Try our new research platform with insights from 80,000+ expert users
Sr. Network Engineer at a insurance company with 5,001-10,000 employees
Real User
Provides security to users working within our LAN environment, but also to remote end-users
Pros and Cons
  • "The central management makes it easier, and is a time-saver, when implementing changes."
  • "The antivirus Check Point offers could be better when compared to competitors' firewalls. Updates should be more frequent."

What is our primary use case?

We use Check Point's firewall to provide network security to our organization as well as to other, third-party vendors.

How has it helped my organization?

The Check Point firewall is providing advanced-level security. Compared to before, our company is more secure now. It is not only securing the users working within the LAN environment, but also to the end-users or remote users in the company.

What is most valuable?

The most valuable features are its 

  • antivirus
  • threat detection
  • central management system. 

The central management makes it easier, and is a time-saver, when implementing changes. We can do all the changes within Check Point and not use any third-party device.

What needs improvement?

The antivirus Check Point offers could be better when compared to competitors' firewalls. Updates should be more frequent. With other firewalls, updates are very frequent, but with Check Point updates are not so frequent. That needs to be improved.

Also, the certification as well as learning about this Check Point is much costlier when compared to the other firewalls. I have recently done certifications in various firewalls and Check Point's certification was more costly.

Buyer's Guide
Check Point NGFW
June 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
859,579 professionals have used our research since 2012.

For how long have I used the solution?

I have been using Check Point's NGFW for the last six years.

What do I think about the stability of the solution?

The Check Point firewall is very stable. It is one of the oldest firewalls in the market. It has all the advanced features, according to the security features we have. It's quite a stable firewall.

What do I think about the scalability of the solution?

It is very good and scalable. We have recently expanded the usage of Check Point and it was not a very tough process to scale this firewall.

Right now it's protecting around 3,000-plus employees.

How are customer service and support?

It has been a very good experience every time we call Check Point. We usually get them on a phone call and they are very informative people. They always provide us the solution.

Which solution did I use previously and why did I switch?

We had another solution. We switched because Check Point gave us more advanced features and there was market demand for network security.

How was the initial setup?

The initial setup was a little complex. The training from Check Point should be increased. It was a little complex, but with the help of their TAC and the help of other engineers, we installed it.

The deployment has taken about eight months. We have deployed it in a three-way architecture. We have installed a security gateway, an SMS (security management system) and we have installed the console.

We have a team of four people, all network engineers, for deployment and maintenance of the solution. We take care of all the firewalls for the organization, including Check Point's.

What about the implementation team?

We had help from a Check Point integrator. It was a good experience. They were very helpful.

What was our ROI?

We are happy with our investment in Check Point's firewall. Per our standards, and for our environment, it is a very good firewall. It is protecting us well.

What's my experience with pricing, setup cost, and licensing?

Pricing is a little high compared to competitive firewalls, but it is easy to go through the licensing steps.

Which other solutions did I evaluate?

We evaluated other options, including Cisco ASA. The difference was that Check Point provides advanced features, such as threat prevention and antivirus. Apart from those, it also provides us with IPS. Also, for Cisco ASA, we had to take extra services to install it, so we went for Check Point.

What other advice do I have?

Make sure you get good training on Check Point's firewall, and it would be good if you have working experience on the device.

Using Check Point, I have learned that we need to serve our remote users as well, and Check Point is a firewall which is capable of doing that.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer1412340 - PeerSpot reviewer
IT Specialist at a tech services company with 10,001+ employees
Real User
Protects our environment with security checks against vulnerabilities
Pros and Cons
  • "We like the centralized management for configuring multiple firewalls. It also gives us the Antivirus, threat prevention, and vulnerability tests. These four features protect the environment with security checks. Vulnerability tests allow us to configure changes that can protect the environment."
  • "The Antivirus feature is something that could be improved. We don't get much from the Antivirus update in comparison to their competitor's firewalls. It needs to be more advanced because Check Point is nowadays sent all over the world. Therefore, the Antivirus feature should be of very good quality and cover all virus checks. I would also like the Antivirus updates to be more frequent."

