Try our new research platform with insights from 80,000+ expert users
Anteneh Alemayehu - PeerSpot reviewer
Director, IT Infrastructure Management Department at Enat Bank S.C.
Real User
Top 10
Robust control and security that enables a comprehensive application management
Pros and Cons
  • "We can precisely determine who has access rights and who is granted permission, regardless of their connection point."
  • "Improvement regarding the expansion of the SMS's compatibility to include various virtualization environments would be beneficial."

What is our primary use case?

We use Check Point Next-Generation Firewall as a perimeter firewall. This means that all incoming and outgoing traffic from our premises is routed through the Check Point firewall. Within our configuration, we have activated several security features and licenses, including the firewall itself, site-to-site VPN functionality, application and URL filtering, Identity Awareness, threat simulation, and anti-bot protection. Additionally, we possess the license for the NGpX version, which includes extraction capabilities.

How has it helped my organization?

With our previous firewall solution from a different vendor, we were limited to basic firewall functionality without features like IPS and content filtering. With the implementation of Check Point firewall, we got a comprehensive set of features that enables us to gain clear visibility into how our applications behave and which areas we have control over. It allows us to monitor and manage application usage effectively while allowing us to filter and enforce rules in accordance with our organization's security policies.

What is most valuable?

The most invaluable features we have are content filtering and application control. These features operate seamlessly, thanks to the integration of Identity Awareness. Through Identity Awareness, we established a connection with our internal LDAP server, which enables us to exercise complete control over user access. We can precisely determine who has access rights and who is granted permission, regardless of their connection point.

What needs improvement?

We implemented our firewall in a clustered configuration with two gateways. We faced some limitations with the Security Management Server (SMS) application. The SMS functionality is restricted as it only supports specific deployment modes on virtualization environments like Microsoft Hyper-V and VMware ESX and Open Server mode. Our organization utilizes a different virtualization setup, and we couldn't obtain assurance from the vendor that they would provide support if we deviated from their recommended deployment methods. That is why we had to deploy the SMS on a separate server, which introduced additional complexity. Improvement regarding the expansion of the SMS's compatibility to include various virtualization environments would be beneficial. Also, when attempting to enable SSL offloading mode, we faced functionality issues. This feature should be enhanced to ensure seamless SSL offloading, without negatively impacting the core functionalities such as HTTPS and content filtering.

Buyer's Guide
Check Point NGFW
April 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
851,451 professionals have used our research since 2012.

For how long have I used the solution?

I have been working with it for more than three years.

What do I think about the stability of the solution?

Its stability capabilities are impressive. We have not encountered any issues. I would rate it nine out of ten.

What do I think about the scalability of the solution?

The scalability is relatively good, especially when considering its database capabilities. Our physical gateway hardware can comfortably handle up to nine units. When it comes to the monitoring appliance, such as the Check Point SMS (Security Management Server), it requires substantial resources. Due to limitations with supported virtual environments, we encountered challenges in expanding its capacity. I would rate its scalability 6 out of 10 since there is room for improvement in this area.

How are customer service and support?

We chose the Pro Support option, which has allowed us to automate many of the Security as a Service (SaaS) functions. This means that whenever there's an error in the gateways' flow, an SR (Service Request) is automatically generated and promptly communicated. The support provided has been exceptionally efficient, with quick and responsive assistance. I would rate it nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used the Cisco ASA 5525X version, but we found that its management and performance capabilities were distinct. Cisco retired some of its features, and the replacement version offered came at a higher cost for the features it provided. Consequently, we decided to transition to Check Point, which offered us a more favorable price point without compromising on functionality.

How was the initial setup?

The initial setup was easy. I would rate it eight out of ten.

What about the implementation team?

The deployment process took approximately a week and a half, and about half of the challenges we faced were related to the physical connectivity issues on our end. Despite those hurdles, the deployment timeline remained relatively swift. One critical aspect for anyone planning to deploy this solution is to thoroughly understand where it fits within the network architecture and how it should be physically connected. This is especially important when implementing clustering, as the physical connectivity can become intricate. It's essential to consider high availability and compatibility with other devices it will connect to, such as core switches or perimeter routers. Ensuring that these devices support the desired failover and reliability modes is key to avoiding complications. The duration of the deployment also depends on the expertise of the person responsible for it. In our case, we opted for professional services, which included on-site configuration support. If the person handling the deployment is familiar with the surrounding devices and network environment, one individual may suffice. If there are connections to devices from different vendors, and the configuring expert lacks expertise in those areas, I would advise involving additional personnel with the relevant expertise to ensure a smooth deployment process.

