2019-06-24T12:13:00Z
it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees
  • 0
  • 14

What needs improvement with Check Point NGFW?

Please share with the community what you think needs improvement with Check Point NGFW.

What are its weaknesses? What would you like to see changed in a future version?

128
PeerSpot user
128 Answers
Paola Zúñiga Rojas - PeerSpot reviewer
Agente de servicios al cliente at Grupo Purdy
Real User
Top 5
2022-10-30T14:53:00Z
Oct 30, 2022

Innovation is one of the most important things they must adhere to. I have liked seeing how innovation evolves and how security teams protect themselves proactively while always being efficient. Hopefully, in the future, these will be much more plug-and-play and orchestrated from a single administration console. Today, I am learning a lot about the cloud. I know that this is one of the solutions that can be placed in any cloud, so we will soon see if it will continue with the virtualization of Web3 equipment.

Search for a product comparison
IU
Senior Network Security Engineer at ATOS
MSP
2022-10-03T08:57:00Z
Oct 3, 2022

The study material and training need to be improved and become more accessible to security engineers working with Check Point. There needs to be advanced troubleshooting. The configuration might get a little bit too complex for regular engineers, compared with easy administration. We've encountered a few limitations when trying to accomplish simple tasks required by customers. For example, changing a domain name inside an MDS environment or missing a function in the database which removes the domain object completely from the database. There are plenty of bugs that are not documented, or with too generic error messages.

SA
Senior Network Engineer at Siltronic
User
2022-09-19T08:59:00Z
Sep 19, 2022

We have been using CheckPoint NGFW for quite some time now, and the only thing that could be improved is the upgrade procedure and the frequency of the hotfixes we get. We have this deployed in multiple sites globally and managed via the central management server. The upgrade is something we would like to be improved in the future as the frequency of hotfixes is too much, and by the time we finish the one round, we already have the new version released and are required to upgrade. We would like to see some improvement in this area.

Jonathan Ramos G. - PeerSpot reviewer
Cloud Engineer at ITQS
Real User
Top 5Leaderboard
2022-08-29T01:02:00Z
Aug 29, 2022

The Next Generation Firewall (NGFW) Configuration Guides in XL cluster are very complex and other guides should be reviewed to validate configuration references. They should be updated for new versions. Something worth mentioning is the need for Spanish support and better representation for teams in the Latin American area. There is a growing demand for these IT services and new technologies. Its guides are identical to the existing ones. It would be more pleasing that these guides be updated and improve their design. Give it a try, and it will help you more in these times when users are more remote than local.

Fabian Miranda - PeerSpot reviewer
Subject Matter Expert - Helthcare and Corporate Verticals Development at Lenovo
Real User
Top 5Leaderboard
2022-07-27T21:51:00Z
Jul 27, 2022

This is something that doesn't directly affect us. However, I know VMware is not supported by the platform. Also, it seems that plenty of features you may not know even exist unless you do some extensive, deep digging as they're not coming up in the initial configuration, so you have to go through the documentation to realize their existence. Support is really good, so you may rely on them to learn more about these coded features I'm talking about, also to make the proper calibration for the rules/policies you're applying as they may not turn the results expected from the first config.

Information Technology Security Specialist at AKBANK TAS
User
Top 10
2022-07-24T09:25:00Z
Jul 24, 2022

There are parts that are still on the SmartDashboard screen and that condemn you to use it, which should be removed and moved to the SamartConsole interface, which is the main screen. In addition, when you want to open the gateway by double-clicking on the interface, sometimes it can cause silly problems such as freezing. To fix these problems, Check Point needs to get rid of the SmartDashboard screen completely. Also, there is a need for performance improvements in the interface so that when the data and rulesets are large, there is a need for performance improvements in the next versions.

Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
655,465 professionals have used our research since 2012.
erdemerdag - PeerSpot reviewer
Cybersecurity Operations Engineer at a tech services company with 201-500 employees
Real User
Top 5Leaderboard
2022-05-23T22:07:00Z
May 23, 2022

The routing rules and some more network settings should be listed on the Check Point Smart Console instead of GAIA Web GUI. It might be a little bit confusing when an administrator remembers the location of the settings. Also, it is hard to manage the settings by always jumping from GAIA Web-based graphical user interface to Java based Smart Console dashboard. Also, Check Point Next Generation Firewall has a very detailed and well-organized CP view on the console on both CLISH and expert (/bin/bash) shells; which gives an administrator a real-time monitoring option on the console.

rblog - PeerSpot reviewer
Systems Engineer at Trends and Technologies Inc.
User
Top 20
2022-05-19T17:27:00Z
May 19, 2022

It would be best if the security management server console access is simpler for ease of management. System administrators find it really difficult for the management settings to incorporate easily. Most administrators nowadays are looking into something that offers easy access to a management console or GUI. I could not think of other areas for improvement. This is the firewall that I liked the most among other vendors in the market. It's by far the best firewall in the security industry.

Afrizal Guntur - PeerSpot reviewer
Junior Security Engineer at PT Kereta Api Indonesia (Persero)
Real User
Top 10
2022-05-03T11:56:00Z
May 3, 2022

The network automation and security automation could be better. We need integration with more third-party security solutions. We need two-factor authentication solutions for the virtual private network solution. We need a firewall or NGAV/EDR with lightweight resources that is still powerful for blocking and preventing attacks and malicious activity. We need enhancement for our perimeter for our security zone, especially for network access control with portal authentication.

Amar Gadge - PeerSpot reviewer
Engineer Security Management at BT - British Telecom
MSP
Top 10
2022-04-30T13:19:00Z
Apr 30, 2022

Pricing for the gateways is too high as compared to the other vendors. Whenever there is any issue comes checkpoint support ask to keep the gateway on the latest hotfix and OS which is difficult to roll out on all the gateways present in the customer environment.

CC
Technology at Partswerx
User
Top 20
2022-04-06T19:44:00Z
Apr 6, 2022

As a small business, IT expenditures are always a tough call and hard sell. With every business connected to the internet these days, firewalls and threat prevention are very important for any business of any size. Check Point's small business devices are a great fit for most any business. However, including some sort of menu or grouping for VOIP would help the small business area that has limited support. Check Point support is very knowledgeable and can also help in this area as they've helped our business evolve as well.

HM
Senior Solution Architect at a comms service provider with 51-200 employees
Real User
Top 20
2022-03-15T00:44:39Z
Mar 15, 2022

Check Point NGFW could improve by introducing machine learning and more modeling dividing the way they manage the ports. However, they have evolved over the last year.

KM
Technical Architect at Computacenter
MSP
Top 10
2022-02-11T15:18:00Z
Feb 11, 2022

I would like to see Check Point add more cloud management features and better integration with LAN software-defined networking.

AY
Jr. ISO at BancNet, Inc.
User
Top 20
2022-01-25T10:39:00Z
Jan 25, 2022

Check Point should improve services related to the cloud-based solution. Due to these challenging times, most organizations seek to move to cloud-based implementation to minimize the cost and for easy deployment, access, and remote support. The Next-Generation Firewall should also be focused on zero-day threats as attacks have improved the past few years. They need to ensure that all connections and nodes are being protected. Sandblast technology is also a good tool as it offers enterprise solutions on malware detection and prevention.

