Check Point NGFW Reviews

We are using Check Point Next-Generation Firewalls to protect and prevent our corporate network and infrastructure from attackers.  We are using NGFWs to filter unwanted and malicious traffic from the internet. Check Point NGFWs provide Layer 7 or application layer monitoring and detection. 

It is a stateless firewall which examines packets deeply and detects any malware or malicious URLs. It greatly protects our infrastructure by acting as a perimeter for our organization. 

Moreover, it has log ingestion and deep packet analysis capabilities. 

Check Point Next-Generation Firewalls improved the security posture of our organization by detecting, analyzing, and blocking unwanted traffic. It blocks any malicious files, processes and URLs due to having deep packet inspection and monitoring. 

Check Point firewalls not only detects anything malicious against it's signatures rather it analyses and monitors all processes running on different machines to detect anything wrong and then block those processes or URLs. 

Log storage gives us insights when required. 

Deep packet inspection, Layer 7, and application layer monitoring and detection are the great features of Check Point Next-Generation Firewalls. They greatly improve and protect an organization, its staff, and its resources. 

Check Point's SmartConsole is a great tool for admins as all firewalls can be centrally managed and all policies can be pushed as and when required by using SmartConsole. Log ingestion and threat hunting are also great functions in Check Point firewalls that enhances and improves a security posture. 

The SmartConsole to manage Checkpoint Next Generation Firewalls takes a long time to load and gets stuck sometimes. It could be due to a lot of rules and policies defined on the firewalls. However, SmartConsole software needs to be improved by having some more functions to make an admin's life easier. 

Log queries are slow and take time to load. 

Query functions need to be improved and should be quick to give the required information. 

There should be filters having drop-down options to use and select during log analysis. 

I have been using Check Point firewalls for more than two years. 

We wanted to deploy a specialized Next-Generation Firewall in our perimeter security.

The solution addresses the Security requirements at Perimeter Layer including:

1. Network IPS
2. Application Control
3. IPSEC VPN
4. SSL VPN.
5. Proxy

It was required to enable IPSEC VPN between our vendors across the world

We got positive responses on Check Point Firewalls from our vendors as well.

Our team addresses the regular audits with a Next-Generation Firewall, starting from configuration and application vulnerabilities to customized reporting.

We have planned to achieve many business use cases including IPS, Network AV, Content Awareness - Data Leakage Prevention, IPSEC VPNs between our peers, SSL VPN with Posture Assessment, and Web Proxy as well.

This solution addressed most of our needs but required multiple license subscriptions.

Below are the few Business use cases we achieved through Check Point NGFW:

1. SSL VPN with Security Posture Assessment
2. SSL VPN with In-build Multi-Factor Authentication Option (Certificate + User Credentials)
3. Content Filtering (Identity Awareness and DLP)
4. Forward Proxy with Web and Application Control
5. Enabling Anti-Bots and IPS

The SSL VPN with posture assessment helped us to remove the dedicated Standalone SSL VPN solution which was benefited both commercially and technically.

Anti-Bots and IPS enabled security on the network traffic.

Along with VPN and Proxy (Web and application control), we removed another standalone proxy for internal use and extended the content filtering to roaming users as well.

The security posture assessment with two-factor authentication has saved more time and commercial costs by avoiding deploying having to deploy another solution.

It took so many weeks to migrate our old firewall to Check Point after we did internal and external assessments on earlier setups and enabled multiple security features.

We had difficulty configuring the NAT. For example, instead of following A-B-C, we need to do A-C-B

Initially, we faced a few challenges with firmware. Later this was addressed with jumbo hotfixes.

We tried to create a single management software to manage the policies, view the logs, have a mobile access VPN, and do reporting.

Please concentrate on local services enablement for faster resolutions.

We have been using this solution since July 2020.

Initially, we faced a few challenges with the firmware. We later addressed this with help of jumbo and custom hotfixes. Later, it performed well.

The solution is scalable in terms of enabling the features and deploying management servers.

We would recommend they have regular feedback sessions with customers.

Neutral

We used another firewall that enables basic security features with lot of limitations.

