Check Point NGFW Valuable Features
Principal Network and Security Consultant at a comms service provider with 10,001+ employees
Among the valuable features are antivirus, URL inspection, and anti-malware protection. These are all advanced features.
One of the great advantages of having Check Point as a firewall is that all of these are software blades, so you can buy a license or subscription and enable them and get the security up and running. With other firewalls, it's a completely different agenda, meaning some of them require hardware modules, and some of them have a complex way of adding the licensing, etc. Check Point definitely has a great architecture, where you can just enable the software blades and deploy a secure service. Overall, it provides ease of deployment and ease of use.View full review »
The feature I like the most is their central management, the Smart controller which you can use to manage all the firewalls from one location. You can get practically all information — but not all the information, because not everything has been migrated from the previous SmartDashboard version into the SmartConsole. Being able to access almost everything in one location — manage all your gateways and get all your logs — for me, is the best feature to work with.
As for the security features, that depends a bit on what you're doing with it, and what your goal is. But they're all very good for application URL filtering. Threat Prevention and Threat Extraction are also great, especially the Threat Extraction. It's very nice because your end-user doesn't have to wait for the file that he's downloading to see if it's infected, if it's malware or not. It gives him a plain text version without active content, and he can start working. And if he needs the actual version, it will be available a few minutes later to download, if it isn't infected. That's a great feature.
Anti-Bot also is also very nice because if a PC from an end-user gets infected, it stops it from communicating with its command and control, and you get notification that there is an infected computer.
It's difficult to distinguish which feature is best, because they're all good. It just depends on what your goals are. As a partner, we are implementing all of them, and which ones we prioritize depends on the client's needs and which is the best for them. For me, they're all very good.View full review »
Senior IT Manager at a mining and metals company with 501-1,000 employees
Packet inspections have been a strong point. Our Identity Collectors have also been helpful. In many ways, Check Point has been a step up from our SonicWalls that we had in-house before that. There's a lot of additional flexibility that we didn't have before.
We saw a noticeable performance hit using SonicWalls. Whether it's because we've provisioned the Check Point gateways correctly from a hardware standpoint or whether it's the software that is much more efficient (or both), we do packet inspection with very little impact to hardware resources and throughput speeds are much improved.
With SonicWall, after it would calculate inspection overhead, we might see throughput at, and often below, 15%. My network administrator gave me data showing Check Point hovering at 50%, and so we were actually seeing Check Point fulfill its claims better than SonicWall.View full review »
Network and Security Specialist at a tech services company with 51-200 employees
The most valuable feature is definitely the logs. The way you can search the logs and have the granularity from the filter. It's just very nice.
I love the interface of R.80.30. The R.80 interface is very nicely thought out with everything in one place, which makes Check Point easier to use. When I started in 2014, I was just confused with how many interfaces I had to go on to find things. While there are quite a few interfaces still in the older smart dashboard versions, most things are consolidated now.View full review »
- The most valuable feature for us is the VSX, the virtualization.
- The GUI is also better than what we had previously.
- The third feature is basic IP rules, which are more straightforward.
- And let's not forget the VPN.
The way we use the VPN is usually for partners to connect with. We want a secure connection between our bank and other enterprises so we use the VPN for them. Also, when we want to secure a connection to our staff workstations, when employees want to work from home, we use a VPN. That has been a very crucial feature because of COVID-19. A lot of our people needed to work remotely.
I like that it first checks the SAM database. If there is any suspicious traffic, then you can block that critical traffic in the SAM database instead of creating a rule on the firewall, then pushing that out, which takes time.
The Anti-Spoofing has the ability to monitor the interfaces. Suppose any spoofed IP addresses are coming from an external interface, it won't allow them. It will drop that traffic. You have two options with the Anti-Spoofing: prevent or detect. If any kind of spoof traffic is coming through the external interface, we can prevent that.
I like the Check Point SandBlast, which is also the new technology that I like, because it mitigates the zero-day attacks. I haven't worked on SandBlast, but I did have a chance to do the certification two years back, so I have sound knowledge on SandBlast. We can deploy it as a SandBlast appliance or use it along with the Check Point Firewall to forward the traffic to the SandBlast Cloud.View full review »
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
The most valuable features are the
- security blades
- ease of managing the policies, searching log for events, and correlating them.
The simplicity of the access control is the most valuable feature for us. It gives us the ability to easily identify traffic that is either being allowed or denied to our network. The ease of use is important to us. The more difficult something is to use, the more likely it is that you'll experience some type of service failure. When we do have issues, with the Check Point SmartConsole being as simple as it is to navigate, it makes it easy for us to identify problems and fix them, to minimize our downtime.View full review »
Network Associate at a wireless company with 1,001-5,000 employees
I like the antivirus, attack prevention, three-layer architecture, and data center management features.
The antivirus updates are quite frequent, which is something that I like.
Central management is a key feature. We have between five and ten firewalls on-premises, and if we want to configure or push the same configuration to all of the firewalls, then the centralized management system is very helpful. It means that we only have to push the configuration once and it gets published on all of the firewalls.View full review »
Security Expert at a aerospace/defense firm with 10,001+ employees
The basic most valuable feature is the firewall itself.
The management platform, dashboard, graphical user interface, are one of the best, if not the best, in the business. It's the most intuitive and it's really user-friendly in day-to-day operations.
The VPN means you can communicate in an encrypted manner between sites.
The application control and URL filtering are also very beneficial. They enable you to tighten security and decide which applications or websites you want to grant access to. In our company, we don't allow anyone to freely access the internet to surf all websites. Some sites may be sensitive and some of them may be inappropriate. It allows us to control the traffic.View full review »
Security Engineer at a tech services company with 1,001-5,000 employees
The most valuable features about Check Point are the API and automation process.
Using the GUI, you can add comments from your PC or the client server. If I want to check the firewall rules, I can send one line of command to determine if it is configured or not.
Its implementation and integration with the rest of the network are better than its competitors.View full review »
IT Infrastructure & Cyber Security Manager at a retailer with 501-1,000 employees
A firewall is a firewall. It's a Layer 4 machine that blocks or allows traffic for ports. That's the basics and we don't need a next-generation firewall for that. But the features that are important include:
- URL filtering.
A basic firewall is a basic firewall. You don't need Check Point and you don't need Palo Alto or the other vendors to block ports from source to destination. But we need the advanced features of this product to give us the visibility into, and the security and protection from, scenarios that are not the usual source-to-destination attacks. The solution needs to understand what the connection is, what the behavior of the connection is, and what the reason for the connection is. It can't be a stupid machine. It needs to know that if you're allowing port 53 from source to destination, that it has to check and give us the information that this communication is legitimate, and not something that is malicious.View full review »
Logging has been excellent. Being able to see all logs from all the various firewalls at different sites in one window has made fault finding much easier. We can see how the traffic is moving through the sites and on which firewall.
It has also been easy to see machines that may have had infections as we can report easily on devices trying to talk out to sites and services that are known to be dangerous. We have these set up as an HA pair on our main site and we have a lot of audio and video services that go out over the web.
The failover from one device to the other has been seamless and we find that we do not lose ongoing SIP calls or Teams chats.View full review »
Network Security Engineer at a tech services company with 10,001+ employees
There are many useful features including the Office VPN, which provides us with a seamless connection for users who are working remotely. This is helpful for our employees that are working from home, as they get the same office environment as if they were on-premises. It is also helpful for us as an organization because we have good control and visibility over their data, including network traffic packets.View full review »
System Architekt at a financial services firm with 1-10 employees
We use the basic firewall functionality, plus the VPN functionality, a lot.
We have about 100 remote sites, which is where we use the VPN functionality. For private lines, we prefer to do further private encryption on the line. It is very convenient to do it with Check Point, if you have Check Point on both sides. It is convenient and easy to monitor.
The firewall feature and DDoS Protector, when turned on, keep away attacks from the outside. They also prevent users from accessing things on the Internet that they are not supposed to access.View full review »
It provides the flexibility to use any module with the NGTP and SNBT license. Depending upon the requirements, the blades/module can be enabled on the firewall security gateway and it can be deployed easily.
In case SSL decryption or IPS need to be enabled on any security gateway, it is simple to do. We can go ahead and enable the module/blade and then create a policy, deploy it, and it will start to work.