RS
Network at financial sector
User
2022-01-24T03:37:00Z
Jan 24, 2022

For the migration for Smart-1, I wish the security policy could allow for a migration per gateway. There needs to be more storage space for reporting. The storage is always full if the reporting feature is on. We need HA for Smart-1. The traffic trekking (logs view) needs to be more accurate. Some traffic is often not in the logs view. We'd like to have more user friendly menu for import vpn users. There needs to be more compatibility with SIEM. It would be great if we could join domains with more than one Active Directory server (active-active). There needs to be an easy menu for export backup configuration (the current menu always has an error). The signature information needs more detail. We need to know current update versions and on running versions.

TL
IT Security Administrator at a tech services company with 51-200 employees
Real User
Top 20
2022-01-20T10:35:08Z
Jan 20, 2022

Sometimes there are security bugs, which is frustrating. Right now, we have a problem with DLP and this problem has become very big. Check Point, our firewall, is not handling data properly. There seems to be some sort of security bug.

PD
Cyber Security Consultant at Capgemini
Real User
Top 5
2021-12-31T12:30:00Z
Dec 31, 2021

It's nearly impossible to add an exception for threat prevention services - like antivirus and anti-bot. You will be stuck with Indicators of Compromise marked as detect only, caching issues, and random effects. There is no clear way to report incorrect classification to support and a business is neither happy nor forgiving when they cannot receive mail from a crucial business partner. The KBs article should also be improved as all the global KB articles do not provide all the activity steps related to every issue.

PD
Cyber Security Consultant at Capgemini
Real User
Top 5
2021-12-13T15:29:00Z
Dec 13, 2021

Sometimes the KB article does not include all the steps. There is a chance for improvement in the content of global KB articles. It's nearly impossible to add an exception for threat prevention services - such as antivirus and anti-bot. You will be stuck with Indicators of compromise marked as detecting only, caching issues, and random effects. There is no clear way to report incorrect classification to support. Sometimes we need to find a resolution by ourselves as the solution's knowledge base is not enough.

RP
Director at TechPlayr
Real User
Top 20
2021-12-01T10:58:00Z
Dec 1, 2021

We are also working on load balancers. We don't have the option to work more with load balancers, we would like to see what else can come out of this in terms of security. Technical support and scalability both require improvement.

RC
Senior Infrastructure Technical Analyst at https://www.linkedin.com/in/robchaykoski/
User
2021-11-22T19:17:00Z
Nov 22, 2021

I would like to see better Data Leakage protection options and easier-to-understand deployment models for this. I have been working with DLP for a while now and find that other vendors seem to be doing better at this. That said, having to deploy another solution adds other costs. Some error messages could be better and more specific. The days of generic error messages should be over by now to allow faster, better insights into fixes for any traffic-related problems. Some of the sizings of firewalls for deployment seem not exact and require some tweaking based on real-world traffic and connectivity types (for example, PPPoE).

NO
System Engineer at Infosys
Vendor
2021-11-22T11:35:00Z
Nov 22, 2021

While not being cheap, their pricing models are competitive. In the pricing structure, however, they need improvement. I would love to see an SSL offloading feature that is not there right now. I am following many forums related to Check Point and it seems like they are going to launch it very soon. SSL Offloading will be very helpful for NBFC and for financial institutes.' The Check Point NGFW OS is a historically grown OS. It has been on the market for a long time and has many releases. It is a very complex system. All features are done in software - no extra hardware chips are installed.

NT
TitleNetwork Manager at Destinology
User
2021-11-19T11:41:00Z
Nov 19, 2021

Check Point is very feature-rich. There aren't any features missing or that I am awaiting in a future release. The only downside to Check Point, is, due to the vast expanse of configurable options, it does become easily overwhelming - especially if your coming from a small business solution like Draytek. Check Point comes with a very steep learning curve. However, they do offer a solid knowledge base. Some issues I have encountered in my five years have only been resolvable via manually editing configuration files and using the CLI. Users need to keep this in mind as not everything can be configured via the web interface or their smart dashboard software.

NI
Snr Information Security Analyst at The Toronto Star
User
2021-11-19T02:12:00Z
Nov 19, 2021

Support for customers really needs to improve. Check Point also needs to create a study license that will enable the customer to install a firewall (maybe with reduced connectivity) for a bit longer so that one can simulate scenarios without having to re-install it every 15 days. We had a lot of problems with the VPN blade on the solution. We sometimes have trouble with the performance of the solution. Maybe some performance tuning options could be added in a future release. Check Point needs to create a certification program that involves practical applications.

MC
Chester at Iocane
User
2021-11-18T21:57:00Z
Nov 18, 2021

Product-wise, I have no real complaints. Potential improvements could be made around simplifying VPN functionality and configuration. The main area that the organization can improve is around the lack of local, in-state technical support. Competitor vendors have a strong presence in the Adelaide Market, however, Check Point has always been limited with its commitment to staffing local technical resources. If this focus is made, I could see Check Point returning to the strength that it once had in the Adelaide market.

EL
Network administrator at IHSS
User
2021-11-18T21:57:00Z
Nov 18, 2021

The anti-spam needs improvement. A weakness with the Check Point solutions is the anti-spam, as they have a partnership with some solutions for anti-spam. They should have their own solution. We have email provided through Office 365 and they have their own way to fight spam and, due to this, we haven't bothered looking into anti-spam options. That said, Check Point is the most adapted to our necessities. I consider the price of this solution high. It is very good, however, the prices are high - it's like buying a car.

CA
Integration engineer at S21sec
User
Top 20
2021-11-18T15:56:00Z
Nov 18, 2021

In earlier versions, it was a bit hard to do migrations of Multi-Domain Servers/CMAs, nowadays, with +R80.30 it has gotten much easier. I cannot really think of many things to improve. One thing that could be useful is to have a website to analyze CP Infos. This way, it would be much faster to debug problems or check configurations. Another thing not very annoying but enough to comment on is when preparing a bootable UBS with the ISOMorphic (Check Point's bootable USB tool), it gives the option to attach a Hotfix. However, this usually causes corrupted ISO installations. One thing to improve is the VSX gateway. It is quite complex to work with VSX and they are quite easy to break if you aren't familiar with them.

Alessandro Bolzonella - PeerSpot reviewer
Senior IT Security Manager at a manufacturing company with 201-500 employees
User
Top 20
2021-11-18T14:30:00Z
Nov 18, 2021

Some features, like the VPN, antispam, data loss prevention, etc., are managed in an external console. In the future, I'd like all features in the same console, in one place, where we can see and configure all features. I'd like a web console so that all firewalls can be managed from a web browser and we don't need to be installed on dedicated consoles and applications. I use the web console to mange the Gaia software in the firewall and it would be nice to have also policy management inside the web browser.

MR
Security Engineer at Netpoleons
User
2021-11-18T04:29:00Z
Nov 18, 2021

One of the main features that need improvement is the rule filter export. All of the other vendors can export the filtered IPS as a PDF or CSV file, however, with the smart dashboard, it’s just not possible. One can only export the whole rule base and then search for the IPS, which is super time-consuming as you can’t send the whole rule base to a customer. You would get weird questions about certain rules such as why they are deployed or configured as they are, and maybe even get unwanted tips on how to change them.

TL
Networking engineer at Hewlett Packard Enterprise
Real User
2021-11-18T04:27:00Z
Nov 18, 2021

The SmartEvent blade has a huge number of security events/logs. We are trying to find correlation with the help of the SmartEvent blade, however, it may impact the performance of our Check Point management server. It requires additional licenses for Check Point management servers. It should be inbuilt within the management server. With the increase of volume of traffic, the required resource/hardware to properly run goes up. Therefore, the hardware engineering to architecture flow has to be more efficient.