What is our primary use case?

We use it to provide security to our environment from the outside world. We are using it to provide security against vulnerabilities using threat prevention, Antivirus, and IPS.

How has it helped my organization?

In advance, we get security vulnerabilities. So, we can configure new security policies, update our antivirus, or check the configuration to protect the environment.

What is most valuable?

We like the centralized management for configuring multiple firewalls. It also gives us the Antivirus, threat prevention, and vulnerability tests. These four features protect the environment with security checks. Vulnerability tests allow us to configure changes that can protect the environment.

What needs improvement?

The Antivirus feature is something that could be improved. We don't get much from the Antivirus update in comparison to their competitor's firewalls. It needs to be more advanced because Check Point is nowadays sent all over the world. Therefore, the Antivirus feature should be of very good quality and cover all virus checks. I would also like the Antivirus updates to be more frequent.

For how long have I used the solution?

I have been working with it for the last seven years.

What do I think about the stability of the solution?

It is a very stable firewall. The updates that we get from this Check Point Firewall are also very stable. 

What do I think about the scalability of the solution?

The scalability is good.

There are more than 10,000 users. The Check Point Firewall is deployed through the company.

How are customer service and technical support?

All their technical people are very solid in their knowledge.

Which solution did I use previously and why did I switch?

I have used Cisco ASA and FTD. We switched from Cisco ASA to Check Point because there were no antivirus, vulnerabilities, or security prevention features. Check Point has more advance features, which are easier to use, than Cisco.

We also had to install IPS devices with Cisco.

How was the initial setup?

The initial setup was straightforward. It was not too difficult to deploy the Check Point firewall. Deployment takes between 12 to 15 months.

We have done a cloud-based deployment throughout our network.

What about the implementation team?

We did the deployment ourselves. We have onsite specialists who have done many deployments.

20 people take care of the deployment and troubleshooting of this firewall.

What was our ROI?

There is a money saving because we no longer require other devices, like an IPS, a separate antivirus, or vulnerability tests. We get all the devices within a single tool. Before, we would have different teams taking care of different devices. Now, we take care of only one device, which is another source of savings. We have saved a lot of money with this solution.

What's my experience with pricing, setup cost, and licensing?

The prices are good for its features. The benefit of its license is we get timely security prevention updates. The price is good for the technology that we get.

What other advice do I have?

This is a good solution. I would recommend to take advantage of as many features as you can. It has many features, and to protect security, you should use all the best features that you can.

As soon as the company will grow, we will definitely increase our usage of the firewall. We have already increased our usage due to employees working from home.

The biggest lesson that I learned is we can use the features of a firewall security to protect our environment. Also, rather than deploying multiple firewalls, we can configure a centralized management system, and this saves time.

I would rate this solution an eight out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Check Point NGFW
June 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
859,579 professionals have used our research since 2012.
Associate Consultant at a tech services company with 10,001+ employees
Consultant
Gives us centralized management for multiple firewalls and can protect our environment from outside threats using advanced features
Pros and Cons
  • "It gives us centralized management for multiple firewalls. For example, if I want to push the same configuration in 10 firewalls, I can push it all at once with the help of the centralized management system."
  • "I would like the graphic user interface to be easier to use. For example, the NAT policy should be easier to use. Check Point's NAT policy is somewhat confused compared to other competitors."

What is our primary use case?

My role is to do implementation and troubleshooting on the Check Point Firewall. We use this firewall for our organization's security by adding restrictions and security from viruses and other tech from the external Internet.

It is used in our internal company-wide network. It protects our company throughout the LAN network.

How has it helped my organization?

We have needed to install many third-party devices to provide major security to our organization. Because of Check Point and its many features, we do not require other third-party devices. We only require Check Point to provide the security.

What is most valuable?

It gives us centralized management for multiple firewalls. For example, if I want to push the same configuration to 10 firewalls, I can push it all at once with the help of the centralized management system.

