We changed our name from IT Central Station: Here's why
Senior Information Security Specialist at a tech vendor with 10,001+ employees
Vendor
Great Threat Extraction software blade, very stable, and can scale easily
Pros and Cons
  • "It's really simple to set up."
  • "Unfortunately, the API is not fully complete and also it is not an API which I would refer to as a RESTful API as there are different endpoints for the same entity."

What is our primary use case?

The primary use case is as a perimeter firewall separating different security zones from each other. We separate several zones, such as Internet Of Things (ie. cameras and several sensors), Internet-facing DMZ, internal networks, and guest networks from each other. 

Also, we use the VPN feature to create Site to Site tunnels between branch offices and the headquarters. Threat Prevention features including IPS, Anti-Bot, Threat Emulation, and Threat Extraction and are used to secure our users from being victims of several threats. 

How has it helped my organization?

It is hard to say how a product like a firewall is improving our organization. The firewall does what it should. Primarily, the management makes this product great. There is no other product on the market that is nearly as perfect a tool for managing firewall rule bases and I know many of them. Check Point has much fewer vulnerabilities in their products and also is very quick to react to vulnerabilities.

What is most valuable?

The Threat Extraction software blade feature is the most valuable feature as it extracts any potential harmful content from several kinds of documents, which our users receive via e-mail or download from the Internet. We know, that our users tend to click on everything they get without thinking too much about the consequences. 

The second feature to mention is Threat Emulation, which is basically a sandbox, which runs executables received via email or downloaded from the Internet and creates a verdict if this executable is harmful or not in regards how it behaves on a specific operating system and application.

What needs improvement?

Unfortunately, the API is not fully complete and also it is not an API which I would refer to as a RESTful API as there are different endpoints for the same entity. For me, a restful API would use one endpoint to handle, for example, host objects and use different HTTP methods to distinguish between different operations. 

I would expect to use the PATCH method to update an object and the PUT method to create one. Currently, there are separate endpoints for these operations and all of them use the POST method. The most important issue with the API is, that there are some endpoints we are missing (for example for managing VPN users).

For how long have I used the solution?

We have been using this product and its predecessors for about 20 years.

What do I think about the stability of the solution?

The stability is very good. Sometimes there are issues, however, most of the time, they have no big impact. SecureXL was sometimes a bit of a problem. That said, this has improved in the last few versions.

What do I think about the scalability of the solution?

Check Point offers several possibilities to scale (load sharing, Maestro, and scalable platforms such as 44K or 64K appliances), however, in our case, we just replaced the appliance after a few years. If one needs real scalability, they should take a look at Maestro which is the scaling solution from Check Point.

How are customer service and support?

Technical support can be good or bad. It depends. Sometimes they are really great, and sometimes very annoying. Most of the time we have a good experience.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did not previously use a different solution.

How was the initial setup?

It's really simple to set up. You simply install from an ISO with a few questions (ie. mgmt IP address and gateway) and restart with a graphical installation wizard with a few more questions (such as is this a management box or a gateway or a cluster member ASO).

What about the implementation team?

We handled the setup in-house. We have enough knowledge to do that. Our expertise is CCSM level.

Which other solutions did I evaluate?

We evaluated several competitors such as Cisco, Palo Alto, and Baracuda

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: We are distributing Check Point products to our partners, but we also use this product in conviction.
Flag as inappropriate
System Administrator at Grant Thornton
User
Reliable with good central management capabilities and useful dynamic definitions
Pros and Cons
  • "The solution offers very good central management, which saves time and is hassle-free."
  • "There are some GUI features in Check Point's SmartConsole that are still from the old versions and are in separate/duplicated interfaces; it would be most useful if it is integrated and not on different menus."

What is our primary use case?

We use the product as our main and only Firewall/Gateway/VPN Gateway. we are in the finance sector, and we need a very reliable and robust system. 

We rely heavily on the VPN system, as most of our employees are working outside the office at this time. 

We also have two appliances to improve reliability, we have internet access through two ISPs configured to work simultaneously. 

Our internal LAN is with duplicated network nodes that are double connected to our Check Point cluster. That way, we have full High Availability.

How has it helped my organization?

Before our purchase of Check Point products, we used an open-source product that lacked good integration between products and setting up to work was very tricky.