JV
Engineer at CENACE
Real User
2021-11-06T03:19:00Z
Nov 6, 2021

I think the price of this product could be improved - other solutions are cheaper in comparison. In the next release, I would like to be able to perform sandboxing to check email attachments and information sent through the cloud for viruses.

AO
Head of Technology at African Alliance Plc.
User
Top 10
2021-11-01T09:45:00Z
Nov 1, 2021

CheckPoint would do good to add new features such as UEBA(User and Entity Behavior Analytics). They should also improve on the effectiveness of their antivirus. It should be more effective than competitors.

VP
PLM Consultant
User
2021-10-13T23:20:00Z
Oct 13, 2021

The appliances are quite intuitive and easy to be used. The hotfixes are useful and often released with notifications sent to the client. There have been a few requests/issues about the Identity Awareness feature. The connection to AD, which was a request from the user, required the TAC team's support.

BZ
IT System Operations Manager at Hamamatsu Photonics KK
User
Top 20
2021-10-13T18:59:00Z
Oct 13, 2021

The pricing is on the high end, specifically with the software licensing, although they are flexible on some levels, and offer hardware buyback options when upgrading. The software licensing model is too complicated with all the various tiers of SKUs (i.e. per software blade). They need to simplify this for easier purchasing and renewing. Customer support is not always as responsive with solutions as you might need. They do provide on-the-spot assistance when upgrading, which is great. However, there are times when an issue is reported and it may take a week or two before a solution is provided.

reviewer1692972 - PeerSpot reviewer
User at PROWERS COUNTY HOSPITAL DISTRICT
User
2021-10-13T15:29:00Z
Oct 13, 2021

Overall, this is a great system, and I'm struggling to come up with things that I think should be improved. I have had some issues in the past with the desktop client being slow to come up for logging in, and then slow to respond to screen changes, however, overall, it really hasn't been too bad. For additional features in the next release, I would like to see more change functions available in the new Web GUI version. This is still a new offering from the company, therefore, I can only assume it will get better as customers make suggestions/requests.

User
Top 20
2021-10-13T15:02:00Z
Oct 13, 2021

The functionality of the S2S VPN service has been temperamental for us at times and is not always simple to manage or check the state of. We find the GUI to be wrong and the CLI doesn't always show all of the connections. From a general usability point of view, if you have not used Check Point before, the learning curve is steep. Perhaps managing and configuring the devices could be streamlined for people with less experience so that they can pick it up quicker. There needs to be extra wizards for the out-of-the-box builds.

BI
Technology Architect at BearingPoint
Consultant
Top 20
2021-10-11T13:23:00Z
Oct 11, 2021

One area which is still lacking is the site-to-site VPN solution. This is still an area that could be improved, although the features have gotten much broader and I really have seen an improvement over the last 10 years of working with the product. The separation from encryption domains between the tunnels came recently as a new feature to the product. This really helps a lot. Yet, we are still seeing a lack of compatibility with other devices, even though this is the case with many vendors. Especially with IKEv2, we are struggling with many vendors to set up perfectly running tunnels.

José Javier Dominguez Reina - PeerSpot reviewer
Project Manager at Junta de Andalucia
Real User
Top 5Leaderboard
2021-09-23T20:25:00Z
Sep 23, 2021

The predefined reports are limited and should provide more information. Check Point should provide a greater number of defined reports and produce reports for each division of the organization. Also, historical statistics cannot be obtained from the central console, the data or logs must be exported to another machine and processed from there to obtain this historical information. The number of available physical ports could be increased and Check Point could add support for higher speeds.

BU
System Security Engineer at Ziraat Teknoloji
User
2021-09-22T11:28:00Z
Sep 22, 2021

In some features, it is not easy to use the Check Point firewall. The IPSEC VPN setup is not easy to configure. In some cases, if the VPN is not established, it is very hard to troubleshoot the configuration. It does not address the problem well. The upgrading process takes too much time.

MB
Network Security Administrator at a financial services firm with 10,001+ employees
Real User
2021-09-22T10:31:00Z
Sep 22, 2021

The product can be improved with fewer hotfixes, and if more generally available jumbo hotfixes were used. We don't often hit bugs. It's perfectly normal for an NGFW device as other vendors are always fixing bugs too. However, when we hit a bug, the support team recommends some hotfix, and if we upgrade to that, we have to uninstall it before we apply some newer jumbo hotfix. If those fixes were included in a fast manner in the jumbo hotfix (as jumbo hotfixes are tested thoroughly for general availability), it would be ideal.

TD
Senior Cyber Security Consultant at Yapi Kredi
User
2021-09-22T09:33:00Z
Sep 22, 2021

If you have a long ruleset, you may experience performance issues on the GUI, and installing rule changes on gateways can take a comparatively long time. If you use Check Point firewalls for a long time, it is inevitable to have long rulesets over the years. The need for using different GUI applications for different versions can be confusing. A backward compatibility feature for smart console versions could be useful - especially if you are an enterprise customer, you probably need to use different versions at the same time.

ED
Senior Linux Administrator at Cartrack
User
2021-09-21T12:46:00Z
Sep 21, 2021

It takes a while to install the rules so that if you make a mistake you can only fix it after a few minutes. There's no problem with traffic processing. Sometimes you are forced to interact on several levels: on the one hand, you put in the rules, and on the other, you put in the route. The predefined reports are few and it would be nice to increase them since the logs are excellent. In my work experience, I have been able to use multiple firewall platforms. There are only two valid ones for me and one of them is definitely Check Point. The others charge less but there is a reason for that. It is a good idea to think carefully before rather than after you suffer from a serious attack.

Mitchell Mugerwa - PeerSpot reviewer
Procurement Supervisor at Centenary Bank
Real User
Top 20
2021-08-30T11:45:21Z
Aug 30, 2021

While the solution is good, we wish to have something that is a bit better, as the threats have evolved over time. We have been using Check Point for more than than eight years and are interested in a better solution. We entered a review site which ranks top security firewalls and saw that Palo Alto is ranked number one, followed by Fortinet, with Check Point in the lead. We noticed that Palo Alto was much more expensive than Fortinet, but wished to know which key features differentiated the two. Though we did not take issue with the price of Check Point NGFW, we felt that it was providing us with inadequate support here in Uganda. This is why we decided to switch solutions. I should note that I do not have a technical background and am responsible for procurement. The value we were getting for our money was an issue. I work for a bank for which security is very important, but we were not being assured of the appropriate support. The licensing fees we were paying did not equate with adequate local support. We had already had a bad experience with Check Point, so we did not bother with a quote from it and, instead, got one from several local companies that can support either Palo Alto or Fortinet.

MG
IT Security Manager at a retailer with 10,001+ employees
Real User
Top 5
2021-08-10T09:31:13Z
Aug 10, 2021

The solution could improve by keeping more up-to-date with technology. For example, if Amazon releases something in the security field, Check Point should have integration or adoption of this feature a bit faster than it is today. Sometimes we can hear a lot of the marketing information about an attractive feature, which we would like to have, but the feature will be released in two years. This timeframe should decrease.