What's my experience with pricing, setup cost, and licensing?

It may be considered relatively expensive, but the investment is justified when compared to other competitors. Check Point's functionality and capabilities are notably strong. The cost of licensing can vary based on the prevailing exchange rates. In our case, we paid for the renewal in our local currency, but on average, it amounts to approximately $32,000 USD annually. I would rate it eight out of ten.

What other advice do I have?

It is highly commendable for its stability and performance. When deciding on the appropriate licensing option, it's important to carefully consider your needs. Opting for two-year or five-year licenses can provide cost savings through discounts. After it is deployed, those with experience using other next-generation firewalls will find it relatively straightforward to manage. It doesn't require significant additional effort, and users with a basic understanding of next-generation firewall features can navigate through the management and rule settings easily. I would rate it eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1963764 - PeerSpot reviewer
Network Engineer at Pevans EA Ltd
User
Good intrusion prevention and virtualized security with remote access VPNs for partner sites
Pros and Cons
  • "Check Point offers virtualized systems, making it easy to scale."
  • "Currently, upgrades are quite cumbersome."

What is our primary use case?

We've used the solution for perimeter and DMZ security as we host a website that is accessible online.

On the perimeter, we have Check Point acting as the entry point to our web server farm with load balancers. The access policy is configured with the least privilege, only allowing connections that are part of business requirements.

Intrusion prevention is enabled in prevent mode to detect and block well-known vulnerabilities and attacks. The device connects to Check Point's cloud for updates on signatures to new threats. 

We are peering with Partners via Site-to-Site VPNs for Services.

How has it helped my organization?

1. It's offering perimeter security to publicly accessible sites. There's better security at the edge and DMZ with the use of access policies. 

2. The activation of Intrusion Prevention Blades offers better security at the perimeter and between DMZ Zones. IPs also have prebuilt security profiles making deployments of IPS fast and efficient, and exceptions to the rule base are easy.

3. The use of a remote access VPN is used to connect to partner sites.

4. Check Point offers virtualized systems, making it easy to scale. Instead of buying new equipment, we have set up virtual systems for the DC and user networks.

What is most valuable?

1. Intrusion prevention. Preventing and detecting well know vulnerabilities to our publicly accessible systems is easy. Inbuilt predefined security profiles can be deployed out of the box.

2. Virtualized security. Virtualized products are used to provide more scalability and ease of administration to the network.

3. Identity awareness. Granular policies on the firewall are based on identities.

4. Site-to-site VPN. We can make connections with partners securely.

5. Reporting. Prebuilt reports that are already in a well-presented manner could be presented to management.

6. Access Policy and NAT rules base.

What needs improvement?

1. Complexity in upgrades. Currently, upgrades are quite cumbersome. I would prefer the click of a button and process upgrades.

2. Pricing. The pricing is quite high as compared to other industry firewalls (such as Cisco or Fortinet).

3. Documentation. They have to improve on providing more documentation and examples for certain features online. In other sections, it feels shallow and we could use more information and examples.

4. Complexity in system tweaks. There are some knobs that need to be tweaked at the configuration files on the CLI which can be considered complex.

5. Check Point Virtual Security. The features take a bit more time to be released as compared to physical gateways.

For how long have I used the solution?

I've used the solution from 2017 until now.

What do I think about the stability of the solution?

A word of caution, especially on new software: you might hit a couple of bugs. Therefore, the general recommendation is to wait for a few takes before upgrading to a major version.

With older versions it's stable.

What do I think about the scalability of the solution?

The solution offers high-performance devices ranging from small to big data centers.

Virtual Security offers up to 13 connected gateways helping with managed security.

How are customer service and support?

First-line support is hit or miss, and at times getting an engineer to assist on the call can take hours.

Opening tickets on the Check Point platform is ok with the first response depending on the workload of the engineers.

This is one place Check Point needs to improve.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Previously we were using Cisco ASA 5585. However, the performance was not reliable, and scaling would have been an issue.

