Network and Security Engineer at BIMBA & LOLA, S.L.
User
Prevents attacks and phishing attempts and improves visibility
Pros and Cons
  • "The centrally managed firewalls are great."
  • "If you have the standard support level, sometimes they take a long time to understand or even give you a solution or good workaround to a problematic situation."

What is our primary use case?

The solution protects our internal network (traffic between VLANS) and also is used as a perimeter firewall in our on-premise and cloud environments. Also, we use functionalities such as IPS, ABOT, AV, VPN, and mobile access.

We have about 200 small branches distributed all over the world protected with 1,430 devices and connected via VPN to AWS Cloud Guard and Check Point firewall.

We also have endpoint protection in about 500 devices with firewalls, antimalware, antibot, anti-ransomware, threat emulation and prevention enabled, and also port control.

How has it helped my organization?

We have NGTX blades so that we have protection against known and unknown attacks (zero-day). In terms of protection, we passed from none to one of the most advanced protections in the market. 

Regarding endpoints, we can see a lot of prevented attacks and phishing attempts every day. We can see the whole solution running in our environment correctly.

We gained a lot of visibility of traffic patterns, destinations, and use of network (internal and external) resources due to the logs and views within the Smartconsole.

What is most valuable?

The centrally managed firewalls are great. We can save a lot of configuration time in configuration tasks. We have deployed about 200 devices in record time due to the fact that we use a unique policy for almost all of them.

Logs, Views and Reports are the most detailed compared to other vendors (FortiGate, etc.) We can see a lot of detail in the logs and also we can configure any report we need without any problem and in two clicks.

We can see that, for IPS signatures, we have updates every day, sometimes twice a day, so we see a lot of effort from the vendor. They really try to protect our environment from known attacks and vulnerabilities.

What needs improvement?

We try to not depend of the SMS application and leave it as a web application. Sometimes it takes a long time to authenticate and open correctly. It's a windows application, so you need a machine to install the application on.

If you have the standard support level, sometimes they take a long time to understand or even give you a solution or good workaround to a problematic situation. We had a problem in the past with a VPN blade that lead some devices to flap the VPN up and down. That case lasted 6 months as we were jumping between Check Point's internal departments in order to find a solution on our problem.

Buyer's Guide
Check Point NGFW
November 2022
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
655,113 professionals have used our research since 2012.

For how long have I used the solution?

I've used the solution for eight years.

What do I think about the stability of the solution?

We are very happy regarding the stability. In last year, we only have had three problems regarding software bugs or stability problems.

What do I think about the scalability of the solution?

They have a solution called Maestro where you can add devices in 10 minutes to scale the solution without doing a lot of configuration.

In our environment, we have a classic deployment so it's not as easy to scale; you need to do some configuration and have a maintenance window in which to do it. 

How are customer service and support?

We have the standard support service. I can't say anything too bad and nothing too good. It's normal. Regarding customer service at the local office, I can say that it is very good. They have helped us a lot in deploying some complex characteristics without cost.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We have Cisco, however, that's for networking and not security. 

How was the initial setup?

The installation was done by a partner, however, it was very straightforward.

What about the implementation team?

The product was implemented by a partner and their expertise was very good.

What's my experience with pricing, setup cost, and licensing?

There are a lot of licenses for almost every feature, therefore, it's possible to buy only the licenses needed and not a bundle that would have unused features. That leads to savings in costs.

Which other solutions did I evaluate?

We have evaluated FortiGate, and we saw that it was more user-friendly, however, some characteristics we needed in regards to complex VPN deployments were only available from Check Point.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
President at NGA Consulting, Inc.
User
Top 20
Outstanding protection with good web category blocking and easy log review capabilities
Pros and Cons
  • "I have not had an infected machine behind the firewall since I first installed and started using NGFW."
  • "I really want to see geo-blocking as a feature of NGFW."

What is our primary use case?

