We primarily use Check Point NGFW for network segmentation and traffic control. It effectively segments our network into zones, allowing us to manage and secure traffic flows between different segments.
Defense protection study manager at Ministère de la Défense
Reliable platform providing ease of management
Pros and Cons
- "The interface allows us to quickly adapt to new security requirements and maintain compliance with organizational policies."
- "The platform's technical support services need enhancement."
What is our primary use case?
What needs improvement?
The platform's technical support services need enhancement.
What do I think about the scalability of the solution?
The product is highly scalable and crucial for our large-scale deployment needs. Its scalability is a ten out of ten.
How are customer service and support?
The technical support is generally responsive, although there have been occasional delays in accessing specialized assistance tailored to our needs.
Buyer's Guide
Check Point NGFW
June 2025

Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
857,028 professionals have used our research since 2012.
How would you rate customer service and support?
Positive
How was the initial setup?
The deployment was handled by dedicated experts within our organization, ensuring a smooth setup. While I didn't oversee the technical aspects directly, our team found the process straightforward, minimizing operational disruptions.
What was our ROI?
The product is on the higher end of the cost spectrum, but the investment is justified by its high-quality performance and reliability, which are paramount for our security infrastructure.
What other advice do I have?
Check Point NGFW has consistently provided stable operation which is critical for our organization's security needs.
Managing firewall rules and policies is intuitive and efficient. The interface allows us to quickly adapt to new security requirements and maintain compliance with organizational policies.
I highly recommend it for organizations seeking robust network security.
Overall, I rate it an eight.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Senior Technical Consultant at CDW
Improves environments, has helpful support, and offer great compute power
Pros and Cons
- "The Check Point appliances are considered NGFW devices and can process both the ASA and FTD requirements on a single instance, removing the requirement for an expansion SSD module and/or additional hardware."
- "We'd like an option that can convert other vendors' NGFW configurations to supported Check Point NGFW config for ease of migration."
What is our primary use case?
The customer purchased Check Point 6200 Firewalls to replace their aging Cisco ASA firewalls on the perimeter of their sites. The Cisco Firewalls must be replaced due to insufficient capacity.
It is envisioned that the initial migration will be a direct replica of the ASA configuration, with the client expanding the solution post-migration, with Check Point NGFW features.
This project consisted of the following deliverables:
• Rule base is migrated like for like, in which ASA Firewall zone-based rules will be converted to Check Point Parent/Child layered rules.
• Firewall zones to be imported and reviewed post migration by client.
• NAT rules will be migrated “as-is”.
• Geo-location rules from FTD will be honored and mapped into Check Point.
• Client-based blacklisting will be migrated into the solution, using external feeds via URL.
• A single IPS profile consisting of a clone of the vendor's “out-of-box” balanced profile (optimized).
• 1X site-to-site VPN.
• Integration into Client’s Cisco ISE solution for RADIUS-based admin authentication.
• NGFW licensing and blades to be installed on firewall devices, to allow features to be enabled in the future and expand the solution.
How has it helped my organization?
The Client wishes for the ASA firewalls to be replaced with a Check Point systems solution, which consists of 6200 Plus Appliances.
The initial requirement was to migrate the configuration in an “as-is” state, with the necessary licensing purchased and installed to enable expansion of the solution with next-generation feature sets in the future.
The solution was able to meet and exceed the client's requirements thereby improving the client's environment.
The management server is software-based.
Firewalls and licensing include:
• FW
• IPS
The solution provides a single pane of glass management of rules/logging.
The solution supports IPsec tunnels FOR 1X IPsec VPNs.
The solution integrates with the client’s Cisco ISE RADIUS solution for administrative access.
What is most valuable?
The compute power of the appliance is great. The Check Point appliances are considered NGFW devices and can process both the ASA and FTD requirements on a single instance, removing the requirement for an expansion SSD module and/or additional hardware.
What needs improvement?
We'd like an option that can convert other vendors' NGFW configurations to supported Check Point NGFW config for ease of migration.
Check Point configuration options can be very enormous and overwhelming.
Check Point comes with a very lean learning curve even though they offer a robust knowledge base.
A lot of configuration cannot be accomplished via the web interface or the smart dashboard software and must be done manually via the command line interface.