It has a default five-user license for Mobile/SSL VPN, so the organization can check the solution any time or can even provide access to critical users on an as-needed basis, without getting the OEM involved, all on the same box.
For smaller organizations with the correct sizing of the appliance, they can use the full security solution on a single box. It will provide financial benefits along with reducing the cost of purchasing additional solutions or appliances.
- URL Filtering Module: It can replace the proxy solution for on-premises users with integration of application control and the Identity module. Active Directory access can be provided based on the User ID and the website or application.
- SSL VPN or SSL decryptor, and more.
- Core assignment for each interface, which can be done using the CLI. If the administrator determines that a particular interface requires more compute, he can manually assign additional cores accordingly. This is done by enabling hyperthreading on the firewall.
- The policy can be copied from any security gateway and pasted onto another one.
The best part is that it is very intuitive. It is easy to configure, deploy, and maintain. If it works, it works.
The troubleshooting: When you find something that is not working, it is very easy to check in the logs what is failing and fix it in a short time.
The login tool is really nice.View full review »
Sr. Network Engineer at a tech services company with 1,001-5,000 employees
What I like about this firewall is it has a central management system. We can configure or monitor a number of firewalls at a time from the central management system.
They have a logging system where we can have our logs visible. The logs are easy to view and understand.
Senior Network Engineer at a tech services company with 1,001-5,000 employees
The most valuable feature would be the central management system of Check Point because we can manage multiple firewalls through it at the same time. It doesn't matter the location.
I also like the advanced Antivirus feature of Check Point.
The Threat Management feature makes it very easy to detect the vulnerabilities and other factors. We can make new policy according to it. Policy creation is very simple in Check Point. Because the logs are very good in Check Point Firewall, this reduces our work with the reports that we are getting from the Threat Management. It is very convenient for us to use the reports to make new policies for security and other things.
It is very user-friendly.View full review »
IT System Operations Manager at Hamamatsu Photonics KK
They offer very scalable solutions to extend compute resources if needed so initial sizing isn't too much of an issue as you can easily add more resources if needed. Reliability is a major factor in any hardware or software solution, and Check Point uses leading-edge hardware, and their software upgrade process is flexible for various deployment requirements.
Policy configuration has been consistent over the years, so there is not much of a learning curve as upgrades are released.
Their threat analysis reporting from their management console is very comprehensive and easy to use. Their web-based dashboard is well designed and offers many out-of-the-box reporting, and provides admins extensive customizations.View full review »
Check Point gateway and management installation are very easy. After the console-based installation steps, you can continue on the web GUI interface. This is very valuable. It doesn't let you make a simple mistake, which might be a reason to install all the systems from the beginning. It has been designed to give you flexibility as much as needed; not more, not less. It prevents human mistakes, basically.
If I have to say just one thing as the most valuable; I will say it is the most reliable firewall solution in the world. It is easy to prove that when I compare the number of CVEs which are published in a year among firewall vendors.View full review »
What I like most about Check Point Firewall is that it is easy to use.
The most valuable feature is the IPS. For our bank project, we are using it as an external firewall. All the traffic is going through the Check Point Firewall. Then, using the IPS, we can easily identify if there is any malicious activity or anything else. We also have to update signatures on a regular basis.View full review »
TitleNetwork Manager at Destinology
Check Point offers a secure VPN client. We distribute to our agents via group policy. Our agents can then connect to our network when working from home - which was a game-changer due to the recent pandemic situation.
Check Point also offers a mobile app capsule connect which, as a system administrator, has proven very useful when a high-priority issue occurs. I am able to connect to my internal network via a phone or tablet - which has proven useful in some scenarios.
As a system administrator my favourite part of Check Point is the smart view tracker. This alone is a must-have tool for tracking all traffic traversing the Check Point appliance. It makes troubleshooting much easier. This software alone sets Check Point out in front of the competition.View full review »
Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution.
The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters. It is well organized.
Some other of the services that have worked well for us are antivirus, anti-bot, and URL filtering. Together, these have allowed us to maintain control and organization amongst the users.
Another one of the pluses that have helped us a lot has been the IPsec VPN, especially in these times of pandemic.View full review »
We are using the Check Point Next-Generation Firewall to maximize protection through unified management, monitoring, and reporting. It has the following features:-
- Antivirus: This stops incoming malicious files at the gateway, before the user is affected, with real-time virus signatures and anomaly-based protections.
- IPS: The IPS software blade further secures your network by inspecting packets. It offers full-featured IPS with geo-protections and is constantly updated with new defenses against emerging threats.
- AntiBot: It detects bot-infected machines, prevents bot damage by blocking both cyber-criminals Command and Control center communications, and is continually updated.
- Application Control: It creates granular security policies based on users or groups to identify, block or limit the usage of web applications.
- URL Filtering: The network admin can block access to entire websites or just pages within, set enforcements by time allocation or bandwidth limitations, and maintain a list of accepted and unaccepted website URLs.
- Identity Awareness: This feature provides granular visibility of users, groups, and machines, enabling unmatched application and access control through the creation of accurate, identity-based policies.
The management of services, including forming access lists with the services we have, connecting servers to servers, permissions between servers and users — this is all great. In addition, Check Point has a really cool GUI.View full review »
IT Manager at a comms service provider with 51-200 employees
We basically use almost all the blades, since the IPS, Threat Emulation, Spam, etc., are essential for our work. However, currently, Mobile Access is the most valuable. The stability of the solution and the security it gives when working remotely is great. It lets our employees work from everywhere, anytime!
The AntiSpam/Mail blade was also one of the main reasons we went with this product since we hosted our email server locally. This was an extra layer of protection on top of the existing solution.
Threat and Application control are also very important to us.View full review »
Sr. Network Engineer at a tech services company with 1,001-5,000 employees
Check Point's Next Generation Firewall has many good features. It has a central management system, and that means we do not have to go to each and every firewall to configure it. We can manage them with the central device.
There are also additional features, compared to a Layer 4 or Layer 3 firewall, such as AV signatures and devices, which are very helpful for securing the company's network.View full review »
Network Security Administrator at a computer software company with 201-500 employees
Check Point has a lot of features. The ones I love are the
- intrusion prevention
- data loss prevention.
Apart from that, there is central management through which we can integrate all the firewalls and support them. It makes it easy to manage all the firewalls.
It's also user-friendly and not very complex. Anyone can use it and the dashboard is quite good.View full review »
Senior System Administrator at Seminole Electric Cooperative, Inc.
We've found threat emulation, application control (with identity awareness), and HTTPS inspection to be the most valuable aspects. It allows managers the flexibility to grant access to high-risk sites based on groups/roles and yet still be protected with threat emulation and HTTPS inspection. We've seen the rate of detection on our endpoints plummet.
I've found that, over the last 4 years, they have constantly improved the user interface (SmartConsole) as they have moved away from four Control panels for different functions and are constantly adding new features with no impact on our availability during upgrades.View full review »
IT Manager at a transportation company with 501-1,000 employees
It's a NGFW with all of the capabilities required to protect for next-generation attacks at the perimeter level. The module or Security features that are provided as part of the base license with Check Point include (VPN, IPS, Application Control, and Content Awareness) which itself is strong enough to protect the organization.
The packet inspections have been a strong point. Our identity collectors have also been helpful. In many ways, Check Point has been a step up from the SonicWall that we had in-house before that. There's a lot of additional flexibility that we didn't have before.View full review »
Consultant at firstname.lastname@example.org Systemhaus
Since the log files of all services are collected on the management server there is an easy and good view of all actual connections, attacks, or security risks.
In addition, when using the SmartEvent software blade, you get the possibility to have an easy to configure event correlation system, which will automatically fire mail alerts or can even block IP addresses if there are network or security anomalies detected on the firewall system.
This is also possible if the services are allowed - for example, if there are flooding attacks on server systems.
For example, this has prevented our Citrix Netscaler from being taken down during attacks.View full review »
There are many great features, however, with our last upgrade, we now have a web GUI that allows us to pull up multiple facets of the firewall environment. This feature has been very handy. There have been times we have a connectivity issue, and both sides are blaming each other. If I'm away from my desk and don't have my laptop, I can quickly bring up the interface on my phone and search through the logs, rule base, and VPN communities to help quickly troubleshoot the problem. I can't say it enough - this has been invaluable.View full review »
Integration engineer at S21sec
The support Check Point gives is key. As the Firewall vendor, I recommend them. It's always great to work with them. For this reason, I am very satisfied with Check Point. Every doubt I had they were pleased to help with and we ab;e to provide a resolution. The technical services always replied in a very fast and effective way. The live chat is great as well. There is always someone willing to help. This makes working with Check Point a good experience.
