Check Point NGFW Reviews

It's just enterprise firewalls, firewall clusters for redundancy to secure the company network from the internet, and as well as a data center firewall, for example, if you want to split up subnets to control traffic between them.

The management is very handy and intuitive, and it has a lot of features. I think it's one of the products in this market which has the most possibilities.

I saw some other firewall vendors or firewall solutions from other vendors. And maybe I like it because I'm very familiar with Check Point and the management of the Check Point gateways. So, probably, I'm just not aware of how other solutions work and how to use them. 

We also see or have a lot of customers with Palo Alto. That's also a solution we see a lot, but we have been a Check Point partner for more than seven or eight years since the beginning of our company. We have done a lot of research on firewall solutions. 

In our opinion, it's one of the best because the management is very handy. So it's easy to implement every possible configuration, and you have a good oversight of your rule set. 

If I compare it with Cisco Meraki, for example, if the rules grow, then it's very hard to get oversight or to have oversight over the whole rule set. So then it becomes hard to manage.

With Check Point, it's easy because even when you have 200 or more rules, it's still very user-friendly, and you can still quickly manage your whole rule set.

What I like about Meraki is the whole cloud-managed feature, where it can configure gateways in the cloud and preconfigure it as well. So I don't need to have access to the device or create a configuration in the cloud. 

And as soon as the firewall comes online connected to the internet, then it downloads its configuration from the cloud. I think Check Point does also have such a solution, but I'm not aware that it's as easy as Cisco Meraki. Sometimes it would be nice if they would have the same possibilities.

I have been using it for about five years now. 

I have not yet faced any challenges with performance or stability. Sometimes when we implement core firewalls, there are applications that have longer session timeouts than the Check Point firewalls in the default settings. 

Windows has a default session timeout for about two hours, I think, and Check Point's is one hour. So, it's not a performance issue, but the application will not run as well as before the security gateway analyzes and blocks traffic. So, it depends.

Scalability  is a very good point of Check Point's solution. They can scale very well and very large.

The technical support is also very well and specific. It's very useful to have technical support from Check Point.

Positive

I have experience with Nutanix Flow. It's also possible to enable training in Nutanix Flow where you can redirect the traffic to Check Point gateways. I think that's a very useful feature if you need layer seven traffic analysis and blocks. But I don't have any customers, or we don't have any customers, who use chaining. We also don't have any customers who use a micro-segmentation solution from Check Point. So, I'm not aware if they have a comparable solution like Flow.

For the initial setup, you need a good knowledge of the operating system, Gaia OS. It needs some knowledge to get started, but if you've done it once, then it's easygoing.

Normally, we check the customer's requirements. Then we start to deploy the gateway and start with a basic rule set so the customer is able to refine it for their needs. If we are in charge of creating a complete rule set, we will bring all the requirements into a concept and then create a rule set in a more suitable way.

Some customers have very basic requirements. If it's just to deploy the gateways, then it's very easy and quick. You just need maybe a few days and a maintenance window outside of business hours. But there are also customers who have a lot more requirements, like scanning or analyzing the traffic for subnets inside of the network. 

For example, a core firewall can be very time-consuming. You need to do a lot more research and concepts or write concepts on how to achieve that. That can take a few months.

For maintenance, you need to know what you do. It can be difficult if you don't know what you want to achieve. If you are not aware of network security, then probably it's not that easy, and you may run into configuration errors or mistakes. It's easy to manage, but you have to know what you do.

Check Point is not the cheapest vendor in the market, but it has everything you need compared to other solutions. So that's probably the main reason for the cost or the prices. I think it's probably on the same level as Palo Alto.

I would recommend Check Point to other users who are looking into implementing it.

I would advise others to compare or write down their requirements and have a look to see if Check Point is able to fulfill all the requirements.

Overall, I would rate it a nine out of ten.

My main use case for Check Point NGFW is to filter the whole infrastructure traffic, and we use it as the perimeter firewall for our data center.

Check Point NGFW helps me in my daily operations by managing traffic across almost 30 branches, and we utilize its SD-WAN features to communicate with other third-party companies through a VPN.

For branch communication, we use the SD-WAN feature of Check Point NGFW, and through the VPN, we establish a connection between our company and the third-party companies. Currently, we filter our traffic between the branch sites and third-parties, and access the internet through that exchange firewall.

