Check Point NGFW Reviews

We're using Check Point Next Generation Firewalls to secure the internal LAN network from unwanted threats and for protecting the environment for business use.

The most valuable feature is the central management system through the Security Management Server. Apart from that, the graphical user interface helps us to do things easily.

The frequency of the antivirus updates which we get for Check Point firewalls should increase. They should be of good quality compared to the competitive firewalls on the market. They should give us stable antivirus signatures. That is an area in which they can improve.

I have been using Check Point's Next Generation Firewalls for the last three-and-a-half years.

These firewalls are very stable and, apart from the antivirus issue which I mentioned, everything is stable in them. The best thing is that they are the most advanced firewall on the market.

Per my experience, it is very easy to scale these firewalls, because they are combined with the central management point. It is very easy to push the same configuration to different firewalls at the same time. It does not take much time to extend usage.

We use them throughout our organization. Currently we have used them for around 50 percent of our needs and there is definitely a room to grow. In the future we will definitely try to increase usage, if it is required.

We have had a good experience with the Check Point support guys. The solutions they provide are very straightforward and are provided quickly.

I used Palo Alto firewalls. Compared to Palo Alto we are happier with the Check Point Firewall features. Key differences are the ease of operating Check Point firewalls and the use of Linux, as we are all trained in Linux. It is easier for us to work on the ELA of Check Point firewalls. And Check Point's support is good.

Check Point is the best firewall we have found for our organization so we went with it.

In our company we do setup of Check Point firewalls very frequently because we are a growing company and we are required to do them on a fresh basis for our new branches.

The initial setup for these firewalls is straightforward. There's nothing complex about Check Point firewalls. They are easy to install and configure. We have cloud-based VM firewalls. We configure them in our environment. It is easy to access them and it is also easy to implement the changes on them.

Deployment time depends on the condition and the space of the organization. In our case, it requires three to six months for the setup phase. We have the same implementation strategy for all our branches, which is very simple. It is a three-level hierarchy which is recommended by Check Point. We use the SmartConsole, we use the Security Gateway, and we use the Security Management Server.

In my organization there are six people who have the access to the Check Point firewalls. Two of them are network administrators and four are managers.

We are happy with the return on investment from the Check Point firewalls. We are happy with the features and with the protection they provide us.

The licensing part is easy for Check Point firewalls. You just purchase the license and install it on the firewall. The pricing is a bit high, but obviously it gives you advanced features. If you want to buy the best thing on the market, you have to pay extra money.

When implementing the product, follow the recommendations which Check Point provides. Follow the backup for the firewall so that in case of an issue, you have a secondary firewall active.

The biggest lesson I have learned is that there is a scope of improvement. Companies that are improving and providing updates frequently are growing more. In addition, improving support is a very key part of things. Check Point rates well on all these points.

Our primary use case of this solution is to use it as a security gateway. 

The visibility and the logging are the most valuable features. Also, their interface is second to none. The best thing about it is the interface but it crashes too often. If it can stop crashing that would be great. 

Their support is completely useless. They need to improve that and the stability. The main reason we are moving on from Checkpoint is because of their stability and their support. There are way too many bugs. You just can't get things to work properly.

They don't need to bring any more features. They need to focus on stability. They should stop trying to be funky and stop trying to develop new things to catch people's attention. Just focus on what they already have and make it work. It would be a good product. Just make sure it works. 

When it works, scalability is perfect. 

Six years ago we were using a Fortinet solution. The reason we switched to Checkpoint was because of the central management. It can manage up to hundreds of devices without failing but in reality, it doesn't actually do that. Central management was better than Fortinet back then. That was several years ago. I don't know Fortinet now. The reason we chose Checkpoint was the central management. We needed to manage up to about 700 or 800 devices.

The initial setup depends on how many features you want to turn on. If you just want a simple set-up, with not a lot of features, then it's easy. You can set one up very quickly, within a day. If you want to have a lot of features turned on and your environment is slightly more complex than standard, it can take up to a few months because you will always run into bugs. It's going to stop you from proceeding and you will be battling with it for a long, long time. Contacting support won't always help. You could potentially waste months of your time and not get any value from it. 

We had Checkpoint support engineers for the implementation. The people are helpful. They support their product. The problem is that there were too many problems. Even their support can't fix it. They try their best to help but when the product isn't great, there's not much you can do.

This solution is way too expensive for what it is worth, especially when it doesn't work. It's just pointless. It's time wasted.

I would rate this solution a three out of ten. The reason I give it a three and not zero is because the visibility and the interface are great. Other than that, they're too much of a headache. We've had painful experiences that we never want to go back to. 

We primarily use it for internet security. We use it for firewalling, ePass, and threat detection including anti-malware protection, bug protection, and social inspection. We can also use it for DLP.