We opted to go with Check Point, which could handle high performance and scaling was easier. Check Point also offered IPS features which were easier. Check Point also had better reporting and management tools.

How was the initial setup?

The initial setup was a bit complex since we were deploying virtual systems.

The interface configurations, access policy, VPNs, and NAT setup were easy. The complexity was in understanding how Check Point handles virtualized security instead of physical security gateways.

What about the implementation team?

The initial implementation was with the help of a vendor with good knowledge of the product.

What was our ROI?

It's used to protect the organization from security threats and provide connectivity to our applications which is the main platform for business. That's the ROI we've noted.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing for Check Point are high.

Which other solutions did I evaluate?

Due to experience with Check Point, we did not evaluate other options (like Fortigate or Palo Alto).

What other advice do I have?

Generally, Check Point is a good product with a lot of security features that I would recommend to any organization.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point NGFW
April 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
851,451 professionals have used our research since 2012.
Dhiren - PeerSpot reviewer
Network Security Engineer at Digitaltrack
User
Top 5
Good security and filtering with great next-gen firewall features
Pros and Cons
  • "I love the application filter, as the user cannot access any applications that are not relevant to them."
  • "They just need to improve the technical support and professional services in India."

What is our primary use case?

The primary use case of many organizations is to protect their environments from outside cyber threats across multiple layers of infrastructure. For example:

1. At a perimeter level, it protects the network at the parameter; many organizations use this firewall.

2. It provides scalability and seamless traffic flow in a network. 

3. It has all-in-one next-generation features, so many organizations save money using this firewall.

How has it helped my organization?

Check Point NGFW helps in many ways, including:

1. Using the application filter feature, I can block all the unwanted applications which are not used in the organization. Due to this, less bandwidth is used in the network. This leads to a cost cut in the ISP bill. 

2. With the help of URL filtering, I can block very easily. If this is not blocked, users may surf malicious websites or download malicious files.                             

3. Evaluation licensing helps us to conduct POCs and explain all features to customers. 

What is most valuable?

I love the application filter, as the user cannot access any applications that are not relevant to them. This reduces the likelihood that someone may access an application that contains a malicious link or file that the user may download, which in turn reduces ransomware attacks and DDoS attacks.

What needs improvement?

They just need to improve the technical support and professional services in India. We have received many complaints about them from clients and also face the same issue ourselves. 

For how long have I used the solution?

For the past one and half years I have been using Check Point Firewall for security.

What do I think about the stability of the solution?

We have a good impression of stability. 

What do I think about the scalability of the solution?

The performance is very good; there is no issue with performance.

Which solution did I use previously and why did I switch?

I've only deployed Check Point Firewalls and have used other older Check Point devices that reached EoL.

How was the initial setup?

The initial set up is simple. Users just need to run the wizard to set up, and they are done.

What about the implementation team?

I deployed the solution for many customers in the banking sector.

What's my experience with pricing, setup cost, and licensing?

Costing and licensing are high as compared to other OEMs.

Which other solutions did I evaluate?

I mostly work on Check Point; others which I have evaluated include Cisco and Fortigate.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
JayPrajapati - PeerSpot reviewer
Senior Network Security Engineer at a tech services company with 11-50 employees
Real User
Top 5
Easy to identify the logs and well managed because of the threat cloud architecture
Pros and Cons
  • "Another thing I like is that whenever we make changes on the firewall, we first need to publish them and then install the policies. This allows us to double-check the policies before they are implemented, which is helpful."
  • "We faced many challenges. For example, an issue with the managed view that Check Point has."

What is our primary use case?

Check Point is mainly used for internal communication. Our clients have multiple platforms, and customers use it for internal communications and protection, from the DMZ to the LAN to the DMZ, and also for MPLS connectivity with multiple branches. 

As I've seen, the customers also use it as a gateway for publishing their website. This is only for the perimeter, however.

What is most valuable?

It is very easy to identify the logs. It is also very well managed because of the threat cloud architecture. 

Another thing is that whenever we make changes on the firewall, we first need to publish them and then install the policies. This allows us to double-check the policies before they are implemented, which is helpful.

What needs improvement?