AS
User at a financial services firm with 10,001+ employees
User
Top 20
2021-07-14T23:47:00Z
Jul 14, 2021

To be very very honest, I do not see any major gap or improvement area for any of Check Point Cybersecurity solutions, whether it's your enterprise be cloud-based only, on-prem (Private cloud or Legacy infrastructure), or hybrid infrastructure. Check Point's solutions are highly cost-efficient, have low OPEX costs, are very stable, are safe and secure, and helps maintain the enterprise's security posture. Check Point's security solutions are a cut above the other vendors, not just today but for the last 30 years. Without having to mention any gaps, Check Point's development team works hard to stay ahead of technology in the cybersecurity space. I feel the only thing that I see as a possible improvement in Check Point software is the lack of ability to create "static discard routes" which makes it difficult for NAT ranges to be advertised via BGP to neighbors. Although Check Point has an alternative of creating a dummy interface to introduce "directly connected" routes for NAT ranges so that they could then be advertised up/downstream, having the ability to do so using "static discards" would be a great thing to have.

PI
IT Manager at a comms service provider with 51-200 employees
Real User
Top 20
2021-06-25T10:44:00Z
Jun 25, 2021

I do prefer to manage everything from only one point of entry/one application. Some things can only be configured from the smart console and others from the smart dashboard. This is the only handicap in this solution. It would be ideal to manage everything from one central place. Instead of using a windows application to manage the equipment, it would be better to use a web app to configure the solution from a browser. I know that it's not as powerful (you can't do everything from there), but then we could manage the solution and troubleshoot from any device. It's faster to see the event logs on a webpage than it is to see them in the smart console.

VN
TitleManager - Datacenter IT at Eaton Corporation
Real User
2021-06-15T14:52:00Z
Jun 15, 2021

Check Point solutions have always been more complex to deploy than their competitors. There may be multiple scenarios where we may need to engage support, however, the customer support is very good. There are certain features that are only possible from the command line (e.g. packet captures) and it would be good to integrate everything into the GUI to reduce the learning curve for newer engineers. Finally, it can be a costlier solution - especially for the smaller firewalls as compared to the competition. It would be beneficial to have more training options or documentation as well.

Ifeanyi Onyiaodike - PeerSpot reviewer
Network security engineer at Fidelity Bank
Real User
Top 5
2021-06-03T09:49:16Z
Jun 3, 2021

The end-user VPN could be improved. It could benefit from some modification. The VPN timeout feature needs to be improved. When we try to connect to the VPN, it times out before we can even enter our user name and password. If you can't prove you are who you say you are within seven to ten seconds, it just kicks you out.

AN
Security Solution Architect
Real User
Top 20
2021-05-26T21:08:10Z
May 26, 2021

This solution requires management software that is sold separately; it's actually a different appliance altogether. For smaller customers or smaller environments, this becomes an added entity in the environment. Not to mention, they'll also have to invest a lot in the necessary management stations. If that came built-in, it would really benefit smaller businesses. The performance when you enable decryption could be improved. That's a CPU-intensive task. Many customers struggle if they try to implement decryption — it can really hamper the performance. It's probably something to do with the appliance or the hardware design. This needs to be examined further.

DZ
Security product manager at RRC
Reseller
Top 20
2021-05-24T20:02:50Z
May 24, 2021

Their technical support can be better. In addition, when we need to use it in a government environment, we face a lot of legal issues related to different types of certifications. It would be better to improve it for these issues. Check Point doesn't have a SOAR system. They work with Siemplify, but it is an integration with another vendor. It would be great if Check Point has an integrated SOAR system.

reviewer1582053 - PeerSpot reviewer
Security Engineer at Gosoft (Thailand)
User
Top 10
2021-05-20T12:14:00Z
May 20, 2021

They have few predefined reports and it would be nice to increase them since the logs are excellent. They should be quicker to release fixes for known vulnerabilities, including those related to Microsoft products. If you make a mistake when creating rules, it is time-consuming to fix them. However, there is no problem with traffic processing. Sometimes you are forced to interact on several different levels. On the one hand, you put the rules in, and on the other, you put in the route.

SaifKhan1 - PeerSpot reviewer
Network Security Engineer at a consumer goods company with 201-500 employees
Real User
Top 5Leaderboard
2021-05-17T14:14:52Z
May 17, 2021

This firewall is difficult to manage and use when you first begin using it. However, once you are used to it, the interface is comfortable and easy to use. The Smart Control feature is hard to install. In the future, I would like to see more features in the unified security management platform.

Pardeep Sharma - PeerSpot reviewer
Network security engineer at a tech services company with 1,001-5,000 employees
Real User
Top 5
2021-05-14T14:53:54Z
May 14, 2021

The web filtering and CLI commands need to be improved. The CLI command is very difficult to deploy. If you are an engineer and considering configuring through the command line, you can't. The command line is very difficult to use, which is one of the biggest drawbacks of this solution. The initial setup could be simplified. Technical support is another big drawback and needs to be improved. In the next release, there should be improvements made to the sandboxing functionality.

Rajan Arora - PeerSpot reviewer
AVP - IT Security at a tech services company with 51-200 employees
Real User
Top 5
2021-05-10T14:21:00Z
May 10, 2021

There is a scope of improvement in detecting zero-day threats using the SandBlast technology, by introducing emulation of Linux-based operating systems. We have also observed issues while using the products with SSL decryption. There is room for improvement in application-based filtering, as with other firewalls available in the market today. Check Point has improved its application filtering capabilities in the recent past and their latest version, R80, is more capable but still, creating an application-based filter policy is a little cumbersome.

Charanjit Bhatia - PeerSpot reviewer
AGM Cyber Security CoE at Bata Group
Real User
Top 5
2021-05-08T13:39:00Z
May 8, 2021

I would like to see the provision of an industry-wide and global benchmark scorecard on leading standards such as ISO 27001, SOX 404, etc., so as to provide assurance to the board, and confidence with the IT team, on where we are and how much to improve and strive for the best. Although Check Point provides annual updates to the Gaia platform, integration with other OEMs is difficult. This integration would be helpful in providing a full security picture across the organization. I am looking forward to the go-ahead of R81 with MITRE framework adoption in the future.

Real User
Top 5
2021-05-07T14:36:00Z
May 7, 2021

I would like to have an improved secure workspace solution for remote access. I hear that the Apache Guacamole solution has been integrated into R81. The site-to-site VPN options are numerous, but they can get confusing. Interoperability with other vendors is not the strongest when it comes to setting up VPNs. It's totally different from any other VPN vendors I have come across. Improvements are needed in policy backups and reverting to the previous policy. This used to be better in R77.30. Policy installation tends to take a long time when the rule base increases in size, which can become frustrating.

Ümit Güler - PeerSpot reviewer
Consultant at KoçSistem
Real User
Top 5
2021-05-06T16:40:00Z
May 6, 2021

Check Point should include additional management choices; for example, Check Point does not offer full management support via browser. You should use Check Point Smart Console for management, although it is an EXE and is supported only on the MS Windows platform. If you are using Linux or Mac, you cannot manage Check Point. Instead, you need to use a virtual PC with the Windows OS installed, running inside Linux or Mac. Check Point states that this is a decision made for security reasons, but that certain management features can be done through the browser, although not fully.