We use the Check Point mobile VPN, which is very stable and easy to use. It allows our employees to change their internal domain password when it becomes old, even when they are outside of the office for a long time. The VPN client can connect to our internal network even before the user is logged into his laptop. This allows users to receive GPO policy updates. 

What is most valuable?

The solution offers very good central management, which saves time and is hassle-free.

One of the most useful new feature is dynamic definitions. For example, if you need to allow all of the Microsoft Azure IP addresses, you can insert them dynamically and Check Point will update them for you. Without it, to find all IP addresses would be almost impossible.

You can create additional layers for the firewall rules. This allows better organization and performance of the product by skipping to the rules that are responsible for this group of protected devices.

What needs improvement?

There are some GUI features in Check Point's SmartConsole that are still from the old versions and are in separate/duplicated interfaces; it would be most useful if it is integrated and not on different menus.

We would like to have a better search engine on the checkpoint.com site. Right now, it is difficult to find, for example, a newer version of the Check Point VPN Mobile client. The search engine shows most visited sites and the newer version won't be the most recently viewed site page. As it is right now, you have to find the general VPN page form, and from there you have to look at what version of the product you need and then go to the page of the latest version.

For how long have I used the solution?

We have been using this product for five years.

What do I think about the stability of the solution?

Check Point is very stable.

What do I think about the scalability of the solution?

We haven't needed to expand our throughput capacity.
However, based on the Check Point documentation, it is hyperscale ready  capable of up to 475 Gbps of Threat Prevention.

How are customer service and support?

It is very good. Our local representatives are very helpful.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We moved from a previous solution to Check Point as it is more reliable and easy to manage, and our old solution wasn't able to provide the level of security we desired.

How was the initial setup?

We have had some problems understanding how to set up HA, however, we managed to do it. This was mainly due to the fact that we didn't have experience with Check Point products in the past.

What about the implementation team?

We did everything in-house.

What's my experience with pricing, setup cost, and licensing?

New users should know that the first year of support is included in the equipment. After that, you have to buy it.

Which other solutions did I evaluate?

We choose between Palo Alto and Checkpoint.

What other advice do I have?

We like it. It works well.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
566,121 professionals have used our research since 2012.
reviewer1523535
IP LAN and Integrity Specialist at Chevron
Real User
Top 5Leaderboard
Skilled support engineers, provides good control with central management
Pros and Cons
  • "The packet inspection capabilities are great."
  • "The virtual infrastructure of the central management requires a huge amount of resources to work properly and manage all the logs without problems."

What is our primary use case?

We use this solution as a layer 3/4 firewall deploying access rules in our DMZ. We have more than six different centers with different service layers, a core of up to 500Gb per site, and other service centers providing security for all inbound and outbound connections.

VSX gives us the capacity to consolidate hardware in fewer devices, reducing the OPEX, and creating different VFWs to provide service to different environments or services.

Layer 7 features allow us to upgrade our security services. Activating the required features only requires upgrading the license.

How has it helped my organization?

This product has provided us the total control of our connections in our very bandwidth and session-intensive environment. It offers high capacity on NAT tables that, with other vendors, needed to use really huge devices to support.

We can control all of our international connections in a central point with a distributed cluster in a very easy way and with good performance.

The layer 7 features (AV, IPS, Web filtering, etc) and integrations with AWS provide us a clear point of management for future deployments on the cloud.

What is most valuable?

The packet inspection capabilities are great.

ARP protections based on interface works better than it does with other vendors.

There are new improvements related to the upgrade of the solution, making for the easiest upgrade/update procedures.

New features allow for concurrent use of the console in write mode between different users.

The exposed API allows us to automate a lot of actions in a very easy way.

The central console and log collector are basically the best central management consoles, and each day provides new useful features like counts, etc.

What needs improvement?

There are issues with stability in some specific versions.

The VPN is a little difficult to configure, and sometimes you need help from Check Point professional services.

There are some performance problems with the IPS when the FW is in a high load, but in general, it is working better than in previous versions.

The routing is configured on the gateway, so, you need to remember for migration purposes.

The virtual infrastructure of the central management requires a huge amount of resources to work properly and manage all the logs without problems.

For how long have I used the solution?

I have been using Check Point NGFW for more than 10 years.

What do I think about the stability of the solution?