We faced many challenges. For example, an issue with the managed view that Check Point has. When clicking on a rule, we are supposed to have a full view of that rule and its log portion. This should show what's passing through the rule, what's coming to the rule, and all of that on a single pane of glass. Currently, the log isn't showing when we click on a particular rule. This might be an issue with an upgrade or something. Because of this, we can't implement anything on the live system; we only have a maintenance window every weekend, and it's hard to troubleshoot within an hour.

Another problem is that when we created around two lakhs of Check Point objects on the firewall, it became very slow.

For how long have I used the solution?

I have been using it for two months. 

What do I think about the stability of the solution?

It is not slow. But, we implemented two lakhs of objects on the firewall, and that caused the slowness. It can happen with all firewalls, not only Check Point.

What do I think about the scalability of the solution?

Currently, I work with enterprise customers.

How are customer service and support?

It was good. No issues with that.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I can recommend Check Point, Fortinet, and even SonicWall. 

I come from a system integrator background, we first understand the customer's requirements before suggesting a firewall. Sometimes we aggressively push SonicWall because the user's requirements are more aligned with SonicWall. That's how we propose solutions.

How was the initial setup?

It is very easy to install, not that complicated.

The complexity and time depend on the customer's requirements.

No maintenance: In the past two months, we haven't faced anything that required replacements on the firewall.

What's my experience with pricing, setup cost, and licensing?

Pricing is good. The price is very reasonable for enterprise customers.

It offers average pricing. Previously, I worked as a system integrator, and we faced some cross-product environments where Check Point was quite costly compared to the product we were working with.

What other advice do I have?

Overall, I would rate it an eight out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Director at a tech services company with 11-50 employees
Reseller
Reporting is quite easy and good, and you can see traffic in real-time but complex rule management
Pros and Cons
  • "The firewall scanning, like antivirus scanning and malware scanning, are very good. Blocking the user is also very easy."
  • "If you want to make a rule for a specific connection, like assigning some users to one ISP and other users to another ISP, you have to use another device, like a third-party firewall intervention."

What is our primary use case?

Mostly enterprise customers use it for their system security as their main firewall. For example, some customers have multiple backup connections, including fiber connections, for redundancy. 

They use Check Point as the main firewall, and others use it for email scanning and file scanning to detect any vulnerabilities.

What is most valuable?

The firewall scanning, like antivirus scanning and malware scanning, are very good. Blocking the user is also very easy. If you want to block a user, we can just do it within the solution.

The reporting is quite easy and good, and you can see traffic in real-time. But compared to Sophos, Sophos is still better. There are still areas in Check Point that need to be improved.

What needs improvement?

It's actually quite good, but the only problem we faced was during COVID when people wanted to work from home. 

We had to use third-party software to give users access because the Check Point option didn't work as expected. So we used Check Point in the front, but we used third-party software for the virtualization of the applications and everything.

When using redundant connections, sometimes there are issues like one connection going down and switching to another connection. Also, breaking rules can be complicated. 

For example, if you want to make a rule for a specific connection, like assigning some users to one ISP and other users to another ISP, you have to use another device, like a third-party firewall intervention and routing, to get the desired results. Other than that, it's good performance-wise.

For how long have I used the solution?

I've been working with Check Point for the past six or seven years. We always work with the latest version.

What do I think about the stability of the solution?

It's very stable. No issues there.

What do I think about the scalability of the solution?

It's scalable.

How are customer service and support?

Our clients have raised questions to technical support. They all have accounts, so we give them the login details. They send an email to support and get a support request. But normally, we try to handle everything on our own. 

If there's something we can't handle, like a firmware-level issue, only then do we get support from Check Point.

Which solution did I use previously and why did I switch?

It depends on the client requirements also. Some government agencies need Check Point, and some clients need others like Cisco or Sophos. After Cisco, a lot of clients have changed to Sophos. So, we provide solutions depending on the client's requirements.

How was the initial setup?

The initial setup is straightforward, just like any other normal firewall. 

  • Deployment strategy: 

The deployment process depends on the client. For example, if it's an existing customer with an existing firewall, we first see what their current requirements are from the existing firewall, what they need to implement but cannot, or what challenges they are having. 

Then we compare the features of the existing firewall and Check Point firewall, and we tell them what the rules will be, like incoming and outbound rules. We try to see what is the fastest way, without any downtime, how we can point or configure the checkpoint. 

