Check Point NGFW Reviews

We work with these firewalls for overall security, including content filtering.

High-capacity and high-capability devices help us to integrate with the cloud infrastructure as well as internet applications.

The most valuable feature is the URL filtering. 

It also gives us a single console for everything. Rather than having one device for URL filtering and a different device as a firewall, this gives us everything in one place.

It would help if they were easier to deploy, without needing more technical people. It would be nice if we could just give basic information, how to connect, and that would be all, while the rest of the setup could be done remotely.

I have been using Check Point NGFWs for six years.

They're pretty stable. I don't see any issues there.

Scalability means upgrading to newer, better hardware.

From an end-user perspective, everyone in our organization is using it, as it's a perimeter device. If they have to access the internet, they use this firewall to allow that access. We have about 4,000 end-users and about 200,000 concurrent connections.

Check Point's technical support is a seven out of 10. Sometimes it takes a lot of time to get the right people on TAC issues. And to buy time, they just use generic questions, which is really time-consuming and doesn't relate to the problem at all.

For the infrastructure in question, we have always used Check Point firewalls.

I have worked with Cisco ASA. Cisco is more CLI oriented, whereas Check Point is more GUI oriented. With the GUI, it's easier to manage and administrate it. If the configuration becomes bigger and bigger, it is really easy to see things in the GUI versus a CLI.

The advantage of the CLI is that you can create scripts and execute them. But the disadvantage is that they become so lengthy that it becomes very difficult to manage.

The initial setup is straightforward because it's a GUI interface. Even when it was upgraded, things didn't change in terms of the look and feel. It was still the same. There was no need to learn new things. It's easy for any administrator to learn new features.

On average, deployment takes one to two hours, including mounting and everything, from the physical work to moving the traffic there.

The issue is that we still need people to be onsite to do this because some tasks have to be done on the day. That means a technical person is required to do that work. We can't give it to any other person to do this because, until those particular steps are completed, things can't go any further.

We have six people, network admins, for deployment and maintenance because we have about 30 of firewalls.

We do it ourselves.

When we first started using them, we were just using them for basic functionality. Then we started using more features and introducing other components. For example, we had a different proxy server which we depended on. Once we got the Check Point, we could use the same device for multiple roles, which reduced the cost a lot. I would estimate our costs have been reduced by 30 percent.

If you use the features then it's cost-effective. Otherwise, it's expensive.

We use Check Point's firewall to provide network security to our organization as well as to other, third-party vendors.

The Check Point firewall is providing advanced-level security. Compared to before, our company is more secure now. It is not only securing the users working within the LAN environment, but also to the end-users or remote users in the company.

The most valuable features are its 

• antivirus
• threat detection
• central management system. 

The central management makes it easier, and is a time-saver, when implementing changes. We can do all the changes within Check Point and not use any third-party device.

The antivirus Check Point offers could be better when compared to competitors' firewalls. Updates should be more frequent. With other firewalls, updates are very frequent, but with Check Point updates are not so frequent. That needs to be improved.

Also, the certification as well as learning about this Check Point is much costlier when compared to the other firewalls. I have recently done certifications in various firewalls and Check Point's certification was more costly.

I have been using Check Point's NGFW for the last six years.

The Check Point firewall is very stable. It is one of the oldest firewalls in the market. It has all the advanced features, according to the security features we have. It's quite a stable firewall.

It is very good and scalable. We have recently expanded the usage of Check Point and it was not a very tough process to scale this firewall.

Right now it's protecting around 3,000-plus employees.

It has been a very good experience every time we call Check Point. We usually get them on a phone call and they are very informative people. They always provide us the solution.

We had another solution. We switched because Check Point gave us more advanced features and there was market demand for network security.

The initial setup was a little complex. The training from Check Point should be increased. It was a little complex, but with the help of their TAC and the help of other engineers, we installed it.

The deployment has taken about eight months. We have deployed it in a three-way architecture. We have installed a security gateway, an SMS (security management system) and we have installed the console.

We have a team of four people, all network engineers, for deployment and maintenance of the solution. We take care of all the firewalls for the organization, including Check Point's.

We had help from a Check Point integrator. It was a good experience. They were very helpful.

We are happy with our investment in Check Point's firewall. Per our standards, and for our environment, it is a very good firewall. It is protecting us well.

Pricing is a little high compared to competitive firewalls, but it is easy to go through the licensing steps.

We evaluated other options, including Cisco ASA. The difference was that Check Point provides advanced features, such as threat prevention and antivirus. Apart from those, it also provides us with IPS. Also, for Cisco ASA, we had to take extra services to install it, so we went for Check Point.

Make sure you get good training on Check Point's firewall, and it would be good if you have working experience on the device.

Using Check Point, I have learned that we need to serve our remote users as well, and Check Point is a firewall which is capable of doing that.

We use this solution for our perimeter firewall to protect our web applications, systems, and network. We are running our complete business with Check Point.

The complete traffic is managed by Check Point. The Check Point threat emulation blade is enabled to protect zero-day attacks and it will detect and prevent attachments and other payloads from this type of attack.