JC
CTO at a computer software company with 11-50 employees
Real User
Top 5
2021-05-05T19:37:00Z
May 5, 2021

When first looking into the Check Point offerings, it was fairly confusing trying to determine the differences between the different offerings. Specifically, SMBs versus other models, and which one would work best within my environment for my use case. I think we ended up in a good spot after speaking with a reseller in the area, but it would have been nice to be able to get there independently. The WatchTower app that can be used to access the SMB appliance remotely is a nice touch, but it doesn't allow for many actions to be taken and therefore is relegated to mostly notifications. At that point, it requires me to gain local access to go further. It would be nice to add more features to the WatchTower app to be able to perform certain administrative functions without the need for local access.

reviewer1543578 - PeerSpot reviewer
User at Johnson Controls, Inc.
Real User
2021-03-30T14:26:00Z
Mar 30, 2021

The one thing I have been continually asking for is a more robust certification process including self-paced study material similar to Cisco's Security certification track. Not everyone can afford the time and money to attend the official in-person classes offered by Check Point. Even if someone was not interested in fully pursuing a certification, offering certification guides is often a method that IT professionals follow in order to learn about a specific topic and keep for reference. An area that I sometimes find lacking is the information provided by the system when performing troubleshooting issues such as site-to-site VPN tunnels. The logs provide general information regarding what is happening but often, it leaves you wanting additional details. This also ties back into the lack of training and knowledge required to utilize the more advanced features of the command line.

Gulrez - PeerSpot reviewer
Manager at Kotak Mahindra Bank
Real User
Top 5
2021-03-29T13:23:00Z
Mar 29, 2021

The one area that I would like to see a change in is policy installation. Right now, with a larger user database and a high number of rules, it takes a bit of time for policy installation. There is definitely some improvement in the R80 version; however, I believe that it should not take more than one minute to refresh the database. Also, there is a significant spike in gateway resource utilization during policy installation. The additional blades have an impact on resource utilization, hence scope of improvement is needed here too.

Basil Dange - PeerSpot reviewer
Senior Manager at a financial services firm with 10,001+ employees
Real User
Top 5Leaderboard
2021-03-29T10:19:00Z
Mar 29, 2021

This is a zone-based firewall, which differs from other firewall solutions available on the market. It changes the way the admin manages firewall policy. The administrator has to be careful while defining policy because it can lead to configuration errors, allowing unwanted access. For example, if a user needs to access the internet on the HTTPS port, then the administrator has to create a policy as below, rather than using NAT for assigning the user's machine to a public IP. Source: User machine Destination: any Port: HTTPS Action: allow (for allowing the user's machine access) This has to be done along with the below policy: Source: User machine Destination: Other Zone created on Firewall Port: HTTPS Action: block The two policies, together, mean that the user's machine will not be able to communicate with any other L3 Network created on the firewall. The firewall throughput or performance reduces drastically after enabling each module/blade. It does not provide for standalone configuration on the security gateway. Instead, you need to have a management server/smart console for managing it. This can be deployed on a dedicated server or can be deployed on the security gateway itself.

Daphne - PeerSpot reviewer
Project Manager at Junta de Andalucia
Real User
Top 10
2021-03-26T14:01:00Z
Mar 26, 2021

There should be better integration with our current NAC solution to increase the granularity of policies that we implement.

PJ
Project Manager at SANDETEL
Real User
Top 10
2021-03-26T13:09:00Z
Mar 26, 2021

The number of physical network ports on the device should be increased to allow for greater capacity. Another point of improvement would be to continue improving the integration line with our current NAC solution in order to exchange more attributes and increase the granularity of the implemented policies.

LA
Network, Systems and Security Engineer at SOLTEL Group
Real User
Top 5
2021-03-22T10:00:00Z
Mar 22, 2021

Check Point products have many places that need to be improved, but they are constantly upgrading.

Gonzalez - PeerSpot reviewer
Network Administrator at Secretaría de Finanzas de Aguascalientes
User
Top 20
2021-03-20T06:48:00Z
Mar 20, 2021

Using the tool is somewhat complex when teaching new staff, although after practice it is quite easy to get used to this technology. One of the improvements that could be included is to have a help menu to obtain advice or help for the different options that are presented in the application. The equipment is complex, so you need guidance from specialized people or those who constantly work with Check Point. Better forums and information manuals could be provided so that users from different institutions can have more access to the information.

Sreegith Sreedharan Nair - PeerSpot reviewer
Senior Network Engineer at LTI - Larsen & Toubro Infotech
Real User
2021-03-18T20:43:00Z
Mar 18, 2021

Configurations can be complex in some situations and need experienced engineers for managing the solution. Integration with a third-party authentication mechanism is tricky and needs to be planned well. SmartView monitor can be enhanced to display granular details of gateways with a single click. Also, having the ability to generate alerts from the Smart Monitor would be a nice feature.

reviewer1531134 - PeerSpot reviewer
Cybersecurity Engineer at Insurance Company
Real User
Top 20
2021-03-15T12:40:00Z
Mar 15, 2021

Several of the security modules including IPS, URL Filtering, and Anti-Virus, are based on HTTPS inspection, losing relevant security capabilities if you don't implement it in your network. This means that to being able to take advantage of the full security stack, you're going to have to inspect traffic, break the tunnel, and manage different SSL certificates. Although this is not a limitation of the product itself but the technology, where other vendors are impacted the same way, it is useful to take this into consideration as you can adjust the capacity of the systems adequately.

Swapnil Talegaonkar - PeerSpot reviewer
Technology consultant at a tech services company with 501-1,000 employees
Real User
Top 5Leaderboard
2021-03-15T07:49:00Z
Mar 15, 2021

Check Point has both GUI (Graphical Interface) & smart dashboard, but it will be better if it sticks to either one of them. A threat prevention policy needs to be created in a different tab but instead, if those policies could be related to access policy then it will be easier to apply the threat prevention to our relevant traffic. One of the most complicated aspects is the VPN Configuration, which should be simplified in future releases. The monitor tab should have a VPN tab, where we can see the current tunnel status.

MP
Network Security Engineer at a tech services company with 10,001+ employees
Real User
Top 10
2021-03-04T01:49:00Z
Mar 4, 2021

There are two major areas that need to be improved. The study material for Check Point needs to be improved, as well as the cost for certification. One of my friends recently completed the certification and it was costlier than other firewall security certificates. The reports are generally good but there is not much control. We would like to have more filters. Essentially, we want more granular reporting.

RG
Network Security Engineer at a tech services company with 10,001+ employees
Real User
Top 10
2021-03-02T19:08:00Z
Mar 2, 2021

The antivirus feature is a little bit weak and should be improved. The updates are not as regular when compared to other firewalls, such as Palo Alto. The training materials and certification process should be improved. For example, the certificates are more expensive and there's no good training available on the internet right now.

reviewer1523535 - PeerSpot reviewer
IP LAN and Integrity Specialist at Chevron
Real User
Top 5
2021-03-02T15:18:00Z
Mar 2, 2021

There are issues with stability in some specific versions. The VPN is a little difficult to configure, and sometimes you need help from Check Point professional services. There are some performance problems with the IPS when the FW is in a high load, but in general, it is working better than in previous versions. The routing is configured on the gateway, so, you need to remember for migration purposes. The virtual infrastructure of the central management requires a huge amount of resources to work properly and manage all the logs without problems.

