Information Technology Security Specialist at AKBANK TAS
User
Top 10
A good firewall with useful app and URL filtering
Pros and Cons
  • "The fact that these can be separated and made in different layers provides excellent convenience for the administrators who regulate the rules."
  • "When you want to open the gateway by double-clicking on the interface, sometimes it can cause silly problems such as freezing."

What is our primary use case?

The product is basically for completing a firewall task. On top of that, the aim is to find a comprehensive solution with the innovations from next-gen. We made an isolated zone in a small part of the company. Here, we aimed to provide basic security features with few security devices. In this context, we ran the Check Point appliance by opening almost all the blades on it. The Check Point software architecture was able to provide quite good results because it ran on its own OS. It's pretty good as a VM. At a point where we wanted to isolate VM devices, we provided a solution with a VM series of Check Point.

How has it helped my organization?

It has similar features to other competitors in standard sizes, so it's not a subject where it differs much. It provides us with a layer of security as a firewall. With the new blades that are opened as an extra, it can provide solutions that are needed today, such as IPS and URL filtering. 

You can do app and URL filtering through a separate policy layer. The fact that these can be separated and made in different layers provides excellent convenience for the administrators who regulate the rules. In object searches, object explorer is very easy and fast.

What is most valuable?

In my company, there have between ten and 15 firewalls on-premises, and if I want to configure or push the same configuration to all of the firewalls, then the centralized management system is easy and very helpful. 

It is difficult to convey the end-user experience. However, in general, administrators can get used to the interface and start working quickly. Especially after Revision 81.10, I can say that everything became more stable and faster in terms of management. It should be said that it does quite well on the DDOS side.

What needs improvement?

There are parts that are still on the SmartDashboard screen and that condemn you to use it, which should be removed and moved to the SamartConsole interface, which is the main screen. 

In addition, when you want to open the gateway by double-clicking on the interface, sometimes it can cause silly problems such as freezing. To fix these problems, Check Point needs to get rid of the SmartDashboard screen completely. Also, there is a need for performance improvements in the interface so that when the data and rulesets are large, there is a need for performance improvements in the next versions.

Buyer's Guide
Check Point NGFW
March 2024
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.

For how long have I used the solution?

I've used the solution for about six years.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Adhi Wahyu - PeerSpot reviewer
Network Engineer at RSUP Dr. Sardjito
Real User
Top 5
Excellent antivirus, antibot, and intrusion prevention systems
Pros and Cons
  • "We can manage which users have access to certain websites."
  • "The product could provide an easier user interface and management, by combining all functions (network and policy configuration) into one single application rather than split it into different applications."

What is our primary use case?

We use the NGFW to give security and protection to our local network and internet user from internet threats like viruses, worms, bots, and intrusion. 

We also use it to control the internet URLs accessed by the user. We subscribe to two internet service providers with total bandwidth available of 450 Mbps and we have more than 700 internet users connected. 

Check Point's firewall does a good job of protecting the user from malicious threats. It is able to run smoothly without being a bottleneck in the network. 

How has it helped my organization?

Check Point NGFW helps us to secure our user's computer and our server and therefore helps us to maintain business operations. It has important features like an intrusion prevention system, anti-virus, and anti-bot capabilities. 

It also helps us manage bandwidth efficiently by managing what website is allowed to access by users. 

We're limiting user access to websites with high bandwidth demand like video streaming and social media, of forbidden websites like adult websites. 

We can manage which users have access to certain websites.

What is most valuable?

The antivirus, antibot, and intrusion prevention systems are great. It's very important due to the fact that to prevent is better than to recover. The features play a critical role in preventing any security incidents from happening and minimalizing them before they become bigger problems. 

Its URL filtering feature is great. We can manage which users are allowed access to which websites at a certain time. We can also manage which application is allowed and forbidden for the users. 

Check Point has a vast list of applications it is able to manage - from torrents to games, social media, etc. 

What needs improvement?

The product could provide an easier user interface and management, by combining all functions (network and policy configuration) into one single application rather than splitting it into different applications. 

Users will also really appreciate it if Check Point provides a free management and logfile analysis module. In the existing setup, a user must pay an extra subscription fee to have access to the firewall management module. It makes the user without a subscription unable to fully gain insight from the firewall log file so they are unable to fully utilize the device

For how long have I used the solution?

I've used the solution for four years.

What do I think about the stability of the solution?

It's stable. The system runs with minimal problems. I said minimal because yes there were problems. In 4 years using checkpoint, we have maybe 2 major problem. One was hardware modul failure, that replaced as soon as possible by support team, and the other was software/configuration problem, that get solved also with the help of support team

What do I think about the scalability of the solution?