I'd like to see some built-in automation for the firewall alerts/events to trigger an automated response or recovery.
For how long have I used the solution?
I've used the solution for three years.
What do I think about the stability of the solution?
The solution is stable with frequent version and management updates.
What do I think about the scalability of the solution?
The solution is highly scalable and expandable.
How are customer service and support?
The solution offers great customer support.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We used a different solution and needed more processing power and functionality which this had compared to industry competitors.
How was the initial setup?
The setup was straightforward yet third-party device migration contained a lot of manual configuration conversions.
What about the implementation team?
I implemented this myself.
What's my experience with pricing, setup cost, and licensing?
Pricing can be relatively more expensive when compared to industry peers, however, the functionality makes up for the price difference.
Which other solutions did I evaluate?
We also evaluated:
- Cisco NGFW
- Fortigate NGFW
- Palo Alto NGFW
What other advice do I have?
This is a great overall solution.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Check point Partner
Buyer's Guide
Check Point NGFW
June 2025

Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
857,028 professionals have used our research since 2012.
Technical Consultant at PT. Nusantara Compnet Integrator
Ful threat prevention, good price-to-benefit ratio, and helpful support
Pros and Cons
- "Check Point has an awesome price-to-benefit ratio, netting you an awesome throughput of IDS/IPS capability compared to Palo Alto, Cisco, and so on."
- "The distributor support capability is quite lacking as the problem/incident is rarely solved on the distributor level and instead escalated to the principal."
What is our primary use case?
We use it as NGWF for the DMZ area on our data center.
We deployed HA configuration of Check Point Quantum 6200 to protect our user connection to the internet and to protect the server farm in our data center.
In our first year, we got free access to the full capability of SandBlast, the Check Point solution for sandboxing features. We tested, yet felt the sandbox is not quite needed in our environment and thus changed the subscription for the second year and forward to the standard feature.
Check Point can also be integrated with third-party solutions like SIEM and so on.
How has it helped my organization?
Check Point has an awesome price-to-benefit ratio, netting you an awesome throughput of IDS/IPS capability compared to Palo Alto, Cisco, and so on.
The first year also comes with a free SandBlast tier license, so you can test the full capability of Check Point to see if your companies might benefit from it or not.
We also integrate our Check Point with SIEM Splunk and it integrates flawlessly without a hassle. If you are looking for a one-stop solution for cybersecurity, you should check out Check Point's portfolio!
What is most valuable?
The features we find valuable for our companies are:
- remote access VPN
- L4 and L7 firewall rules
- unified management platform provided by Smart-1
- management platform can be deployed on-premise or on the cloud
- full threat prevention by SandBlast
- support integration with 3rd party security vendors like Splunk, Qradar, etc
- high throughput for IDS/ IPS and NGFW only
- easy to scale up using Maestro
- built-in email security solution, endpoint protection, sandboxing, alert to administrator
What needs improvement?
The distributor support capability is quite lacking as the problem/incident is rarely solved on the distributor level and instead escalated to the principal. This makes the troubleshooting process too long and the people involved are too many.
Socialization of new licensing or new features can be improved also. Principals and distributors need to work together closely to inform their customers so that we can stay updated about the latest trends and or threats/bugs that might happen in our Check Point gear.
For how long have I used the solution?
We've been using Check Point for around two to three years. We use it primarily as NGFW and as sandboxing for zero-day threats.
What do I think about the stability of the solution?
Check Point is quite stable with new releases periodically throughout the year.
What do I think about the scalability of the solution?
It is very easy to scale up or scale out and Maestro can improve the scalability a lot.
How are customer service and support?
The response is quick and technical support gives clear answers.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We used Cisco Firepower and we felt that Check Point is more mature.
How was the initial setup?
The initial setup is straightforward. The firewall and management setup is quite similar to other brands.
What about the implementation team?
We implemented the solution through our in-house engineer.
What was our ROI?
We have witnessed ROI within four years.
What's my experience with pricing, setup cost, and licensing?
Check Point provides quite reasonable pricing and licensing schemes.
Which other solutions did I evaluate?
We also evaluated Palo Alto and Fortinet.
What other advice do I have?
