Check Point NGFW OverviewUNIXBusinessApplication

Check Point NGFW is the #4 ranked solution in best firewalls. PeerSpot users give Check Point NGFW an average rating of 9.0 out of 10. Check Point NGFW is most commonly compared to Fortinet FortiGate: Check Point NGFW vs Fortinet FortiGate. Check Point NGFW is popular among the large enterprise segment, accounting for 56% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 19% of all views.
Check Point NGFW Buyer's Guide

Download the Check Point NGFW Buyer's Guide including reviews and more. Updated: December 2022

What is Check Point NGFW?

Check Point NGFW is a next generation firewall that enables safe usage of internet applications by blocking malicious applications and unblocking safe applications. Check Point NGFW, which uses deep packet inspection to identify and control applications, has features such as application and user control and integrated intrusion prevention (IPS), as well as more advanced malware prevention capabilities like sandboxing.

Check Point NGFW includes 23 firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance.

Benefits of Check Point's Next Generation Firewall

  • Robust security: Check Point NGFW delivers the best possible threat prevention with SandBlast Zero Day protection. The SandBlast protection agent constantly inspects passing network traffic for exploits and vulnerabilities. Suspicious files are then emulated in a virtual sandbox in order to detect and report malicious behavior.

  • Security at hyperscale: On-demand hyperscale threat prevention performance provides cloud level expansion and resiliency on premises.

  • Unified management: Check Point's SmartConsole makes it easy to manage and configure network security environments and policies. With the SmartConsole, users can manage all the firewall gateways and access logs and install databases from one location. Unified management control across the network increases the efficiency of security operations and reduces IT costs.
  • Continuous logging: Check Point NGFW’s Threat Management feature detects vulnerabilities and logs them. Using the logged data, users can easily create and implement efficient security policies.

  • Remote access: The remote access VPN provides a seamless connection for remote users.

Check Point NGFW is suitable for organizations of all sizes, from small businesses to larger enterprises.

Reviews from Real Users

Check Point NGFW stands out among its competitors for a number of reasons. Two major ones are its intrusion prevention feature as well as its centralized management, which makes it very easy to deploy firewall policies to many firewalls with one click.

Shivani J., a network security administrator, writes, "Check Point has a lot of features. The ones I love are the antivirus, intrusion prevention, and data loss prevention."

G., a network administrator at Secretaría de Finanzas de Aguascalientes, writes, “Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution. The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters.”

Arun J., a senior network engineer, notes, “The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them.”

Check Point NGFW was previously known as Check Point NG Firewall, Check Point Next Generation Firewall.

Check Point NGFW Customers

Control Southern, Optimal Media

Check Point NGFW Video

Archived Check Point NGFW Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
IT Infrastructure & Cyber Security Manager at a retailer with 501-1,000 employees
Real User
Enables us to identify attacks and communication with malicious sites and to remediate these issues
Pros and Cons
  • "The features that are important include: IPS, sandbox, SandBlast, Anti-Bot, and URL filtering."
  • "In terms of new features, maybe it would help if we could start to manage all the stuff in the cloud and not in the on-prem servers. The management side could also be faster when you install policies. But other than that, I'm satisfied."

What is our primary use case?

We have two clusters. We are using them as both perimeter firewalls and data center firewalls.

How has it helped my organization?

In the past few years, we encountered attempted attacks on our company and we succeeded in finding that we were those attacks, or that some user or workstation was communicating with malicious sites. Without the Check Point Next Generation Firewall, we wouldn't have had the tools to identify these things and to remediate the problems.

What is most valuable?

A firewall is a firewall. It's a Layer 4 machine that blocks or allows traffic for ports. That's the basics and we don't need a next-generation firewall for that. But the features that are important include:

  • IPS
  • sandbox
  • SandBlast
  • Anti-Bot
  • URL filtering.

A basic firewall is a basic firewall. You don't need Check Point and you don't need Palo Alto or the other vendors to block ports from source to destination. But we need the advanced features of this product to give us the visibility into, and the security and protection from, scenarios that are not the usual source-to-destination attacks. The solution needs to understand what the connection is, what the behavior of the connection is, and what the reason for the connection is. It can't be a stupid machine. It needs to know that if you're allowing port 53 from source to destination, that it has to check and give us the information that this communication is legitimate, and not something that is malicious.

What needs improvement?

We just upgraded to the latest software version of Check Point so we have a lot of new stuff to learn. The older version had a little bit of a problem with identity awareness and with HTTPS inspection with the visibility of the logs, and the implementing of rules. But as far as I can see now, with the new version, most of the problems were fixed.

In terms of new features, maybe it would help if we could start to manage all the stuff in the cloud and not in the on-prem servers. The management side could also be faster when you install policies. But other than that, I'm satisfied.

Buyer's Guide
Check Point NGFW
December 2022
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
655,774 professionals have used our research since 2012.

For how long have I used the solution?

I've used Check Point NGFW firewalls for more than eight years.

What do I think about the stability of the solution?

In all the time I've been using Check Point there have been no major issues or problems. It's a very stable environment and a very stable solution, in my experience.

What do I think about the scalability of the solution?

We have around 600 to 700 endpoints, workstations, points of sale, and mobile devices. We also have about 200 servers, a WiFi environment, and a networking environment that is not small. We have implemented it 100 percent but, because of the Coronavirus, the company itself is not 100 percent capacity.

For now, we have implemented everything that we wanted and the firewalls are working 100 percent. There are no plans in the near future to grow. Of course, if everything goes back to normal, maybe we will grow.

There are no problems for us in terms of scalability because we're not working at full capacity. We designed the new solution to give us the resources that meet our needs for the moment and for the future. There is no problem with scalability and we can add new firewalls, or replace what we have with bigger firewalls. Everything is okay in terms of scalability from our side.

How are customer service and support?

We continue using our partner for resolving problems and doing the changes that we need. That is the way that most vendors are working. First of all you need a partner and then the partner will open up a case with Check Point.

But one of the best things about working with Check Point, especially here in Israel, is that there is a direct line to the support, because we have such a good relationship with them, to speed things up.

The support is fast, professional, and thorough. Those are the most important things when you have a problem. If we need to call for support from either our partner or Check Point, we get a quick response and, usually, a fast resolution of the problem.

Which solution did I use previously and why did I switch?

We migrated from Check Point to Check Point

How was the initial setup?

It was really pretty straight forward because we upgraded from an older Check Point product. The installation and the assimilation of the new firewall was very quick with almost no downtime and almost no problems.

We deployed four firewalls in two clusters and, all in all, it took about one day of work; half a day for each side. That includes the installation, the configuration, and the exporting of the configuration from the old system and, of course, all the fixes and patches.

On our side there was one person involved in the initial setup, just to make sure that everything was going okay and, after the installation, to do all the checks and verify that everything was working fine and as needed.

What about the implementation team?

We deployed it with the help of a partner, called Spider Solutions, here in Israel. Our experience with them was good. The technician that came here to install the firewalls was professional and thorough. Everything went according to plan, with no issues.

The whole initial setup was done by the partner and our role was more oversight to see that everything was okay and to give the information that was needed to proceed.

What's my experience with pricing, setup cost, and licensing?

The pricing in this category is a jungle, but Check Point was very competitive. They were very forthcoming and agile for our budget needs.

Which other solutions did I evaluate?

I have checked a few other vendors and solutions but, in the end, Check Point is the best candidate for our organization. That's true technology-wise and because of the support. Because Check Point is an Israeli company, it's very easy to get help very fast. We speak the same language and that helps as well. Doing support in Hebrew is very helpful for us. 

Other vendors were either more expensive or, to get some of the features, we would have had to upgrade to a bigger, stronger, and more expensive machine. But with Check Point, that wasn't the case.

What other advice do I have?

Check this solution and see how it fits with your organization. See how easily you can manage and control the environment. The visibility and the management provided by the product is one of the most important things, other than the security features that the product has. And check the sizing carefully. Check that the machines you're going to buy are sufficient for your current needs and the future needs of your organization.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Senior Network Engineer at a tech services company with 1,001-5,000 employees
Real User
The central management system allows us to manage multiple firewalls simultaneously
Pros and Cons
  • "The Threat Management feature makes it very easy to detect the vulnerabilities and other factors. We can make new policy according to it. Policy creation is very simple in Check Point. Because the logs are very good in Check Point Firewall, this reduces our work with the reports that we are getting from the Threat Management. It is very convenient for us to use the reports to make new policies for security and other things."
  • "The training for Check Point Firewall should increase, including the number of Training Centers. For most new people in our organization, we have to provide them training from our end, as they are not trained in Check Point Firewalls. So, we have to do the training, from our point of view, to make our engineers able to use Check Point Firewalls. However, with other firewalls, they are already trained, so we are not require to provide them training. This could be improved by the Check Point Community."

What is our primary use case?

We use the solution to protect our organization and workers from the outside Internet or any untrusted network.

We have the three-tier architecture of Check Point. We use its consoles, central management system, and firewall device for managing it. This three-tier architecture is recommended by the Check Point Community.

How has it helped my organization?

We protect our internal customers using Check Point Firewalls by providing them security as well as detecting vulnerabilities. 

What is most valuable?

The most valuable feature would be the central management system of Check Point because we can manage multiple firewalls through it at the same time. It doesn't matter the location.

I also like the advanced Antivirus feature of Check Point.

The Threat Management feature makes it very easy to detect the vulnerabilities and other factors. We can make new policy according to it. Policy creation is very simple in Check Point. Because the logs are very good in Check Point Firewall, this reduces our work with the reports that we are getting from the Threat Management. It is very convenient for us to use the reports to make new policies for security and other things.

It is very user-friendly.

What needs improvement?

The training for Check Point Firewall should increase, including the number of Training Centers. For most new people in our organization, we have to provide them training from our end, as they are not trained in Check Point Firewalls. So, we have to do the training, from our point of view, to make our engineers able to use Check Point Firewalls. However, with other firewalls, they are already trained, so we are not require to provide them training. This could be improved by the Check Point Community.

For how long have I used the solution?

I have been using it for the past six years.

What do I think about the stability of the solution?

The Check Point Firewall is stable. 

The updates that we get are also very stable. We haven't found any stability issues in the updates at all. Features, like the Antivirus, are updated with almost every release and done on a frequent basis.

What do I think about the scalability of the solution?

The scalability is very good for Check Point Firewall. It is very easy to increase. For example, during the COVID-19 period, we increased our deployment on an emergency basis, and it was very easy.

My organization has around 4,000 people. 

For Check Point, we have a team of around eight people who manage it. We are basically a team of senior network engineers.

How are customer service and technical support?

The tech support is very good for Check Point. We get straightforward solutions for it every time, and they do not take a lot of time since we have to resolve the cases quickly in a live environment. So, they are very helpful and capable.

Which solution did I use previously and why did I switch?

We are also using Cisco ASA, and we have been thinking that we need to go with Cisco or Check Point. At last, we have decided to go with Check Point because of its advanced features.

How was the initial setup?

The initial setup was very straightforward. We didn't have many problems.

The deployment part took around nine to 10 months. We completely planned the deployment before doing it. Since we already installed Check Point Firewall in multiple branches earlier, we used those same plans to configure it.

What about the implementation team?

We didn't require any external help for the deployment. Our R&D and tech were capable of doing it. Our deployment team consisted of six to eight people, working in different shifts, to configure it.

What was our ROI?

Overall, it is a good cost saving product. We do not have to purchase additional hardware for it, which is a good. This saves us 10 percent in costs compared to Cisco.

The solution saves us about 20 percent in our time, which is substantial.

What's my experience with pricing, setup cost, and licensing?

The price could be decreased, because the competitors of Check Point Firewall are giving lower prices in comparison.

The licensing part is something that is very easy to do in Check Point Firewall. We just need to purchase the license, then we have to write the keys in while installing it. The good thing is that it is an easy process to update the license.

Which other solutions did I evaluate?

We are also using Cisco ASA and FTD. The problem with Cisco ASA is the GUI is missing, while the GUI is good for Check Point Firewall. Apart from that, in Check Point, there are advanced features, like Antivirus and Threat Management, for which we do not require other hardware, where it is required for Cisco ASA Firewall. So, Check Point provides us a cost savings in that way.

The central management system of Check Point is missing in Cisco ASA. This is a good feature because it saves time. We can use it to manage multiple firewalls through one central management device. It is also easy to use.

We are slowly eliminating Cisco ASA and using more Check Point Firewalls, bringing more Check Point Firewalls into our environment.

I have also used Palo Alto, but the organization is using Check Point because they have more confidence in things like Check Point's stability factor. However, more people are trained to use Palo Alto.

What other advice do I have?

Get good training on Check Point, which is very rare to obtain at this point of time. Before implementing or deploy the product, you should be trained properly so you know all the features. It has heavy features in terms of quantity. You should know about each feature before using or deploying it.

I would rate the solution as an eight out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Check Point NGFW
December 2022
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: December 2022.
655,774 professionals have used our research since 2012.
Sr. Network Engineer at a tech services company with 51-200 employees
Real User
Saves a lot of manpower with its centralized management feature
Pros and Cons
  • "It has various features, like Threat Prevention and Antivirus. It is easier to use and have knowledge of a single device rather than multiple devices/technologies when doing an installation. It is also easy to use because of having Antivirus and Threat Prevention features within the same firewall."
  • "I would like the user interface to be more user-friendly. I want the UI to be easier to use than Check Point's competitors."

What is our primary use case?

We are using this solution for the security enhancement of our internal company network. This is to protect our customers as well as internal users from the untrusted network or outside world.

I am using the physical appliances of Check Point Firewall as well as virtual machines (VMs). We are using the same versions of R80 on our VMs that we are using for our physical appliances.

How has it helped my organization?

It saves a lot of manpower. If we have centralized management, then we do not require as many members on our team. So, this is a cost saving feature. If there wasn't centralized management, we would need 30 members instead of 11 members for our team. 

What is most valuable?

The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them. 

It has various features, like Threat Prevention and Antivirus. It is easier to use and have knowledge of a single device rather than multiple devices/technologies when doing an installation. It is also easy to use because of having Antivirus and Threat Prevention features within the same firewall.

What needs improvement?

I would like the user interface to be more user-friendly. I want the UI to be easier to use than Check Point's competitors. 

For how long have I used the solution?

We have been using this technology for the last four years.

What do I think about the stability of the solution?

Check Point is the one of the most trusted vendors in the market. All the Checkpoint Firewall updates are very nice. We get the updates every months, and they are very stable updates.

What do I think about the scalability of the solution?

The solution is very scalable. It is easy to expand it, if required. and doesn't take too much time. It also doesn't require too much manpower.

There are 2000 to 4000 people who are indirectly using Check Point Firewall.

How are customer service and technical support?

It is always a good experience to work with their technical support. They are knowledgeable, always finding a solution. If we send them a bug, they fix it as soon as they can. 

Which solution did I use previously and why did I switch?

I previously used Cisco ASA Firewalls for network security. 

Check Point is more advanced in comparison to Cisco Firewall. It has many good features, like central management, Threat Prevention, and Antivirus included in one device. With Cisco, we didn't have that.

How was the initial setup?

The setup is straightforward, not complex; it was a simple setup. For the physical firewall, we just required a physical appliance, then we set it up according to our requirements. We had the complete setup guidelines. We used the three-tier hierarchy, which is standard and recommended for Check Point. We could also purchase service from Check Point to assist with the setup process. So, it was a good experience.

Our deployment took six to eight months.

What about the implementation team?

We didn't require Check Point's help during deployment. After deployment, we did require their help for critical cases.

What was our ROI?

This product provides a complete return on investment. It gives us the level of security that we expect and should have.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing part is something that could be improved. Check Point license and pricing are a bit higher compared to competing firewalls. I think they can work on that.

Which other solutions did I evaluate?

We didn't require an evaluation process. We knew that we had to go for Check Point.

What other advice do I have?

I would rate the solution an eight out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Senior IT Manager at a mining and metals company with 501-1,000 employees
Real User
Offers a lot of flexibility and packet inspections have been a strong point
Pros and Cons
  • "The packet inspections have been a strong point. Our identity collectors have also been helpful. In many ways, Check Point has been a step up from our SonicWalls that we had in-house before that. There's a lot of additional flexibility that we didn't have before."
  • "The VPN setup could be simplified. We had to engage professional services for that. That's not a problem, but compared to other products we've used, it was a little more complex."

What is our primary use case?

Our primary use cases for Check Point NGFW are for perimeter security and content filtering for browsing behavior.

How has it helped my organization?

We have a lot of flexibility now and a leg up identifying zero day threats. We have multiple ways of doing policies now that we didn't have before. The options are more robust over previous products and I would say that we're pleased with the product. The reports I'm getting are that we're satisfied, even impressed, with the options Check Point offers.

What is most valuable?

Packet inspections have been a strong point. Our Identity Collectors have also been helpful. In many ways, Check Point has been a step up from our SonicWalls that we had in-house before that. There's a lot of additional flexibility that we didn't have before.

We saw a noticeable performance hit using SonicWalls. Whether it's because we've provisioned the Check Point gateways correctly from a hardware standpoint or whether it's the software that is much more efficient (or both), we do packet inspection with very little impact to hardware resources and throughput speeds are much improved.

With SonicWall, after it would calculate inspection overhead, we might see throughput at, and often below, 15%. My network administrator gave me data showing Check Point hovering at 50%, and so we were actually seeing Check Point fulfill its claims better than SonicWall.

What needs improvement?

Because there's quite a bit of flexibility in Check Point, improved best practices would be helpful. There might be six ways to do something and we're looking for one recommended way, one best practice, or maybe even a couple of best practices. A lot of times we're trying to figure out what we should do and how we should handle a particular problem or scenario. Having a better roadmap would help us as we navigate the options.

The VPN setup could be simplified. We had to engage professional services for that. That's not a problem, but compared to other products we've used, it was a little more complex.

For how long have I used the solution?

We started putting Check Point NGFW into production late first quarter this year, right before the pandemic hit. We put in two gateways and one management server.

What do I think about the stability of the solution?

Stability is there especially compared to previous security products. Certain things had quirky behaviors. For instance, once we upgraded to 80.40, a couple items inexplicably acted up (not uncommon for any software upgrade). Certain policies would drop and then show up again (remained in force, just briefly disappeared from management console). I would have to get some specifics from my network administrator, but I do recall some strange behaviors. One of them was fixed by a patch and another one still has a backup issue that's pending right now about how to best back up the device before we upgrade.

What do I think about the scalability of the solution?

I haven't had to test scalability yet because we purchased it for our existing needs and as a company, our performance and our needs are pretty flat. We don't really have need to scale yet.

We are adequately equipped for what we need and we have room to grow and to add all of our users and possibly add additional products down the road and still have plenty of room to do so on how these gateways are powered.

We have a total of about 620 employees that use Check Point NGFW. I would say we are 80% there. There are still some users that have to be migrated to it once we test their accounts, their kiosks, that kind of stuff. 

There is one primary employee who is dedicated to maintenance and there are another two who back him up but our network administrator is primarily responsible.

How are customer service and technical support?

Mixed experience, mostly satisfactory. Some support engineers are quite helpful and efficient, others required more patience working through support incidents. ATAM support has been high quality, and as previously mentioned, local support has been key to resolving some cases much more quickly. If we were giving their support a letter grade, it would be in the B range.

Which solution did I use previously and why did I switch?

We were previously using SonicWall. We switched because we were struggling with performance, support, and strategy. There were things that were broken that did not have coherent or reliable fixes. At the time we did not consider it to be next-generation technology. There were problems with GeoIP enforcement. There were also quite a few performance problems, especially with inspecting traffic. It would literally bring the device to its knees once we turned on all the inspections that we really felt that we needed. It was under-provisioned, under-specced, and coupled with all the support problems we had, we started shopping for a new solution.

How was the initial setup?

The setup was both straightforward and complex. There were some complexities in there that required us to get help. We have some local representatives that are very helpful and so we frequently contacted them for guidance.

We're still migrating people behind Check Point, especially in our main facility, but the heavy lifting was done by early summer. It took around three to four months.

Our strategy was to set it up in parallel with the existing firewalls and begin setting up policies and testing the policies against individual services in-house. Then, as we were successful, we would grab pilot users and migrate them to Check Point and have them start trying to break things or browse to certain sites and see what behaviors they were getting.

It was a slow migration with a handful of people at first. We tweaked their experiences and just kept adding people. It was gradual. We tested, fixed, and then migrated a few more incrementally.

What about the implementation team?

We had two different ways of getting help. We have local representatives who are in the same metropolitan area and they were very responsive. Then when we would have to contact standard support. We were satisfied about 80% of the time. Sometimes follow-up was not there. Sometimes there would be delays and occasionally there would be rehashing of information that didn't seem like it was efficient. Eventually, we would get the answers we would need.

That's why we rely heavily on the local people because they could sometimes light a fire and get things moving a little bit quicker.

What was our ROI?

Primarily it's offered stability and caught behaviors and given users (and administrators) a level of confidence as they are doing their daily jobs. The inspection that Check Point does, even when we download a document or a PDF, offers a bit more peace of mind in those types of transactions. GeoIP is working like we had hoped compared to SonicWall.

We have a lot of granularity in our policies. We can accommodate some really interesting scenarios on our operations floors, certain groups needing certain types of access versus other groups. We're accommodating them fairly seamlessly from migrating from SonicWall to Check Point. We might have struggled to try to make stuff happen in SonicWall, and Check Point just seems to ingest it and run with it. Having access to Check Point's AI ThreatCloud cloud has given us a lot of peace of mind. ThreatCloud is 25+ years worth of exploit research that informs and feeds CP technologies and gateways.

Another feature that's been helpful is the sandbox feature. A lot of companies offer this type of thing now, but CP has been offering it for quite a while. If end users are browsing websites, and they download a payload-infected document from a website, SandBlast will detect it and take it offline. It will sandbox it, detonate it there safely, pull out the content that we're actually looking for, then re-present that cleaned content back to the user.

What's my experience with pricing, setup cost, and licensing?

Strongly consider augmenting standard support with Check Point's premium option or by purchasing ATAM/professional services time blocks, especially during deployment.

Standard support is decent, though occasionally frustrating from a turnaround perspective. While we sometimes wait a while for resolution on some cases, the information we receive is usually quality; that's been our experience.

Which other solutions did I evaluate?

We looked at Palo Alto, Fortinet, and Sophos. I brought some of that experience to bear on our decision but our shortlist was Palo Alto, Fortinet, and Check Point.

The reason I selected Check Point was partly its pedigree, knowing that Palo Alto formed out of Check Point. Both companies are built from the same DNA and each has a history and a culture I respect and trust. Check Point Research is regularly in the news it seems for finding exploits and vulnerabilities in popular cloud platforms. 

Check Point offered quality local support, including our technical sales representative and a support manager that live in the area. A couple of executives also live in the area. If we needed to escalate, we had the people here locally that could help us with that.

My former company used Palo Alto and, while I didn't interface with the products on a regular basis (we relied on the network team for analysis), I'd overhear frustrations with support. Palo Alto is also a great product and it wasn't an easy decision choosing between CP and PA from a technical perspective. I had never used Check Point prior to this position, but it outpaced its competitors in a few key areas, especially the pre-sales phase, POC engagements, local support options, and the maturity of Check Point's ThreatCloud technology.

What other advice do I have?

My advice would be to look hard at premium support options. Know what your tolerances are, and if you expect fairly quick turnaround on support incidents, go ahead and invest that money in support. Definitely take advantages of pro services, buy a block of hours, whether that's 10 hours or 20 hours, and use that to fill in the knowledge gaps, especially during deployment. If you rely on standard support during setup, depending on how complex your environment is, you may be frustrated.

We did well doing what I recommended here. We bought two rounds of pro services (20 hours). I don't want to pile on standard support - it's not bad - it's just that if we were to rely only on standard support, I think our migration would have taken longer, and there might have been more frustrations. Because we had local support and because we bought pro services, it accelerated our timeline and it got us into production much quicker.

From what I've seen and heard from my staff, I would rate Check Point NGFW technology a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Network Security Engineer at R Systems
Real User
Supports dynamic objects and provides effective antivirus
Pros and Cons
  • "The Next Generation Firewalls, the 64000 and 44000 series, provide us with support for large data centers and telco environments. They're quite reliable and provide great performance."
  • "The area where Check Point can improve is the antivirus, as it only provides a small number of updates for it. Updates should be more frequent."

What is our primary use case?

The Next Generation Firewalls, the 64000 and 44000 series, provide us with support for large data centers and telco environments. They're quite reliable and provide great performance.

How has it helped my organization?

There are a lot of features which help us in providing a more secure environment for our organization, such as when we have Active-Active.

What is most valuable?

The most valuable feature is that the scalable 64000 Next Generation Firewalls are designed to excel in large data centers and the telco environment as well. We have a lot of these types of customers, and these Check Point firewalls support them.

In addition 

  • it supports dynamic objects, which we use for security purposes
  • the antivirus is quite effective
  • the logging and tracking are quite easy
  • overall, it is easy to use.

What needs improvement?

The area where Check Point can improve is the antivirus, as it only provides a small number of updates for it. Updates should be more frequent.

In addition, the certification process is quite expensive. It should be a little cheaper so that everyone can be trained and certified and have better knowledge of Check Point's products.

For how long have I used the solution?

I have been using Check Point's firewalls for more than a year. My responsibilities include implementing changes on the firewalls and troubleshooting.

What do I think about the stability of the solution?

They're quite stable and quite good. Management is simple because we can implement a lot of changes on the firewalls through the central manager.

What do I think about the scalability of the solution?

They're quite scalable because they support large data centers, while offering reliability and performances as well.

How was the initial setup?

The initial setup is quite easy. You don't need much training for it. Deployment takes around one week.

We have different stages in the setup process and we follow all the stages. We have to give structure to the plan, outline what we need to do. That goes to our manager, our senior experts, for approval. Then we implement the changes after their approval. Once the changes are implemented, we have our team leaders who validate whether everything is good and as expected or not. Then we close it. This is the basic strategy we follow in our organization.

About 500 to 600 employees work on Check Point firewalls in our organization and they have different roles. For example, I handle network and security admin. There are also security associates, consultants, and analysts.

What's my experience with pricing, setup cost, and licensing?

The pricing of Check Point's firewalls is good. It is not that expensive.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Network and Security Specialist at a tech services company with 51-200 employees
Real User
Very cost-effective solution that helps companies get through audits
Pros and Cons
  • "I love the interface of R.80.30. The R.80 interface is very nicely thought out with everything in one place, which makes Check Point easier to use."
  • "The naming in the inline layers and ordered layers needs improvement. It makes things very complicated. I've seen quite a lot of people saying that. For audit policies, it is okay since it's very simple to see. However, this area is for very large organizations, which have too many policies, and they need to share all these policies. For small to medium-sized businesses, they don't need it. Even if somebody has 500 rules, if they try to use it, it can be very confusing."

What is our primary use case?

In my previous company, one of the clients was a big chocolate company. They had this payment card infrastructure (PCI), where they needed to have auditors from PCI check the firewalls to see if everything was okay. So, they had web-based authentication. 

I'm working with the 5800, 5600, and 5200 models. I work with the UTMs as well. These are physical appliances as well as open servers.

How has it helped my organization?

It helped clients get through big audits for PCI, which has been very cost-effective for them. In one hour, they make 30,000 to 40,000 pounds worth of sales. A PCI audit has actually threatened them, "If you don't do it by this date, you will have to stop taking payments." Even if the audit is delayed about an one hour or so, they'll have thousands of pounds worth of losses. The previous company may have spent a lot of money on Check Point, but they save a lot as well. So, they were quite happy with that. 

What is most valuable?

The most valuable feature is definitely the logs. The way you can search the logs and have the granularity from the filter. It's just very nice. 

