We changed our name from IT Central Station: Here's why
IT Security Engineer at PricewaterhouseCoopers
Vendor
Extremely reliable with a great SmartConsole and very useful Identity Awareness capabilities
Pros and Cons
  • "One ability that Check Point has is that it is the first to provide us with the ability to use identities instead of using the traditional IP-based format, which allows way more flexibility in what we can do with the rule base."
  • "Identity Awareness has been a massive source of problems for our deployment and the ability to debug it has been lacking."

What is our primary use case?

Our primary use case for Check Point NGFW is as our internal firewall within the datacenter to route traffic within it as well establishing our rulebase for part of our datacenter.

We have also implemented some other nodes as ICAP servers only. They have been a great replacement even though the installation was not the easiest.

They are the last line of defense (or first depending on how you look at it) within our perimeter and are therefore a critical part of our system within the company.

How has it helped my organization?

Check Point NGFW have been a real rock in terms of reliability (except for Identity Awareness) and we have not had any issues in terms of CPU or memory usage as our model might have been overkill with how well it is able to process traffic and how easy and unimpactful it is when adding new blades to manage this traffic

One ability that Check Point has is that it is the first to provide us with the ability to use identities instead of using the traditional IP-based format, which allows way more flexibility in what we can do with the rule base.

What is most valuable?

Identity Awareness has been an absolute gamechanger in how we've been able to create rules within the company. It allows us to give access to certain resources in very specific ways that were not possible before.

The SmartConsole is a very powerful interface compared to many other competiting products, which allows us to seamlessly go from watching logs, to modifying the rule base and easily find what objects are used where or even check which logs are linked to a specific rule

Logs are very well parsed when sent to Splunk.

What needs improvement?

Identity Awareness has been a massive source of problems for our deployment and the ability to debug it has been lacking.

The VPN setup is definitely way harder than it should be. The wizard or anything surrounding it doesn't allow for a quick setup without having to read documentation or actually getting a project with an external company

Our gateways have not felt like a day older than when we first got them, on the other hand, our physical management server Smart-1 has been definitely showing its age as it is sometimes quite long to do anything on SmartConsole when it decides to act up.

For how long have I used the solution?

I have been using Check Point since joining my current workplace - about 4 years ago.

What do I think about the stability of the solution?

In 4 years, we've only really had one big incident with availability that was due to a faulty network card, which was changed quickly once diagnosed.

What do I think about the scalability of the solution?

Since we chose a model larger than our needs, we aren't looking for a scalable solution.

How are customer service and support?

Customer service and support have been a bit hit or miss and it takes a while for escalation to happen, however, once it does happen, you get proper support right away.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I was not present within the company when it was decided to switch from one solution to another, and actually our previous solution was Check Point as well - and it was just reaching its end of support.

How was the initial setup?

I did not participate in the setup.

What about the implementation team?

We used a vendor team along with our in-house team.

What was our ROI?

I would need to compare it with other solutions used in our environment, which I haven't done.

What's my experience with pricing, setup cost, and licensing?

I'd advise users to only choose blades when they are absolutely necessary - unless getting a good deal with a package.

Which other solutions did I evaluate?

As mentioned, we switched from Check Point to Check Point.

What other advice do I have?

For the Identity Awareness setup, try to follow Check Point guidelines from the start as it is really capricious and hard to debug.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Senior Network Engineer at Arvest Bank Group
User
Unstable with unreliable hardware and poor technical support
Pros and Cons
  • "The only area that Check Point still seems to excel in is their logging."
  • "Check Point's support, at all levels, needs a complete overhaul."

What is our primary use case?

Check Point firewalls are/were deployed in various parts of our network to achieve perimeter defense and internal network segmentation. 

In addition to the firewall functionality, each appliance also leveraged Check Point's IPS blades. The perimeter Check Point appliances were also responsible for terminating any and all site-to-site VPN connections with third parties. 