It is easy to use because it supports Linux language in the CLI. This is a good for someone who already knows Linux language.

What needs improvement?

The company should increase the learning platform free of charge. For example, Palo Alto and Cisco ASA have very good platforms that are completely free. Almost everyone in this field has good product knowledge. Therefore, I would like more training and expertise to be available for Check Point NGFWs.

I would like the graphic user interface to be easier to use. For example, the NAT policy should be easier to use. Check Point's NAT policy is somewhat confused compared to other competitors.

For how long have I used the solution?

I have been using it four years and four months.

What do I think about the stability of the solution?

It is a stable firewall that has new updates. The new updates are very impressive. There is also a good antivirus update which comes out very frequently and is completely stable.

What do I think about the scalability of the solution?

The solution's scalability is good.

With our increasing business, we have given a proposal to increase the number of firewalls.

In my organization, there were five associate consultants included in the deployment process, including me.

How are customer service and technical support?

The solution has very good, timely support. Most of the time, when we opened a case with their tech support, we have been in a panic situation because of the case's priority. However, the solution that we get is very straightforward and in very short amount of time.

My issues were resolved by the Check Point team or available on the Internet. So, all my problems were resolved.

Which solution did I use previously and why did I switch?

I have used Palo Alto and Cisco ASA. When I used Check Point, I got to know that the CLI is based on Linux. I already know Linux, so it was very comfortable for me. Apart from that, it was the company's decision. They wanted to use this firewall.

How was the initial setup?

The initial setup was straightforward because I have done training on Check Point. I didn't face any issue while implementing or while configuring it. I only faced a few issues, and they were resolved by the Check Point team.

It takes around nine to 12 months for the complete deployment of this solution. My deployment plan was a three-tier architecture, which is one of Check Point's features.

What about the implementation team?

I deployed it myself with the help of one or two of my colleagues.

What was our ROI?

I am happy with the investment that we made on Check Point. The reason behind this: It has advanced features for protecting the environment.

Which other solutions did I evaluate?

I also evaluated Palo Alto and Cisco ASA.

Check Point pros:

  • The CLI is very ease to use.
  • It provides advanced security threat prevention.

Check Point cons:

  • The graphical user interface should be easier to use.
  • More training should be provided by Check Point. 

What other advice do I have?

I would recommend this solution because it is a firewall that replaces many other devices. Money-wise, it is good. It also has many features. These can be utilized to protect your environment from outside threats.

You should have a couple of training and hands-on experiences before deploying the changes by yourself on the firewall. It has many features of which people are not knowledgeable so they usually utilize them.

With time, technology is getting better. Check Point is one of these examples. They have changed their products completely from the old R80 version, where their UI and CLI were much different. 

I would rate this solution as a nine out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer1402668 - PeerSpot reviewer
Security Engineer at a tech services company with 1,001-5,000 employees
Real User
You only need to use one rule for both the DMZ and the Internet
Pros and Cons
  • "The Check Point API let me make 100 net rules in just 10 minutes, which saved us time."
  • "I would rate the technical support as a seven out of 10. Sometimes, it's difficult to get them to understand what the issue is. Sometimes, the issue is not resolved, then we solve it by ourselves with Check Point's documentation, which can be useful. When you open a case with Check Point, they can be a little slow. Sometimes, they don't solve things."

What is our primary use case?

I am using this solution for perimeter security in the company. Our firewall security is centralized under one management. Also, we use this firewall to manage some of the VPN clients and the employees' access across the company. 

Each firewall is capable of using the VPN client, but we only use two. We have five in total, but we only use two for these issues.

I am using the firmware version for the operating system. The blades are firewalled for IPS and mobile access.

How has it helped my organization?

Last year, we used the Check Point Identity Awareness Software Blade. Now, we only use a normal firewall with IP address rules, address destination, and services. Then, we can filter by users. So, my boss has access to these things by user. Even if it's connected with the Active Directory, we can filter by user name, or in this case by server name, and it works perfectly. This is very valuable for our company.

