Check Point NGFW Reviews

We primarily use Check Point NGFW for network segmentation and traffic control. It effectively segments our network into zones, allowing us to manage and secure traffic flows between different segments.

The platform's technical support services need enhancement. 

The product is highly scalable and crucial for our large-scale deployment needs. Its scalability is a ten out of ten.

The technical support is generally responsive, although there have been occasional delays in accessing specialized assistance tailored to our needs.

Positive

The deployment was handled by dedicated experts within our organization, ensuring a smooth setup. While I didn't oversee the technical aspects directly, our team found the process straightforward, minimizing operational disruptions.

The product is on the higher end of the cost spectrum, but the investment is justified by its high-quality performance and reliability, which are paramount for our security infrastructure.

Check Point NGFW has consistently provided stable operation which is critical for our organization's security needs.

Managing firewall rules and policies is intuitive and efficient. The interface allows us to quickly adapt to new security requirements and maintain compliance with organizational policies.

I highly recommend it for organizations seeking robust network security.

Overall, I rate it an eight. 

The customer purchased Check Point 6200 Firewalls to replace their aging Cisco ASA firewalls on the perimeter of their sites. The Cisco Firewalls must be replaced due to insufficient capacity.

It is envisioned that the initial migration will be a direct replica of the ASA configuration, with the client expanding the solution post-migration, with Check Point NGFW features.

This project consisted of the following deliverables:
• Rule base is migrated like for like, in which ASA Firewall zone-based rules will be converted to Check Point Parent/Child layered rules.
• Firewall zones to be imported and reviewed post migration by client.
• NAT rules will be migrated “as-is”.
• Geo-location rules from FTD will be honored and mapped into Check Point.
• Client-based blacklisting will be migrated into the solution, using external feeds via URL.
• A single IPS profile consisting of a clone of the vendor's “out-of-box” balanced profile (optimized).
• 1X site-to-site VPN.
• Integration into Client’s Cisco ISE solution for RADIUS-based admin authentication.
• NGFW licensing and blades to be installed on firewall devices, to allow features to be enabled in the future and expand the solution.

The Client wishes for the ASA firewalls to be replaced with a Check Point systems solution, which consists of 6200 Plus Appliances. 

The initial requirement was to migrate the configuration in an “as-is” state, with the necessary licensing purchased and installed to enable expansion of the solution with next-generation feature sets in the future.

The solution was able to meet and exceed the client's requirements thereby improving the client's environment.

The management server is software-based.

Firewalls and licensing include:
• FW
• IPS

The solution provides a single pane of glass management of rules/logging.

The solution supports IPsec tunnels FOR 1X IPsec VPNs.

The solution integrates with the client’s Cisco ISE RADIUS solution for administrative access.

The compute power of the appliance is great. The Check Point appliances are considered NGFW devices and can process both the ASA and FTD requirements on a single instance, removing the requirement for an expansion SSD module and/or additional hardware.

We'd like an option that can convert other vendors' NGFW configurations to supported Check Point NGFW config for ease of migration.

Check Point configuration options can be very enormous and overwhelming.
Check Point comes with a very lean learning curve even though they offer a robust knowledge base. 

A lot of configuration cannot be accomplished via the web interface or the smart dashboard software and must be done manually via the command line interface.

I'd like to see some built-in automation for the firewall alerts/events to trigger an automated response or recovery.

I've used the solution for three years.

The solution is stable with frequent version and management updates.

The solution is highly scalable and expandable.

The solution offers great customer support.

Positive

We used a different solution and needed more processing power and functionality which this had compared to industry competitors.

The setup was straightforward yet third-party device migration contained a lot of manual configuration conversions.

I implemented this myself.

Pricing can be relatively more expensive when compared to industry peers, however, the functionality makes up for the price difference.

We also evaluated:

• Cisco NGFW
• Fortigate NGFW
• Palo Alto NGFW

This is a great overall solution.

We use it as NGWF for the DMZ area on our data center. 

We deployed HA configuration of Check Point Quantum 6200 to protect our user connection to the internet and to protect the server farm in our data center. 

In our first year, we got free access to the full capability of SandBlast, the Check Point solution for sandboxing features. We tested, yet felt the sandbox is not quite needed in our environment and thus changed the subscription for the second year and forward to the standard feature. 

Check Point can also be integrated with third-party solutions like SIEM and so on. 

Check Point has an awesome price-to-benefit ratio, netting you an awesome throughput of IDS/IPS capability compared to Palo Alto, Cisco, and so on. 

The first year also comes with a free SandBlast tier license, so you can test the full capability of Check Point to see if your companies might benefit from it or not. 

We also integrate our Check Point with SIEM Splunk and it integrates flawlessly without a hassle. If you are looking for a one-stop solution for cybersecurity, you should check out Check Point's portfolio!

The features we find valuable for our companies are:

- remote access VPN

- L4 and L7 firewall rules

- unified management platform provided by Smart-1

- management platform can be deployed on-premise or on the cloud

- full threat prevention by SandBlast

- support integration with 3rd party security vendors like Splunk, Qradar, etc

- high throughput for IDS/ IPS and NGFW only

- easy to scale up using Maestro

- built-in email security solution, endpoint protection, sandboxing, alert to administrator

The distributor support capability is quite lacking as the problem/incident is rarely solved on the distributor level and instead escalated to the principal. This makes the troubleshooting process too long and the people involved are too many. 