All traffic from remote locations, remote VPN users, and egress traffic to the internet is filtered through the Check Point equipment at some point in our network.

How has it helped my organization?

Check Point has not improved our organization. We have observed a sharp decline in the quality of both products and support. 

Over the last several years, there has not been a single week where we have not had an outstanding issue open with Check Point support's advanced tier teams. 

Initially, we had incredibly impactful issues regarding their scalable platform hardware (which is being discontinued in favor of Maestro) to the point we were forced to rip them out due to them being completely unreliable. 

Check Point support has also seen a significant drop in quality, despite my organization even being a Diamond Support customer with Check Point. We fully believe it would be a wiser investment of time to call Geek Squad rather than Check Point.

What is most valuable?

The only area that Check Point still seems to excel in is their logging. Reviewing logs on Check Point is a snappy and intuitive process that allows the end-user to filter down traffic to specifically what they're looking for very easily and even with little knowledge of Check Point. 

The ability to create filters on the fly in the GUI with simple clicks to various areas of the log is fantastic and allows one to find exactly what they're looking for with very little effort. Note that this is probably the only thing Check Point still has going for it.

What needs improvement?

Check Point's support, at all levels, needs a complete overhaul. The Check Point support staff aren't even shy about telling you how understaffed, underpaid, and underappreciated they are. Any engineer with a hint of talent is pulled from general support to higher tiers, and then, once they reach a level of competency above that of your average acorn, they leave for better-paying jobs elsewhere. 

My organization witnessed this first hand fighting through the lower tiers of support and working frequently with the scalable platform team. When we switched to Diamond Support we saw no significant improvement in support save for shorter hold times.

For how long have I used the solution?

I have personally used Check Point solutions for nearly ten years. My organization has used Check Point for 15+ years.

What do I think about the stability of the solution?

The solution is absolutely unstable. My organization follows vendor best practices exactly and has every deployment vetted by multiple levels within the vendor. Despite this, Check Point hardware has repeatedly proved unreliable at best, sometimes resulting in total outages for our company. 

Which solution did I use previously and why did I switch?

My current organization has used Check Point for the relevant past and is only recently completely switching vendors to Palo Alto.

What was our ROI?

All current Check Point hardware is destined for the recycle bin. There is a pretty low ROI.

What's my experience with pricing, setup cost, and licensing?

Most firewall vendors, Check Point included, make the selection of hardware easy enough based on projected usage. Likewise setup on many vendors in greenfield environments is simple enough and should not require professional services.

Which other solutions did I evaluate?

I was not involved with the initial deployment of Check Point in our environment as it was before my time. However, each subsequent deployment I have been involved in with Check Point was used based on the existing relationship. Once the issues became too impactful and we realized we had no hope of seeing any improvements we began efforts to rip out the existing Check Point equipment.

What other advice do I have?

Do not let Check Point's past success lure you into their current state of bottom of the barrel.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,599 professionals have used our research since 2012.
Systems Architect at PHARMPIX CORP
User
Excellent support, great remote access, and very good reporting capabilities
Pros and Cons
  • "The support offers the best services I have experienced. It's better than any other IT vendor."
  • "Internet load balancing provides either active/passive or active/active load balancing, however, I would like to see more options that provide SD-WAN capabilities while also allowing for more than two links."

What is our primary use case?

Currently, I'm working as a Lead Security Architect in the healthcare industry. We have two data centers, multiple branch offices, multiple cloud subscriptions, and over 200 employees. Our operation is mission-critical and requires it to be up and running 24/7. We need to protect multiple applications that are developed in-house, sensitive data including PHI, Financial, intellectual property, et cetera.

Check Point NGFW and its security modules have been our security solution for the past six years to protect all of our assets, including our cloud subscriptions.

How has it helped my organization?

Check Point Next Generation Firewalls are key components in protecting our assets and information. Their security modules are very easy to use and understand. Also, it's one of the most user-friendly interfaces I’ve had the opportunity to use and I’ve had the chance to work with more than four firewall solutions.

