We changed our name from IT Central Station: Here's why
Network Security Engineer at a tech services company with 10,001+ employees
Real User
Top 10
Easy to use, good encryption options, stable, helpful support
Pros and Cons
  • "One of the benefits that we have realized from using this product is that the user interface makes it easier to operate, compared to using the CLI."
  • "The antivirus feature is a little bit weak and should be improved."

What is our primary use case?

We use this firewall to protect the internal network and to set up the IPSec standard from one location to another.

How has it helped my organization?

One of the benefits that we have realized from using this product is that the user interface makes it easier to operate, compared to using the CLI.  In Check Point 5.0, we bought the option, giving us the ability to use the GUI as well as the CLI. A person who is comfortable with the UI can work with it according to different scenarios.

What is most valuable?

The most valuable feature is the set of encryption options that are available.

Viewing the logs in the interface is easy to do, which is one of the things that I like.

This is a UI-based firewall that is easy to use.

What needs improvement?

The antivirus feature is a little bit weak and should be improved. The updates are not as regular when compared to other firewalls, such as Palo Alto.

The training materials and certification process should be improved. For example, the certificates are more expensive and there's no good training available on the internet right now.

For how long have I used the solution?

I have been using Check Point NGFW for approximately seven years, since 2014.

What do I think about the stability of the solution?

The stability of this firewall is good and we haven't had any problems. It is a well-known, quality brand.

What do I think about the scalability of the solution?

There are no issues with extendability or scalability. Over the course of a year, we added another firewall, bringing us from one to two deployments, and the process was not tough. We were easily able to manage it.

We have approximately 12 people who work with this firewall during different shifts.

How are customer service and technical support?

I have been in contact with technical support many times, and they are good. Most of the time, they solve the problem as soon as possible, and they give a perfect solution.

Which solution did I use previously and why did I switch?

Currently, we are using firewalls from different vendors, including Palo Alto and Cisco. Our Cisco ASA solution is completely CLI-based and Palo Alto is like Check Point with an interface that is a mix of UI and CLI-based.

Both Palo Alto and Cisco ASA have very good tutorials available on the internet, including videos on YouTube and courses on Udemy.

On the other hand, Cisco ASA is more difficult to use because there is no UI and for a person who does not have any knowledge of the networking commands, they have to learn them.

How was the initial setup?

The first phase of the implementation is to plan the firewall deployment. After that, we do the configuration and validate it. In the case of a Check Point firewall, this process will take between two and three months to complete.

The complexity of the process depends on the features that you want to add. In general, it is straightforward and not too complex.

What about the implementation team?

I was not present when the first firewall was set up, although I was presented for the deployment of new ones. Whenever there is a new firewall deployment, I am involved. We have between four and five network engineers who take care of this part.

There is no maintenance required from our side. When we have a hardware issue then we contact technical support to get it sorted out.

What was our ROI?

We have seen ROI; for the purpose that we have deployed this firewall, we are getting returns. Based on this, we are buying more Check Point firewalls.

What's my experience with pricing, setup cost, and licensing?

The price of Check Point is lower than Palo Alto but higher than Cisco ASA. For us, the price for licensing is fine, we have no issue with it, and feel that the cost is justified.

There are no costs in addition to the standard licensing fees.

What other advice do I have?

My advice for anybody who is implementing Check Point NGFW is that if they get stuck, then visit the technical support section of the website and read the articles that are available. I have learned many things from the tech articles, and it's a good website if you want to learn about it in-depth.

One of the things that I learned is that Check Point firewalls also use Linux commands. After working with Check Point, I improved my Linux skills, which is a good thing for me.

I would rate this solution a nine out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Vighnesh Rege
Lead Solution Advisor at a consultancy with 10,001+ employees
Real User
Top 5
Fix holes in endpoint security management infrastructure, which might be letting things through like ransomware
Pros and Cons
  • "The application authentication feature of Check Point is the most valuable as it helps us keep users secure."
  • "Check Point should quickly update and expand its application database to have what Palo Alto has."

What is our primary use case?