We have been running Check Point for the last ten years and it protected our network, systems, and applications against the latest attack. Our organization is running 500 applications that are being protected.

The next-generation firewall will manage all of the traffic and prevent the latest & advanced threats from attackers. The latest operating systems R 80.20 is wonderfully designed and allows customers to manage everything with a single console.

The most valuable feature is that we are protected against zero-day threats.

Everything can be managed from a single console.

We would like to see the following improvements:

1. Multiple ISP redundancy.
2. CPU utilization.
3. VPN traffic.
4. HA concept, where if we apply the policy in the primary appliance that should be applied to HA appliance automatically.
5. The number of bugs has to be reduced.
6. The number of false positives should be reduced. 
7. Threat emulation has to be improved.
   
8. Reporting has to be improved.

I have been using Check Point Next Generation Firewall for ten years.

We are happy with Check Point technology and support.

Both IN and OUT traffic is managed by Check Point. We are happy with Check Point technology including the protection, management, and the ability to secure the enterprise network against advanced threats.

• Perimeter and datacentre firewalls
• URL filtering
• Anti-bot
• Anti-malware
• Application awareness.

Consolidated many of our DMZ services into one appliance, and it's easy to add IPS functionality on firewalls.

All of the above mentioned.

Simplify licensing.

We leverage it as a next gen firewall, it does all of our IPS, URL filtering. We use it for our remote users, for VPN access. We use it to build VPN tunnels out to remote sites. It handles quite a bit.

It allows us to be a little bit more diverse in our hiring. We can hire people out in remote areas, that otherwise we wouldn't be able to because they'd have to come into the office without it.

The VPN side of it. Obviously without the VPN, we'd have tons of end users that wouldn't be able to connect to our environment.

Stability issues. I built out this firewall in a cluster, and I had stability issues day one. Needs to be rebooted frequently. Tunnels need to be bounced frequently. Their hardware compatibility guide, when I built out the servers to host them on, was not accurate. And there are compatibility issues and stability issues.

We would lose our remote sites, they would just dump. Say we had our site in California, all of a sudden we're not connected to them anymore. Or we have site in AWS, then we can't connect there anymore. So I'd have to go in and reset the IPSec VPN tunnels, in order to regain connectivity, more frequently than I should have to. Obviously that can happen from time to time, but it was pretty frequent with Check Point, to the point where we're going to rip it out the next two weeks, and install Cisco everything.

As far as scalability goes, I don't feel we really had to push it. We're not a huge company. It was literally always resolved with a license upgrade. If there were too many users connected, we would just upgrade a license and then have more users connected concurrently. So scalability, not an issue. But we sized it pretty appropriately when we installed.

We had third-party tech support through our contract, and it was okay. I pretty much ended up having to figure everything out if there was a problem. As far as Check Point goes, I haven't really dealt directly with their tech support.

When I started at the company, this solution had been in place, and it was failing, the cluster was failing. So I was tasked with rebuilding the entire solution, to make it a little bit more stable. I bought two brand new servers, and spun up a cluster for Check Point. And it improved a little bit, but for what we paid for that solution, it was not really worth it. Because of stability. 

We have migrated some stuff over to Cisco ASA Firewalls. And those seems to be more stable. A lot easier to use, more stable, faster to get going.

I thought it was pretty straightforward, myself. The issue that I ran into, on their website, when you go to install a solution they have something called the hardware compatibility list. That assures you that if you install their product, you also have the right servers to do it, you have the right NICs card, etc. So I actually bought brand new servers with brand new NIC cards that matched all the specs for the hardware compatibility list. I started getting everything setup, and it turns out the hardware compatibility list was wrong. It was wrought with issues. And I ended up having to pull some old NIC cards to throw in the servers to even get the thing to work.

So they don't have accurate documentation, I guess you could chalk it up to that. Or they didn't test it very thoroughly before they put it on the website. So that caused us a lot of heartache. This was a business-impacting setup. I had to do late-night maintenance windows, so when things don't work, it affects us at a pretty big level.

I don't think the product's pricing is a good value. I feel it's very overpriced. 

I feel a lot of the features for a next gen firewall are there. But I feel it's overpriced, because of the stability issues. As far as support goes, I really can't speak to direct Check Point support, but the third-party was pretty terrible. 

I feel you'd get a lot more out of it with Cisco. With Cisco you'd pay about the same. I feel the licensing is a lot more straightforward. It's easier to understand. 

That's another thing about Check Point, I think their licensing model is very confusing. As far as the licensing goes, it's pretty complex. If anybody was to purchase the Check Point product, definitely make sure they have an account rep come on site, and explain it line by line, what each thing is. It's not straightforward. It's very convoluted. There's no way you could just figure it out by looking at it.

We're halfway there right now, with the Cisco Firewalls we're switching to. They're very capable, they work like you'd expect, simple licensing, simple upgrades. It's been a breeze with those so far. 

I would say avoid it. There are definitely better solutions out there. For the amount of headache that you get with this product, it's not like you're saving yourself any money. It's just as much, if not more, than other solutions.