It's used for a small business network which needed additional protection and threat prevention, remote work capabilities, and excellent support. It's capable of handling multiple public IPs and directing traffic to the appropriate interfaces.  The solution can handle multiple ISPs for backup or aggregation of traffic. 

The environment consists of eight PCs and six other devices which need Internet access and which must be protected.  The ability to restrict traffic to specific network addresses as well as the ability to block malicious hosts trying to get into the network has been great.

How has it helped my organization?

Check Point's Next Generation Firewall solution was perfect for reviewing logs, providing an initial layer of anti-virus/malware protection, and providing the support, when needed, to ensure that the product remained up-to-date.  

The ease of searching through the logs for specific incidents is outstanding and very easy to understand. In addition, the categories for web content blocking have been helpful for setting base traffic standards, can block P2P networks, social media, and content not suitable for business.

What is most valuable?

The protection has been outstanding! I have not had an infected machine behind the firewall since I first installed and started using NGFW. I appreciate the network health reports, the infected devices report, they make my job a lot easier by providing the information right there in the interface. 

With the web category blocking turned on, I can set it and forget it so that inappropriate business content is not brought into my network, it makes it easier to ensure that time isn't being wasted on non-business-related activities.

What needs improvement?

I really want to see geo-blocking as a feature of NGFW. Way too many hacking attempts from other countries are coming from where we don't travel. In addition, would like to see the VPN use MFA easily, just as another layer of protection.  

Another area of improvement would be a click to block when there are attempted hacks. While the infected device blocking is a good start, you should block traffic from the originator of the traffic; it would be great to be able to do that with any traffic. 

Also, it would be helpful to set thresholds on attempts and then autoblock that traffic for X amount of time, or permanently.

For how long have I used the solution?

I've used the solution for six years.

What do I think about the stability of the solution?

I have not had any issues with the device for the past six years; it has just worked.  By that I mean that unlike some cheaper firewalls (consumer grade), the Checkpoint NGFW is enterprise grade, I never had to reboot the firewall to get traffic working again, I would just leave it up and running until a firmware upgrade was available and after the upgrade, the firewall would automatically reboot, but aside from those times, firewall was on 24/7.

What do I think about the scalability of the solution?

The solution is very scalable. There are a lot of different types of devices to choose from.

How are customer service and support?

Anytime I needed support, they've worked with me until the issue has been resolved.  I'd give them an A+.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used Watchguard, however, we needed better protection and also wanted to try out Check Point NGFW as I'd heard good things about it.

How was the initial setup?

The initial setup was straightforward. I just needed to figure out how to migrate policies (recreate them) from a different vendor to Check Point. It was relatively easy to figure out and there has extensive documentation available.

What about the implementation team?

We handled the initial setup in-house

What was our ROI?

Peace of mind is my real ROI.

What's my experience with pricing, setup cost, and licensing?

The pricing is a little on the high side, however, the protection afforded is worth it.

Which other solutions did I evaluate?

I did not evaluate other solutions. I previously utilized devices from Sonicwall and Watchguard.

What other advice do I have?

Do your research and size the appliance correctly.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: I am a user, but I am also a reseller of the products.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Check Point NGFW
November 2022
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
655,113 professionals have used our research since 2012.
Real User
Top 5
Good VPN and remote access functionality, efficient, and the logging works well
Pros and Cons
  • "Remote access with a secure workspace provides a clear separation between the client and corporate network."
  • "Interoperability with other vendors is not the strongest when it comes to setting up VPNs."

What is our primary use case?

Our primary use case is as a perimeter firewall for main and DR sites for a financial institution. It secures Internet access for users through IPS/AV/Threat Emulation/Application control and URL filtering with HTTPS inspection and geolocation restrictions. 

It secures our email and MDM solutions. 

We also use it to create site-to-site VPNs with vendors. Remote access is achieved through the use of a secure workspace and SSL network extender. Securing and inspecting HTTP traffic to our web servers is another important task. 

It secures several DMZs and segregates them from the rest of the network.

We use all of the security features available. 

How has it helped my organization?