We recommend to clients who are installing applications that they can work with Check Point Next Generation Firewalls. Our role is to support our customers in terms of their migration, firewall room cleanups, and implementing all the security features that the firewall has.

Our clients have branch offices in Mexico and Bermuda. Check Point is one of the top names in these areas.

How has it helped my organization?

Our clients come to us to fix holes in their endpoint security management infrastructure, which might be letting things through like ransomware. We recommend Check Point Firewalls and some other endpoint security management solutions to mitigate these risk factors. We use this solutions to help build a perimeter for the company, as it helps filter threats from affecting our clients' infrastructure.

What is most valuable?

The application authentication feature of Check Point is the most valuable as it helps us keep users secure. 

It works smoothly when managing clients' on-premise and cloud firewalls.

What needs improvement?

Permissions from the client regarding troubleshooting and how well we can packet capture have not been smooth.

Check Point should quickly update and expand its application database to have what Palo Alto has. 

There have been some issues with third-party integrations.

For how long have I used the solution?

I've been using Check Point Firewalls since 2012. This was right from the beginning when it was hardware from Nokia and the R65 and R66 models. So far, that has gone well.

What do I think about the stability of the solution?

They are stable. There are no standalone Check Point boxes. If a module goes down, it doesn't affect the base as a whole. Check Point Firewalls have nice redundancy.

What do I think about the scalability of the solution?

Scalability is a good feature that this solution has. It is easy scale out and do site-to-site implementations. Sometimes, you have to clean the OS or RAM to free up availability. However, if you do this, then there are generally no issues with scaling it.

How are customer service and technical support?

The documentation is really good. 

Their support guys response is really quick. Though, sometimes it takes them more than four to five to get back to us via email and acknowledge an issue. If you have the diamond support, it is definitely fast. However, if you don't have that sort of expensive after-sale support, then it is a problem to engage a Check Point technician at a very fast pace.

We actively participate in the community group.

Which solution did I use previously and why did I switch?

Our clients are migrating over to Check Point NGFW from Cisco, Juniper, and Fortinet because they want the Check Point Application Intelligence feature. 

How was the initial setup?

We set up the management tool for the clients to manage all their infrastructure.

The migration is generally seamless and takes one shift or day (about nine hours).

We migrate clients to Check Point from other solutions. We also have situations where it's a clean install for deployment, which is the most common scenario.

What about the implementation team?

We are working with Check Point Firewalls to provide installation, migration, updates, setup, etc. 

In the beginning, we needed help from the vendor with the setup. The support was good.

What was our ROI?

Our clients have seen ROI.

What's my experience with pricing, setup cost, and licensing?

Cisco pushes clients to purchase their hardware, and this is not the case with Check Point. This helps to easily manage costs.

Which other solutions did I evaluate?

There are now more competitors in the market, like Palo Alto and VMware. 

Palo Alto is a bit more smooth and cost-efficient than Check Point. Palo Alto has Unified Threat Management (UTM) coupled with a dake lake database that is huge. Also, its migration is more smooth than Check Point's. 

What other advice do I have?

Look for a software with licenses that support the features you want. I would recommend doing an RFP before purchasing. Get in touch with Check Point's sales team and compare it with other solutions.

Check Point features are always evolving. They try to stay abreast of the market. I would recommend not using older, obsolete models of Check Point because of this. 

I would rate this solution as an eight out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,643 professionals have used our research since 2012.
Senior Linux Administrator at Cartrack
User
Simple to scale with a nice management interface and good technical support
Pros and Cons
  • "Many problems have been solved with these firewalls and we've largely been very satisfied."
  • "The predefined reports are few and it would be nice to increase them since the logs are excellent."

What is our primary use case?

Check Point's Next Generation Firewall has definitely improved our organization as we previously used a Linux firewall and we have had to manually configure internet control measures. When it comes to configuring firewall policies it was time-consuming. This has been taken care of by Check Point's Next Generation firewall. Even the integration to the Active Directory has been made to be seamless and requires a minimum effort from our security and network administrators. The technologies that are in place are amazing. For example, the Threat Extraction and Threat Emulation technologies. The Sandbox technology, or Threat Cloud, is world-class.