Then, after that, we do the testing, because almost all of the offices need that. So, normally, once we set it up, we give them one month for testing. Normally, for a better line or something, we just use a certain IT department or a sub-department for testing. After that, if it's okay, we hand it over.

In a nutshell:

Requirement Analysis →  Feature Comparison  → Rule Definition → Testing and Validation → Phased Rollout → Client Acceptance

  • Deployment time: 

Normally, for a site, more or less, less than one month. It depends on the number of users. If there are a very large number of users, like 600,000, then it will take around one month or more.

  • Deployment resources: 

Normally, we have two technicians working. One is from the Philippines, trained in Sophos and Check Point. We don't need many more staff for the implementation.

  • Maintenance: 

It's very easy. Only the licensing. Every year, we have to pay, but sometimes clients talk about the cost. Also, very recently, there was a ransomware issue. The only issue is, for example, if it's ransomware, and it doesn't get detected by Check Point and gets infected from another source, we have to prove that it's not from the outside but from the inside. Because there are a lot of case scenarios like this, those are the things mostly.

  • Integration capabilities: 

Integration is a little bit challenging. It's much easier for integration with other applications and domains. When integrating with a domain, there are still some small issues. For example, when applying a group from the domain controller, we sometimes need to test a firewall and do some reporting. There are small issues like that for the integration of LDAP. Other than that, it's good. It can pull up the users and groups, but there are some minor issues when we apply them.

What was our ROI?

It's effective and good.

What's my experience with pricing, setup cost, and licensing?

Compared to Sophos and others, Check Point pricing is good for the current market.

Which other solutions did I evaluate?

In terms of features, Check Point and other firewalls are almost the same. There are no special or advanced features.

What other advice do I have?

I can recommend it to other people. Overall, I would rate it a seven out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
PeerSpot user
Network Administrator at University of Kelaniya
Real User
Top 20
Gives me peace of mind as we can now block BitTorrent and other high bandwidth downloads.
Pros and Cons
  • "The most valuable feature is the IPsec VPN."
  • "The Smart Dashboard and other user interfaces are very easy to use and can be handled without any significant IT skills."
  • "After introducing this NGFW, we have improved our security posture, and now, have peace of mind."
  • "Check Point Smart Dashboard does not support my Apple MacBook Air. It only supports Windows versions."

What is our primary use case?

We are a large University with more than 1000 employees across seven faculties and growing. Student population is more than 15,000 in-house and 30,000 external. The University of Kelaniya Sri Lanka primarily uses the Check Point 4800 device to protect users and servers. The product also enables the VPN with advanced security policies inside our network. This gives us a better security posture. Valuable features include a good VPN, IPsec, and SSL. We use Check Point 4800 as a perimeter firewall and our internet bandwidth expanded to 1Gbps.

How has it helped my organization?

We use it mainly for security and content control. Earlier, we could not block BitTorrent and other high bandwidth downloads from our firewall. After introducing this NGFW, we have improved our security posture, and now, have peace of mind. 

What is most valuable?

The most valuable feature is the IPsec VPN. The application and content filtering is perfect for our university. This device gives us alerts and reports on a daily and weekly basis. It gives us the opportunity to know what is going on. The Smart Dashboard and other user interfaces are very easy to use and can be handled without any significant IT skills. It allows for easy policy management.

The Check Point Capsule VPN is a great feature. It connects to our university in a few seconds.

It's easy to handle and manage. No need for significant IT skills to manage this solution.

What needs improvement?

Check Point Smart Dashboard does not support my Apple MacBook Air. It only supports Windows versions. Checkpoint does not support captive portal in IPv6. We had a big issue. Not solved yet by Checkpoint experts.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

Check Point is a stable product.

What do I think about the scalability of the solution?

No issues with scalability. 

Which solution did I use previously and why did I switch?

We used Cisco ASA 5510 as our perimeter firewall before purchasing this NGFW. It only had firewall features. We switched because we were looking for a strong gateway level security with attributes like antivirus, anti-spam, IPS, web content filtering, application control, and secure wireless access points.

How was the initial setup?

The initial setup was straightforward.

What about the implementation team?

A vendor team implemented this. They gave us in-house training for our staff. They are experts in Check Point and taught us well.

What was our ROI?

It has a great ROI. 

What's my experience with pricing, setup cost, and licensing?

Pricing is negotiable and competitive.

Which other solutions did I evaluate?