PRAPHULLA  DESHPANDE - PeerSpot reviewer
Associate Consult at Atos
Real User
Top 5Leaderboard
2021-02-26T11:13:00Z
Feb 26, 2021

Check Point fulfills our requirements but it is important that they stay on top of competitors by addressing certain points. There are issues with stability while upgrading devices with hotfixes. For example, many times, a device will stop giving responses after an upgrade (observed in 80.10 release). The rule database needs to be improved because when we apply rules for the destination, based on service and application and URL filtering Layer, the parallel lookup fails.

DD
Sr. Network Engineer at a tech services company with 1,001-5,000 employees
Real User
Top 10
2021-02-18T22:07:00Z
Feb 18, 2021

While the logs are very good and easy to understand, when you want to download these customized logs, they don't have as many features compared to competitive firewalls. Check Point has a very good Antivirus feature. However, compared to the competition in the market, it is lacking somewhere. In my last organization, I worked with Palo Alto Networks as well. I found that while they both have an antivirus feature, the Palo Alto antivirus feature is much better. Check Point should improve this feature. It is a good feature, but compared to Palo Alto, it lacks.

KK
Network Associate at a wireless company with 1,001-5,000 employees
Real User
Top 10
2021-02-17T11:56:00Z
Feb 17, 2021

The level and availability of training should be improved. I have seen people that are not well trained on the Check Point firewall and the reason is simply that the quality of available training is poor compared to that of other firewalls on the market. The command-line interface (CLI) should be more user-friendly.

reviewer1489602 - PeerSpot reviewer
Network Security Assurance Specialist at Visa Inc.
Real User
Top 5
2021-01-18T10:55:00Z
Jan 18, 2021

Debugging could be improved when compared to the competition. I think the product release lifecycle should be improved.

MA
Sr. Network Engineer at a tech services company with 1,001-5,000 employees
Real User
Top 10
2020-12-14T06:56:00Z
Dec 14, 2020

The only thing which I think should be improved is that training should be increased. In my position I also interview potential employees and I haven't found many people in the market, nowadays, who are familiar with the Check Point firewall. They are more familiar with Palo Alto and Cisco ASA and they are more comfortable with them. Check Point is one of the good firewalls and training should be increased by the company so that more people are familiar with it and with their switches.

AP
IT Infrastructure & Cyber Security Manager at a retailer with 501-1,000 employees
Real User
2020-11-15T06:39:00Z
Nov 15, 2020

We just upgraded to the latest software version of Check Point so we have a lot of new stuff to learn. The older version had a little bit of a problem with identity awareness and with HTTPS inspection with the visibility of the logs, and the implementing of rules. But as far as I can see now, with the new version, most of the problems were fixed. In terms of new features, maybe it would help if we could start to manage all the stuff in the cloud and not in the on-prem servers. The management side could also be faster when you install policies. But other than that, I'm satisfied.

RM
Senior Network Engineer at a tech services company with 1,001-5,000 employees
Real User
2020-11-09T08:11:00Z
Nov 9, 2020

The training for Check Point Firewall should increase, including the number of Training Centers. For most new people in our organization, we have to provide them training from our end, as they are not trained in Check Point Firewalls. So, we have to do the training, from our point of view, to make our engineers able to use Check Point Firewalls. However, with other firewalls, they are already trained, so we are not require to provide them training. This could be improved by the Check Point Community.

AJ
Sr. Network Engineer at a tech services company with 51-200 employees
Real User
2020-10-13T07:21:00Z
Oct 13, 2020

I would like the user interface to be more user-friendly. I want the UI to be easier to use than Check Point's competitors.

BF
Senior IT Manager at a mining and metals company with 501-1,000 employees
Real User
2020-10-04T06:40:00Z
Oct 4, 2020

Because there's quite a bit of flexibility in Check Point, improved best practices would be helpful. There might be six ways to do something and we're looking for one recommended way, one best practice, or maybe even a couple of best practices. A lot of times we're trying to figure out what we should do and how we should handle a particular problem or scenario. Having a better roadmap would help us as we navigate the options. The VPN setup could be simplified. We had to engage professional services for that. That's not a problem, but compared to other products we've used, it was a little more complex.

AR
Firewall Administrator at a tech services company with 1,001-5,000 employees
Real User
2020-09-27T04:10:00Z
Sep 27, 2020

The frequency of the antivirus updates which we get for Check Point firewalls should increase. They should be of good quality compared to the competitive firewalls on the market. They should give us stable antivirus signatures. That is an area in which they can improve.

YK
Network Security Engineer at R Systems
Real User
2020-09-27T04:10:00Z
Sep 27, 2020

The area where Check Point can improve is the antivirus, as it only provides a small number of updates for it. Updates should be more frequent. In addition, the certification process is quite expensive. It should be a little cheaper so that everyone can be trained and certified and have better knowledge of Check Point's products.

AU
Network and Security Specialist at a tech services company with 51-200 employees
Real User
2020-09-23T06:10:00Z
Sep 23, 2020

The naming in the inline layers and ordered layers needs improvement. It makes things very complicated. I've seen quite a lot of people saying that. For audit policies, it is okay since it's very simple to see. However, this area is for very large organizations, which have too many policies, and they need to share all these policies. For small to medium-sized businesses, they don't need it. Even if somebody has 500 rules, if they try to use it, it can be very confusing. In R77.30, the only thing which I hated was having to go into each day's log file and search for that day. However, in R.80, we have a unified platform, so you can just filter out with the date, then it will give you the log for that date and time. I would like Check Point to have certification similar to what Cisco offers. Check Point's certification doesn't cover a lot of things. For example, Check Point Certified Security Expert (CCSE) should be actually included with the Check Point Security Administration (CCSA), as a lot of people just go for the CCSA and get stuck when it comes to a lot of things on Check Point. Biggest lesson learnt: Never assume. We had issues when we enabled DHCP server on one of the firewalls. We tried to exclude some IP addresses so the rest would be allocated, but that didn't work. We had to start from the beginning to include the rest of the IP addresses.

Rohit Gambhir - PeerSpot reviewer
Sr. Network Engineer at a consultancy with 51-200 employees
Real User
2020-09-22T07:16:00Z
Sep 22, 2020

Check Point's study materials should be provided by the company directly and be of very good quality. This is not provided right now and something that the company can improve. A disadvantage about Check Point is people in the market are not too familiar about its usage and people lack training on it.

reviewer1420545 - PeerSpot reviewer
IT-Infrastruktur at Synthesa Chemie Ges.m.b.H
Real User
2020-09-15T09:02:00Z
Sep 15, 2020

The Performance on a policy install takes too long for my taste. This might be because, at each policy install, the management pushes the whole policy on the affected gateways. Without any training, it is very hard to administrate the whole Check Point NGFW. In our case, the main Check Point gateways are in a cluster configuration. Sadly, the management always shows the standby box as failed. This may be because it is set to STANDBY and not ACTIVE. It would be better to show the standby box as good.