I love the interface of R.80.30. The R.80 interface is very nicely thought out with everything in one place, which makes Check Point easier to use. When I started in 2014, I was just confused with how many interfaces I had to go on to find things. While there are quite a few interfaces still in the older smart dashboard versions, most things are consolidated now.

What needs improvement?

The naming in the inline layers and ordered layers needs improvement. It makes things very complicated. I've seen quite a lot of people saying that. For audit policies, it is okay since it's very simple to see. However, this area is for very large organizations, which have too many policies, and they need to share all these policies. For small to medium-sized businesses, they don't need it. Even if somebody has 500 rules, if they try to use it, it can be very confusing.

In R77.30, the only thing which I hated was having to go into each day's log file and search for that day. However, in R.80, we have a unified platform, so you can just filter out with the date, then it will give you the log for that date and time. 

I would like Check Point to have certification similar to what Cisco offers. Check Point's certification doesn't cover a lot of things. For example, Check Point Certified Security Expert (CCSE) should be actually included with the Check Point Security Administration (CCSA), as a lot of people just go for the CCSA and get stuck when it comes to a lot of things on Check Point. 

Biggest lesson learnt: Never assume. We had issues when we enabled DHCP server on one of the firewalls. We tried to exclude some IP addresses so the rest would be allocated, but that didn't work. We had to start from the beginning to include the rest of the IP addresses.

For how long have I used the solution?

Six to seven years.

What do I think about the stability of the solution?

It is very stable. 

The headache with these firewalls is when they failover. The client will ask us why. We have a separate service desk and Tier 2 guys who monitor these firewalls. But, in these cases, they can't tell why, because you have to deep dive. The reason was unclear on R77.30, so I had to find it in the logs. However, in R.80, it's quite clear. We will just use a cphaprob stat to tell us the failover reason for the last time. 

Sometimes, it is very difficult to find something in Check Point Firewalls when you are stuck. Therefore, you need to know exactly what you are doing.

What do I think about the scalability of the solution?

They do scale well as long as a company is not scaling rapidly. This is the reason we have a CPSizeMe tool. With normal growth, they will easily go for five to 10 years. Normal growth means setting up a few offices, not doing big mergers.

We have about four to five Check Point users out of 20 network engineers.

In my new job, we have 80 clients in user center.

How are customer service and technical support?

I would rate the support as a three out of 10. It seems like they are all Tier 2 guys. If there is a problem, you search everything and read all the articles, then you contact their support center who forward you to the same articles. It is very difficult to work with their support guys, unless you work with the guys in Israel.

From my last job, I had a web UI issue on one of my firewalls. It's been a year now, and it's not been resolved. Although it's been to the Israel as well, It's still been delayed. We couldn't live with the issue, so we decided we would buy a new open server, as the previous open server was quite old, then we did a fresh install of R.30 on it.

if you buy the appliances or licenses through partners, they will try to resolve your issue or talk in a way that makes sense.

Which solution did I use previously and why did I switch?

My previous company used to have Junipers that used to send all the credentials via HTTP. Because all Juniper SRXs didn't do that, since they were quite old (version 570), they had to buy new firewalls. I tried to do it, but I couldn't do it on the Junipers, especially since they were out of support and nobody would help me from Juniper.

I told my previous company, "Check Point would be the best solution for them. In the long run, while you might have a lot of issues with auditors, we will actually be able to combat this using Check Point firewalls if you get the proper licensing." Then, we did web bots on Check Points. 

About five years later, an auditor said that we needed to do a RADIUS Authentication, not a clear text password nor the Check Point local password. So, we implemented that as well. This was a bit tricky because they didn't want the local guys to have RADIUS Authentication, but anybody coming from the outside would have to go through RADIUS. This was a bit tricky with Check Point because I had to involve Check Point support in the process as well, but we were able to do it. This was one of the client use cases.

How was the initial setup?

The initial setup was straightforward. I told one of my colleagues in my last job, "Just follow the prompts and you should be able to install it. It is a very simple, basic thing. Just do it as a gateway, then that's it. You are done". 

Before, on R77.30, there were cluster IDs and people needed to know what they were doing. In the R80 cluster, the cluster ID is gone, so it is very straightforward and you don't have to be an expert to install it.

A new installation on the VMs (about a week ago) took me around 20 minutes or less. This was a lot faster than I imagined, and I've created quite a lot of resources to their management and Gateway as well.

What was our ROI?

If the firewalls go down, then the employees' car payments would stop. This would be a disaster. 

What's my experience with pricing, setup cost, and licensing?

There are three types of licensing: Threat Prevention, NGTP, and Next Generation Threat Extraction. Before, it used to be you would just enable the license of whatever blade you wanted to buy. Nowadays, Threat Prevention would be sufficient for most clients, so I would think people would go for the NGTP, license which includes all the blades.

Which other solutions did I evaluate?

All sorts of councils in London use the solution. In my new job, there are quite a lot of councils and schools as well. They need to know the web traffic from their users, e.g., what they are searching and looking for and where they are going. Therefore, its application and URL filtering comes in quite handy. I've seen the application and URL filtering on Palo Alto, and it is a pain to get those details from it and create a report for users. Whereas, the user report is very easy to get with Check Point.

I have not seen another firewall offer the same level of logs that Check Point offers. I have worked on ASA and Juniper SRX. While they are a bit similar, they are not exactly what Check Point has to offer.

What other advice do I have?

This is not day-to-day firewall work, where maybe a node can do it. If you get into a trouble, you can't actually involve Check Point support all the time, especially when you won't get a response. You need to employ people who are certified. Check Point has a lot to sink in, and it's not an easy thing. You might just expose your environment, even after spending a lot of money.

It is future-proof. I would rate this solution as a nine out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Firewall Administrator at a tech services company with 1,001-5,000 employees
Real User
Centralized management makes it easy to scale and the GUI makes it easy to use
Pros and Cons
  • "The most valuable feature is the central management system through the Security Management Server. Apart from that, the graphical user interface helps us to do things easily."
  • "The frequency of the antivirus updates which we get for Check Point firewalls should increase. They should be of good quality compared to the competitive firewalls on the market. They should give us stable antivirus signatures. That is an area in which they can improve."

What is our primary use case?

We're using Check Point Next Generation Firewalls to secure the internal LAN network from unwanted threats and for protecting the environment for business use.

What is most valuable?

The most valuable feature is the central management system through the Security Management Server. Apart from that, the graphical user interface helps us to do things easily.

What needs improvement?

The frequency of the antivirus updates which we get for Check Point firewalls should increase. They should be of good quality compared to the competitive firewalls on the market. They should give us stable antivirus signatures. That is an area in which they can improve.

For how long have I used the solution?

I have been using Check Point's Next Generation Firewalls for the last three-and-a-half years.

What do I think about the stability of the solution?

These firewalls are very stable and, apart from the antivirus issue which I mentioned, everything is stable in them. The best thing is that they are the most advanced firewall on the market.

What do I think about the scalability of the solution?

Per my experience, it is very easy to scale these firewalls, because they are combined with the central management point. It is very easy to push the same configuration to different firewalls at the same time. It does not take much time to extend usage.

We use them throughout our organization. Currently we have used them for around 50 percent of our needs and there is definitely a room to grow. In the future we will definitely try to increase usage, if it is required.

How are customer service and technical support?

We have had a good experience with the Check Point support guys. The solutions they provide are very straightforward and are provided quickly.

Which solution did I use previously and why did I switch?

I used Palo Alto firewalls. Compared to Palo Alto we are happier with the Check Point Firewall features. Key differences are the ease of operating Check Point firewalls and the use of Linux, as we are all trained in Linux. It is easier for us to work on the ELA of Check Point firewalls. And Check Point's support is good.

Check Point is the best firewall we have found for our organization so we went with it.

How was the initial setup?

In our company we do setup of Check Point firewalls very frequently because we are a growing company and we are required to do them on a fresh basis for our new branches.

The initial setup for these firewalls is straightforward. There's nothing complex about Check Point firewalls. They are easy to install and configure. We have cloud-based VM firewalls. We configure them in our environment. It is easy to access them and it is also easy to implement the changes on them.

Deployment time depends on the condition and the space of the organization. In our case, it requires three to six months for the setup phase. We have the same implementation strategy for all our branches, which is very simple. It is a three-level hierarchy which is recommended by Check Point. We use the SmartConsole, we use the Security Gateway, and we use the Security Management Server.

In my organization there are six people who have the access to the Check Point firewalls. Two of them are network administrators and four are managers.

What was our ROI?

We are happy with the return on investment from the Check Point firewalls. We are happy with the features and with the protection they provide us.

What's my experience with pricing, setup cost, and licensing?

The licensing part is easy for Check Point firewalls. You just purchase the license and install it on the firewall. The pricing is a bit high, but obviously it gives you advanced features. If you want to buy the best thing on the market, you have to pay extra money.

What other advice do I have?

When implementing the product, follow the recommendations which Check Point provides. Follow the backup for the firewall so that in case of an issue, you have a secondary firewall active.

The biggest lesson I have learned is that there is a scope of improvement. Companies that are improving and providing updates frequently are growing more. In addition, improving support is a very key part of things. Check Point rates well on all these points.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Rohit Gambhir - PeerSpot reviewer
Sr. Network Engineer at a consultancy with 51-200 employees
Real User
Protects our environment with advanced features, like Threat Protection and central management
Pros and Cons
  • "They have very good support. In critical scenarios, they provide us very quick solutions, are very well-trained, and have a good knowledge about the product. That is what we expect from them."
  • "Check Point's study materials should be provided by the company directly and be of very good quality. This is not provided right now and something that the company can improve."

What is our primary use case?

We use it to protect our network from the outside world and unsecured networks. We also use it to provide a safe, secure network to the internal users of our organization.

I am using various versions on the model, like R80.10 and R80.30.

What is most valuable?

  • Antivirus
  • Threat Prevention
  • The central management

These are vital, advanced firewall features for the market. They protect the environment more than the usual firewalls. 

What needs improvement?

Check Point's study materials should be provided by the company directly and be of very good quality. This is not provided right now and something that the company can improve. 

A disadvantage about Check Point is people in the market are not too familiar about its usage and people lack training on it.

For how long have I used the solution?

I have been using it for the last six years (since 2014).

What do I think about the stability of the solution?

Check Point Firewalls are very stable. Check Point is one of the oldest company in firewalls with a very stable product. They provide good, stable updates.

What do I think about the scalability of the solution?

It scales well. Recently, during COVID-19, we did the scalability process, and it was easy.

Currently, this is used only for our inbound networks to provide security to our internal network. Around 6,000 people are taking advantage of this technology directly and indirectly in our organization.

We have certainly increased number of firewalls in our organization. In the future, if is required, then we will definitely use more.

How are customer service and technical support?

I have used the technical support very frequently. I would give them around a nine out of 10. They have very good support. In critical scenarios, they provide us very quick solutions, are very well-trained, and have a good knowledge about the product. That is what we expect from them. I am deducting one mark to allow room for improvement. 

Which solution did I use previously and why did I switch?

Previously, we were using the Cisco ASA Firewalls, which are one of the most demanded firewall in the market. We switched to Check Point because their firewall is more advanced than Cisco ASA. They are also providing us the extra benefit of features, like their central management system, Antivirus, and Threat Prevention, which were not provided by Cisco ASA. 

How was the initial setup?

It was straightforward; it was not too complex. It was simple to install and use the features, as we were already trained. Our company used their trainers before installing it. Getting all the knowledge of the firewall's features beforehand worked very well for installing/deploying the solution in our environment.

We were using different firewalls that we had to replace. For that replacement, we required two years for the transition to Check Point to get it to work.

For our implementation strategy, we used three-tier architecture strategy in which we have a console, three-tier management Gateway, and the firewall.

What about the implementation team?

We have around 20 people on the team, because it is a large company. So, I deployed it with the help of 19 members. The team of 20 people work on different shifts and we manage all the organization's firewalls. We are all network engineers, though some of us have different designations.

What was our ROI?

It has a good return in terms of usage and the security that it provides. We are very happy with the security capabilities that this firewall has.

What's my experience with pricing, setup cost, and licensing?

Check Point Firewall costs more compared to the other firewalls in the markets, as pricing is little high. However, it is easy to take the license and use it in the firewall.

Which other solutions did I evaluate?

We did an evaluation between Cisco ASA and Check Point. We had options to extend Cisco ASA or switch to Check Point, but we switched to Check Point Firewall.

What other advice do I have?

Be knowledgeable before implementing this firewall because it has many advanced features compared to the normal firewalls in the market. If you want to use it in a better way, then you need to be trained on it. 

There were a few members who joined our organization who were familiar with Check Point, but they do not know about every feature which could be used and taken advantage of to better secure our network. I recommend getting proper training before using it.

I would rate this solution a nine out of 10 because I am a very happy customer of Check Point. I have had a good experience with this firewall. I like is the way it is improving a lot with the times.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Solutions Lead at a tech services company with 1,001-5,000 employees
Reseller
We are seeing less traffic going to the server, improving server performance
Pros and Cons
  • "My favorite feature is the UTM piece and that was the main reason we bought it. It helps us to fine tune the network."
  • "When I was creating the VPN on it and the client side through the portal, that feature was very annoying. I could not use it. It was much more usable after downloading it to the laptop. That was very good compared to using it directly from the browser."

What is our primary use case?

It's an on-prem deployment where we use it to protect our client and end-users who are working with the internet, and to protect their servers from external access. They have about 100 users and two servers.

How has it helped my organization?

When we did not have SSO, we had problems related to attacks compromising our firewall. That has been mitigated. We have the traffic going through the firewall to the server, so those types of things have really improved. We are seeing less traffic going to the server. When there was direct access to it, there was more and more traffic going to our server. So it has improved our server performance.

What is most valuable?

My favorite feature is the UTM piece and that was the main reason we bought it. It helps us to fine tune the network. We use it to block certain websites, to block access to particular locations, such as in Singapore or say Malaysia, where we have offices. We keep the previous device updated and, based on that, we also have static MAC address binding.

We also use the VPN services. The VPN features are mostly for our cloud connectivity and for our remote users to have local server access.

What needs improvement?

When I was creating the VPN on it and the client side through the portal, that feature was very annoying. I could not use it. It was much more usable after downloading it to the laptop. That was very good compared to using it directly from the browser.

For how long have I used the solution?

I have been using Check Point NGFW for almost two-and-a-half years.

What do I think about the stability of the solution?

It's a stable solution. In the time I have been using this product, I have hardly seen anything break.

What do I think about the scalability of the solution?

In terms of scalability, they have products that can fit into the environment. It's a very scalable solution. For our requirements, it fits very well. You can go with whatever kind of setup you want: Active-Passive, Active-Active. Check Point is very easy. Their solution is ready for our market; it's very well suited. Wherever we want to go, Check Point can provide a solution.

Currently, we are using somewhere around 50 to 60 percent of the box's capacity.

How are customer service and technical support?

Sometimes, when I have gotten stuck, I have reached out to support and it's okay. They have helped me very quickly.

Which solution did I use previously and why did I switch?

We did not have a previous solution. We went directly with Check Point. We liked the features provided by Check Point and we went for it.

How was the initial setup?

The setup is not complex. It's easy to deploy. The documentation provided is very good. Deployment takes me two to three days. The hardware takes one-and-a-half days and then I get all the features up and running.

We have a standard implementation strategy. We have a checklist. We plan it out. Then we go into the field for the deployment. We have one dedicated engineer for deployment, and I also check it on a regular basis. The two of us are also the ones who manage the solution.

What's my experience with pricing, setup cost, and licensing?

We have to consider things, cost-wise, when we are expanding into other locations. We don't have the budget to use it in other platforms. We have some servers that we deploy in AWS and other locations. But instead of going with Check Point, we go with other vendors to fit into the budget.

Check Point is really costly. When it comes to the Indian market, where we are located, we always consider budget solutions. So this is an area where Check Point could use some improvement.

In addition to the standard fees, support is an added expense.

What other advice do I have?

The biggest lesson learned from using this solution is in terms of security. It is a really good product. I don't think there is anything missing from the Check Point firewalls. The features provided by the company are very good and provide what we need.

It's a very good security product, as long as you have the budget. It provides modern security and the architecture Check Point provides is good. And the application side will really help any size of business to deal with traffic based on the application.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer:
PeerSpot user
System Architekt at a insurance company with 1,001-5,000 employees
Real User
Prevents users from accessing things on the Internet that they are not supposed to access
Pros and Cons
  • "The firewall feature and DDoS Protector, when turned on, keep away attacks from the outside. They also prevent users from accessing things on the Internet that they are not supposed to access."
  • "It depends whether the problem is known to Check Point. If they are aware there is a problem, quite often it will then depend on which tech you finally land on if it's easier or harder to get to the root cause. The last issue was in India so that was pretty bad. It's easier if you get directly through to Tel Aviv or Ottawa, but you can't choose. Once they know what the issue is, it's pretty good. It pretty much depends on the engineer that you get. There are pretty good engineers and there are many engineers who are at just the starter level at Check Point who are not really into the stuff. Sometimes it's hard, sometimes it's easy, depending on the problem and the tech engineer you get."

What is our primary use case?

We use it as a normal firewall for perimeter security, using some of the Next Generation features, like Anti-Bot and Antivirus. 

We have two ISPs. We have a different firewall system in front of the Check Point Firewall. We also have normal Cisco switches combined with the Check Point solution. Then, our internal network is with Cisco, which is about 300 servers and 1,500 clients.

How has it helped my organization?

Since we are an insurance company, the solution is a necessity.

Two-thirds of our employees are working at home at the moment, so we use the VPN feature more than we used to. Of those two-thirds, only 100 or 200 are using the remote client from Check Point. The other employees are using other technologies, like NetScaler from Citrix. 

What is most valuable?

We use the basic firewall functionality, plus the VPN functionality, a lot.

We have about 100 remote sites, which is where we use the VPN functionality. For private lines, we prefer to do further private encryption on the line. It is very convenient to do it with Check Point, if you have Check Point on both sides. It is convenient and easy to monitor.

The firewall feature and DDoS Protector, when turned on, keep away attacks from the outside. They also prevent users from accessing things on the Internet that they are not supposed to access.

What needs improvement?

The Threat Emulation definitely needs improvement. A couple of years ago, we did a comparison with other companies, e.g., Lastline, offering threat emulation and threat detection functionalities, and Check Point was lacking. 

For how long have I used the solution?

I have been using Check Point for 22 to 23 years. I have been using Check Point NGFW for 15 years, since 2005.

What do I think about the stability of the solution?

We used to have more problems. For the past five years, unless we have had a bug, which happens like once a year, it has been pretty stable. We did have a bug for the last three months, which has just been fixed. Before that we had another two or three major bugs. However, when there is a bug and it's not known to Check Point, they need quite a while to get it fixed. If they have a fix already, then there is a pretty quick turnaround to get it fixed.

There are three people working on firewalls, but not at 100 percent. We have the equivalent of one person doing firewalls 100 percent of the time using three people.

What do I think about the scalability of the solution?

For our requirements, it's scalable enough. We have a 1 gig uplink to the Internet, which is easily doable with open servers. 

We used to have some problems with the performance, then we upgraded the license and the scalability has worked well since.

There are 1,200 to 1,500 users.

How are customer service and technical support?

It depends whether the problem is known to Check Point. If they are aware there is a problem, quite often it will then depend on which tech you finally land on if it's easier or harder to get to the root cause. The last issue was in India so that was pretty bad. It's easier if you get directly through to Tel Aviv or Ottawa, but you can't choose. Once they know what the issue is, it's pretty good. It pretty much depends on the engineer that you get. There are pretty good engineers and there are many engineers who are at just the starter level at Check Point who are not really into the stuff. Sometimes it's hard, sometimes it's easy, depending on the problem and the tech engineer you get.

To the next manager, it's pretty easy to escalate an issue, if needed. Though, it depends on the manager. 

Our current sales staff isn't too good. Though, the one before was pretty good. So, you can escalate on that process well. As an escalation path, it works most of the time.

How was the initial setup?

Once you do it for over 20 years, it is straightforward. If you have done it a couple of times, then you know what to do. However, even if you are a beginner, Check Point is more straightforward than Palo Alto or something like that. Once you get the idea of how a firewall works, Check Point does it that way.

There is a central location where we deploy upgrades, which normally take one business day since we have several clusters there. 

When deploying the solution to remote locations, we have several models to choose from.

What about the implementation team?

When we tried Threat Emulation, we have received professional services from Check Point. However, for the normal setup, we don't involve any professional services.

What was our ROI?

It is like insurance for us.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing are pretty steep. They know that they are good, so they are pricey.

Which other solutions did I evaluate?

We are also using Forcepoint, which is a little bit different on the OS and focused more on IPS/IDS. It is a good practice to combine two different firewall vendors in case one of them gets hacked.

We also evaluated Palo Alto, like five years ago, but that doesn't make much sense for us. 

What other advice do I have?

Since we are trying to get our customers to do more self-service, we should see more inbound traffic. So, the usage will increase in the next two years.

We get more attacks from the outside these days, so it has become more important to use systems like Check Point. When I started with security 25 years ago, it was still something not everybody was aware they needed. Today, it's common sense that everybody needs to protect their perimeter.

Plan first, implement last. You should first be aware of what assets you want to protect and what are your traffic patterns. You should plan your policy and network topology ahead of time, then start to implement a firewall. If you just place it there without any plan of what it's supposed to do, it doesn't make too much sense. I think planning is 80 percent of the implementation.

I would rate this solution as an eight out of 10. It would be better if the support was quicker in the cases we had. Apart from that, we are happy with the functionality.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer1420545 - PeerSpot reviewer
IT-Infrastruktur at Synthesa Chemie Ges.m.b.H
Real User
Provides centralized management, good logging capabilities, and granular application control
Pros and Cons
  • "The most valuable feature is the centralized management, which gives us control over all of the Check Point gateways."
  • "Without any training, it is very hard to administrate the whole Check Point NGFW."

What is our primary use case?

Check Point protects our environment from external threats. In particular, we use:

  • Application Control for Internet access
  • HTTPS Inspection for outgoing connections into the internet
  • Separate the OT network from the normal data LANs
  • SSL VPN for End Users - Check Point Mobile VPN Client is used on the end-user clients
  • Site-to-Site VPN for connecting other companies to our environment

We are using two Check Point boxes in a ClusterXL Setup so that one appliance can die and the environment is not affected. We also use a cloud gateway for internet security on users, which are only connected to the internet (outside the office).

How has it helped my organization?

Check Point has improved our organization in the following ways:

  • Provides for central management over all of the Check Point gateways
  • Maintains a changelog that shows which users have made changes
  • Version control allows us to roll back a ruleset after, for example, a misconfiguration
  • Offers very granular application control
  • Allows for various internet permissions for various users
  • Gives us very good logging, which is nice for troubleshooting because you can instantly which rule is affected for each action
  • The cloud gateway (Check Point Capsule Cloud) ensures that users are getting the same internet permissions as they would if inside the company, no matter which internet connection they are using

What is most valuable?

The most valuable feature is the centralized management, which gives us control over all of the Check Point gateways. This means that you do not need to connect to each gateway and make the necessary changes.

Cluster functionality, "ClusterXL", works like a charm. A rollover to the standby gateway does work with no noticeable delay in the network.

You can buy a Check Point appliance or install the Check Point NGFW as a VM on your own hardware.

The extremely wide function horizon covers almost every possible scenario.

What needs improvement?

The Performance on a policy install takes too long for my taste. This might be because, at each policy install, the management pushes the whole policy on the affected gateways.

Without any training, it is very hard to administrate the whole Check Point NGFW.

In our case, the main Check Point gateways are in a cluster configuration. Sadly, the management always shows the standby box as failed. This may be because it is set to STANDBY and not ACTIVE. It would be better to show the standby box as good.

For how long have I used the solution?

I have been using Check Point NGFW for about five years.

How are customer service and technical support?

Support is very customer-oriented and you are always in good hands.(customer wishes are often implemented in the next hotfix)

Most Support engineers are located in Israel. (Very good spoken english)

Very fast response from R&D Team

Which solution did I use previously and why did I switch?

We were using SonicWall and switched because of EOL.

What's my experience with pricing, setup cost, and licensing?

The pricing for Check Point depends on your environment.

Which other solutions did I evaluate?

Before choosing Check Point we evaluated Fortinet and a newer version of SonicWall.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Principal Network and Security Consultant at a comms service provider with 10,001+ employees
Real User
Central architecture means we can see an end-to-end picture of attacks
Pros and Cons
  • "Check Point definitely has a great architecture, where you can just enable the software blades and deploy a secure service. Overall, it provides ease of deployment and ease of use."
  • "The area it needs improvement is the SandBlast Agent. It receives a file, or if it detects a Zero-day attack, it takes the file and analyzes it, either on-premise or in the Check Point Cloud, and then it reports back whether the file is secure or non-secure, or is unknown. That particular area definitely needs a bit more improvement, because there is a delay... where it needs improvement is where [SandBlast is] an appliance-based solution rather than a software or cloud-based solution."

What is our primary use case?

I support multiple clients within the UK, the EMEA region, the US, and now in Asia Pacific as well. I specialize in Check Point firewalls. I design and secure their data centers, their on-premises solutions, or their businesses security.

The firewalls are mostly on-premise because most of our clients are financial organizations and they have strict compliance requirements. They feel more secure and have more control when things are on-premise in the data center. However, there are use cases where I have helped them to deploy Check Point solutions in the cloud: AWS, Azure, and in Google as well. But cloud deployments are very much in the early stages for these clients, on a development or testing basis. Most of the production workloads are still on-premise in data centers.

Most of my customers are still using R77.30, and they are on track to upgrade from that to R80, which is the current proposed version by Check Point.

How has it helped my organization?

One of our customers has just recently been attacked by malware and internal DoS attacks, and they have a multi-vendor, multi-layer firewall approach. The internal firewalls are Check Point. The great thing about Check Point is that because of its central architecture, you can very quickly pinpoint where the attacks are coming from. It gives you comprehensive reporting when the attacks start and when they've stopped, so you can see the complete, end-to-end picture: where the point of attack is, at what time, and what host. They can track all of that.

However, in parallel, that customer is using other firewalls which have no visibility. One of the main advantages of having Check Point firewall is definitely that it gives you absolute in-depth visibility.

What is most valuable?

Among the valuable features are antivirus, URL inspection, and anti-malware protection. These are all advanced features.

One of the great advantages of having Check Point as a firewall is that all of these are software blades, so you can buy a license or subscription and enable them and get the security up and running. With other firewalls, it's a completely different agenda, meaning some of them require hardware modules, and some of them have a complex way of adding the licensing, etc. Check Point definitely has a great architecture, where you can just enable the software blades and deploy a secure service. Overall, it provides ease of deployment and ease of use.

What needs improvement?

The area it needs improvement is the SandBlast Agent. It receives a file, or if it detects a Zero-day attack, it takes the file and analyzes it, either on-premise or in the Check Point Cloud, and then it reports back whether the file is secure or non-secure, or is unknown. That particular area definitely needs a bit more improvement, because there is a delay. That's one of the main complaints for most of our customers. Or if it is quick, then it's very complex. For example, if they have received a file which is "unknown" or has Zero-day attack malware, sometimes it doesn't get analyzed properly or it's locked into the cloud. So there are various small issues with the product that need possible improvement.

The SandBlast product on its own is a very good concept, and it works absolutely brilliantly. However, when you integrate it with existing firewalls, it just doesn't play very well.

The cloud solution is quite straightforward because it seems the SandBlast solution was designed, initially, for cloud deployments, where you've got multiple clouds or multiple vendors, and you are receiving files from different points. And on the cloud edge, for example in AWS, if you have Check Point sitting there, it works very well if you're running a virtual firewall. However, if it's on-premise and it's a dedicated appliance, then the performance is slightly different and the way it works is very different. So where it needs improvement is where it's an appliance-based solution rather than a software or cloud-based solution.