We selected the following brands and models by going through different reviews:

We requested that the vendors do a PoC. Check Point, SonicWall, Sophos and Fortinet agreed to run one. Finally, we chose Check Point.

What other advice do I have?

We are in the higher education sector in Sri Lanka. We produce graduates to our country and other countries.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sandun Fernando - PeerSpot reviewer
Sandun FernandoNetwork Administrator at University of Kelaniya
Top 20Real User

Check Point is the best suitable NextGen firewall for our University which has a large number of students. Smart dashboard and other blades are user friendly and it has no need for a high level of IT skill to manage these.

reviewer2516739 - PeerSpot reviewer
Systems Engineer at a tech services company with 11-50 employees
Real User
Top 5
Management is handy, easy to implement and good oversight of our rule set
Pros and Cons
  • "The management is very handy and intuitive, and it has a lot of features."
  • "Check Point could offer a cloud-managed approach similar to that of Cisco Meraki."

What is our primary use case?

It's just enterprise firewalls, firewall clusters for redundancy to secure the company network from the internet, and as well as a data center firewall, for example, if you want to split up subnets to control traffic between them.

What is most valuable?

The management is very handy and intuitive, and it has a lot of features. I think it's one of the products in this market which has the most possibilities.

I saw some other firewall vendors or firewall solutions from other vendors. And maybe I like it because I'm very familiar with Check Point and the management of the Check Point gateways. So, probably, I'm just not aware of how other solutions work and how to use them. 

We also see or have a lot of customers with Palo Alto. That's also a solution we see a lot, but we have been a Check Point partner for more than seven or eight years since the beginning of our company. We have done a lot of research on firewall solutions. 

In our opinion, it's one of the best because the management is very handy. So it's easy to implement every possible configuration, and you have a good oversight of your rule set. 

If I compare it with Cisco Meraki, for example, if the rules grow, then it's very hard to get oversight or to have oversight over the whole rule set. So then it becomes hard to manage.

With Check Point, it's easy because even when you have 200 or more rules, it's still very user-friendly, and you can still quickly manage your whole rule set.

What needs improvement?

What I like about Meraki is the whole cloud-managed feature, where it can configure gateways in the cloud and preconfigure it as well. So I don't need to have access to the device or create a configuration in the cloud. 

And as soon as the firewall comes online connected to the internet, then it downloads its configuration from the cloud. I think Check Point does also have such a solution, but I'm not aware that it's as easy as Cisco Meraki. Sometimes it would be nice if they would have the same possibilities.

For how long have I used the solution?

I have been using it for about five years now. 

What do I think about the stability of the solution?

I have not yet faced any challenges with performance or stability. Sometimes when we implement core firewalls, there are applications that have longer session timeouts than the Check Point firewalls in the default settings. 

Windows has a default session timeout for about two hours, I think, and Check Point's is one hour. So, it's not a performance issue, but the application will not run as well as before the security gateway analyzes and blocks traffic. So, it depends.

What do I think about the scalability of the solution?

Scalability  is a very good point of Check Point's solution. They can scale very well and very large.

How are customer service and support?

The technical support is also very well and specific. It's very useful to have technical support from Check Point.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have experience with Nutanix Flow. It's also possible to enable training in Nutanix Flow where you can redirect the traffic to Check Point gateways. I think that's a very useful feature if you need layer seven traffic analysis and blocks. But I don't have any customers, or we don't have any customers, who use chaining. We also don't have any customers who use a micro-segmentation solution from Check Point. So, I'm not aware if they have a comparable solution like Flow.

How was the initial setup?

For the initial setup, you need a good knowledge of the operating system, Gaia OS. It needs some knowledge to get started, but if you've done it once, then it's easygoing.

Normally, we check the customer's requirements. Then we start to deploy the gateway and start with a basic rule set so the customer is able to refine it for their needs. If we are in charge of creating a complete rule set, we will bring all the requirements into a concept and then create a rule set in a more suitable way.

Some customers have very basic requirements. If it's just to deploy the gateways, then it's very easy and quick. You just need maybe a few days and a maintenance window outside of business hours. But there are also customers who have a lot more requirements, like scanning or analyzing the traffic for subnets inside of the network. 

For example, a core firewall can be very time-consuming. You need to do a lot more research and concepts or write concepts on how to achieve that. That can take a few months.