Their reporting and logs modules are amazing. It provides a level of detail and visibility that we haven't had before. It’s useful to understand what is happening on our network and has been very successful in blocking attacks and providing options for executive summaries. 

Being able to manage all the security gateways for our multiple sites in a single management console and share policies has been very beneficial.

What is most valuable?

The Remote Access VPN has been crucial to us, especially during this pandemic. We had to be on lockdown for a couple of months and being able to deploy a remote workforce with Check Point VPN was a crucial part of our business continuity strategy.

The logs and reporting are very easy to use and manage. Also, the IPS and IDS are critical components to keeping our network secure. They are very easy to configure and there are multiple templates that can be used out of the box that provides maximum protection to our network.

The support offers the best services I have experienced. It's better than any other IT vendor.

What needs improvement?

Check Point Firewalls haven't failed me during the past six years that I have been using them. 

If I had to mention anything that I would like to see some improvement on, it’s on the internet load balancing options. Internet load balancing provides either active/passive or active/active load balancing, however, I would like to see more options that provide SD-WAN capabilities while also allowing for more than two links. I know this can be performed with other network devices, however, adding the option as part of the NGFW would be awesome.

For how long have I used the solution?

I have been using Check Point for 6 years now.

What do I think about the stability of the solution?

I've never had a single issue on any of my security gateways.

What do I think about the scalability of the solution?

I haven't had the opportunity to scale, however, I have seen many demos of maestro architecture, and it looks awesome.

How are customer service and technical support?

As I mentioned before, Check Point support is one of the best services from any IT vendor I have experienced. They answer very quickly and also provide solutions most of the time within the first call.

Which solution did I use previously and why did I switch?

I have used multiple solutions in the past. We migrated from Cisco ASA to Check Point six years ago and have never looked back. Our old ASA required additional hardware components for additional security services.

How was the initial setup?

The product is very easy to set up.

What about the implementation team?

The implementation was performed by a vendor team in combination with our in-house security team.

What was our ROI?

My peace of mind is the ROI.

What's my experience with pricing, setup cost, and licensing?

Check Point is not the cheapest firewall solution, but you get what you pay for. It's super reliable and their service is great.

Which other solutions did I evaluate?

I had the opportunity to review Palo Alto and Fortinet.

What other advice do I have?

I'd advise other users to give it a try.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
President at NGA Consulting, Inc.
User
Easy to set up with great technical support and offers helpful reporting features
Pros and Cons
  • "The event logs are relatively informative and can provide information on why traffic was accepted or rejected."
  • "Geo-blocking would be very useful. There are too many attempts to infiltrate by non-country users. I can block access by IP address or IP network, however, a country-level blocking would be more useful and much quicker to implement."

What is our primary use case?

We use it as a firewall solution with built-in VPN capabilities, anti-virus, and malware detection. It has good blocking abilities and is easy to set up and maintain.  

They allow VOIP traffic to pass through the firewall as well to onsite PBXes. The firewalls themselves are for SMB environments, with between five and 25 users at different sites and in different states.  

Employees regularly work from home, so a VPN solution is a necessity to allow for remote file shares and or/remote desktop through a encrypted VPN tunnel.  

How has it helped my organization?

With the added ability to have multiple VPN methods to connect, the solution has worked well for remote workers who are either utilizing the Check Point VPN client or the SSL VPN web client.

The throughput with full threat detection is adequate for the Internet circuit installed at most of the client locations and is in fact better than the previous firewall solution.

The support has been great whenever Check Point has been contacted. They help resolve an issue or explain how to perform some necessary action. 

For the most part, the NGFW is easy to understand and set up and there are, of course, advanced options if a non-standard problem arises.

What is most valuable?