What is most valuable?

The most valuable features about Check Point are the API and automation process.

Using the GUI, you can add comments from your PC or the client server. If I want to check the firewall rules, I can send one line of command to determine if it is configured or not. 

Its implementation and integration with the rest of the network are better than its competitors.

What needs improvement?

The stability needs improvement for its version releases. They have a feature called Inline Layer as part of the R80.10 release. In the last version, it still had bugs and is not working very well. I would like the developers to release a version that is more stable, because if you start to use the latest release and try to use this newest feature, I'm not 100 percent sure that it will work very well. After six months of development, it might start working better. However, at the beginning, it's not a good choice to implement in your company with your first attempt. But one or two releases later, it might be better. 

If you only have one vendor and they are downgraded or no longer a leader in their industry, then you need to change the entire solution, making it more expensive. For example, Check Point's components are not interchangeable with other vendors.

For how long have I used the solution?

Around four years.

What do I think about the stability of the solution?

The stability of the firewall is nice if you use the legacy mode, because the new mode is not good. Things worked in version 77, which is older. It was more stable. When they jumped from version 77 to 88, sometimes things didn't work that used to work in the earlier version.

What do I think about the scalability of the solution?

The scalability of the firewall depends on the model. In terms of the implementation, it's really easy.

We have about 25 users for the entire solution. We have two engineers who work on deployments and implementation. We have another 18 engineers who do support and operations. They have responsibility to monitor the firewall 24/7.

It protects the core network and ISP: the routing, switching, and APM backbone. This is around 8,000 pieces of equipment. 

We don't have plans to increase our usage right now.

How are customer service and technical support?

I would rate the technical support as a seven out of 10. Sometimes, it's difficult to get them to understand what the issue is. Sometimes, the issue is not resolved, then we solve it by ourselves with Check Point's documentation, which can be useful. When you open a case with Check Point, they can be a little slow. Sometimes, they don't solve things.

Which solution did I use previously and why did I switch?

In the beginning, we used Fortinet, Juniper, and Cisco. Now, we only use Check Point for firewalls. 

Last year, we changed the Fortinet firewall to the Check Point firewall. The Check Point API let me make 100 net rules in just 10 minutes, which saved us time.

The administration is awful in Fortinet. They have the FortiGate portal on an HTTP portal. Therefore, if you want to make a change, you can make a change. But if you do the change, then it's directly applied on the network, and we don't want to do that. We configure and change the policy and routing. We only apply the changes in the night. However, with Fortinet, you need to configure and apply the changes at the same time. So, it's not useful for our operations.

With Fortinet, you need to duplicate the rules from the DMZ to the Internet and the Internet to the DMZ. In Check Point, you only use one rule, which works on both sites.

How was the initial setup?

The initial setup is really easy. You can do it in 30 minutes. Setting up an environment for a firewall and its management with a licensed demo took me an hour last week, and that includes the time for configuring the rules. The whole installation is 30 minutes and the configuration is another 30 minutes.

If you are implementing from another vendor, Check Point has a program called SmartMove. Then, all you need is the configuration of the previous firewall. Once you do some optimization, then you are ready for the integration. This might take a month overall.

What about the implementation team?

We consulted with one partner of Check Point, who is our provider. If the issue is really big, then we open a case with Check Point directly via the partner. My experience with them was really nice. It was the best experience that I had ever had.

They have amazing engineers. Their expertise is unbelievable. They do integrations really well. They could improve on routing and networking, but the product is what is important for me. 

What was our ROI?

The firewall is only for protection. It is not used to sell services.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing are expensive. If you compare it with Fortinet, then it is cheaper on a yearly basis. However, Check Point is the most expensive firewall right now in terms of licenses and its appliance. My recommendation is if you want a long-term investment, then you should use an open server. If you use an open server, then the latency is really low. If you pay for a full appliance, it's more expensive.

Which other solutions did I evaluate?

