Check Point NGFW Reviews

My primary use case of this solution is for the data center in the perimeter security. We configure all of our security features like anti-boot, antivirus, and filtering.

I think the most valuable feature is that the application and configuration were easy for us. When we need to do some work with the networks, configuration and deploying are easy - if I want to search for information, it is easy in the Check Point platform.

I think the price of this product could be improved - other solutions are cheaper in comparison. In the next release, I would like to be able to perform sandboxing to check email attachments and information sent through the cloud for viruses.

I think this solution is stable.

My impression is that the solution is scalable.

I implemented using a vendor team, whose performance was good.

I considered using Cisco before deciding on Check Point.

Check Point is easy for the configuration user. I would rate this solution as eight out of ten.

We use it for standard firewalls.

The interface and the IPS intrusion prevention are the most valuable features of this solution.

It's pretty straightforward to use once you get your head around it. It's fairly straightforward to use. 

With the version we're on, it's a bit time-consuming if you have multiple IP addresses to add. But in the later versions, which we're moving to, it makes it a lot easier to add IP addresses with dynamic objects, as they call it.

In the next release, I would like to have the ability to automatically add rules from the tracking log. I've used that in other firewall software whereby you can trace the logs, and from the log, you can add a new rule automatically. That would be a nice feature.

I have been using Check Point NGFW for around a year. 

We're on R77 and soon to go to R80. They're virtual machines.

It is very stable. We had one issue recently where Check Point had made a change, and it took a lot of our connectivity down. But that was really a one-off, so that was a mistake on Check Point's side with their policy testing/QC control that affected lots of their customers. 

I've not had to deal with scaling them but from what I understand, they scale to huge organizations.

We have around five IT engineers who use this solution in my company and five who work on deployment and maintenance.

It's used throughout the business, with around 1,500 users, so for all the traffic. We do not have plans to increase usage. 

 I've used the technical support. They're very responsive, we usually get a response the same day. The advice they've given has been very good and the knowledge base articles that they send are also very good.

In other companies I've worked at, I also used all sorts of firewall solutions including FortiGate, Cisco, and pfSense. Check Point is easier than Cisco but more complex than pfSense or FortiGate in terms of its features and management.

Check Point's push to make deploy policy changes is slow when you've made a change to then push it out to the firewall. It does take 10 minutes or so to push that change out, so it's not as instant as some of the other firewalls I've used.

I have seen ROI. There have been no complaints. We haven't had any security breaches, so it's been good.

It's a good product. My advice would be to get some training or watch some videos on using it. You do need a bit of training on it. Initially, there is quite a steep learning curve.

My comfort level with it is on and off. I've been at my company for a year and I'm starting to get comfortable, but it's such a big product that unless you're using it all day, every day, you wouldn't master it. If that was all you were doing every day, then it would probably take you three or four months to get the hang of it.

I would rate Check Point NGFW an eight out of ten. It's not as easy as the other firewalls I've used but that's probably due to the large feature set.

I am a Check Point distributor and the Next-Generation Firewall is one of the products that I am dealing with. My customers use this as part of their security solution that covers mobile devices, computers, their network, cloud, SD-WAN, IoT devices, IP phones, IP cameras, and others.

Checkpoint has provided Security to the entire data center. 

This is a feature-rich product and all of them are useful.

The most valuable feature is the Stateful Inspection, which was developed by Check Point.

The throughput is very good with Check Point. Checkpoint ThreatCloud is the largest threat intelligence database. 

Checkpoint management is a single pane of glass from where you can manage all the CP solutions from a single point be it on-prem or cloud or hybrid.

There is always room for improvement and CP Dev team is on right path.

I have been working with Check Point firewalls for more than five years.

This is a stable firewall. It is very good.

Scalability and throughput are very high. They have also launched a solution called Check Point Maestro, which provides cloud-level scalability on-premises. This makes it very scalable.

My customers use firewall products from several vendors, including Sophos. Sometimes they replace their existing firewalls, and at other times, they run Check Point in parallel.

The initial setup is very simple. This solution can be installed on-premises or on the cloud.

It takes between 30 and 45 minutes to deploy.

Our in-house team does the installation for our clients. We also handle support, depending on what level of support the client has. Sometimes, they go directly to the OEM.

Until earlier this year, the consolidated management was application-based and required installation. As of recently, they have launched web-based management, as well as cloud-based management. This is an upgrade that I had been waiting for because we no longer have to go to the dashboard. Instead, we just enter the IP into chrome and you get the dashboard on the web page, without having to install anything.