The reporting feature has been helpful to get a quick understanding of network traffic and threats identified. Even if a false positive is identified, it's been helpful to perform more of a deep dive into what triggered the detection and to certify that there is a problem or that there isn't a problem.

Anti-virus and anti-malware on the NGFW device have been pretty solid and have caught many threats before they entered the network.

The event logs are relatively informative and can provide information on why traffic was accepted or rejected.

What needs improvement?

Geo-blocking would be very useful. There are too many attempts to infiltrate by non-country users. I can block access by IP address or IP network, however, a country-level blocking would be more useful and much quicker to implement.

It would also be nice to have a smaller home user device that could automatically contact the main firewall and establish a VPN connection. This would be great for remote users to secure their work PC at home.

On the front page of the appliance, it lists current threats identified. It would be helpful if clicking on the threat took you to the exact logs instead of showing all host logs as you still have to scroll through the host logs to find the information you are looking for.

For how long have I used the solution?

I have been using Check Point since 2016. It's been a little over five years.

What do I think about the stability of the solution?

We've had very few issues; the builds themselves haven't had any issues.

What do I think about the scalability of the solution?

The solution is very scalable; Check Point has a variety of NGSW devices that can scale with the user base.

How are customer service and support?

Support is excellent, quick to respond, and quick to provide a resolution to any problem.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used Watchguard. We switched due to the threat protection and we felt that Check Point did a better job of providing protection.

How was the initial setup?

The initial setup is straightforward and plug and play for a basic configuration to get you started. You can then begin building the NAT and policy rules, which are easy enough to do.

What about the implementation team?

We implemented the solution in-house.

What was our ROI?

The malware blocking capabilities more than paid for the cost of the device and license.

What's my experience with pricing, setup cost, and licensing?

I'd advise users to size their appliance correctly before purchasing it.

Which other solutions did I evaluate?

We did not evaluate other options. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Oleg P.
Senior Network and Security Engineer at a computer software company with 201-500 employees
Real User
Top 5
Our overall security of the environment has been greatly improved
Pros and Cons
  • "The overall security of the environment has been greatly improved by the Check Point NGFWs. Before implementing this solution we have to rely on the Cisco ACLs and Zone-Based firewall that we had configured on switches and routers, which in fact a simple stateful firewall, and currently not an efficient for protecting from advanced threats."
  • "The pricing for the Check Point products should be reconsidered - we found it to be quite expensive to purchase, and to maintain (the licenses and the support services need to be prolonged regularly)."

What is our primary use case?

Our company works in developing and delivering online gambling platforms. The Check Point NGFWs are the core security solution we use to protect our DataCenter environment located in Asia (Taiwan). The environment has about ~50 physical servers as virtualization hosts, and we have two HA Clusters consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix. The Clusters serve as firewalls for both inter-VLAN and external traffic.

How has it helped my organization?

The overall security of the environment has been greatly improved by the Check Point NGFWs. Before implementing this solution we have to rely on the Cisco ACLs and Zone-Based firewall that we had configured on switches and routers, which in fact a simple stateful firewall, and currently not an efficient for protecting from advanced threats. The Check Point NGFWs brought up the security level with the help of the advanced software blades - we use Application Control, URL Filtering, IPS, Anti-Bot, and Antivirus. The setup was simple, and the performance is great - we have significant resources to expand the environment in the future without disabling any blades and thus maintaining the security on the same, high level.

What is most valuable?

1. Advanced logging capabilities - our support team on duty constantly monitors the security logs in the SmartConsole, and notifies the security team in case of major alerts.

2. Advanced networking and routing features - we use Proxy ARP to announced virtual IPs to ISP and bing domain names to it; BGP for dynamic routing over IPSec VPN tunnels to other environments, and Policy-Based Routing for connecting to two ISPs.

3. The new Policy Layers feature for building up the Access Control policy - the rules are now more understandable and efficient.

What needs improvement?