Check Point's web administration is not complete. If you compare it to Fortinet's web administration, Check Point's web administration is not nice. However, Check Point's full solution, including SmartConsole, is better than Fortinet's solution.

What other advice do I have?

If you use Apple computers or Linux, the product may not be a good choice for you.

I would rate the solution as a seven point eight out of 10. They can improve some things. They can make it more flexible in terms of its software. It is a good solution, and I like it. For me, it's the best firewall solution.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
PeerSpot user
Network Engineer at LTTS
Real User
Helps with security against upcoming and unknown threats and activities
Pros and Cons
  • "It secures my organization. With the application blade, I can make security as application based and the custom application is also very useful. With identity awareness blades we get insights on our local users who are accessing/passing through the respective rule as users. We also use the DLP, IPS, and VPN features."
  • "Our SAM rule is also not working to block the IP address which we don't allow in our organization so we have to create a traditional rule base block which is a time-consuming job for me and my team."

What is our primary use case?

I have been using this solution since the GAIA OS R77 was there. I am using it for my day to day access such as policy creation, policy modification, and also regularly policy disabling and deletion. I have 17K+ users in my organization, 100 + client to site VPN and I have a number of S2S as well. My daily job is health checkup, security log monitoring and incident management, daily IPS checks, threat presentation reports and to analyze the risk and take necessary action on that as well.

How has it helped my organization?

It secures my organization. With the application blade, I can make security as application based and the custom application is also very useful. With identity awareness blades we get insights on our local users who are accessing/passing through the respective rule as users.  We also use the DLP, IPS, and VPN features. We have multiple site to sites with our clients and it is very easy to configure and manage.

What is most valuable?

IPS helps with security against upcoming and unknown threats and activities. We regularly check the report and as per daily report we will check the risk and prevent each alert that is critical based on our business requirement and make it secure.

IPSec VPN is also our key feature as our organization having widely customer across globe so it is very good feature to us to connect and run our business with them very smoothly and softly. 

What needs improvement?

The unknown category has been a pain point. We cannot understand this category and the Check Point engineers are also stuck with it. If we enable HTTPS inspection then without this category my URL will stop working. This has a huge impact on my business. We are still running without HTTPS inspection even in a monitoring mode.

Our SAM rule is also not working to block the IP address which we don't allow in our organization so we have to create a traditional rule base block which is a time-consuming job for me and my team.

For how long have I used the solution?

I am using this solution for four years.

What do I think about the scalability of the solution?

This is widely scalable solution.

How are customer service and technical support?

I would say not much exp and not lower, average technical support. We are struggling in most of the cases.

How was the initial setup?

Very easy.

What about the implementation team?

In-house team and technical support team.

What was our ROI?

I would say it's complete ROI for us.

What's my experience with pricing, setup cost, and licensing?

Setup is easy, in my short tenure I have done multiple migrations and have set up our new organization. For cost and pricing, I don't have an idea.

What other advice do I have?

This is a very good and best solution as a perimeter device for NGFW.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Kirtikumar Patel - PeerSpot reviewer
Kirtikumar PatelNetwork Engineer at LTTS
Real User

I have very good command on Checkpoint NGFW

reviewer1392339 - PeerSpot reviewer
Network Engineer at a legal firm with 1,001-5,000 employees
Real User
It has a good IPS features, we haven't seen any security breaches
Pros and Cons
  • "The interface and the IPS intrusion prevention are the most valuable features of this solution."
  • "With the version we're on, it's a bit time-consuming if you have multiple IP addresses to add. But in the later versions, which we're moving to, it makes it a lot easier to add IP addresses with dynamic objects, as they call it."

What is our primary use case?

We use it for standard firewalls.

What is most valuable?

The interface and the IPS intrusion prevention are the most valuable features of this solution.

It's pretty straightforward to use once you get your head around it. It's fairly straightforward to use. 

What needs improvement?

With the version we're on, it's a bit time-consuming if you have multiple IP addresses to add. But in the later versions, which we're moving to, it makes it a lot easier to add IP addresses with dynamic objects, as they call it.