We found the setup difficult in the earlier stages as our team used to work with another CLI-based solution.

Our In-house team handled the implementation. 

I'd advise users to validate the licensing model during the pre-evaluation period itself. It took a few days for us to understand DLP and Mobile Access Blades that had to be procured separately along with the NGTP bundle to address our requirements.

We evaluated Palo Alto and FortiGate.

We're using Check Point Next Generation Firewalls to secure the internal LAN network from unwanted threats and for protecting the environment for business use.

The most valuable feature is the central management system through the Security Management Server. Apart from that, the graphical user interface helps us to do things easily.

The frequency of the antivirus updates which we get for Check Point firewalls should increase. They should be of good quality compared to the competitive firewalls on the market. They should give us stable antivirus signatures. That is an area in which they can improve.

I have been using Check Point's Next Generation Firewalls for the last three-and-a-half years.

These firewalls are very stable and, apart from the antivirus issue which I mentioned, everything is stable in them. The best thing is that they are the most advanced firewall on the market.

Per my experience, it is very easy to scale these firewalls, because they are combined with the central management point. It is very easy to push the same configuration to different firewalls at the same time. It does not take much time to extend usage.

We use them throughout our organization. Currently we have used them for around 50 percent of our needs and there is definitely a room to grow. In the future we will definitely try to increase usage, if it is required.

We have had a good experience with the Check Point support guys. The solutions they provide are very straightforward and are provided quickly.

I used Palo Alto firewalls. Compared to Palo Alto we are happier with the Check Point Firewall features. Key differences are the ease of operating Check Point firewalls and the use of Linux, as we are all trained in Linux. It is easier for us to work on the ELA of Check Point firewalls. And Check Point's support is good.

Check Point is the best firewall we have found for our organization so we went with it.

In our company we do setup of Check Point firewalls very frequently because we are a growing company and we are required to do them on a fresh basis for our new branches.

The initial setup for these firewalls is straightforward. There's nothing complex about Check Point firewalls. They are easy to install and configure. We have cloud-based VM firewalls. We configure them in our environment. It is easy to access them and it is also easy to implement the changes on them.

Deployment time depends on the condition and the space of the organization. In our case, it requires three to six months for the setup phase. We have the same implementation strategy for all our branches, which is very simple. It is a three-level hierarchy which is recommended by Check Point. We use the SmartConsole, we use the Security Gateway, and we use the Security Management Server.

In my organization there are six people who have the access to the Check Point firewalls. Two of them are network administrators and four are managers.

We are happy with the return on investment from the Check Point firewalls. We are happy with the features and with the protection they provide us.

The licensing part is easy for Check Point firewalls. You just purchase the license and install it on the firewall. The pricing is a bit high, but obviously it gives you advanced features. If you want to buy the best thing on the market, you have to pay extra money.

When implementing the product, follow the recommendations which Check Point provides. Follow the backup for the firewall so that in case of an issue, you have a secondary firewall active.

The biggest lesson I have learned is that there is a scope of improvement. Companies that are improving and providing updates frequently are growing more. In addition, improving support is a very key part of things. Check Point rates well on all these points.

It's an on-prem deployment where we use it to protect our client and end-users who are working with the internet, and to protect their servers from external access. They have about 100 users and two servers.

When we did not have SSO, we had problems related to attacks compromising our firewall. That has been mitigated. We have the traffic going through the firewall to the server, so those types of things have really improved. We are seeing less traffic going to the server. When there was direct access to it, there was more and more traffic going to our server. So it has improved our server performance.

My favorite feature is the UTM piece and that was the main reason we bought it. It helps us to fine tune the network. We use it to block certain websites, to block access to particular locations, such as in Singapore or say Malaysia, where we have offices. We keep the previous device updated and, based on that, we also have static MAC address binding.

We also use the VPN services. The VPN features are mostly for our cloud connectivity and for our remote users to have local server access.

When I was creating the VPN on it and the client side through the portal, that feature was very annoying. I could not use it. It was much more usable after downloading it to the laptop. That was very good compared to using it directly from the browser.

I have been using Check Point NGFW for almost two-and-a-half years.