The pricing for the Check Point products should be reconsidered - we found it to be quite expensive to purchase and to maintain (the licenses and the support services need to be prolonged regularly). 

We also had several support cases opened for software issues (e.g. unstable BGP sessions over VPN tunnels), which, in our opinion, took too long to resolve - up to one month.

Also, even so, the new SmartConsole is declared to be unified starting from version R80.10, there are still some features that have to be configured in the old SmartDashboard (e.g. Mobile Access policy and Antivirus), or on the Gaia OS level (all the routing features).

For how long have I used the solution?

We have been using the Check Point Next-Generation Firewalls for about 3 years, starting from late 2017.

What do I think about the stability of the solution?

In general, the solution is stable, but we still have had some support cases opened and have to install the JumboHotfixes on a regular basis to fix the minor bugs. Please note that the current version of the software we use - R80.10 - is not the latest one (R80.40).

What do I think about the scalability of the solution?

The solution is scalable - we use the Active-Standby Clusters, but could switch to Active-Active and add additional Gateway nodes if needed.

How are customer service and technical support?

We have had several support cases opened. Some of the were resolved by installing the latest recommended JumoHotfix, some required additional configuration on OS kernel level (e.g. TCP MSS clamping). The longest issue took about one month to be resolved, which we consider too long.

Which solution did I use previously and why did I switch?

We relied on the ACLs and Zone-Based firewalls of the Cisco switches and firewalls, which doesn't provide sufficient security protection against the modern advanced threats. 

How was the initial setup?

The equipment has been delivered on time, without delays. The setup was straightforward. The configuration was easy and understandable. 

What about the implementation team?

In-house team - we have a Check Point Certified engineer.

What's my experience with pricing, setup cost, and licensing?

Use the Check Point Performance Sizing Utility to measure and estimate the hardware needed to purchase for your environment.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Engineer II at Baptist Health
User
Good antivirus protection and URL filtering with very good user identification capabilities
Pros and Cons
  • "The scalability is very good."
  • "I'd like to see more use of applications and URLs in security policies moving forwards."

What is our primary use case?

The primary use case for these firewalls is to protect our perimeter from unwanted traffic in and out of our network as well as to control the flow of data to comply with our company security policies. 

It also plays an integral part in restricting or granting access at a granular level for certain users or vendors allowing us to monitor and protect end-customer data as well as protecting our users and network from malware, bots, ransomware and other bad actors that could disrupt our business operations.

How has it helped my organization?

Check Point NGFW products have improved the operation of our organization by allowing us to secure our perimeter from attacks, probes, malware, DDoS, bots and general bad actors. It also allows us to secure outbound traffic from our users. 

It allows us to fine tune how we allow users to access resources both in our DMZ and externally. This helps us to secure customer and user data in order to prevent privacy issues, prevent loss of operations or downtime which we cannot accept. 

Being able to use the products in redundant pairs has also allowed us to provide a more stable network.

What is most valuable?

There are several useful features that we utilize that are now valuable assets in terms of protecting the network. These would include user identification (ID Collector), IPS, antibot, antivirus, application, and URL filtering as well as the standard firewall security rules. They all work together to provide layers of security to protect both inbound and outbound traffic in order to minimize loss of private data as well as to ensure our network is free of bad actors attempting to use malware or ransomware against us.

What needs improvement?

Check Point could improve its products by working on stability. Overall, it is a stable platform, however, at times we have issues with 'quirks' and bugs that cause issues for our end users and typically are not straightforward to fix. 

Another issue that presents itself is upgrading. Small hot fixes are not problematic. That said, updating to a new version of the OS has been an absolute nightmare and caused significant downtime and a number of issues - not to mention wasted engineering time. Simplify the upgrade process and they may regain confidence in this area!

I'd like to see more use of applications and URLs in security policies moving forwards.

For how long have I used the solution?

I've worked with the solution for seven years across two different companies.

What do I think about the stability of the solution?

The stability is good, yet it could use some improvement.