In the next release, I would like to have the ability to automatically add rules from the tracking log. I've used that in other firewall software whereby you can trace the logs, and from the log, you can add a new rule automatically. That would be a nice feature.

For how long have I used the solution?

I have been using Check Point NGFW for around a year. 

We're on R77 and soon to go to R80. They're virtual machines.

What do I think about the stability of the solution?

It is very stable. We had one issue recently where Check Point had made a change, and it took a lot of our connectivity down. But that was really a one-off, so that was a mistake on Check Point's side with their policy testing/QC control that affected lots of their customers. 

What do I think about the scalability of the solution?

I've not had to deal with scaling them but from what I understand, they scale to huge organizations.

We have around five IT engineers who use this solution in my company and five who work on deployment and maintenance.

It's used throughout the business, with around 1,500 users, so for all the traffic. We do not have plans to increase usage. 

How are customer service and technical support?

 I've used the technical support. They're very responsive, we usually get a response the same day. The advice they've given has been very good and the knowledge base articles that they send are also very good.

Which solution did I use previously and why did I switch?

In other companies I've worked at, I also used all sorts of firewall solutions including FortiGate, Cisco, and pfSense. Check Point is easier than Cisco but more complex than pfSense or FortiGate in terms of its features and management.

Check Point's push to make deploy policy changes is slow when you've made a change to then push it out to the firewall. It does take 10 minutes or so to push that change out, so it's not as instant as some of the other firewalls I've used.

What was our ROI?

I have seen ROI. There have been no complaints. We haven't had any security breaches, so it's been good.

What other advice do I have?

It's a good product. My advice would be to get some training or watch some videos on using it. You do need a bit of training on it. Initially, there is quite a steep learning curve.

My comfort level with it is on and off. I've been at my company for a year and I'm starting to get comfortable, but it's such a big product that unless you're using it all day, every day, you wouldn't master it. If that was all you were doing every day, then it would probably take you three or four months to get the hang of it.

I would rate Check Point NGFW an eight out of ten. It's not as easy as the other firewalls I've used but that's probably due to the large feature set.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer1396851 - PeerSpot reviewer
Deputy Manager (Systems) at State Bank of India
Real User
Generates extensive logs that help figure out issues but the packet mode needs to optimized
Pros and Cons
  • "Advanced logging capabilities: Check Point generates extensive logs which may be very useful to figure out the issues. Its logs also contain too much information which can be used to modify the policy as per user need and organizational security environment. The same can be used to figure out probable attack surface or necessary steps for mitigation."
  • "Management: Check Point should move away from its current architecture wherein it mandatorily requires a management server to manage the gateways. They should develop A feature in the gateway itself so that no management server is needed for policy and gateway management."

What is our primary use case?

Check Point NGFW is being used as a security product in the environment. It is securing the IT infrastructure and delivering the services as expected. In the current world scenario, IT is becoming the backbone for every organization, and most business is highly dependant on IT so securing the IT infrastructure is becoming challenging. Check Point NGFW meets the expectations of our organization to secure the IT infrastructure as per organizational need. Check Point NGFW also gives many security features in single box which reduce your management complexities.

How has it helped my organization?

Our organization's primary need is to make information available and secure from an insider as well as outsider threats. Check Point NGFW can give you lots of security features on a single device that can be used as per the organization's need, you not need to procure separate security devices to strengthen the security. The organization also provides services like service providers so it becomes more critical to secure the IT environment and we believe Check Point NGFW family is meeting the requirement as per the expectation.

What is most valuable?

Advanced logging capabilities: Check Point generates extensive logs which may be very useful to figure out the issues. Its logs also contain too much information which can be used to modify the policy as per user need and organizational security environment. The same can be used to figure out probable attack surface or necessary steps for mitigation. 

Anti-spoofing security feature: Check Point has inbuilt by default enabled feature of anti-spoofing which reduces the attack surface from the spoofed IP addresses. 

IPS: Check Point IPS is one of the best products in the market.  

