VSX under Check Point terminology) has provided the company the ability to improve performance and adapt to the network and security needs in a flexible way, as the network has been possible to be redesigned at any time and put an additional firewall where there wasn't before without more hardware. At the same time, the costs of the solution are known and limited, as you pay for a bundle of firewall licenses and your hardware purchased.

The NGFW security solution scales well and easily when needed as long as your hardware (performance) admits it. And having a central management system that allows us to share the same object database and different configurations have allowed us to improve the platform operating time. Due to this, we can implement the security needs of more proyects than we used to.

What is most valuable?

This product, being a Next-Generation Firewall (say, for this example, Unified Threat Management as well) provides up-to-date security options through different modules and scalability to match almost any firewall security needs.

The easy and standardized management interface, now with a complete and functional API mechanism, provides the administrator several ways of managing the solution. At the same time, the interface is common and unified through the different security modules.

They not only have a great support team but the knowledge base is another good point to consider.

What needs improvement?

Several of the security modules including IPS, URL Filtering, and Anti-Virus, are based on HTTPS inspection, losing relevant security capabilities if you don't implement it in your network. 

This means that to being able to take advantage of the full security stack, you're going to have to inspect traffic, break the tunnel, and manage different SSL certificates.

Although this is not a limitation of the product itself but the technology, where other vendors are impacted the same way, it is useful to take this into consideration as you can adjust the capacity of the systems adequately.

For how long have I used the solution?

We have been using Check Point NGFW for about 10 years.

What do I think about the stability of the solution?

The core system is very stable. You can find some bugs in non-core modules.

What do I think about the scalability of the solution?

Although the scalability is easy, you have to consider the costs and your license bundle.

How are customer service and support?

Technical support is one of the more important points to consider when choosing a solution. Their response is fast and accurate, and additionally, you have a complete, updated, and useful knowledge base that you can check if you like.

Which solution did I use previously and why did I switch?

We used a different solution prior to this but we needed to improve our operating and management time for the platform, as well as have the option of using a complete set of security modules.

How was the initial setup?

The initial setup is rather simple. The solution is easy to set up and operate. The difficulty is more dependent on your network and maintenance window slots, as opposed to the firewall itself.

What about the implementation team?

We implemented the solution with the advice received from the vendor and made the change with the help of a third-party reseller that had a good level of expertise in Check Point

What's my experience with pricing, setup cost, and licensing?

Scaling requires the purchase of additional licenses.

Which other solutions did I evaluate?

We evaluated the UTM solutions of the following vendors: Cisco, Palo Alto, and Check Point.

What other advice do I have?

My advice for anybody who is implementing this solution is to take into consideration the throughput, security modules, and storage (logs) needs, so you can choose the appliance that best fits your organization.

Additionaly, using VSX has some limitations in comparison with the physical counterparts, it is highly recommended to check the limitations at the vendor knowlegde base (sk79700) before your purchase and check such features are not critical for your business. For example, SAM rules can't be used currently at virtual systems.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Security Engineer at a tech services company with 10,001+ employees
Real User
Top 10
Easy to use, good encryption options, stable, helpful support
Pros and Cons
  • "One of the benefits that we have realized from using this product is that the user interface makes it easier to operate, compared to using the CLI."
  • "The antivirus feature is a little bit weak and should be improved."

What is our primary use case?

We use this firewall to protect the internal network and to set up the IPSec standard from one location to another.

How has it helped my organization?

One of the benefits that we have realized from using this product is that the user interface makes it easier to operate, compared to using the CLI.  In Check Point 5.0, we bought the option, giving us the ability to use the GUI as well as the CLI. A person who is comfortable with the UI can work with it according to different scenarios.

What is most valuable?

The most valuable feature is the set of encryption options that are available.

Viewing the logs in the interface is easy to do, which is one of the things that I like.

This is a UI-based firewall that is easy to use.

What needs improvement?

The antivirus feature is a little bit weak and should be improved. The updates are not as regular when compared to other firewalls, such as Palo Alto.

The training materials and certification process should be improved. For example, the certificates are more expensive and there's no good training available on the internet right now.

For how long have I used the solution?

I have been using Check Point NGFW for approximately seven years, since 2014.

