Check Point NGFW Reviews

The solution is our main firewall. It protects our perimeter.

The tool has solid firmware with very few vulnerabilities. We don't need to upgrade it for vulnerabilities. It is rare when compared to the competitors. The product’s performance is good. My organization chose the product because it is stable and provides a very good Software Blade.

The tool must improve its support. The support provided by partners gets expensive.

I have been using the solution for around six years.

The product is stable.

The solution protects the entire perimeter. Every user passes through the firewall. It is used daily. We have around eight administrators. The solution requires very little maintenance.

The initial setup was easy.

The solution is expensive. A medium data center would cost around $17,000 per year for a medium enterprise.

Except for Palo Alto, Check Point is good compared to its competitors. Cisco ASA lacks features.

It is a good product. There are other competitors. Check Point NGFW is easy to deploy, manage, implement, and troubleshoot. The operation is pretty simple. Even a few operations people can run it very well. It is pretty much stable. We need to safeguard the data of our organization very well. Check Point NGFW is a leading solution provider. Security products must not have many vulnerabilities. Overall, I rate the product a nine out of ten.

We are using the solution for the perimeter. It's used as a core firewall, with almost all transactions passing through the firewall. For instance, in a cellular phone company, all transactional authorizations pass through the firewall, while in a bank, authorizations for branches and ATMs go through the firewall. The main customers are in the BFSI, telcos, industry manufacturing, and other large enterprise sectors.

Check Point's solutions allow organizations to operate securely with a reliable core firewall in place, ensuring that transactions proceed smoothly.

The Check Point firewall is used as a core firewall offering high reliability with at least two synchronized data centers, creating a fault-tolerant configuration. It is considered a very stable platform with minimal bugs.

Technically, there is no need for improvement. That said, they need to be more aggressive and protect more of the channels on the commercial side. Additionally, the user interface could be more user-friendly.

We have been using Check Point solutions for over twenty-five years, since the very beginning.

The firewall is highly stable, being described as one of the most reliable, with a stable platform and few bugs.

Using the Maestro technology, the firewall has good scalability. It allows for flexibility and growth by stacking clippings without needing to change the chassis.

Customer service is generally good. With Diamond or Diamond Plus service for banks, the support level meets customer expectations. The internal team of Check experts also ensures issues are resolved efficiently.

Positive

We are familiar with and have supported other solutions like Fortinet, Palo Alto, and Cisco yet primarily do business with Check Point.

Initial setup can be complex, especially in large or redundant deployments. Expertise is required to manage configurations, especially with complex operations and a high volume of users and VPNs.

The implementation team has around 20 people, with a total group including maintenance and support numbering 60.

Monetizing the risk is complex, and despite having software for calculating ROI in security, traditional calculations like the FAIR methodology do not apply efficiently in Latin America.

Check Point and Palo Alto solutions are among the more expensive options, but once a platform is adopted, switching is difficult. Clients tend to stay with the same brand for extended periods.

We have evaluated solutions from Fortinet, Palo Alto, and Cisco, however, the main offering is Check Point.

I'd rate the solution eight out of ten.

We are using physical appliances along with some VSX's in our network. We mostly use firewall only (due to high traffic usage). We are using CP NGFW to protect the company from the internet and also provide security while we are connecting to the internet.  

We have physical clusters that we manage via our company's external connections through S2S. We are managing our core and client networks with separate clusters. Applying security rules and providing NAT when we need it. We are also using CP in our DRC environment to provide SRC and DST NAT with VSX to provide access to machines that have the same IP addresses.

Back when we had a different brand of firewalls, we were having trouble managing all of them separately. With Check Point's HA capability, we merged all of our Check Point firewall management. With this, we can apply a viable DRC solution that our company needs and also manage, view logs, and administer all of the components together.

With the capable appliances, we don't experience any CPU and Memory utilization most of the time. With the help of new versions, Check Point is moving forward. We hope the upcoming version will provide hyper flow, and this will solve our elephant flow problem.

The solution offers a good GUI. It is easy to use, smart, simple, and user-friendly.

The client VPN and S2S VPN capabilities are great. Check Point's mobile access provides us with flexibility. We don't have a single point of failure regarding the VPN access points anymore.

We can use Check Point NGFW physically, virtually (with Check Point VSX), and on the cloud with CloudGuard. We have most of the features available even within these different environments.