If I am using SandBlast on a virtual appliance — for example, I've got Check Point virtual appliances in AWS, and Azure as well, for a customer — those virtual appliances work absolutely fine as a service, as does SandBlast as a service. However, if it's an appliance, if it's a dedicated firewall on-premise in a data center and you add SandBlast as a software service, the integration is not that straightforward, so the experience is very different. 

It seems like they were possibly built by different teams, independent of each other.

For how long have I used the solution?

I've been using Check Point firewalls for about 16 years. I am the main network or security lead and I have four other engineers who report to me. They also do design and deployment.

I work with approximately 40 companies that utilize Check Point.

What do I think about the stability of the solution?

Check Point firewalls are very stable. One good thing about Check Point is that they do rigorous testing internally before releasing updates, which is something I have not found with any other firewall products. With most of the other firewall products, when they release something, it's like the customer becomes the guinea pig for that particular version, whether a minor or a major update. However, with Check Point, you can see all the white papers and what ways they have tested a minor or major upgrade of the software version, and what the performance was like. What are their known issues and is somebody working on them or not?

So the software releases are very stable and you have visibility into how they operate and what the known issues are, so you know whether you should go ahead with them or not. And in case there is a problem, the support is excellent. You can reach out to Check Point and say, "Look, I've done the software upgrade and I'm experiencing these problems. How can I deal with them?" They are there to help you out.

There are times when we have problems in terms of software or hardware defects. We have sustained downtime, but most of the architecture I design is resilient, so if one device is down, the other one is working fine. Then in the background, I or my support team will deal with Check Point directly, to get a replacement. They're definitely quick to respond and very efficient. 

In the past, we had a lot of problems with licensing, specifically, but Check Point has redone the whole way they do licensing. It's very quick now, and very efficient.

What do I think about the scalability of the solution?

Check Point firewalls are extremely scalable. Recently, I deployed Check Point in an AWS cloud solution for one of my clients, and it's been absolutely excellent in handling growth. They've grown from 10,000 users to a million users. The way Check Point has advertised the product, it is supposed to be highly scalable, which means it grows as your demand grows, and that has been the case. 

Recently we have set up a test case where we are moving over management servers from on-premise to a Check Point-provided Infinity cloud solution. We are still at the testing phase but, overall, it's been a great experience so far.

How are customer service and technical support?

The teams we deal with within Check Point are extremely knowledgeable. They know how to understand the background of the problem, and they're very good about articulating how we deal with the issue, whether it's a minor software upgrade issue or it's a major failure of the hardware itself. They know where to look for the right stuff. The key point is they're very knowledgeable and very technical. And if somebody doesn't have the technical capability, they will definitely help you out to make sure you get to the bottom of the problem.

Which solution did I use previously and why did I switch?

In the past, most of the customers I've worked with have used different firewall vendors, such as Cisco, Palo Alto, and Juniper.

I've recently seen deployments where customers have tried to move from Cisco ASA to Cisco Firepower and the deployment has gone horribly wrong because the product has not been tested by Cisco very well and is not a mature product. I've gone in and reviewed their business requirements and technical requirements and, based on that, I've recommended Check Point and done the design and deployment. They've absolutely been happy with the solution, how secure and how capable it is.

We use Check Point across multiple types of customers, such as financials, retail, and various other public and private sector organizations. I review their security architecture, which is firewall specific and, based on that, I have recommended Check Point. In most cases, I've managed to convince them to go ahead with Check Point firewalls as a preferred secure firewall solution.

The main reason is that Check Point is far ahead in the game. They're definitely the market leader. They are visionaries when it comes to security. Another reason is that a lot of firewall architecture starts from the firewall itself, which is the local firewall. It can easily be hacked and manipulated. However, the Check Point architecture, out-of-the-box, is very secure. They have a central Management Server and all of the firewalls are managed through that one central point. So in case somebody breaks into your firewall, the firewall is encrypted; they will delete the database. The architecture is secure by default. The good thing is that other firewall vendors have realized this and they've started to copy the same system that Check Point has used for the past 20 years now.

How was the initial setup?

When working with the Check Point team on deployment, they're really helpful and very talented people. When you speak to other firewall vendors, they just think about the firewall from their point of view. The good thing about Check Point engineers, or technical staff, or even management staff, is that they understand what the requirements of business are and how they can improve or align the proposed solution. Overall, Check Point staff are very knowledgeable, they understand different industries, and they understand the product very well. That's definitely a competitive edge compared to other firewalls.

Once the design is done, for something simple the deployment can take half a day, whereas for a complex deployment in a data center it can take about five days.

Our implementation plan is divided into different phases. Phase One might be the physical cabling of the firewall device itself. Phase Two would be the logical setup, which means defining the interfaces and the virtual setup of the firewall itself. The final phase would be to bring it online in parallel with production, in a non-prod service, and test it to ensure it works as per the design.

What was our ROI?

A customer I'm working with right now was running with Check Point and they wanted to move to Fortinet firewalls. However, when I worked with them on the design to upgrade the existing Check Point firewalls, what we worked out was that even though the Fortinet might have seemed like a cheaper option, it didn't have the security capabilities that Check Point is offering. On that basis, the customer signed off on a project for upgrading their existing firewalls, on-premise and cloud, from R77.30 to R80.10.

What's my experience with pricing, setup cost, and licensing?

It can be expensive, but it's value for money. What you pay for is what you get. You can go down in price and buy some cheap firewalls, but you're not going to get great support and you're not going to get the level of protection you need. With Check Point you get all of that.

Which other solutions did I evaluate?

With Juniper, one of the biggest downsides is support. The support portal is slow and I won't say the staff is competent in terms of understanding. They're very disconnected internally. What I mean is that the team working on the software development of the firewall has no interface with the support teams that are handling day-to-day TAC cases. They definitely struggle when it comes to understanding challenges, problems, and incidents with the firewalls.

In the past, Juniper firewalls were good, but recently the security offering has just not been there. They don't have anything like SandBlast from Check Point. They don't have up-to-date Zero-day attacks control. They're still running a very old architecture. They can do things like antivirus and URL proxy, but those are very simple features. They have none of the advanced feature set that Check Point has.

Palo Alto is very competitive with Check Point when it comes to security. However, one of the challenges with Palo Alto is that, overall, the solution can be extremely complex and expensive. That is one thing I've heard from customers again and again. Either they have existing Palo Altos or they plan to go to Palo Alto, but when they do a comparison with Check Point, what they find is that the overall value with Check Point is much greater than with Palo Alto firewalls.

What other advice do I have?

If you're looking to implement Check Point as a security solution, definitely do your homework. Do some research, not just in terms of firewalls, but overall security architecture. Which ones are the leaders in the field? Which ones are there to deliver what they promise? And overall, how does the architecture work? Is it secure or not? And does it come from a team that understands how to support the solution itself? Are they consistent? Look at their track record for the past 10 or 15 years, or are they a new player? If they are, you don't know whether they're going to stay in the game or not. A good thing about Check Point is that its core product is security. They've been doing it day in and day out. You know they're there to stay in the game. You can trust them.

Check Point is a proven solution. A lot of customers and clients already rely on it. And for the Next Generation Firewalls, they're coming up with new features as security threats become known.

If somebody wants a secure and stable environment, Check Point is definitely the leader to go to; definitely the number-one choice. It's not only what it says on the box. In reality, I've worked with hundreds of banks and they're happy with the product because it works; in practice, it works. That's the main thing.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer1956729 - PeerSpot reviewer
reviewer1956729User at Hughes Communications India Limited
User

We have been using Check Point for the last 14+ years since it was called Nokia Check Point. It is a wonderful product with wonderful support. Technology advancement is also part of the life cycle. 

Security Administrator at R Systems
Real User
Central management allows us to push policies to multiple firewalls
Pros and Cons
  • "The biggest thing is the central management. It is quite good and allows us to manage the different firewalls from it. We can implement and configure many firewalls and push our policies to them as well."
  • "The antivirus is not as effective as it could be because updates are not that frequent."

How has it helped my organization?

The biggest thing is the central management. It is quite good and allows us to manage the different firewalls from it. We can implement and configure many firewalls and push our policies to them as well.

What is most valuable?

One of the most valuable features is the antivirus. It's very good.

We also now support cascading objects. We didn't support this previously, but on Check Point we do.

The dashboard is quite good, you can explore a lot of features there and it's easy to understand.

It also gives us SSL inspection, which provides more effective mitigation of defects and data leakage.

What needs improvement?

The antivirus is not as effective as it could be because updates are not that frequent.

Another area for improvement is that certifications are quite expensive with Check Point.

For how long have I used the solution?

I've been using the Check Point Next Generation Firewall for the last year.

My role includes working on Check Point and Cisco ASA firewalls to make changes on them, per customer requirements or as the organization needs. I also explore new features and do troubleshooting.

What do I think about the stability of the solution?

It's quite stable. Until now, we haven't faced any issues.

What do I think about the scalability of the solution?

The Check Point 44000 and 64000 Next Generation Firewalls are designed to be quite scalable. 

How are customer service and technical support?

If we do face an issue which is not our support boundaries, we involve the Check Point TAC. They're quite technical, so they help us to resolve things. They are always helpful. They're knowledgeable and their response time is very fast.

Which solution did I use previously and why did I switch?

Previously we were working on Cisco ASA firewall which didn't support the cascading objects. Also, Cisco supports two gateways, whereas the Check Point supports up to five gateways.

We also decided to bring on Check Point because there are a lot of switches that are not supported in Cisco ASA. Also, with Cisco, IPS does not come with the firewall and we have to configure it separately. The Check Point IPS comes with it.

There are a lot of features which are not supported in the Cisco ASA Firewalls.

How was the initial setup?

The initial setup of the firewall is straightforward. I didn't find any difficulties in moving from Cisco ASA to Check Point. The dashboard is quite friendly, so it didn't take much time to learn.

Deployment took about three days.

We have different stages in our implementation process like planning, approving, implementing, checking and validating, and the last one is matching. Job roles in our organization go according to these stages the approvals. I do the planning part and my approval request goes to my team leader.

We have about 400 to 500 users. They are semi-technical or non-technical people, such as network and security engineers, who are tracking and monitoring the firewalls. If we're talking about troubleshooting we have from different levels, like L1, L2, L3.

What was our ROI?

It's saving us a notable amount of time. 

What other advice do I have?

Check Point is good. It has a lot of features which will support a lot of things in your organization, and the dashboard is quite good. There are a lot of features, such as data protection and data inspection, at a good price.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
IT cloud network engineer - PeerSpot reviewer
Junior Network Specialist - Cloud Operations Engineer at a computer software company with 5,001-10,000 employees
Real User
VPN is easy to configure while the CLI allows us to automate things
Pros and Cons
  • "One of the most valuable features is the data center object integration with Azure. We are using Azure a lot and there is very nice synchronization between the objects in Azure, and it's very easy to implement rules using this feature."
  • "The NAT services part needs improvement. It's not sophisticated. It needs functions like range assignment for NATing. The way you assign a list of IPs for NATing is too simple. It just allows you to use pools."

What is our primary use case?

We use them to protect our edge infrastructure and for interconnecting our sites using the VPN.

What is most valuable?

One of the most valuable features is the data center object integration with Azure. We are using Azure a lot and there is very nice synchronization between the objects in Azure, and it's very easy to implement rules using this feature.

Other valuable features include: 

  • the VPN — it's quite easy to configure it and it provides us with an easy way to interconnect our sites.
  • the CLI, for automating things
  • it is very easy to manage, to make backups, and to configure
  • the support and the graphical user interface.

What needs improvement?

The NAT services part needs improvement. It's not sophisticated. It needs functions like range assignment for NATing. The way you assign a list of IPs for NATing is too simple. It just allows you to use pools.

There could also be improvement to the automation. They should provide a tool for creating and maintaining rules.

For how long have I used the solution?

I have been using Check Point firewalls for more than five years.

What do I think about the stability of the solution?

The stability is an eight out of 10 because we have had some problems with URL filtering, with the domain filtering in particular. When the domain is under a CDN, it sometimes gives us problems because there is more than one IP for each domain.

We have also had problems with data center objects or Azure objects where we have created a rule and the rule stops working. We opened a case with Check Point and they answered us. We installed fixes and it looks like it's working now.

What do I think about the scalability of the solution?

The scalability is quite nice at the firewall level. It gives us the possibility of implementing clusters and high-availability.

We are also working on an Azure implementation and it looks good. We have not yet deployed to the Azure Check Point implementation, but it promises a lot.

We have about 200 employees and, on the administrative side, there are 12 to 15 people working with the Check Point solution. They are mostly networking infra engineers. We are using about 40 percent of the firewall capacity. We don't currently have plans to increase capacity.

How are customer service and technical support?

We are satisfied with the support. When we have a problem, it's very easy to contact the support center and they give a fast response. I would give their support a nine out of 10.

Which solution did I use previously and why did I switch?

I have worked with the Cisco ASA firewalls and with firewalls from manufacturers like MikroTik.

What was our ROI?

It's hard to measure ROI, but our sense of security, as a company, is good with Check Point.

What's my experience with pricing, setup cost, and licensing?

In terms of quality versus price, Check Point is very balanced.

What other advice do I have?

The biggest lesson I have learned from using Check Point firewalls is that if you know how to work with Linux, you will be able to manage almost all the features.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Vighnesh Rege - PeerSpot reviewer
Lead Solution Advisor at a consultancy with 10,001+ employees
Real User
Fix holes in endpoint security management infrastructure, which might be letting things through like ransomware
Pros and Cons
  • "The application authentication feature of Check Point is the most valuable as it helps us keep users secure."
  • "Check Point should quickly update and expand its application database to have what Palo Alto has."

What is our primary use case?

We recommend to clients who are installing applications that they can work with Check Point Next Generation Firewalls. Our role is to support our customers in terms of their migration, firewall room cleanups, and implementing all the security features that the firewall has.

Our clients have branch offices in Mexico and Bermuda. Check Point is one of the top names in these areas.

How has it helped my organization?

Our clients come to us to fix holes in their endpoint security management infrastructure, which might be letting things through like ransomware. We recommend Check Point Firewalls and some other endpoint security management solutions to mitigate these risk factors. We use this solutions to help build a perimeter for the company, as it helps filter threats from affecting our clients' infrastructure.

What is most valuable?

The application authentication feature of Check Point is the most valuable as it helps us keep users secure. 

It works smoothly when managing clients' on-premise and cloud firewalls.

What needs improvement?

Permissions from the client regarding troubleshooting and how well we can packet capture have not been smooth.

Check Point should quickly update and expand its application database to have what Palo Alto has. 

There have been some issues with third-party integrations.

For how long have I used the solution?

I've been using Check Point Firewalls since 2012. This was right from the beginning when it was hardware from Nokia and the R65 and R66 models. So far, that has gone well.

What do I think about the stability of the solution?

They are stable. There are no standalone Check Point boxes. If a module goes down, it doesn't affect the base as a whole. Check Point Firewalls have nice redundancy.

What do I think about the scalability of the solution?

Scalability is a good feature that this solution has. It is easy scale out and do site-to-site implementations. Sometimes, you have to clean the OS or RAM to free up availability. However, if you do this, then there are generally no issues with scaling it.

How are customer service and technical support?

The documentation is really good. 

Their support guys response is really quick. Though, sometimes it takes them more than four to five to get back to us via email and acknowledge an issue. If you have the diamond support, it is definitely fast. However, if you don't have that sort of expensive after-sale support, then it is a problem to engage a Check Point technician at a very fast pace.

We actively participate in the community group.

Which solution did I use previously and why did I switch?

Our clients are migrating over to Check Point NGFW from Cisco, Juniper, and Fortinet because they want the Check Point Application Intelligence feature. 

How was the initial setup?

We set up the management tool for the clients to manage all their infrastructure.

The migration is generally seamless and takes one shift or day (about nine hours).

We migrate clients to Check Point from other solutions. We also have situations where it's a clean install for deployment, which is the most common scenario.

What about the implementation team?

We are working with Check Point Firewalls to provide installation, migration, updates, setup, etc. 

In the beginning, we needed help from the vendor with the setup. The support was good.

What was our ROI?

Our clients have seen ROI.

What's my experience with pricing, setup cost, and licensing?

Cisco pushes clients to purchase their hardware, and this is not the case with Check Point. This helps to easily manage costs.

Which other solutions did I evaluate?

There are now more competitors in the market, like Palo Alto and VMware. 

Palo Alto is a bit more smooth and cost-efficient than Check Point. Palo Alto has Unified Threat Management (UTM) coupled with a dake lake database that is huge. Also, its migration is more smooth than Check Point's. 

What other advice do I have?

Look for a software with licenses that support the features you want. I would recommend doing an RFP before purchasing. Get in touch with Check Point's sales team and compare it with other solutions.

Check Point features are always evolving. They try to stay abreast of the market. I would recommend not using older, obsolete models of Check Point because of this. 

I would rate this solution as an eight out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Oswaldo Gimeno - PeerSpot reviewer
Network Engineer at Getronics
Real User
Very intuitive solution that is easy to configure, deploy, and maintain
Pros and Cons
  • "It provides a central station where it is very easy to deploy our firewall policy in one click to many firewalls. This is one of the leading perks. It saves time by having one central station because I can deploy the same kind of policy to many firewalls at once."
  • "The virtual environment is not stable at all. We have some customers who are using the virtual environment feature, and sometimes it crashes. We have many tickets open and the response is not as good as expected. We have to wait months for a resolution."

What is our primary use case?

The primary use of the firewall is to allow or block some traffic. Mainly, it is the perimeter firewall for the Internet. It filters the traffic from external to internal, e.g., to secure the traffic. 

Some of our customers have been demanding Check Point as their firewall product.

I do the installation, support, firewalls, etc.

How has it helped my organization?

It provides a central station where it is very easy to deploy our firewall policy in one click to many firewalls. This is one of the leading perks. It saves time by having one central station because I can deploy the same kind of policy to many firewalls at once. 

With the latest release, it's easy to configure firewall rules with the scripting. This is one of the features that we have been demanding for some time so we can script some actions for automation.

What is most valuable?

The best part is that it is very intuitive. It is easy to configure, deploy, and maintain. If it works, it works.

The troubleshooting: When you find something that is not working, it is very easy to check in the logs what is failing and fix it in a short time.

The login tool is really nice.

What needs improvement?

We can virtualize the physical firewall in a virtual environment. However, the virtual environment is not stable at all. We have some customers who are using the virtual environment feature, and sometimes it crashes. We have many tickets open and the response is not as good as expected. We have to wait months for a resolution.

If you use all the features available on the firewall, it's not working. If you keep it simple, then it works. When you try to do cool things, you start to have some problems because that kind of integration is not fully developed.

For how long have I used the solution?

I have worked with Check Point since 2007.

What do I think about the stability of the solution?

When it is failing, it is a nightmare. The stability has room for improvement. Sometimes, it is not working at all.

What do I think about the scalability of the solution?

The scalability is good. I haven't had any scalability issues. If the firewall gets stressed, we buy a new firewall.

There are many options, such as, virtualization. They have also release a new product, Quantum, that makes it possible to scale up and have more firewalls. 

As an integrator, we have very big companies (like banks) to small companies, who have only 200 users or less. 

How are customer service and technical support?

I would rate the technical support as a six out of 10. I have customers with no tickets open with Check Point and other customers who have many tickets open.

Solving some issues with them is a nightmare. They don't reply in time. They always ask the same questions. I expect better feedback from them, but that usually never happens.

Which solution did I use previously and why did I switch?

Before Check Point, I used Cisco and Fortinet FortiGate.

The big differences is really the full integration firewall, e.g., Cisco doesn't provide this. Also, the Check Point central console is so much better because it provides that one central station, which is a plus.

The con for Check Point is the stability. The hardware for Check Point fails more often than other vendors. Usually, other firewalls are more stable than Check Point so I don't have to open as many cases with other vendors, like I do with Check Point.

How was the initial setup?

There are two parts:

  1. In the physical, you deploy with a wizard, which makes it very easy. It is a standard wizard where you click "Next, Next," then you see the GUI and everything is done there.
  2. It is possible to do it in automatic way with the scripting. In the cases that you have some experience on it, it's very easy to deploy some scripts and the firewalls. For example, in the cloud, I created my own firewall with the same setup every day using the auto-integration since it's possible to integrate Azure with Check Point, which is very easy. One of the best features of the Check Point is its integration with the cloud, because not all vendors have that kind of integration.

The deployment time depends. If I do any scripting, it takes 30 minutes. If I do it manually, the deployment takes two hours. It also depends on the size and scope of the deploy, e.g., if I create a basic firewall rule or do a full automatic migration. However, It does take less time than other firewalls.

The implementation strategy depends on the customer.

What was our ROI?

I can deploy one firewall in an easy way. I can do it quickly by equiping firewall rules in text mode or in the API. However, when I have a problem, it's totally the opposite. I lose a lot of time.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing are the worst part of Check Point. I usually don't know what I really am buying. When I have to do an inventory of the license, I don't know what it is being used for. Sometimes I feel I am being cheated, and the others times, I feel it is a bargain. Nobody knows! Even the Check Point representatives, they aren't clear on somethings, such as, what is the right license for what I need.

There is a possibility to have diamond support. You can have a technical engineer who is there just for you. When you have that type of feature, it's more expensive.

Which other solutions did I evaluate?

Cisco NGFWv

What other advice do I have?

  • Check the price first. 
  • For migrations between different vendors, it's a nightmare. You need to do some tasks manually, otherwise it doesn't work when you migrate it. 
  • Check the performance if it is working as expected. 
  • Try to keep it simple.

It is a good product. I would rate the solution as an eight out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partners.
PeerSpot user
PeerSpot user
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
Real User
SmartLog gives our team a very intuitive way of searching logs and seeing events
Pros and Cons
  • "The most valuable features are the security blades and the ease of managing the policies, searching log for events, and correlating them."
  • "Debugging is very complex when compared to Fortinet, for example. That's the worst thing about Check Point. The deployment of the solution is harder than it is with the competitors. But after you've deployed it, the operation is easy."

What is our primary use case?

The primary use is to segregate the environment internally to create a lab environment and a production environment, for example. We also use them to protect the company from the internet and when going to the internet; to protect the perimeter of the company. We use them to create a VPN with customers and clients, and with the other companies that belong to the group.

We work with 1200s, 1500s, 4000s, and 5000s.

How has it helped my organization?

With this firewall on the perimeter, we detect a lot of attacks with the IPS and the antivirus blades. With the SmartLog for our team that operates the solution, we have a very intuitive way of searching the logs and seeing events, when compared to other vendors that we also have. This is the biggest advantage of the Check Point compared to competitors.

We have a lot of Check Point firewalls and a lot of Fortinet firewalls. The biggest advantage of the Check Point for us is that daily operations are much easier. That includes working with policies, checking and searching logs, dragging objects on the policies and searching where objects are used. All of that is easier in the SmartConsole than doing it on a browser, as the competitors do.

What is most valuable?

The most valuable features are the

  • security blades 
  • ease of managing the policies, searching log for events, and correlating them.

What needs improvement?

Upgrades and debugging of the operating system, as well as the backups and restores of configuration, need improvement. 

Debugging is very complex when compared to Fortinet, for example. That's the worst thing about Check Point. The deployment of the solution is harder than it is with the competitors. But after you've deployed it, the operation is easy.

For how long have I used the solution?

I have been using Check Point firewalls for about eight years.

What do I think about the stability of the solution?

They are very stable. We usually deploy them in clusters, in front of the node. We always have the other one functioning and we have never had an occasion in which one failed and the other also failed. We also have support for the hardware. But regarding their functioning, we are very satisfied. We have never had a big outage because the two members of a cluster went down. They are very good in terms of stability.

What do I think about the scalability of the solution?

We have some firewalls with the VSX functionality which allows us to add more virtual firewalls to the same physical cluster. That allows for scalability. But when compared to Fortinet, the way to have more than one virtual firewall on the same cluster is much harder.

It's very scalable if we have the VSX license for Check Point, which we have in some places. But it's much more complex than adding to the FortiGate. So it's scalable, but it's not easy to work with VSX, especially compared to the competitor.

Our usage should be increasing weekly because our company is buying other companies constantly and we need to deploy firewalls on the companies we buy. It shouldn't increase a lot, though, just a bit.

We have about 1,000 users crossing the firewalls and 10 network admins.

How are customer service and technical support?

The technical support is good in general, but it's better if you call and you are answered by the headquarters back in Israel. We notice a difference if we call at different times and we go through Canada or some other country. It's not bad, but we notice a bit of a difference in the way they handle the tickets and the knowledge they have.

We usually try to open tickets when we know that the office in Israel is open and they are taking the tickets. But there are some times that we can't do that. The others are not bad, but for some stuff we need quicker support and we feel we are being handled better on the Israeli side.

How was the initial setup?

The initial setup is complex and when you have issues, it's more complex. 

To create a cluster or to add a new firewall to the Manager, or when, for example, you want to add a license for IPS or for antivirus, there are often problems with that because it doesn't recognize the license. We end up having to call support. With Fortinet, that kind of initial setup of the firewall is always straightforward.

Now that we have a lot of experience it takes us two days, at the most, to deploy a Check Point firewall, if we don't run into problems with the license.

We are not at the data center, so we need to ask the data center guys to mount the firewall where we need it and to patch it. Then we access it via a console cable, remotely. We have equipment that allows us to do that. We do the initial config via the GUI, and then we add the firewall to the Manager and we start deploying the policies.

What about the implementation team?

We implement the firewalls ourselves.

What was our ROI?

The return on our investment with Check Point firewalls is that we are secure and that we haven't had any attacks that have had a big impact or that were successful. If we had been paying a lot and were being targeted to the same extent, I would say no, that we have not had a return on investment, but at this stage it's a "yes."

What's my experience with pricing, setup cost, and licensing?

In the past, when Fortinet was a young company, the price point of Fortinet was very low compared to Check Point. But at this stage, our experience is that the pricing is almost the same. The pricing of Check Point is fair when compared to others.

The only additional cost we have with Check Point is when we need to do a big migration. Sometimes we need a third-party company, but this is not usual. It's only for big migrations that we sometimes have support from an external company. The last time we needed something like that was two years ago.

Which other solutions did I evaluate?

Half of our environment is with Check Point and the other half is with Fortinet. We don't have a strategy of giving everything to one vendor; we like to have both.

What other advice do I have?

If the person implementing it doesn't have much experience in how the solution works, with the Manager and connecting the firewall to it, and using the SmartConsole, they should try to go through the CCSA materials for Check Point certification. Check Point is easy to work with on a daily basis. Sometimes we get new people working here and they can add rules straight away on the policies and push policies. But if they need to deploy a firewall and they are not used to Check Point and how it works and the components, it's not that straightforward. With competitors like Fortinet, you just have to access the HTTPS of the FortiGate and it's like configuring a router, which is much easier. With Check Point, you need to read some manuals before you start deploying the firewall.

The biggest lesson I have learned from using Check Point firewalls is that if you lose the Manager you lose the ability to manage the firewall policies, which is, in my opinion, the biggest difference when compared to other vendors. Because, for example, if the Manager stops working and the server where you have the Manager gets stuck, you have no way of managing the policies directly on the firewall.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Ifeanyi Onyiaodike - PeerSpot reviewer
Network security engineer at Fidelity Bank
Real User
Top 5
Enabled us to virtualize multiple firewalls on one machine
Pros and Cons
  • "The most valuable feature for us is the VSX, the virtualization."
  • "The VPN part was actually one of the most complex parts for us. It was not easy for us to switch from Cisco, because of one particular part of the integration: connecting the Check Point device to an Entrust server. Entrust is a solution that provides two-factor authentication. We got around it by using another server, a solution called RADIUS."