In general, this is a very stable solution. We have had only one incident in the last few years that was with the size or the route tables in memory that finally it was discovered that was a bug in a specific version and was solved upgrading the devices to new firmware that solved the bug

What do I think about the scalability of the solution?

This product is very scalable. There are a lot of different virtual and physical devices to cover any requirement in terms of sessions, performance, etc.

How are customer service and technical support?

We are very happy with the support. They are very skilled engineers and always fast at analyzing and solving issues.

Which solution did I use previously and why did I switch?

We did you another solution, but we switched due to prices and solution stability.

How was the initial setup?

The initial setup is not more complex than other solutions.

What about the implementation team?

Was implemented using a third-party vendor.

What was our ROI?

Our ROI with this firewall is high.

What's my experience with pricing, setup cost, and licensing?

The vendor has a very flexible licensing approach.

Cost per Gb reduced and reduced OPEX compared with other vendors.

Which other solutions did I evaluate?

We evaluated Fortinet, Juniper, and Palo Alto.

What other advice do I have?

This is a complex solution and there are other vendors that are easier to manage, but it is perhaps the best solution regardless.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Technology Architect at BearingPoint
Consultant
Top 20
East to setup with great central management capabilities and identity-based access
Pros and Cons
  • "It's enabled us to move away from basic LAN to LAN segmentation to a more powerful user separation approach."
  • "One area which is still lacking is the site-to-site VPN solution."

What is our primary use case?

We use our Check Point NGFW firewall mainly for perimeter security. Those firewalls are placed at many sites distributed over Europe. We love the firewall management and think it's still the golden standard for creating a rule base and we go more and more in the direction of identity bases user access to secure our environment.

The other firewall blades, such as Anti-Bot, Application and URL-Filtering, and IPS, are used on all sites. It's easy to deploy, as the firewall is able, with the latest version, to learn from the traffic and adapt the IPS policy.

How has it helped my organization?

Check Point NGFW has improved our organization with more security and easier deployments. There is a smaller amount of workload in the supporting area. We find a lot of documentation for the products and benefit from a big community. The Check Point support is much better than what we have seen from other vendors. The firewall policy is easy to deploy and we can do a more granular separation of specific user groups. We feel much more secure with this product - especially the API support - and possible automation has saved us a lot of time in our team and organization.

What is most valuable?

The most valuable features are the identity-based access and high-quality intrusion prevention functionalities. 

One of the most valuable aspects is the central management, which includes a large wide range of API calls. With the central management, we can define a reasonable security policy for many sites and not only for network segments but for user and AD groups. This gives us a bit more "Zero Trust" in our network.

It's enabled us to move away from basic LAN to LAN segmentation to a more powerful user separation approach.

What needs improvement?

One area which is still lacking is the site-to-site VPN solution. This is still an area that could be improved, although the features have gotten much broader and I really have seen an improvement over the last 10 years of working with the product. The separation from encryption domains between the tunnels came recently as a new feature to the product. This really helps a lot. Yet, we are still seeing a lack of compatibility with other devices, even though this is the case with many vendors. Especially with IKEv2, we are struggling with many vendors to set up perfectly running tunnels.

For how long have I used the solution?

I'm working with Check Point for 10 years.

What do I think about the stability of the solution?

If you go by best practice recommendations from Check Point the stability is very good.

What do I think about the scalability of the solution?

Scalability is really good. Check Point has the Maestro solution, where you can really scale easily without wasting resources.

How are customer service and support?

They are really anxious to solve issues as fast as possible. They also try to get in actual contact with you via phone or chat to fully understand the issue.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

In some areas we were using Cisco, however, we changed to Check Point to centralize things.

How was the initial setup?

The setup is pretty straightforward, at least for the basic setup. Even with more complicated configurations, you have good support and experts at Check Point in the background that can help.

What about the implementation team?

We did it ourselves.

What's my experience with pricing, setup cost, and licensing?

Check Point is definitely not the cheapest solution, but the better security makes it worth the price. The licensing model is pretty easy, especially when it comes to the extension for many environments.

Which other solutions did I evaluate?

We looked at Cisco, Barracuda, and Fortinet.

What other advice do I have?

I'd advise teams to give it a try!