It has helped us with controlling internet access, securing our external websites, and providing remote access that you can trust (secure workspace). The latter provides with a virtual Windows 7 desktop that only allowed apps can be initiated from. In our case, we launch RDP sessions from secure workspace. 

The latest version of the software is a big win overall, with major improvements in how the rulebase is scanned (it's not the top down classical rulebase checking, but a column based checking) and overall efficiency.

What is most valuable?

Remote access with a secure workspace provides a clear separation between the client and corporate network. 

Threat Emulation (sandboxing) is great for zero-day malware and it is easy to configure. 

Logging and administration are best-of-breed. You can quickly trace back on all sorts of logs in no time. 

IPS and AV rules are granular and specific for the rules that you need. 

The geolocation feature is good for dropping irrelevant traffic. 

Configuration through SMS is quick and easy. It eliminates administration errors while checking consistency before applying a policy.

What needs improvement?

I would like to have an improved secure workspace solution for remote access. I hear that the Apache Guacamole solution has been integrated into R81. 

The site-to-site VPN options are numerous, but they can get confusing. Interoperability with other vendors is not the strongest when it comes to setting up VPNs. It's totally different from any other VPN vendors I have come across. 

Improvements are needed in policy backups and reverting to the previous policy. This used to be better in R77.30. 

Policy installation tends to take a long time when the rule base increases in size, which can become frustrating. 

For how long have I used the solution?

I have been using Check Point NGFW for 10 years.

What do I think about the stability of the solution?

We have never had any unexpected crashes or issues.

What do I think about the scalability of the solution?

It should scale well as they now support more than 40 CPUs on a single system. 

How are customer service and technical support?

Our experience has been great, although we don't have direct support. This means that sometimes, it takes a while to get to the bottom of issues.

Which solution did I use previously and why did I switch?

Check Point is really the best NGFW I have come across and I have worked with many vendors including Cisco, Juniper, and FortiGate. It's a platform that a huge amount of research has gone into over the years. It has a great support community and clear guides to solve all sorts of problems and issues.

I didn't switch to Check Point, as it was always there. We haven't switched away from it over the past 10 years. 

How was the initial setup?

We always need some help on installs or major upgrades. 

What about the implementation team?

We have used several vendors and some are better than others. 

What was our ROI?

It is difficult to calculate ROI when it comes to security products. 

What's my experience with pricing, setup cost, and licensing?

The hardware cost is not huge, but you need to push for good pricing on software licensing and blades.

Which other solutions did I evaluate?

Check Point was implemented in the company before I arrived. 

What other advice do I have?

It's demanding for the administrator, as it takes years to get an in-depth knowledge of the platform. Otherwise, it is easy to use from day one.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PRAPHULLA  DESHPANDE - PeerSpot reviewer
Associate Consult at Atos
Real User
Top 5Leaderboard
Highly-skilled support, centrally managed, good sandbox features
Pros and Cons
  • "Check Point provides dedicated blades to monitor network traffic, which helps while troubleshooting network and packet-related issues."
  • "There are issues with stability while upgrading devices with hotfixes."

What is our primary use case?

In today's world, we can't completely rely on traditional signature-based devices, as technology involving cyberattacks is becoming more sophisticated. We require an all-in-one solution that can defend against newly-created attacks, necessitating the usage of NGFW firewalls. This is where Check Point comes into the picture.

Our environment contains multiple roaming users, where we have to extend trust beyond the organizational network. Not only is there east-west traffic to deal with, but a large volume of north-south traffic, as well. We are required to monitor all of the traffic, which includes many branch offices connected centrally.

Monitoring Data via DLP in such a scenario, we require a single solution, which is nothing but Checkpoint.

How has it helped my organization?

It has not only improved our environment but the entire organization. Adopting it brings better functionality.

Starting from the basic firewall blade to sandbox threat emulation and threat extraction, it works seamlessly to protect against both known and unknown malware.

After the version 80.xx migration, Check Point stability and security have improved tremendously.