What is our primary use case?

We use it for VSX virtualization and we use it for normal firewall functions as well as NAT. And we use it for VPN. We don't use a mobile client, we just use the VPN for mobile users.

How has it helped my organization?

We are able to virtualize about four firewalls on one machine. Before, we needed to have four firewall hardware devices, physical devices, from Cisco. We had four appliances, but now, with Check Point, we just have one. We can manage them, we can integrate them, and we can increase connections using one and the other. It has broken down connection complexities into just a GUI.

Also, previously we had downtime due to memory saturation with our old firewalls. We were using Cisco ASA before. During peak periods, CPU utilization was high. Immediately, when we switched to Check Point, that was the first thing we started monitoring. What is the CPU utilization on the device? We observed that CPU utilization stayed around 30 percent, as compared to 70 percent with the Cisco we had before, although it was an old-generation Cisco. Now, at worst, CPU utilization goes to 35 percent. That gives us confidence in the device. 

In addition, the way Check Point built their solution, there is a Management Server that you do your administration on. You have the main security gateway, so it's like they broke them down into two devices. Previously, on the Cisco, everything was in one box: both the management and the gateway were in one box. With Check Point breaking it into two boxes, if there's a failure point, you know it's either in the management or the security gateway. The management is segmented from the main security gateway. If the security gateway is not functioning properly, we know that we have to isolate the security gateway and find out what the problem is. Or if the management is not coming up or is not sending the rules to the security gateway, we know there's something wrong with it so we isolate it and treat it differently. Just that ability to break them down into different parts, isolating them and isolating problems, is a really nice concept.

And with the security gateway there are two devices, so there's also a failover.

What is most valuable?

  • The most valuable feature for us is the VSX, the virtualization.
  • The GUI is also better than what we had previously.
  • The third feature is basic IP rules, which are more straightforward.
  • And let's not forget the VPN.

The way we use the VPN is usually for partners to connect with. We want a secure connection between our bank and other enterprises so we use the VPN for them. Also, when we want to secure a connection to our staff workstations, when employees want to work from home, we use a VPN. That has been a very crucial feature because of COVID-19. A lot of our people needed to work remotely.

What needs improvement?

The VPN part was actually one of the most complex parts for us. It was not easy for us to switch from Cisco, because of one particular part of the integration: connecting the Check Point device to an Entrust server. Entrust is a solution that provides two-factor authentication. We got around it by using another server, a solution called RADIUS.

It was very difficult to integrate the VPN. Until now, we still don't know why it didn't work. With our previous environment, Cisco, it worked seamlessly. We could connect an Active Directory server to a two-factor authentication server, and that to the firewall. But when we came onboard with Check Point, the point-of-sale said it's possible for you to use what you have on your old infrastructure. We tried with the same configurations, and we even invited the vendor that provided the stuff for us, but we were not able to go about it. At the end of day they had to use a different two-FA solution. I don't if Check Point has a limitation in connecting with other two-FAs. Maybe it only connects with Microsoft two-FA or Google two-FA or some proprietary two-FA. They could work on this issue to make it easier.

Apart from that, we are coming from something that was not so good to something that is much better.

For how long have I used the solution?

I have been using the Check Point Next Generation Firewall for 10 months.

What do I think about the stability of the solution?

The stability of Check Point's firewall, for what we use it for now, is pretty good. Especially, with the licensing of blades and the way they script it down into different managers. You have a part that manages blades, you have the part that manages NAT, and you have the part that manages identity. The VSX is another one on its own. So it is very stable for us.

When we add more load to it, when we go full-blown with what we want to use the device for, that will be a really good test of strength for the device. But for now the stability is top-notch.

What do I think about the scalability of the solution?

They scale well.

All information passes through the firewall. We have about 8,000-plus users, including communicating with third-party or the networks of other enterprises that we do business with.

How are customer service and technical support?

We've not used technical support. We asked our questions of the vendor that deployed and he was quite free and open in providing solutions. Anytime we call him we can ask. He was like our own local support.

There is also a Check Point community, although we've not really been active there, but you can go and ask questions there too, apart from support.

How was the initial setup?

The initial setup was pretty straightforward.

It took a while about a month, but it was not because of the complexity. It was because we gave them what we already have on the ground. We were on Cisco before and they had to come up with a replica of the configurations for Check Point. When they got back to us we had to make some corrections, and there was some back-and-forth before everything finally stabilized.

Four our day-to-day administrative work, we have about four people involved.

What about the implementation team?

We used a Check Point partner for the installation. I was involved in the deployment, meaning that while they were deploying I was there. They even took us through some training.

What was our ROI?

We have surely seen ROI compared to the other vendors I mentioned, in terms of costs. And we tested all the firewall features to see if it is doing what it says can do. And so far so good, it's excellent. It's a good return.

What's my experience with pricing, setup cost, and licensing?

Check Point offers good solutions, but it won't kill your budget.

Going into Next-Generation firewalls, you should know what the different blades are for, and when you want to buy a solution, know what you want to use that solution for. If it's for your normal IP rule set, for identity awareness, content awareness, for VPN, or for NAT, know the blades you want. Every solution or every feature of the firewall has license blades. If you want to activate a feature to see how that feature handles the kind of work you give, and it handles it pretty well, you can then move to other features.

Which other solutions did I evaluate?

We evaluated Palo Alto, Fortinet FortiGate, and Cisco FirePOWER.

Check Point was new to the market so we had to ask questions among other users. "How is this solution? Is it fine?" We got some top users, some top enterprises, that said, "Yes, we've been using it for a while and it's not bad. It's actually great." So we said, "Okay, let's go ahead."

What other advice do I have?

I would recommend going into Check Point solutions. Although Check Point has the option of implementing your firewall on a server, I would advise implementing it on a perimeter device because servers have latency. So deploy it on a dedicated device. Carry out a survey to find out if the device can handle the kind of workload you need to put through it.

Also, make it a redundant solution, apart from the Management Server, which can be just one device. Although I should note that up until now, we have not had anything like that.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
AnkurSingh - PeerSpot reviewer
Technical Support Engineer at AlgoSec
Real User
The Anti-Spoofing feature won't allow any spoofed IP addresses coming from an external interface
Pros and Cons
  • "The Anti-Spoofing has the ability to monitor the interfaces. Suppose any spoofed IP addresses are coming from an external interface, it won't allow them. It will drop that traffic. You have two options with the Anti-Spoofing: prevent or detect. If any kind of spoof traffic is coming through the external interface, we can prevent that."
  • "For the user or anyone else who is using Check Point, they are more into the GUI stuff. Check Point has its SmartConsole. On the console, you have to log into the MDS or CMS. Then, from there, you have to go onto that particular firewall and put in the changes. If the management console could be integrated onto the GUI itself, that would be one thing that I would recommend."

What is our primary use case?

I had 3200 appliances deployed in my company where we had two CMSs. We had multiple VSXs on those appliances due to the main firewall that we had on the VLAN. We also had an external firewall on the VLAN, which were used to monitor and allow the traffic within the network. That is how we were using it.

They have a new R81 in place. Currently, they also have R75 deployed in the environment, but they are planning to upgrade to R80.20 because that particular firewall has very high CPU utilization and there is no more support for R75. 

What is most valuable?

I like that it first checks the SAM database. If there is any suspicious traffic, then you can block that critical traffic in the SAM database instead of creating a rule on the firewall, then pushing that out, which takes time. 

The Anti-Spoofing has the ability to monitor the interfaces. Suppose any spoofed IP addresses are coming from an external interface, it won't allow them. It will drop that traffic. You have two options with the Anti-Spoofing: prevent or detect. If any kind of spoof traffic is coming through the external interface, we can prevent that. 

I like the Check Point SandBlast, which is also the new technology that I like, because it mitigates the zero-day attacks. I haven't worked on SandBlast, but I did have a chance to do the certification two years back, so I have sound knowledge on SandBlast. We can deploy it as a SandBlast appliance or use it along with the Check Point Firewall to forward the traffic to the SandBlast Cloud.

What needs improvement?

Working on Check Point for me looks simple. For the user or anyone else who is using Check Point, they are more into the GUI stuff. Check Point has its SmartConsole. On the console, you have to log into the MDS or CMS. Then, from there, you have to go onto that particular firewall and put in the changes. If the management console could be integrated onto the GUI itself, that would be one thing that I would recommend.

The ability for the multiple administrators to not do changes was fixed in R80.

For how long have I used the solution?

I just changed companies six months back. I have been using Check Point for around two and a half years. I was working on the Check Point technologies in my previous company. I did the implementation of Check Point and was also monitoring the Check Point Firewall in my last company during firewall upgrades.

What do I think about the stability of the solution?

We had two Check Point Firewalls deploy in the HA. There was one particular change that we did regarding the FQDN objects. However, after deploying this new change, which already had multiple FQDN objects, the behavior of the firewall was changed in terms of the live traffic. Because after deploying the critical chain, the users were facing intermittent Skype and Office 365 issues. We checked the performance of the Check Point, which also decreased due to the FQDN objects that were pushed onto the firewall. Therefore, we had to reverse back the change in order to increase the performance, because it was utilizing 80 or 90 percent of it. Once we reversed that particular change, then it was working fine.

These firewalls are stable. The customer is looking forward to upgrading to the latest version of Check Point.

What do I think about the scalability of the solution?

It is scalable.

The entire company network resides behind these particular firewalls. All of the users, if they wanted to go out onto the Internet, have to go through this firewall.

There are around five to eight people who worked for my team. We monitored the firewall. In case of issues, we would then go a call with the customer and troubleshoot that issue.

How are customer service and technical support?

Sometimes, I faced issues while troubleshooting. In those cases, I did have to contact Check Point's technical support because some of those issues were complex. 

I would give the technical support a four out of five. They would get on the call and try to resolve that issue as soon as possible. 

Which solution did I use previously and why did I switch?

Initially, I was working on the Cisco ASA Firewall, then I got an opportunity to work on the Check Point Firewall. The main difference is regarding the architecture. Check Point has three-tier architecture, whereas ASA doesn't have that architecture so you have to deploy every rule on the firewall manually. With Check Point, you have a management server and you can have that policy package pushed onto the other firewall, which is one of the key features of Check Point: You don't have to deploy every tool on the firewall manually. We can just push that particular policy package onto the new firewall based on global rules that we have Check Point. 

Every time, I had to deploy all of the rules and basic connectivity, SSH and SNMP management, on the ASA Firewall. Whereas, in Check Point, I can just go onto the global rules and put that policy onto the Check Point Firewall, then it will have all those global rules required in the company.

Check Point also has the Identity Awareness feature, which is using a captive portal. This is something good which I like. 

How was the initial setup?

It was pretty easy and straightforward for me to deploy these firewalls.

It took around the 15 days to do the initial deployment and get the basic connectivity to the Check Point Firewalls. We had to send a field engineer to do the cabling and everything, like the data connectivity. It takes time to do all the network, cabling, etc. Once the basic connectivity is established, then we can move ahead with the implementation of the rules on the firewall. The company had an initial set of rules to follow for the setup.

What about the implementation team?

We initially opened a case regarding the upgrade. Check Point's technical support was there on the call because the upgrade was going from version R77 to R81.10. This was a major update for the entire network, and they were there supporting us in case of any issues.

What was our ROI?

The customer feels more secure because they have two layers of security and comfortable working with this particular Check Point Firewall because they previously used Check Point R75. 

What's my experience with pricing, setup cost, and licensing?

Pricing is fine. 

We had to get separate licenses for the different blades. It would be nice to have a feature where we can get the multiple licenses all-in-one instead. 

The licensing feature is good for the Check Point. It attaches to the management IP address of the central management server. So, you can remove that particular IP and then use that license on another device on some other firewall, if you want.

Which other solutions did I evaluate?

Compared to the Cisco ASA Firewall, the Check Point Firewall makes your work easier because you're not deploying the firewall, then pushing the policy, which takes time. Initially, when I was working with the ASA Firewall, we used to implement the firewall, then we used to hand it over to operations for the maintenance. So, I had to manually implement all of these rules, etc. 

When I learned about Check Point and had basic training for it, I got to know the architecture was different for the Check Point Firewall. You can just have a policy package and deploy that policy package on any of the firewalls that you want. It already has that particular set of rules, which makes your life easier while implementing the rules on the firewall, e.g., if there are multiple firewalls on the network that should have the same policy.

What other advice do I have?

Anyone who is new to Check Point Firewalls should have the basic understanding and training so it becomes easy to deploy and implement. You can go onto YouTube and find various training videos regarding Check Point, where you can get a basic understanding of the Check Point Firewall.

I would rate this solution as an eight out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Sathish Babu - PeerSpot reviewer
Solutions Consultant at a computer software company with 10,001+ employees
Real User
Tools for searching firewall rules make it easier for newcomers to manage devices
Pros and Cons
  • "The most valuable feature of the firewall is the packet inspection. That is an amazing feature from Check Point."
  • "It would be great if the access management, the user management features, were improved in terms of the number of users that can be connected, and how users can access the various resources with the help of firewall authentication."

What is our primary use case?

We provide solutions for various customers where we apply Check Point Firewalls, either for a VPN gateway or for securing their networks. We have provided them to a couple of financial customers to protect their mobile banking as well.

How has it helped my organization?

It has good features for searching the firewall rules and it has drastically changed daily operations. It's very easy, even for novice users or newcomers, to operate and manage this device. It has improved our operations that way.

What is most valuable?

The most valuable feature of the firewall is the packet inspection. That is an amazing feature from Check Point. Apart from that, we do have identity solutions which we use on a regular basis. Both are very good.

What needs improvement?

It would be great if the access management, the user management features, were improved in terms of the number of users that can be connected, and how users can access the various resources with the help of firewall authentication.

Also, one of the challenges I hear about from customers or engineers who work with and operate Check Point firewalls is not about the technical capabilities of the product but about understanding the product. There should be whitepapers available on the Check Point portal so that people can understand them more easily.

For how long have I used the solution?

I have been using Check Point's firewalls for almost 12 years. I started with the IP390.

What do I think about the stability of the solution?

Stability has improved a lot from Check Point's very early days over the last 12 years. Back then we had to reboot the firewall after every two to four days.

What do I think about the scalability of the solution?

The firewalls are scalable with our workload. We are at about 20 to 30 percent utilization so even if we doubled of our existing network resources and load on the firewalls, they would still have the space to scale. They're enough for the networks that we have implemented.

We recently finished a deployment and it's still in the user acceptance test phase. As of now, I cannot say anything in terms of increased usage. But for the customers that we have deployed it for within India and the APAC region, so far the results have been pretty good.

How are customer service and technical support?

I have used technical support a couple of times, when it was required, for hardware replacements. Of course, once or twice I contacted them for active devices when we had some glitches. But that turned out to have nothing to do with Check Point.

Overall, technical support has been good. They understand the situation and what part needs to be replaced or what needs troubleshooting through remote support tools.

Which solution did I use previously and why did I switch?

Before Check Point we used Cisco. And we use Cisco for a couple of customers because it's already pre-deployed, so it's not in our hands. We manage operations, so we are still managing Cisco devices. We don't have Juniper right now, but we have Palo Alto for one of our customers.

How was the initial setup?

The initial setup is very straightforward. When we boot the firewall we have instructions which say how to connect to the QR, and from that portal you go to your gateway and configure all the required network interfaces. Once you have installed your Smart controller, you need not log into the firewall every time. Instead, you can log in through your Smart controller. That's a pretty good method which no other firewall provides.

For the very basic features, it does not take more than two days. But, for a full-fledged implementation, it can take around two months.

Our implementation strategy is to replace existing firewalls in the network. We try to keep the business downtime as short as possible, especially for business-critical applications.

For deployment and maintenance of these firewalls we have a team, worldwide in different regions: APAC, Europe, America, and the Middle East, although in the Middle East we don't use Check Point.

What was our ROI?

We have definitely achieved ROI with Check Point firewalls.

Which other solutions did I evaluate?

We definitely evaluate other options based on the customer's budget, and the stability and technical specs of the firewall. We generally choose Check Point as our preferred product vendor.

What other advice do I have?

The biggest lesson I have learned from using Check Point's firewalls is that they are not complex.

I'm expecting a lot of solutions from Check Point and if there are more solutions from them, that would be great. I would like to see more product development.

Overall, I would rate it at 10 out of 10. It's the best firewall in the market.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Steve Vandegaer - PeerSpot reviewer
Senior Engineer Security at a computer software company with 201-500 employees
Real User
Gives users more confidence online because the gateway is going to help them out where needed
Pros and Cons
  • "The feature I like the most is their central management, the Smart controller which you can use to manage all the firewalls from one location... Being able to access almost everything in one location — manage all your gateways and get all your logs — for me, is the best feature to work with."
  • "The biggest improvement they could make is having one software to install on all three levels of their products, so that the SMBs, the normal models, and the chassis would all run the same software. Now, while there is central management, everything that has to be configured on the gateway itself works differently on the three kinds of devices."

What is our primary use case?

For the SMB appliances, the use case is tricky because I don't actually like them too much. If you have a very small branch office, you could use one of them, but in that case I would just go for the lowest version of the full GAiA models. But for small locations that are not that important, it is possible to use one of the SMB appliances, the 1400 or 1500 series. 

The full GAiA models, starting with the 3200 and up to the chassis, are the ones we work with the most, and you can use them in almost every environment that you want to secure, from Layer 4  to Layer 7. The only reason to go higher is if they don't perform well enough, and then you go to the chassis which are for really big data centers that need to be secure.

About a year or a year-and-a-half ago, they introduced the Maestro solution, which gives you the flexibility of using the normal gateways in a way that you can extend them really easily, without switching to the chassis. You can just plug more and more gateways into the Maestro solution.

How has it helped my organization?

It's difficult to say how these firewalls have improved our clients' companies because a firewall isn't meant to improve things, it's meant to make them more secure. Nine times out of 10, it's going to give you something that the end-users aren't so happy with. But Check Point Next Generation Firewalls improve security and, indirectly, they improve the way users work. They can access practically everything on the internet without being concerned about what's going to happen. They give users more confidence when doing something, without having to worry about the consequences because the gateway is going to help them out where needed, preventing malicious stuff.

What is most valuable?

The feature I like the most is their central management, the Smart controller which you can use to manage all the firewalls from one location. You can get practically all information — but not all the information, because not everything has been migrated from the previous SmartDashboard version into the SmartConsole. Being able to access almost everything in one location — manage all your gateways and get all your logs — for me, is the best feature to work with. 

As for the security features, that depends a bit on what you're doing with it, and what your goal is. But they're all very good for application URL filtering. Threat Prevention and Threat Extraction are also great, especially the Threat Extraction. It's very nice because your end-user doesn't have to wait for the file that he's downloading to see if it's infected, if it's malware or not. It gives him a plain text version without active content, and he can start working. And if he needs the actual version, it will be available a few minutes later to download, if it isn't infected. That's a great feature. 

Anti-Bot also is also very nice because if a PC from an end-user gets infected, it stops it from communicating with its command and control, and you get notification that there is an infected computer.

It's difficult to distinguish which feature is best, because they're all good. It just depends on what your goals are. As a partner, we are implementing all of them, and which ones we prioritize depends on the client's needs and which is the best for them. For me, they're all very good.

What needs improvement?

The MTA (Mail Transfer Agent) may not be the greatest, and the full proxy that you can activate instead of just doing application control is also not the greatest, but they don't even recommend using those. They're just available if you want.

But the biggest improvement they could make is having one software to install on all three levels of their products, so that the SMBs, the normal models, and the chassis would all run the same software. Now, while there is central management, everything that has to be configured on the gateway itself works differently on the three kinds of devices. That is a bit hard because you have to update your skills on all three.

A practical example is that I have a client that I run scripts for to get information from 40-plus firewalls. That client is thinking about refreshing and there may be SMB appliances in the roll-out that don't run those scripts. That would make my job a lot harder. So the best improvement would be standard software on all their devices.

For how long have I used the solution?

I started working with Check Point firewalls in 1999, so it's been about 20 years. In the last year I have worked with all the SMB appliances, through the full GAiA and up to the 64000 series.

There's not much difference between a Check Point 3200 and a 5200 because they're running the same OS. There are just performance differences. So I can't say I've worked on every model, because I don't always check the model when I come to a client. But I've worked on every model that runs different software. I've worked with all three kinds of software that are used by Check Point.

What do I think about the stability of the solution?

The SMBs have room for improvement in stability. They're not as stable as they could be.

The chassis are great, but they are running behind. Maybe "running behind" is an overstatement, but the roll-out of new features on them is really slow because they want them to be tested and tested and tested. The clients installing these chassis are large banks or very large customers that can't have any downtime whatsoever, so it's normal that they test them more thoroughly. 

For the mainstream models, we do run into bugs on a regular basis, but they're mostly not showstoppers. You can run into a bug, but either there's a possible work-around or it doesn't impact things so much that there are huge problems for the client.

What do I think about the scalability of the solution?

The SMBs are not scalable. New devices come out from time to time that are more performant. The mainstream devices are also not scalable except if you go with the Maestro version, and then you can just plug in an extra firewall and it scales up. With the chassis you just plug in an extra blade and it scales up also. So the Maestro and the chassis are very scalable, but for the other models it comes down to buying new boxes if the current ones aren't sufficient anymore.

How are customer service and technical support?

Check Point support is a very difficult question because not so long ago I had a major complaint with Check Point about their support. Now, they give us much better support because we have the highest level of partnership. They recognize that the people from our team, in particular, are very skilled, so we don't go to first-level support anymore. The moment we open a ticket, we get tier-three support, and that is good.

But we haven't had this privilege for that long and, in the past, support could be a bit tricky. If we got a tier-one engineer it could be okay for support that wasn't urgent but if we were doing an implementation, especially since we had a lot of experience, they were mostly asking questions about things that we had already checked. Often, we had more knowledge than they did.

For us, it's great that we now immediately get access to tier-three. I just wrote an email to the support manager this morning about an issue we had last night, and I told him the support was great; no complaints anymore. It took a while, but now it's good. I can't complain anymore.

It depends on the partnership you have with Check Point. If you're a lower-level partner, you have to go through the steps and it takes a bit of time. If you're working in a company that has a good partnership and you can negotiate some things, then support is good and you get very good people on the line.

How was the initial setup?

The initial setup of these firewalls is fairly straightforward for me, but they're not the easiest ones to learn and to set up. But I've been working with Check Points for 20 years. So if you're a new user, I wouldn't say it's easy. If you have experience, it's not really that difficult. But the learning curve is higher than some of the competitors.

The time for deployment depends on the features you want to enable on the firewall and the environment you want to put it in. If it's a branch office with a small network, a DMZ and an internet connection, that would take half a day or a day. It also depends though on if it is a completely new installation where you also have to install a Management Server. On average, we count on about one day per gateway and one day for the management, but it depends on the complexity of the environment, of course.

Our implementation strategy differs per client, and it even differs by the engineer who does it because everyone has his own skills and tricks from the past that they're using. But a uniform implementation approach, especially for different clients, is very difficult to do because every firewall is a complex product. You can't do for client A what you're going to do for client B.

If it's an installation we go the standard route, with a high-level design and get it approved by the clients. Then we go for the low-level design and implementation. A standard implementation is a clustered environment with a separate Management Server. We almost never deploy one gateway, so one cluster with a separate Management Server is the most basic level. We usually set up the management on a virtual system, not an appliance, and we try to go for appliances for the gateways, depending a bit on the customer's needs; it could be virtual.

What's my experience with pricing, setup cost, and licensing?

Make sure you get the correct license. For instance, I did an audit for one of our clients recently and I saw that they always were buying the most expensive license and not using the features that were included in it. That's one thing to look at: If you're not going to use some features, don't buy the license related to those and go for a cheaper license. 

Also, negotiate. There's always room for discounts.

You get licensing bundles, so depending on which features you want to activate, your license is going to be more expensive. Some things, like Threat Extraction and Threat Emulation, require subscriptions. They don't come with a standard firewall. 

I'm not a licensing expert, but as far as I know there's the standard firewall, the Next Generation Firewall, and then the Next Generation Threat Prevention license. The price goes up in those bundles.

Which other solutions did I evaluate?

Another vendor I work with and have the most knowledge about, when compared to Check Point, is Palo Alto. They force you to work a bit more with applications instead of ports, although that's not something Check Point cannot do. 

The central management is different for Palo Alto. You can install it, but it doesn't work the way it works with Check Point. I like both. I like that with the Palo Alto you just go to a web browser and can configure the firewall all the way, but it's also easy to have the SmartConsole from Check Point where you can manage multiple devices. Palo Alto doesn't really have that. They have a central manager where you can get logs and where you can distribute some policies, but it doesn't work the way Check Point's central management does.

Both have their pros and cons. It depends on how you like to work. I like working with both of them. It's a bit different, but in terms of security and features, I don't think they're that different. It's just another way of working.

What other advice do I have?

Make sure you have a good partner doing Check Point work for you because, as a direct client, it's very hard to get the necessary skills in-house, unless you're a very big company. Contact Check Point and ask them which partner they recommend and go that route. Don't try to do it yourself. The firewall is too complex to set up and maintain yourself, without the assistance of people who do it every day.

Learn and get experience with it. Don't be overwhelmed. When you start with it all the features and all the tips and tricks that you need to know to maintain it, it can be overwhelming. Like I said, the learning curve is very steep, and when you start with it, it's going to look like, "Whoa, this is impossible." But stick with it and when you get some experience it's going to be okay. It's a difficult product, but once you get the hang of it, it's one that's really nice to work with. We still run into issues from time to time, but Check Point products are very manageable and fun to work with. Check Point is my favorite vendor. I like working with it a lot.

I would rate Check Point's mainstream solutions at eight or nine out of 10, and the same for the chassis. I would rate the SMBs around a six. I don't really like those too much. Overall, Check Point is an eight, because most people are going for the mainstream solutions and those are very good.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
SamirShah - PeerSpot reviewer
Network Security Consultant at a energy/utilities company with 5,001-10,000 employees
Consultant
High-capability devices help us to integrate with cloud infrastructure and internet applications
Pros and Cons
  • "It also gives us a single console for everything. Rather than having one device for URL filtering and a different device as a firewall, this gives us everything in one place."
  • "It would help if they were easier to deploy, without needing more technical people. It would be nice if we could just give basic information, how to connect, and that would be all, while the rest of the setup could be done remotely."

What is our primary use case?

We work with these firewalls for overall security, including content filtering.

How has it helped my organization?

High-capacity and high-capability devices help us to integrate with the cloud infrastructure as well as internet applications.

What is most valuable?

The most valuable feature is the URL filtering. 

It also gives us a single console for everything. Rather than having one device for URL filtering and a different device as a firewall, this gives us everything in one place.

What needs improvement?

It would help if they were easier to deploy, without needing more technical people. It would be nice if we could just give basic information, how to connect, and that would be all, while the rest of the setup could be done remotely.

For how long have I used the solution?

I have been using Check Point NGFWs for six years.

What do I think about the stability of the solution?

They're pretty stable. I don't see any issues there.

What do I think about the scalability of the solution?

Scalability means upgrading to newer, better hardware.

From an end-user perspective, everyone in our organization is using it, as it's a perimeter device. If they have to access the internet, they use this firewall to allow that access. We have about 4,000 end-users and about 200,000 concurrent connections.

How are customer service and technical support?

Check Point's technical support is a seven out of 10. Sometimes it takes a lot of time to get the right people on TAC issues. And to buy time, they just use generic questions, which is really time-consuming and doesn't relate to the problem at all.

Which solution did I use previously and why did I switch?

For the infrastructure in question, we have always used Check Point firewalls.