For maintenance, you need to know what you do. It can be difficult if you don't know what you want to achieve. If you are not aware of network security, then probably it's not that easy, and you may run into configuration errors or mistakes. It's easy to manage, but you have to know what you do.

What's my experience with pricing, setup cost, and licensing?

Check Point is not the cheapest vendor in the market, but it has everything you need compared to other solutions. So that's probably the main reason for the cost or the prices. I think it's probably on the same level as Palo Alto.

What other advice do I have?

I would recommend Check Point to other users who are looking into implementing it.

I would advise others to compare or write down their requirements and have a look to see if Check Point is able to fulfill all the requirements.

Overall, I would rate it a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer98265120 - PeerSpot reviewer
Senior Technical Consultant at CDW
MSP
Top 20
Improves environments, has helpful support, and offer great compute power
Pros and Cons
  • "The Check Point appliances are considered NGFW devices and can process both the ASA and FTD requirements on a single instance, removing the requirement for an expansion SSD module and/or additional hardware."
  • "We'd like an option that can convert other vendors' NGFW configurations to supported Check Point NGFW config for ease of migration."

What is our primary use case?

The customer purchased Check Point 6200 Firewalls to replace their aging Cisco ASA firewalls on the perimeter of their sites. The Cisco Firewalls must be replaced due to insufficient capacity.

It is envisioned that the initial migration will be a direct replica of the ASA configuration, with the client expanding the solution post-migration, with Check Point NGFW features.

This project consisted of the following deliverables:
• Rule base is migrated like for like, in which ASA Firewall zone-based rules will be converted to Check Point Parent/Child layered rules.
• Firewall zones to be imported and reviewed post migration by client.
• NAT rules will be migrated “as-is”.
• Geo-location rules from FTD will be honored and mapped into Check Point.
• Client-based blacklisting will be migrated into the solution, using external feeds via URL.
• A single IPS profile consisting of a clone of the vendor's “out-of-box” balanced profile (optimized).
• 1X site-to-site VPN.
• Integration into Client’s Cisco ISE solution for RADIUS-based admin authentication.
• NGFW licensing and blades to be installed on firewall devices, to allow features to be enabled in the future and expand the solution.

How has it helped my organization?

The Client wishes for the ASA firewalls to be replaced with a Check Point systems solution, which consists of 6200 Plus Appliances. 

The initial requirement was to migrate the configuration in an “as-is” state, with the necessary licensing purchased and installed to enable expansion of the solution with next-generation feature sets in the future.

The solution was able to meet and exceed the client's requirements thereby improving the client's environment.

The management server is software-based.

Firewalls and licensing include:
• FW
• IPS

The solution provides a single pane of glass management of rules/logging.

The solution supports IPsec tunnels FOR 1X IPsec VPNs.

The solution integrates with the client’s Cisco ISE RADIUS solution for administrative access.

What is most valuable?

The compute power of the appliance is great. The Check Point appliances are considered NGFW devices and can process both the ASA and FTD requirements on a single instance, removing the requirement for an expansion SSD module and/or additional hardware.

What needs improvement?

We'd like an option that can convert other vendors' NGFW configurations to supported Check Point NGFW config for ease of migration.

Check Point configuration options can be very enormous and overwhelming.
Check Point comes with a very lean learning curve even though they offer a robust knowledge base. 

A lot of configuration cannot be accomplished via the web interface or the smart dashboard software and must be done manually via the command line interface.

I'd like to see some built-in automation for the firewall alerts/events to trigger an automated response or recovery.

For how long have I used the solution?

I've used the solution for three years.

What do I think about the stability of the solution?

The solution is stable with frequent version and management updates.

What do I think about the scalability of the solution?

The solution is highly scalable and expandable.

How are customer service and support?

The solution offers great customer support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used a different solution and needed more processing power and functionality which this had compared to industry competitors.

How was the initial setup?

The setup was straightforward yet third-party device migration contained a lot of manual configuration conversions.

What about the implementation team?

I implemented this myself.

What's my experience with pricing, setup cost, and licensing?

Pricing can be relatively more expensive when compared to industry peers, however, the functionality makes up for the price difference.

Which other solutions did I evaluate?

We also evaluated:

What other advice do I have?

This is a great overall solution.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Check point Partner
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2025
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.