Through the management server, it has become very easy to manage the configuration for each of the blades, as well as the day-to-day operations. With central management, it has become possible to manage endpoint devices as well.

What is most valuable?

Check Point has the best technical support, which I feel if we consider other firewall vendors in the market, is an important distinguishing point.

Stateful inspection is one of the strongest points in this product, which is applicable while creating policies for application and URL filtering.

Check Point provides dedicated blades to monitor network traffic, which helps while troubleshooting network and packet-related issues.

It is easy to filter traffic based on source-destination services, time, etc, which is an enhancement over other firewalls in the market.

What needs improvement?

Check Point fulfills our requirements but it is important that they stay on top of competitors by addressing certain points.

There are issues with stability while upgrading devices with hotfixes. For example, many times, a device will stop giving responses after an upgrade (observed in 80.10 release).

The rule database needs to be improved because when we apply rules for the destination, based on service and application and URL filtering Layer, the parallel lookup fails.

For how long have I used the solution?

I have more than three years of experience with Check Point NGFW.

What do I think about the stability of the solution?

Stability can be improved further.

What do I think about the scalability of the solution?

Scalability is excellent.

How are customer service and technical support?

Technical support is very good and provides the right solutions every time. They are highly skilled.

Which solution did I use previously and why did I switch?

We have seen many customers migrating their firewall from Sophos to Check Point, or from Cisco to Check Point. The main reason has been that they were not getting NGFW functionality and the security feature sets that Check Point provides.

How was the initial setup?

The initial setup is straightforward.

What about the implementation team?

I implemented it with the help of a vendor.

What was our ROI?

We are definitely getting most of the things that we expect from this product.

What's my experience with pricing, setup cost, and licensing?

Check Point is a vendor that listens to customers and determines what they want. Based on the requirements and the solutions offered by other vendors, Check Point will negotiate to try and give the customer the best price.

Check Point offers options and operates differently from other vendors with respect to licensing. Each blade requires that you have a license.

Which other solutions did I evaluate?

We also evaluated Palo alto.

What other advice do I have?

I think people like me love Check Point because in my experience over the years, I have not heard of a comprise where Check Point was protecting the network. As long as the devices are configured properly, this is a very small chance of being compromised.

In general, the NGFW features in Check Point fulfill our requirements, which is expected from a Cybersecurity firm that has been involved in the field for a long time. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: I'm working in company where we provide services to other customer.
PeerSpot user
IT Security Engineer at PricewaterhouseCoopers
Real User
Extremely reliable with a great SmartConsole and very useful Identity Awareness capabilities
Pros and Cons
  • "One ability that Check Point has is that it is the first to provide us with the ability to use identities instead of using the traditional IP-based format, which allows way more flexibility in what we can do with the rule base."
  • "Identity Awareness has been a massive source of problems for our deployment and the ability to debug it has been lacking."

What is our primary use case?

Our primary use case for Check Point NGFW is as our internal firewall within the datacenter to route traffic within it as well establishing our rulebase for part of our datacenter.

We have also implemented some other nodes as ICAP servers only. They have been a great replacement even though the installation was not the easiest.

They are the last line of defense (or first depending on how you look at it) within our perimeter and are therefore a critical part of our system within the company.

How has it helped my organization?

Check Point NGFW have been a real rock in terms of reliability (except for Identity Awareness) and we have not had any issues in terms of CPU or memory usage as our model might have been overkill with how well it is able to process traffic and how easy and unimpactful it is when adding new blades to manage this traffic

One ability that Check Point has is that it is the first to provide us with the ability to use identities instead of using the traditional IP-based format, which allows way more flexibility in what we can do with the rule base.

What is most valuable?

Identity Awareness has been an absolute gamechanger in how we've been able to create rules within the company. It allows us to give access to certain resources in very specific ways that were not possible before.