How has it helped my organization?

The remote access blade functionality is really valuable as we now need to just install the client on the user's machines and the client can be preconfigured with the site details. This makes our lives very simple. The logging of the firewall is also phenomenal as it is very granular and very easy to filter. 

The Application control blade is another valuable feature as we now only need to create a rule to be applied and to specify the applicable application which is categorized. The ability to configure dynamic objects, for example, Microsoft Office 365, is also a valuable feature.

The reports are very detailed and the variety is amazing. It caters to everything and is even more that what we had bargained for. They are also customizable, which makes them extremely valuable to us. 

Another great feature is the ability to publish corporate applications in a secure web environment.

What is most valuable?

Many problems have been solved with these firewalls and we've largely been very satisfied. Thanks to this infrastructure that we have managed, in this pandemic time, to quickly and effectively offer the potential to remotely work for everyone has been good. 

Also important is the separate management interface that has made it possible to carry out even the most operations while comfortably seated at the desk. It provides multiple profiles that you can apply depending on the scenario that presents itself.

What needs improvement?

It takes a while to install the rules so that if you make a mistake you can only fix it after a few minutes. There's no problem with traffic processing. 

Sometimes you are forced to interact on several levels: on the one hand, you put in the rules, and on the other, you put in the route. The predefined reports are few and it would be nice to increase them since the logs are excellent.

In my work experience, I have been able to use multiple firewall platforms. There are only two valid ones for me and one of them is definitely Check Point. The others charge less but there is a reason for that. It is a good idea to think carefully before rather than after you suffer from a serious attack.

For how long have I used the solution?

We have been using the solution for three years now.

What do I think about the stability of the solution?

For me, the solution has been stable. Perhaps running it on a small scale helps.

What do I think about the scalability of the solution?

I like the fact that it's so simple to scale.

How are customer service and technical support?

I find the support to be very prompt. They go the extra mile to assist and are thorough in their troubleshooting.

Which solution did I use previously and why did I switch?

I did not use a different solution, however, I came to know about this product while I was working for a company called Syrex.

How was the initial setup?

It was set up for us by a company I used to work for.

What about the implementation team?

It was through a vendor, and they were very good and did it on time as they promised.

What was our ROI?

A stable and fully functioning solution has enabled us to focus on other aspects of growing the business.

Which other solutions did I evaluate?

I looked at Fortigate, and it was not as clearly defined, and easy to follow as Check Point is.

What other advice do I have?

Check Point does cost a lot, but for me, it's worth the money I paid.

Some of the products are easier to deploy. For example, the Harmony products are simpler as they have a per user/per device pricing model.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Senior Infrastructure Technical Lead at a financial services firm with 10,001+ employees
User
Great management console and operations support but they need to focus on its overall robustness
Pros and Cons
  • "The ability to split single hardware into multiple virtuals along with support for dynamic routing using BGP is very useful for our environment."
  • "I would like less CPU-intensive features to be introduced to replace the existing heavy-duty processes."

What is our primary use case?

We primarily use the solution for perimeter security - including DMZ and as an internet firewall. We use Check Point Firewalls as the first line of defense from the internet and they are also used to segregate the internet, DMZ, and internal networks. Check Point VSX technology is used to split the hardware into multiple virtual firewalls to cater to different environments so they are well segregated. We have BGP running on the firewalls, such as all of our network devices in our environment, to learn and advertise routes. Check Point does a decent job with BGP and does an excellent job as a perimeter firewall.

How has it helped my organization?

Check Point was brought into our environment as a perimeter security device to replace the Juniper NetScreen which was originally used as the perimeter firewall. When Juniper announced the end of life of NetScreen devices, we decided to go with Check Point mainly because of the ease of management and also because Check Point was an Industry leader and Juniper was still in the initial stages of building their own firewalls using JunOS. With the introduction of Check Point with the VSX features, we could use BGP instead of the tedious static routes that we had in place with the old NetScreen.

What is most valuable?

The VSX has been great. The ability to split single hardware into multiple virtuals along with support for dynamic routing using BGP is very useful for our environment.