PS
Principal Network and Security Consultant at Vodafone
Real User
2020-09-14T06:48:00Z
Sep 14, 2020

The area it needs improvement is the SandBlast Agent. It receives a file, or if it detects a Zero-day attack, it takes the file and analyzes it, either on-premise or in the Check Point Cloud, and then it reports back whether the file is secure or non-secure, or is unknown. That particular area definitely needs a bit more improvement, because there is a delay. That's one of the main complaints for most of our customers. Or if it is quick, then it's very complex. For example, if they have received a file which is "unknown" or has Zero-day attack malware, sometimes it doesn't get analyzed properly or it's locked into the cloud. So there are various small issues with the product that need possible improvement. The SandBlast product on its own is a very good concept, and it works absolutely brilliantly. However, when you integrate it with existing firewalls, it just doesn't play very well. The cloud solution is quite straightforward because it seems the SandBlast solution was designed, initially, for cloud deployments, where you've got multiple clouds or multiple vendors, and you are receiving files from different points. And on the cloud edge, for example in AWS, if you have Check Point sitting there, it works very well if you're running a virtual firewall. However, if it's on-premise and it's a dedicated appliance, then the performance is slightly different and the way it works is very different. So where it needs improvement is where it's an appliance-based solution rather than a software or cloud-based solution. If I am using SandBlast on a virtual appliance — for example, I've got Check Point virtual appliances in AWS, and Azure as well, for a customer — those virtual appliances work absolutely fine as a service, as does SandBlast as a service. However, if it's an appliance, if it's a dedicated firewall on-premise in a data center and you add SandBlast as a software service, the integration is not that straightforward, so the experience is very different. It seems like they were possibly built by different teams, independent of each other.

RG
Solutions Lead at a tech services company with 1,001-5,000 employees
Reseller
2020-09-14T06:48:00Z
Sep 14, 2020

When I was creating the VPN on it and the client side through the portal, that feature was very annoying. I could not use it. It was much more usable after downloading it to the laptop. That was very good compared to using it directly from the browser.

CL
System Architekt at a insurance company with 1,001-5,000 employees
Real User
2020-09-13T07:02:00Z
Sep 13, 2020

The Threat Emulation definitely needs improvement. A couple of years ago, we did a comparison with other companies, e.g., Lastline, offering threat emulation and threat detection functionalities, and Check Point was lacking.

PJ
Security Administrator at R Systems
Real User
2020-09-10T07:35:00Z
Sep 10, 2020

The antivirus is not as effective as it could be because updates are not that frequent. Another area for improvement is that certifications are quite expensive with Check Point.

Vighnesh Rege - PeerSpot reviewer
Lead Solution Advisor at Deloitte US
Real User
2020-09-10T07:35:00Z
Sep 10, 2020

Permissions from the client regarding troubleshooting and how well we can packet capture have not been smooth. Check Point should quickly update and expand its application database to have what Palo Alto has. There have been some issues with third-party integrations.

JM
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
Real User
2020-09-09T06:29:00Z
Sep 9, 2020

Upgrades and debugging of the operating system, as well as the backups and restores of configuration, need improvement. Debugging is very complex when compared to Fortinet, for example. That's the worst thing about Check Point. The deployment of the solution is harder than it is with the competitors. But after you've deployed it, the operation is easy.

IT cloud network engineer - PeerSpot reviewer
Junior Network Specialist - Cloud Operations Engineer at a computer software company with 5,001-10,000 employees
Real User
2020-09-09T06:29:00Z
Sep 9, 2020

The NAT services part needs improvement. It's not sophisticated. It needs functions like range assignment for NATing. The way you assign a list of IPs for NATing is too simple. It just allows you to use pools. There could also be improvement to the automation. They should provide a tool for creating and maintaining rules.

Sathish Babu - PeerSpot reviewer
Solutions Consultant at Hewlett Packard Enterprise
Real User
2020-09-08T05:15:00Z
Sep 8, 2020

It would be great if the access management, the user management features, were improved in terms of the number of users that can be connected, and how users can access the various resources with the help of firewall authentication. Also, one of the challenges I hear about from customers or engineers who work with and operate Check Point firewalls is not about the technical capabilities of the product but about understanding the product. There should be whitepapers available on the Check Point portal so that people can understand them more easily.

Oswaldo Gimeno - PeerSpot reviewer
Network Engineer at Getronics
Real User
2020-09-07T05:57:00Z
Sep 7, 2020

We can virtualize the physical firewall in a virtual environment. However, the virtual environment is not stable at all. We have some customers who are using the virtual environment feature, and sometimes it crashes. We have many tickets open and the response is not as good as expected. We have to wait months for a resolution. If you use all the features available on the firewall, it's not working. If you keep it simple, then it works. When you try to do cool things, you start to have some problems because that kind of integration is not fully developed.

Ifeanyi Onyiaodike - PeerSpot reviewer
Network security engineer at Fidelity Bank
Real User
Top 5
2020-09-07T05:57:00Z
Sep 7, 2020

The VPN part was actually one of the most complex parts for us. It was not easy for us to switch from Cisco, because of one particular part of the integration: connecting the Check Point device to an Entrust server. Entrust is a solution that provides two-factor authentication. We got around it by using another server, a solution called RADIUS. It was very difficult to integrate the VPN. Until now, we still don't know why it didn't work. With our previous environment, Cisco, it worked seamlessly. We could connect an Active Directory server to a two-factor authentication server, and that to the firewall. But when we came onboard with Check Point, the point-of-sale said it's possible for you to use what you have on your old infrastructure. We tried with the same configurations, and we even invited the vendor that provided the stuff for us, but we were not able to go about it. At the end of day they had to use a different two-FA solution. I don't if Check Point has a limitation in connecting with other two-FAs. Maybe it only connects with Microsoft two-FA or Google two-FA or some proprietary two-FA. They could work on this issue to make it easier. Apart from that, we are coming from something that was not so good to something that is much better.

AnkurSingh - PeerSpot reviewer
Technical Support Engineer at AlgoSec
Real User
2020-09-06T08:04:00Z
Sep 6, 2020

Working on Check Point for me looks simple. For the user or anyone else who is using Check Point, they are more into the GUI stuff. Check Point has its SmartConsole. On the console, you have to log into the MDS or CMS. Then, from there, you have to go onto that particular firewall and put in the changes. If the management console could be integrated onto the GUI itself, that would be one thing that I would recommend. The ability for the multiple administrators to not do changes was fixed in R80.

Steve Vandegaer - PeerSpot reviewer
Senior Engineer Security at NTT Security
Real User
2020-09-06T08:04:00Z
Sep 6, 2020

The MTA (Mail Transfer Agent) may not be the greatest, and the full proxy that you can activate instead of just doing application control is also not the greatest, but they don't even recommend using those. They're just available if you want. But the biggest improvement they could make is having one software to install on all three levels of their products, so that the SMBs, the normal models, and the chassis would all run the same software. Now, while there is central management, everything that has to be configured on the gateway itself works differently on the three kinds of devices. That is a bit hard because you have to update your skills on all three. A practical example is that I have a client that I run scripts for to get information from 40-plus firewalls. That client is thinking about refreshing and there may be SMB appliances in the roll-out that don't run those scripts. That would make my job a lot harder. So the best improvement would be standard software on all their devices.

SamirShah - PeerSpot reviewer
Network Security Consultant at a energy/utilities company with 5,001-10,000 employees
Consultant
2020-09-03T07:49:00Z
Sep 3, 2020

It would help if they were easier to deploy, without needing more technical people. It would be nice if we could just give basic information, how to connect, and that would be all, while the rest of the setup could be done remotely.

Sunil Redekar - PeerSpot reviewer
Security Engineer at Hitachi Systems
Real User
2020-09-03T07:49:00Z
Sep 3, 2020

We are facing some problems with the management on our Check Point Management Server. There are some issues with R80.20, so Check Point suggested to upgrade. However, we are in lockdown, so we will upgrade after the lockdown. We are coordinating this issue with the Check Point guys. After upgrading, I think these issues will get resolved. For R80.10 and above, if you want to install a hotfix, then you can't install it through the GUI. I don't know why. In the earlier days, I was able to do the installation of hotfixes through the GUI. Now, Check Point said that you have to install hotfixes through the CLI. If that issue could be resolved, then it would be great because the GUI is more handy than the CLI.