I have worked with Cisco ASA. Cisco is more CLI oriented, whereas Check Point is more GUI oriented. With the GUI, it's easier to manage and administrate it. If the configuration becomes bigger and bigger, it is really easy to see things in the GUI versus a CLI.

The advantage of the CLI is that you can create scripts and execute them. But the disadvantage is that they become so lengthy that it becomes very difficult to manage.

How was the initial setup?

The initial setup is straightforward because it's a GUI interface. Even when it was upgraded, things didn't change in terms of the look and feel. It was still the same. There was no need to learn new things. It's easy for any administrator to learn new features.

On average, deployment takes one to two hours, including mounting and everything, from the physical work to moving the traffic there.

The issue is that we still need people to be onsite to do this because some tasks have to be done on the day. That means a technical person is required to do that work. We can't give it to any other person to do this because, until those particular steps are completed, things can't go any further.

We have six people, network admins, for deployment and maintenance because we have about 30 of firewalls.

What about the implementation team?

We do it ourselves.

What was our ROI?

When we first started using them, we were just using them for basic functionality. Then we started using more features and introducing other components. For example, we had a different proxy server which we depended on. Once we got the Check Point, we could use the same device for multiple roles, which reduced the cost a lot. I would estimate our costs have been reduced by 30 percent.

What's my experience with pricing, setup cost, and licensing?

If you use the features then it's cost-effective. Otherwise, it's expensive.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Sunil Redekar - PeerSpot reviewer
Security Engineer at Hitachi Systems
Real User
Using the IPS, we can easily identify if there is any malicious activity
Pros and Cons
  • "In R80.10 and above, you can view logs in SmartConsole. You don't have to open another smart tracker to view logs. That is the improvement Check Point has done which makes it better because it is much easier to find logs. This saves time, approximately 40 to 50 a day in one shift."
  • "For R80.10 and above, if you want to install a hotfix, then you can't install it through the GUI. I don't know why. In the earlier days, I was able to do the installation of hotfixes through the GUI. Now, Check Point said that you have to install hotfixes through the CLI. If that issue could be resolved, then it would be great because the GUI is more handy than the CLI."

What is our primary use case?

We are mainly using it for policy installation and access purposes. We have a bank project where we are using mobile access, Antivirus, and IPS. These are all are configured on the Check Point Firewall, where we are using it on a daily basis. 

I have worked on the following firewall series and models:

  • 15000
  • 23900
  • 41000 
  • 44000. 

I have worked on the following versions:

  • R77.30
  • R80.10
  • R80.20. 

I am currently working on the R80.20 version and the hardware version is from the 23000 series.

How has it helped my organization?

We installed this firewall in our organization one year ago, and it is completely fine. There are other deployment also going on for other customers. Most of those deployments are handled by our project teams. 

What is most valuable?

What I like most about Check Point Firewall is that it is easy to use. 

The most valuable feature is the IPS. For our bank project, we are using it as an external firewall. All the traffic is going through the Check Point Firewall. Then, using the IPS, we can easily identify if there is any malicious activity or anything else. We also have to update signatures on a regular basis.

What needs improvement?

We are facing some problems with the management on our Check Point Management Server. There are some issues with R80.20, so Check Point suggested to upgrade. However, we are in lockdown, so we will upgrade after the lockdown. We are coordinating this issue with the Check Point guys. After upgrading, I think these issues will get resolved.

For R80.10 and above, if you want to install a hotfix, then you can't install it through the GUI. I don't know why. In the earlier days, I was able to do the installation of hotfixes through the GUI. Now, Check Point said that you have to install hotfixes through the CLI. If that issue could be resolved, then it would be great because the GUI is more handy than the CLI.

For how long have I used the solution?

Two and a half years.

What do I think about the stability of the solution?

They are completely stable. I haven't faced any issue with stability. 

What do I think about the scalability of the solution?

There are no issues with scalability.

In Hitachi Systems in Mumbai, there are around 10 to 12 clients who are using Check Point Firewall. There are around 40 network security engineers who support Check Point Firewall in our organization for the Mumbai location, and there are multiple locations.

How are customer service and technical support?

The technical support is very good. The Check Point guys are very humble and quick. They are always ready to support us if we call them.

How was the initial setup?

I have done four to five initial setups and configurations of firewalls, which have been completely fine and proper. There are no improvements needed.

For one firewall, it will take around two and a half hours to configure the interface and everything else. For the deployment of one firewall, it will take around two and a half hours. If you want to make any clusters, then it is around five to six hours. 

What about the implementation team?

We support companies locally and remotely. Since the lockdown, we have been supporting companies only in a remote fashion.

We have to first make a plan of action, then verify that it meets Check Point's requirements. Then, we will raise a case with the Check Point desk. We verify with them if there are any changes that they need us to do. After that, we will go for deployment. Check Point engineering will also help if there are issues with the deployment.

What was our ROI?

They have made domain improvements to SmartConsole. If you check older versions, such as R77.30, you have to open a separate, smart tracker to view logs. However, in R80.10 and above, you can view logs in SmartConsole. You don't have to open another smart tracker to view logs. That is the improvement Check Point has done which makes it better because it is much easier to find logs. This saves time, approximately 40 to 50 a day in one shift.

What's my experience with pricing, setup cost, and licensing?

For the firewall, there is a limitation on the license. We are facing some problems with mobile access. We have a license for 450 licenses of VPN users. We would like Check Point to have more than that, e.g., if the organization gets bigger and there are more users, then that will be a problem.

I have done licensing and contracts for multiple firewalls. The license and contract configuration is completely fine, but if it is possible to make them cost a bit less, then this would be better.

Which other solutions did I evaluate?

Palo Alto is a zone-based firewall and Check Point is an interface-based firewall. With Palo Alto, we are using Panorama to install policy, and in Check Point, we are using their Management Server to install policy. The Palo Alto Panorama console has more options than Check Point.

On the Check Point Firewall, you can install policy. With the Palo Alto firewall, you can install policy on multiple gateways. You cannot install policy on multiple gateways with the Check Point Firewall.

What other advice do I have?

If you are making a plan of action for the installation of firewalls, clarify with the Check Point tech engineers that all is proper and good. We always arrange a Check Point standby engineer for this activity, because if anything goes wrong, then they can help on the call.

I would rate this solution as an eight out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Matt Millen - PeerSpot reviewer
Network & Systems Administrator I at DMH
Real User
Simple to navigate, making it easy to identify and fix issues and minimize downtime
Pros and Cons
  • "The simplicity of the access control is the most valuable feature for us. It gives us the ability to easily identify traffic that is either being allowed or denied to our network."
  • "I would like there to be a way to run packet captures more easily in the GUI environment. Right now, if we want to read packet captures, we have to do so from the command line."

What is our primary use case?

We use several of the blades. We use it for regular access control, but we also use the application control. We use HTTPS inspection and threat prevention. We use the Mobile Access blades as well IPS.

We have a Smart-1 205 as our management server and for the gateway we've got 3200s.

How has it helped my organization?

Over time, we've enabled different blades on the firewall. We started off with the access control policy, and since then we enabled the HTTPS inspection and the IPS blade. That's helped reduce our risk landscape as a whole.

What is most valuable?

The simplicity of the access control is the most valuable feature for us. It gives us the ability to easily identify traffic that is either being allowed or denied to our network. The ease of use is important to us. The more difficult something is to use, the more likely it is that you'll experience some type of service failure. When we do have issues, with the Check Point SmartConsole being as simple as it is to navigate, it makes it easy for us to identify problems and fix them, to minimize our downtime.

What needs improvement?

I would like there to be a way to run packet captures more easily in the GUI environment. Right now, if we want to read packet captures, we have to do so from the command line.

For how long have I used the solution?

We have been using Check Point's NGFWs for as long as I've been with the Department of Mental Health, so it's three years that I've personally been using them.

What do I think about the stability of the solution?

Based on other networking hardware that I've used, I would say the Check Point NGFWs are just as stable, if not more so. We rarely have any issues. In the past, I've experienced networking hardware often needing to be rebooted. That's not something that happens with these devices. They're on 24/7 and we have next to no downtime. I can't think of a time in my three years here that one of the devices has gone down and caused us any downtime.

What do I think about the scalability of the solution?

We've already purchased a new management server from Check Point, and it will be replacing our 205 appliance. They make it easy. These devices inter-operate together, so if we need more resources, for example, on the management end, we're able to buy that server and replace our old one and scale up as needed.

As far as users are concerned, we have 70 locations throughout the State of South Carolina with a total of 400 to 500 devices that can be connected at any point in time.

I would think we have plans to increase our usage. We work in tele-psychiatry, for the State of South Carolina, and telemedicine right now is a hot topic. I see it very likely that our usage could double and triple in the coming years.

How are customer service and technical support?

We've had an issue with licenses not populating to a new device, but that is the only thing we've ever called them for in relation to replacing or adding in a new device.

They're very helpful. They're easy to get in touch with. It's not like you're sitting there on hold for hours at a time, and they're quick to get back to you. It might be that they're taking packet captures and analyzing them and then getting back to you. It's a quick turnaround. I can't think of any time we've ever had to wait more than 24 hours to get an answer on an issue we've had.

How was the initial setup?

I have set up replacements and it's very straightforward. It's very easy. It's much easier than some of the other network equipment that I've had to deal with. Check Point provides a wizard that walks you through the process and that streamlines the entire process. They also provide instructions on how to go about getting to the wizard and the process that we needed to take to complete that configuration. It was relatively painless.

The replacement was configured in one day and deployed the next, with no issues.

There are five of us in our company who have management access. I'm the network administrator, and I've got four IT technicians who work under me and assist in the firewall configuration and deployment.

What about the implementation team?

I don't believe we've ever had to actually call Check Point to assist with anything. It's pretty straightforward. The wizard does most of the work and we have all the instructions we need. It's pretty much all done in-house.

What was our ROI?

I definitely feel it's been worth our investment. Check Point is there to help when we need them. Our downtime has been very minimal, and when we do have issues, they're there to help us. They're there to get us back up and running as quickly as possible. It's definitely been worth its weight.

What's my experience with pricing, setup cost, and licensing?

One of the main reasons that we went with Check Point is that they provide a good solution for a firewall but at an affordable price. As a state agency, we can't afford Cisco Firepower. It's just out of our budget to be able to pay for something where licensing and hardware are so expensive. Check Point has really met our needs for a budget-friendly solution.

We pay a yearly support fee in addition to the standard licensing fees with Check Point.

Which other solutions did I evaluate?

I've worked with Cisco routers and firewalls. I've worked with Ruckus switches and routers, and Aruba access points.

A drawback with these products is their stability. Almost all other networking devices I've seen need to be rebooted over time. If they're left unattended for extended periods of time, we experience some sort of downtime. That is not an issue with our Check Point products.

What other advice do I have?

Do your research and look into cloud solutions. Check Point offers many cloud services, and that's where everything's moving, towards the future. Research the different appliances and solutions that Check Point offers and find out what works best for your particular situation.

The biggest lesson I have learned from using Check Point's firewalls is not to be afraid to call for help. There are times where I may be trying to figure something out myself, when in all reality, all I need to do is call Check Point customer support. They'll explain to me why something is configured a certain way, or if there's a better way that I could go about configuring something, and things of that nature. They have been very helpful and have saved me time, anytime I've called.

I can't think of any additional features their NGFW needs that we don't already have access to. I know there are features such as moving the dashboard toward the cloud, and I think that's beneficial, but it's something they already offer. We just don't take advantage of it right now.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Sr. Network Engineer at a insurance company with 5,001-10,000 employees
Real User
Provides security to users working within our LAN environment, but also to remote end-users
Pros and Cons
  • "The central management makes it easier, and is a time-saver, when implementing changes."
  • "The antivirus Check Point offers could be better when compared to competitors' firewalls. Updates should be more frequent."

What is our primary use case?

We use Check Point's firewall to provide network security to our organization as well as to other, third-party vendors.

How has it helped my organization?

The Check Point firewall is providing advanced-level security. Compared to before, our company is more secure now. It is not only securing the users working within the LAN environment, but also to the end-users or remote users in the company.

What is most valuable?

The most valuable features are its 

  • antivirus
  • threat detection
  • central management system. 

The central management makes it easier, and is a time-saver, when implementing changes. We can do all the changes within Check Point and not use any third-party device.

What needs improvement?

The antivirus Check Point offers could be better when compared to competitors' firewalls. Updates should be more frequent. With other firewalls, updates are very frequent, but with Check Point updates are not so frequent. That needs to be improved.

Also, the certification as well as learning about this Check Point is much costlier when compared to the other firewalls. I have recently done certifications in various firewalls and Check Point's certification was more costly.

For how long have I used the solution?

I have been using Check Point's NGFW for the last six years.

What do I think about the stability of the solution?

The Check Point firewall is very stable. It is one of the oldest firewalls in the market. It has all the advanced features, according to the security features we have. It's quite a stable firewall.

What do I think about the scalability of the solution?

It is very good and scalable. We have recently expanded the usage of Check Point and it was not a very tough process to scale this firewall.

Right now it's protecting around 3,000-plus employees.

How are customer service and technical support?

It has been a very good experience every time we call Check Point. We usually get them on a phone call and they are very informative people. They always provide us the solution.

Which solution did I use previously and why did I switch?

We had another solution. We switched because Check Point gave us more advanced features and there was market demand for network security.

How was the initial setup?

The initial setup was a little complex. The training from Check Point should be increased. It was a little complex, but with the help of their TAC and the help of other engineers, we installed it.

The deployment has taken about eight months. We have deployed it in a three-way architecture. We have installed a security gateway, an SMS (security management system) and we have installed the console.

We have a team of four people, all network engineers, for deployment and maintenance of the solution. We take care of all the firewalls for the organization, including Check Point's.

What about the implementation team?

We had help from a Check Point integrator. It was a good experience. They were very helpful.

What was our ROI?

We are happy with our investment in Check Point's firewall. Per our standards, and for our environment, it is a very good firewall. It is protecting us well.

What's my experience with pricing, setup cost, and licensing?

Pricing is a little high compared to competitive firewalls, but it is easy to go through the licensing steps.

Which other solutions did I evaluate?

We evaluated other options, including Cisco ASA. The difference was that Check Point provides advanced features, such as threat prevention and antivirus. Apart from those, it also provides us with IPS. Also, for Cisco ASA, we had to take extra services to install it, so we went for Check Point.

What other advice do I have?

Make sure you get good training on Check Point's firewall, and it would be good if you have working experience on the device.

Using Check Point, I have learned that we need to serve our remote users as well, and Check Point is a firewall which is capable of doing that.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
IT Specialist at a tech services company with 10,001+ employees
Real User
Protects our environment with security checks against vulnerabilities
Pros and Cons
  • "We like the centralized management for configuring multiple firewalls. It also gives us the Antivirus, threat prevention, and vulnerability tests. These four features protect the environment with security checks. Vulnerability tests allow us to configure changes that can protect the environment."
  • "The Antivirus feature is something that could be improved. We don't get much from the Antivirus update in comparison to their competitor's firewalls. It needs to be more advanced because Check Point is nowadays sent all over the world. Therefore, the Antivirus feature should be of very good quality and cover all virus checks. I would also like the Antivirus updates to be more frequent."

What is our primary use case?

We use it to provide security to our environment from the outside world. We are using it to provide security against vulnerabilities using threat prevention, Antivirus, and IPS.

How has it helped my organization?

In advance, we get security vulnerabilities. So, we can configure new security policies, update our antivirus, or check the configuration to protect the environment.

What is most valuable?

We like the centralized management for configuring multiple firewalls. It also gives us the Antivirus, threat prevention, and vulnerability tests. These four features protect the environment with security checks. Vulnerability tests allow us to configure changes that can protect the environment.

What needs improvement?

The Antivirus feature is something that could be improved. We don't get much from the Antivirus update in comparison to their competitor's firewalls. It needs to be more advanced because Check Point is nowadays sent all over the world. Therefore, the Antivirus feature should be of very good quality and cover all virus checks. I would also like the Antivirus updates to be more frequent.

For how long have I used the solution?

I have been working with it for the last seven years.

What do I think about the stability of the solution?

It is a very stable firewall. The updates that we get from this Check Point Firewall are also very stable. 

What do I think about the scalability of the solution?

The scalability is good.

There are more than 10,000 users. The Check Point Firewall is deployed through the company.

How are customer service and technical support?

All their technical people are very solid in their knowledge.

Which solution did I use previously and why did I switch?

I have used Cisco ASA and FTD. We switched from Cisco ASA to Check Point because there were no antivirus, vulnerabilities, or security prevention features. Check Point has more advance features, which are easier to use, than Cisco.

We also had to install IPS devices with Cisco.

How was the initial setup?

The initial setup was straightforward. It was not too difficult to deploy the Check Point firewall. Deployment takes between 12 to 15 months.

We have done a cloud-based deployment throughout our network.

What about the implementation team?

We did the deployment ourselves. We have onsite specialists who have done many deployments.

20 people take care of the deployment and troubleshooting of this firewall.

What was our ROI?

There is a money saving because we no longer require other devices, like an IPS, a separate antivirus, or vulnerability tests. We get all the devices within a single tool. Before, we would have different teams taking care of different devices. Now, we take care of only one device, which is another source of savings. We have saved a lot of money with this solution.

What's my experience with pricing, setup cost, and licensing?

The prices are good for its features. The benefit of its license is we get timely security prevention updates. The price is good for the technology that we get.

What other advice do I have?

This is a good solution. I would recommend to take advantage of as many features as you can. It has many features, and to protect security, you should use all the best features that you can.

As soon as the company will grow, we will definitely increase our usage of the firewall. We have already increased our usage due to employees working from home.

The biggest lesson that I learned is we can use the features of a firewall security to protect our environment. Also, rather than deploying multiple firewalls, we can configure a centralized management system, and this saves time.

I would rate this solution an eight out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Network Security Administrator at a computer software company with 201-500 employees
Real User
User-friendly with IPS already configured in the box, and the dashboard is good and easy to use
Pros and Cons
  • "Check Point has a lot of features. The ones I love are the antivirus, intrusion prevention, and data loss prevention. Apart from that, there is central management through which we can integrate all the firewalls and support them. It makes it easy to manage all the firewalls."
  • "The antivirus is less effective than its competitors' antivirus. The antivirus is good, but in other firewalls, such as Palo Alto, it's quite effective. Check Point should provide more output. Sometimes it provides comprehensive information and sometimes it doesn't."

What is our primary use case?

We use it to provide security in our organization. Check Point Next Generation Firewalls are designed to support large networks, like a telco environment.

What is most valuable?

Check Point has a lot of features. The ones I love are the 

  • antivirus
  • intrusion prevention 
  • data loss prevention. 

Apart from that, there is central management through which we can integrate all the firewalls and support them. It makes it easy to manage all the firewalls.

It's also user-friendly and not very complex. Anyone can use it and the dashboard is quite good.

What needs improvement?

Check Point has notably fewer tutorials on Google. If I'm facing any kind of issue and I Google it, less stuff is available. 

Apart from that, the antivirus is less effective than its competitors' antivirus. The antivirus is good, but in other firewalls, such as Palo Alto, it's quite effective. Check Point should provide more output. Sometimes it provides comprehensive information and sometimes it doesn't.

For how long have I used the solution?

I have been using this firewall for more than one year.

What do I think about the stability of the solution?

The stability is good. We've never seen any kind of issue with the Check Point firewalls. In very rare cases we go to their TAC, but we normally try to resolve the situation from our side.

What do I think about the scalability of the solution?

They are quite scalable. They are designed to extend in large data centers and tech environments. They are designed to support the needs of large networks, and offer reliability and performance.

How are customer service and technical support?

Check Point's technical support is quite good. It's quite helpful. We have never faced any kind of issue with them. Whenever we have an issue with the firewalls, we just raise it with them and they are quite supportive and quite technical as well. They provide a resolution on time and effectively.

Which solution did I use previously and why did I switch?

Previously, I worked on Cisco ASA firewalls and they have a lot of disadvantages. They have a lot fewer features compared to the Check Point firewalls. We just started using Check Point as a firewall in our organization and they give us new features which are better than the Cisco ASA. With Check Point, the IPS is already configured in the box, unlike the Cisco ASA, and there are a lot of features which help us to provide more security for our customers. In our case, the customers are all employees of our organization.

All of these are reasons we switched to Check Point.

How was the initial setup?

The setup is straightforward.

Deployment depends on the customer's architecture or network.

In terms of a deployment plan, we have different teams in our organization that support different business cases. After an implementation ticket is raised by the requester it goes to the planning stage, then it goes to the implementation stage and then it goes to the validation stage. The planning stage is done by the network security admins. The approval stage that is done by our managers and the validation stage is done by us, the network security admins. This is the process that we follow in our organization. Everything is documented.

What about the implementation team?

We do the deployment ourselves, but if we face any kind of issue, we just raise an issue with their TAC.

What's my experience with pricing, setup cost, and licensing?

The pricing is good. It's not so expensive. You can deploy it and it will do a lot of jobs in one package. It's a good choice compared to the other firewalls.

Which other solutions did I evaluate?

We looked at Palo Alto and the Cisco FTD Next-Generation Firewall.

What other advice do I have?

Check Point Next Generation firewalls are very good. They have a lot of features in one box and they're not that expensive. They support a lot of features, including antivirus, data loss prevention, and the central management is very good. We can configure all the firewalls through the central management. They have many things in a small package. I would recommend them.

The biggest lesson I have learned from the solution is that it has a lot of features that I was not aware of. The dashboard is quite simple and it's not complex to use.

We make changes on this Checkpoint Firewall as per customer demand. If they want to add a rule on the firewall we do that, and if they want to remove something we remove it for them. If they want to change the position of some rules or to allow or deny any kind of traffic, we do that for them.

In our organization we have a team of 20 - 25 network security admins. Sometimes the network team will also implement changes and they are about 25 people. Sometimes we get  the help of our managers to approve the changes or validate whether the change has been implemented correctly or not. If I sum it up, it's a team of about 100 people who directly use the solution, and they also take care of deployment and maintenance.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Nikhil Dhawan - PeerSpot reviewer
Associate Consultant at a tech services company with 10,001+ employees
MSP
Gives us centralized management for multiple firewalls and can protect our environment from outside threats using advanced features
Pros and Cons
  • "It gives us centralized management for multiple firewalls. For example, if I want to push the same configuration in 10 firewalls, I can push it all at once with the help of the centralized management system."
  • "I would like the graphic user interface to be easier to use. For example, the NAT policy should be easier to use. Check Point's NAT policy is somewhat confused compared to other competitors."

What is our primary use case?

My role is to do implementation and troubleshooting on the Check Point Firewall. We use this firewall for our organization's security by adding restrictions and security from viruses and other tech from the external Internet.

It is used in our internal company-wide network. It protects our company throughout the LAN network.

How has it helped my organization?

We have needed to install many third-party devices to provide major security to our organization. Because of Check Point and its many features, we do not require other third-party devices. We only require Check Point to provide the security.

What is most valuable?

It gives us centralized management for multiple firewalls. For example, if I want to push the same configuration to 10 firewalls, I can push it all at once with the help of the centralized management system.

It is easy to use because it supports Linux language in the CLI. This is a good for someone who already knows Linux language.

What needs improvement?

The company should increase the learning platform free of charge. For example, Palo Alto and Cisco ASA have very good platforms that are completely free. Almost everyone in this field has good product knowledge. Therefore, I would like more training and expertise to be available for Check Point NGFWs.

I would like the graphic user interface to be easier to use. For example, the NAT policy should be easier to use. Check Point's NAT policy is somewhat confused compared to other competitors.

For how long have I used the solution?

I have been using it four years and four months.

What do I think about the stability of the solution?

It is a stable firewall that has new updates. The new updates are very impressive. There is also a good antivirus update which comes out very frequently and is completely stable.

What do I think about the scalability of the solution?

The solution's scalability is good.

With our increasing business, we have given a proposal to increase the number of firewalls.

In my organization, there were five associate consultants included in the deployment process, including me.

How are customer service and technical support?

The solution has very good, timely support. Most of the time, when we opened a case with their tech support, we have been in a panic situation because of the case's priority. However, the solution that we get is very straightforward and in very short amount of time.

My issues were resolved by the Check Point team or available on the Internet. So, all my problems were resolved.

Which solution did I use previously and why did I switch?

I have used Palo Alto and Cisco ASA. When I used Check Point, I got to know that the CLI is based on Linux. I already know Linux, so it was very comfortable for me. Apart from that, it was the company's decision. They wanted to use this firewall.

How was the initial setup?

The initial setup was straightforward because I have done training on Check Point. I didn't face any issue while implementing or while configuring it. I only faced a few issues, and they were resolved by the Check Point team.

It takes around nine to 12 months for the complete deployment of this solution. My deployment plan was a three-tier architecture, which is one of Check Point's features.

What about the implementation team?

I deployed it myself with the help of one or two of my colleagues.

What was our ROI?

I am happy with the investment that we made on Check Point. The reason behind this: It has advanced features for protecting the environment.

Which other solutions did I evaluate?

I also evaluated Palo Alto and Cisco ASA.

Check Point pros:

  • The CLI is very ease to use.
  • It provides advanced security threat prevention.

Check Point cons:

  • The graphical user interface should be easier to use.
  • More training should be provided by Check Point. 

What other advice do I have?

I would recommend this solution because it is a firewall that replaces many other devices. Money-wise, it is good. It also has many features. These can be utilized to protect your environment from outside threats.

You should have a couple of training and hands-on experiences before deploying the changes by yourself on the firewall. It has many features of which people are not knowledgeable so they usually utilize them.

With time, technology is getting better. Check Point is one of these examples. They have changed their products completely from the old R80 version, where their UI and CLI were much different. 

I would rate this solution as a nine out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Security Expert at a aerospace/defense firm with 10,001+ employees
Real User
Top 5
Management platform and GUI are intuitive and user-friendly, but QA on releases needs improvement
Pros and Cons
  • "The management platform and the dashboard, the graphical user interface, is one of the best, if not the best, in the business. It's the most intuitive and it's really user-friendly in day-to-day operations."
  • "One of my issues with Check Point is the stability. There have been too many bugs, over the years, when I compare them with other vendors. Their QA team should do better work before releasing their GA versions."

What is our primary use case?

The reason we have the Check Point Next Generation Firewall is that it's our main perimeter firewall in all our branches around the world. It secures the IT infrastructure in all of our environments and our subsidiaries. We also use it to set up tunnels between all our sites.

We have multiple versions from the legacy R77 to the latest R80.40.

How has it helped my organization?

In today's world, there are a lot of risks related to infrastructure security, malware and more. The Check Point has multiple blades in the same product, which improve security in IPS, application control, and URL filtering. You don't need to buy multiple, separate products to achieve the best security.

What is most valuable?

The basic most valuable feature is the firewall itself.

The management platform, dashboard, graphical user interface, are one of the best, if not the best, in the business. It's the most intuitive and it's really user-friendly in day-to-day operations.

The VPN means you can communicate in an encrypted manner between sites. 

The application control and URL filtering are also very beneficial. They enable you to tighten security and decide which applications or websites you want to grant access to. In our company, we don't allow anyone to freely access the internet to surf all websites. Some sites may be sensitive and some of them may be inappropriate. It allows us to control the traffic.

What needs improvement?

Their management features are the best, from one point of view, but they are too heavy. For example, if you are looking at a configuration file, you can't just browse through it and see all the configurations like you can with other vendors, like Cisco and Fortigate. With those solutions you can just go over the configuration file and read all the objects and the policies, etc. 

Because of the Check Point architecture, the data file itself is huge if you're comparing it to the data files of other vendors. The difference is something like 3 Mb to 1 Gb. It's not so straightforward. 