What do I think about the scalability of the solution?

The scalability is very good.

How are customer service and support?

It has always been slow and difficult to use technical support. It depends on a case-by-case basis, however, you have to chase and manage the case yourself or it will go nowhere. This likely comes down to a lack of experienced agents.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We previously used Cisco ASA. We switched due to the fact that Cisco's product was very hard to manage and lacked any real intelligence.

How was the initial setup?

The initial setup is complex. A very large and multifaceted environment will always be complex to configure.

What about the implementation team?

We used vendor support and account teams and in-house technical engineering.

What's my experience with pricing, setup cost, and licensing?

It's expensive, however, compared to the cost of not protecting the network properly, it's worth the cost.

Which other solutions did I evaluate?

We looked at Palo Alto, Fortinet, and Cisco.

What other advice do I have?

Carefully consider the vendor before making a leap. It's very difficult and costly to change vendors at a later date.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Sr. Network Engineer at a insurance company with 5,001-10,000 employees
Real User
Top 10
Provides security to users working within our LAN environment, but also to remote end-users
Pros and Cons
  • "The central management makes it easier, and is a time-saver, when implementing changes."
  • "The antivirus Check Point offers could be better when compared to competitors' firewalls. Updates should be more frequent."

What is our primary use case?

We use Check Point's firewall to provide network security to our organization as well as to other, third-party vendors.

How has it helped my organization?

The Check Point firewall is providing advanced-level security. Compared to before, our company is more secure now. It is not only securing the users working within the LAN environment, but also to the end-users or remote users in the company.

What is most valuable?

The most valuable features are its 

  • antivirus
  • threat detection
  • central management system. 

The central management makes it easier, and is a time-saver, when implementing changes. We can do all the changes within Check Point and not use any third-party device.

What needs improvement?

The antivirus Check Point offers could be better when compared to competitors' firewalls. Updates should be more frequent. With other firewalls, updates are very frequent, but with Check Point updates are not so frequent. That needs to be improved.

Also, the certification as well as learning about this Check Point is much costlier when compared to the other firewalls. I have recently done certifications in various firewalls and Check Point's certification was more costly.

For how long have I used the solution?

I have been using Check Point's NGFW for the last six years.

What do I think about the stability of the solution?

The Check Point firewall is very stable. It is one of the oldest firewalls in the market. It has all the advanced features, according to the security features we have. It's quite a stable firewall.

What do I think about the scalability of the solution?

It is very good and scalable. We have recently expanded the usage of Check Point and it was not a very tough process to scale this firewall.

Right now it's protecting around 3,000-plus employees.

How are customer service and technical support?

It has been a very good experience every time we call Check Point. We usually get them on a phone call and they are very informative people. They always provide us the solution.

Which solution did I use previously and why did I switch?

We had another solution. We switched because Check Point gave us more advanced features and there was market demand for network security.

How was the initial setup?

The initial setup was a little complex. The training from Check Point should be increased. It was a little complex, but with the help of their TAC and the help of other engineers, we installed it.

The deployment has taken about eight months. We have deployed it in a three-way architecture. We have installed a security gateway, an SMS (security management system) and we have installed the console.

We have a team of four people, all network engineers, for deployment and maintenance of the solution. We take care of all the firewalls for the organization, including Check Point's.

What about the implementation team?

We had help from a Check Point integrator. It was a good experience. They were very helpful.

What was our ROI?

We are happy with our investment in Check Point's firewall. Per our standards, and for our environment, it is a very good firewall. It is protecting us well.

What's my experience with pricing, setup cost, and licensing?

Pricing is a little high compared to competitive firewalls, but it is easy to go through the licensing steps.

Which other solutions did I evaluate?

We evaluated other options, including Cisco ASA. The difference was that Check Point provides advanced features, such as threat prevention and antivirus. Apart from those, it also provides us with IPS. Also, for Cisco ASA, we had to take extra services to install it, so we went for Check Point.