Socialization of new licensing or new features can be improved also. Principals and distributors need to work together closely to inform their customers so that we can stay updated about the latest trends and or threats/bugs that might happen in our Check Point gear.

We've been using Check Point for around two to three years. We use it primarily as NGFW and as sandboxing for zero-day threats.

Check Point is quite stable with new releases periodically throughout the year.

It is very easy to scale up or scale out and Maestro can improve the scalability a lot.

The response is quick and technical support gives clear answers.

Positive

We used Cisco Firepower and we felt that Check Point is more mature.

The initial setup is straightforward. The firewall and management setup is quite similar to other brands.

We implemented the solution through our in-house engineer.

We have witnessed ROI within four years.

Check Point provides quite reasonable pricing and licensing schemes.

We also evaluated Palo Alto and Fortinet.

Check Point is great for comprehensive security solutions.

We're an international research laboratory, focused on thermonuclear energy experiments. Due to strong remote collaboration, and to control network communication, we choose the Check Point NG Firewall solution.

Most of the personnel are researchers. We also have a strong collaboration with a University and take care of a European Ph.D. on thermonuclear fusion, as the future clean energy.

We aim to constantly improve firewall technology, which is a key strategy nowadays. We've chosen Check Point in 2007 and step-by-step upgrade and expand cyber security deployment using their solution. 

We appreciate the support and escalation when issues are in place. We really appreciate the solidity of the solution, the redundancy, we own a couple of appliances in failover. 

We use Check Point to grant VPN access both for clients and also in specific site-to-site IPSec remote connections.

I like the dashboard, redundancy, log analysis, threat prevention and ISP, and VPN.

The dashboard has clean and focused menus and tabs, that offer immediate access to important information and configuration. 

Log analysis is really powerful considering the enormous amount of logged data. 

We use a specific function to control bandwidth occupation based on protocols and IP subnetworks.

Fundamental is the interoperability with RSA SecurID, Windows AD/Azure.

We're in the process of moving to the MS O365 cloud, and Check Point helps us with this.

Maybe the VPN clients could be improved, however, only from a cosmetic point of view. They use a very old GUI and should help remote assistance in case of problems to make it more accessible in terms of getting log/debug information. On this, I suggest an approach like ZOOM US, where is clearly defined the application life cycle, and users warned over time.

We're in the process of moving to a cloud hybrid solution based on MS Azure, and on that field, quite common nowadays, it seems that more has to be done, moving from on-premise historical deployment. 

IoT should be considered in future development.

I've used the solution since 2007.

It is an absolutely stable solution. It is easy to put maintenance on an appliance without losing any connectivity.

The last release, R81, is impressive, at least in these first months, having recently upgraded from R80.

My experience is good, both on technical issues, and commercial support during renewal.

Positive

We previously used a Cisco PIX firewall.

The setup is somewhat complex, however, technical documents are clear, and the most common solutions are well described.

We implemented it with a third party and in-house. The support company that helped in Italy is fantastic.

We may need more time to measure ROI.

Check Point is not a cheap solution, however, on cyber security, we prefer to stay with a key player.

We constantly verify other vendor solutions, such as Palo Alto, Fortinet, and Sophos.

We use the solution for threat protection in the banking and finance sectors.

Check Point NGFW is popular because of the protection it offers. 

The pricing and UI need to be improved. 

The enterprise is quite expensive. There are small boxes that are competitive enough.

I have been using Check Point NGFW for a year.

The product is stable.

I rate the solution’s stability a nine-point five out of ten.

The solution can scale up to enterprises.

I rate the solution’s scalability a nine-point five out of ten.

The initial setup is easy, but maintenance is very difficult. Deployment and fine-tuning take a day.

There were no glitches or issues. We were able to achieve a positive ROI for our business. It saved them a significant amount of money that would otherwise have been spent on dealing with ransomware activities.

The product is expensive and costs around one-point-five million.

I rate the product’s pricing an eight out of ten, where one is cheap, and ten is expensive.

Thorough planning is essential when implementing a Check Point NGFW. You need a checklist outlining what policies to establish. While the installation is straightforward and does not require much effort beyond obtaining a license, creating and configuring policies can be time-consuming. Therefore, allocating sufficient time and resources to policy creation is crucial to ensure effective security management.

Overall, I rate the solution a nine out of ten.

The solution is our main firewall. It protects our perimeter.

The tool has solid firmware with very few vulnerabilities. We don't need to upgrade it for vulnerabilities. It is rare when compared to the competitors. The product’s performance is good. My organization chose the product because it is stable and provides a very good Software Blade.

The tool must improve its support. The support provided by partners gets expensive.

I have been using the solution for around six years.

The product is stable.

The solution protects the entire perimeter. Every user passes through the firewall. It is used daily. We have around eight administrators. The solution requires very little maintenance.