This is a very good product, although there is always room for improvement.

I would rate this solution a nine out of ten.

We use it to provide security in our organization. Check Point Next Generation Firewalls are designed to support large networks, like a telco environment.

Check Point has a lot of features. The ones I love are the 

• antivirus
• intrusion prevention 
• data loss prevention. 

Apart from that, there is central management through which we can integrate all the firewalls and support them. It makes it easy to manage all the firewalls.

It's also user-friendly and not very complex. Anyone can use it and the dashboard is quite good.

Check Point has notably fewer tutorials on Google. If I'm facing any kind of issue and I Google it, less stuff is available. 

Apart from that, the antivirus is less effective than its competitors' antivirus. The antivirus is good, but in other firewalls, such as Palo Alto, it's quite effective. Check Point should provide more output. Sometimes it provides comprehensive information and sometimes it doesn't.

I have been using this firewall for more than one year.

The stability is good. We've never seen any kind of issue with the Check Point firewalls. In very rare cases we go to their TAC, but we normally try to resolve the situation from our side.

They are quite scalable. They are designed to extend in large data centers and tech environments. They are designed to support the needs of large networks, and offer reliability and performance.

Check Point's technical support is quite good. It's quite helpful. We have never faced any kind of issue with them. Whenever we have an issue with the firewalls, we just raise it with them and they are quite supportive and quite technical as well. They provide a resolution on time and effectively.

Previously, I worked on Cisco ASA firewalls and they have a lot of disadvantages. They have a lot fewer features compared to the Check Point firewalls. We just started using Check Point as a firewall in our organization and they give us new features which are better than the Cisco ASA. With Check Point, the IPS is already configured in the box, unlike the Cisco ASA, and there are a lot of features which help us to provide more security for our customers. In our case, the customers are all employees of our organization.

All of these are reasons we switched to Check Point.

The setup is straightforward.

Deployment depends on the customer's architecture or network.

In terms of a deployment plan, we have different teams in our organization that support different business cases. After an implementation ticket is raised by the requester it goes to the planning stage, then it goes to the implementation stage and then it goes to the validation stage. The planning stage is done by the network security admins. The approval stage that is done by our managers and the validation stage is done by us, the network security admins. This is the process that we follow in our organization. Everything is documented.

We do the deployment ourselves, but if we face any kind of issue, we just raise an issue with their TAC.

The pricing is good. It's not so expensive. You can deploy it and it will do a lot of jobs in one package. It's a good choice compared to the other firewalls.

We looked at Palo Alto and the Cisco FTD Next-Generation Firewall.

Check Point Next Generation firewalls are very good. They have a lot of features in one box and they're not that expensive. They support a lot of features, including antivirus, data loss prevention, and the central management is very good. We can configure all the firewalls through the central management. They have many things in a small package. I would recommend them.

The biggest lesson I have learned from the solution is that it has a lot of features that I was not aware of. The dashboard is quite simple and it's not complex to use.

We make changes on this Checkpoint Firewall as per customer demand. If they want to add a rule on the firewall we do that, and if they want to remove something we remove it for them. If they want to change the position of some rules or to allow or deny any kind of traffic, we do that for them.

In our organization we have a team of 20 - 25 network security admins. Sometimes the network team will also implement changes and they are about 25 people. Sometimes we get  the help of our managers to approve the changes or validate whether the change has been implemented correctly or not. If I sum it up, it's a team of about 100 people who directly use the solution, and they also take care of deployment and maintenance.

We use Check Point NGFW as a perimeter NAT Gateway with the security features, it helps us to prevent hackers. We implement Check Point-based infrastructures for our customers. In most cases, this is the same perimeter gateway and internal segmentation firewalls. Many of our customers also using the VPN feature to organize remote access to the company's assets for employees, especially in the COVID period, and to connect their branch offices to the base infrastructure. Environments are differing from one out customer to another, but these are primary use cases. 

We catch much more malware and spam with incoming traffic, and now we are more protected with our environment. For our customers, this is always a surprise, when we are running a pilot project - how mush malware and attacks we catch during the two weeks period. Check Point has a great report called "Security Check Up", that show these results on informative charts. In our region, our customers use primarily local solutions, that has no good security features inside. Check Point has a certification there, which allows them to work in our region and make the world safer. 