The SmartConsole is a very powerful interface compared to many other competiting products, which allows us to seamlessly go from watching logs, to modifying the rule base and easily find what objects are used where or even check which logs are linked to a specific rule

Logs are very well parsed when sent to Splunk.

What needs improvement?

Identity Awareness has been a massive source of problems for our deployment and the ability to debug it has been lacking.

The VPN setup is definitely way harder than it should be. The wizard or anything surrounding it doesn't allow for a quick setup without having to read documentation or actually getting a project with an external company

Our gateways have not felt like a day older than when we first got them, on the other hand, our physical management server Smart-1 has been definitely showing its age as it is sometimes quite long to do anything on SmartConsole when it decides to act up.

For how long have I used the solution?

I have been using Check Point since joining my current workplace - about 4 years ago.

What do I think about the stability of the solution?

In 4 years, we've only really had one big incident with availability that was due to a faulty network card, which was changed quickly once diagnosed.

What do I think about the scalability of the solution?

Since we chose a model larger than our needs, we aren't looking for a scalable solution.

How are customer service and support?

Customer service and support have been a bit hit or miss and it takes a while for escalation to happen, however, once it does happen, you get proper support right away.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I was not present within the company when it was decided to switch from one solution to another, and actually our previous solution was Check Point as well - and it was just reaching its end of support.

How was the initial setup?

I did not participate in the setup.

What about the implementation team?

We used a vendor team along with our in-house team.

What was our ROI?

I would need to compare it with other solutions used in our environment, which I haven't done.

What's my experience with pricing, setup cost, and licensing?

I'd advise users to only choose blades when they are absolutely necessary - unless getting a good deal with a package.

Which other solutions did I evaluate?

As mentioned, we switched from Check Point to Check Point.

What other advice do I have?

For the Identity Awareness setup, try to follow Check Point guidelines from the start as it is really capricious and hard to debug.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Systems Architect at PHARMPIX CORP
User
Excellent support, great remote access, and very good reporting capabilities
Pros and Cons
  • "The support offers the best services I have experienced. It's better than any other IT vendor."
  • "Internet load balancing provides either active/passive or active/active load balancing, however, I would like to see more options that provide SD-WAN capabilities while also allowing for more than two links."

What is our primary use case?

Currently, I'm working as a Lead Security Architect in the healthcare industry. We have two data centers, multiple branch offices, multiple cloud subscriptions, and over 200 employees. Our operation is mission-critical and requires it to be up and running 24/7. We need to protect multiple applications that are developed in-house, sensitive data including PHI, Financial, intellectual property, et cetera.

Check Point NGFW and its security modules have been our security solution for the past six years to protect all of our assets, including our cloud subscriptions.

How has it helped my organization?

Check Point Next Generation Firewalls are key components in protecting our assets and information. Their security modules are very easy to use and understand. Also, it's one of the most user-friendly interfaces I’ve had the opportunity to use and I’ve had the chance to work with more than four firewall solutions.

Their reporting and logs modules are amazing. It provides a level of detail and visibility that we haven't had before. It’s useful to understand what is happening on our network and has been very successful in blocking attacks and providing options for executive summaries. 

Being able to manage all the security gateways for our multiple sites in a single management console and share policies has been very beneficial.

What is most valuable?

The Remote Access VPN has been crucial to us, especially during this pandemic. We had to be on lockdown for a couple of months and being able to deploy a remote workforce with Check Point VPN was a crucial part of our business continuity strategy.

The logs and reporting are very easy to use and manage. Also, the IPS and IDS are critical components to keeping our network secure. They are very easy to configure and there are multiple templates that can be used out of the box that provides maximum protection to our network.

The support offers the best services I have experienced. It's better than any other IT vendor.

What needs improvement?

Check Point Firewalls haven't failed me during the past six years that I have been using them. 

If I had to mention anything that I would like to see some improvement on, it’s on the internet load balancing options. Internet load balancing provides either active/passive or active/active load balancing, however, I would like to see more options that provide SD-WAN capabilities while also allowing for more than two links. I know this can be performed with other network devices, however, adding the option as part of the NGFW would be awesome.