What needs improvement?

Management: Check Point should move away from its current architecture wherein it mandatorily requires a management server to manage the gateways. They should develop A feature in the gateway itself so that no management server is needed for policy and gateway management. They should leave it to the user whether they want to procure a dedicated management server or run the show with the gateway itself. It will also reduce the operation cost.

They should also optimize the packet mode feature like Cisco’s firewall packet tracer wherein it tells administrators which policy or rule is processing the intended traffic.

For how long have I used the solution?

More than two years.

What do I think about the stability of the solution?

Check Point maestro is highly scalable, their other chassis base solutions are also scalable 

What do I think about the scalability of the solution?

If you choose Check Point maestro platform they you need not to worry about the scalability.

How are customer service and technical support?

They are very cooperative and supportive in nature. 

Which solution did I use previously and why did I switch?

We were using an ACL based firewall which was traditional and not meets the current security expectation. So to meet the advance security requirement product like Check Point is needed.

How was the initial setup?

It was straightforward.

What about the implementation team?

Check Point authorised partner had been involved in the migration to avoid any operation issue 

What was our ROI?

Hard to calculate.

What's my experience with pricing, setup cost, and licensing?

They should first understand their organization's needs and accordingly choose the product. In case if someone is not sure especially about sizing then they should use the Check Point maestro platform as it gives you the flexibility to augment the capacity on the fly without disrupting the existing running operation.

Which other solutions did I evaluate?

We have not evaluated any other option before Check Point. 

What other advice do I have?

Check Point gives you flexibility and eases the management with meeting organisation’s security need. But before choosing proper sizing has to be done.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
reviewer1026111 - PeerSpot reviewer
IT Security Manager at a retailer with 10,001+ employees
Real User
Enables us to deploy complex changes from a single management interface and get better visibility
Pros and Cons
  • "Check Point is able to satisfy almost any security tool for enterprise clients. This allows us to deploy complex changes from a single management interface, get better visibility, and significantly reduce operational complexity."
  • "I would like to see an improvement of built-in monitoring capabilities such as throughput. Practically visualization of CPview outputs into beautiful pink GUI will do it."

What is our primary use case?

*Perimeter Firewalls - to protect regional hubs and local offices from public space and provide L3-L7 filtering

*Internal Segmentation Firewalls - to secure company's internal network from movement of malicious actors and reduce traffic flows only to authorised ones

*Public and Private Cloud - to secure hybrid environment either onprem or in the cloud while achieving micro segmentation per host

*Cloud Compliance - to get a visibility into cloud environment and and related vulnerabilities 

*Data Center

*SaaS

How has it helped my organization?

Check Point is able to satisfy almost any security tool for enterprise clients. This allows us to deploy complex changes from a single management interface, get better visibility, and significantly reduce operational complexity.

I have to emphasize the value of Diamond support here where most senior engineers can provide great support with any challenges. Thinking out of the box, sense of responsibility, professionalism and much more - such an attitude helps to provide resolution to any crisis in the shortest term

What is most valuable?

With the new capabilities embedded into R80.XX flavor it is possible to achieve great flexibility while defining your security policy. It is possible to utilize a variety of objects to define static or dynamic criteria for inspection and reduce general rule base size and complexity, while not giving up on security

The security research team is doing a great job staying on top of ongoing threats and releasing fixes for ongoing attacks within days or sometimes hours.

Check Point always actively listens to its customers trying to identify emerging needs and satisfy them pro-actively

What needs improvement?

I would like to see an improvement of built-in monitoring capabilities such as throughput. Practically visualization of CPview outputs into beautiful pink GUI will do it. 

The monitoring of scalable solutions is quite tricky, but it could be relevant for all vendors who possess the same technology.

IPS fine-tuning may require some time to understand the interrelation between IPS protections, core Protections and other IPS profile elements. But in general, Check Point is on the way of great simplification of TP management

For how long have I used the solution?

Check Point products are being in use for the last 6 years.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2025
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.