It's a stable solution. In the time I have been using this product, I have hardly seen anything break.

In terms of scalability, they have products that can fit into the environment. It's a very scalable solution. For our requirements, it fits very well. You can go with whatever kind of setup you want: Active-Passive, Active-Active. Check Point is very easy. Their solution is ready for our market; it's very well suited. Wherever we want to go, Check Point can provide a solution.

Currently, we are using somewhere around 50 to 60 percent of the box's capacity.

Sometimes, when I have gotten stuck, I have reached out to support and it's okay. They have helped me very quickly.

We did not have a previous solution. We went directly with Check Point. We liked the features provided by Check Point and we went for it.

The setup is not complex. It's easy to deploy. The documentation provided is very good. Deployment takes me two to three days. The hardware takes one-and-a-half days and then I get all the features up and running.

We have a standard implementation strategy. We have a checklist. We plan it out. Then we go into the field for the deployment. We have one dedicated engineer for deployment, and I also check it on a regular basis. The two of us are also the ones who manage the solution.

We have to consider things, cost-wise, when we are expanding into other locations. We don't have the budget to use it in other platforms. We have some servers that we deploy in AWS and other locations. But instead of going with Check Point, we go with other vendors to fit into the budget.

Check Point is really costly. When it comes to the Indian market, where we are located, we always consider budget solutions. So this is an area where Check Point could use some improvement.

In addition to the standard fees, support is an added expense.

The biggest lesson learned from using this solution is in terms of security. It is a really good product. I don't think there is anything missing from the Check Point firewalls. The features provided by the company are very good and provide what we need.

It's a very good security product, as long as you have the budget. It provides modern security and the architecture Check Point provides is good. And the application side will really help any size of business to deal with traffic based on the application.

We use the solution for network security, perimeter security, DMZ, antibot, antivirus, endpoint protection, email security, sandblast, and DLP. The environment is a multi-environment and consists of multiple networks, segmented and managed by a management server. These firewalls protect the network, external and internal. 

We are also protecting several customers and it allows remote access connection from anywhere in a secure way.

There are also site-to-site VPNs with different customers, vendors, and cloud providers, using the highest security encryption algorithms.

The organization is more secure. These firewalls work as expected. We have a perimeter and network segmentation well defined and firewall features and blades like IPS, Identity awareness, antibot, antivirus, threat prevention, endpoint security, and DLP, all allow the organization to have most of the security components centralized which allows for easier maintenance and monitoring. 

In relation to the monitoring, Check Point has tools that allow the administrator to track the traffic, and identify threats, attacks, and also check the forensics to understand what happened in case of a breach and ensure it won't happen again.

The most valuable elements include:

Smart View Tracker: To check the traffic logs easily. This is the best logging tool for me so far. You can identify almost everything from the logs, using a smart view tracker.

Smart Dashboard: allows for rule creation and administration and management and is user-friendly. The administration allows you to copy and paste rules, move the order, and create objects, pretty easily. It is very handy.

CPUSE: A Smart way to upgrade firewall software versions. You can easily verify if you can upgrade to the desired version, download the right package and upgrade, and also check the status of the upgrade. It's a great tool.

Error logs can be more specific. Sometimes the error shows only a general error and the solution could be hard to find or difficult to apply. 

Documentation can be improved. It has been improved, however, when you search for errors, in relation to documentation and how to solve it, sometimes it is not that simple to find the right solution. Troubleshooting errors could be sometimes difficult and some tools are only available for the Check Point support team. 

The price is also a factor to take into account. Other competitors offer low prices in relation to Check Point and the executive team may opt for the cheapest vendor (if you have to compare to another good one yet note a cheaper price).

I've used the solution for ten years.

The solution offers good scalability.

The solution offers good customer service and good support.

Positive

I have been using Check Point since the beginning.

The initial setup is straightforward.

We handled the setup in-house.

The solution is super stable.

The pricing could be better, however, the vendor is excellent and I strongly recommend it.

I did not evaluate other options.