What do I think about the stability of the solution?

The stability of this firewall is good and we haven't had any problems. It is a well-known, quality brand.

What do I think about the scalability of the solution?

There are no issues with extendability or scalability. Over the course of a year, we added another firewall, bringing us from one to two deployments, and the process was not tough. We were easily able to manage it.

We have approximately 12 people who work with this firewall during different shifts.

How are customer service and technical support?

I have been in contact with technical support many times, and they are good. Most of the time, they solve the problem as soon as possible, and they give a perfect solution.

Which solution did I use previously and why did I switch?

Currently, we are using firewalls from different vendors, including Palo Alto and Cisco. Our Cisco ASA solution is completely CLI-based and Palo Alto is like Check Point with an interface that is a mix of UI and CLI-based.

Both Palo Alto and Cisco ASA have very good tutorials available on the internet, including videos on YouTube and courses on Udemy.

On the other hand, Cisco ASA is more difficult to use because there is no UI and for a person who does not have any knowledge of the networking commands, they have to learn them.

How was the initial setup?

The first phase of the implementation is to plan the firewall deployment. After that, we do the configuration and validate it. In the case of a Check Point firewall, this process will take between two and three months to complete.

The complexity of the process depends on the features that you want to add. In general, it is straightforward and not too complex.

What about the implementation team?

I was not present when the first firewall was set up, although I was presented for the deployment of new ones. Whenever there is a new firewall deployment, I am involved. We have between four and five network engineers who take care of this part.

There is no maintenance required from our side. When we have a hardware issue then we contact technical support to get it sorted out.

What was our ROI?

We have seen ROI; for the purpose that we have deployed this firewall, we are getting returns. Based on this, we are buying more Check Point firewalls.

What's my experience with pricing, setup cost, and licensing?

The price of Check Point is lower than Palo Alto but higher than Cisco ASA. For us, the price for licensing is fine, we have no issue with it, and feel that the cost is justified.

There are no costs in addition to the standard licensing fees.

What other advice do I have?

My advice for anybody who is implementing Check Point NGFW is that if they get stuck, then visit the technical support section of the website and read the articles that are available. I have learned many things from the tech articles, and it's a good website if you want to learn about it in-depth.

One of the things that I learned is that Check Point firewalls also use Linux commands. After working with Check Point, I improved my Linux skills, which is a good thing for me.

I would rate this solution a nine out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Adriamcam - PeerSpot reviewer
Consultant at ITQS
Reseller
Top 5Leaderboard
Helps prevent attacks, good central management, and improves visibility
Pros and Cons
  • "One of the valuable characteristics of Check Point NGFW is that it presents very centralized management."
  • "Support cases have been generated several times, and it takes time for the case to be resolved."

What is our primary use case?

We brought all of our cloud platforms to Microsoft Azure. We needed a tool that would give us the security of regulating access control so that we could monitor our environment in case something was penetrating our internal network.

This was the primary movement for which the Check Point NGFW tool was acquired since we needed our collaborators to have secure access to the company's resources and applications since this tool provides us with the alerts and corrections that must be made when finding a security breach in our environment.

Check Point NGFW also provides a great capacity of features that help us apply them to the organization. It has web filtering limited to third parties, SSL encryption, and the application's administration is very simple and centralized since it helps us a lot in reporting and generating alerts.

How has it helped my organization?

The organization needed a tool that would provide various security functionalities in the organization, and so far, Check Point NGFW has helped us a lot. It has helped us by applying access control policies and limiting access to third parties and only those who must enter the organization to use resources and applications.

The application behaved very well with the Azure resources in the cloud; it helped us to prevent several security holes found with web filtering and internal DDoS attack.

Check Point NGFW can quickly identify where the attacks are coming from, provides detailed and complete information on the attacks, and provides zero-day attacks in real-time.

What is most valuable?

One of the valuable characteristics of Check Point NGFW is that it presents very centralized management. Due to this, it's improved our security throughout the organization and outside of it. Many collaborators work from their homes or different places and help us filter, limit of access to packet inspection with flexibility and speed that was not previously possible.

Other characteristics are the records that it shows us and generates depending on its configuration and they are very visible to be able to attack and correct in time, or when superiors ask us for administrative information in that part it provides great value.