The best features Check Point NGFW offers in my experience are its application identification and control capabilities, which stand out as we use them beyond Layer 3 communications.

The application identification and control feature of Check Point NGFW helps my organization by allowing quick responses to make decisions and segregate applications that need more attention.

Check Point NGFW positively impacts my organization as it has improved our security posture and made us less vulnerable to attacks compared to our previous status; we can easily filter URLs and enhance web security.

While we don't have specific numbers, we measure increased security through our ability to block malicious attacks, including phishing attacks, easily.

Check Point NGFW has a steep learning curve for starters; it's not easy to learn and is a bit complex to start from scratch.

Check Point NGFW sometimes has limitations on third-party integrations, requiring more specifics rather than being straightforward.

I have been using Check Point NGFW for almost two years.

Check Point NGFW is stable.

We scaled up Check Point NGFW about six months ago, and it handled that scalability fantastically.

Customer support for Check Point NGFW has been stable, even while we faced some issues.

Positive

I did not previously use a different solution; it was similar to Cisco ASA.

The initial setup with Check Point NGFW was a bit complex.

We have seen a return on investment with Check Point NGFW as we have reduced incidents from the previous setup.

My experience with pricing, setup cost, and licensing for Check Point NGFW is that the high subscription fees aren't easy to afford, and it's not recommended for mid-sized companies or businesses. The cost is a little bit high compared to other competitors.

Before choosing Check Point NGFW, I evaluated Cisco, but I didn't look into other options on PeerSpot.

I recommend Check Point NGFW to others looking into it because it's a good protective device.

From the vendor, I was not offered a gift card or incentive for this review.

Check Point NGFW is a fantastic product, and it is also easy to integrate with third-party devices.

On a scale of one to ten, I rate Check Point NGFW a nine.

My main use case for Check Point NGFW is perimeter security, and we use it on-prem.

I use Check Point NGFW for perimeter security specifically in our data centers.

The best features Check Point NGFW offers are centralized manage control and centralized load manage control.

The AI power enhances the features of Check Point NGFW.

The AI powered features provide real time threat detection.

Check Point NGFW has positively impacted my organization by improving security and reducing incidents.

We have seen a 2% reduction in incidents.

Check Point NGFW could be improved if support was better.

My experience with support has shown that there are delays.

I have been using Check Point NGFW for three years.

In my experience, Check Point NGFW is not stable.

The scalability of Check Point NGFW is satisfactory.

I find the customer support to be very challenging.

I would rate the customer support a seven on a scale of one to ten.

Neutral

Before using Check Point NGFW, I was using Dell SonicWALL, and we switched to Check Point NGFW because it is a better solution than Dell SonicWALL.

The initial setup with Check Point NGFW has been straightforward.

I have seen a return on investment with Check Point NGFW in terms of time saved and fewer people needed for operations.

My experience with pricing, setup costs, and licensing has been straightforward.

Before choosing Check Point NGFW, I also evaluated options such as Palo Alto.

I don't have anything else to add about my use case.

I don't have anything else to add about the needed improvements, as of now.

My advice to others looking into using Check Point NGFW is to go for it.

I think Check Point NGFW is a great product, and other customers should experience it.

On a scale of one to ten, I would rate Check Point NGFW an eight.

We use Check Point NGFW to provide more protection for our network from internal and external sources. I also work on creating checks, rules, troubleshooting, and generating daily reports.

Check Point NGFW makes it easier to handle and use the firewall efficiently. It helps protect our network from internal and external threats.

The firewall's default behavior of blocking all traffic, including a cleanup rule that blocks everything from external to internal sources, is highly valuable for protecting our network.

In the rule creation process, we need to decide on the source address, destination address, and services. There are improvements needed in this area.

I have used Check Point NGFW for one and a half years.

To maintain stability, I monitor high utilization and CPU usage, enabling and disabling connections as necessary.

Check Point NGFW is not scalable enough. However, it enhances performance with high availability, shifting to a secondary firewall if one fails.

When I can't resolve an issue technically, I consult with a senior engineer. I rate the technical support seven out of ten.

Neutral

I did not work with any other firewalls before Check Point. I am familiar with CCNA routing and switching.

The initial setup involves connecting cables, opening the IP address using a browser, and configuring the firewall. It takes about one hour.

Only one person is required for the deployment.

Check Point NGFW is very important because it is easier to handle and use.

I don't have information regarding the pricing, as it is considered an internal matter of the organization.