For how long have I used the solution?

I have been using Check Point for 6 years now.

What do I think about the stability of the solution?

I've never had a single issue on any of my security gateways.

What do I think about the scalability of the solution?

I haven't had the opportunity to scale, however, I have seen many demos of maestro architecture, and it looks awesome.

How are customer service and technical support?

As I mentioned before, Check Point support is one of the best services from any IT vendor I have experienced. They answer very quickly and also provide solutions most of the time within the first call.

Which solution did I use previously and why did I switch?

I have used multiple solutions in the past. We migrated from Cisco ASA to Check Point six years ago and have never looked back. Our old ASA required additional hardware components for additional security services.

How was the initial setup?

The product is very easy to set up.

What about the implementation team?

The implementation was performed by a vendor team in combination with our in-house security team.

What was our ROI?

My peace of mind is the ROI.

What's my experience with pricing, setup cost, and licensing?

Check Point is not the cheapest firewall solution, but you get what you pay for. It's super reliable and their service is great.

Which other solutions did I evaluate?

I had the opportunity to review Palo Alto and Fortinet.

What other advice do I have?

I'd advise other users to give it a try.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Network Engineer at Arvest Bank Group
User
Unstable with unreliable hardware and poor technical support
Pros and Cons
  • "The only area that Check Point still seems to excel in is their logging."
  • "Check Point's support, at all levels, needs a complete overhaul."

What is our primary use case?

Check Point firewalls are/were deployed in various parts of our network to achieve perimeter defense and internal network segmentation. 

In addition to the firewall functionality, each appliance also leveraged Check Point's IPS blades. The perimeter Check Point appliances were also responsible for terminating any and all site-to-site VPN connections with third parties. 

All traffic from remote locations, remote VPN users, and egress traffic to the internet is filtered through the Check Point equipment at some point in our network.

How has it helped my organization?

Check Point has not improved our organization. We have observed a sharp decline in the quality of both products and support. 

Over the last several years, there has not been a single week where we have not had an outstanding issue open with Check Point support's advanced tier teams. 

Initially, we had incredibly impactful issues regarding their scalable platform hardware (which is being discontinued in favor of Maestro) to the point we were forced to rip them out due to them being completely unreliable. 

Check Point support has also seen a significant drop in quality, despite my organization even being a Diamond Support customer with Check Point. We fully believe it would be a wiser investment of time to call Geek Squad rather than Check Point.

What is most valuable?

The only area that Check Point still seems to excel in is their logging. Reviewing logs on Check Point is a snappy and intuitive process that allows the end-user to filter down traffic to specifically what they're looking for very easily and even with little knowledge of Check Point. 

The ability to create filters on the fly in the GUI with simple clicks to various areas of the log is fantastic and allows one to find exactly what they're looking for with very little effort. Note that this is probably the only thing Check Point still has going for it.

What needs improvement?

Check Point's support, at all levels, needs a complete overhaul. The Check Point support staff aren't even shy about telling you how understaffed, underpaid, and underappreciated they are. Any engineer with a hint of talent is pulled from general support to higher tiers, and then, once they reach a level of competency above that of your average acorn, they leave for better-paying jobs elsewhere. 

My organization witnessed this first hand fighting through the lower tiers of support and working frequently with the scalable platform team. When we switched to Diamond Support we saw no significant improvement in support save for shorter hold times.

For how long have I used the solution?

I have personally used Check Point solutions for nearly ten years. My organization has used Check Point for 15+ years.

What do I think about the stability of the solution?

The solution is absolutely unstable. My organization follows vendor best practices exactly and has every deployment vetted by multiple levels within the vendor. Despite this, Check Point hardware has repeatedly proved unreliable at best, sometimes resulting in total outages for our company. 

Which solution did I use previously and why did I switch?

My current organization has used Check Point for the relevant past and is only recently completely switching vendors to Palo Alto.

What was our ROI?