It has the ability to scale depending on the product model.

How are customer service and support?

They provide good support, depending on your troubles. For more complicated requests, maybe you will have to pay.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

Check Point is the company's first NGFW.

How was the initial setup?

The initial setup is simple, however, customizing it could be complex.

What about the implementation team?

We implemented the solution through a vendor team. The score I'd give for their expertise is seven out of ten.

What's my experience with pricing, setup cost, and licensing?

if you pay for the setup cost, make sure you get it set up exactly as you need it to be.

Which other solutions did I evaluate?

We looked into Sophos, Sangfor, and Palo Alto.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point NGFW
March 2024
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
Champika Wijewickrama - PeerSpot reviewer
Senior Network Security Engineer at EIT
Real User
Top 10
Enables exceptional security with its comprehensive suite of features and ensures robust protection against cyber threats
Pros and Cons
  • "One of the most advantageous features of Check Point firewall is its multi-interface capability."
  • "There's a significant area for improvement when it comes to pricing."

What is our primary use case?

Our customers have been using it for the network security.

How has it helped my organization?

Unlike Fortinet, where the log loading process can take up to a month, Check Point stands out for its efficiency. While other solutions may only provide logs for a short period, such as one or two months, Check Point impressively retains logs for up to six months on some machines and at least three months on others. This extended log retention period is a significant advantage for our customers, providing them with valuable insights and enhancing their overall security posture.

What is most valuable?

One of the most advantageous features of Check Point firewall is its multi-interface capability. While traditional firewalls typically have a single interface, Check Point stands out by offering tools with multiple interfaces. This capability, now known as SmartConsole, allows users to manage policies, security objects, and routing points all from one dashboard. This contrasts with other firewalls where users often have to log in separately to access different functionalities. The hierarchical structure of communication and management in Check Point firewalls adds complexity, making it more challenging for attackers to exploit vulnerabilities. Additionally, Check Point introduced SD-WAN functionality in December 2013, further enhancing its capabilities and staying ahead of the curve in network security.

What needs improvement?

There's a significant area for improvement when it comes to pricing. While frequent updates and patches are released, which is commendable and adds significant value, the loading time for SD-WAN updates can be excessively long.

The feature we're eager to see enhanced in Check Point is reporting, particularly in terms of highlighting past reports. Currently, if we create a rule for a report in the morning, we expect to receive an email highlighting it. While we can set this up, the issue lies in segregating the project into separate reports.

For how long have I used the solution?

I have been working with it for five years.

What do I think about the stability of the solution?

Occasionally, we face certain issues and downtimes. Downtime varies depending on the type of changes or updates being made. For instance, a version upgrade typically requires only fifteen minutes for reboots. However, for patch updates or version updates, downtime can extend to at least one hour. In some cases, especially in custom environments, downtime may exceed two to three hours.

What do I think about the scalability of the solution?

It provides good scalability. Despite having only three customers, I've implemented the firewall for over a thousand users. These users are situated in factory environments, meaning there are thousands of endpoints, including those connected via VPN.

How are customer service and support?

I am relatively satisfied with the level of technical support provided. We primarily work with Indian support teams, and while some technical engineers are exceptionally intelligent and quick to resolve issues within ten to fifteen minutes, others may take longer. However, the crucial aspect is that they eventually provide an answer or escalate the issue if needed. When I contact support, I first inquire about the assigned person, and if I am familiar with them, I proceed with the interaction. Otherwise, I prefer to escalate the query to another region to avoid wasting time. I would rate it eight out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have experience working with Fortigate and Palo Alto in the past. In Sri Lanka, Check Point has a strong marketing presence, which influences customer decisions.

How was the initial setup?

The initial setup can be complex and may pose a challenge, especially for those without prior experience. Setting it up for the first time requires careful attention and a level of expertise to navigate effectively.

What about the implementation team?

The deployment process begins with configuring the firewall's IP and other settings. Once this initial configuration is complete, we proceed to the AI portal. In the AI portal, the first step is to configure the interfaces. After configuring the interfaces, we proceed to install the created interface. Next, we move on to the SmartConsole. To access the SmartConsole, we download it from the app portal. Once the SmartConsole is installed, we can easily create rules for logging purposes, manage objects, configure networking, and VPN, and other technical tasks from the SmartConsole. Routing and related tasks are typically handled in the data portal. One individual is enough for the deployment. The duration of the setup process varies depending on factors such as the complexity of the customer's environment and the site architecture. For instance, in a relatively simple scenario with just two VLANs and a couple of VPNs, the configuration could be completed within a few working days. Maintenance is essential, with upgrades and patch updates being mandatory at least once every six months. This ensures the system remains up-to-date and secure.