Check Point expert mode is basically Linux, so working with that allows us to implement a variety of scripts.View full review »
The most valuable feature of the firewall is the packet inspection. That is an amazing feature from Check Point. Apart from that, we do have identity solutions which we use on a regular basis. Both are very good.View full review »
This product, being a Next-Generation Firewall (say, for this example, Unified Threat Management as well) provides up-to-date security options through different modules and scalability to match almost any firewall security needs.
The easy and standardized management interface, now with a complete and functional API mechanism, provides the administrator several ways of managing the solution. At the same time, the interface is common and unified through the different security modules.
They not only have a great support team but the knowledge base is another good point to consider.View full review »
It gives us centralized management for multiple firewalls. For example, if I want to push the same configuration to 10 firewalls, I can push it all at once with the help of the centralized management system.
It is easy to use because it supports Linux language in the CLI. This is a good for someone who already knows Linux language.View full review »
Solutions Lead at a tech services company with 1,001-5,000 employees
My favorite feature is the UTM piece and that was the main reason we bought it. It helps us to fine tune the network. We use it to block certain websites, to block access to particular locations, such as in Singapore or say Malaysia, where we have offices. We keep the previous device updated and, based on that, we also have static MAC address binding.
We also use the VPN services. The VPN features are mostly for our cloud connectivity and for our remote users to have local server access.View full review »
- Threat Prevention
- The central management
These are vital, advanced firewall features for the market. They protect the environment more than the usual firewalls.View full review »
Network Security Engineer at a tech services company with 10,001+ employees
The most valuable feature is the set of encryption options that are available.
Viewing the logs in the interface is easy to do, which is one of the things that I like.
This is a UI-based firewall that is easy to use.View full review »
The application authentication feature of Check Point is the most valuable as it helps us keep users secure.
It works smoothly when managing clients' on-premise and cloud firewalls.View full review »
One of the valuable characteristics of Check Point NGFW is that it presents very centralized management. Due to this, it's improved our security throughout the organization and outside of it. Many collaborators work from their homes or different places and help us filter, limit of access to packet inspection with flexibility and speed that was not previously possible.
Other characteristics are the records that it shows us and generates depending on its configuration and they are very visible to be able to attack and correct in time, or when superiors ask us for administrative information in that part it provides great value.View full review »
Senior Linux Administrator at Cartrack
Many problems have been solved with these firewalls and we've largely been very satisfied. Thanks to this infrastructure that we have managed, in this pandemic time, to quickly and effectively offer the potential to remotely work for everyone has been good.
Also important is the separate management interface that has made it possible to carry out even the most operations while comfortably seated at the desk. It provides multiple profiles that you can apply depending on the scenario that presents itself.View full review »
Senior Infrastructure Technical Lead at a financial services firm with 10,001+ employees
The VSX has been great. The ability to split single hardware into multiple virtuals along with support for dynamic routing using BGP is very useful for our environment.
We like the management console. The Check Point smart dashboard has made things easier for administration and we've been able to manage all the Check Point devices from one place which is very useful.
The operations support is great. There is a smart log system that is very good for troubleshooting and reporting. We also use the CLI for troubleshooting purposes (for the likes of FWMonitor and tcpdump) while the FW rules are managed via the smart console which does wonders for operations support.View full review »
Firewall Administrator at a tech services company with 1,001-5,000 employees
The most valuable feature is the central management system through the Security Management Server. Apart from that, the graphical user interface helps us to do things easily.View full review »
Network and Security Engineer at BIMBA & LOLA, S.L.
The centrally managed firewalls are great. We can save a lot of configuration time in configuration tasks. We have deployed about 200 devices in record time due to the fact that we use a unique policy for almost all of them.
Logs, Views and Reports are the most detailed compared to other vendors (FortiGate, etc.) We can see a lot of detail in the logs and also we can configure any report we need without any problem and in two clicks.
We can see that, for IPS signatures, we have updates every day, sometimes twice a day, so we see a lot of effort from the vendor. They really try to protect our environment from known attacks and vulnerabilities.View full review »
President at NGA Consulting, Inc.
The protection has been outstanding! I have not had an infected machine behind the firewall since I first installed and started using NGFW. I appreciate the network health reports, the infected devices report, they make my job a lot easier by providing the information right there in the interface.
With the web category blocking turned on, I can set it and forget it so that inappropriate business content is not brought into my network, it makes it easier to ensure that time isn't being wasted on non-business-related activities.View full review »
Remote access with a secure workspace provides a clear separation between the client and corporate network.
Threat Emulation (sandboxing) is great for zero-day malware and it is easy to configure.
Logging and administration are best-of-breed. You can quickly trace back on all sorts of logs in no time.
IPS and AV rules are granular and specific for the rules that you need.
The geolocation feature is good for dropping irrelevant traffic.
Configuration through SMS is quick and easy. It eliminates administration errors while checking consistency before applying a policy.View full review »
Check Point has the best technical support, which I feel if we consider other firewall vendors in the market, is an important distinguishing point.
Stateful inspection is one of the strongest points in this product, which is applicable while creating policies for application and URL filtering.
Check Point provides dedicated blades to monitor network traffic, which helps while troubleshooting network and packet-related issues.
It is easy to filter traffic based on source-destination services, time, etc, which is an enhancement over other firewalls in the market.View full review »
IT Security Engineer at PricewaterhouseCoopers
Identity Awareness has been an absolute gamechanger in how we've been able to create rules within the company. It allows us to give access to certain resources in very specific ways that were not possible before.
The SmartConsole is a very powerful interface compared to many other competiting products, which allows us to seamlessly go from watching logs, to modifying the rule base and easily find what objects are used where or even check which logs are linked to a specific rule
Logs are very well parsed when sent to Splunk.View full review »
Systems Architect at PHARMPIX CORP
The Remote Access VPN has been crucial to us, especially during this pandemic. We had to be on lockdown for a couple of months and being able to deploy a remote workforce with Check Point VPN was a crucial part of our business continuity strategy.
The logs and reporting are very easy to use and manage. Also, the IPS and IDS are critical components to keeping our network secure. They are very easy to configure and there are multiple templates that can be used out of the box that provides maximum protection to our network.
The support offers the best services I have experienced. It's better than any other IT vendor.View full review »
Senior Network Engineer at Arvest Bank Group
The only area that Check Point still seems to excel in is their logging. Reviewing logs on Check Point is a snappy and intuitive process that allows the end-user to filter down traffic to specifically what they're looking for very easily and even with little knowledge of Check Point.
The ability to create filters on the fly in the GUI with simple clicks to various areas of the log is fantastic and allows one to find exactly what they're looking for with very little effort. Note that this is probably the only thing Check Point still has going for it.View full review »
President at NGA Consulting, Inc.
The reporting feature has been helpful to get a quick understanding of network traffic and threats identified. Even if a false positive is identified, it's been helpful to perform more of a deep dive into what triggered the detection and to certify that there is a problem or that there isn't a problem.
Anti-virus and anti-malware on the NGFW device have been pretty solid and have caught many threats before they entered the network.
The event logs are relatively informative and can provide information on why traffic was accepted or rejected.View full review »
Network Engineer II at Baptist Health
There are several useful features that we utilize that are now valuable assets in terms of protecting the network. These would include user identification (ID Collector), IPS, antibot, antivirus, application, and URL filtering as well as the standard firewall security rules. They all work together to provide layers of security to protect both inbound and outbound traffic in order to minimize loss of private data as well as to ensure our network is free of bad actors attempting to use malware or ransomware against us.View full review »
Sr. Network Engineer at a insurance company with 5,001-10,000 employees
The most valuable features are its
- threat detection
- central management system.
The central management makes it easier, and is a time-saver, when implementing changes. We can do all the changes within Check Point and not use any third-party device.View full review »
Next-Generation Threat Prevention capabilities provide security in a high-traffic load, ensuring detection and prevention of known threats by AME, AV, and Sandblast technologies.
We are also using the system to create VPN gateways for our multiple partners and we haven't faced any issues with them.