All current Check Point hardware is destined for the recycle bin. There is a pretty low ROI.

What's my experience with pricing, setup cost, and licensing?

Most firewall vendors, Check Point included, make the selection of hardware easy enough based on projected usage. Likewise setup on many vendors in greenfield environments is simple enough and should not require professional services.

Which other solutions did I evaluate?

I was not involved with the initial deployment of Check Point in our environment as it was before my time. However, each subsequent deployment I have been involved in with Check Point was used based on the existing relationship. Once the issues became too impactful and we realized we had no hope of seeing any improvements we began efforts to rip out the existing Check Point equipment.

What other advice do I have?

Do not let Check Point's past success lure you into their current state of bottom of the barrel.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
President at NGA Consulting, Inc.
User
Top 20
Easy to set up with great technical support and offers helpful reporting features
Pros and Cons
  • "The event logs are relatively informative and can provide information on why traffic was accepted or rejected."
  • "Geo-blocking would be very useful. There are too many attempts to infiltrate by non-country users. I can block access by IP address or IP network, however, a country-level blocking would be more useful and much quicker to implement."

What is our primary use case?

We use it as a firewall solution with built-in VPN capabilities, anti-virus, and malware detection. It has good blocking abilities and is easy to set up and maintain.  

They allow VOIP traffic to pass through the firewall as well to onsite PBXes. The firewalls themselves are for SMB environments, with between five and 25 users at different sites and in different states.  

Employees regularly work from home, so a VPN solution is a necessity to allow for remote file shares and or/remote desktop through a encrypted VPN tunnel.  

How has it helped my organization?

With the added ability to have multiple VPN methods to connect, the solution has worked well for remote workers who are either utilizing the Check Point VPN client or the SSL VPN web client.

The throughput with full threat detection is adequate for the Internet circuit installed at most of the client locations and is in fact better than the previous firewall solution.

The support has been great whenever Check Point has been contacted. They help resolve an issue or explain how to perform some necessary action. 

For the most part, the NGFW is easy to understand and set up and there are, of course, advanced options if a non-standard problem arises.

What is most valuable?

The reporting feature has been helpful to get a quick understanding of network traffic and threats identified. Even if a false positive is identified, it's been helpful to perform more of a deep dive into what triggered the detection and to certify that there is a problem or that there isn't a problem.

Anti-virus and anti-malware on the NGFW device have been pretty solid and have caught many threats before they entered the network.

The event logs are relatively informative and can provide information on why traffic was accepted or rejected.

What needs improvement?

Geo-blocking would be very useful. There are too many attempts to infiltrate by non-country users. I can block access by IP address or IP network, however, a country-level blocking would be more useful and much quicker to implement.

It would also be nice to have a smaller home user device that could automatically contact the main firewall and establish a VPN connection. This would be great for remote users to secure their work PC at home.

On the front page of the appliance, it lists current threats identified. It would be helpful if clicking on the threat took you to the exact logs instead of showing all host logs as you still have to scroll through the host logs to find the information you are looking for.

For how long have I used the solution?

I have been using Check Point since 2016. It's been a little over five years.

What do I think about the stability of the solution?

We've had very few issues; the builds themselves haven't had any issues.

What do I think about the scalability of the solution?

The solution is very scalable; Check Point has a variety of NGSW devices that can scale with the user base.

How are customer service and support?

Support is excellent, quick to respond, and quick to provide a resolution to any problem.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used Watchguard. We switched due to the threat protection and we felt that Check Point did a better job of providing protection.

How was the initial setup?

The initial setup is straightforward and plug and play for a basic configuration to get you started. You can then begin building the NAT and policy rules, which are easy enough to do.

What about the implementation team?

We implemented the solution in-house.

What was our ROI?

The malware blocking capabilities more than paid for the cost of the device and license.

What's my experience with pricing, setup cost, and licensing?

I'd advise users to size their appliance correctly before purchasing it.

Which other solutions did I evaluate?

We did not evaluate other options. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2022
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.