Check Point is great for comprehensive security solutions.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Network and Security Administrator at CNR-ISTP - Consorzio RFX in Padua at Politecnico di Milano
Good interoperability and log analysis but could improve VPN clients
Pros and Cons
- "I like the dashboard, redundancy, log analysis, threat prevention and ISP, and VPN."
- "IoT should be considered in future development."
What is our primary use case?
We're an international research laboratory, focused on thermonuclear energy experiments. Due to strong remote collaboration, and to control network communication, we choose the Check Point NG Firewall solution.
Most of the personnel are researchers. We also have a strong collaboration with a University and take care of a European Ph.D. on thermonuclear fusion, as the future clean energy.
How has it helped my organization?
We aim to constantly improve firewall technology, which is a key strategy nowadays. We've chosen Check Point in 2007 and step-by-step upgrade and expand cyber security deployment using their solution.
We appreciate the support and escalation when issues are in place. We really appreciate the solidity of the solution, the redundancy, we own a couple of appliances in failover.
We use Check Point to grant VPN access both for clients and also in specific site-to-site IPSec remote connections.
What is most valuable?
I like the dashboard, redundancy, log analysis, threat prevention and ISP, and VPN.
The dashboard has clean and focused menus and tabs, that offer immediate access to important information and configuration.
Log analysis is really powerful considering the enormous amount of logged data.
We use a specific function to control bandwidth occupation based on protocols and IP subnetworks.
Fundamental is the interoperability with RSA SecurID, Windows AD/Azure.
We're in the process of moving to the MS O365 cloud, and Check Point helps us with this.
What needs improvement?
Maybe the VPN clients could be improved, however, only from a cosmetic point of view. They use a very old GUI and should help remote assistance in case of problems to make it more accessible in terms of getting log/debug information. On this, I suggest an approach like ZOOM US, where is clearly defined the application life cycle, and users warned over time.
We're in the process of moving to a cloud hybrid solution based on MS Azure, and on that field, quite common nowadays, it seems that more has to be done, moving from on-premise historical deployment.
IoT should be considered in future development.
For how long have I used the solution?
I've used the solution since 2007.
What do I think about the stability of the solution?
It is an absolutely stable solution. It is easy to put maintenance on an appliance without losing any connectivity.
What do I think about the scalability of the solution?
The last release, R81, is impressive, at least in these first months, having recently upgraded from R80.
How are customer service and support?
My experience is good, both on technical issues, and commercial support during renewal.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We previously used a Cisco PIX firewall.
How was the initial setup?
The setup is somewhat complex, however, technical documents are clear, and the most common solutions are well described.
What about the implementation team?
We implemented it with a third party and in-house. The support company that helped in Italy is fantastic.
What was our ROI?
We may need more time to measure ROI.
What's my experience with pricing, setup cost, and licensing?
Check Point is not a cheap solution, however, on cyber security, we prefer to stay with a key player.
Which other solutions did I evaluate?
We constantly verify other vendor solutions, such as Palo Alto, Fortinet, and Sophos.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
System Engineer at Trends and Technologies, Inc
Offers good protection
Pros and Cons
- "Check Point NGFW is popular because of the protection it offers."
- "The pricing and UI need to be improved."
What is our primary use case?
We use the solution for threat protection in the banking and finance sectors.
What is most valuable?
Check Point NGFW is popular because of the protection it offers.
What needs improvement?
The pricing and UI need to be improved.
The enterprise is quite expensive. There are small boxes that are competitive enough.
For how long have I used the solution?
I have been using Check Point NGFW for a year.
What do I think about the stability of the solution?
The product is stable.
I rate the solution’s stability a nine-point five out of ten.
What do I think about the scalability of the solution?
The solution can scale up to enterprises.
I rate the solution’s scalability a nine-point five out of ten.
How was the initial setup?
The initial setup is easy, but maintenance is very difficult. Deployment and fine-tuning take a day.
What was our ROI?
There were no glitches or issues. We were able to achieve a positive ROI for our business. It saved them a significant amount of money that would otherwise have been spent on dealing with ransomware activities.
What's my experience with pricing, setup cost, and licensing?
The product is expensive and costs around one-point-five million.
I rate the product’s pricing an eight out of ten, where one is cheap, and ten is expensive.
What other advice do I have?