I did not evaluate any other options. I chose Check Point firewall based on my knowledge of CCNA routing and switching.

Check Point NGFW is easy to use, create rules, and take backups. It simplifies backing up and managing processes with click-and-go options.

I'd rate the solution seven out of ten.

Generally speaking, it's like any other NGFW. It's quite a versatile solution for many aspects. It's not like a separate solution for firewalling, but a separate solution for web access. It's just very convenient to have everything in one box. On the other hand, when you need something, like a very top-rank solution for very specific things, like network intrusion prevention or network intrusion detection as a component of NGFW, I would say it looks weaker compared to the well-designed solution for its purpose. It has the same issue as many other versatile or unified solutions, so it's really convenient.

From our point of view, including me and my colleagues, I would say it's really good that they have a lot of integrations with third-party companies. Integrations with third-party companies are really convenient. API offers many convenient ways to integrate with open-source solutions. It's very, very good when you have everything in one package and one bundle.

If you check each and every point from this part, you will find some flow in an area, or you will discover another flow in another area. It's unfortunate, and not a usual situation and it is not just for NGFW but for any other tool, making it a disadvantage where improvements are required.

For the next release, I would prefer the tool to be more flexible in terms of general deployments because some additional companies must be deployed as a basic one. For those who have been working with their solutions for a relatively short amount of time, it would be better for the tool to offer an adequate knowledge base, not just very superficial information, or maybe not too much in that spot, something like average stuff. The tool should be more flexible in terms of deployment, and a more adequate knowledge base should be available.

About the UI, it is hard to comment because it has been more or less the same for many years. Professionals have already been using the tool's interface for many years. From a contemporary angle, the tool's interface looks a bit outdated from a UI point of view. The UI has been more or less static in terms of changes for the last couple of years. People can get to the UI and work with it in a couple of months, but compared to any other solutions on the market, which are more flexible and more rapidly evolving, I would say that UI should be considered for improvement.

I have been using Check Point NGFW for two to two and a half years. My company is a partner and reseller of the solution.

For stability in high-load networks, I rate the solution a six to seven out of ten.

Scalability-wise, I rate the tool an eight to nine out of ten.

There could be some performance issues under the heavy deployments and heavy load, but generally, if you are talking about the general scalability, it is quite good.

The tool is suitable for large and very large enterprise businesses. From our company's practice, I would say it is meant for banks and financial institutions. It is also quite popular in heavy industries. I would say it has a more or less wide list. It is more or less very popular in banking.

The tool can be scaled up, but even despite high scalability, it requires a lot of extra companies to bear a high-load environment and high-load networks, making it a bit unfair, especially when comparing some of the numbers with the real-world statistics it likes too far from reality.

The solution's technical support is fine. I rate the technical support a nine to ten out of ten.

Positive

If ten means easy, I rate the product's initial setup phase a six to seven out of ten. It is not a plug-and-play solution. It requires much more skill and effort for the specialist to set it up properly. Even if there are any PoCs, you can easily discover the difference between the easy setup process and the more difficult setup phases, and I would say that Check Point falls under the latter category as it takes much more time and effort. Sometimes, it could be buggy, and you just need to fix some other firmware or software update.

The solution is deployed on an on-premises model for large and very large enterprises.

The time to deploy the solution depends on the stage because you can talk about the initial deployment or you can talk about the deployment, including the integrations. I would say that the integrations would be really time-consuming. For the initial deployment, I would say it is a couple of days if it is not really a large installation and a couple of weeks are needed for the initial deployment.

ROI is like an artificial point in connection to a solution like Check Point NGFW, and its numbers are quite questionable.

Suppose the company has too many different solutions from different vendors. In that case, it becomes a greater burden in terms of support and everything, especially in terms of management of these solutions. I would say that Check Point would be a good choice if they are planning to migrate. If it is something like a choice between one NGFW from a vendor and you want to move into the Check Point NGFW, it becomes a bit more tricky. It becomes really hard to say about the ROI because it is just like a different approach. If you are moving between a lot of different solutions from different companies, then ROI will be really good and attractive.