Check Point gateways are a stable product that can run without any issues until a major upgrade or vulnerability mitigation is required.
The support has been reasonable and they were able to minimize the impact during critical incidents.View full review »
Senior Information Security Specialist at a tech vendor with 10,001+ employees
The Threat Extraction software blade feature is the most valuable feature as it extracts any potential harmful content from several kinds of documents, which our users receive via e-mail or download from the Internet. We know, that our users tend to click on everything they get without thinking too much about the consequences.
The second feature to mention is Threat Emulation, which is basically a sandbox, which runs executables received via email or downloaded from the Internet and creates a verdict if this executable is harmful or not in regards how it behaves on a specific operating system and application.View full review »
System Administrator at Grant Thornton
The solution offers very good central management, which saves time and is hassle-free.
One of the most useful new feature is dynamic definitions. For example, if you need to allow all of the Microsoft Azure IP addresses, you can insert them dynamically and Check Point will update them for you. Without it, to find all IP addresses would be almost impossible.
You can create additional layers for the firewall rules. This allows better organization and performance of the product by skipping to the rules that are responsible for this group of protected devices.
The packet inspection capabilities are great.
ARP protections based on interface works better than it does with other vendors.
There are new improvements related to the upgrade of the solution, making for the easiest upgrade/update procedures.
New features allow for concurrent use of the console in write mode between different users.
The exposed API allows us to automate a lot of actions in a very easy way.
The central console and log collector are basically the best central management consoles, and each day provides new useful features like counts, etc.View full review »
Technology Architect at BearingPoint
The most valuable features are the identity-based access and high-quality intrusion prevention functionalities.
One of the most valuable aspects is the central management, which includes a large wide range of API calls. With the central management, we can define a reasonable security policy for many sites and not only for network segments but for user and AD groups. This gives us a bit more "Zero Trust" in our network.
It's enabled us to move away from basic LAN to LAN segmentation to a more powerful user separation approach.View full review »
Ingeniero de Infraestructura at E-Global S.A.
Check Point's most useful feature is threat prevention and extraction. It was tough to manage seven firewalls and a perimeter solution for IPS, anti-malware, anti-bot, and sandboxing.
Integrating everything in Check Point allows us to see all the attacks that are blocked with our perimeter countermeasures every day. Check Point's high detection rate improves our overall security posture, and we can achieve a low rate of false positives through a few adjustments to the configuration.View full review »
The solution offers a good GUI. It is easy to use, smart, simple, and user-friendly.
The client VPN and S2S VPN capabilities are great. Check Point's mobile access provides us with flexibility. We don't have a single point of failure regarding the VPN access points anymore.
We can use Check Point NGFW physically, virtually (with Check Point VSX), and on the cloud with CloudGuard. We have most of the features available even within these different environments.
We can apply SAM Rules (without installation needs), and Custom Intelligence Feeds.
It has good API support and provides value when you need it.View full review »
We greatly appreciate the ease of configuring firewall policy ACL rules and how the seamless integration with VPN users and user groups provides the ability to granularly restrict access. The uncomplicated configuration ensures that mistakes are avoided and rules are easily audited.
Having the ability to set an expiration date for remote access VPN users simplifies the process and increases security by ensuring that stale accounts and not forgotten.
In general, we find that CheckPoint offers a great balance between ease of use and configurability.View full review »
Senior Infrastructure Service Specialist at a financial services firm with 10,001+ employees
Even though Check Point NGFW provides a set of security features that enforce protection on the network, the most valuable aspect is also the most used feature: the plain and simple firewall component. This is the core of the product and works to a great extent without the need for all other available bells and whistles.
What may sound obvious is actually an important point to be weighed, since several platforms in the market promise miracles but fail to deliver the basics. Check Point NGFW most definitely delivers a great, stable platform in that regard.View full review »
Check Point NGFW has all the security blades a certain company would want to implement for a network firewall facing the public internet. The upsides of choosing this kind of firewall are traffic acceleration, core acceleration, and interface acceleration which would help in maintaining smooth sailing activity, giving administrators less dilemma.
Administrators always find it hard and disturbing when such a network bottleneck occurs spontaneously out of nowhere. With that said, Check Point still ranks first among other vendors.View full review »
VPN and mobile VPN are extremely valuable to us. The policies are simple to deploy to the new branches.
All policies can be deployed and managed in a very simple way.
AD single sign-on with VPN mobile is very helpful and simple to manage and deploy.
Log management is also a good place to make troubleshooting and through console manage events.
Management of the object is also a valuable feature. At every point in the console you can manage object properties and look to each policy where it is used and simply change or find where the object is involved.View full review »
The distributed deployment is very helpful. This way, the burden on each device is less and management is very easy and CPU process utilization will be not high on a particular device - it'll be distributed on each device. Management is very easy.
We like that it is a next-generation firewall where hackers would need to inspect down to a seventh layer, an application layer, and that offers us better protection.
The initial setup was straightforward.
The solution can scale.View full review »
TitleManager - Datacenter IT at a manufacturing company with 10,001+ employees
I love the redesigned interface starting with R80 as well as the ability for multiple engineers to work on the policy simultaneously. Policy management is simplified and the virtualization options help us to plan for future deployments in a much easier way. While we haven't tried out all the features available - like Sandblast, AntiBot, URL filtering, etc. - the fact that these are available to use is definitely a plus. We were able to use the IPS features, negating the deployment of an expensive standalone IPS solution.View full review »
Sr. Network Engineer at a tech services company with 51-200 employees
The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them.
It has various features, like Threat Prevention and Antivirus. It is easier to use and have knowledge of a single device rather than multiple devices/technologies when doing an installation. It is also easy to use because of having Antivirus and Threat Prevention features within the same firewall.View full review »
The API is handy and we are now testing how we can add rules via code. Also, the GUI is easy to use.
The Terraform module for Check Point is complete and really useful for managing the firewall.
Mail filtering is a really good feature that we are implementing for scam protection.
The graphic interface is really easy to use and easy to teach to other members of the team.
The online documentation is complete and easy to read and understand.
The 3-year warranty offered is nice to have with no extra costs needed from us.View full review »
Logical Security Deputy Manager - IT at a financial services firm with 1,001-5,000 employees
Check Point is a robust and reliable security solution, whose architecture and design allow centralized administration with a graphical interface that facilitates its management.
The way in which it manages the nodes within a cluster architecture is excellent, offering fault tolerance which is, in my experience, practically imperceptible when one of the nodes fails. This is thanks to the fact that it maintains a table of shared connections between the nodes and the large number of variables that it takes into consideration to validate the health of the nodes.View full review »
The most valuable feature is the URL filtering.
It also gives us a single console for everything. Rather than having one device for URL filtering and a different device as a firewall, this gives us everything in one place.View full review »
Innovation Consultant at KPN
Trustworthiness and stability are the key aspects when looking at these products.
The up to date-ness of the threat intelligence and the underlying network of devices adding value to it is good.
With many of their own investigators adding their findings to the threat database, Check Point has become a leader in having their product in the higher ranks of the spectrum of efficiency.
The different hardware models focus on a wide spectrum of the market, so any company can choose a model that makes sense for them from the range.View full review »
User at a financial services firm with 10,001+ employees
I found Check Point's software ability to provide for all the perimeter security solutions including next-generation firewalls, intrusion prevention systems, identity and access management, and URL filtering. They are all excellent. Check Point's Central configuration management, central log correlation, and management solution are a cut above the other vendors and are the best in the industry. Check Point's virtualization solutions are also very efficient and can be scaled. They are highly stable solutions (MDS/Domain Managers & MDLS).View full review »
Service Manager at a construction company with 10,001+ employees
Check Point NGFW provides a bunch of different products or Blades, as they call it in Check Point. The firewall engine is what we use the most but we also use the IPS IDS and Anti-Bot features. The solution provides many features.
System Administrator at System Administrator
I personally like the SmartDashboard client best, which is the rule base management solution. You have a nice overview of the existing rules, and new rules are easily implemented. You can filter by IP, application, rule number, port, or hostname, so you easily find what you are looking for. Rules can be grouped by topic (internal, external, Internet, DMZ, etc.). It all can be well arranged to suit your needs.
It also offers a dashboard to see recent threats, errors, or other issues with your gateways, as well as Logs for debugging.