AV, IPS, AntiSpam, Sandbox. That's gentlemen set for any basic security, and it was implemented very well. In our reports, the most exciting results belong to AV and IPS. It can be explained by using ThreatCloud - a global knowledge base, which accumulates signatures for all existing and new coming malware, and all the Check Point solutions are always up to date with potential threats. When we using sandbox with Sandblast agent, often there are not real-world exciting results, but when we show a solution in work with existing samples, it also shows good results. 

I hope for product simplification. It would be better to use one security console, instead of many of them (for licensing and monitoring). The solution is hard for newcomers and takes much time to deep in. Also, I want a historical graph for throughput and system resources usage. Maybe it will be great to make easy step-by-step installation and configuration cookbooks as Fortinet did, and integrate the documentation within the solution. In most cases, the solution works great and I recommend it for our customers.

3 years.

Everyone falls sometimes. I recommend using high availability or at least two power blocks. 

Nice, easy to connect and implement high availability.

Support is great, we solved cases with solution integrations easily.

We are using many solutions at the same time. Just to be closer to our customers. 

Initial is very easy. Further - harder.

In-house

12 months.

NGTP is easy and strong. If you need the best security - use SanbBlast in addition.

We always check security options before implementing them to customers.

Good solution - I recommend it. 

We use the product as a firewall solution for application control, defined rules and policies, and insights features.

The platform helps our organization to save working hours.

Check Point NGFW is easy to configure.

The product's technical support services need improvement.

We have been using Check Point NGFW for two years.

It is a stable product.

It is a scalable platform.

The technical support team could include skilled engineers to understand the issues and respond.

Neutral

We have used Fortigate before. In comparison, Check Point NGFW provides a more detailed configuration.

The initial setup is easy and takes 20 minutes to complete.

The product provides value for pricing in terms of performance and technical features compared to other firewalls.

I recommend Check Point NGFW and rate it a nine out of ten.

We primarily use this solution for routing and the protection of our internal corporate network.

The most valuable feature is the management using the Single Pane of Glass.

The user interface for management could be improved.

In the future, I would like to see support for SD-WAN capabilities.

I have been working with the Check Point Next-Generation firewall for four years.

I would like to see better stability in newly-released versions.

The scalability is very good.

Dealing with the support team in Israel can be a struggle because of the difference in working hours, holidays, and priorities.

I would with firewall solutions from several vendors including Palo Alto, Fortinet, and Meraki.

My advice for anybody who is implementing this solution is to ensure that they have good support from local experts. The biggest lesson that I have learned from using this product has to do with the capabilities of the smallest models. Care should be taken to select the appropriate one for your environment.

I would rate this solution an eight out of ten.

The Check Point NGFW is the best product that I have ever used. It has pluses and minuses, as do others, but the usability, simplicity, and the configuration abilities are very user-friendly. After a while, other vendors just don’t come close to it.

The second thing is that is just works and it does it with ease. The upgrades and bug fixes are frequent and well documented. Also, the patches just work ;-)

There are some negatives but as I already said, they aren’t many and from my point of view, we can see past them.

It has made our lives and working in the company a lot easier. We have a better overview of the logs and what happens with the traffic in our company. Which means that the search for the certain logs is easy, quick and smooth. The overview of the logs is also very good as it is very detailed. The installation is allot quicker as it was before what also helps us with the implementation of the firewall rules. The rule consolidation is also very important as we have more than 60 fw rule change requests per day.

The rules are very easy to deploy and can be optimized pretty quickly. The R80 has a great feature on how the rules are processed, which costs less in terms of CPU and threads than it did before.

The features that are integrated into the firewall are very useful for our everyday use. Examples of these are the log manager, the firewall monitor commands, and the Linux commands. These are all very useful and helpful.

The VPN tunnels are easy to set up once you understand how they have to be configured.

One of the main features that need improvement is the rule filter export. All of the other vendors can export the filtered IPS as a PDF or CSV file, but with the smart dashboard, it’s just not possible. One can only export the whole rule base and then search for the IPS, which is super time-consuming as you can’t send the whole rule base to a customer. You would get weird questions about certain rules, why they are deployed or configured as they are, and maybe even get unwanted tips on how to change them.

We have been using Check Point NGFW for eight years.

In terms of stability, this solution is very good.

The scalability is high.

The technical support is very good.

We did not use another solution prior to this one.

The initial setup is very easy.

I implemented and deployed Check Point NGFW alone.

Maybe the pricing is a bit high but you get the durability and the duration.

We evaluated Palo Alto and Cisco ASA.