We currently use Check Point's firewall for our data center. We use Check Point firewall for providing the first layer of security to web application servers and intranet servers. It is robust and easy to upgrade, which makes it less stressful for the administrators. Its failover clustering option also works seamlessly.

The Check Point firewall is used to secure our environments. It also allows us to set up tunnels between our various sites.

We use it for the publication of services, as well as a notification system that reports on user behavior and unusual traffic - both within and outside of the network. 

Over the years, we have experienced various types of attacks on our company, and, without the help of the Next Generation CheckPoint Firewall, we would have lost.

The spoofing feature helps us to prevent various attacks in our organization.

The firewall policy designing and implementation allow for inline policies that make for clearer teaching on the correct use of policies as well as a more readable list. We can also run policies with two or more people simultaneously without problems or the risk of developing the wrong policy.

The initial sizing is not a problem. You can easily add more resources if needed. Reliability is a major factor in any hardware or software solution, and Check Point uses cutting-edge hardware. Their software upgrade process is flexible for different deployment requirements. 

Their threat analysis reporting in their management console is comprehensive and easy to use. The web-based dashboard is well designed and offers a wide variety of out-of-the-box reporting. It offers admins extensive customization.

The list of site-to-site VPN configuration options is long. They can become confusing and communication with other vendors when deploying VPNs is not the strongest. It's totally different from any other VPN vendor I've encountered.

It lists the current threats identified on the appliance's front page. It would be easier to find information by clicking on the threat and clicking the exact logs, rather than all host logs.

The smart console is heavy. It would be better if it was like the web-based consoles that Palo Alto and Fortigate FW offer.

I've been using the solution for more than a year.

The user interface is very good.

The level of security is excellent. It protects our organization well.

It's a good overall product and we have a high level of satisfaction with the features on offer. 

Technical support could be improved. It's hit or miss in terms of the level of service and getting the answers you need.

I've been using the solution for ten years. 

We have hundreds of users that use the solution currently within our company.

We aren't 100% satisfied with technical support. Sometimes you get the help you need and sometimes you don't. Sometimes it's absolutely amazing. Sometimes they're great. However, you can't rely on them being like that all the time. We'd like the service level to be more reliable.

I can't speak to the installation process, as it was handled by an outside firm.

We had an integrator that assisted us with the implementation. 

I'm a customer and an end-user.

I would recommend the solution to other organizations especially if the company is looking for a certain level of security.

I'd rate the solution at an eight out of ten.

We use Check Point NGFW for perimeter protection of our network from the internet. We also use it for threat protection at the network level and the endpoint level.

We provide implementation, installation, and support services. We know about all types of firewalls, and we work with all types of installations. We usually use appliances, but in test environments, we use virtual appliances.

It is easy to use, and its management is the best. Check Point has a great unified management solution for firewalls and security products. 

Their technical support can be better. In addition, when we need to use it in a government environment, we face a lot of legal issues related to different types of certifications. It would be better to improve it for these issues.

Check Point doesn't have a SOAR system. They work with Siemplify, but it is an integration with another vendor. It would be great if Check Point has an integrated SOAR system.

We have been dealing with Check Point firewalls in our company for more than 20 years.

It is quite stable, but it can vary based on the version.

It is scalable. We can use the Maestro solution from Check Point for scalability. We can add new appliances as the company grows. If we need more performance and throughput, we can add additional appliances and have more performance. Check Point Maestro is the best solution for scalability.

Their technical support can be better.

Its initial setup is easy for me. The deployment duration varies. A simple deployment takes two or three days. A complex deployment that involves a cluster configuration or appliance replacement can take up to five days.

Its price is reasonable. If we compare its TCO for three years, it is more reasonable than some of the other vendors such as Fortinet, Palo Alto, etc.

I would recommend this solution. It is a great solution for endpoint protection and threat prevention. I have been working with Check Point products for a very long time. Check Point is one of our best vendors, and they make great products. 

I would advise others to learn about firewalls and other Check Point solutions. They have a lot of different solutions. If you choose their firewall, it would be useful to know more about other solutions. It would be one of the ways to improve the protection of your network with Check Point.

I would rate Check Point NGFW a ten out of ten.