What was our ROI?

Our customers are pleased with the return on investment. The occasional bugs and updates, common to all firewalls including Check Point, are being addressed promptly. The platform is regularly updated to ensure optimal performance.

What's my experience with pricing, setup cost, and licensing?

The price is on the higher side.

What other advice do I have?

While the cost may be a consideration, the level of security provided by Check Point is exceptional. In my experience, I have not encountered any cyber attacks. The only negative experience was not related to the firewall but rather to customer issues with the router. It's important to remember that compromising security for cost savings can ultimately lead to vulnerabilities. Therefore, investing in high-security solutions like Check Point is worthwhile. Overall, I would rate it eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Network Administrator at a computer software company with 1,001-5,000 employees
User
Top 5
Controls traffic, offers good application control, and has great URL filtering
Pros and Cons
  • "As with any firewall, IPSEC VPN is the critical functionality. Not every organization has the budget to implement MPLS or SD-WAN, which makes IPSEC the go-to for site-to-site connectivity."
  • "One feature I have yet to see implemented is authenticated email support for alerts generated via the GW or SMS."

What is our primary use case?

The primary use of Check Point NGFW is as a firewall that gives us the control of allowing in non-threatening traffic in and blocking malicious traffic. It is also a valuable tool that allows us to interconnect our remote sites via IPSEC VPN. 

This, alongside all of the basic blades such as Application Control, allows us to be granular when choosing what applications we allow within our organization and additionally filters based on categories combined with identity awareness. This allows us to be as granular as we would like with specific users/departments within our organization.

How has it helped my organization?

Check Point NGFW was one of the top contenders when we were looking to implement a new firewall strategy. 

We have had some issues with VPN tunnels specific to AWS, which were eventually resolved after a lengthy case however, other than that, the features offered are all great, and the firewall has done its job to my expectation. 

It is, however, difficult at times to read the actual documentation for the blades/appliance as it would appear that sometimes the terminology is incorrect or skewed, which leads to a longer implementation time.

What is most valuable?

As with any firewall, IPSEC VPN is the critical functionality. Not every organization has the budget to implement MPLS or SD-WAN, which makes IPSEC the go-to for site-to-site connectivity. 

Another critical blade/feature is the application control blade in combination with URL filtering. These two security features, tied together with identity awareness, are a game changer and allows an admin to be as granular as possible when blocking specific applications or allowing a specific application to a specific user/department within the organization

What needs improvement?

Being on R80.40, I am sure a bunch of features have already been implemented that I am not currently taking advantage of. However, one feature I have yet to see implemented is authenticated email support for alerts generated via the GW or SMS. As a security product, it is mind-blowing that this is not a thing today, and it only relies on SMTP un-authenticated to send emails to administrators. However, I'm not sure if that really applies to the firewall itself or if it is more so a topic of discussion for the SMS.

For how long have I used the solution?

I've used the solution for five years.

Which solution did I use previously and why did I switch?

We switched from SonicWall back in the day due to the feature sets available at the time.

Which other solutions did I evaluate?

We also evaluated Palo Alto.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Amar Gadge - PeerSpot reviewer
Engineer Security Management at BT - British Telecom
MSP
Top 10
Easy to set up, use, and upgrade
Pros and Cons
  • "We can build the new firewalls with minimum efforts."
  • "Pricing for the gateways is too high as compared to the other vendors."

What is our primary use case?

I have used this product in chemicals, insurance, and industrial sector companies.

The primary use case is to secure the inbound and outbound traffic and secure the DMZ servers. We use this solution for Remote access VPN (on smart view event can see reports more granular level) and IPSEC VPN for using the applications hosted on Public cloud and integrate the customer 3rd parties vendors. 

Using threat prevention helps in securing the customer environment from cyber attacks, ransomware, malwares etc. We use the Sandboxing features to protect the network from zero-day attacks

How has it helped my organization?

It improved the performance of the network on large scale. 

It's easy to use and configure. We can build the new firewalls with minimum effort. 

It's easy to upgrade the device. 

You can van view the device health on the smart view monitor and smart event monitor at a more granular level. We're achieving great performance using the latest quantum gateways. You can see the real-time logs on the management and also can configure the logging in redundancy mode. 

Using TCPDUMP, a firewall monitor, and firewall zdebug drop, you can troubleshoot the real-time issues.