The initial setup was easy.

The solution is expensive. A medium data center would cost around $17,000 per year for a medium enterprise.

Except for Palo Alto, Check Point is good compared to its competitors. Cisco ASA lacks features.

It is a good product. There are other competitors. Check Point NGFW is easy to deploy, manage, implement, and troubleshoot. The operation is pretty simple. Even a few operations people can run it very well. It is pretty much stable. We need to safeguard the data of our organization very well. Check Point NGFW is a leading solution provider. Security products must not have many vulnerabilities. Overall, I rate the product a nine out of ten.

We are using the solution for the perimeter. It's used as a core firewall, with almost all transactions passing through the firewall. For instance, in a cellular phone company, all transactional authorizations pass through the firewall, while in a bank, authorizations for branches and ATMs go through the firewall. The main customers are in the BFSI, telcos, industry manufacturing, and other large enterprise sectors.

Check Point's solutions allow organizations to operate securely with a reliable core firewall in place, ensuring that transactions proceed smoothly.

The Check Point firewall is used as a core firewall offering high reliability with at least two synchronized data centers, creating a fault-tolerant configuration. It is considered a very stable platform with minimal bugs.

Technically, there is no need for improvement. That said, they need to be more aggressive and protect more of the channels on the commercial side. Additionally, the user interface could be more user-friendly.

We have been using Check Point solutions for over twenty-five years, since the very beginning.

The firewall is highly stable, being described as one of the most reliable, with a stable platform and few bugs.

Using the Maestro technology, the firewall has good scalability. It allows for flexibility and growth by stacking clippings without needing to change the chassis.

Customer service is generally good. With Diamond or Diamond Plus service for banks, the support level meets customer expectations. The internal team of Check experts also ensures issues are resolved efficiently.

Positive

We are familiar with and have supported other solutions like Fortinet, Palo Alto, and Cisco yet primarily do business with Check Point.

Initial setup can be complex, especially in large or redundant deployments. Expertise is required to manage configurations, especially with complex operations and a high volume of users and VPNs.

The implementation team has around 20 people, with a total group including maintenance and support numbering 60.

Monetizing the risk is complex, and despite having software for calculating ROI in security, traditional calculations like the FAIR methodology do not apply efficiently in Latin America.

Check Point and Palo Alto solutions are among the more expensive options, but once a platform is adopted, switching is difficult. Clients tend to stay with the same brand for extended periods.

We have evaluated solutions from Fortinet, Palo Alto, and Cisco, however, the main offering is Check Point.

I'd rate the solution eight out of ten.

We are using physical appliances along with some VSX's in our network. We mostly use firewall only (due to high traffic usage). We are using CP NGFW to protect the company from the internet and also provide security while we are connecting to the internet.  

We have physical clusters that we manage via our company's external connections through S2S. We are managing our core and client networks with separate clusters. Applying security rules and providing NAT when we need it. We are also using CP in our DRC environment to provide SRC and DST NAT with VSX to provide access to machines that have the same IP addresses.

Back when we had a different brand of firewalls, we were having trouble managing all of them separately. With Check Point's HA capability, we merged all of our Check Point firewall management. With this, we can apply a viable DRC solution that our company needs and also manage, view logs, and administer all of the components together.

With the capable appliances, we don't experience any CPU and Memory utilization most of the time. With the help of new versions, Check Point is moving forward. We hope the upcoming version will provide hyper flow, and this will solve our elephant flow problem.

The solution offers a good GUI. It is easy to use, smart, simple, and user-friendly.

The client VPN and S2S VPN capabilities are great. Check Point's mobile access provides us with flexibility. We don't have a single point of failure regarding the VPN access points anymore.

We can use Check Point NGFW physically, virtually (with Check Point VSX), and on the cloud with CloudGuard. We have most of the features available even within these different environments.

We can apply SAM Rules (without installation needs), and Custom Intelligence Feeds.

It has good API support and provides value when you need it. 

The API support is good. However, Check Point needs to focus on more prepared scripts for some tiresome actions. Other vendors provide this, including Palo Alto). We are in a big organization now, and we need good tools to maintain stability and get rid of the objects and rules that we don't use.

If you are working within a big organization, you may have some CPU and memory utilization problems. Most of the time, we are encountering these kinds of problems, and due to that, we can't use other features and blades other than the firewall or threat prevention.

I find Check Point's log experience a little tiresome as it does not provide information with limited blades enabled. We'd like to see information around session time, sent and received bytes, etc. Even if you manage to get some data, you may find it not very reliable.

I've been using Check Point's NGFW and its features for about five years. 

I found Check Point's stability a little bit so-so. Not that good, not that bad. Most of the time it is reliable. We had lots of problems before due to the utilization of our firewalls. Most of the time, the hotfixes provided the solution. However, applying hotfixes and getting in touch with the R&D when needed may be tiresome.

It's pretty good. The HA Features provide a good solution so far, and with Maestro it will perform better.

I had the chance to work with Fortigate and Palo Alto Firewalls before. Due to the stability and know-how regarding Check Point, we chose this vendor.

We always believed and saw that the money we spent on Check Point was not in vain.