We like the management console. The Check Point smart dashboard has made things easier for administration and we've been able to manage all the Check Point devices from one place which is very useful.

The operations support is great. There is a smart log system that is very good for troubleshooting and reporting. We also use the CLI for troubleshooting purposes (for the likes of FWMonitor and tcpdump) while the FW rules are managed via the smart console which does wonders for operations support.

What needs improvement?

It is common for any network device to compromise on stability when more and more features are packed into it. It may work for small organizations when they want a single device to do everything for security. However, it is a big issue for us as a large financial institution when even a small outage costs dearly. Check Point, being our perimeter firewall, has failed quite a few times mainly when handling BGP. I would like less CPU-intensive features to be introduced to replace the existing heavy-duty processes. They may already have a lot of features, so the enhancement of existing features could focus on robustness rather than introducing new features.

For how long have I used the solution?

I've been using the solution for three years.

What do I think about the stability of the solution?

With the upgrade to R80, the solution has become more stable. We have had outages because of the gateways failure while running BGP with older versions. After the upgrade, we havent had such outages.

What do I think about the scalability of the solution?

With the latest upgrades of R80, Check Point has bettered its performance, and hence, scalability has improved a lot. Also, there are multiple NG features that can be utilized that makes it more suitable for multiple solutions.

How are customer service and technical support?

They offer very good customer support; they're always available and capable.

Which solution did I use previously and why did I switch?

We previously used NetScreen and they were at their end of life.

How was the initial setup?

Check Point has its own design that is a little complex compared to other products. This has a 3-tier architecture and we need management servers and gateways separate. I would still say its not much of a hassle building it.

What about the implementation team?

We handled everything through Check Point PS. They were very good.

What was our ROI?

I can't really comment, as I do not have much idea about this space.

What's my experience with pricing, setup cost, and licensing?

The solution is priced well in the market in order to compete with the other products.

Which other solutions did I evaluate?

I wasn't in the organization when the evaluation happened. However, I know Juniper SRX was one of the solutions looked at as we are using them for our internal firewalls.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Firewall Administrator at a tech services company with 1,001-5,000 employees
Real User
Top 10
Centralized management makes it easy to scale and the GUI makes it easy to use
Pros and Cons
  • "The most valuable feature is the central management system through the Security Management Server. Apart from that, the graphical user interface helps us to do things easily."
  • "The frequency of the antivirus updates which we get for Check Point firewalls should increase. They should be of good quality compared to the competitive firewalls on the market. They should give us stable antivirus signatures. That is an area in which they can improve."

What is our primary use case?

We're using Check Point Next Generation Firewalls to secure the internal LAN network from unwanted threats and for protecting the environment for business use.

What is most valuable?

The most valuable feature is the central management system through the Security Management Server. Apart from that, the graphical user interface helps us to do things easily.

What needs improvement?

The frequency of the antivirus updates which we get for Check Point firewalls should increase. They should be of good quality compared to the competitive firewalls on the market. They should give us stable antivirus signatures. That is an area in which they can improve.

For how long have I used the solution?

I have been using Check Point's Next Generation Firewalls for the last three-and-a-half years.

What do I think about the stability of the solution?

These firewalls are very stable and, apart from the antivirus issue which I mentioned, everything is stable in them. The best thing is that they are the most advanced firewall on the market.

What do I think about the scalability of the solution?

Per my experience, it is very easy to scale these firewalls, because they are combined with the central management point. It is very easy to push the same configuration to different firewalls at the same time. It does not take much time to extend usage.

We use them throughout our organization. Currently we have used them for around 50 percent of our needs and there is definitely a room to grow. In the future we will definitely try to increase usage, if it is required.

How are customer service and technical support?

We have had a good experience with the Check Point support guys. The solutions they provide are very straightforward and are provided quickly.

Which solution did I use previously and why did I switch?

I used Palo Alto firewalls. Compared to Palo Alto we are happier with the Check Point Firewall features. Key differences are the ease of operating Check Point firewalls and the use of Linux, as we are all trained in Linux. It is easier for us to work on the ELA of Check Point firewalls. And Check Point's support is good.

