We changed our name from IT Central Station: Here's why
Oswaldo Gimeno
Network Engineer at Getronics
Real User
Top 5
Very intuitive solution that is easy to configure, deploy, and maintain
Pros and Cons
  • "It provides a central station where it is very easy to deploy our firewall policy in one click to many firewalls. This is one of the leading perks. It saves time by having one central station because I can deploy the same kind of policy to many firewalls at once."
  • "The virtual environment is not stable at all. We have some customers who are using the virtual environment feature, and sometimes it crashes. We have many tickets open and the response is not as good as expected. We have to wait months for a resolution."

What is our primary use case?

The primary use of the firewall is to allow or block some traffic. Mainly, it is the perimeter firewall for the Internet. It filters the traffic from external to internal, e.g., to secure the traffic. 

Some of our customers have been demanding Check Point as their firewall product.

I do the installation, support, firewalls, etc.

How has it helped my organization?

It provides a central station where it is very easy to deploy our firewall policy in one click to many firewalls. This is one of the leading perks. It saves time by having one central station because I can deploy the same kind of policy to many firewalls at once. 

With the latest release, it's easy to configure firewall rules with the scripting. This is one of the features that we have been demanding for some time so we can script some actions for automation.

What is most valuable?

The best part is that it is very intuitive. It is easy to configure, deploy, and maintain. If it works, it works.

The troubleshooting: When you find something that is not working, it is very easy to check in the logs what is failing and fix it in a short time.

The login tool is really nice.

What needs improvement?

We can virtualize the physical firewall in a virtual environment. However, the virtual environment is not stable at all. We have some customers who are using the virtual environment feature, and sometimes it crashes. We have many tickets open and the response is not as good as expected. We have to wait months for a resolution.

If you use all the features available on the firewall, it's not working. If you keep it simple, then it works. When you try to do cool things, you start to have some problems because that kind of integration is not fully developed.

For how long have I used the solution?

I have worked with Check Point since 2007.

What do I think about the stability of the solution?

When it is failing, it is a nightmare. The stability has room for improvement. Sometimes, it is not working at all.

What do I think about the scalability of the solution?

The scalability is good. I haven't had any scalability issues. If the firewall gets stressed, we buy a new firewall.

There are many options, such as, virtualization. They have also release a new product, Quantum, that makes it possible to scale up and have more firewalls. 

As an integrator, we have very big companies (like banks) to small companies, who have only 200 users or less. 

How are customer service and technical support?

I would rate the technical support as a six out of 10. I have customers with no tickets open with Check Point and other customers who have many tickets open.

Solving some issues with them is a nightmare. They don't reply in time. They always ask the same questions. I expect better feedback from them, but that usually never happens.

Which solution did I use previously and why did I switch?

Before Check Point, I used Cisco and Fortinet FortiGate.

The big differences is really the full integration firewall, e.g., Cisco doesn't provide this. Also, the Check Point central console is so much better because it provides that one central station, which is a plus.

The con for Check Point is the stability. The hardware for Check Point fails more often than other vendors. Usually, other firewalls are more stable than Check Point so I don't have to open as many cases with other vendors, like I do with Check Point.

How was the initial setup?

There are two parts:

  1. In the physical, you deploy with a wizard, which makes it very easy. It is a standard wizard where you click "Next, Next," then you see the GUI and everything is done there.
  2. It is possible to do it in automatic way with the scripting. In the cases that you have some experience on it, it's very easy to deploy some scripts and the firewalls. For example, in the cloud, I created my own firewall with the same setup every day using the auto-integration since it's possible to integrate Azure with Check Point, which is very easy. One of the best features of the Check Point is its integration with the cloud, because not all vendors have that kind of integration.

The deployment time depends. If I do any scripting, it takes 30 minutes. If I do it manually, the deployment takes two hours. It also depends on the size and scope of the deploy, e.g., if I create a basic firewall rule or do a full automatic migration. However, It does take less time than other firewalls.

The implementation strategy depends on the customer.

What was our ROI?

I can deploy one firewall in an easy way. I can do it quickly by equiping firewall rules in text mode or in the API. However, when I have a problem, it's totally the opposite. I lose a lot of time.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing are the worst part of Check Point. I usually don't know what I really am buying. When I have to do an inventory of the license, I don't know what it is being used for. Sometimes I feel I am being cheated, and the others times, I feel it is a bargain. Nobody knows! Even the Check Point representatives, they aren't clear on somethings, such as, what is the right license for what I need.

There is a possibility to have diamond support. You can have a technical engineer who is there just for you. When you have that type of feature, it's more expensive.

Which other solutions did I evaluate?

Cisco NGFWv

What other advice do I have?

  • Check the price first. 
  • For migrations between different vendors, it's a nightmare. You need to do some tasks manually, otherwise it doesn't work when you migrate it. 
  • Check the performance if it is working as expected. 
  • Try to keep it simple.