The solution helps out in our security goals. It acts as a primary source of protection for threats from the internet and is great for data leakage protection.

Most of the time, it's pretty stable. 

We have all the features we want or need in this appliance. It's been good so far. 

Sometimes there are security bugs, which is frustrating.  

Right now, we have a problem with DLP and this problem has become very big. Check Point, our firewall, is not handling data properly. There seems to be some sort of security bug.

I've used the solution for ten years or so. It's been a decade at least. 

The solution, for the most part, is very stable. We find it to be quite reliable. There are bugs, however, which have caused some issues. 

The solution is not scalable per se. There is only one way to upgrade and that is to buy new appliances.

Currently, we have around 7,000 people using this solution.

Likely, we won't be increasing usage. We are building new releases and we are considering changing this solution to another vendor. We might switch from Check Point to maybe Palo Alto or Cisco. We don't know which yet.

We haven't really dealt with technical support. We typically go through our partners.

We also use Cisco as well. We use Cisco ASA. Check Point, right now, is our primary firewall.

Check Point offers very good management. For an administrator, it's easy to manage this appliance, this firewall. Cisco, historically, has a big problem with this, specifically with FTD firewalls. There also tend to be some bugs you have to contend with.

I can't speak to the initial setup process. Our partner handled it and therefore I wasn't really part of the process. That said, for me. the process is pretty simple.

My understanding is that the deployment took a few days. 

I'd rate the experience of the initial setup at a four out of five. 

About two people were able to handle the implementation process. Typically, they are architects and engineers. 

We had a partner set up the solution for us.

We have seen a decent ROI. I'd rate it at a four out of five. 

I can't speak to the cost of the solution. We deal with it through a partner, and I'm not involved in any of the pricing aspects. 

We are considering switching to Palo Alto or maybe Cisco in the near future. 

We are a customer and an end-user.

Some blades, some function blades on Check Point, are very good, however, it's not all of them. Right now, I know DLP and social inspection are a problem. New users should be aware of this. 

Overall, I would rate the solution at a seven out of ten.

While the solution is good, we wish to have something that is a bit better, as the threats have evolved over time. We have been using Check Point for more than than eight years and are interested in a better solution. We entered a review site which ranks top security firewalls and saw that Palo Alto is ranked number one, followed by Fortinet, with Check Point in the lead. We noticed that Palo Alto was much more expensive than Fortinet, but wished to know which key features differentiated the two. 

Though we did not take issue with the price of Check Point NGFW, we felt that it was providing us with inadequate support here in Uganda. This is why we decided to switch solutions. I should note that I do not have a technical background and am responsible for procurement. 

The value we were getting for our money was an issue. I work for a bank for which security is very important, but we were not being assured of the appropriate support. The licensing fees we were paying did not equate with adequate local support. We had already had a bad experience with Check Point, so we did not bother with a quote from it and, instead, got one from several local companies that can support either Palo Alto or Fortinet. 

We do not feel that the local support given in Uganda is equitable with the pricing. 

While the pricing is okay, the local Ugandan support one gets is not commensurate with it. 

I rate Check Point NGFW as a six out of ten. 

My role is to do implementation and troubleshooting on the Check Point Firewall. We use this firewall for our organization's security by adding restrictions and security from viruses and other tech from the external Internet.

It is used in our internal company-wide network. It protects our company throughout the LAN network.

We have needed to install many third-party devices to provide major security to our organization. Because of Check Point and its many features, we do not require other third-party devices. We only require Check Point to provide the security.

It gives us centralized management for multiple firewalls. For example, if I want to push the same configuration to 10 firewalls, I can push it all at once with the help of the centralized management system.

It is easy to use because it supports Linux language in the CLI. This is a good for someone who already knows Linux language.

The company should increase the learning platform free of charge. For example, Palo Alto and Cisco ASA have very good platforms that are completely free. Almost everyone in this field has good product knowledge. Therefore, I would like more training and expertise to be available for Check Point NGFWs.

I would like the graphic user interface to be easier to use. For example, the NAT policy should be easier to use. Check Point's NAT policy is somewhat confused compared to other competitors.

I have been using it four years and four months.

It is a stable firewall that has new updates. The new updates are very impressive. There is also a good antivirus update which comes out very frequently and is completely stable.

The solution's scalability is good.

With our increasing business, we have given a proposal to increase the number of firewalls.

In my organization, there were five associate consultants included in the deployment process, including me.

The solution has very good, timely support. Most of the time, when we opened a case with their tech support, we have been in a panic situation because of the case's priority. However, the solution that we get is very straightforward and in very short amount of time.

My issues were resolved by the Check Point team or available on the Internet. So, all my problems were resolved.

I have used Palo Alto and Cisco ASA. When I used Check Point, I got to know that the CLI is based on Linux. I already know Linux, so it was very comfortable for me. Apart from that, it was the company's decision. They wanted to use this firewall.