Check Point is the best firewall we have found for our organization so we went with it.

How was the initial setup?

In our company we do setup of Check Point firewalls very frequently because we are a growing company and we are required to do them on a fresh basis for our new branches.

The initial setup for these firewalls is straightforward. There's nothing complex about Check Point firewalls. They are easy to install and configure. We have cloud-based VM firewalls. We configure them in our environment. It is easy to access them and it is also easy to implement the changes on them.

Deployment time depends on the condition and the space of the organization. In our case, it requires three to six months for the setup phase. We have the same implementation strategy for all our branches, which is very simple. It is a three-level hierarchy which is recommended by Check Point. We use the SmartConsole, we use the Security Gateway, and we use the Security Management Server.

In my organization there are six people who have the access to the Check Point firewalls. Two of them are network administrators and four are managers.

What was our ROI?

We are happy with the return on investment from the Check Point firewalls. We are happy with the features and with the protection they provide us.

What's my experience with pricing, setup cost, and licensing?

The licensing part is easy for Check Point firewalls. You just purchase the license and install it on the firewall. The pricing is a bit high, but obviously it gives you advanced features. If you want to buy the best thing on the market, you have to pay extra money.

What other advice do I have?

When implementing the product, follow the recommendations which Check Point provides. Follow the backup for the firewall so that in case of an issue, you have a secondary firewall active.

The biggest lesson I have learned is that there is a scope of improvement. Companies that are improving and providing updates frequently are growing more. In addition, improving support is a very key part of things. Check Point rates well on all these points.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Network and Security Engineer at BIMBA & LOLA, S.L.
User
Prevents attacks and phishing attempts and improves visibility
Pros and Cons
  • "The centrally managed firewalls are great."
  • "If you have the standard support level, sometimes they take a long time to understand or even give you a solution or good workaround to a problematic situation."

What is our primary use case?

The solution protects our internal network (traffic between VLANS) and also is used as a perimeter firewall in our on-premise and cloud environments. Also, we use functionalities such as IPS, ABOT, AV, VPN, and mobile access.

We have about 200 small branches distributed all over the world protected with 1,430 devices and connected via VPN to AWS Cloud Guard and Check Point firewall.

We also have endpoint protection in about 500 devices with firewalls, antimalware, antibot, anti-ransomware, threat emulation and prevention enabled, and also port control.

How has it helped my organization?

We have NGTX blades so that we have protection against known and unknown attacks (zero-day). In terms of protection, we passed from none to one of the most advanced protections in the market. 

Regarding endpoints, we can see a lot of prevented attacks and phishing attempts every day. We can see the whole solution running in our environment correctly.

We gained a lot of visibility of traffic patterns, destinations, and use of network (internal and external) resources due to the logs and views within the Smartconsole.

What is most valuable?

The centrally managed firewalls are great. We can save a lot of configuration time in configuration tasks. We have deployed about 200 devices in record time due to the fact that we use a unique policy for almost all of them.

Logs, Views and Reports are the most detailed compared to other vendors (FortiGate, etc.) We can see a lot of detail in the logs and also we can configure any report we need without any problem and in two clicks.

We can see that, for IPS signatures, we have updates every day, sometimes twice a day, so we see a lot of effort from the vendor. They really try to protect our environment from known attacks and vulnerabilities.

What needs improvement?

We try to not depend of the SMS application and leave it as a web application. Sometimes it takes a long time to authenticate and open correctly. It's a windows application, so you need a machine to install the application on.

If you have the standard support level, sometimes they take a long time to understand or even give you a solution or good workaround to a problematic situation. We had a problem in the past with a VPN blade that lead some devices to flap the VPN up and down. That case lasted 6 months as we were jumping between Check Point's internal departments in order to find a solution on our problem.

For how long have I used the solution?

I've used the solution for eight years.

What do I think about the stability of the solution?

We are very happy regarding the stability. In last year, we only have had three problems regarding software bugs or stability problems.

What do I think about the scalability of the solution?