It is a good product. I would rate the solution as an eight out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partners.
Sr. Network Engineer at a tech services company with 1,001-5,000 employees
Real User
Top 10
Easy to control from the central management system, providing us time savings
Pros and Cons
  • "It is easy to control from the central management system. For example, if we have 10 firewalls, and we want to push that same configuration among them, we can use this solution's central management system to do that simultaneously. So, there is time saving in that way. The time savings does depend on the situation. For example, if I am running half an hour of work on each firewall, that will take around 300 minutes. However, if I do this work from the central management system, then it will only take 30 minutes to push the same configuration to those same 10 devices."
  • "While the logs are very good and easy to understand, when you want to download these customized logs, they don't have as many features compared to competitive firewalls."

What is our primary use case?

I work as an internal network team member. We protect the company environment from outside threats, outside viruses, and ransomware attacks. It is kind of an IT administrator job.

They are protecting internal security as well as giving us security from the outside world or public environment. 

How has it helped my organization?

It protects the environment. It gives advanced features to our company, like Antivirus, more granular security policies, and more control over the traffic, e.g., what we want to allow or deny to our environment. 

What is most valuable?

What I like about this firewall is it has a central management system. We can configure or monitor a number of firewalls at a time from the central management system. 

They have a logging system where we can have our logs visible. The logs are easy to view and understand. 

What needs improvement?

While the logs are very good and easy to understand, when you want to download these customized logs, they don't have as many features compared to competitive firewalls. 

Check Point has a very good Antivirus feature. However, compared to the competition in the market, it is lacking somewhere. In my last organization, I worked with Palo Alto Networks as well. I found that while they both have an antivirus feature, the Palo Alto antivirus feature is much better. Check Point should improve this feature. It is a good feature, but compared to Palo Alto, it lacks.

For how long have I used the solution?

I have been using it for the last three years, since 2017.

What do I think about the stability of the solution?

Check Point is already a very big name in the market. Our software updates, even the Antivirus updates, are very stable in the market. There are no problems with its stability.

Performing maintenance for a solution takes around 12 people. Maintenance is something that our team is capable of. Internally, we have had many training sessions on Check Point Firewall. Our seniors have managed that for us so we are capable of doing it. Most of our BAU is done by us.

What do I think about the scalability of the solution?

Scalability is very easy. I haven't found anything that is the issue with the scalability of this firewall. If you have complete knowledge of it, the scalability is not tough.

How are customer service and technical support?

I used their assistance many times. The experience with them is sometimes very good. They give the best solution in a short amount of time. Two out of 10 times, I feel that they are only looking to close their tickets. They are keen to do that. My personal experience with the support is an eight out of 10.

Which solution did I use previously and why did I switch?

We currently use Check Point and Cisco ASA. The purpose for the company is to increase the security. They were only using Cisco ASA Firewall, which is kind of a degrading firewall right now because it lacks many features, which are advanced in Check Point Firewall. With Cisco ASA, we need to purchase additional IPS hardware. But, for Check Point, we do not require that. Also, if we want the same configuration for multiple firewalls at a time, then Cisco ASA does not support that. We have to create the same policy in each firewall.

How was the initial setup?

We have our own on-premises firewalls, not cloud-based. The production time took around nine to 12 months' time. The setup was completed during this time.

We follow the three-tier architecture for this firewall, which is also recommended by Check Point. We have the central management device as well as the web console and firewall.

What about the implementation team?

For the deployment process, there were only four senior network engineers involved from our company.

What was our ROI?

It is easy to control from the central management system. For example, if we have 10 firewalls, and we want to push that same configuration among them, we can use this solution's central management system to do that simultaneously. So, there is time saving in that way. The time savings does depend on the situation. For example, if I am running half an hour of work on each firewall, that will take around 300 minutes. However, if I do this work from the central management system, then it will only take 30 minutes to push the same configuration to those same 10 devices.

What's my experience with pricing, setup cost, and licensing?

They sell it in one box. In that one box, they sell Antivirus and Threat Prevention. They have everything, so we are not required to purchase additional IPS hardware for it.

The cost of the pricing and licensing are okay. They are giving me a good product as far as I know. It is more expensive than Cisco, but cheaper than Palo Alto, which is fine. It has many good features, so it deserves a good price as well.

Which other solutions did I evaluate?

I have experience with Palo Alto Networks Firewalls and Cisco ASA Firewall. Compared to these solutions, Check Point has a very good, understandable log viewer. It is easy to view and understand the logs, which helps a lot while doing troubleshooting or making new security policies for the organization. Also, it is very easy to create new security policy rules.

The Check Point Antivirus feature lacks in comparison to Palo Alto Networks. Also, compared to other competitive solutions, the training for Check Point available right now is very expensive as well as the certification is little expensive.