What needs improvement?

As such, the tool provides what is expected in its security functionality. However, some points must be improved, such as the latency in the GUI entry. It takes a while to register and allow access to the administrative panel.

Another point where customer service should be improved, both in the administrative and technical fields. Support cases have been generated several times, and it takes time for the case to be resolved. In addition to that, the solutions need to attend to us. It takes a long time to coordinate a call since they do not handle a comprehensive schedule.

For how long have I used the solution?

This solution has been used for approximately one year in the company.

What do I think about the stability of the solution?

The stability of the tool is good. We have not presented any problem even when an update is made.

What do I think about the scalability of the solution?

The scalability presented by the tool is very good and flexible.

How are customer service and support?

The experience has not been very good. That is one of the points that must be improved.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

There was no type of tool that would supply these qualities.

How was the initial setup?

The configuration of the tool is very simple and quick to install.

What about the implementation team?

The installation was done jointly with an engineer provided by the supplier, and his capacity was good.

What was our ROI?

The prices are competitive. However, it is worth making an investment since, in the future, the profit will be seen against any environmental attack.

What's my experience with pricing, setup cost, and licensing?

Check Point manages a good cost in its products and it is worth making the investment since this can prevent a collapse in the organization.

Which other solutions did I evaluate?

Check Point was always our first option. With this type of solution, many security teams are from Check Point.

What other advice do I have?

The tool behaves well. The only improvement that I have seen that is necessary is to improve the latency when entering the application and they must improve the support.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Senior Linux Administrator at Cartrack
User
Simple to scale with a nice management interface and good technical support
Pros and Cons
  • "Many problems have been solved with these firewalls and we've largely been very satisfied."
  • "The predefined reports are few and it would be nice to increase them since the logs are excellent."

What is our primary use case?

Check Point's Next Generation Firewall has definitely improved our organization as we previously used a Linux firewall and we have had to manually configure internet control measures. When it comes to configuring firewall policies it was time-consuming. This has been taken care of by Check Point's Next Generation firewall. Even the integration to the Active Directory has been made to be seamless and requires a minimum effort from our security and network administrators. The technologies that are in place are amazing. For example, the Threat Extraction and Threat Emulation technologies. The Sandbox technology, or Threat Cloud, is world-class.

How has it helped my organization?

The remote access blade functionality is really valuable as we now need to just install the client on the user's machines and the client can be preconfigured with the site details. This makes our lives very simple. The logging of the firewall is also phenomenal as it is very granular and very easy to filter. 

The Application control blade is another valuable feature as we now only need to create a rule to be applied and to specify the applicable application which is categorized. The ability to configure dynamic objects, for example, Microsoft Office 365, is also a valuable feature.

The reports are very detailed and the variety is amazing. It caters to everything and is even more that what we had bargained for. They are also customizable, which makes them extremely valuable to us. 

Another great feature is the ability to publish corporate applications in a secure web environment.

What is most valuable?

Many problems have been solved with these firewalls and we've largely been very satisfied. Thanks to this infrastructure that we have managed, in this pandemic time, to quickly and effectively offer the potential to remotely work for everyone has been good. 

Also important is the separate management interface that has made it possible to carry out even the most operations while comfortably seated at the desk. It provides multiple profiles that you can apply depending on the scenario that presents itself.

What needs improvement?

It takes a while to install the rules so that if you make a mistake you can only fix it after a few minutes. There's no problem with traffic processing. 

Sometimes you are forced to interact on several levels: on the one hand, you put in the rules, and on the other, you put in the route. The predefined reports are few and it would be nice to increase them since the logs are excellent.

In my work experience, I have been able to use multiple firewall platforms. There are only two valid ones for me and one of them is definitely Check Point. The others charge less but there is a reason for that. It is a good idea to think carefully before rather than after you suffer from a serious attack.

For how long have I used the solution?

We have been using the solution for three years now.

What do I think about the stability of the solution?

For me, the solution has been stable. Perhaps running it on a small scale helps.

What do I think about the scalability of the solution?

I like the fact that it's so simple to scale.

How are customer service and technical support?

I find the support to be very prompt. They go the extra mile to assist and are thorough in their troubleshooting.