What is most valuable?

We like the SecureXL, CoreXL, and Multi-que.  Using these features improved the performance of the gateway at a more granular level.

The Smart View Event monitor is great. You can see the real-time events on the firewall - including remote access VPN usage.

The smart licensing is great. It's easy to generate the license and apply it on the gateways.

The solution offers very good anti-virus and anti-spam capabilities. It's good security on the network.

Threat Prevention and Sandboxing are useful to have. We're protecting the network from zero-day vulnerabilities and securing the network from the latest cyberattacks.

What needs improvement?

Pricing for the gateways is too high as compared to the other vendors.

Whenever there is any issue comes checkpoint support ask to keep the gateway on the latest hotfix and OS which is difficult to roll out on all the gateways present in the customer environment.

For how long have I used the solution?

I am using this product for more than five years.

What do I think about the stability of the solution?

We can achieve great stability using Check Point Quantum Gateways which improves the performance of the network.

What do I think about the scalability of the solution?

We can achieve great scalability using Check Point Quantum Gateways.

Which solution did I use previously and why did I switch?

We did not use a different solution. 

How was the initial setup?

The initial setup is straightforward.

Which other solutions did I evaluate?

We did not evaluate other options.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Jr. ISO at BancNet, Inc.
User
Easy to deploy with good pricing and excellent advanced security capabilities
Pros and Cons
  • "Only allows authorized connections and prevents vulnerabilities in a network."
  • "Check Point should improve services related to the cloud-based solution."

What is our primary use case?

Checkpoint Firewall provides advanced security for the organization and its connection to the members/participants. The Check Point FW controls access and traffic to and from the internal and external networks. The Check Point Firewall rule base defines the access control and network performance to help our organization achieve the below security goals:

  • Only allows authorized connections and prevents vulnerabilities in a network
  • Gives authorized users access to the correct internal networks
  • Optimizes network performance and efficiently inspects connections

How has it helped my organization?

Check Point Firewall provides advanced security for the organization. The FW controls access and traffic to/from the internal and external networks. The Firewall rule base defines the access control and network performance to help our organization achieve the below security advantages:

  • Only allows authorized connections and prevents vulnerabilities in a network
  • Gives authorized users access to the correct internal networks
  • Optimizes network performance and efficiently inspects connections
  • Protection of all assets from internal and external threats

What is most valuable?

The following features are most valuable: 

  • Threat prevention
  • Malware prevention
  • IPS
  • IDS

What needs improvement?

Check Point should improve services related to the cloud-based solution. Due to these challenging times, most organizations seek to move to cloud-based implementation to minimize the cost and for easy deployment, access, and remote support. 

The Next-Generation Firewall should also be focused on zero-day threats as attacks have improved the past few years. They need to ensure that all connections and nodes are being protected. 

Sandblast technology is also a good tool as it offers enterprise solutions on malware detection and prevention.

For how long have I used the solution?

I've used the solution for five years.

What do I think about the stability of the solution?

The solution is stable and can support all OS deployments. It's easy to manage.

What do I think about the scalability of the solution?

We recommend the product as it is excellent and very scalable.

How are customer service and support?

There have been no issues regarding the support from Check Point and the local vendor.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used Fortinet.

How was the initial setup?

The initial setup was straightforward. 

What about the implementation team?

We did the deployment in-house and with a vendor team. The level of expertise was a 10/10.

What's my experience with pricing, setup cost, and licensing?

The solution is easy to deploy. The pricing is lower than other solutions. We've had no issue with licensing.

Which other solutions did I evaluate?

We looked into Watchguard, Palo Alto, and Sophos.

What other advice do I have?

We need more information on the ability to collaborate enterprise support.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Consultant at work@lim.it Systemhaus
User
Provides an easy overview of actual connections, attacks, or security risks
Pros and Cons
  • "We do not have any problems with stability."
  • "Although there is a lot of automation and pattern that can be classified automatically, the IPS systems are sometimes a little bit complicated, and doing the fine-tuning in over 20,000 patterns is hard to do."

What is our primary use case?

We are using the Check Point firewall for our perimeter security.

The security solution works as well on-premise and in the Azure Cloud. We are using central management to configure the security policy of both gateways.

We are also using a Site2Site VPN for connecting our locations. This VPN is also realized with the same firewall systems.

In order to simplify the process of generation reviews of actual security incidents, we have implemented SmartReport for generating automated and special customized security reports for our documentation department.

How has it helped my organization?

Since the security policy of all firewall gateways can be defined centrally on the Check Point firewall management server, it is a lot easier to generate a secure and safe policy for all locations.