I use it as well as a VM. We use it a lot because we have all fiber optic connections, so we could use almost all of that. The federation is beautiful because I can transfer all traffic to my main site where I can use just one link to the internet, and I can use it as a proxy as well. It is good to keep control and security.View full review »
The antivirus, antibot, and intrusion prevention systems are great. It's very important due to the fact that to prevent is better than to recover. The features play a critical role in preventing any security incidents from happening and minimalizing them before they become bigger problems.
Its URL filtering feature is great. We can manage which users are allowed access to which websites at a certain time. We can also manage which application is allowed and forbidden for the users.
Check Point has a vast list of applications it is able to manage - from torrents to games, social media, etc.View full review »
Systems Engineer at HarborTech Mobility
It's valuable as a next-level network security appliance for your enterprise.
It comes with advanced features like web filtering, app filtering, user-based policies to restrict web and application uses, tunneling, restricting bandwidth uses according to policy, load balancing, etc., and helps to cover almost all network security requirements.
Our IT team has installed a firewall on all of our company's workstations and laptops to keep our own data and our customer's data secure. This program runs in the background and I don't even notice it, but it keeps me secure at work.View full review »
Networking engineer at Hewlett Packard Enterprise
The Identity-Based Inspection Control gives us the ability to leverage the organization’s Microsoft AD, LDAP, RADIUS, and Cisco pxGrid.
The Terminal Servers group membership allows policies to automate typical processes (user moves/add/changes) and decrease configuration changes required on the firewall, which is tremendously beneficial. This limits the integration with the identity store to just one interface, and we still get broad security coverage based on a single set of identity policies.
We leverage the combination of identity and application awareness, which is mandatory in order to build scalable security policies that protect the business without compromising user experience. This feature is extended to the SmartEvent console.View full review »
Senior Systems Engineer at Upper Occoquan Service Authority
The console or the single interface on the blades is most valuable.View full review »
IT Specialist at a tech services company with 10,001+ employees
We like the centralized management for configuring multiple firewalls. It also gives us the Antivirus, threat prevention, and vulnerability tests. These four features protect the environment with security checks. Vulnerability tests allow us to configure changes that can protect the environment.View full review »
IT Security Administrator at a tech services company with 51-200 employees
The solution helps out in our security goals. It acts as a primary source of protection for threats from the internet and is great for data leakage protection.
Most of the time, it's pretty stable.
We have all the features we want or need in this appliance. It's been good so far.View full review »
Senior Network Security Engineer at a tech services company with 1,001-5,000 employees
The SSL VPN with posture assessment helped us to remove the dedicated Standalone SSL VPN solution which was benefited both commercially and technically.
Anti-Bots and IPS enabled security on the network traffic.
Along with VPN and Proxy (Web and application control), we removed another standalone proxy for internal use and extended the content filtering to roaming users as well.
The security posture assessment with two-factor authentication has saved more time and commercial costs by avoiding deploying having to deploy another solution.View full review »
Technology at Partswerx
Check Point VPN has been most valuable to our organization. Having a hardware solution that allows our remote users to connect securely to our business is extremely valuable.
The ease of use, setup and configuration backed by the knowledgeable support of Check Point has made this a smooth and easy setup. Our users can get connected securely, anywhere. When connected with our Check Point VPN endpoint, users get the same security and prevention from the threat prevention module as the rest of the devices on our network.View full review »
The most valuable features are the application and user control. This allows me to allow applications that encourage productivity and limit those that hinder productivity. The Network Address Translation (NAT) will always be a valuable feature as it allows me to turn my private cloud to the public at the click of a button and have secure control over the accessible servers/applications. sandboxing is also a valuable feature that allows the NGFW to act as an anti-malware, this would be largely helpful to prevent or minimize ransomware attacks.View full review »
Check Point's new Smart dashboard has an all-in-one configuration interface. They provide a very easy configuration for NAT and one tick for source & destination NAT is possible.
Policies can be configured in a more organized way using a section & layered approach.
Application control has all of the required application data to introduce it into policy and the URL filtering works great, although creating regular expressions is complicated.
The software upgrade procedure is very easy; it just needs few clicks & we are done.View full review »
Snr Information Security Analyst at The Toronto Star
Check Point application control is very useful. This blade detects traffic and provides the ability to grant access based on the application and not the port as TCP/UDP can easily grant access for more than what's required.
The Check Point compliance model is also great. We can easily check firewall configurations against any compliance standard. It has made it easy to provide evidence and reports.
Check Point integrates with third-party user directories such as Microsoft Active Directory. The dynamic, identity-based policy provides granular visibility and control of users, groups, and machines and is easier to manage than static, IP-based policy.View full review »
Security Administrator at R Systems
One of the most valuable features is the antivirus. It's very good.
We also now support cascading objects. We didn't support this previously, but on Check Point we do.
The dashboard is quite good, you can explore a lot of features there and it's easy to understand.
It also gives us SSL inspection, which provides more effective mitigation of defects and data leakage.View full review »
URL filtering, Application Control, and the Intrusion Prevention System are the features that almost every client wants to be guaranteed by their security appliances.
Check Point NGFW also generates very helpful reports based on the logs of the activated features, including the features mentioned (URL filtering, Application Control, and the Intrusion Prevention System, as well as anti-bot and anti-spam).
Sandblast is also a great feature, soon to be added to this solution through endpoints.View full review »
Solutions Architect, Cyber Security & Networking team at Expert Systems Ltd
They offer very scalable solutions to extend computing resources if needed. We can expand the capacity in a very short time.
The threat analysis reporting from their management console is very comprehensive and easy to use.
Their web-based dashboard is well designed and offers much out-of-the-box reporting, and provides admins extensive customizations.
In the operational GUI, Check Point provides rich customization methods to allow us to easily visualize/categorize objects in different colors. It makes operating the firewall much easier.View full review »
Senior Consultant at Integrity360
The most valuable elements include:
Smart View Tracker: To check the traffic logs easily. This is the best logging tool for me so far. You can identify almost everything from the logs, using a smart view tracker.
Smart Dashboard: allows for rule creation and administration and management and is user-friendly. The administration allows you to copy and paste rules, move the order, and create objects, pretty easily. It is very handy.
CPUSE: A Smart way to upgrade firewall software versions. You can easily verify if you can upgrade to the desired version, download the right package and upgrade, and also check the status of the upgrade. It's a great tool.View full review »
CTO at a computer software company with 11-50 employees
There are many aspects of Check Point NGFW that are valuable and important to our organization, but I'd say the top three are intrusion detection and prevention, threat emulation, and threat extraction. These three features have set a good baseline of security on top of the normal application URL filtering and other services of the firewall.
The way in which a computer is immediately isolated if it starts behaving badly and I get a notification of an infected computer is also extremely nice and a great feature.View full review »
Principal Associate at Eurofins
The logging and central policy management are the most valuable aspects for us as we were not having success earlier with the ASA in terms of upgrading/managing. We are still exploring more features like IPS and IDS. We hope that these aspects will be a great experience for us as well.View full review »
The threat emulation blade and user identity awareness feature has helped us a lot in terms of perimeter security and have given us granular visibility of user access.
The integration with third-party vendors is quite easy and well defined, which really helps you with the automation.
The integration of gateways with a centralized managed server gives you full control in a single place.
The setup and implementation are quite easy and the logs and reports are elaborative and effective for securing the network.
System Engineer at Infosys
The product provides multiple security layers that build upon each other, from the traditional security policy that is IP and port-based to application security, intrusion prevention, and their latest sandblast cloud-based malware detection.
Everything is easily managed through their Smart Console dashboard. It's a very easy-to-understand dashboard that provides a detailed view. Check Point helps to resolve a lot of problems, such as showing our organization all known threats.
It is easy to deploy and manage.
The product offers a simple Web User Interface.View full review »
Network Security Engineer at Fujairah Port
The most valuable features include:
- Application Control
- SSL Inspection
- URL Filter
- Virus Scanner
- DNS Sinkhole
- File Content Scan (Archived Content)
- Link Protection
- Safe Search
- Anti Bot/Anti-Spam
- Threat Emulation/Extraction
Each and every module provides 100% accuracy.
Their threat emulations and Bot Services are excellent.
Additionally, they have an excellent support team working around the clock. The engineers have excellent knowledge and provide us with a resolution in a very timely manner.