The tool's price is reasonable in case you are not using it in a high-load environment. If you are not expecting significant increases or peak increases in loading, it should be fine. If it is a really highly loaded VLE environment, and if you try to rely on the tool's official numbers, I would say you can put your environment and network in jeopardy because it becomes really unstable. For the last couple of years, the situation has changed, and it has become really tricky to understand why the tool's official numbers aren't aligned with real-world numbers, which is a big problem for the VLE customers because when they are just trying to consider their official stats and official scalability numbers, it might be tricky. VLE customers should have, like, a 20 to 30 percent extra, or else, at this point, it becomes much more expensive.

The tool's prices don't make any sense because we are not talking about MSRP prices for VLE. We are talking about the discounted prices, which could be a really, really huge gap between the MSRP and the discounted price. I don't think these numbers will highlight any beneficial aspect of the price for you.

There needs to be accuracy in terms of scalability. It should be well-designed, and if the customer does not have enough resources or their own resources, it is better to involve an adequate number of SIs. The system integrator will do the trick, and if a person is experienced, then everything can be really good in terms of the certifications, the statistics, and everything else. The system integrator should do everything properly, but it will be quite expensive, especially if we are talking about large and very large enterprises. For mid-sized businesses, it should be fine because it is less tricky, and even the normal specialized person on the customer side should be fine with using it, as it can be quite easy. In any case, scalability is a bottleneck here.

I rate the tool a seven out of ten.

Historically, the primary uses for these gateways were perimeter security and internet filtering. However, we now push all our internal traffic through the gateways for LAN segregation and to isolate obsolete operating systems.

Our isolated operating systems and LANs only allow specific traffic from a specific source to access them, making these critical production/business systems more secure. It's not a simple case of just replacing these legacy operating systems but replacing the industrial machinery that they control - which would require an investment of tens of millions of pounds.

Isolating obsolete operating systems wasn't in the scope when implementing the gateways originally. However, it has enabled us to secure Windows XP/Windows 7/2003/2008 machines which are end of support yet are still required to run industrial software and interface with large machines, which are not easy to replace.

Isolating machines and networks, along with SSL inspection, wasn't in scope when the gateways were spec'd. That said, five years later, they are still rock solid, and along with the Threat Cloud intelligence service, this ensures that our firewall is equipped with up-to-date threat intelligence, enhancing its ability to detect and mitigate emerging threats.

One of the strengths of Check Point Firewall lies in its granular policy management capabilities. We can define security policies based on a variety of criteria, including user identity, application, and content type. This level of granularity allows us to enforce security policies that align with our specific needs and compliance requirements.

One of the standout features of our Check Point Gateways is the user-friendly interface. Smart Console (management console) is well-designed and intuitive and provides administrators with a centralized hub for monitoring and configuring security policies. The web version isn't quite there yet, so to get the most out of it, the console needs to be installed, but it allows users to tailor it to their specific needs, and the menu structure is logical, making navigation a breeze for both novices and experienced administrators.

2FA on login would assist us with compliance however at the moment, it's not a major factor for us - yet may be in the future.

It would be nice to have comprehensive documentation and training resources that can help users and administrators better understand and utilize the full range of Check Point's capabilities. We ended up having to travel to London to sit through lots of training as we didn't find the information readily available.

Finding the costs associated with a particular blade can be challenging. This isn't specific to Check Point, but sometimes we need a ballpark cost quickly and don't have the time to speak to a reseller.

The company has been using Check Point gateways for around five years, myself about two years.

Hardware has been 100%; software has been slightly less as we had an issue where the gateways would failover. 

We run a pair of Gateways in HA mode, this solution has worked for us, and there have been no cases of downtime. Adding additional gateways should in theory be quite simple however for us there is no need.

Support has been quick to respond to any questions or issues.

Positive

The company used to sue Cisco Firepower. I wasn't with the company when switching.

The setup was straightforward; the implementation team went on the CCSA and CCSE courses.

We handled the setup initially in-house.

We ran these gateways for five years and will look to do the same with the replacements.

Work with Check Point's presale team and complete the scoping document. If you are an existing customer, use the CPSizeME. 

The company also evaluated Palo Alto.

We have run Check Point Security Gateways for five years and have had very few issues; they have been rock solid, and the hardware has been 100%.

The primary objective was to replace the Cisco ASA firewalls with Check Point NGFWs. In addition to their firewall functions, these NGFWs also provide features like Web Application Firewall and Network Data Security. We used this approach to consolidate security measures into a single, comprehensive solution, much like having a master key at the main entrance rather than separate keys for each window and door. This streamlines security management and ensures a more efficient and robust overall security strategy.