What other advice do I have?

Get properly trained. When I entered this organization, I struggled with this firewall. There are very few good quality training programs available in the market. Or, if it is available, then it is very expensive. So, I advise new people to get properly trained because it has many feature sets, and if they do not use them with the proper knowledge, then it could worsen their situation.

I am happy with the organization's progress, as they work hard on their product. It is a good lesson from a personal level: We should work hard and improve ourselves. 

I would rate this solution as a nine out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,599 professionals have used our research since 2012.
Senior Network Engineer at a tech services company with 1,001-5,000 employees
Real User
Top 10
The central management system allows us to manage multiple firewalls simultaneously
Pros and Cons
  • "The Threat Management feature makes it very easy to detect the vulnerabilities and other factors. We can make new policy according to it. Policy creation is very simple in Check Point. Because the logs are very good in Check Point Firewall, this reduces our work with the reports that we are getting from the Threat Management. It is very convenient for us to use the reports to make new policies for security and other things."
  • "The training for Check Point Firewall should increase, including the number of Training Centers. For most new people in our organization, we have to provide them training from our end, as they are not trained in Check Point Firewalls. So, we have to do the training, from our point of view, to make our engineers able to use Check Point Firewalls. However, with other firewalls, they are already trained, so we are not require to provide them training. This could be improved by the Check Point Community."

What is our primary use case?

We use the solution to protect our organization and workers from the outside Internet or any untrusted network.

We have the three-tier architecture of Check Point. We use its consoles, central management system, and firewall device for managing it. This three-tier architecture is recommended by the Check Point Community.

How has it helped my organization?

We protect our internal customers using Check Point Firewalls by providing them security as well as detecting vulnerabilities. 

What is most valuable?

The most valuable feature would be the central management system of Check Point because we can manage multiple firewalls through it at the same time. It doesn't matter the location.

I also like the advanced Antivirus feature of Check Point.

The Threat Management feature makes it very easy to detect the vulnerabilities and other factors. We can make new policy according to it. Policy creation is very simple in Check Point. Because the logs are very good in Check Point Firewall, this reduces our work with the reports that we are getting from the Threat Management. It is very convenient for us to use the reports to make new policies for security and other things.

It is very user-friendly.

What needs improvement?

The training for Check Point Firewall should increase, including the number of Training Centers. For most new people in our organization, we have to provide them training from our end, as they are not trained in Check Point Firewalls. So, we have to do the training, from our point of view, to make our engineers able to use Check Point Firewalls. However, with other firewalls, they are already trained, so we are not require to provide them training. This could be improved by the Check Point Community.

For how long have I used the solution?

I have been using it for the past six years.

What do I think about the stability of the solution?

The Check Point Firewall is stable. 

The updates that we get are also very stable. We haven't found any stability issues in the updates at all. Features, like the Antivirus, are updated with almost every release and done on a frequent basis.

What do I think about the scalability of the solution?

The scalability is very good for Check Point Firewall. It is very easy to increase. For example, during the COVID-19 period, we increased our deployment on an emergency basis, and it was very easy.

My organization has around 4,000 people. 

For Check Point, we have a team of around eight people who manage it. We are basically a team of senior network engineers.

How are customer service and technical support?

The tech support is very good for Check Point. We get straightforward solutions for it every time, and they do not take a lot of time since we have to resolve the cases quickly in a live environment. So, they are very helpful and capable.

Which solution did I use previously and why did I switch?

We are also using Cisco ASA, and we have been thinking that we need to go with Cisco or Check Point. At last, we have decided to go with Check Point because of its advanced features.

How was the initial setup?

The initial setup was very straightforward. We didn't have many problems.

The deployment part took around nine to 10 months. We completely planned the deployment before doing it. Since we already installed Check Point Firewall in multiple branches earlier, we used those same plans to configure it.

What about the implementation team?

We didn't require any external help for the deployment. Our R&D and tech were capable of doing it. Our deployment team consisted of six to eight people, working in different shifts, to configure it.

What was our ROI?

Overall, it is a good cost saving product. We do not have to purchase additional hardware for it, which is a good. This saves us 10 percent in costs compared to Cisco.

The solution saves us about 20 percent in our time, which is substantial.

What's my experience with pricing, setup cost, and licensing?

The price could be decreased, because the competitors of Check Point Firewall are giving lower prices in comparison.

The licensing part is something that is very easy to do in Check Point Firewall. We just need to purchase the license, then we have to write the keys in while installing it. The good thing is that it is an easy process to update the license.

Which other solutions did I evaluate?

We are also using Cisco ASA and FTD. The problem with Cisco ASA is the GUI is missing, while the GUI is good for Check Point Firewall. Apart from that, in Check Point, there are advanced features, like Antivirus and Threat Management, for which we do not require other hardware, where it is required for Cisco ASA Firewall. So, Check Point provides us a cost savings in that way.