The data process is also not so simple. You don't just load a text file which has all the configuration. It's a more complex process to restore it from a backup, when it comes to Check Point.

For how long have I used the solution?

I have been using Check Point's NGFW for approximately 10 years.

What do I think about the stability of the solution?

One of my issues with Check Point is the stability. There have been too many bugs, over the years, when I compare them with other vendors. Their QA team should do better work before releasing their GA versions.

What do I think about the scalability of the solution?

If you're looking for scalability and you need to add more power and performance and to scale up, they have a new solution, but I haven't used it yet.

In terms of the extent of our use, it's our main firewall. Everything flows through it.

We currently have four direct users and all of them are security engineers. I'm doing most of the deployment and the others are responsible for the day-to-day operations. In the overall company there are more than 10,000 users, and the traffic throughput is around 10 Gb.

How are customer service and technical support?

They have a very extensive Knowledge Base on their website, which is very helpful. But if you contact their technical support, not all of them have all the skills. If you open a ticket it may take a while to be resolved. It can take more than a month until they finally escalate it several times internally and then, finally, find a solution. But the first tier is not too technical.

Which solution did I use previously and why did I switch?

The previous solution, Contivity, was before my time in this company and I don't think it even exists anymore. The Contivity was only a firewall and our company wanted more features and benefits. It didn't have next-generation firewall options, like URL filtering, user identity, and IPS. As risks evolved in the data security field, our company needed to adapt.

How was the initial setup?

The complexity of the setup depends on which branch we're setting it up for. If it's a new branch, we can spin up a new firewall in less than an hour or so, do all the configuration, and it's ready for production. But if we're replacing an existing solution, the migration process may take some time and the people involved need more extensive knowledge, compared to spinning up a new firewall.

If it's a complex environment and you're migrating from one solution to another one, or even from an older version to a new version within the Check Point platform, I would recommend not to do it by yourself. In those cases you should use a third-party partner or Check Point Professional Services.

What about the implementation team?

I did most of my deployments by myself, but in our headquarters, where there was an older version of a Check Point version, and they wanted to migrate to a new one, I used a partner. The partner I used was SafeWay, a company in Israel. They have quite extensive knowledge and they are very professional.

What was our ROI?

It's hard to measure ROI in financial terms, but our productivity has gone up with the new version of the R80 because we don't need to wait for one administrator to log out of the management system for another to be able to log in. Multiple administrators can now work simultaneously on the platform. That productivity increase can be seen as a form of ROI.

What's my experience with pricing, setup cost, and licensing?

Use the basic sizing tool to do the correct sizing so you don't waste too much money, because it's not a very cheap solution when compared to other vendors. There are other vendors that are more affordable.

There are no costs in addition to the standard licensing fees, except maintenance.

Which other solutions did I evaluate?

We have not evaluated any other options.

What other advice do I have?

My best advice would be, if you are not as skilled, that while you don't really need to use the Check Point Professional Services, you should use a partner that has good knowledge of the device. If it's just a straightforward deployment without all the features, it may look simple but there are too many options. Eventually, you may use 30 percent of them. I don't think you will use 100 percent of all the features that are available.

Overall, I'm a little bit disappointed because of the numerous bugs that there are.

I would rate it at seven out of ten because their management platform and the dashboard. It's the most intuitive and user-friendly in day-to-day operations, as long as you're not dealing with the bugs.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Security Engineer at a tech services company with 1,001-5,000 employees
Real User
You only need to use one rule for both the DMZ and the Internet
Pros and Cons
  • "The Check Point API let me make 100 net rules in just 10 minutes, which saved us time."
  • "I would rate the technical support as a seven out of 10. Sometimes, it's difficult to get them to understand what the issue is. Sometimes, the issue is not resolved, then we solve it by ourselves with Check Point's documentation, which can be useful. When you open a case with Check Point, they can be a little slow. Sometimes, they don't solve things."

What is our primary use case?

I am using this solution for perimeter security in the company. Our firewall security is centralized under one management. Also, we use this firewall to manage some of the VPN clients and the employees' access across the company. 

Each firewall is capable of using the VPN client, but we only use two. We have five in total, but we only use two for these issues.

I am using the firmware version for the operating system. The blades are firewalled for IPS and mobile access.

How has it helped my organization?

Last year, we used the Check Point Identity Awareness Software Blade. Now, we only use a normal firewall with IP address rules, address destination, and services. Then, we can filter by users. So, my boss has access to these things by user. Even if it's connected with the Active Directory, we can filter by user name, or in this case by server name, and it works perfectly. This is very valuable for our company.

What is most valuable?

The most valuable features about Check Point are the API and automation process.

Using the GUI, you can add comments from your PC or the client server. If I want to check the firewall rules, I can send one line of command to determine if it is configured or not. 

Its implementation and integration with the rest of the network are better than its competitors.

What needs improvement?

The stability needs improvement for its version releases. They have a feature called Inline Layer as part of the R80.10 release. In the last version, it still had bugs and is not working very well. I would like the developers to release a version that is more stable, because if you start to use the latest release and try to use this newest feature, I'm not 100 percent sure that it will work very well. After six months of development, it might start working better. However, at the beginning, it's not a good choice to implement in your company with your first attempt. But one or two releases later, it might be better. 

If you only have one vendor and they are downgraded or no longer a leader in their industry, then you need to change the entire solution, making it more expensive. For example, Check Point's components are not interchangeable with other vendors.

For how long have I used the solution?

Around four years.

What do I think about the stability of the solution?

The stability of the firewall is nice if you use the legacy mode, because the new mode is not good. Things worked in version 77, which is older. It was more stable. When they jumped from version 77 to 88, sometimes things didn't work that used to work in the earlier version.

What do I think about the scalability of the solution?

The scalability of the firewall depends on the model. In terms of the implementation, it's really easy.

We have about 25 users for the entire solution. We have two engineers who work on deployments and implementation. We have another 18 engineers who do support and operations. They have responsibility to monitor the firewall 24/7.

It protects the core network and ISP: the routing, switching, and APM backbone. This is around 8,000 pieces of equipment. 

We don't have plans to increase our usage right now.

How are customer service and technical support?

I would rate the technical support as a seven out of 10. Sometimes, it's difficult to get them to understand what the issue is. Sometimes, the issue is not resolved, then we solve it by ourselves with Check Point's documentation, which can be useful. When you open a case with Check Point, they can be a little slow. Sometimes, they don't solve things.

Which solution did I use previously and why did I switch?

In the beginning, we used Fortinet, Juniper, and Cisco. Now, we only use Check Point for firewalls. 

Last year, we changed the Fortinet firewall to the Check Point firewall. The Check Point API let me make 100 net rules in just 10 minutes, which saved us time.

The administration is awful in Fortinet. They have the FortiGate portal on an HTTP portal. Therefore, if you want to make a change, you can make a change. But if you do the change, then it's directly applied on the network, and we don't want to do that. We configure and change the policy and routing. We only apply the changes in the night. However, with Fortinet, you need to configure and apply the changes at the same time. So, it's not useful for our operations.

With Fortinet, you need to duplicate the rules from the DMZ to the Internet and the Internet to the DMZ. In Check Point, you only use one rule, which works on both sites.

How was the initial setup?

The initial setup is really easy. You can do it in 30 minutes. Setting up an environment for a firewall and its management with a licensed demo took me an hour last week, and that includes the time for configuring the rules. The whole installation is 30 minutes and the configuration is another 30 minutes.

If you are implementing from another vendor, Check Point has a program called SmartMove. Then, all you need is the configuration of the previous firewall. Once you do some optimization, then you are ready for the integration. This might take a month overall.

What about the implementation team?

We consulted with one partner of Check Point, who is our provider. If the issue is really big, then we open a case with Check Point directly via the partner. My experience with them was really nice. It was the best experience that I had ever had.

They have amazing engineers. Their expertise is unbelievable. They do integrations really well. They could improve on routing and networking, but the product is what is important for me. 

What was our ROI?

The firewall is only for protection. It is not used to sell services.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing are expensive. If you compare it with Fortinet, then it is cheaper on a yearly basis. However, Check Point is the most expensive firewall right now in terms of licenses and its appliance. My recommendation is if you want a long-term investment, then you should use an open server. If you use an open server, then the latency is really low. If you pay for a full appliance, it's more expensive.

Which other solutions did I evaluate?

Check Point's web administration is not complete. If you compare it to Fortinet's web administration, Check Point's web administration is not nice. However, Check Point's full solution, including SmartConsole, is better than Fortinet's solution.

What other advice do I have?

If you use Apple computers or Linux, the product may not be a good choice for you.

I would rate the solution as a seven point eight out of 10. They can improve some things. They can make it more flexible in terms of its software. It is a good solution, and I like it. For me, it's the best firewall solution.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Kirtikumar Patel - PeerSpot reviewer
Network Engineer at LTTS
Real User
Top 5Leaderboard
Helps with security against upcoming and unknown threats and activities
Pros and Cons
  • "It secures my organization. With the application blade, I can make security as application based and the custom application is also very useful. With identity awareness blades we get insights on our local users who are accessing/passing through the respective rule as users. We also use the DLP, IPS, and VPN features."
  • "Our SAM rule is also not working to block the IP address which we don't allow in our organization so we have to create a traditional rule base block which is a time-consuming job for me and my team."

What is our primary use case?

I have been using this solution since the GAIA OS R77 was there. I am using it for my day to day access such as policy creation, policy modification, and also regularly policy disabling and deletion. I have 17K+ users in my organization, 100 + client to site VPN and I have a number of S2S as well. My daily job is health checkup, security log monitoring and incident management, daily IPS checks, threat presentation reports and to analyze the risk and take necessary action on that as well.

How has it helped my organization?

It secures my organization. With the application blade, I can make security as application based and the custom application is also very useful. With identity awareness blades we get insights on our local users who are accessing/passing through the respective rule as users.  We also use the DLP, IPS, and VPN features. We have multiple site to sites with our clients and it is very easy to configure and manage.

What is most valuable?

IPS helps with security against upcoming and unknown threats and activities. We regularly check the report and as per daily report we will check the risk and prevent each alert that is critical based on our business requirement and make it secure.

IPSec VPN is also our key feature as our organization having widely customer across globe so it is very good feature to us to connect and run our business with them very smoothly and softly. 

What needs improvement?

The unknown category has been a pain point. We cannot understand this category and the Check Point engineers are also stuck with it. If we enable HTTPS inspection then without this category my URL will stop working. This has a huge impact on my business. We are still running without HTTPS inspection even in a monitoring mode.

Our SAM rule is also not working to block the IP address which we don't allow in our organization so we have to create a traditional rule base block which is a time-consuming job for me and my team.

For how long have I used the solution?

I am using this solution for four years.

What do I think about the scalability of the solution?

This is widely scalable solution.

How are customer service and technical support?

I would say not much exp and not lower, average technical support. We are struggling in most of the cases.

How was the initial setup?

Very easy.

What about the implementation team?

In-house team and technical support team.

What was our ROI?

I would say it's complete ROI for us.

What's my experience with pricing, setup cost, and licensing?

Setup is easy, in my short tenure I have done multiple migrations and have set up our new organization. For cost and pricing, I don't have an idea.

What other advice do I have?

This is a very good and best solution as a perimeter device for NGFW.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Kirtikumar Patel - PeerSpot reviewer
Kirtikumar PatelNetwork Engineer at LTTS
Top 5LeaderboardReal User

I have very good command on Checkpoint NGFW

Sr. Security Engineer at a financial services firm with 10,001+ employees
Real User
Everything can be managed from a single dashboard
Pros and Cons
  • "Everything can be managed from a single dashboard nowadays."
  • "The main thing for a normal operations guy who is creating tools and firewalls, it is quite difficult to manage. It requires an expert level of knowledge in Check Point products to manage these scalable platform appliances and the virtual firewall that comes with it. We have to educate our guys and give them training on a regular basis to work on these products."

What is our primary use case?

It is a typical firewall that has been implemented in most of our regions. We use it for normal firewall policies and VPNs.

We are mainly using Check Point firewalls. We also have a few Check Point cloud security programs.

How has it helped my organization?

Everything can be managed from a single dashboard nowadays.

Since we upgraded to R.80 from our previous R.77 version, the activity of my team has improved a lot. We don't have to open multiple consoles or go to multiple nodes. Even though we are managing multiple solutions of Check Point, they feel similar to us now.

What is most valuable?

The most valuable feature is the Check Point Management Server, especially version R.80 onward. We can manage everything. We have endpoint security, cloud security, and email security. Everything can be managed from a single management server, making this a very unique and easy solution to use in the market now.

From a technical perspective, it is an easy solution to use. Everything seems perfect. We are not using all of its features, like sandboxing. 

What needs improvement?

The main thing for a normal operations guy who is creating tools and firewalls, it is quite difficult to manage. It requires an expert level of knowledge in Check Point products to manage these scalable platform appliances and the virtual firewall that comes with it. We have to educate our guys and give them training on a regular basis to work on these products. Otherwise, it's fine.

For how long have I used the solution?

About five years.

What do I think about the stability of the solution?

It is pretty stable. It hasn't caused many issues over the years, unlike normal network issues. They do release bug fixes at least once a month. We keep very good track of that and update the patches regularly, but we haven't run into bigger issues so far. So, I'd say it is quite stable. 

The firewall is very easy to use and hasn't caused much trouble for us over the years.

What do I think about the scalability of the solution?

From a scalability perspective, they have a solutions like Check Point Maestro. Therefore, it is easy to upscale nowadays.

We have over 200,000 end users.

How are customer service and technical support?

They should improve the support a bit. Though they have expert engineers in tech, sometimes the amount of time to get back a solution for an issue is more than what is acceptable, even though it is a high priority.

During a scheduled activity or an implementation, they find their highest level of support. During an implementation, I never faced an issue with the support. I would rate them a nine out of ten for this.

Which solution did I use previously and why did I switch?

The company has been using Check Point firewalls for the past 10 years. Before that, they used Cisco ASA.

How was the initial setup?

Mostly, I have worked on Check Point products. Therefore, the initial setup was straightforward. It was not that complicated. 

I can spin up a firewall and put it in production within an hour. If it's a migration from a different solution or upgrading an existing management solution, it might take some time because of the planning. There are a lot of things that have to be a part of the implementation or migration activities.

What about the implementation team?

We do it ourselves most of the time. We only take help when it comes to scalable platforms, like big chassis firewalls, which are little complicated. Then, we get outside help.

I manage the operations team and have also been involved as a consultant.

We have some best practices in place that we follow.

There are four security engineers who deploy and maintain this solution.

What's my experience with pricing, setup cost, and licensing?

Comparatively, Check Point pricing is a little high. However, if you have that budget, I would recommend anybody to go with Check Point.

Which other solutions did I evaluate?

For cloud security purposes, we looked at FortiGate. In the end, we decided to go with Check Point. Primarily, we went with Check Point because of the fee. We also already had expertise on Check Point and the team is comfortable around it. We like that Check Point has a single dashboard. Feedback from peers suggests that the support in India for NGFWs is not as good with other vendors as it is at Check Point.

What other advice do I have?

Get a team who has expertise on this product and educate your team. Give them training. If Check Point is using a new version, make sure your team is aware of that. If there are any changes, let them know and make them comfortable working around this product because we have had some issues due to lack of expertise.

If you don't have an expert in-house team for implementation, I would strongly recommend getting help of the Check Point professional services team. There are a few third-party operational services, but I would go with Check Point professional services.

We are planning to increase our usage of the solution. Every project that we take on has Check Point security products as part of the solution.

I would give this solution an eight out of 10 because of the support. They take too much time when they should give you a result.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Amit Kuhar - PeerSpot reviewer
Network Security Consultant at Atos Syntel
Reseller
Easy to manage, deploy, and upgrade
Pros and Cons
  • "It is easy to deploy or upgrade. There is no need to do this manually with commands. This solution can be set up online."
  • "In a VPN setup, we have Internet connection via Check Point. The connectivity is not turnkey like competing devices. We have not yet terminated our site-to-site VPN because things are fluctuating right now and Check Point needs to be upgraded. Also, their troubleshooting needs to be improved for this."

What is our primary use case?

We have around 500 firewalls all around the world with a global team to manage them. We are using Check Point NGFW for Internet traffic, IPS, and UTM devices.

Atos provides this solution, including network design and advice.

What is most valuable?

  • Antivirus
  • IPS
  • They got the logs into one site, which is wonderful.
  • There is a secure action line code that you can announce your products in.
  • If you have a number of sites, like a hundred sites around the world, you can deploy multiple VSX testing. 
  • All over the world, you can have DMZs in data centers, e.g., in the USA, Dubai, and London. 
  • It is easy to deploy and upgrade. 
  • Easy to manage, e.g., if there is a new engineer onsite, they can easily manage it.

What needs improvement?

In a VPN setup, we have Internet connection via Check Point. The connectivity is not turnkey like competing devices. We have not yet terminated our site-to-site VPN because things are fluctuating right now and Check Point needs to be upgraded. Also, their troubleshooting needs to be improved for this. 

For how long have I used the solution?

I have been using it for five years.

What do I think about the stability of the solution?

I haven't seen any stability issues, though I have seen some issues with the management of the gateway. Stability-wise, it is good (a nine out of 10).

What do I think about the scalability of the solution?

We have 74 locations. We can have 10,000 users maximum via an Internet gateway. We have four data center across the world: two in USA, one in London, and one in Dubai. Passing through Check Point per location: in the USA - 5000 users, in London - 2000 users, and in Dubai - 10,000 users.

There are 12 network security engineers/consultants managing Check Point and the legacy firewall, SonicWall.

How are customer service and technical support?

Right now, we cannot go directly to Check Point because of vendor dependency. We have to first initiate with our vendor.

Which solution did I use previously and why did I switch?

We migrated SonicWall to Check Point about two years back. That took one year to set up in our organization. 

We switched away from SonicWall because it is a legacy firewall at end of life. SonicWall was missing features that Check Point has, like UTM, IDS, IPS, antivirus, etc. Check Point is better for protection and performance-wise.

How was the initial setup?

It is easy to deploy or upgrade. There is no need to do this manually with commands. This solution can be set up online.

We have two devices. Right now, we are deploying and upgrading a new setup, where you can do management, management plus gateway on the device, or virtually you can install your management device on VMware or Hyper-V. With the Hyper-V and the Management Server, you can access all the gateways. For the Management Server and gateways, we have an activation key.

What about the implementation team?

We are an IBM OEM company who received installation support from that vendor. They provided all the network connectivity.

For our implementation, we:

  1. Started with an initial diagram of the configurations and what we want to see after the installation.
  2. Segregated the SonicWall and Check Point tools for the migration since we used automation.
  3. Checked the mode of installation. We went with transparent mode.
  4. Collected the IPs for the firewall. It required multiple IPs because with we have cluster nodes.
  5. Assessed the feasibility of Check Point in our environment.

For our strategy, we looked at:

  • How many users are in all our offices? For example, is it a small office, mid-size office, or data center?
  • Using high-end versus lower-end devices, e.g., lower-end devices means a smaller price tag.

A smaller office of less than 500 people would get a 4000 Series. Whereas, a larger office would get a 5600 or 7000 Series. We have to be focused on the natural topology.

What's my experience with pricing, setup cost, and licensing?

We have had some vulnerabilities when we upgraded the R80.30 Management Server. We have some gateways right now in our R77.30 version, and this means if we go without license in R80.30, then it will prompt a bad connection and terminate. We have had some license difficulties with the connection going from R70 to R80. However, these don't largely impact performance.

Which other solutions did I evaluate?

We looked at Fortinet and Palo Alto. We did not feel FortiGate was capable of what we required. Palo Alto is somehow not as good as Check Point, budget-wise and performance-wise. Palo Alto is more costly than Check Point.

If you need a good support or something that is good budget-wise, then I recommend going with Check Point compared to Cisco or Palo Alto.

What other advice do I have?

It is a good firewall. It has returned good performance. We are happy with the product. I would rate the product as a nine out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
Network Engineer at a legal firm with 1,001-5,000 employees
Real User
It has a good IPS features, we haven't seen any security breaches
Pros and Cons
  • "The interface and the IPS intrusion prevention are the most valuable features of this solution."
  • "With the version we're on, it's a bit time-consuming if you have multiple IP addresses to add. But in the later versions, which we're moving to, it makes it a lot easier to add IP addresses with dynamic objects, as they call it."

What is our primary use case?

We use it for standard firewalls.

What is most valuable?

The interface and the IPS intrusion prevention are the most valuable features of this solution.

It's pretty straightforward to use once you get your head around it. It's fairly straightforward to use. 

What needs improvement?

With the version we're on, it's a bit time-consuming if you have multiple IP addresses to add. But in the later versions, which we're moving to, it makes it a lot easier to add IP addresses with dynamic objects, as they call it.

In the next release, I would like to have the ability to automatically add rules from the tracking log. I've used that in other firewall software whereby you can trace the logs, and from the log, you can add a new rule automatically. That would be a nice feature.

For how long have I used the solution?

I have been using Check Point NGFW for around a year. 

We're on R77 and soon to go to R80. They're virtual machines.

What do I think about the stability of the solution?

It is very stable. We had one issue recently where Check Point had made a change, and it took a lot of our connectivity down. But that was really a one-off, so that was a mistake on Check Point's side with their policy testing/QC control that affected lots of their customers. 

What do I think about the scalability of the solution?

I've not had to deal with scaling them but from what I understand, they scale to huge organizations.

We have around five IT engineers who use this solution in my company and five who work on deployment and maintenance.

It's used throughout the business, with around 1,500 users, so for all the traffic. We do not have plans to increase usage. 

How are customer service and technical support?

 I've used the technical support. They're very responsive, we usually get a response the same day. The advice they've given has been very good and the knowledge base articles that they send are also very good.

Which solution did I use previously and why did I switch?

In other companies I've worked at, I also used all sorts of firewall solutions including FortiGate, Cisco, and pfSense. Check Point is easier than Cisco but more complex than pfSense or FortiGate in terms of its features and management.

Check Point's push to make deploy policy changes is slow when you've made a change to then push it out to the firewall. It does take 10 minutes or so to push that change out, so it's not as instant as some of the other firewalls I've used.

What was our ROI?

I have seen ROI. There have been no complaints. We haven't had any security breaches, so it's been good.

What other advice do I have?

It's a good product. My advice would be to get some training or watch some videos on using it. You do need a bit of training on it. Initially, there is quite a steep learning curve.

My comfort level with it is on and off. I've been at my company for a year and I'm starting to get comfortable, but it's such a big product that unless you're using it all day, every day, you wouldn't master it. If that was all you were doing every day, then it would probably take you three or four months to get the hang of it.

I would rate Check Point NGFW an eight out of ten. It's not as easy as the other firewalls I've used but that's probably due to the large feature set.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
DmitryPavlukhin - PeerSpot reviewer
Security Analyst at HOST
Real User
Enables us to catch much more malware and spam with incoming traffic, and we now are more protected with our environment
Pros and Cons
  • "AV, IPS, AntiSpam, Sandbox. That's gentlemen set for any basic security, and it was implemented very well. In our reports, the most exciting results belong to AV and IPS. It can be explained by using ThreatCloud - a global knowledge base, which accumulates signatures for all existing and new coming malware, and all the Check Point solutions are always up to date with potential threats."
  • "I hope for product simplification. It would be better to use one security console, instead of many of them (for licensing and monitoring). The solution is hard for newcomers and takes much time to deep in. Also, I want a historical graph for throughput and system resources usage. Maybe it will be great to make easy step-by-step installation and configuration cookbooks as Fortinet did, and integrate the documentation within the solution."

What is our primary use case?

We use Check Point NGFW as a perimeter NAT Gateway with the security features, it helps us to prevent hackers. We implement Check Point-based infrastructures for our customers. In most cases, this is the same perimeter gateway and internal segmentation firewalls. Many of our customers also using the VPN feature to organize remote access to the company's assets for employees, especially in the COVID period, and to connect their branch offices to the base infrastructure. Environments are differing from one out customer to another, but these are primary use cases. 

How has it helped my organization?

We catch much more malware and spam with incoming traffic, and now we are more protected with our environment. For our customers, this is always a surprise, when we are running a pilot project - how mush malware and attacks we catch during the two weeks period. Check Point has a great report called "Security Check Up", that show these results on informative charts. In our region, our customers use primarily local solutions, that has no good security features inside. Check Point has a certification there, which allows them to work in our region and make the world safer. 

What is most valuable?

AV, IPS, AntiSpam, Sandbox. That's gentlemen set for any basic security, and it was implemented very well. In our reports, the most exciting results belong to AV and IPS. It can be explained by using ThreatCloud - a global knowledge base, which accumulates signatures for all existing and new coming malware, and all the Check Point solutions are always up to date with potential threats. When we using sandbox with Sandblast agent, often there are not real-world exciting results, but when we show a solution in work with existing samples, it also shows good results. 

What needs improvement?

I hope for product simplification. It would be better to use one security console, instead of many of them (for licensing and monitoring). The solution is hard for newcomers and takes much time to deep in. Also, I want a historical graph for throughput and system resources usage. Maybe it will be great to make easy step-by-step installation and configuration cookbooks as Fortinet did, and integrate the documentation within the solution. In most cases, the solution works great and I recommend it for our customers.

For how long have I used the solution?

3 years.

What do I think about the stability of the solution?

Everyone falls sometimes. I recommend using high availability or at least two power blocks. 

What do I think about the scalability of the solution?

Nice, easy to connect and implement high availability.

How are customer service and technical support?

Support is great, we solved cases with solution integrations easily.

Which solution did I use previously and why did I switch?

We are using many solutions at the same time. Just to be closer to our customers. 

How was the initial setup?

Initial is very easy. Further - harder.

What about the implementation team?

In-house

What was our ROI?

12 months.

What's my experience with pricing, setup cost, and licensing?

NGTP is easy and strong. If you need the best security - use SanbBlast in addition.

Which other solutions did I evaluate?

We always check security options before implementing them to customers.

What other advice do I have?

Good solution - I recommend it. 

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: Our company is a Security Integrator. We are Check Point Partner and Deploy their solutions for our customers.
PeerSpot user
reviewer1396851 - PeerSpot reviewer
Deputy Manager (Systems) at State Bank of India
Real User
Generates extensive logs that help figure out issues but the packet mode needs to optimized
Pros and Cons
  • "Advanced logging capabilities: Check Point generates extensive logs which may be very useful to figure out the issues. Its logs also contain too much information which can be used to modify the policy as per user need and organizational security environment. The same can be used to figure out probable attack surface or necessary steps for mitigation."
  • "Management: Check Point should move away from its current architecture wherein it mandatorily requires a management server to manage the gateways. They should develop A feature in the gateway itself so that no management server is needed for policy and gateway management."

What is our primary use case?

Check Point NGFW is being used as a security product in the environment. It is securing the IT infrastructure and delivering the services as expected. In the current world scenario, IT is becoming the backbone for every organization, and most business is highly dependant on IT so securing the IT infrastructure is becoming challenging. Check Point NGFW meets the expectations of our organization to secure the IT infrastructure as per organizational need. Check Point NGFW also gives many security features in single box which reduce your management complexities.

How has it helped my organization?

Our organization's primary need is to make information available and secure from an insider as well as outsider threats. Check Point NGFW can give you lots of security features on a single device that can be used as per the organization's need, you not need to procure separate security devices to strengthen the security. The organization also provides services like service providers so it becomes more critical to secure the IT environment and we believe Check Point NGFW family is meeting the requirement as per the expectation.

What is most valuable?

Advanced logging capabilities: Check Point generates extensive logs which may be very useful to figure out the issues. Its logs also contain too much information which can be used to modify the policy as per user need and organizational security environment. The same can be used to figure out probable attack surface or necessary steps for mitigation. 