I have been using Check Point technology since 2011 and recently I have deployed new NGFW, the upgraded version, in a cluster along with the management box.View full review »
There are a lot of features that I have found valuable for our customers.
For example, active/active and active/standby high availability features are very useful. If you want to share traffic loads to both cluster members, you can use the active/active feature, whereas if you don't want to share traffic loads then you can prefer active standby. Your connections sync on both cluster members for either highly available choice, so your connections never lost.
One of the most valuable features is performance improvement, wherewith ClusterXL and CoreXL, you can improve performance.View full review »
The most valuable feature is the next-generation firewall (NGFW) protection.
Check Point has long been a leader in the firewall market. It offers Quantum Security Gateways for a wide range of use cases and CloudGuard FWaaS and cloud security products too. NSS Labs scored Check Point just behind Palo Alto in security effectiveness and ahead of Palo Alto in TCO. Check Point’s management features are among the best in the business, but SD-WAN capabilities are lagging.
A firewall rule is the same on all systems, and I am very happy with the correlation and the display of the rules.
From the logs, you can trace back to the rule with a click, which makes it easy to investigate cases. It is also easy to search the log.View full review »
Security Engineer at Netpoleons
The solution's best features include:
- A packet-filtering firewall that examines packets in isolation and does not know the packet's context.
- A stateful inspection firewall that examines network traffic to determine whether one packet is related to another packet.
- A proxy firewall (aka application-level gateway) that inspects packets at the application layer of the Open Systems Interconnection (OSI) reference model.
- A Next-Generation Firewall (NGFW) that uses a multilayered approach to integrate enterprise firewall capabilities with an intrusion prevention system (IPS) and application control.
Cyber Security Consultant at Capgemini
The IPS feature is the most valuable feature. We can block zero-day attacks within stipulated time intervals. The up-gradation activities are much simpler when we are dealing with Check Point firewalls.
If there is a critical issue observed, the Check Point support team can create a custom package that we can deploy on the gateway to mitigate critical issues/bug fixes.
The support reachability is very promising, as we can directly connect with them via call or chat from the support portal.View full review »
Senior infrastructure technical lead at Westpac Bank
Dashboards for rules management and trackers for firewall logs capture are useful.
Traffic flow in Check Point is very structured so that it is easy to understand the path it checks to understand which elements come first and which elements come later.
The smart log compiles from multiple CMAs is an important feature that is very attractive.
The MDM dashboard is very organized compared to other vendors. The use of CLI tools like TCPDUMP and FW monitor are very useful in verifying the traffic logs.
Objects search and tracker logs are useful.View full review »
Senior Solutions Architect at Maersk
The solution has a lot of valuable aspects, including:
- IPS & IDS
- Sandbox (Threat Emulation & Extraction)
- Ease of management
- Reports for analysis
- Better technical support
- Stateful inspection
- Application-aware boxes
- Threat detection capabilities
Data loss prevention, compliance, threat emulation, and other blades overall make this a robustly unified platform for the implementation and management of security controls.
Since it is Layer 7, we are able to get down to the application level and block certain applications from even running.
Since it has an IPS in place, we are able to see possible attacks that have been prevented by the firewall.View full review »
Check Point is very strong as compared to the other vendors in the market.
The solution offers a very good centralized management console.
It works well even for small deployments.
The perimeter security is excellent.
It works well even for cloud environments and has been very useful during COVID when people weren't necessarily in the office.
The creation of policies is simple. It's easy to configure them when we need to.
We have found the troubleshooting process to be very easy and helpful.
The GUI is simple and straightforward.
The sandbox environment on offer has been great.
The support has been super-helpful. They've always been great, even at a pre-sales level.
The initial setup is very straightforward.
One of the most valuable features is the data center object integration with Azure. We are using Azure a lot and there is very nice synchronization between the objects in Azure, and it's very easy to implement rules using this feature.
Other valuable features include:
- the VPN — it's quite easy to configure it and it provides us with an easy way to interconnect our sites.
- the CLI, for automating things
- it is very easy to manage, to make backups, and to configure
- the support and the graphical user interface.
What gives me the most value is undoubtedly the security that the anti-bot and anti-virus blades provide. With the automatic updates of signatures, I am always protected against new threats. The identity awareness blade helps me to have better control and organization over unauthorized access of my users onto exclusion sites such as social networks. In the DMZ it allows me to control administrators with access to highly important networks such as servers, developments, etc.View full review »
Network at financial sector
I enjoy the application control for user traffic control to the internet and the tcpdump command for troubleshooting.
When applying application control, we can ensure user access to the internet in accordance with company policy and easy implementation if some users need exception access.
There is an easy troubleshooting network connection via logs and monitoring menu. We often use this menu for checking connections and if the traffic is not in the logs menu, we can use the tcpdump command from the ssh session to the gateway. It's the fastest way to troubleshoot.View full review »
The product is very easy to use.
It's quite a stable solution.
The scalability is very good.
The solution is easy to install and deploy.View full review »
Project Manager at a financial services firm with 10,001+ employees
The most valuable feature of Check Point is the Centralized Management (MDS) and Virtualization (VSX) for the firewalls. Using these features provides enhanced security with reduced cost across different domains and tenants with complete segregation from the policies database and a user traffic perspective. Using these features is proving to be scalable as things are virtualized and the resources can be increased or decreased as per the demand or usage from a project perspective.View full review »
L A D
Cloud Support - Security Admin at a tech company with 1-10 employees
The characteristic that has caught our attention the most is its easy implementation in Microsoft Azure. Under a template, the tool can be provisioned with the best practices. Its licensing can be BYOL or PAYG through Microsoft Azure where it can be licensed on a monthly basis.
The different implementation options create wide variability for users.
This security tool is also up-to-date against the most modern threats, constantly being updated globally to provide intelligence accumulated by other devices worldwide to combat computer insecurity.View full review »
The most valuable feature is the centralized management, which gives us control over all of the Check Point gateways. This means that you do not need to connect to each gateway and make the necessary changes.
Cluster functionality, "ClusterXL", works like a charm. A rollover to the standby gateway does work with no noticeable delay in the network.
You can buy a Check Point appliance or install the Check Point NGFW as a VM on your own hardware.
The extremely wide function horizon covers almost every possible scenario.
Senior Infrastructure Technical Analyst at https://www.linkedin.com/in/robchaykoski/
The management interface is well designed and easy to understand. It reduces the time for deployment, changes, and onboarding new customers.
The logging facility is amazing and gives great insights into traffic. Although Event Management is also amazing, it can be cost-prohibitive for other companies to onboard.
The ability to deploy VPN communities makes onboarding new sites easy. Multi-site configurations can be deployed with very little oversight and with minimal additional work after the initial deployment is successful.View full review »
Check Point has a centralized console that makes it possible to manage all the deployed equipment. It also has a built-in VPN service that lets users connect through VPN to our organization, which facilitates teleworking while cutting off unauthorized access to the organization's internal network.
We really liked the simple implementation. The use of web filter blades that adjust to what we needed has been great. The VPN being able to monitor was perfect for our purposes while having enough granularity on the part of application control and web filter.
The small Check Point FW was adjusted to the branch. Its size does not limit the great power of perimeter security that this technology provides.
Another very good feature is its support for WiFi. The device card is prepared to provide this functionality.View full review »
There are a lot of features that I found valuable for our customers.
For example, active-active and active-standby high availability features are very useful.
If you want to share traffic loads to both cluster members you can use the active-active feature, if you don't want to share traffic loads you can prefer active standby. Your connections sync on both cluster members at both high availability choices. That way, your connections are never lost.
Another valuable feature is performance improvement ability. With ClusterXL and CoreXL you can improve performance.View full review »
The URL filter is activated to filter access to our employees. We use filtering for VPN access.
The configuration is one of the best features of this product.
When this product was purchased approximately 12 years ago it was the top of the line.
The product has been working very well.