When it works, it works well. But, like I said, I've never really had a stretch of time where it just worked really well for everyone. It's been a constant pain point for our organization.

We're using Check Point Next Generation Firewalls to secure the internal LAN network from unwanted threats and for protecting the environment for business use.

The most valuable feature is the central management system through the Security Management Server. Apart from that, the graphical user interface helps us to do things easily.

The frequency of the antivirus updates which we get for Check Point firewalls should increase. They should be of good quality compared to the competitive firewalls on the market. They should give us stable antivirus signatures. That is an area in which they can improve.

I have been using Check Point's Next Generation Firewalls for the last three-and-a-half years.

These firewalls are very stable and, apart from the antivirus issue which I mentioned, everything is stable in them. The best thing is that they are the most advanced firewall on the market.

Per my experience, it is very easy to scale these firewalls, because they are combined with the central management point. It is very easy to push the same configuration to different firewalls at the same time. It does not take much time to extend usage.

We use them throughout our organization. Currently we have used them for around 50 percent of our needs and there is definitely a room to grow. In the future we will definitely try to increase usage, if it is required.

We have had a good experience with the Check Point support guys. The solutions they provide are very straightforward and are provided quickly.

I used Palo Alto firewalls. Compared to Palo Alto we are happier with the Check Point Firewall features. Key differences are the ease of operating Check Point firewalls and the use of Linux, as we are all trained in Linux. It is easier for us to work on the ELA of Check Point firewalls. And Check Point's support is good.

Check Point is the best firewall we have found for our organization so we went with it.

In our company we do setup of Check Point firewalls very frequently because we are a growing company and we are required to do them on a fresh basis for our new branches.

The initial setup for these firewalls is straightforward. There's nothing complex about Check Point firewalls. They are easy to install and configure. We have cloud-based VM firewalls. We configure them in our environment. It is easy to access them and it is also easy to implement the changes on them.

Deployment time depends on the condition and the space of the organization. In our case, it requires three to six months for the setup phase. We have the same implementation strategy for all our branches, which is very simple. It is a three-level hierarchy which is recommended by Check Point. We use the SmartConsole, we use the Security Gateway, and we use the Security Management Server.

In my organization there are six people who have the access to the Check Point firewalls. Two of them are network administrators and four are managers.

We are happy with the return on investment from the Check Point firewalls. We are happy with the features and with the protection they provide us.

The licensing part is easy for Check Point firewalls. You just purchase the license and install it on the firewall. The pricing is a bit high, but obviously it gives you advanced features. If you want to buy the best thing on the market, you have to pay extra money.

When implementing the product, follow the recommendations which Check Point provides. Follow the backup for the firewall so that in case of an issue, you have a secondary firewall active.

The biggest lesson I have learned is that there is a scope of improvement. Companies that are improving and providing updates frequently are growing more. In addition, improving support is a very key part of things. Check Point rates well on all these points.

We primarily use it for internet security. We use it for firewalling, ePass, and threat detection including anti-malware protection, bug protection, and social inspection. We can also use it for DLP.

The solution helps out in our security goals. It acts as a primary source of protection for threats from the internet and is great for data leakage protection.

Most of the time, it's pretty stable. 

We have all the features we want or need in this appliance. It's been good so far. 

Sometimes there are security bugs, which is frustrating.  

Right now, we have a problem with DLP and this problem has become very big. Check Point, our firewall, is not handling data properly. There seems to be some sort of security bug.

I've used the solution for ten years or so. It's been a decade at least. 

The solution, for the most part, is very stable. We find it to be quite reliable. There are bugs, however, which have caused some issues. 

The solution is not scalable per se. There is only one way to upgrade and that is to buy new appliances.

Currently, we have around 7,000 people using this solution.

Likely, we won't be increasing usage. We are building new releases and we are considering changing this solution to another vendor. We might switch from Check Point to maybe Palo Alto or Cisco. We don't know which yet.

We haven't really dealt with technical support. We typically go through our partners.

We also use Cisco as well. We use Cisco ASA. Check Point, right now, is our primary firewall.

Check Point offers very good management. For an administrator, it's easy to manage this appliance, this firewall. Cisco, historically, has a big problem with this, specifically with FTD firewalls. There also tend to be some bugs you have to contend with.

I can't speak to the initial setup process. Our partner handled it and therefore I wasn't really part of the process. That said, for me. the process is pretty simple.

My understanding is that the deployment took a few days. 

I'd rate the experience of the initial setup at a four out of five. 

About two people were able to handle the implementation process. Typically, they are architects and engineers. 

We had a partner set up the solution for us.

We have seen a decent ROI. I'd rate it at a four out of five. 

I can't speak to the cost of the solution. We deal with it through a partner, and I'm not involved in any of the pricing aspects. 

We are considering switching to Palo Alto or maybe Cisco in the near future. 

We are a customer and an end-user.

Some blades, some function blades on Check Point, are very good, however, it's not all of them. Right now, I know DLP and social inspection are a problem. New users should be aware of this. 

Overall, I would rate the solution at a seven out of ten.