Thorough planning is essential when implementing a Check Point NGFW. You need a checklist outlining what policies to establish. While the installation is straightforward and does not require much effort beyond obtaining a license, creating and configuring policies can be time-consuming. Therefore, allocating sufficient time and resources to policy creation is crucial to ensure effective security management.
Overall, I rate the solution a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
Network Security Architect at a consultancy with 10,001+ employees
A highly stable solution that provides security and has firmware with very few vulnerabilities
Pros and Cons
- "The tool has solid firmware with very few vulnerabilities."
- "The tool must improve its support."
What is our primary use case?
The solution is our main firewall. It protects our perimeter.
What is most valuable?
The tool has solid firmware with very few vulnerabilities. We don't need to upgrade it for vulnerabilities. It is rare when compared to the competitors. The product’s performance is good. My organization chose the product because it is stable and provides a very good Software Blade.
What needs improvement?
The tool must improve its support. The support provided by partners gets expensive.
For how long have I used the solution?
I have been using the solution for around six years.
What do I think about the stability of the solution?
The product is stable.
What do I think about the scalability of the solution?
The solution protects the entire perimeter. Every user passes through the firewall. It is used daily. We have around eight administrators. The solution requires very little maintenance.
How was the initial setup?
The initial setup was easy.
What's my experience with pricing, setup cost, and licensing?
The solution is expensive. A medium data center would cost around $17,000 per year for a medium enterprise.
Which other solutions did I evaluate?
Except for Palo Alto, Check Point is good compared to its competitors. Cisco ASA lacks features.
What other advice do I have?
It is a good product. There are other competitors. Check Point NGFW is easy to deploy, manage, implement, and troubleshoot. The operation is pretty simple. Even a few operations people can run it very well. It is pretty much stable. We need to safeguard the data of our organization very well. Check Point NGFW is a leading solution provider. Security products must not have many vulnerabilities. Overall, I rate the product a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
President of the Advisory Board at a computer software company with 201-500 employees
Reliable core firewall enables secure and efficient transactions
Pros and Cons
- "Check Point's solutions allow organizations to operate securely with a reliable core firewall in place, ensuring that transactions proceed smoothly."
- "The user interface could be more user-friendly."
What is our primary use case?
We are using the solution for the perimeter. It's used as a core firewall, with almost all transactions passing through the firewall. For instance, in a cellular phone company, all transactional authorizations pass through the firewall, while in a bank, authorizations for branches and ATMs go through the firewall. The main customers are in the BFSI, telcos, industry manufacturing, and other large enterprise sectors.
How has it helped my organization?
Check Point's solutions allow organizations to operate securely with a reliable core firewall in place, ensuring that transactions proceed smoothly.
What is most valuable?
The Check Point firewall is used as a core firewall offering high reliability with at least two synchronized data centers, creating a fault-tolerant configuration. It is considered a very stable platform with minimal bugs.
What needs improvement?
Technically, there is no need for improvement. That said, they need to be more aggressive and protect more of the channels on the commercial side. Additionally, the user interface could be more user-friendly.
For how long have I used the solution?
We have been using Check Point solutions for over twenty-five years, since the very beginning.
What do I think about the stability of the solution?
The firewall is highly stable, being described as one of the most reliable, with a stable platform and few bugs.
What do I think about the scalability of the solution?
Using the Maestro technology, the firewall has good scalability. It allows for flexibility and growth by stacking clippings without needing to change the chassis.
How are customer service and support?
Customer service is generally good. With Diamond or Diamond Plus service for banks, the support level meets customer expectations. The internal team of Check experts also ensures issues are resolved efficiently.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We are familiar with and have supported other solutions like Fortinet, Palo Alto, and Cisco yet primarily do business with Check Point.
How was the initial setup?
Initial setup can be complex, especially in large or redundant deployments. Expertise is required to manage configurations, especially with complex operations and a high volume of users and VPNs.
What about the implementation team?
The implementation team has around 20 people, with a total group including maintenance and support numbering 60.
What was our ROI?
Monetizing the risk is complex, and despite having software for calculating ROI in security, traditional calculations like the FAIR methodology do not apply efficiently in Latin America.
What's my experience with pricing, setup cost, and licensing?
Check Point and Palo Alto solutions are among the more expensive options, but once a platform is adopted, switching is difficult. Clients tend to stay with the same brand for extended periods.
Which other solutions did I evaluate?