What other advice do I have?

Make sure you get good training on Check Point's firewall, and it would be good if you have working experience on the device.

Using Check Point, I have learned that we need to serve our remote users as well, and Check Point is a firewall which is capable of doing that.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Rajan Arora
AVP - IT Security at a tech services company with 51-200 employees
Real User
Top 5
Stable VPN functionality, good support, and the central management console helps with task segregation
Pros and Cons
  • "The central management console has helped with segregation, where planned interventions with management consoles do not have any impact on production or critical business traffic."
  • "There is room for improvement in application-based filtering, as with other firewalls available in the market today."

What is our primary use case?

We use this product for providing perimeter security, as well as advanced threat protection capabilities to critical infrastructure. The solution is expected to deliver high-performance throughput for voluminous traffic continuously. 

We are using these gateways for multiple functionalities such as:

  • Perimeter Gateways
  • Anti - APT (Advanced Persistent Threat)
  • Anti Malware / Anti Virus
  • SSL Inspection
  • Network Intrusion Prevention System
  • Private Threat Cloud

All of our solutions are expected to run in high availability and have good resiliency. 

How has it helped my organization?

Check Point NGFW is the first perimeter security solution used in our environment and it is able to deliver the expected results. Specifically, it supports high-performance throughput for voluminous traffic.

The vendor has proven capability of identifying known threats, which can be seen while managing the firewall. The OEM has identified a roadmap in line with the emerging threat landscape and evolves the product to counter these threats. 

The central management console has helped with segregation, where planned interventions with management consoles do not have any impact on production or critical business traffic.

What is most valuable?

Next-Generation Threat Prevention capabilities provide security in a high-traffic load, ensuring detection and prevention of known threats by AME, AV, and Sandblast technologies. 

We are also using the system to create VPN gateways for our multiple partners and we haven't faced any issues with them.

 Check Point gateways are a stable product that can run without any issues until a major upgrade or vulnerability mitigation is required.

The support has been reasonable and they were able to minimize the impact during critical incidents.

What needs improvement?

There is a scope of improvement in detecting zero-day threats using the SandBlast technology, by introducing emulation of Linux-based operating systems. We have also observed issues while using the products with SSL decryption.

There is room for improvement in application-based filtering, as with other firewalls available in the market today. Check Point has improved its application filtering capabilities in the recent past and their latest version, R80, is more capable but still, creating an application-based filter policy is a little cumbersome. 

For how long have I used the solution?

We have been using the Check Point NGFW for the past four years.

What do I think about the stability of the solution?

This solution is very much stable and does not require frequent changes in architecture. The patch frequency is limited, which reduces the downtime requirements.

What do I think about the scalability of the solution?

This NGFW is very much scalable; however, I am not sure about other components such as PTC, etc.

How are customer service and technical support?

Technical support is a mixed experience. Most of the time, issues are handled well in a timely manner but some issues have lingered for a very long time, causing multiple iterations.

Which solution did I use previously and why did I switch?

We did not use another similar solution prior to this one.

How was the initial setup?

As we use a lot of components from Check Point, the setup was a little complex in terms of deployment and traffic handling.

What about the implementation team?

We had assistance from the vendor's professional services team to ensure smooth deployment. It was a green field project so the deployment was easy. The team deployed on implementation had expertise with the solution.

What was our ROI?

The ROI for security is the confidence that the solution is able to deliver the expected outcome. This includes stability, Threat Prevention capabilities, Granular policies, etc.

What's my experience with pricing, setup cost, and licensing?

Licensing is pretty straightforward and is based on the blades available, such as NGFW, NGTP, and NGTX. Generally speaking, the pricing is in line with other players in the industry.

Which other solutions did I evaluate?

We evaluated products by Fortinet and Palo Alto.

What other advice do I have?

In summary, this is a good solution that is stable, and I recommend it.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.