Anti-spoofing security feature: Check Point has inbuilt by default enabled feature of anti-spoofing which reduces the attack surface from the spoofed IP addresses. 

IPS: Check Point IPS is one of the best products in the market.  

What needs improvement?

Management: Check Point should move away from its current architecture wherein it mandatorily requires a management server to manage the gateways. They should develop A feature in the gateway itself so that no management server is needed for policy and gateway management. They should leave it to the user whether they want to procure a dedicated management server or run the show with the gateway itself. It will also reduce the operation cost.

They should also optimize the packet mode feature like Cisco’s firewall packet tracer wherein it tells administrators which policy or rule is processing the intended traffic.

For how long have I used the solution?

More than two years.

What do I think about the stability of the solution?

Check Point maestro is highly scalable, their other chassis base solutions are also scalable 

What do I think about the scalability of the solution?

If you choose Check Point maestro platform they you need not to worry about the scalability.

How are customer service and technical support?

They are very cooperative and supportive in nature. 

Which solution did I use previously and why did I switch?

We were using an ACL based firewall which was traditional and not meets the current security expectation. So to meet the advance security requirement product like Check Point is needed.

How was the initial setup?

It was straightforward.

What about the implementation team?

Check Point authorised partner had been involved in the migration to avoid any operation issue 

What was our ROI?

Hard to calculate.

What's my experience with pricing, setup cost, and licensing?

They should first understand their organization's needs and accordingly choose the product. In case if someone is not sure especially about sizing then they should use the Check Point maestro platform as it gives you the flexibility to augment the capacity on the fly without disrupting the existing running operation.

Which other solutions did I evaluate?

We have not evaluated any other option before Check Point. 

What other advice do I have?

Check Point gives you flexibility and eases the management with meeting organisation’s security need. But before choosing proper sizing has to be done.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
IT Security Manager at a retailer with 10,001+ employees
Real User
Top 5
Enables us to deploy complex changes from a single management interface and get better visibility
Pros and Cons
  • "Check Point is able to satisfy almost any security tool for enterprise clients. This allows us to deploy complex changes from a single management interface, get better visibility, and significantly reduce operational complexity."
  • "I would like to see an improvement of built-in monitoring capabilities such as throughput. Practically visualization of CPview outputs into beautiful pink GUI will do it."

What is our primary use case?

*Perimeter Firewalls - to protect regional hubs and local offices from public space and provide L3-L7 filtering

*Internal Segmentation Firewalls - to secure company's internal network from movement of malicious actors and reduce traffic flows only to authorised ones

*Public and Private Cloud - to secure hybrid environment either onprem or in the cloud while achieving micro segmentation per host

*Cloud Compliance - to get a visibility into cloud environment and and related vulnerabilities 

*Data Center

*SaaS

How has it helped my organization?

Check Point is able to satisfy almost any security tool for enterprise clients. This allows us to deploy complex changes from a single management interface, get better visibility, and significantly reduce operational complexity.

I have to emphasize the value of Diamond support here where most senior engineers can provide great support with any challenges. Thinking out of the box, sense of responsibility, professionalism and much more - such an attitude helps to provide resolution to any crisis in the shortest term

What is most valuable?

With the new capabilities embedded into R80.XX flavor it is possible to achieve great flexibility while defining your security policy. It is possible to utilize a variety of objects to define static or dynamic criteria for inspection and reduce general rule base size and complexity, while not giving up on security

The security research team is doing a great job staying on top of ongoing threats and releasing fixes for ongoing attacks within days or sometimes hours.

Check Point always actively listens to its customers trying to identify emerging needs and satisfy them pro-actively

What needs improvement?

I would like to see an improvement of built-in monitoring capabilities such as throughput. Practically visualization of CPview outputs into beautiful pink GUI will do it. 

The monitoring of scalable solutions is quite tricky, but it could be relevant for all vendors who possess the same technology.

IPS fine-tuning may require some time to understand the interrelation between IPS protections, core Protections and other IPS profile elements. But in general, Check Point is on the way of great simplification of TP management

For how long have I used the solution?

Check Point products are being in use for the last 6 years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Manager, Information Technology at a financial services firm with 10,001+ employees
Real User
We can add application signature in the same rule base & don't have to create a different policy for that
Pros and Cons
  • "Now we can add application signature in the same rule base & don't have to create a different policy for that."
  • "They should integrate all blades to use a single policy rather than multiple."

What is our primary use case?

The firewall is the primary use case of this solution & IPS is secondary use case of the solutions.

We are looking forward to Sandblast solutions.

We also use it for cloud expansions 

The Check Point NGFWs brought up the security level with the help of the advanced software blades - we use Application Control, URL Filtering, IPS, Anti-Bot, and Antivirus. The setup was simple, and the performance is great - we have significant resources to expand the environment in the future without disabling any blades and thus maintaining the security on the same, high level.

How has it helped my organization?

It has improved the security posture of the organization by implementing this solution.

Now we can add application signature in the same rule base & don't have to create a different policy for that.

Advanced networking and routing features - we use Proxy ARP to announced virtual IPs to ISP and bing domain names to it; BGP for dynamic routing over IPSec VPN tunnels to other environments, and Policy-Based Routing for connecting to two ISPs.

What is most valuable?

  • Easiness while working on all blade of firewalls 
  • Flexibility in NAT rules 
  • The new Policy Layers feature for building up the Access Control policy - the rules are now more understandable and efficient.
  • Also, even so, the new SmartConsole is declared to be unified starting from version R80.10, there are still some features that have to be configured in the old SmartDashboard (e.g. Mobile Access policy and Antivirus), or on the Gaia OS level (all the routing features).

What needs improvement?

  • Offline Sandblast solution, which should send malicious sources to other security solutions.
  • TAC Support level to be enhanced 
  • More details to be included while VPN troubleshooting, using GUI representation 
  • Integrate all blades to use a single policy rather than multiple.

For how long have I used the solution?

I have been using Check Point for more than 14 years.

Which solution did I use previously and why did I switch?

We are using Palo Alto and Check together.

What's my experience with pricing, setup cost, and licensing?

Cost is negotiable always & matches the expectations and licences are flexible and are added advantage. 

Which other solutions did I evaluate?

We evaluated other solutions.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PRAPHULLA  DESHPANDE - PeerSpot reviewer
Associate Consult at Atos
Real User
Top 5Leaderboard
The vulnerability assistance via report management detects host and network vulnerability
Pros and Cons
  • "Apart from it having very good features, I personally like the vulnerability assistance via report management which detects host and network vulnerability."
  • "Heavy load causes a higher CPU to peek which causes us to need to reboot the device. Malicious activity database corrupts the directory or path and restoring it takes a lot of time."

What is our primary use case?

Check Point leading industry provides a complete solution that is required to perimeter security along with deep packet inspection for network traffic.

Check Point not only acts as a traditional firewall but it provides you with complete security for users who work from home. Work from home users observed that Check Point gives 100 % functionality without any trouble.

It offers centralized management to customers where they have an IT member so there Check Point management can work properly. It is available in a smaller range to higher. Customers can get it at an affordable price. 

How has it helped my organization?

As we vendor, we deployed the Check Point firewall in many organizations and they are renewing its license as they trust the product and support.

Whatever feature they want is possible with Check Point and 80.20 later versions are coming in, that feature set was previously not available. Customers are satisfied. 

What is most valuable?

No other firewall provides a feature set in log monitoring and threat detection blades.

Apart from it having very good features, I personally like the vulnerability assistance via report management which detects host and network vulnerability.

Most customers need reports which define how many users are infected, how many viruses and malware there is, botnet traffic firewall deteted all this type of information. Check Point is in a very easy and understandable format based on logs history.

What needs improvement?

Sometimes the stability related application, URL filtering, and troubleshooting issues take longer than expected. I observed some feature set that is very easy to add from the deployment team but Check Point needs a longer procedure so customers relating those features with Check Point firewall and Palo Alto.

Heavy load causes a higher CPU peek which causes us to need to reboot the device. Malicious activity database corrupts the directory or path and restoring it take a lot of time .

We receive performance but sometimes there are stability-caused issues. 

For how long have I used the solution?

I have been using Check Point for three years. 

What do I think about the stability of the solution?

Check Point can defend Palo Alto if they work on stability.

How are customer service and technical support?

Tech support is very helpful and provides the right solution.

Which solution did I use previously and why did I switch?

We went from Sophos to Check Point.

How was the initial setup?

The initial setup was simple.

What about the implementation team?

We are only vendors.

What's my experience with pricing, setup cost, and licensing?

The pricing is really negotiable based on other competitor solutions.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Oleg P. - PeerSpot reviewer
Senior Network and Security Engineer at a computer software company with 201-500 employees
Real User
Our overall security of the environment has been greatly improved
Pros and Cons
  • "The overall security of the environment has been greatly improved by the Check Point NGFWs. Before implementing this solution we have to rely on the Cisco ACLs and Zone-Based firewall that we had configured on switches and routers, which in fact a simple stateful firewall, and currently not an efficient for protecting from advanced threats."
  • "The pricing for the Check Point products should be reconsidered - we found it to be quite expensive to purchase, and to maintain (the licenses and the support services need to be prolonged regularly)."

What is our primary use case?

Our company works in developing and delivering online gambling platforms. The Check Point NGFWs are the core security solution we use to protect our DataCenter environment located in Asia (Taiwan). The environment has about ~50 physical servers as virtualization hosts, and we have two HA Clusters consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix. The Clusters serve as firewalls for both inter-VLAN and external traffic.

How has it helped my organization?

The overall security of the environment has been greatly improved by the Check Point NGFWs. Before implementing this solution we have to rely on the Cisco ACLs and Zone-Based firewall that we had configured on switches and routers, which in fact a simple stateful firewall, and currently not an efficient for protecting from advanced threats. The Check Point NGFWs brought up the security level with the help of the advanced software blades - we use Application Control, URL Filtering, IPS, Anti-Bot, and Antivirus. The setup was simple, and the performance is great - we have significant resources to expand the environment in the future without disabling any blades and thus maintaining the security on the same, high level.

What is most valuable?

1. Advanced logging capabilities - our support team on duty constantly monitors the security logs in the SmartConsole, and notifies the security team in case of major alerts.

2. Advanced networking and routing features - we use Proxy ARP to announced virtual IPs to ISP and bing domain names to it; BGP for dynamic routing over IPSec VPN tunnels to other environments, and Policy-Based Routing for connecting to two ISPs.

3. The new Policy Layers feature for building up the Access Control policy - the rules are now more understandable and efficient.

What needs improvement?

The pricing for the Check Point products should be reconsidered - we found it to be quite expensive to purchase and to maintain (the licenses and the support services need to be prolonged regularly). 

We also had several support cases opened for software issues (e.g. unstable BGP sessions over VPN tunnels), which, in our opinion, took too long to resolve - up to one month.

Also, even so, the new SmartConsole is declared to be unified starting from version R80.10, there are still some features that have to be configured in the old SmartDashboard (e.g. Mobile Access policy and Antivirus), or on the Gaia OS level (all the routing features).

For how long have I used the solution?

We have been using the Check Point Next-Generation Firewalls for about 3 years, starting from late 2017.

What do I think about the stability of the solution?

In general, the solution is stable, but we still have had some support cases opened and have to install the JumboHotfixes on a regular basis to fix the minor bugs. Please note that the current version of the software we use - R80.10 - is not the latest one (R80.40).

What do I think about the scalability of the solution?

The solution is scalable - we use the Active-Standby Clusters, but could switch to Active-Active and add additional Gateway nodes if needed.

How are customer service and technical support?

We have had several support cases opened. Some of the were resolved by installing the latest recommended JumoHotfix, some required additional configuration on OS kernel level (e.g. TCP MSS clamping). The longest issue took about one month to be resolved, which we consider too long.

Which solution did I use previously and why did I switch?

We relied on the ACLs and Zone-Based firewalls of the Cisco switches and firewalls, which doesn't provide sufficient security protection against the modern advanced threats. 

How was the initial setup?

The equipment has been delivered on time, without delays. The setup was straightforward. The configuration was easy and understandable. 

What about the implementation team?

In-house team - we have a Check Point Certified engineer.

What's my experience with pricing, setup cost, and licensing?

Use the Check Point Performance Sizing Utility to measure and estimate the hardware needed to purchase for your environment.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
IT Operation Manager at a transportation company with 1,001-5,000 employees
Real User
Good management functionality using a single pane of glass
Pros and Cons
  • "The scalability is very good."
  • "The user interface for management could be improved."

What is our primary use case?

We primarily use this solution for routing and the protection of our internal corporate network.

What is most valuable?

The most valuable feature is the management using the Single Pane of Glass.

What needs improvement?

The user interface for management could be improved.

In the future, I would like to see support for SD-WAN capabilities.

For how long have I used the solution?

I have been working with the Check Point Next-Generation firewall for four years.

What do I think about the stability of the solution?

I would like to see better stability in newly-released versions.

What do I think about the scalability of the solution?

The scalability is very good.

How are customer service and technical support?

Dealing with the support team in Israel can be a struggle because of the difference in working hours, holidays, and priorities.

Which solution did I use previously and why did I switch?

I would with firewall solutions from several vendors including Palo Alto, Fortinet, and Meraki.

What other advice do I have?

My advice for anybody who is implementing this solution is to ensure that they have good support from local experts. The biggest lesson that I have learned from using this product has to do with the capabilities of the smallest models. Care should be taken to select the appropriate one for your environment.

I would rate this solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Manager for Operations, Security and Management at REN - Rede Energeticas Nacionais, S.A.
Real User
Identity awareness and application control features help secure our network
Pros and Cons
  • "The most valuable features for us are identity awareness, IDS and IPS, and application control."
  • "The speed of technical support is very slow and is something that should be improved."

What is our primary use case?

Our primary uses for the Check Point NGFW are network segmentation, identity awareness, and application control.

What is most valuable?

The most valuable features for us are identity awareness, IDS and IPS, and application control.

What needs improvement?

The speed of technical support is very slow and is something that should be improved.

For how long have I used the solution?

We have been using Check Point firewalls for about 20 years.

What do I think about the stability of the solution?

There were times in the past when it wasn't as stable as it is now. However, with the current version, we have been running for the past year without any issues.

What do I think about the scalability of the solution?

Our company has about 1,000 users that generate traffic that passes through the firewall. Beyond that, we haven't had much need to scale.

How are customer service and technical support?

The technical support is very slow.

Which solution did I use previously and why did I switch?

The two firewalls that we having implemented are Check Point and Fortinet.

I have also worked with Juniper but it does not have all of the advanced features that Check Point has, such as application control and identity awareness.

How was the initial setup?

The initial setup is pretty simple. The amount of time required for deployment depends on the number of rules that need to be configured. The initial setup can be done in one day, and the post-setup configuration depends on the rules to be applied.

What about the implementation team?

The initial setup was completed by a partner, who was a certified system integrator.

Our in-house team handles maintenance.

What's my experience with pricing, setup cost, and licensing?

This product is not cheap and there are additional costs that depend on what model or package that you buy. If you need more features then you may have to buy additional modules. In our case, we knew what we wanted in advance so there were no additional costs.

What other advice do I have?

Overall, I am pretty happy with Check Point firewalls. My advice for anybody who is implementing this product is to get somebody with experience to help choose the correct, stable version, and assist with the configuration. All of the new features take time to implement properly, but if the correct steps are followed then they won't run into problems when the system goes into production. 

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sales Engineer at Unistar
Real User
Good technical support, reliable, and offers effective threat prevention
Pros and Cons
  • "The most valuable features are application control, regulation, and threat prevention."
  • "Compliance and centralized management can be improved."

What is our primary use case?

We are a system integrator and the Check Point Next-Generation Firewall is one of the solutions that we implement for our clients. It is primarily used for data protection, VPNs, and sandboxing. We also use it in our own data center.

What is most valuable?

The most valuable features are application control, regulation, and threat prevention.

What needs improvement?

Compliance and centralized management can be improved.

For how long have I used the solution?

I have been using the Check Point NGFW for perhaps ten years.

What do I think about the stability of the solution?

This firewall runs 24 hours a day and it is stable.

What do I think about the scalability of the solution?

It scales okay because they are SCADA compliant and follow the industry standards. It is best suited to enterprise-level organizations.

How are customer service and technical support?

Technical support is located in Prague, Israel, and America. The support is good and they are quick.

Which solution did I use previously and why did I switch?

We have also worked with Fortinet a little bit. We switched to Check Point because our team is a perfect fit for it. We know the solution well.

How was the initial setup?

The length of time required for deployment depends on the size of the environment. Our largest solution took us between 10 and 20 days.

What about the implementation team?

We have a contract with the vendor to implement and deploy this solution for customers. There are three engineers on the staff who are responsible for maintenance and support, including dealing with tickets.

In total, working with this solution, we have four engineers and two junior administrators.

What's my experience with pricing, setup cost, and licensing?

It is quite an expensive product, although security is a top priority. For people who want security, the price is not a problem, and everything is included in the price of the license.

What other advice do I have?

This is the number one, best firewall on the market. My biggest complaint is that the centralized management has to be improved.

I would rate this solution a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
ChandanSingh - PeerSpot reviewer
Senior Technical Consultant at Ivalue Infosolution
Consultant
Feature-rich, easy to deploy, security oriented, and offers scalability and great throughput
Pros and Cons
  • "The most valuable feature is the Stateful Inspection, which was developed by Check Point."
  • "No product is perfect and there is always room for improvement."

What is our primary use case?

I am a Check Point distributor and the Next-Generation Firewall is one of the products that I am dealing with. My customers use this as part of their security solution that covers mobile devices, computers, their network, cloud, SD-WAN, IoT devices, IP phones, IP cameras, and others.

How has it helped my organization?

Checkpoint has provided Security to the entire data center. 

What is most valuable?

This is a feature-rich product and all of them are useful.

The most valuable feature is the Stateful Inspection, which was developed by Check Point.

The throughput is very good with Check Point. Checkpoint ThreatCloud is the largest threat intelligence database. 

Checkpoint management is a single pane of glass from where you can manage all the CP solutions from a single point be it on-prem or cloud or hybrid.

What needs improvement?

There is always room for improvement and CP Dev team is on right path.

For how long have I used the solution?

I have been working with Check Point firewalls for more than five years.

What do I think about the stability of the solution?

This is a stable firewall. It is very good.

What do I think about the scalability of the solution?

Scalability and throughput are very high. They have also launched a solution called Check Point Maestro, which provides cloud-level scalability on-premises. This makes it very scalable.

Which solution did I use previously and why did I switch?

My customers use firewall products from several vendors, including Sophos. Sometimes they replace their existing firewalls, and at other times, they run Check Point in parallel.

How was the initial setup?

The initial setup is very simple. This solution can be installed on-premises or on the cloud.

It takes between 30 and 45 minutes to deploy.

What about the implementation team?

Our in-house team does the installation for our clients. We also handle support, depending on what level of support the client has. Sometimes, they go directly to the OEM.

What other advice do I have?

Until earlier this year, the consolidated management was application-based and required installation. As of recently, they have launched web-based management, as well as cloud-based management. This is an upgrade that I had been waiting for because we no longer have to go to the dashboard. Instead, we just enter the IP into chrome and you get the dashboard on the web page, without having to install anything.

This is a very good product, although there is always room for improvement.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1284540 - PeerSpot reviewer
ICT-System-Specialist at a insurance company with 5,001-10,000 employees
Real User
Central logging and management makes us faster and more efficient, but technical support needs improvement
Pros and Cons
  • "With the new SmartTask offered in R80.40, we will be happy to configure some automatic control-functions."
  • "The Check Point support needs a lot of improvement."

What is our primary use case?

We use Checkpoint Firewalls to protect Datacenter VLANs against each other. In addition, we use them to protect our perimeter systems from the internet, and our internal network from the perimeter.

We have virtualized the systems on a VSX-Cluster using VSLS, but the basics are still the same compared to a traditional cluster. VSX gives us a bit more flexibility in the case of load-sharing. Therefore, it’s quite easy to react in the case of heavily used hardware distributing the load by failover or prioritizing VSs onto different nodes.

How has it helped my organization?

The biggest improvement is the central logging and management of all firewalls. Other IT-departments can get log-access and search for their own if there are missing rules or other issues.

Since we use Identity Awareness the solution becomes more flexible, as users no longer need static IPs. Especially for IT-users, who always need more rights, it was a big improvement.

Implementing Wi-Fi makes it nearly impossible to work without Identity Awareness. Unfortunately, we fought with some bugs in the IA-module, but we got them solved.

What is most valuable?

R80 management has improved and made the product more comfortable for IT people to use.

Filtering through rules and finding similar ones to add additional objects becomes much faster.

With an additional hotfix starting from R80.10, we are able to use the management with Ansible. From R80 on, we started creating objects via script or adding them to groups. That makes some parts “automatic”, or at least much faster.

With the new SmartTask offered in R80.40, we will be happy to configure some automatic control-functions.

What needs improvement?

The Check Point support needs a lot of improvement. We spend a lot of time troubleshooting issues ourselves, create good ticket descriptions, and try to explain in detail what has already been tested. Even so, it takes at least three ticket-updates before support really understands the issue. If you manage to reach the third-level support, you are still forced to be really critical of what kind of suggestions Check Point support is offering you. Running debugs on a test environment is quite different than running them in a heavily used production environment.

For how long have I used the solution?

We have been using Check Point firewalls for 16 years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
mervemetin - PeerSpot reviewer
Network Security Engineer at Türkiye İş Bankası
Real User
User-friendly and offers multilayered, innovative, and flexible protection against a variety of threats
Pros and Cons
  • "Check Point is very administrator-friendly and the SmartDashboard is easy to use."
  • "The SmartUpdate interface is a little bit crowded if your company has a lot of software items."

What is our primary use case?

We have a big environment with nearly fifteen multi-vendor clusters. We are using firewalls mainly for layer three access rules. But nowadays, application-layer-based security and threat prevention are also important. We are using IPS and antivirus blades actively, too.

In the Intrusion Prevention System blade, we are using a lot of different signatures and actions according to the impact, severity, and cost of the specified signature. The antivirus blade is also in the same logic as the Intrusion Prevention System.

How has it helped my organization?

Multilayered protection is provided thanks to Check Point. For instance, security is achieved both on the endpoint side, as well as the firewall side.

Another example is that we can prevent critical and high-risk applications from being reached through the internal network by utilizing the application blade.

All of the blades, except URL filtering, are in the same interface and provide big savings when leading the security operations.

What is most valuable?

Firstly, inline layer technology is helpful because it will classify the traffic according to different security groups. This means that we can isolate them totally and it will also prevent human error because you are limiting source, destination, service, and application parameters at the top of the inline layer rule.

Check Point is very administrator-friendly and the SmartDashboard is easy to use.

The Blades and security features are also very innovative and up-to-date.

With the IPS blade, the administrator can write signature-based exceptions for specific users. This provides flexibility to except specific connections from specific signatures.

The cloning and copy/paste operations are very useful.

What needs improvement?

The SmartUpdate interface is a little bit crowded if your company has a lot of software items.

As an administrator, one should know how to troubleshoot by issuing related CLI commands before or after upgrading gateways, or the management server, in case of a problem.

Hardware problems on Check Point devices, such as those related to NIC or disk problems, may occur at times. In cases such as this, the support team is available and does what is needed, including the RMA process if necessary.

For how long have I used the solution?

We have been using Check Point for 10 years.

What do I think about the scalability of the solution?

In my opinion, scaling is very important and it must be done ahead of time. I would suggest considering scale three years in advance, as opposed to just the present.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

What's my experience with pricing, setup cost, and licensing?

Licensing issues may be confusing at times.

Which other solutions did I evaluate?

We did not evaluate other products before choosing Check Point NGFW.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
ogzbatilay - PeerSpot reviewer
Network Administrator at Türkiye İş Bankası
Real User
Easy to use, configure, and manage and offers good security

I have been working with Check Point for almost three years in my career and 8+ years on my company.

We are using Check Point as a perimeter firewall in our data center and we are using all NGFW specs on our firewalls like IPS, identity awareness, Anti-Bot, application firewall antivirus and SandBlast solutions in our environment.

It is generally easy to configure and manage using SmartCenter. Also, SmartLog really helps troubleshoot any problems that we encounter. SandBlast Zero-Day security helps our organization become safer. SmartConsole is the best GUI when compared to other companies. It is very easy to use and it is much more secure when compared to a web GUI.

SmartCenter and SmartLog are the best platforms to manage firewall rules. SandBlast Zero-Day is very useful when encountering any security leaks.

Maestro looks very sophisticated and it is the most important feature. We have to see how it works and if it's stable or not. 

Check Point needs to work on hardware problems also. There are some hardware problems on NIC cards and hard disks. Lately, we have encountered some problems with it. There needs to be an RMA on some devices. Also, management and data plane separation need to be done as soon as possible because if you encounter a problem with gateways, you can't reach the management which will create more problematic situations.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1281831 - PeerSpot reviewer
Security and Network Engineer at a tech services company with 501-1,000 employees
Real User
User-friendly configuration, good support, and trouble-free upgrades have made our jobs easier
Pros and Cons
  • "The rules are very easy to deploy and can be optimized pretty quickly."
  • "One of the main features that need improvement is the rule filter export."

What is our primary use case?

The Check Point NGFW is the best product that I have ever used. It has pluses and minuses, as do others, but the usability, simplicity, and the configuration abilities are very user-friendly. After a while, other vendors just don’t come close to it.

The second thing is that is just works and it does it with ease. The upgrades and bug fixes are frequent and well documented. Also, the patches just work ;-)

There are some negatives but as I already said, they aren’t many and from my point of view, we can see past them.

How has it helped my organization?

It has made our lives and working in the company a lot easier. We have a better overview of the logs and what happens with the traffic in our company. Which means that the search for the certain logs is easy, quick and smooth. The overview of the logs is also very good as it is very detailed. The installation is allot quicker as it was before what also helps us with the implementation of the firewall rules. The rule consolidation is also very important as we have more than 60 fw rule change requests per day.

What is most valuable?

The rules are very easy to deploy and can be optimized pretty quickly. The R80 has a great feature on how the rules are processed, which costs less in terms of CPU and threads than it did before.

The features that are integrated into the firewall are very useful for our everyday use. Examples of these are the log manager, the firewall monitor commands, and the Linux commands. These are all very useful and helpful.

The VPN tunnels are easy to set up once you understand how they have to be configured.

What needs improvement?

One of the main features that need improvement is the rule filter export. All of the other vendors can export the filtered IPS as a PDF or CSV file, but with the smart dashboard, it’s just not possible. One can only export the whole rule base and then search for the IPS, which is super time-consuming as you can’t send the whole rule base to a customer. You would get weird questions about certain rules, why they are deployed or configured as they are, and maybe even get unwanted tips on how to change them.

For how long have I used the solution?

We have been using Check Point NGFW for eight years.

What do I think about the stability of the solution?

In terms of stability, this solution is very good.

What do I think about the scalability of the solution?

The scalability is high.

How are customer service and technical support?

The technical support is very good.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

How was the initial setup?

The initial setup is very easy.

What about the implementation team?

I implemented and deployed Check Point NGFW alone.

What's my experience with pricing, setup cost, and licensing?

Maybe the pricing is a bit high but you get the durability and the duration.

Which other solutions did I evaluate?

We evaluated Palo Alto and Cisco ASA.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Gerry Moore - PeerSpot reviewer
Head Of Technical Operations at Boylesports
Real User
Easy to manage, eliminates having to remove old hardware, and has multiple capabilities in a single box
Pros and Cons
  • "The best feature is the ability to increase the capacity of the solution by exactly what you add, not losing anything for High Availability."
  • "One of the biggest disappointments is the GUI."

What is our primary use case?