We can apply SAM Rules (without installation needs), and Custom Intelligence Feeds.

It has good API support and provides value when you need it. 

The API support is good. However, Check Point needs to focus on more prepared scripts for some tiresome actions. Other vendors provide this, including Palo Alto). We are in a big organization now, and we need good tools to maintain stability and get rid of the objects and rules that we don't use.

If you are working within a big organization, you may have some CPU and memory utilization problems. Most of the time, we are encountering these kinds of problems, and due to that, we can't use other features and blades other than the firewall or threat prevention.

I find Check Point's log experience a little tiresome as it does not provide information with limited blades enabled. We'd like to see information around session time, sent and received bytes, etc. Even if you manage to get some data, you may find it not very reliable.

I've been using Check Point's NGFW and its features for about five years. 

I found Check Point's stability a little bit so-so. Not that good, not that bad. Most of the time it is reliable. We had lots of problems before due to the utilization of our firewalls. Most of the time, the hotfixes provided the solution. However, applying hotfixes and getting in touch with the R&D when needed may be tiresome.

It's pretty good. The HA Features provide a good solution so far, and with Maestro it will perform better.

I had the chance to work with Fortigate and Palo Alto Firewalls before. Due to the stability and know-how regarding Check Point, we chose this vendor.

We always believed and saw that the money we spent on Check Point was not in vain.

The most valuable feature of the solution is its efficiency.

You have an administration tool that is not on the appliance, and it should be in line with the appliance. You can put your modification online and compile it again before applying.

I have been using Check Point NGFW for seven years.

The solution's technical support is good.

Positive

We previously used Cisco. We switched to Check Point NGFW because Cisco was comparatively a bit outdated.

Check Point NGFW is a little expensive. We paid around 70,000 Euros for it, and the solution's maintenance fee is expensive. We also have to pay for technical support.

I am generally satisfied with the solution. The new Check Point products are more powerful than the previous appliances. The product is good but perhaps more adapted to big firms than small companies.

Overall, I rate the solution an eight out of ten.

Currently, we utilize Check Point firewalls, IPS, site-to-site VPN, and remote access VPN features for our various client operations.

We have implemented a cloud firewall for one of our customers and primarily handle perimeter security using Check Point firewalls for multiple customers.

We also handle POCs, implementation, upgrades, and daily security operations as part of our services.

We are distributor partners who also distribute Check Point products to our customers. We recently convinced our clients to use Check Point firewall services and signed a contract with them.

We have not received any issues from any clients using Check Point services so far. It is really great to use and up-to-date. In Check Point, we have never seen it hit any vulnerabilities like other products.

Also, the TAC support from Check Point is excellent. I really appreciate it when dealing with complex issues. It allows us to easily obtain vendor support without many issues compared to other products.

Certifications and training from Check Point are valuable. I recently attended a boot camp and found it both knowledgeable and enjoyable.

Recently, I came across the Check Point Infinity AI feature in one of the Check Point webinars, which I believe is unique and will be very useful in the future.

Also, Check Point Harmony and Quantum deliver uncompromising performance with advanced threat prevention, policy management, remote access VPN IoT security, SD-WAN, and more.

Infinity Threat Prevention is an innovative management model. It provides zero-maintenance protection from zero-day threats and continuously and autonomously ensures that your protection is up-to-date with the latest cyber threats and prevention technologies.

The upgrade process of Check Point could be simplified to match other products.

For some of the MSSP partners, Check Point should personally go and give demos to them. This way, the MSSP can show their clients what Check Point is capable of and what kind of new technologies and features Check Point is coming up with.

Adding automation for upgrades and hotfix installation would be a beneficial new feature for administrators from an operations standpoint. Additionally, Check Point should pay more attention to endpoint security; they are currently lacking in that area compared to other competitors.

I've been using Check Point products for more than eight years.

The solution is 100% stable. 

The solution offers 100% scalability.

Technical support is very good.

Positive

No; we have multiple clients, so we use multiple products.

The setup is fine; I've only faced issues during upgrades.

The expertise of the vendor is excellent. I'd rate them ten out of ten.

The ROI is really good.

In terms of cost, pricing, and licensing, Check Point is not very expensive or complex.

We did not evaluate other options. 