I don't have any issues with the software of this solution. It works as is expected.View full review »
Senior Technical Specialist at NTT Security
Check Point Endpoint anti-malware benefits include:
- Improves user productivity and frees up system resources
- The industry’s fastest malware and anti-virus scan and boot time
- The smallest memory and disk footprints
- A single-console centralized management
- Prevention of malware from accessing endpoints with a single scan
- Malware identified using signatures, behavior blockers, heuristic analysis
- Protection automatically updated with optional Program Advisor Service
- A knowledge base of more than one million trusted or suspicious programs
- Integrated into Check Point Software Blade Architecture
- Flexible licensing options—annual or perpetual
- Centrally managed and deployed
- Activate anti-malware and application control on any Check Point security gateway
Firewall Engineer at a logistics company with 1,001-5,000 employees
Generally speaking, all features are well documented and the two platforms help with configuration. Documentation and knowledgebase articles in the user center as well as user recommendation within the forums are great. The Admin Guides are really well documented, but it's a lot to read.
Check Point helps a lot with automatization which definitely reduces the effort to maintain the environment. The best example would be the CDT tool which helps with decreasing the amount of time for upgrading whole environments.View full review »
Check Point's rule management helped us simplify access control. At one point, we had more than 1,000 access control policies, and it was challenging to manage them all. We cut it down to 300 policies using Check Point's management features, and we are still working on reducing this further to achieve the best way to manage policies. Its logging and monitoring enable us to trace and investigate suspicious traffic.
IT Consultant/Engineer at a computer software company with 11-50 employees
We found a very successful implementation of the virtual private network client, since, for some time now, everyone has been working from home. With the firewall from Check Point, this function is implemented very conveniently and securely.
A convenient new version of the firewall management console, which, starting with the R80 version, has become standard for many Check Point blades, however, unfortunately, not for all. You still need to use older consoles to manage some features. For example, to access the monitoring blade, I need the old console, but the new console should start it.View full review »
Jr. ISO at BancNet, Inc.
The following features are most valuable:
- Threat prevention
- Malware prevention
Network, Systems and Security Engineer at SOLTEL Group
I think that the most valuable feature is the prevention of known and zero-day threats because they are constantly trying to access your company and compromise its data. It is very important to have your solution always update for this.
I think that another important feature is that it is a cloud solution. More and more companies have all of their systems in the cloud and the threats are pointing here.
The features that a next-generation firewall includes are application and user control, integrated intrusion prevention, advanced malware detection such as sandboxing, and leverages threat intelligence feeds.View full review »
Service Manager Datacenter LAN
QoS, Anti-Bot, IPS, and Application Control are the main features we're using.
The QoS blade is very good for controlling traffic such as Windows patches, mail traffic and other stuff. In the past, sometimes we had no control and couldn't help when too much traffic had occurred.
Anti-Bot is great at preventing our clients and corporate network from calling the central control.
IPS is good in protecting our systems in DMZ zones when patching of servers sometimes can't be done.
Application control for controlling Cloud Apps like MS Teams, M365 Apps, or others, is perfect. Previously, we had only IP Lists for stuff like this.View full review »
Network administrator at IHSS
The sandbox feature is great.
The Sandblast blade is a very powerful solution that works against archives infected with ransomware.
The anti-malware is quite effective as many applications can be infected with any kind of malware with the goal of interrupting the productivity of our work equipment.
The reporting is great.
With this solution, we have had many kinds of logs and a very friendly way to view them. Now can we know what is happening within the network's traffic.
The performance has been very good.
This security solution has grown more options and has expanded slots, including RAM slots, Optical Fiber slots, and various other features.View full review »
Security product manager at RRC
It is easy to use, and its management is the best. Check Point has a great unified management solution for firewalls and security products.View full review »
In addition to the different security features that Check Point security solutions have, their integration with other technologies makes the security environment a complete security type.
Apart from the technological and innovative solution, a point in favor of Check Point is the support provided by the manufacturer, since over time, we have not had any case that is not resolved, they have a good escalation process and highly qualified staff.
The process of opening a case has different options that are convenient.View full review »
System administrator at BINDER GmbH
If you have an HA Setup you will have zero downtime. Teams and VoIP traffic will also not get stuck; you would notice anything while switching to the backup module.
The quality of the patches and hotfixes is great. We never had any issues during or after patching. All patches and hotfixes are well documented and if you have any issues the KB is very helpful.
The log is very clear and can be filtered very easily. If you need to analyze not only the connection you can use the CLI to dump TCP packets.
The activation of additional features is very easy and well documented.
We like the SecureXL, CoreXL, and Multi-que. Using these features improved the performance of the gateway at a more granular level.
The Smart View Event monitor is great. You can see the real-time events on the firewall - including remote access VPN usage.
The smart licensing is great. It's easy to generate the license and apply it on the gateways.
The solution offers very good anti-virus and anti-spam capabilities. It's good security on the network.
Threat Prevention and Sandboxing are useful to have. We're protecting the network from zero-day vulnerabilities and securing the network from the latest cyberattacks.View full review »
Cyber Security Consultant at Capgemini
It provides an SSL inspection facility. The SSL/TLS protocol improves the privacy and security of traffic by wrapping network communications in a layer of encryption and applying robust authentication. While this is a major benefit for data security, cyber threat actors also use SSL/TLS to conceal their activities on the network. An NGFW must go beyond signature-based detection to use technologies capable of detecting and remediating novel and zero-day threats.
Sandboxing (including static, dynamic, and behavioral analysis) is great.View full review »
Security Solution Architect
On the firewall side, the security efficacy is good. The interface for application filtering and application-based policies is also good. They have good roadmap on the cloud as well.View full review »
Senior Solution Architect at a comms service provider with 51-200 employees
The most valuable feature of Check Point NGFW is the unparalleled distribution of the network traffic. The central management station they have allows you to manage everything from one place.
Security Manager at FPT
I like the SmartEvent feature. When we see a threat, SmartEvent can create a rule for that. SmartEvent works with the SmartCenter to block a threat attack with a block monitor. The SmartCenter has the management for all the firewalls and data centers in a single dashboard.View full review »
VPN, firewalling, and virtual patching are the most valuable aspects for me. The NGFW is so effective that I can go to sleep and vacation. Check Point products rarely have vulnerabilities that put the whole organization at risk, unlike some other firewall products.
The VPN tunnels are very effective in terms of stability and quick connection.
Virtual patching is useful as a workaround for zero-day vulnerabilities.
It offers excellent filtering of URLs.
All of the features are very valuable, but the most valuable features are the sandboxing and the advanced IPS/IDS.View full review »
ANDRES FELIPE GONZALEZ LUGO
PROFESIONAL GESTIÓN TIC at GOBERNACIÓN DEL TOLIMA
The most valuable aspects of this product include:
1. Scalability. It has allowed us to grow in a safe way and in accordance with our particular needs.
2. Support. The attention of both the distribution channels and the manufacturer has allowed us to count on the help needed in critical moments and in an easy way.
3. All in One. This product contains all the services we require for the protection of our entire infrastructure, including also end-users who are most vulnerable.View full review »
Information Technology Security Specialist at AKBANK TAS
In my company, there have between ten and 15 firewalls on-premises, and if I want to configure or push the same configuration to all of the firewalls, then the centralized management system is easy and very helpful.
It is difficult to convey the end-user experience. However, in general, administrators can get used to the interface and start working quickly. Especially after Revision 81.10, I can say that everything became more stable and faster in terms of management. It should be said that it does quite well on the DDOS side.View full review »
The features that I have found most valuable are its flexibility and user interface. This is already a well-established product in the market for quite a long time, more than 20 years. They've got a huge customer base.View full review »
Network Security Engineer at R Systems
The most valuable feature is that the scalable 64000 Next Generation Firewalls are designed to excel in large data centers and the telco environment as well. We have a lot of these types of customers, and these Check Point firewalls support them.
- it supports dynamic objects, which we use for security purposes
- the antivirus is quite effective
- the logging and tracking are quite easy
- overall, it is easy to use.
VSX helps to reduce the physical footprint on datacenter racks.
The SmartView monitor and SmartReporter help us to monitor and report on traffic.
Centralized management and management high availability give the ability to manage firewalls in a DR scenario.
Features such as the ability to simultaneously edit the rule base by multiple admins and revert to a previous rule base revision are very useful.
Having a separate appliance for logging helps us in meeting the security audit requirements, without having an overhead on management.View full review »
Senior Security Specialist at Tech Mahindra Limited
The SAM database, URL/application filtering and IPS, Data Loss prevention, VPN and mobile device connectivity, stateful packet inspection, and unified management console are all useful features.
It allows us to avoid having to go and log in to each firewall device for creating the rules as it can be done from its central console. We can manage all the firewalls and create rules and deploy them through the smart console which is really good. It helps us avoid creating the same object in each firewall.