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
reviewer1543578
User at Johnson Controls, Inc.
Real User
Easy to manage and use, affordable, with support that is knowledgeable and helpful
Pros and Cons
  • "The uncomplicated configuration ensures that mistakes are avoided and rules are easily audited."
  • "The one thing I have been continually asking for is a more robust certification process including self-paced study material similar to Cisco's Security certification track."

What is our primary use case?

Our branch offices and customer sites require Internet access for the on-site staff and remote access capabilities for after-hours and remote support.

The Check Point firewalls allow us to provide site-to-site VPN, client VPN, web/app filtering, and IPS functionalities.

Client VPN is leveraged by site staff due to the majority of our sites requiring 24-hour support and also allows centralized teams to remotely assist with multiple sites globally.

We also use these at locations to provide security when our stand-alone network requires connectivity to the customer's network.

How has it helped my organization?

Check Point's solution is both affordable and easy to manage for the small business applications that we utilize them for. Due to the great pricing and support, we can afford to deploy the firewalls in a high-availability solution providing greater uptime and less worry. 

The price point of their equipment also means that we can often purchase a more robust solution compared to some competitors and Check Point's inclusion of more advanced features, such as IPS, by default, is a great selling point.

What is most valuable?

We greatly appreciate the ease of configuring firewall policy ACL rules and how the seamless integration with VPN users and user groups provides the ability to granularly restrict access. The uncomplicated configuration ensures that mistakes are avoided and rules are easily audited.

Having the ability to set an expiration date for remote access VPN users simplifies the process and increases security by ensuring that stale accounts and not forgotten.

In general, we find that CheckPoint offers a great balance between ease of use and configurability.

What needs improvement?

The one thing I have been continually asking for is a more robust certification process including self-paced study material similar to Cisco's Security certification track. Not everyone can afford the time and money to attend the official in-person classes offered by Check Point. Even if someone was not interested in fully pursuing a certification, offering certification guides is often a method that IT professionals follow in order to learn about a specific topic and keep for reference.

An area that I sometimes find lacking is the information provided by the system when performing troubleshooting issues such as site-to-site VPN tunnels. The logs provide general information regarding what is happening but often, it leaves you wanting additional details. This also ties back into the lack of training and knowledge required to utilize the more advanced features of the command line.

For how long have I used the solution?

We have been using Check Point NGFW for more than five years.

What do I think about the stability of the solution?

We have never had a device or software failure in the more than five years that we have been using Check Point devices. To date, we are extremely happy with the performance.

How are customer service and technical support?

The few times that we required customer service, they have been extremely helpful and knowledgeable. I would rate them on par with the other top-tier companies.

Which solution did I use previously and why did I switch?

We previously utilized Cisco firewalls but the cost structure of the hardware, licensing, and support became prohibitive. Check Point offered a more robust solution at an affordable price point.

How was the initial setup?

The initial setup was extremely quick and easy, and the deployment time for a new site is often under a day.  

What's my experience with pricing, setup cost, and licensing?

The price point and licensing was the main factor in moving away from Cisco and migrating all of our sites to Check Point. They offered more features for a lower cost than competitors, and the licensing model was easy to understand.

Which other solutions did I evaluate?

We evaluated NGFWs from Cisco, Palo Alto, and Fortinet in addition to the Check Point.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Infrastructure Service Specialist at a financial services firm with 10,001+ employees
User
Top 20
Stable with great security features and helpful support
Pros and Cons
  • "Even though Check Point NGFW provides a set of security features that enforce protection on the network, the most valuable aspect is also the most used feature: the plain and simple firewall component. This is the core of the product and works to a great extent without the need for all other available bells and whistles."
  • "Although the GUI is simple to use and fairly comprehensive, more support via CLI would be beneficial for bulk operations."

What is our primary use case?

I work for a large bank in Australia and the Check Point NGFW is used on the edge of the network. This strategic positioning allows the platform to provide extensive protection to internal systems from the internet, avoiding security threats on the most sensitive places on the network. 

Another factor in the positioning of the firewall is the protection from external partners connected to the internal network through VPN and MPLS tunnels. The solid performance and flexibility allow the platform to be trusted on this strategic spot.

How has it helped my organization?

Check Point NGFW has contributed to the success of the organization in keeping data safe through its powerful and flexible security features. 