The central management system of Check Point is missing in Cisco ASA. This is a good feature because it saves time. We can use it to manage multiple firewalls through one central management device. It is also easy to use.

We are slowly eliminating Cisco ASA and using more Check Point Firewalls, bringing more Check Point Firewalls into our environment.

I have also used Palo Alto, but the organization is using Check Point because they have more confidence in things like Check Point's stability factor. However, more people are trained to use Palo Alto.

What other advice do I have?

Get good training on Check Point, which is very rare to obtain at this point of time. Before implementing or deploy the product, you should be trained properly so you know all the features. It has heavy features in terms of quantity. You should know about each feature before using or deploying it.

I would rate the solution as an eight out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
IT System Operations Manager at Hamamatsu Photonics KK
User
Top 20
Has a well-designed dashboard with great threat analysis reporting and good scalability
Pros and Cons
  • "Policy configuration has been consistent over the years, so there is not much of a learning curve as upgrades are released."
  • "The software licensing model is too complicated with all the various tiers of SKUs (i.e. per software blade). They need to simplify this for easier purchasing and renewing."

What is our primary use case?

Check Point is currently our perimeter firewall at various locations. We use their failover clustering with high availability option, which performs flawlessly. Upgrades are easy to perform and have always worked reliably for us. Technical support is always available to assist with these operations, which makes the process less stressful to the admins. 

We are also using their ISP Redundancy feature, which works as advertised - perfectly! It's easy to implement, especially with the awesome documentation from our engineer. We also use their Remote Access VPN offering and have really seen its value this past year, due to COVID-19. The VPN has been 100% rock solid, especially during the most critical times in our history.

How has it helped my organization?

As mentioned in the primary use case question, ISP Redundancy and VPN are the two primary use cases. When the pandemic hit, a sudden shift to a remote workforce was a major requirement for us, and we needed a reliable and stable firewall. Implementing ISP Redundancy helped ensure that, as well as having a tried and tested VPN solution. Upgrades have occurred during this time and manually planned failovers as well; every upgrade and test went smoothly and without issue. The last thing we could afford is an outage.

What is most valuable?

They offer very scalable solutions to extend compute resources if needed so initial sizing isn't too much of an issue as you can easily add more resources if needed. Reliability is a major factor in any hardware or software solution, and Check Point uses leading-edge hardware, and their software upgrade process is flexible for various deployment requirements. 

Policy configuration has been consistent over the years, so there is not much of a learning curve as upgrades are released. 

Their threat analysis reporting from their management console is very comprehensive and easy to use. Their web-based dashboard is well designed and offers many out-of-the-box reporting, and provides admins extensive customizations.

What needs improvement?

The pricing is on the high end, specifically with the software licensing, although they are flexible on some levels, and offer hardware buyback options when upgrading. 

The software licensing model is too complicated with all the various tiers of SKUs (i.e. per software blade). They need to simplify this for easier purchasing and renewing. 

Customer support is not always as responsive with solutions as you might need. They do provide on-the-spot assistance when upgrading, which is great. However, there are times when an issue is reported and it may take a week or two before a solution is provided.

For how long have I used the solution?

We have been using Check Point firewalls for 20+ years. We originally used the Nokia hardware platform, which was not technically NGFW at the time, however, the OS and its configuration have maintained some similarities over the years. It keeps getting better every release.

What do I think about the stability of the solution?

Lately, stability is 100% reliable. Earlier generation firewalls were a bit unreliable, however, as Check Point acquired third-party hardware. For example, their Nokia acquired security appliances had a firmware that worked, until they started to modify the firmware (IPSO 6.0 was solid, but problems started with our upgrade to R75), then it became less stable; frequent crashes, settings not saving, high availability issues, frequent reboots required.  Eventually, we upgraded to their NGFW offerings.  Their newer hardware, and firmware R77.x was released, and we have been stable ever since.  Upgrades to R80.x have been flawless, HA works as expected, and we have had zero performance issues.

What do I think about the scalability of the solution?

They are very scalable. If you need more computing resources, adding more hardware is easily done.

How are customer service and support?

Customer support is not always as responsive to finding solutions as you might need. They do provide on-the-spot assistance when upgrading, which is great. However, there are times when an issue is reported and it may take a week or two before a solution is provided.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have always used Check Point.

How was the initial setup?

Setup was very straightforward and easy. We did have the assistance of our Check Point engineer, which is just awesome.

What about the implementation team?

We implemented through Check Point directly.

What was our ROI?

I do not measure ROI financially, although personally speaking, we have definitely gotten back every dollar we've spent by having reliable and secure infrastructure.

What's my experience with pricing, setup cost, and licensing?