My overall experience is really good. I am enjoying working with Check Point products, especially on the firewall. It's much easier compared to other firewalls.

Our customers have been using it for the network security.

Unlike Fortinet, where the log loading process can take up to a month, Check Point stands out for its efficiency. While other solutions may only provide logs for a short period, such as one or two months, Check Point impressively retains logs for up to six months on some machines and at least three months on others. This extended log retention period is a significant advantage for our customers, providing them with valuable insights and enhancing their overall security posture.

One of the most advantageous features of Check Point firewall is its multi-interface capability. While traditional firewalls typically have a single interface, Check Point stands out by offering tools with multiple interfaces. This capability, now known as SmartConsole, allows users to manage policies, security objects, and routing points all from one dashboard. This contrasts with other firewalls where users often have to log in separately to access different functionalities. The hierarchical structure of communication and management in Check Point firewalls adds complexity, making it more challenging for attackers to exploit vulnerabilities. Additionally, Check Point introduced SD-WAN functionality in December 2013, further enhancing its capabilities and staying ahead of the curve in network security.

There's a significant area for improvement when it comes to pricing. While frequent updates and patches are released, which is commendable and adds significant value, the loading time for SD-WAN updates can be excessively long.

The feature we're eager to see enhanced in Check Point is reporting, particularly in terms of highlighting past reports. Currently, if we create a rule for a report in the morning, we expect to receive an email highlighting it. While we can set this up, the issue lies in segregating the project into separate reports.

I have been working with it for five years.

Occasionally, we face certain issues and downtimes. Downtime varies depending on the type of changes or updates being made. For instance, a version upgrade typically requires only fifteen minutes for reboots. However, for patch updates or version updates, downtime can extend to at least one hour. In some cases, especially in custom environments, downtime may exceed two to three hours.

It provides good scalability. Despite having only three customers, I've implemented the firewall for over a thousand users. These users are situated in factory environments, meaning there are thousands of endpoints, including those connected via VPN.

I am relatively satisfied with the level of technical support provided. We primarily work with Indian support teams, and while some technical engineers are exceptionally intelligent and quick to resolve issues within ten to fifteen minutes, others may take longer. However, the crucial aspect is that they eventually provide an answer or escalate the issue if needed. When I contact support, I first inquire about the assigned person, and if I am familiar with them, I proceed with the interaction. Otherwise, I prefer to escalate the query to another region to avoid wasting time. I would rate it eight out of ten.

Positive

We have experience working with Fortigate and Palo Alto in the past. In Sri Lanka, Check Point has a strong marketing presence, which influences customer decisions.

The initial setup can be complex and may pose a challenge, especially for those without prior experience. Setting it up for the first time requires careful attention and a level of expertise to navigate effectively.

The deployment process begins with configuring the firewall's IP and other settings. Once this initial configuration is complete, we proceed to the AI portal. In the AI portal, the first step is to configure the interfaces. After configuring the interfaces, we proceed to install the created interface. Next, we move on to the SmartConsole. To access the SmartConsole, we download it from the app portal. Once the SmartConsole is installed, we can easily create rules for logging purposes, manage objects, configure networking, and VPN, and other technical tasks from the SmartConsole. Routing and related tasks are typically handled in the data portal. One individual is enough for the deployment. The duration of the setup process varies depending on factors such as the complexity of the customer's environment and the site architecture. For instance, in a relatively simple scenario with just two VLANs and a couple of VPNs, the configuration could be completed within a few working days. Maintenance is essential, with upgrades and patch updates being mandatory at least once every six months. This ensures the system remains up-to-date and secure.

Our customers are pleased with the return on investment. The occasional bugs and updates, common to all firewalls including Check Point, are being addressed promptly. The platform is regularly updated to ensure optimal performance.

The price is on the higher side.

While the cost may be a consideration, the level of security provided by Check Point is exceptional. In my experience, I have not encountered any cyber attacks. The only negative experience was not related to the firewall but rather to customer issues with the router. It's important to remember that compromising security for cost savings can ultimately lead to vulnerabilities. Therefore, investing in high-security solutions like Check Point is worthwhile. Overall, I would rate it eight out of ten.

We are using Check Point Next Generation Firewall both as an edge border gateway and as an internal gateway protecting users and servers networks. Using the Virtual System solution we create different network environments and virtual system firewalls in which we have different modules (additional license could be needed) activated depending on the topology of the network where the firewall is protecting the traffic. We are also implementing IPS on several internal firewalls that are inspecting such flows.