There are several crucial advantages to using Check Point NGFW including its ease of use, as it provides a unified interface for managing multiple security functions. It offers impressive scalability to meet the demands of a large organization and can handle substantial traffic. Its simplified management, enhanced remote support capabilities, and the ability to facilitate secure VPN connectivity for numerous offices and employees are highly beneficial.

The current model is predominantly hardware appliance-based, which can incur substantial costs. These appliances must be purchased separately, contributing to a significant investment.

Our most recent engagement with Check Point NGFW was a year ago when we implemented it for one of your financial sector clients.

The stability of the firewall has been exceptional, with very minimal disruptions. There was only one instance of downtime, and it wasn't attributed to any fault in the firewall itself or the hardware, but due to a configuration issue. I would rate it eight out of ten.

The scalability of Check Point firewalls is a notable strength. These firewalls can handle a substantial number of connections. For instance, they can manage up to one million connections on the NDSW server. Regarding its VPN capacity, it can support around 5,000 to 8,000 users per box, which is quite impressive. This scalability makes Check Point firewalls well-suited for organizations with high connection and user requirements. I would rate it eight out of ten.

Their support team has demonstrated an approximately 24-hour turnaround time, which is considered quite good. We have rarely needed to engage with Check Point support because most issues are resolved internally. Typically, we turn to OEM support only when we encounter challenges that are beyond our capabilities.

I also have experience with Fortinet and Cisco, both of which have made significant developments recently. They have introduced software-based firewall and system solutions, which have garnered attention from customers. This shift in the competitive landscape has led to changes in customer preferences, with more organizations considering Fortinet as a viable option for their security needs.

This process can be a bit complex at times, mainly because it depends on the specific client architecture and how they want to set it up.

The deployment process can be rated at about six in terms of complexity. Several factors influence this complexity, but getting the infrastructure ready is often the most challenging aspect. To successfully deploy, you need to account for downtime, ensure proper backups are in place, and ideally test it in a sandbox environment before going live. After deployment, thorough checks and adjustments are necessary. It typically requires at least two days of parallel operation, where both the new and old equipment run simultaneously. In an environment with no existing infrastructure to replace, the process is generally smoother. Deployment typically involves a team of 2 or 3 people working full-time for 4 to 5 days, equivalent to nine hours a day. Maintenance is handled by a networking team, which includes a Network Operations Center. The team consists of approximately eleven people managing various network components, including L1, L2, and L3 devices.

When considering a POC for a security solution, it's essential to assess the various use cases and functionalities it offers, such as NDSW which is particularly useful for protecting sensitive data. Check Point NGFW is not solely a firewall; it's a comprehensive security solution with various capabilities. It can address a wide range of security requirements, making it a valuable and versatile asset for organizations looking to enhance their security posture. I would rate it eight out of ten.

I do not use them, I just sell them, but customers are using them to protect on the edge and at the core.

It brings value to their clients as everybody is concerned with security. Firewalls are the first line of defense. Check Point's support is probably the best of the major players in that space. Check Point is more complex than the other players, but it is also more powerful.

A lot of the other players have a more robust best-of-suite offering versus the best-of-breed offering. Check Point's capabilities are limited from a firewall perspective. Other players are acquiring companies and offering add-ons like CASB or VPN-type capabilities.

I have had experience with Check Point Next Generation Firewall for seven or eight years.

Their code is a little bit finicky as of late, but that's just because they just released this product line.

It depends on what you're deploying. Maestro is more scalable than standalone firewalls.

The support depends on what support model you buy. Customers that have dedicated support teams get more attention than the traditional support, however, a lot of other companies are offshoring their support.

Positive

Cisco is not a true security company, but Check Point is where they grew up, so I think they are a little more mature.

The initial setup depends on the environment and can take weeks. It is not different than the rest of the players in terms of maintenance.

It's basic engineers, usually one to two people.

It is pretty difficult to determine ROI with firewalls because they are more of an insurance policy. However, it helps with security. The cost of a breach versus having some of these measures in place is the real comparison.

There is a lot of price parity between all the players. Everybody is within plus or minus ten percent. Check Point is probably more expensive than some of the other players out there, but it is incremental.

I evaluated Palo Alto and Fortinet.

I would recommend Check Point Next Generation Firewall to others. I would put them in the upper echelon.

I'd rate the solution nine out of ten.