Which solution did I use previously and why did I switch?

I did not use a different solution, however, I came to know about this product while I was working for a company called Syrex.

How was the initial setup?

It was set up for us by a company I used to work for.

What about the implementation team?

It was through a vendor, and they were very good and did it on time as they promised.

What was our ROI?

A stable and fully functioning solution has enabled us to focus on other aspects of growing the business.

Which other solutions did I evaluate?

I looked at Fortigate, and it was not as clearly defined, and easy to follow as Check Point is.

What other advice do I have?

Check Point does cost a lot, but for me, it's worth the money I paid.

Some of the products are easier to deploy. For example, the Harmony products are simpler as they have a per user/per device pricing model.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Infrastructure Technical Lead at a financial services firm with 10,001+ employees
User
Great management console and operations support but they need to focus on its overall robustness
Pros and Cons
  • "The ability to split single hardware into multiple virtuals along with support for dynamic routing using BGP is very useful for our environment."
  • "I would like less CPU-intensive features to be introduced to replace the existing heavy-duty processes."

What is our primary use case?

We primarily use the solution for perimeter security - including DMZ and as an internet firewall. We use Check Point Firewalls as the first line of defense from the internet and they are also used to segregate the internet, DMZ, and internal networks. Check Point VSX technology is used to split the hardware into multiple virtual firewalls to cater to different environments so they are well segregated. We have BGP running on the firewalls, such as all of our network devices in our environment, to learn and advertise routes. Check Point does a decent job with BGP and does an excellent job as a perimeter firewall.

How has it helped my organization?

Check Point was brought into our environment as a perimeter security device to replace the Juniper NetScreen which was originally used as the perimeter firewall. When Juniper announced the end of life of NetScreen devices, we decided to go with Check Point mainly because of the ease of management and also because Check Point was an Industry leader and Juniper was still in the initial stages of building their own firewalls using JunOS. With the introduction of Check Point with the VSX features, we could use BGP instead of the tedious static routes that we had in place with the old NetScreen.

What is most valuable?

The VSX has been great. The ability to split single hardware into multiple virtuals along with support for dynamic routing using BGP is very useful for our environment.

We like the management console. The Check Point smart dashboard has made things easier for administration and we've been able to manage all the Check Point devices from one place which is very useful.

The operations support is great. There is a smart log system that is very good for troubleshooting and reporting. We also use the CLI for troubleshooting purposes (for the likes of FWMonitor and tcpdump) while the FW rules are managed via the smart console which does wonders for operations support.

What needs improvement?

It is common for any network device to compromise on stability when more and more features are packed into it. It may work for small organizations when they want a single device to do everything for security. However, it is a big issue for us as a large financial institution when even a small outage costs dearly. Check Point, being our perimeter firewall, has failed quite a few times mainly when handling BGP. I would like less CPU-intensive features to be introduced to replace the existing heavy-duty processes. They may already have a lot of features, so the enhancement of existing features could focus on robustness rather than introducing new features.

For how long have I used the solution?

I've been using the solution for three years.

What do I think about the stability of the solution?

With the upgrade to R80, the solution has become more stable. We have had outages because of the gateways failure while running BGP with older versions. After the upgrade, we havent had such outages.

What do I think about the scalability of the solution?

With the latest upgrades of R80, Check Point has bettered its performance, and hence, scalability has improved a lot. Also, there are multiple NG features that can be utilized that makes it more suitable for multiple solutions.

How are customer service and technical support?

They offer very good customer support; they're always available and capable.

Which solution did I use previously and why did I switch?

We previously used NetScreen and they were at their end of life.

How was the initial setup?

Check Point has its own design that is a little complex compared to other products. This has a 3-tier architecture and we need management servers and gateways separate. I would still say its not much of a hassle building it.

What about the implementation team?

We handled everything through Check Point PS. They were very good.

What was our ROI?

I can't really comment, as I do not have much idea about this space.

What's my experience with pricing, setup cost, and licensing?

The solution is priced well in the market in order to compete with the other products.

Which other solutions did I evaluate?

I wasn't in the organization when the evaluation happened. However, I know Juniper SRX was one of the solutions looked at as we are using them for our internal firewalls.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2022
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.