We have evaluated solutions from Fortinet, Palo Alto, and Cisco, however, the main offering is Check Point.
What other advice do I have?
I'd rate the solution eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Last updated: Oct 8, 2024
Flag as inappropriateSenior Information Security Specialist at AKBANK TAS
Smart, simple, and user-friendly
Pros and Cons
- "The solution offers a good GUI."
- "The API support is good. However, Check Point needs to focus on more prepared scripts for some tiresome actions."
What is our primary use case?
We are using physical appliances along with some VSX's in our network. We mostly use firewall only (due to high traffic usage). We are using CP NGFW to protect the company from the internet and also provide security while we are connecting to the internet.
We have physical clusters that we manage via our company's external connections through S2S. We are managing our core and client networks with separate clusters. Applying security rules and providing NAT when we need it. We are also using CP in our DRC environment to provide SRC and DST NAT with VSX to provide access to machines that have the same IP addresses.
How has it helped my organization?
Back when we had a different brand of firewalls, we were having trouble managing all of them separately. With Check Point's HA capability, we merged all of our Check Point firewall management. With this, we can apply a viable DRC solution that our company needs and also manage, view logs, and administer all of the components together.
With the capable appliances, we don't experience any CPU and Memory utilization most of the time. With the help of new versions, Check Point is moving forward. We hope the upcoming version will provide hyper flow, and this will solve our elephant flow problem.
What is most valuable?
The solution offers a good GUI. It is easy to use, smart, simple, and user-friendly.
The client VPN and S2S VPN capabilities are great. Check Point's mobile access provides us with flexibility. We don't have a single point of failure regarding the VPN access points anymore.
We can use Check Point NGFW physically, virtually (with Check Point VSX), and on the cloud with CloudGuard. We have most of the features available even within these different environments.
We can apply SAM Rules (without installation needs), and Custom Intelligence Feeds.
It has good API support and provides value when you need it.
What needs improvement?
The API support is good. However, Check Point needs to focus on more prepared scripts for some tiresome actions. Other vendors provide this, including Palo Alto). We are in a big organization now, and we need good tools to maintain stability and get rid of the objects and rules that we don't use.
If you are working within a big organization, you may have some CPU and memory utilization problems. Most of the time, we are encountering these kinds of problems, and due to that, we can't use other features and blades other than the firewall or threat prevention.
I find Check Point's log experience a little tiresome as it does not provide information with limited blades enabled. We'd like to see information around session time, sent and received bytes, etc. Even if you manage to get some data, you may find it not very reliable.
For how long have I used the solution?
I've been using Check Point's NGFW and its features for about five years.
What do I think about the stability of the solution?
I found Check Point's stability a little bit so-so. Not that good, not that bad. Most of the time it is reliable. We had lots of problems before due to the utilization of our firewalls. Most of the time, the hotfixes provided the solution. However, applying hotfixes and getting in touch with the R&D when needed may be tiresome.
What do I think about the scalability of the solution?
It's pretty good. The HA Features provide a good solution so far, and with Maestro it will perform better.
Which solution did I use previously and why did I switch?
I had the chance to work with Fortigate and Palo Alto Firewalls before. Due to the stability and know-how regarding Check Point, we chose this vendor.
What was our ROI?
We always believed and saw that the money we spent on Check Point was not in vain.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros
sharing their opinions.
Updated: June 2025
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
OPNsense
Sophos XG
Cisco Secure Firewall
Meraki MX
Palo Alto Networks NG Firewalls
Azure Firewall
WatchGuard Firebox
SonicWall TZ
Sophos UTM
Juniper SRX Series Firewall
Fortinet FortiGate-VM
Sophos XGS
SonicWall NSa
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How does Check Point NGFW compare with Fortinet Fortigate?
- Is Palo Alto Networks NG Firewalls better than Check Point NGFW?
- Which would you recommend - Azure Firewall or Check Point NGFW?
- Is Check Point's software compatible with other products?
- What do you recommend for a corporate firewall implementation?
- Comparison of Barracuda F800, SonicWall 5600 and Fortinet
- Sophos XG 210 vs Fortigate FG 100E
- Which is the best network firewall for a small retailer?
- When evaluating Firewalls, what aspect do you think is the most important to look for?
- Cyberoam or Fortinet?