What is our primary use case?
It's just enterprise firewalls, firewall clusters for redundancy to secure the company network from the internet, and as well as a data center firewall, for example, if you want to split up subnets to control traffic between them.
What is most valuable?
The management is very handy and intuitive, and it has a lot of features. I think it's one of the products in this market which has the most possibilities.
I saw some other firewall vendors or firewall solutions from other vendors. And maybe I like it because I'm very familiar with Check Point and the management of the Check Point gateways. So, probably, I'm just not aware of how other solutions work and how to use them.
We also see or have a lot of customers with Palo Alto. That's also a solution we see a lot, but we have been a Check Point partner for more than seven or eight years since the beginning of our company. We have done a lot of research on firewall solutions.
In our opinion, it's one of the best because the management is very handy. So it's easy to implement every possible configuration, and you have a good oversight of your rule set.
If I compare it with Cisco Meraki, for example, if the rules grow, then it's very hard to get oversight or to have oversight over the whole rule set. So then it becomes hard to manage.
With Check Point, it's easy because even when you have 200 or more rules, it's still very user-friendly, and you can still quickly manage your whole rule set.
What needs improvement?
What I like about Meraki is the whole cloud-managed feature, where it can configure gateways in the cloud and preconfigure it as well. So I don't need to have access to the device or create a configuration in the cloud.
And as soon as the firewall comes online connected to the internet, then it downloads its configuration from the cloud. I think Check Point does also have such a solution, but I'm not aware that it's as easy as Cisco Meraki. Sometimes it would be nice if they would have the same possibilities.
For how long have I used the solution?
I have been using it for about five years now.
What do I think about the stability of the solution?
I have not yet faced any challenges with performance or stability. Sometimes when we implement core firewalls, there are applications that have longer session timeouts than the Check Point firewalls in the default settings.
Windows has a default session timeout for about two hours, I think, and Check Point's is one hour. So, it's not a performance issue, but the application will not run as well as before the security gateway analyzes and blocks traffic. So, it depends.
What do I think about the scalability of the solution?
Scalability is a very good point of Check Point's solution. They can scale very well and very large.
How are customer service and support?
The technical support is also very well and specific. It's very useful to have technical support from Check Point.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I have experience with Nutanix Flow. It's also possible to enable training in Nutanix Flow where you can redirect the traffic to Check Point gateways. I think that's a very useful feature if you need layer seven traffic analysis and blocks. But I don't have any customers, or we don't have any customers, who use chaining. We also don't have any customers who use a micro-segmentation solution from Check Point. So, I'm not aware if they have a comparable solution like Flow.
How was the initial setup?
For the initial setup, you need a good knowledge of the operating system, Gaia OS. It needs some knowledge to get started, but if you've done it once, then it's easygoing.
Normally, we check the customer's requirements. Then we start to deploy the gateway and start with a basic rule set so the customer is able to refine it for their needs. If we are in charge of creating a complete rule set, we will bring all the requirements into a concept and then create a rule set in a more suitable way.
Some customers have very basic requirements. If it's just to deploy the gateways, then it's very easy and quick. You just need maybe a few days and a maintenance window outside of business hours. But there are also customers who have a lot more requirements, like scanning or analyzing the traffic for subnets inside of the network.
For example, a core firewall can be very time-consuming. You need to do a lot more research and concepts or write concepts on how to achieve that. That can take a few months.
For maintenance, you need to know what you do. It can be difficult if you don't know what you want to achieve. If you are not aware of network security, then probably it's not that easy, and you may run into configuration errors or mistakes. It's easy to manage, but you have to know what you do.
What's my experience with pricing, setup cost, and licensing?
Check Point is not the cheapest vendor in the market, but it has everything you need compared to other solutions. So that's probably the main reason for the cost or the prices. I think it's probably on the same level as Palo Alto.
What other advice do I have?
I would recommend Check Point to other users who are looking into implementing it.
I would advise others to compare or write down their requirements and have a look to see if Check Point is able to fulfill all the requirements.
Overall, I would rate it a nine out of ten.
*Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