Its auditing features are also good for checking who did what changes and when.View full review »
Network Security Administrator at a financial services firm with 10,001+ employees
The best features are the stability and the performance of the firewall and its software blades, simplicity to write the firewall rules on its GUI, and its logging capabilities.
The firewalls are working stably, without any interruptions. As we planned our capacity well, we've never had any performance issues.
The firewall rule writing and object creation are the best and simplest I've seen on a firewall (I've looked at 6 different vendors). I often wonder why the other vendors don't do it Check Point's way.
To see the logs, we can search like a search engine, and we can combine different search strings to pinpoint the interesting traffic.View full review »
Director at TechPlayr
We have not had any issues with the firewall.
Support is good and it's centralized architecture.View full review »
IT Manager at a tech services company with 5,001-10,000 employees
The solution is great for cyber attack prevention, data bridges, and other threats. You need intelligent and effective solutions to minimize cyber attacks and Check Point gave me peace in December when they had an unidentified log4j vulnerability.
Our main benefit was the elimination of a server/VM from our data center and the usage of a cloud solution.
Having all the features on the cloud was also a benefit since some products when migrated to cloud solutions lose some features - but not his one.
The setup is a little bit rough and requires some technical expertise, however, this is expected with a solution as complete as a firewall and especially a Check Point one.
Network Engineer at Fujairah Port
The initial sizing is not a problem. You can easily add more resources if needed. Reliability is a major factor in any hardware or software solution, and Check Point uses cutting-edge hardware. Their software upgrade process is flexible for different deployment requirements.
Their threat analysis reporting in their management console is comprehensive and easy to use. The web-based dashboard is well designed and offers a wide variety of out-of-the-box reporting. It offers admins extensive customization.View full review »
Solutions Architect Infrastructure and Security at a retailer with 1,001-5,000 employees
Check Point is awesome from a security standpoint. Based on our experience and also the experience of the other customers, it is a very stable appliance.View full review »
The management console offers excellent visibility of all security options and configurations, also showing all the traffic from each user.
Once you're working on a specific action, the interface will pop relevant information around past actions contradicting the new policy, showing you strictly where potential threats may come from.
Admins and executives are more at ease with the compliance engine within the software as it measures how many of the security requirements we're compliant with, making their work much more accessible from that standpoint.View full review »
URL filtering and anti-malware protection at=re the most useful as those can mitigate many malicious events and make connections between users and the internet safe. It's faster with the load balancing method and supports a round-robin algorithm. This firewall in our environment has high availability or cluster system which makes our availability higher, especially for business continuation plans. Support for troubleshooting and maintenance cases is great. They are very helpful and fast at solving many problems.View full review »
Head of Technology at African Alliance Plc.
The firewalling feature and the VPN functionality are excellent. With the firewalling functionality, I have been able to ward off intrusion from outside the network. With the VPN functionality, I have been able to allow secure remote connections from external customers and staff.View full review »
Project Manager at SANDETEL
The most valuable feature in my opinion is the powerful deep packet inspection engine. This engine provides me with a great capacity to control the traffic generated by my users and provides our company with a very real vision of the use that users make of the network.
The reporting capability is very important as we are able to show the company management the benefits and the return on investment, in terms of securing our network.View full review »
IT Security Officer at a tech services company with 1,001-5,000 employees
Deep packet inspection, Layer 7, and application layer monitoring and detection are the great features of Check Point Next-Generation Firewalls. They greatly improve and protect an organization, its staff, and its resources.
Check Point's SmartConsole is a great tool for admins as all firewalls can be centrally managed and all policies can be pushed as and when required by using SmartConsole. Log ingestion and threat hunting are also great functions in Check Point firewalls that enhances and improves a security posture.View full review »
Chester at Iocane
Management integration is holistic as centralized management has been core to the solution for decades. Where other vendors have bolted management on over time, Check Point has always made it central to everything that they do.
I find that this is one of the most significant and valuable features of Check Point. In addition to that, many new features that eventually become the standard across the industry end up being first introduced by Check Point - sometimes years ahead (such as Threat Extraction which allows active content to be stripped from files being downloaded and a "clean" copy to be provided in near real-time, while sandbox inspection is being performed).View full review »
The solution interface is good. It has three different ones: the NGFW, the Endpoint, and Harmony Mobile.View full review »
System Analyst at a comms service provider with 51-200 employees
The product offers excellent security. How open they are with new risks and new vulnerabilities is very helpful in the task of keeping our company safe from malicious attacks.
Newer versions are much more stable.View full review »
Engineer at a manufacturing company with 10,001+ employees
We are using the classic firewalling, the Intrusion Preventions System (IPS) and we also use Check Point Identity Awareness. The most useful feature is for sure the classic firewalling, however, we could get this feature also from other vendors. The most valuable feature is the highly integrated NGFW features such as the IPS or Check Point Identity Awareness, which makes Check Point the best choice on the market. They have been leading the market for 20 years. This is deserved, in our opinion.View full review »
I do like that this solution is a very robust firewall.
It's very stable.
The product is well supported. The solution is very scalable.
Technical support has been quite good.View full review »
Senior Cyber Security Consultant at Yapi Kredi
Check Point Next Generation Firewalls have numerous blade options such as Anti-bot, IPS, and URL filtering. In most cases, one box could be sufficient to use all these blades. You can manage all these blades from a single console. This feature lowers your administrative workload.
If you have comparatively small branch offices, in addition to administrative workload, instead of spending money for security products such as proxy or IPS, Check Point Next Generation Firewalls could meet your requirements.View full review »
IT Security Manager at a retailer with 10,001+ employees
Check Point NGFW is easy to use, flexible and provides good performance. The security of the product is excellent, we do not have to do a lot of patching or upgrades because of vulnerabilities.View full review »
Analista de suporte at NTSec
The management in Check Point is exceptional. The Smartconsole feature centralizes the management features, reports, log visualizing, rules, objects, et cetera.View full review »
System Security Engineer at Ziraat Teknoloji
The most valuable features are IPS and Antivirus.
The Blades work fine and the performance optimization is great.View full review »
Executive at a computer software company with 11-50 employees
The most valuable features for us are the solution's identity awareness and intrusion prevention.
The solution is very stable.
We have found the solution to be scalable.
Technical support is very good.View full review »
I like the facility of the product configuration. The ease with which the solution can be put into production makes it easy for my employers and for me to provide client support.View full review »
The user interface is very good.
The level of security is excellent. It protects our organization well.
It's a good overall product and we have a high level of satisfaction with the features on offer.View full review »
The separate management feature of Check Point NGFW is very convenient.View full review »
Executivo de NegÃ³cios de TiC at a comms service provider with 10,001+ employees
My customers cite performance and ease of configuration as two of the solution's most valuable features.View full review »
Engineer at CENACE
I think the most valuable feature is that the application and configuration were easy for us. When we need to do some work with the networks, configuration and deploying are easy - if I want to search for information, it is easy in the Check Point platform.View full review »
The management of the firewall and advanced routing is great. It's easy to use and troubleshoot.View full review »
Co-founder & CTO at a tech services company with 11-50 employees
The firewall and IPS are the most valuable features of the solution.View full review »
Chief Information Security Officer and Founder at a insurance company with 201-500 employees
Check Point provides very good performance with many solution options and many kinds of modules.
General Manager with 51-200 employees
The most valuable feature of Check Point NGFW is it is a complete solution for protecting not only the network but the applications. Additionally, it provides a hybrid cloud solution.View full review »
Sales Specialist-Network Solutions at a tech vendor with 51-200 employees
Check Point has strong security features as well as some decent monitoring and management capabilities.View full review »
Senior Cluster Manager at Bajaj Finserv
The solution boasts a host of features that we like.
Business Development Manager - Security at a computer software company with 201-500 employees
Check Point offers excellent security.View full review »
The most valuable feature is the powerful, deep packet inspection engine.
The management console and diagnostic tools are powerful and we are happy with them.
The reporting is detailed and helpful.View full review »
I have worked for several years with the Check Point platform (NGFW) and it is by far the most stable in hardware and software.
It is a very friendly platform and easy to configure. It is true that it is a bit expensive (according to the required blades), however, it is a platform that is worth having as security in a corporate environment.View full review »