The setup cost is not a challenge at all. Check Point engineers work directly with you throughout the whole process. The pricing is high, for the hardware and software, although discounts are negotiable. The software blade licensing is broken down into many flavors, depending on your needs. It is very a la carte and provides various product offerings, including endpoint management, VPN, disk encryption, etc.

Which other solutions did I evaluate?

We did review a few competitors during a possible migration plan. The proof of concept did not yield better results, so we stayed with Check Point. We reviewed Cisco, Palo Alto, and SonicWall.

What other advice do I have?

If you don't need/use their a la carte software blades (FDE, Ransomware, etc.) you can always add on later. They are very accommodating with trial licensing to test in a proof of concept way. If you already have other third-party products that perform those functions, you can bundle Check Point's and save a bit of money consolidating them.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Sunil Redekar
Security Engineer at Hitachi Systems
Real User
Top 5
Using the IPS, we can easily identify if there is any malicious activity
Pros and Cons
  • "In R80.10 and above, you can view logs in SmartConsole. You don't have to open another smart tracker to view logs. That is the improvement Check Point has done which makes it better because it is much easier to find logs. This saves time, approximately 40 to 50 a day in one shift."
  • "For R80.10 and above, if you want to install a hotfix, then you can't install it through the GUI. I don't know why. In the earlier days, I was able to do the installation of hotfixes through the GUI. Now, Check Point said that you have to install hotfixes through the CLI. If that issue could be resolved, then it would be great because the GUI is more handy than the CLI."

What is our primary use case?

We are mainly using it for policy installation and access purposes. We have a bank project where we are using mobile access, Antivirus, and IPS. These are all are configured on the Check Point Firewall, where we are using it on a daily basis. 

I have worked on the following firewall series and models:

  • 15000
  • 23900
  • 41000 
  • 44000. 

I have worked on the following versions:

  • R77.30
  • R80.10
  • R80.20. 

I am currently working on the R80.20 version and the hardware version is from the 23000 series.

How has it helped my organization?

We installed this firewall in our organization one year ago, and it is completely fine. There are other deployment also going on for other customers. Most of those deployments are handled by our project teams. 

What is most valuable?

What I like most about Check Point Firewall is that it is easy to use. 

The most valuable feature is the IPS. For our bank project, we are using it as an external firewall. All the traffic is going through the Check Point Firewall. Then, using the IPS, we can easily identify if there is any malicious activity or anything else. We also have to update signatures on a regular basis.

What needs improvement?

We are facing some problems with the management on our Check Point Management Server. There are some issues with R80.20, so Check Point suggested to upgrade. However, we are in lockdown, so we will upgrade after the lockdown. We are coordinating this issue with the Check Point guys. After upgrading, I think these issues will get resolved.

For R80.10 and above, if you want to install a hotfix, then you can't install it through the GUI. I don't know why. In the earlier days, I was able to do the installation of hotfixes through the GUI. Now, Check Point said that you have to install hotfixes through the CLI. If that issue could be resolved, then it would be great because the GUI is more handy than the CLI.

For how long have I used the solution?

Two and a half years.

What do I think about the stability of the solution?

They are completely stable. I haven't faced any issue with stability. 

What do I think about the scalability of the solution?

There are no issues with scalability.

In Hitachi Systems in Mumbai, there are around 10 to 12 clients who are using Check Point Firewall. There are around 40 network security engineers who support Check Point Firewall in our organization for the Mumbai location, and there are multiple locations.

How are customer service and technical support?

The technical support is very good. The Check Point guys are very humble and quick. They are always ready to support us if we call them.

How was the initial setup?

I have done four to five initial setups and configurations of firewalls, which have been completely fine and proper. There are no improvements needed.

For one firewall, it will take around two and a half hours to configure the interface and everything else. For the deployment of one firewall, it will take around two and a half hours. If you want to make any clusters, then it is around five to six hours. 

What about the implementation team?

We support companies locally and remotely. Since the lockdown, we have been supporting companies only in a remote fashion.

We have to first make a plan of action, then verify that it meets Check Point's requirements. Then, we will raise a case with the Check Point desk. We verify with them if there are any changes that they need us to do. After that, we will go for deployment. Check Point engineering will also help if there are issues with the deployment.

What was our ROI?

They have made domain improvements to SmartConsole. If you check older versions, such as R77.30, you have to open a separate, smart tracker to view logs. However, in R80.10 and above, you can view logs in SmartConsole. You don't have to open another smart tracker to view logs. That is the improvement Check Point has done which makes it better because it is much easier to find logs. This saves time, approximately 40 to 50 a day in one shift.

What's my experience with pricing, setup cost, and licensing?

For the firewall, there is a limitation on the license. We are facing some problems with mobile access. We have a license for 450 licenses of VPN users. We would like Check Point to have more than that, e.g., if the organization gets bigger and there are more users, then that will be a problem.