They have a solution called Maestro where you can add devices in 10 minutes to scale the solution without doing a lot of configuration.

In our environment, we have a classic deployment so it's not as easy to scale; you need to do some configuration and have a maintenance window in which to do it. 

How are customer service and support?

We have the standard support service. I can't say anything too bad and nothing too good. It's normal. Regarding customer service at the local office, I can say that it is very good. They have helped us a lot in deploying some complex characteristics without cost.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We have Cisco, however, that's for networking and not security. 

How was the initial setup?

The installation was done by a partner, however, it was very straightforward.

What about the implementation team?

The product was implemented by a partner and their expertise was very good.

What's my experience with pricing, setup cost, and licensing?

There are a lot of licenses for almost every feature, therefore, it's possible to buy only the licenses needed and not a bundle that would have unused features. That leads to savings in costs.

Which other solutions did I evaluate?

We have evaluated FortiGate, and we saw that it was more user-friendly, however, some characteristics we needed in regards to complex VPN deployments were only available from Check Point.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Real User
Top 5
Good VPN and remote access functionality, efficient, and the logging works well
Pros and Cons
  • "Remote access with a secure workspace provides a clear separation between the client and corporate network."
  • "Interoperability with other vendors is not the strongest when it comes to setting up VPNs."

What is our primary use case?

Our primary use case is as a perimeter firewall for main and DR sites for a financial institution. It secures Internet access for users through IPS/AV/Threat Emulation/Application control and URL filtering with HTTPS inspection and geolocation restrictions. 

It secures our email and MDM solutions. 

We also use it to create site-to-site VPNs with vendors. Remote access is achieved through the use of a secure workspace and SSL network extender. Securing and inspecting HTTP traffic to our web servers is another important task. 

It secures several DMZs and segregates them from the rest of the network.

We use all of the security features available. 

How has it helped my organization?

It has helped us with controlling internet access, securing our external websites, and providing remote access that you can trust (secure workspace). The latter provides with a virtual Windows 7 desktop that only allowed apps can be initiated from. In our case, we launch RDP sessions from secure workspace. 

The latest version of the software is a big win overall, with major improvements in how the rulebase is scanned (it's not the top down classical rulebase checking, but a column based checking) and overall efficiency.

What is most valuable?

Remote access with a secure workspace provides a clear separation between the client and corporate network. 

Threat Emulation (sandboxing) is great for zero-day malware and it is easy to configure. 

Logging and administration are best-of-breed. You can quickly trace back on all sorts of logs in no time. 

IPS and AV rules are granular and specific for the rules that you need. 

The geolocation feature is good for dropping irrelevant traffic. 

Configuration through SMS is quick and easy. It eliminates administration errors while checking consistency before applying a policy.

What needs improvement?

I would like to have an improved secure workspace solution for remote access. I hear that the Apache Guacamole solution has been integrated into R81. 

The site-to-site VPN options are numerous, but they can get confusing. Interoperability with other vendors is not the strongest when it comes to setting up VPNs. It's totally different from any other VPN vendors I have come across. 

Improvements are needed in policy backups and reverting to the previous policy. This used to be better in R77.30. 

Policy installation tends to take a long time when the rule base increases in size, which can become frustrating. 

For how long have I used the solution?

I have been using Check Point NGFW for 10 years.

What do I think about the stability of the solution?

We have never had any unexpected crashes or issues.

What do I think about the scalability of the solution?

It should scale well as they now support more than 40 CPUs on a single system. 

How are customer service and technical support?

Our experience has been great, although we don't have direct support. This means that sometimes, it takes a while to get to the bottom of issues.

Which solution did I use previously and why did I switch?

Check Point is really the best NGFW I have come across and I have worked with many vendors including Cisco, Juniper, and FortiGate. It's a platform that a huge amount of research has gone into over the years. It has a great support community and clear guides to solve all sorts of problems and issues.

I didn't switch to Check Point, as it was always there. We haven't switched away from it over the past 10 years. 

How was the initial setup?

We always need some help on installs or major upgrades. 

What about the implementation team?

We have used several vendors and some are better than others. 

What was our ROI?