Mainly the easy central management with support for virtual systems has helped in the operating and analyzing time of the security department. We know that with other security solutions that don't scale well and don't have a central management system, you lose precious time operating the platform.

Under the same interface, we are using a stack of different security modules, so the learning curve is easier than the need to learn new interfaces for each specific appliance. At the same time, you can check the logs in a homogeneous way.

The management interface is easy to operate and is a standardized way of managing different firewall modules in the same client application. Additionally, it provides up-to-date security options through different license bundles and scalability to match almost any firewall security needs as you can easily add more systems to implement several cluster firewalls, running as a load-sharing whole system or active-standby members. The log explorer is also straightforward to use, and the results are easily exportable.

To provide visibility of the requirements you have to accomplish to perform some of the traffic security mechanisms. Several security modules are based on HTTPS inspection, losing a relevant security capability if you don't implement it in your network. So the product should point out this need clearly so you can fit your expectations in a real-world environment. That said, this is not a limitation of the product itself.

You need to read the requirements to take into consideration both throughput, security modules and storage (logs) needs so you can choose the appliance that best fits your organization.

I've used the solution for more than ten years.

In most environments, this solution is running pretty stable.

It is easy to scale both with virtual systems or by adding additional physical appliances.

Support has a good and fast response to new threats and is proactive with a big community.

Positive

We were using a Cisco firewall solution. It was outdated and the management interface was not unified.

We evaluated Palo Alto and Fortinet as well as Check Point

For the technical administration teams. I advise them to take, at least, the basic training so they can manage the solution adequately.

It assists us in filtering files for our internal users, ensuring that our data remains secure and protected. During the pandemic, it has been invaluable in enabling remote connections through VPN for our employees who are working from home, facilitating our COVID-19 response efforts. We established point-to-point VPN connections with approximately thirty clients, which enhances our security, especially at the outermost layer of our network, safeguarding us from external threats.

It includes features like IPS, which keeps us informed about potential threats attempting to breach our infrastructure, adding a crucial layer of security. It is user-friendly and straightforward to manage, which simplifies our overall network security management.

It could greatly improve our customer experience by centralizing management. Currently, we face the issue of having different management interfaces, which require us to switch between them, causing some difficulties and inefficiencies in our workflow. There are instances where the software crashes and this necessitates frequent upgrades from one version to another.

I have been using it for four years now.

I would rate it as highly stable, giving it a solid nine out of ten.

In terms of scalability, we haven't needed to expand significantly as our current setup consists of firewall checkpoints at the main site and another set at the HQ. These devices can seamlessly communicate with one another. We use SmartConsole managing system, which serves as a centralized hub for collecting and managing logs from all our Check Point Firewalls. As far as I know, the limit for management servers is five firewalls, so beyond that, additional licensing may be required to accommodate more devices.

We don't engage directly with its support team. Instead, we work through a reseller who handles our support needs. When we require assistance, we reach out to the reseller, and if necessary, they will liaise with Check Point on our behalf.

We were previously using Cisco ASA, Cisco X-ray, and FortiGate. However, the technologies we had, particularly the Cisco ASA, were outdated, and there was a clear need to upgrade to a next-generation appliance. When considering our options, we received a proposal from a local vendor in Angola, and after reviewing it, we decided to move forward with Check Point as it is widely recognized as one of the top solutions in the market.

The initial setup is straightforward. I would rate it nine out of ten.

We've had positive experiences with the deployments, and we've recommended it in several instances. Currently, we have implemented four Check Point Firewalls. Our initial deployment at the primary site took approximately a week to set up. After fine-tuning and making necessary adjustments, the total time for implementation was roughly two weeks. The main office at our headquarters had a similar timeline, as the tuning process does require a significant amount of time and effort.

The technology itself is impressive, but I find the pricing a bit on the higher side. This is partly due to the complexities we face with exchange rates in our country, as obtaining foreign currency can be challenging.

Having worked with products from various providers, I've found the experience and functionality of Check Point to be quite impressive and I strongly recommend it, provided they invest in essential training, which is a critical component. Its user-friendly management interface simplifies the process, and it offers a wealth of features. I would rate it nine out of ten.