I have done licensing and contracts for multiple firewalls. The license and contract configuration is completely fine, but if it is possible to make them cost a bit less, then this would be better.

Which other solutions did I evaluate?

Palo Alto is a zone-based firewall and Check Point is an interface-based firewall. With Palo Alto, we are using Panorama to install policy, and in Check Point, we are using their Management Server to install policy. The Palo Alto Panorama console has more options than Check Point.

On the Check Point Firewall, you can install policy. With the Palo Alto firewall, you can install policy on multiple gateways. You cannot install policy on multiple gateways with the Check Point Firewall.

What other advice do I have?

If you are making a plan of action for the installation of firewalls, clarify with the Check Point tech engineers that all is proper and good. We always arrange a Check Point standby engineer for this activity, because if anything goes wrong, then they can help on the call.

I would rate this solution as an eight out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner.
TitleNetwork Manager at Destinology
User
Very configurable with good VPN clients and a helpful smart view tracker
Pros and Cons
  • "As a system administrator my favourite part of Check Point is the smart view tracker. This alone is a must-have tool for tracking all traffic traversing the Check Point appliance."
  • "The only downside to Check Point, is, due to the vast expanse of configurable options, it does become easily overwhelming."

What is our primary use case?

Our business houses just over 100 staff, along with over 200 devices ranging from mobile to tablets, computers, laptops, and Servers. 

We use a Check Point 5100 cluster running R80.40 to protect our business from external threats. 

Our network is also extended to the likes of Microsoft Azure, Amazon AWS, and other 3rd parties utilizing secure VPN tunnels terminating on our Check Point 5100 cluster. 

Our business also offers the ability of hybrid working - which is only possible with our Check Point solution.

How has it helped my organization?

Prior to using Check Point, we had a Draytek small business firewall, the Draytek would often hard lock, which resulted in the loss of internet connectivity for the business. The only way around this was to reboot the Draytek device which in turn would lose logging data as to what was causing the issue. 

Moving onto Check Point completely solved this problem. The hardware is much more capable and the logging and alerting functionality means, should anything happen (like it did with the Draytek), we would have visibility on the logs which would give us a direction for troubleshooting and mitigation. 

What is most valuable?

Check Point offers a secure VPN client. We distribute to our agents via group policy. Our agents can then connect to our network when working from home - which was a game-changer due to the recent pandemic situation. 

Check Point also offers a mobile app capsule connect which, as a system administrator, has proven very useful when a high-priority issue occurs. I am able to connect to my internal network via a phone or tablet - which has proven useful in some scenarios. 

As a system administrator my favourite part of Check Point is the smart view tracker. This alone is a must-have tool for tracking all traffic traversing the Check Point appliance. It makes troubleshooting much easier. This software alone sets Check Point out in front of the competition.

What needs improvement?

Check Point is very feature-rich. There aren't any features missing or that I am awaiting in a future release. 

The only downside to Check Point, is, due to the vast expanse of configurable options, it does become easily overwhelming - especially if your coming from a small business solution like Draytek. 

Check Point comes with a very steep learning curve. However, they do offer a solid knowledge base. Some issues I have encountered in my five years have only been resolvable via manually editing configuration files and using the CLI. Users need to keep this in mind as not everything can be configured via the web interface or their smart dashboard software. 

For how long have I used the solution?

I've used the solution for five years.

What do I think about the stability of the solution?

The solution was not always stable when running the older R77.30 version. Paired with a mid-spec box, we did find some issues with performance on more than one occasion, specifically the network would slow to a halt until a system reboot, there was nothing within the error logging and our external SOC couldnt find anything either. We'd often when updating the firewall policy it would fail to deploy usually taking around three or four policy pushes each taking about 20 minutes. We are now running much faster hardware with the later R80.30 release and those issues have completely disappeared.

What do I think about the scalability of the solution?

Scaling is dependant on the size of your network. Check Point does offer a wide range of lower to high spec appliances depending on your scale set.

How are customer service and support?

I've only had two instances using their support as we have a third party on contract for third-line issues that I cannot resolve. They were prompt yet not shy about pointing out potential issues with third parties and it not being their appliance. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used Draytek. It didn't offer the security features that Check Point does and we were a victim to a successful attack from external sources which Check Point would have caught. We also found the hardware of Draytek was too underpowered to handle the size of our network. 

How was the initial setup?

A third party installed the appliances initially. It is a complex process, as Check Point is vast in features and very configurable. You find yourself using the web interface, their own management software smart dashboard, and a mixture of CLI and config files to get your end result. 

What about the implementation team?

We implemented it through a vendor team. Their level of expertise ranged as we moved through three separate technicians during our installation which was problematic. I wouldn't use this particular vendor again. That said, this was nothing against Check Point. 

What was our ROI?