It is difficult to calculate ROI when it comes to security products. 

What's my experience with pricing, setup cost, and licensing?

The hardware cost is not huge, but you need to push for good pricing on software licensing and blades.

Which other solutions did I evaluate?

Check Point was implemented in the company before I arrived. 

What other advice do I have?

It's demanding for the administrator, as it takes years to get an in-depth knowledge of the platform. Otherwise, it is easy to use from day one.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PRAPHULLA  DESHPANDE
Associate Consult at Atos
Real User
Top 5Leaderboard
Highly-skilled support, centrally managed, good sandbox features
Pros and Cons
  • "Check Point provides dedicated blades to monitor network traffic, which helps while troubleshooting network and packet-related issues."
  • "There are issues with stability while upgrading devices with hotfixes."

What is our primary use case?

In today's world, we can't completely rely on traditional signature-based devices, as technology involving cyberattacks is becoming more sophisticated. We require an all-in-one solution that can defend against newly-created attacks, necessitating the usage of NGFW firewalls. This is where Check Point comes into the picture.

Our environment contains multiple roaming users, where we have to extend trust beyond the organizational network. Not only is there east-west traffic to deal with, but a large volume of north-south traffic, as well. We are required to monitor all of the traffic, which includes many branch offices connected centrally.

Monitoring Data via DLP in such a scenario, we require a single solution, which is nothing but Checkpoint.

How has it helped my organization?

It has not only improved our environment but the entire organization. Adopting it brings better functionality.

Starting from the basic firewall blade to sandbox threat emulation and threat extraction, it works seamlessly to protect against both known and unknown malware.

After the version 80.xx migration, Check Point stability and security have improved tremendously.

Through the management server, it has become very easy to manage the configuration for each of the blades, as well as the day-to-day operations. With central management, it has become possible to manage endpoint devices as well.

What is most valuable?

Check Point has the best technical support, which I feel if we consider other firewall vendors in the market, is an important distinguishing point.

Stateful inspection is one of the strongest points in this product, which is applicable while creating policies for application and URL filtering.

Check Point provides dedicated blades to monitor network traffic, which helps while troubleshooting network and packet-related issues.

It is easy to filter traffic based on source-destination services, time, etc, which is an enhancement over other firewalls in the market.

What needs improvement?

Check Point fulfills our requirements but it is important that they stay on top of competitors by addressing certain points.

There are issues with stability while upgrading devices with hotfixes. For example, many times, a device will stop giving responses after an upgrade (observed in 80.10 release).

The rule database needs to be improved because when we apply rules for the destination, based on service and application and URL filtering Layer, the parallel lookup fails.

For how long have I used the solution?

I have more than three years of experience with Check Point NGFW.

What do I think about the stability of the solution?

Stability can be improved further.

What do I think about the scalability of the solution?

Scalability is excellent.

How are customer service and technical support?

Technical support is very good and provides the right solutions every time. They are highly skilled.

Which solution did I use previously and why did I switch?

We have seen many customers migrating their firewall from Sophos to Check Point, or from Cisco to Check Point. The main reason has been that they were not getting NGFW functionality and the security feature sets that Check Point provides.

How was the initial setup?

The initial setup is straightforward.

What about the implementation team?

I implemented it with the help of a vendor.

What was our ROI?

We are definitely getting most of the things that we expect from this product.

What's my experience with pricing, setup cost, and licensing?

Check Point is a vendor that listens to customers and determines what they want. Based on the requirements and the solutions offered by other vendors, Check Point will negotiate to try and give the customer the best price.

Check Point offers options and operates differently from other vendors with respect to licensing. Each blade requires that you have a license.

Which other solutions did I evaluate?

We also evaluated Palo alto.

What other advice do I have?

I think people like me love Check Point because in my experience over the years, I have not heard of a comprise where Check Point was protecting the network. As long as the devices are configured properly, this is a very small chance of being compromised.

In general, the NGFW features in Check Point fulfill our requirements, which is expected from a Cybersecurity firm that has been involved in the field for a long time. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: I'm working in company where we provide services to other customer.
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.