Since we can define policy operators for dedicated traffic selections, some of the lower IT staff can easily allow or block services or servers or create their own policy without interfering or compromising the rest of the security policy.

This makes the administration and coordination of the policy a lot easier for us

What is most valuable?

Since the log files of all services are collected on the management server there is an easy and good view of all actual connections, attacks, or security risks.

In addition, when using the SmartEvent software blade, you get the possibility to have an easy to configure event correlation system, which will automatically fire mail alerts or can even block IP addresses if there are network or security anomalies detected on the firewall system.

This is also possible if the services are allowed - for example, if there are flooding attacks on server systems.

For example, this has prevented our Citrix Netscaler from being taken down during attacks.

What needs improvement?

Although there is a lot of automation and pattern that can be classified automatically, the IPS systems are sometimes a little bit complicated, and doing the fine-tuning in over 20,000 patterns is hard to do. This has been improved in the last versions, however, it can still be made a little bit better. 

For example, the automatic classification of which pattern should be activated is very simple yet lacks some special configuration options (for example if you want to have more than one classification pattern for the activation).

The HTTPS inspection is very tricky, too. Since there are a lot of applications that are using certificate pinning, most of the SSL traffic (especially to the big cloud provider) must pass without inspection.

Since attackers also use these clouds, there is a problem in getting your security definitions to work.

Of course, this is not a Check Point-specific problem and rather a problem in the HTTPS inspection itself.

There is the need to know which sites are accessed by our staff and to get the visited URLs, to get the internal security policy working. The SSL classification feature of Check Point is a good intention, yet not as good as needed.

For how long have I used the solution?

I've used the solution for more than ten years.

What do I think about the stability of the solution?

We do not have any problems with stability.

What do I think about the scalability of the solution?

There is a hardware solution for every type of throughput. It is very good that in the datasheets you get the throughput of the different types of network traffic.

It is better not to choose solutions bigger than needed, or to have some resources left over.

How are customer service and support?

Most of the support calls are answered very quickly. However, if you have a problem and you have to get development involved, the response gets slower.

Most of the time, you will find all necessary information in the Support Center or on the collaboration sites.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We were using Cisco firewalls before. We had the need to implement Universal Threat Protection and the configuration of the Firepower system of Cisco was more complicated than the integrated policy configuration of Check Point.

How was the initial setup?

The setup is straightforward. The documentation is very good.

What about the implementation team?

We have implemented it completely in-house.

What was our ROI?

ROI is really hard to pinpoint. However, if we were using another security solution, our personal efforts to maintain it would double.

What's my experience with pricing, setup cost, and licensing?

It is very hard to compare different firewall solutions and get a comparable price. Check Point tends to be very expansive, however, if you have a deeper look at other vendors, the costs are almost the same.

Due to the good integration and central management, Check Point is easier to maintain than other solutions.

In addition, there are good small office boxes from CheckPoint with a very good price - the features of these boxes are enough for small enterprises or branch offices.

Which other solutions did I evaluate?

We have evaluated Cisco Firepower and the FortiGate firewall solutions in the past.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Nagendra Nekkala - PeerSpot reviewer
Senior Manager ICT & Innovations at Bangalore International Airport Limited
Real User
Top 5Leaderboard
A scalable and user-friendly tool that can be customized and deployed easily
Pros and Cons
  • "The product is very user-friendly."
  • "It will be good if the product is rack-mounted."

What is our primary use case?

We use the solution as a perimeter firewall. We also use it for endpoint security and VPN.

What is most valuable?

The product is very user-friendly. The configuration can be managed and customized as required. We can customize the tool for each stakeholder.

What needs improvement?

It will be good if the product is rack-mounted. The product must be updated to protect users from the latest firewall threats.

For how long have I used the solution?

I have been using the solution for almost six years.

What do I think about the stability of the solution?

The tool is very stable.

What do I think about the scalability of the solution?

The tool is easily scalable. Almost 2000 people are using the product in my organization.

How are customer service and support?

The support is good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We also work with other vendors. Check Point is as good as its competitors, but its cost is a bit higher.

How was the initial setup?

The initial setup is very easy. One firewall engineer can deploy the product within a few hours. It is very easy to maintain the tool. We need only one person to maintain it.

What's my experience with pricing, setup cost, and licensing?

The tool is a bit expensive. The product’s operational cost is very high. We pay a yearly licensing fee. We also pay for support.

What other advice do I have?

Check Point is the most user-friendly solution. It can be configured quickly. Overall, I rate the product an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2024
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.