You cannot put a price on security. Check Point is a field leader. However, it comes at a high price. 

What's my experience with pricing, setup cost, and licensing?

If you have no experience with Check Point and you are on a deadline, it's essential you find a company certified to help with the deployment and configuration. The feature set is rich however, it's not always user-friendly. 

Pricing, including licensing, is very expensive compared to alternate products such as Sophos, Barracuda, or FortiGate

Which other solutions did I evaluate?

We evaluated Fortigate, Sophos XG, and Barracuda. However, ultimately the decision boiled down to our parent company already using Check Point. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Gonzalez
Network Administrator at Secretaría de Finanzas de Aguascalientes
User
Top 20
Helpful support, easy centralized management, package inspection facilitates malicious traffic discovery
Pros and Cons
  • "Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution."
  • "The equipment is complex, so you need guidance from specialized people or those who constantly work with Check Point. Better forums and information manuals could be provided so that users from different institutions can have more access to the information."

What is our primary use case?

We support various clients in the government sector in Mexico. We provide different solutions in terms of network security, data security, and perimeter security. The NGFM Firewall is available locally and different offices and/or institutions of the government sector pass through a more secure and controlled infrastructure.

This type of infrastructure has different zones or areas that are managed and keeping them centralized has helped us to maintain and control them. In addition, we are generating fast and safe solutions for our users on each site.

How has it helped my organization?

Check Point has provided us with an easier way to control all of the access traffic for more than 50 segments that we have within the organization. In addition, we have been able to maintain stricter control of the users and/or equipment that are had in all the institutions that make up the government sector of the entity.

Check Point technology has allowed us to keep the organization and distribution of the network in order within the institution. In addition, the VPN service we have has worked correctly for users who want to work remotely from their homes, which was of great help during the pandemic.

What is most valuable?

Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution.

The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters. It is well organized.

Some other of the services that have worked well for us are antivirus, anti-bot, and URL filtering. Together, these have allowed us to maintain control and organization amongst the users.

Another one of the pluses that have helped us a lot has been the IPsec VPN, especially in these times of pandemic.

What needs improvement?

Using the tool is somewhat complex when teaching new staff, although after practice it is quite easy to get used to this technology.

One of the improvements that could be included is to have a help menu to obtain advice or help for the different options that are presented in the application.

The equipment is complex, so you need guidance from specialized people or those who constantly work with Check Point. Better forums and information manuals could be provided so that users from different institutions can have more access to the information.

For how long have I used the solution?

The company has been using the Check Point NGFW for more than four years.

What do I think about the stability of the solution?

Compared to other networking equipment I have used, I would say that Check Point's NGFW is just as stable. We rarely have problems, and they can all be properly fixed without affecting productive or critical network elements.

What do I think about the scalability of the solution?

There are currently more than 5,000 users within government facilities in Mexico. This team has provided us with the necessary resources to provide services to users in record time.

With the teams that we currently have, we have not considered increasing the number of technicians. If the need should arise then Check Point is still a very good option.

How are customer service and technical support?

Technical support has been available when we have problems, and they are always there to help us get back up and running as quickly as possible. In addition, the equipment is kept up-to-date with the latest versions, or alternatively, those recommended by the provider.

Which solution did I use previously and why did I switch?

This solution was deployed before I entered this governmental organization. What I have heard is that prior to this, the security and segmentation control was not ideal and they wanted to improve it. With the implementation of Check Point, great improvements have been provided to the infrastructure, maintaining order within the organization.

How was the initial setup?

When I entered the company, the equipment was already installed. With the passage of time, some configurations have been improved and some extra services have also been achieved for mobile users.

What about the implementation team?

It was implemented through a provider that has been guiding us towards the correct use of the equipment and the best practices to keep it updated. The service has been excellent, both in common day-to-day ticketing situations, including the most serious incidents.

What was our ROI?

It has been well worth the investment, as the Check Point technology is there to help when we need it.

What's my experience with pricing, setup cost, and licensing?

One of the main reasons that Check Point is used is that it helps us to administer security at a reasonable price. This is naturally in addition to meeting the expectations of the institution.

An annual technical support fee is paid to maintain the equipment with the most updated licenses and versions and thus avoid vulnerabilities

Which other solutions did I evaluate?

Check Point is the option that has always been considered for its good firewall organization, which allows us to have excellent security.

What other advice do I have?

My advice is to always have a supplier with whom you can resolve doubts or more specific technical questions. Since the equipment requires many very technical parameters, it is helpful to have a person who understands and uses this technology correctly.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer:
Charanjit Bhatia
AGM Cyber Security CoE at Bata Group
Real User
Top 5
Flexible, provides good visibility, and it's easy to manage with a centralized dashboard
Pros and Cons
  • "It creates granular security policies based on users or groups to identify, block or limit the usage of web applications."
  • "Although Check Point provides annual updates to the Gaia platform, integration with other OEMs is difficult."