In conjunction with the Check Point Management Platform, the firewalls provide an easy-to-use platform that facilitates and creates agility in the operation. The easiness to operate the platform creates a great value for the operation since it is easy to train people to work with the platform. 

Agility is also a key factor for the rapid response to business needs.

What is most valuable?

Even though Check Point NGFW provides a set of security features that enforce protection on the network, the most valuable aspect is also the most used feature: the plain and simple firewall component. This is the core of the product and works to a great extent without the need for all other available bells and whistles. 

What may sound obvious is actually an important point to be weighed, since several platforms in the market promise miracles but fail to deliver the basics. Check Point NGFW most definitely delivers a great, stable platform in that regard.

What needs improvement?

Although the GUI is simple to use and fairly comprehensive, more support via CLI would be beneficial for bulk operations. Repetitive tasks can surely be explored via API, however, oftentimes, tasks that are not worth automating can take longer than expected via GUI, while it could be easily tackled via CLI.

There should be better and more comprehensive reporting. This would also bring a lot of value to the platform by enhancing its capability of bringing transparency to the network.

For how long have I used the solution?

I've used the solution for about three years.

What do I think about the stability of the solution?

The most recent software version is stable and reliable. There have been some issues in past versions, however, there have been no big ones in the most recent releases.

What do I think about the scalability of the solution?

There are good scalability options through virtualisation. The platform can be expanded to multiple segments.

How are customer service and support?

The support provided by the vendor either via professional services or an engineer is always spot on. They are quick to act and help.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

This platform was already being used when I joined my company.

How was the initial setup?

The initial setup can be cumbersome.

What about the implementation team?

We did the implementation with vendor support.

What was our ROI?

As the platform delivers competent security enforcement with simplicity, the ROI is great. The easy-to-operate nature of the product means fewer hours spent by people struggling with things, while the network itself is constantly kept safe. 

What's my experience with pricing, setup cost, and licensing?

The use of virtual firewalls within the platform should be considered for horizontal scaling and in order to increase the product's cost-effectiveness. 

Which other solutions did I evaluate?

I was not part of the evaluation process.

What other advice do I have?

This is a great and stable platform overall. Performance and simplicity make this a good choice for any size of company.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Alessandro Bolzonella
Senior IT Security Manager at a manufacturing company with 201-500 employees
User
Top 20
Stable and easy to manage with a good single sign-on
Pros and Cons
  • "All policies can be deployed and managed in a very simple way."
  • "Some features, like the VPN, antispam, data loss prevention, etc., are managed in an external console. In the future, I'd like all features in the same console, in one place, where we can see and configure all features."

What is our primary use case?

We use the solution as a frontend firewall in our headquarters and in our branches. We use packet inspection, the antispam feature, and the VPN. We have configured threat prevention and content awareness to improve security on incoming email and on web surfing from interlan networks wits SSL inspection. Mobile access through the VPN mobile client is also used from all outside workers and is fully integrated with our AD. We also use the solution to route traffic on internal networks and manage security through client and server networks.

How has it helped my organization?

We have improved our performance and bandwidth through the networks. Security is also improved. We have better control over the logs and better integration with our SIEM

We can also manage all our firewall from a central management console so each policy is under control and can be developed better. Inline policies help to understand on the correct use of the policies and a more readable list. We can also manage policies in two or more people at once without problems or risk of making the wrong policy.

What is most valuable?

VPN and mobile VPN are extremely valuable to us. The policies are simple to deploy to the new branches. 

All policies can be deployed and managed in a very simple way. 

AD single sign-on with VPN mobile is very helpful and simple to manage and deploy. 

Log management is also a good place to make troubleshooting and through console manage events. 

Management of the object is also a valuable feature. At every point in the console you can manage object properties and look to each policy where it is used and simply change or find where the object is involved.

What needs improvement?

Some features, like the VPN, antispam, data loss prevention, etc., are managed in an external console. In the future, I'd like all features in the same console, in one place, where we can see and configure all features. I'd like a web console so that all firewalls can be managed from a web browser and we don't need to be installed on dedicated consoles and applications. 

I use the web console to mange the Gaia software in the firewall and it would be nice to have also policy management inside the web browser. 

For how long have I used the solution?

I've used the solution for four months.

What do I think about the stability of the solution?

It is very stable. We have reboot only to install updates.

What do I think about the scalability of the solution?