The initial setup was straightforward because I have done training on Check Point. I didn't face any issue while implementing or while configuring it. I only faced a few issues, and they were resolved by the Check Point team.

It takes around nine to 12 months for the complete deployment of this solution. My deployment plan was a three-tier architecture, which is one of Check Point's features.

I deployed it myself with the help of one or two of my colleagues.

I am happy with the investment that we made on Check Point. The reason behind this: It has advanced features for protecting the environment.

I also evaluated Palo Alto and Cisco ASA.

Check Point pros:

• The CLI is very ease to use.
• It provides advanced security threat prevention.

Check Point cons:

• The graphical user interface should be easier to use.
• More training should be provided by Check Point. 

I would recommend this solution because it is a firewall that replaces many other devices. Money-wise, it is good. It also has many features. These can be utilized to protect your environment from outside threats.

You should have a couple of training and hands-on experiences before deploying the changes by yourself on the firewall. It has many features of which people are not knowledgeable so they usually utilize them.

With time, technology is getting better. Check Point is one of these examples. They have changed their products completely from the old R80 version, where their UI and CLI were much different. 

I would rate this solution as a nine out of 10.

We use the tool as a data center firewall. Some of our customers use it as a perimeter firewall. We are only using the security gateway.

The product is flexible. I like the product’s performance and throughput.

The cost of add-on features is too high.

I have been using the solution for five to six years.

The tool is stable. We haven’t faced any issues after configuring and putting it in production.

We have roughly 7000 appliances. The tool is scalable. I like the scalability of the solution. We have 10 to 20 customers.

The technical support is good.

Positive

The initial setup is easy.

The pricing is moderate. The license cost is good. However, some features like VPN are costly.

We use the solution for our clients. My recommendation depends upon the requirements. I do not recommend the product for an SMB. I recommend it for enterprises. It has good performance and throughput. Overall, I rate the solution a seven or eight out of ten.

Primarily, we implement the solution at a couple of sites around the world and have created five site VPNs across it. We are running a pretty decent policy to make sure internally our infrastructure is secure.

The product offers excellent security. How open they are with new risks and new vulnerabilities is very helpful in the task of keeping our company safe from malicious attacks.

Newer versions are much more stable.

The UI could use some improvement. It's not as clean or seamless as it could be. 

It's my understanding that the initial setup is a bit complex. There's a bit of a learning curve if you're trying to set it up for the first time and you aren't familiar with the product.

Older versions were a bit unstable. 

We've been using the solution for six or seven years so far. It's been a while. 

While this version seems to be quite stable, Check Point, in previous versions, had a lot of issues when we used to do firmware updates.

We have 200 people on the solution currently. 

I also have experience with Fortinet. I don't have too much, however. It's still very new to me, and therefore it's hard to compare the two solutions. 

While I didn't directly participate in the implementation, from the people that participated, I've heard that it's complicated if you don't know the product very well.

We hired a company to do the implementation. I don't remember the dynamics of the team. The last time it was set up, there were two people on the implementation team. 

While we don't have a direct relationship with the company, we do have business relationships with both Fortinet and Checkpoint partners.

I'd rate the solution at a seven out of ten.

Our customers primarily buy the solution to protect the network from malware at the perimeter of the Network. The next-gen firewalls help the customer to have an application-level control of the traffic.

The features that I have found most valuable are its flexibility and user interface. This is already a well-established product in the market for quite a long time, more than 20 years. They've got a huge customer base.

In terms of what could be improved, I'd like granularity where you can have all the levels of policies that are defined. 

In additional feature that could be added to this solution in the future is micro-segmentation, like Palo Alto has on the firewall itself.

I began using Check Point Next Generation Firewall very recently, about four or five months ago.

We have an internal team for maintenance.

In terms of scalability, what we have seen is that it has a big deployment right now. So it all depends on what kind of environment the customer has. If he's already a Check Point user, it is easy for them, but if it is migrating from one platform to another, it is a little complex. One more thing is that the skillset availability required for Check Point is, in terms of implementation, a little less compared to others. The resources and the technical stuff are there for implementation. You find fewer people on Check Point compared to Sophos or Fortinet or any other platform.

The installation process, if it is a greenfield opportunity, is easy. If it is a migration from one platform to another, you need to have expertise on both the technologies. Let's say for example you're migrating from Fortinet to Check Point, or from Sophos to Check Point or Check Point to any other, you need to have expertise on the platform, even though you should have good experience in terms of migrating and technologies.

In my experience, Check Point provides both in-depth experience and cost-effectiveness compared to Palo Alto. So, Check Point is good for customers already using Check Point and Palo Alto is for anybody who wants to have the latest and most advanced features and has a good budget.

On a scale of one to ten, I would rate Check Point NGFW an 8.