What is our primary use case?

We use this solution for complete protection against advanced zero-day threats with Threat Emulation and Threat Extraction. We also use:

  • NSS Recommended IPS to proactively prevent intrusions
  • Antivirus to identify and block malware
  • Anti-bot to detect and prevent bot damage
  • Anti-Spam to protect an organization's messaging infrastructure
  • Application Control to prevent high-risk application use
  • URL Filtering to prevent access to websites hosting malware
  • Identity Awareness to define policies for user and groups
  • Unified Policy that covers all web, applications, users, and machines
  • Logging and Status for proactive data analysis

How has it helped my organization?

The solution has improved the organization with respect to the following:

  • Simple implementation and operation
  • Central dashboard for managing branch firewalls
  • Easy measurement of security effectiveness and value to the organization
  • Proactive protection with the help of many inbuilt blades
  • SandBlast Threat Emulation and Extraction provides us zero-day protection from known and unknown threats in real-time 
  • Great visibility on the number of threats being blocked at the dashboard
  • Helps to clean traffic, both egress and ingress
  • A simplified URL filtering option is available for users with detailed granularity to map user/departments with respect to specific access
  • It does deep packet inspection for checking HTTPS traffic. There is a shift towards more use of HTTPS, SSL, and TLS encryption to increase Internet security. At the same time, files delivered into the organization over SSL and TLS represent a stealthy attack vector that bypasses traditional security implementations. Check Point Threat Prevention looks inside encrypted SSL and TLS tunnels to detect threats, ensuring users remain in compliance with company policies while surfing the Internet and using corporate data
  • It helps in the identification of C&C via Anti-Bot
  • It provides geolocation restrictions that may be imposed via IPS
  • Excellent Application Control for the administrator to manage the access for users
  • Secure remote access is configured with mobile access connectivity for up to five users, using the Mobile Access Blade. This license provides secure remote access to corporate resources from a wide variety of devices including smartphones, tablets, PCs, Mac, and Linux

What is most valuable?

We are using the Check Point Next-Generation Firewall to maximize protection through unified management, monitoring, and reporting. It has the following features:-

  • Antivirus: This stops incoming malicious files at the gateway, before the user is affected, with real-time virus signatures and anomaly-based protections.
  • IPS: The IPS software blade further secures your network by inspecting packets. It offers full-featured IPS with geo-protections and is constantly updated with new defenses against emerging threats.
  • AntiBot: It detects bot-infected machines, prevents bot damage by blocking both cyber-criminals Command and Control center communications, and is continually updated.
  • Application Control: It creates granular security policies based on users or groups to identify, block or limit the usage of web applications.
  • URL Filtering: The network admin can block access to entire websites or just pages within, set enforcements by time allocation or bandwidth limitations, and maintain a list of accepted and unaccepted website URLs.
  • Identity Awareness: This feature provides granular visibility of users, groups, and machines, enabling unmatched application and access control through the creation of accurate, identity-based policies.

What needs improvement?

I would like to see the provision of an industry-wide and global benchmark scorecard on leading standards such as ISO 27001, SOX 404, etc., so as to provide assurance to the board, and confidence with the IT team, on where we are and how much to improve and strive for the best.

Although Check Point provides annual updates to the Gaia platform, integration with other OEMs is difficult. This integration would be helpful in providing a full security picture across the organization. I am looking forward to the go-ahead of R81 with MITRE framework adoption in the future.

For how long have I used the solution?

We have been using the Check Point NGFW for the last four years.

What do I think about the stability of the solution?

This is a very stable product.

What do I think about the scalability of the solution?

It is highly scalable on cloud and does provide customers with lot of flexibility while performing the sizing of the appliance.

How are customer service and technical support?

Technical Support needs improvement, especially the L1 engineers.

Which solution did I use previously and why did I switch?

Prior to this solution, we were using GajShield. However, due to limited visibility and support, we opted for a technical refresh and upgrade of products.

How was the initial setup?

Yes initial setup was complex as migration of policies from one OEM to another is a challenge. however we meticulously planned and completed the implementation in phases.

What about the implementation team?

Yes we took help of the Certified Vendor. Vendor support was good.

What was our ROI?

We did not calculate our ROI; however, it provides good visibility to us.

What's my experience with pricing, setup cost, and licensing?

Check Point is competitively priced; however, there is an additional charge for the Annual Maintenance Contract (AMC) and it is easy to understand.

My advice is to negotiate upfront with a support contract of between three and five years.

Which other solutions did I evaluate?

We evaluated Palo Alto, Barracuda, and Fortinet.

What other advice do I have?

In summary, this is an excellent product and featured consistently in Gartner for the last 10 years. They have good R&D and support services across the globe. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.