This is a complex high availability solution growing by over 100% per year. The complexity of the business environment made the ability to increase capacity without having to remove previous hardware much easier.

We have a large online presence with users needing realtor access to our environment. 

How has it helped my organization?

The improvements to our business are easy to explain. It is faster, easy to use, and there are multiple capabilities all in one box. The best examples are the endpoint and anti-virus options.

The ability to add more firewalls and increase the capabilities, rather than remove the hardware, is an exceptional step forward. No competitor was able to compete with this. Not having to continually replace hardware year after year was a massive driver in the decision-making process. The throughput going up by 100% with each added device is exceptional.

What is most valuable?

There are many features we have found good.

The best feature is the ability to increase the capacity of the solution by exactly what you add, not losing anything for High Availability. This feature alone will save us as we increase the number of devices in the stack.

Having so many top-end products in one box also assists in managing this device. URL filtering and anti-virus and other services are easy to deploy but assist in getting your company a good name.

The Infinity product seems amazing but we have a long way to go before saying it is successful.

What needs improvement?

One of the biggest disappointments is the GUI. I felt it was a little bit more clunky than some competitors. The screens don't flow as easily as they should. Improving user experience will further elevate this product.

The way the management console operates is not user-friendly, either. It needs to become less intrusive. The user experience is not as high as it should be due to the problems with the user interface. The newer products in the range seem to address my concerns, which I have had for even the older products.

For how long have I used the solution?

I have been using Check Point NGFW for six months.

Which other solutions did I evaluate?

Having leading-class firewalls with massive growth possibilities made the purchasing decision much easier. Having carried out a few PoCs, the obvious decision was the Check Point solution of Maestro and 6500s in a high availability environment.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1266306 - PeerSpot reviewer
Deputy Manager - Cyber Security at a transportation company with 5,001-10,000 employees
Real User
Easy to manage from a single console and offers zero-day protection against advanced threats
Pros and Cons
  • "The most valuable feature is that we are protected against zero-day threats."
  • "Reporting has to be improved."

What is our primary use case?

We use this solution for our perimeter firewall to protect our web applications, systems, and network. We are running our complete business with Check Point.

The complete traffic is managed by Check Point. The Check Point threat emulation blade is enabled to protect zero-day attacks and it will detect and prevent attachments and other payloads from this type of attack.

How has it helped my organization?

We have been running Check Point for the last ten years and it protected our network, systems, and applications against the latest attack. Our organization is running 500 applications that are being protected.

The next-generation firewall will manage all of the traffic and prevent the latest & advanced threats from attackers. The latest operating systems R 80.20 is wonderfully designed and allows customers to manage everything with a single console.

What is most valuable?

The most valuable feature is that we are protected against zero-day threats.

Everything can be managed from a single console.

What needs improvement?

We would like to see the following improvements:

  1. Multiple ISP redundancy.
  2. CPU utilization.
  3. VPN traffic.
  4. HA concept, where if we apply the policy in the primary appliance that should be applied to HA appliance automatically.
  5. The number of bugs has to be reduced.
  6. The number of false positives should be reduced. 
  7. Threat emulation has to be improved.
  8. Reporting has to be improved.

For how long have I used the solution?

I have been using Check Point Next Generation Firewall for ten years.

How are customer service and technical support?

We are happy with Check Point technology and support.

What other advice do I have?

Both IN and OUT traffic is managed by Check Point. We are happy with Check Point technology including the protection, management, and the ability to secure the enterprise network against advanced threats.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Manager at a retailer with 10,001+ employees
Real User
Easy to use with good monitoring features
Pros and Cons
  • "The solution is easy to use. I like the monitoring the most."
  • "All the advanced features of automation, especially the first installation of tunnels, need improvement."

What is most valuable?

The solution is easy to use. I like the monitoring the most.

What needs improvement?

All the advanced features of automation, especially the first installation of tunnels, need improvement. Also, in terms of configuration, in terms of tuning, and fine-tuning the system, I think they do make it a bit hard for users. Right now, we need to teach admins, the network and security admins about system fine-tuning in terms of load balancing between CPUs, assignment of processes. I don't think a network admin or a system admin should deal with it in terms of when we are speaking about the firewall or networking device. It should be automatic.

For how long have I used the solution?

I've been using the solution for five to six years.

What do I think about the stability of the solution?

It's a stable solution. There are about 15,000 users installed behind the firewall.

What do I think about the scalability of the solution?

It's a scalable solution. It's very good.

How was the initial setup?

It's easy to install Check Point, but not in the case of a large environment and multiple clusters. This is an ongoing project I can't tell you how long deployment takes. It's a huge network that I have. I have three people maintaining the solution.

What other advice do I have?

I have a basic network firewall and not the advanced feature, full feature security system. I think they are the best. Still, for instance, when installing a tunnel in Check Point vs installing a tunnel in Cisco, the difference is that in Check Point nothing makes sense, and in Cisco you have the duration capability, the hierarchy of the configuration.

I would rate this solution as 8 out of 10. Mostly because of configuration problems - problems with configuring VPNs, and panels, etc.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Administrator at N S PHARMACY SDN.BHD.
Real User
Provides detailed reports and has good scalability
Pros and Cons
  • "The initial setup was very straightforward. You can customize it and change it as you need."
  • "Although they have it now, we don't have a license for it, and I think mobile device security should be a standard feature. I cannot control someone bringing their device to my network and what they do."

What is our primary use case?

We primarily use the solution as a firewall device and for our VPN.

What is most valuable?

It gives me very detailed reports. The endpoint solution for clients is wonderful.

What needs improvement?

We're looking at the endpoint because there are some smaller issues with internet connectivity within our country.

Although they have it now, we don't have a license for it, and I think mobile device security should be a standard feature. I cannot control someone bringing their device to my network and what they do.

For how long have I used the solution?

I've been using the solution for 6 months.

What do I think about the stability of the solution?

Within the first four weeks, we had a few little issues with stability, consideration issues here and there. But the partner helped and gave direction that and now it's better. It's still under warranty so we are okay with it. We have about 250 users. We also have the administrative and the IT team in the company that manages different solutions.

What do I think about the scalability of the solution?

We are definitely planning to increase the scale, especially the endpoint. The cost in comparison with the brand new addition will be okay.

How are customer service and technical support?

Right now, the agreement we have is elaborate enterprise support. That means we are entitled to an engineer within 48 hours if we have issues that can't be resolved remotely. I've been satisfied with technical support so far.

Which solution did I use previously and why did I switch?

We were using the Sonicwall NSG 3400. It's a good appliance, but the major problem is they don't have competent technical partners in Nigeria. So all our support was via email, phone, and remote. It wasn't very good which is why we had to change it. Sometimes our network went down and we had to start calling so that we can call on the device. They needed to have someone in Nigeria that could assist. That's why we had to leave it.

How was the initial setup?

The initial setup was very straightforward. You can customize it and change it as you need. But the initial information is wonderful. Initial deployment took approximately two and a half days. Then, to complete everything took a week. Deployment took about 3-4 people.

What about the implementation team?

We had a partner. A representative of Check Point came and did the implementation.

What's my experience with pricing, setup cost, and licensing?

We pay a license fee on a three year basis. We have a three-year license. We pay $5,000-$6,000 a year.

What other advice do I have?

I would advise anyone to try Check Point.

I would rate this solution 7.5 out of 10. I think they should make their licensing simpler.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security Engineer at Tenece Professional services
Reseller
Enables us to complete the network compliance rules and has a great GUI
Pros and Cons
  • "We use Check Point to complete the network compliance rules."
  • "This product has room for improvement in technical support for Africa."

What is our primary use case?

The management of our company requires a firewall implementation. We use Check Point to complete the network compliance rules.

How has it helped my organization?

We use Check Point NGFW for compliance. The initial request leads to secondary requests. By the time you have recognition, there is recollection. For the main service, it's collection.

What is most valuable?

The feature we have found to be the most valuable is the management firewall. 

What needs improvement?

This product has room for improvement in technical support for Africa. There are some problems with African countries. We also need to provide excellent services. 

The additional feature I would most like to see included in the next release of this solution is removal management.

What do I think about the stability of the solution?

The stability of the solution is quite good. It has a great GUI and it's comfortable. I love the content. Of course, you also have great support.

What do I think about the scalability of the solution?

The new version is highly scalable. Now all of our users depend on the firewall. We have about 150 users. We require two staff for deployment and management.

Which solution did I use previously and why did I switch?

We previously used Sophos. We switched for more security. 

How was the initial setup?

The initial setup was straightforward. Our deployment took two or three weeks. Deploying the first one was two weeks, but the other ones were around one week.

What about the implementation team?

For the first setup, I used a consultant. For the second one, I didn't. We didn't need one.

What's my experience with pricing, setup cost, and licensing?

Licensing costs for this solution are on a yearly basis.

What other advice do I have?

On a scale from one to 10, I would rate this product a nine. Nobody's perfect.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Supervisor of Network and Datacentre Operations at Manitoba eHealth
Real User
Consolidated many of our DMZ services into one appliance

What is our primary use case?

  • Perimeter and datacentre firewalls
  • URL filtering
  • Anti-bot
  • Anti-malware
  • Application awareness.

How has it helped my organization?

Consolidated many of our DMZ services into one appliance, and it's easy to add IPS functionality on firewalls.

What is most valuable?

All of the above mentioned.

What needs improvement?

Simplify licensing.

For how long have I used the solution?

Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Network Engineer at a retailer with 5,001-10,000 employees
Real User
Completely useless support, too many bugs, can't get anything to work, and too expensive for what you get

What is our primary use case?

Our primary use case of this solution is to use it as a security gateway. 

What is most valuable?

The visibility and the logging are the most valuable features. Also, their interface is second to none. The best thing about it is the interface but it crashes too often. If it can stop crashing that would be great. 

What needs improvement?

Their support is completely useless. They need to improve that and the stability. The main reason we are moving on from Checkpoint is because of their stability and their support. There are way too many bugs. You just can't get things to work properly.

They don't need to bring any more features. They need to focus on stability. They should stop trying to be funky and stop trying to develop new things to catch people's attention. Just focus on what they already have and make it work. It would be a good product. Just make sure it works. 

For how long have I used the solution?

More than five years.

What do I think about the scalability of the solution?

When it works, scalability is perfect. 

Which solution did I use previously and why did I switch?

Six years ago we were using a Fortinet solution. The reason we switched to Checkpoint was because of the central management. It can manage up to hundreds of devices without failing but in reality, it doesn't actually do that. Central management was better than Fortinet back then. That was several years ago. I don't know Fortinet now. The reason we chose Checkpoint was the central management. We needed to manage up to about 700 or 800 devices.

How was the initial setup?

The initial setup depends on how many features you want to turn on. If you just want a simple set-up, with not a lot of features, then it's easy. You can set one up very quickly, within a day. If you want to have a lot of features turned on and your environment is slightly more complex than standard, it can take up to a few months because you will always run into bugs. It's going to stop you from proceeding and you will be battling with it for a long, long time. Contacting support won't always help. You could potentially waste months of your time and not get any value from it. 

What about the implementation team?

We had Checkpoint support engineers for the implementation. The people are helpful. They support their product. The problem is that there were too many problems. Even their support can't fix it. They try their best to help but when the product isn't great, there's not much you can do.

What's my experience with pricing, setup cost, and licensing?

This solution is way too expensive for what it is worth, especially when it doesn't work. It's just pointless. It's time wasted.

What other advice do I have?

I would rate this solution a three out of ten. The reason I give it a three and not zero is because the visibility and the interface are great. Other than that, they're too much of a headache. We've had painful experiences that we never want to go back to. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
LuisDavila - PeerSpot reviewer
Network and IT Security Admin at DP World Callao
Real User
The configuration is easier than other firewalls and we have good support
Pros and Cons
  • "We never had an outage of the appliances or the consoles. Stability is very strong. I never had a problem related to stability."
  • "I would like for them to develop the ability to manage a cloud firewall with the same console. That would be very helpful."

What is our primary use case?

Check Point is a very good solution. My primary use case is as a perimeter firewall. I never use Check Point's IPS. I always work with another IPS, in a different appliance. I always use the firewall modem as a firewall.

How has it helped my organization?

We have good support from Check Point. They always send us information about new products, new technologies, and new attacks worldwide. We are looking for endpoint protection and Check Point is one of the brands that could provide that technology to us.

What is most valuable?

The most valuable feature of Check Point is the management console. Another feature that is most valuable for me is that the configuration is easier than other firewalls.

What needs improvement?

I would like for them to develop the ability to manage a cloud firewall with the same console. That would be very helpful.

Another thing I would like to see improved is that when I start policies in Check Point's console, it takes a few minutes. It could be better and faster.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

We never had an outage of the appliances or the consoles. Stability is very strong. I never had a problem related to stability.

What do I think about the scalability of the solution?

Scalability is good. Since four years ago, we have been increasing the number of users and the traffic. The solution is working well and working with our progress.

How are customer service and technical support?

I always work with a partner so the partner is in contact with Check Point. Their response is very fast. In all of the cases, it's very fast.

Which solution did I use previously and why did I switch?

We switched because it is a good product and because of the cloud support. We are moving to the cloud step by step and the cloud support is important. If another company has better cloud support it may be a factor that would influence my company to switch to another solution. 

Important criteria that we look at when choosing a solution is the local experience and the local support. That it is very important. 

How was the initial setup?

I wasn't there for the initial setup but from what I heard, it was straightforward. 

Which other solutions did I evaluate?

We looked at Cisco vs Fortinet. We chose Check Point because of the cost benefit that this product offers.

What other advice do I have?

I would rate this solution an eight. It's a good solution. The management is easy. The console is very practical but in order to be a ten, it should be faster.

I would advise someone considering this or a similar solution to prove the solution before choosing the final vendor. Prove that it will be very helpful for you.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Engineer at CENACE
Real User
Efficient firewall protection
Pros and Cons
  • "It is easy to configure and it is a valuable antivirus protection. I especially like the IPS feature of this product."
  • "The presentation of the reports need to be more user-friendly."

What is our primary use case?

We use this product as firewall protection.

How has it helped my organization?

We are a utility company, so we need efficient antivirus protocols. The firewall support is extremely important to our organization. Checkpoint helps us protect our company from outside threats.

What is most valuable?

It is easy to configure and it is a valuable antivirus protection. I especially like the IPS feature of this product.

What needs improvement?

The presentation of the reports need to be more user-friendly. 

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

Sometimes we have problems. In those cases, we just need to reboot the system.

What do I think about the scalability of the solution?

The scalability of the solution is not great for us because we have old equipment. With newer equipment, I think the scalability would be much better. It is no fault of the solution itself. 

How are customer service and technical support?

The Checkpoint tech support takes a long time to resolve problems. 

Which solution did I use previously and why did I switch?

Prior to Checkpoint, we considered Cisco. 

How was the initial setup?

It was a complex setup. We had a partner configure the equipment. 

What's my experience with pricing, setup cost, and licensing?

The price is high in comparison to other solutions. 

Which other solutions did I evaluate?

We are currently considering Fortinet as another possible option. 

What other advice do I have?

After much evaluation, we have decided to change our firewall.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sandun Fernando - PeerSpot reviewer
Network Administrator at University of Kelaniya
Real User
Gives me peace of mind as we can now block BitTorrent and other high bandwidth downloads.
Pros and Cons
  • "The most valuable feature is the IPsec VPN."
  • "The Smart Dashboard and other user interfaces are very easy to use and can be handled without any significant IT skills."
  • "After introducing this NGFW, we have improved our security posture, and now, have peace of mind."
  • "Check Point Smart Dashboard does not support my Apple MacBook Air. It only supports Windows versions."

What is our primary use case?

We are a large University with more than 1000 employees across seven faculties and growing. Student population is more than 15,000 in-house and 30,000 external. The University of Kelaniya Sri Lanka primarily uses the Check Point 4800 device to protect users and servers. The product also enables the VPN with advanced security policies inside our network. This gives us a better security posture. Valuable features include a good VPN, IPsec, and SSL. We use Check Point 4800 as a perimeter firewall and our internet bandwidth expanded to 1Gbps.

How has it helped my organization?

We use it mainly for security and content control. Earlier, we could not block BitTorrent and other high bandwidth downloads from our firewall. After introducing this NGFW, we have improved our security posture, and now, have peace of mind. 

What is most valuable?

The most valuable feature is the IPsec VPN. The application and content filtering is perfect for our university. This device gives us alerts and reports on a daily and weekly basis. It gives us the opportunity to know what is going on. The Smart Dashboard and other user interfaces are very easy to use and can be handled without any significant IT skills. It allows for easy policy management.

The Check Point Capsule VPN is a great feature. It connects to our university in a few seconds.

It's easy to handle and manage. No need for significant IT skills to manage this solution.

What needs improvement?

Check Point Smart Dashboard does not support my Apple MacBook Air. It only supports Windows versions. Checkpoint does not support captive portal in IPv6. We had a big issue. Not solved yet by Checkpoint experts.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

Check Point is a stable product.

What do I think about the scalability of the solution?

No issues with scalability. 

Which solution did I use previously and why did I switch?

We used Cisco ASA 5510 as our perimeter firewall before purchasing this NGFW. It only had firewall features. We switched because we were looking for a strong gateway level security with attributes like antivirus, anti-spam, IPS, web content filtering, application control, and secure wireless access points.

How was the initial setup?

The initial setup was straightforward.

What about the implementation team?

A vendor team implemented this. They gave us in-house training for our staff. They are experts in Check Point and taught us well.

What was our ROI?

It has a great ROI. 

What's my experience with pricing, setup cost, and licensing?

Pricing is negotiable and competitive.

Which other solutions did I evaluate?

We selected the following brands and models by going through different reviews:

We requested that the vendors do a PoC. Check Point, SonicWall, Sophos and Fortinet agreed to run one. Finally, we chose Check Point.

What other advice do I have?

We are in the higher education sector in Sri Lanka. We produce graduates to our country and other countries.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sandun Fernando - PeerSpot reviewer
Sandun FernandoNetwork Administrator at University of Kelaniya
Real User

Check Point is the best suitable NextGen firewall for our University which has a large number of students. Smart dashboard and other blades are user friendly and it has no need for a high level of IT skill to manage these.

Commercial Manager at a tech services company with 11-50 employees
Real User
Effective security and local support have been the key features for us
Pros and Cons
    • "We looked very closely at ArcSight's solution because it's a multi-vendor solution. With ArcSight we could have Check Point, we could have RSA, we could have any brand and integrate several brands, from a security point of view. With Check Point, you cannot do so, you can integrate with Check Point products."

    What is our primary use case?

    It is our next-generation firewall and IPS.

    How has it helped my organization?

    We had some security issues that WatchGuard could not resolve. Since installing Check Point, we have not had any troubles. We don't have any security problems anymore.

    Also, as we are systems integrators, we could not offer only one brand to our customers. We had to expand to several solutions to enable customers to make their own decisions.

    What is most valuable?

    It's a gateway and we can integrate some of their functionalities. It's a gateway for us to work with them. Compared to the previous solution we had - WatchGuard - Check Point really works.

    What needs improvement?

    We looked very closely at ArcSight's solution because it's a multi-vendor solution. With ArcSight we could have Check Point, we could have RSA, we could have any brand and integrate several brands, from a security point of view. With Check Point, you cannot do so, you can integrate with Check Point products. Check Point forces the customer to buy only one vendor's solution but the trends of the market are not to work with only one vendor. If Check Point could work with other vendor solutions, that would an improvement.

    It would also help if they had solutions for the SMB market. Check Point is only useful for customers that have a big IT budget. If they don't have the IT budget, the customer has to buy a solution that from another vendor.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    For the last 10 or 12 years, Check Point has been at the top of the industry ratings, so this demonstrates they make good products. The stability is really good.

    How are customer service and technical support?

    Technical support is really good. We work with a partner from Check Point, a very good partner. The time of response is very good. We are satisfied with the solutions that Check Point has provided us.

    Which solution did I use previously and why did I switch?

    Before using Check Point we were using WatchGuard, but it was not a good brand. Support from them was very difficult. We decided on Check Point because, first of all, their salespeople did a good job. In addition, their position in the market helped us decide to buy. Also, we are systems integrators and many of our customers use Check Point. Their feedback helped us make the decision to go with Check Point.

    An important criterion when selecting a vendor is that the vendor has to provide support here in Peru. Our experience with WatchGuard not having a local representative was that the support was not good in terms of time of response as well as difficulties with the idioms of the language. We speak Spanish and the support was only in English, so it was difficult.

    How was the initial setup?

    I'm not part of the technical staff. But from what I heard, the setup was fine. I believe the installation and deployment were without any problems.

    What's my experience with pricing, setup cost, and licensing?

    Check Point solutions are very expensive here. It's good, but it's expensive.

    What other advice do I have?

    Some vendors offer a PoC. When you do a PoC you can more easily see which is the better solution. We would recommend requiring a PoC.

    I would rate Check Point an eight out of 10. They're not a 10 because of their pricing.

    Disclosure: My company has a business relationship with this vendor other than being a customer:
    PeerSpot user
    Senior Network and Security Analyst at a pharma/biotech company with 11-50 employees
    Real User
    Enables us to meet compliance requirements and maintains our security posture
    Pros and Cons
    • "It filters unwanted traffic."
    • "There are some issues compared to other products. Ease of use is one."

    What is our primary use case?

    It's simply a firewall.

    How has it helped my organization?

    1. Enables us to meet compliance requirements.
    2. It maintains our security posture.

    What is most valuable?

    Filtering. It filters unwanted traffic.

    What do I think about the stability of the solution?

    Their products are pretty robust but, at the same time, we deployed ours in HA mode so we don't really worry about downtime, we have redundancy. We've never had any problems.

    What do I think about the scalability of the solution?

    We have the right appliance for our specifications. If we wanted to get a bigger box then we will just get a bigger box based on our requirements.

    How is customer service and technical support?

    We tend to go to our reseller for technical support.

    How was the initial setup?

    The setup wasn't complex. I went to training and after training it pretty much all made sense. I was prepared for it.

    What other advice do I have?

    Do your homework and make sure it fits. You have to know exactly what you want, what your requirements are. Make sure that whatever product you are actually going for meets your requirements, suits your infrastructure and how your IT operates.

    What I look at when selecting a vendor is how long the vendor has been around, the level of focus on technology, how good they are. And one of the most important things we do is check industry ratings. That's one of the first things we look at, to see which vendors to consider.

    I would rate Checkpoint eight out of 10. To get to a 10, there are some issues compared to other products. Ease of use is one. Also, I can never give any product a 10 out of 10. It's just impossible. There's always something definitely missing.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    System Administrator at a tech services company
    Real User
    I faced stability issues, both reboots and tunnels needing to be bounced, frequently
    Pros and Cons
      • "Stability issues. I built out this firewall in a cluster, and I had stability issues day one. Needs to be rebooted frequently. Tunnels need to be bounced frequently. Their hardware compatibility guide, when I built out the servers to host them on, was not accurate."

      What is our primary use case?

      We leverage it as a next gen firewall, it does all of our IPS, URL filtering. We use it for our remote users, for VPN access. We use it to build VPN tunnels out to remote sites. It handles quite a bit.

      How has it helped my organization?

      It allows us to be a little bit more diverse in our hiring. We can hire people out in remote areas, that otherwise we wouldn't be able to because they'd have to come into the office without it.

      What is most valuable?

      The VPN side of it. Obviously without the VPN, we'd have tons of end users that wouldn't be able to connect to our environment.

      What needs improvement?

      Stability issues. I built out this firewall in a cluster, and I had stability issues day one. Needs to be rebooted frequently. Tunnels need to be bounced frequently. Their hardware compatibility guide, when I built out the servers to host them on, was not accurate. And there are compatibility issues and stability issues.

      For how long have I used the solution?

      One to three years.

      What do I think about the stability of the solution?

      We would lose our remote sites, they would just dump. Say we had our site in California, all of a sudden we're not connected to them anymore. Or we have site in AWS, then we can't connect there anymore. So I'd have to go in and reset the IPSec VPN tunnels, in order to regain connectivity, more frequently than I should have to. Obviously that can happen from time to time, but it was pretty frequent with Check Point, to the point where we're going to rip it out the next two weeks, and install Cisco everything.

      What do I think about the scalability of the solution?

      As far as scalability goes, I don't feel we really had to push it. We're not a huge company. It was literally always resolved with a license upgrade. If there were too many users connected, we would just upgrade a license and then have more users connected concurrently. So scalability, not an issue. But we sized it pretty appropriately when we installed.

      How are customer service and technical support?

      We had third-party tech support through our contract, and it was okay. I pretty much ended up having to figure everything out if there was a problem. As far as Check Point goes, I haven't really dealt directly with their tech support.

      Which solution did I use previously and why did I switch?

      When I started at the company, this solution had been in place, and it was failing, the cluster was failing. So I was tasked with rebuilding the entire solution, to make it a little bit more stable. I bought two brand new servers, and spun up a cluster for Check Point. And it improved a little bit, but for what we paid for that solution, it was not really worth it. Because of stability. 

      We have migrated some stuff over to Cisco ASA Firewalls. And those seems to be more stable. A lot easier to use, more stable, faster to get going.

      How was the initial setup?

      I thought it was pretty straightforward, myself. The issue that I ran into, on their website, when you go to install a solution they have something called the hardware compatibility list. That assures you that if you install their product, you also have the right servers to do it, you have the right NICs card, etc. So I actually bought brand new servers with brand new NIC cards that matched all the specs for the hardware compatibility list. I started getting everything setup, and it turns out the hardware compatibility list was wrong. It was wrought with issues. And I ended up having to pull some old NIC cards to throw in the servers to even get the thing to work.

      So they don't have accurate documentation, I guess you could chalk it up to that. Or they didn't test it very thoroughly before they put it on the website. So that caused us a lot of heartache. This was a business-impacting setup. I had to do late-night maintenance windows, so when things don't work, it affects us at a pretty big level.

      What's my experience with pricing, setup cost, and licensing?

      I don't think the product's pricing is a good value. I feel it's very overpriced. 

      I feel a lot of the features for a next gen firewall are there. But I feel it's overpriced, because of the stability issues. As far as support goes, I really can't speak to direct Check Point support, but the third-party was pretty terrible. 

      I feel you'd get a lot more out of it with Cisco. With Cisco you'd pay about the same. I feel the licensing is a lot more straightforward. It's easier to understand. 

      That's another thing about Check Point, I think their licensing model is very confusing. As far as the licensing goes, it's pretty complex. If anybody was to purchase the Check Point product, definitely make sure they have an account rep come on site, and explain it line by line, what each thing is. It's not straightforward. It's very convoluted. There's no way you could just figure it out by looking at it.

      Which other solutions did I evaluate?

      We're halfway there right now, with the Cisco Firewalls we're switching to. They're very capable, they work like you'd expect, simple licensing, simple upgrades. It's been a breeze with those so far. 

      What other advice do I have?

      I would say avoid it. There are definitely better solutions out there. For the amount of headache that you get with this product, it's not like you're saving yourself any money. It's just as much, if not more, than other solutions.

      When it works, it works well. But, like I said, I've never really had a stretch of time where it just worked really well for everyone. It's been a constant pain point for our organization.

      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      PeerSpot user
      Dan Huang - PeerSpot reviewer
      Dan HuangSenior Network Engineer at a retailer with 5,001-10,000 employees
      Real User

      I know how you feel, we have about 500 of CP FWs. Endless issues and endless pain. Their support is the worse ever, might as well fix the issue or apply work around yourself.
      We have many nick names for CheckPoint, such as CheckBug, CheckFail, ChockPoint, CheckLeak and so on... Our pain is almost over, because our 5 years license is coming to an end!

      Buyer's Guide
      Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
      Updated: December 2022
      Product Categories
      Firewalls
      Buyer's Guide
      Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.