We chose the solution for scalability and now we are running with all branches with a Check Point firewall. The solution is meeting our expectations.

How are customer service and support?

We do not need customer support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did use a different solution. We switched to improve security.

How was the initial setup?

It was complex to set up due to the fact that we changed our mind on how the firewall works. Central management is hard to improve.

What about the implementation team?

We implemented it through a vendor. There was not a high level of expertise, however, I took a course with Check Point and that was very clear and now I'm very expert on the Check Point world.

What was our ROI?

We have seen an ROI in that we need less time on managed policies and we have better control.

What's my experience with pricing, setup cost, and licensing?

The cost is high but the benefits are too.

Which other solutions did I evaluate?

We also looked at Palo Alto, WatchGuard, and Fortinet.

What other advice do I have?

The solution is a good solution and at the top of the market.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
reviewer1396851
Deputy Manager (Systems) at State Bank of India
Real User
Top 10
Generates extensive logs that help figure out issues but the packet mode needs to optimized
Pros and Cons
  • "Advanced logging capabilities: Check Point generates extensive logs which may be very useful to figure out the issues. Its logs also contain too much information which can be used to modify the policy as per user need and organizational security environment. The same can be used to figure out probable attack surface or necessary steps for mitigation."
  • "Management: Check Point should move away from its current architecture wherein it mandatorily requires a management server to manage the gateways. They should develop A feature in the gateway itself so that no management server is needed for policy and gateway management."

What is our primary use case?

Check Point NGFW is being used as a security product in the environment. It is securing the IT infrastructure and delivering the services as expected. In the current world scenario, IT is becoming the backbone for every organization, and most business is highly dependant on IT so securing the IT infrastructure is becoming challenging. Check Point NGFW meets the expectations of our organization to secure the IT infrastructure as per organizational need. Check Point NGFW also gives many security features in single box which reduce your management complexities.

How has it helped my organization?

Our organization's primary need is to make information available and secure from an insider as well as outsider threats. Check Point NGFW can give you lots of security features on a single device that can be used as per the organization's need, you not need to procure separate security devices to strengthen the security. The organization also provides services like service providers so it becomes more critical to secure the IT environment and we believe Check Point NGFW family is meeting the requirement as per the expectation.

What is most valuable?

Advanced logging capabilities: Check Point generates extensive logs which may be very useful to figure out the issues. Its logs also contain too much information which can be used to modify the policy as per user need and organizational security environment. The same can be used to figure out probable attack surface or necessary steps for mitigation. 

Anti-spoofing security feature: Check Point has inbuilt by default enabled feature of anti-spoofing which reduces the attack surface from the spoofed IP addresses. 

IPS: Check Point IPS is one of the best products in the market.  

What needs improvement?

Management: Check Point should move away from its current architecture wherein it mandatorily requires a management server to manage the gateways. They should develop A feature in the gateway itself so that no management server is needed for policy and gateway management. They should leave it to the user whether they want to procure a dedicated management server or run the show with the gateway itself. It will also reduce the operation cost.

They should also optimize the packet mode feature like Cisco’s firewall packet tracer wherein it tells administrators which policy or rule is processing the intended traffic.

For how long have I used the solution?

More than two years.

What do I think about the stability of the solution?

Check Point maestro is highly scalable, their other chassis base solutions are also scalable 

What do I think about the scalability of the solution?

If you choose Check Point maestro platform they you need not to worry about the scalability.

How are customer service and technical support?

They are very cooperative and supportive in nature. 

Which solution did I use previously and why did I switch?

We were using an ACL based firewall which was traditional and not meets the current security expectation. So to meet the advance security requirement product like Check Point is needed.

How was the initial setup?

It was straightforward.

What about the implementation team?

Check Point authorised partner had been involved in the migration to avoid any operation issue 

What was our ROI?

Hard to calculate.

What's my experience with pricing, setup cost, and licensing?

They should first understand their organization's needs and accordingly choose the product. In case if someone is not sure especially about sizing then they should use the Check Point maestro platform as it gives you the flexibility to augment the capacity on the fly without disrupting the existing running operation.

Which other solutions did I evaluate?

We have not evaluated any other option before Check Point. 

What other advice do I have?

Check Point gives you flexibility and eases the management with meeting organisation’s security need. But before choosing proper sizing has to be done.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.