Matt Millen - PeerSpot reviewer
Network & Systems Administrator I at DMH
Real User
2020-09-02T06:45:00Z
Sep 2, 2020

I would like there to be a way to run packet captures more easily in the GUI environment. Right now, if we want to read packet captures, we have to do so from the command line.

AK
Sr. Network Engineer at a insurance company with 5,001-10,000 employees
Real User
2020-09-01T05:25:00Z
Sep 1, 2020

The antivirus Check Point offers could be better when compared to competitors' firewalls. Updates should be more frequent. With other firewalls, updates are very frequent, but with Check Point updates are not so frequent. That needs to be improved. Also, the certification as well as learning about this Check Point is much costlier when compared to the other firewalls. I have recently done certifications in various firewalls and Check Point's certification was more costly.

KK
IT Specialist at a tech services company with 10,001+ employees
Real User
2020-08-30T08:33:00Z
Aug 30, 2020

The Antivirus feature is something that could be improved. We don't get much from the Antivirus update in comparison to their competitor's firewalls. It needs to be more advanced because Check Point is nowadays sent all over the world. Therefore, the Antivirus feature should be of very good quality and cover all virus checks. I would also like the Antivirus updates to be more frequent.

SJ
Network Security Administrator at AlgoSec
Real User
2020-08-30T08:33:00Z
Aug 30, 2020

Check Point has notably fewer tutorials on Google. If I'm facing any kind of issue and I Google it, less stuff is available. Apart from that, the antivirus is less effective than its competitors' antivirus. The antivirus is good, but in other firewalls, such as Palo Alto, it's quite effective. Check Point should provide more output. Sometimes it provides comprehensive information and sometimes it doesn't.

Nikhil Dhawan - PeerSpot reviewer
Associate Consultant at a tech services company with 10,001+ employees
MSP
2020-08-27T07:02:00Z
Aug 27, 2020

The company should increase the learning platform free of charge. For example, Palo Alto and Cisco ASA have very good platforms that are completely free. Almost everyone in this field has good product knowledge. Therefore, I would like more training and expertise to be available for Check Point NGFWs. I would like the graphic user interface to be easier to use. For example, the NAT policy should be easier to use. Check Point's NAT policy is somewhat confused compared to other competitors.

IK
Security Expert at a aerospace/defense firm with 10,001+ employees
Real User
Top 5
2020-08-19T07:57:00Z
Aug 19, 2020

Their management features are the best, from one point of view, but they are too heavy. For example, if you are looking at a configuration file, you can't just browse through it and see all the configurations like you can with other vendors, like Cisco and Fortigate. With those solutions you can just go over the configuration file and read all the objects and the policies, etc. Because of the Check Point architecture, the data file itself is huge if you're comparing it to the data files of other vendors. The difference is something like 3 Mb to 1 Gb. It's not so straightforward. The data process is also not so simple. You don't just load a text file which has all the configuration. It's a more complex process to restore it from a backup, when it comes to Check Point.

GG
Security Engineer at a tech services company with 1,001-5,000 employees
Real User
2020-08-12T07:01:00Z
Aug 12, 2020

The stability needs improvement for its version releases. They have a feature called Inline Layer as part of the R80.10 release. In the last version, it still had bugs and is not working very well. I would like the developers to release a version that is more stable, because if you start to use the latest release and try to use this newest feature, I'm not 100 percent sure that it will work very well. After six months of development, it might start working better. However, at the beginning, it's not a good choice to implement in your company with your first attempt. But one or two releases later, it might be better. If you only have one vendor and they are downgraded or no longer a leader in their industry, then you need to change the entire solution, making it more expensive. For example, Check Point's components are not interchangeable with other vendors.

DmitryPavlukhin - PeerSpot reviewer
Security Analyst at HOST
Real User
2020-08-02T13:27:00Z
Aug 2, 2020

I hope for product simplification. It would be better to use one security console, instead of many of them (for licensing and monitoring). The solution is hard for newcomers and takes much time to deep in. Also, I want a historical graph for throughput and system resources usage. Maybe it will be great to make easy step-by-step installation and configuration cookbooks as Fortinet did, and integrate the documentation within the solution. In most cases, the solution works great and I recommend it for our customers.

Kirtikumar Patel - PeerSpot reviewer
Network Engineer at LTTS
Real User
Top 5Leaderboard
2020-07-30T10:05:00Z
Jul 30, 2020

The unknown category has been a pain point. We cannot understand this category and the Check Point engineers are also stuck with it. If we enable HTTPS inspection then without this category my URL will stop working. This has a huge impact on my business. We are still running without HTTPS inspection even in a monitoring mode. Our SAM rule is also not working to block the IP address which we don't allow in our organization so we have to create a traditional rule base block which is a time-consuming job for me and my team.

reviewer1396851 - PeerSpot reviewer
Deputy Manager (Systems) at State Bank of India
Real User
2020-07-29T19:59:00Z
Jul 29, 2020

Management: Check Point should move away from its current architecture wherein it mandatorily requires a management server to manage the gateways. They should develop A feature in the gateway itself so that no management server is needed for policy and gateway management. They should leave it to the user whether they want to procure a dedicated management server or run the show with the gateway itself. It will also reduce the operation cost. They should also optimize the packet mode feature like Cisco’s firewall packet tracer wherein it tells administrators which policy or rule is processing the intended traffic.

MG
IT Security Manager at a retailer with 10,001+ employees
Real User
Top 5
2020-07-28T14:42:00Z
Jul 28, 2020

I would like to see an improvement of built-in monitoring capabilities such as throughput. Practically visualization of CPview outputs into beautiful pink GUI will do it. The monitoring of scalable solutions is quite tricky, but it could be relevant for all vendors who possess the same technology. IPS fine-tuning may require some time to understand the interrelation between IPS protections, core Protections and other IPS profile elements. But in general, Check Point is on the way of great simplification of TP management

VP
Senior Manager, Information Technology at a financial services firm with 10,001+ employees
Real User
2020-07-28T09:29:00Z
Jul 28, 2020

* Offline Sandblast solution, which should send malicious sources to other security solutions. * TAC Support level to be enhanced * More details to be included while VPN troubleshooting, using GUI representation * Integrate all blades to use a single policy rather than multiple.

PRAPHULLA  DESHPANDE - PeerSpot reviewer
Associate Consult at Atos
Real User
Top 5Leaderboard
2020-07-27T11:07:00Z
Jul 27, 2020

Sometimes the stability related application, URL filtering, and troubleshooting issues take longer than expected. I observed some feature set that is very easy to add from the deployment team but Check Point needs a longer procedure so customers relating those features with Check Point firewall and Palo Alto. Heavy load causes a higher CPU peek which causes us to need to reboot the device. Malicious activity database corrupts the directory or path and restoring it take a lot of time . We receive performance but sometimes there are stability-caused issues.

Swapnil Talegaonkar - PeerSpot reviewer
Technology consultant at a tech services company with 501-1,000 employees
Real User
Top 5Leaderboard
2020-07-23T14:53:00Z
Jul 23, 2020

Check Point needs to improve their 3 tier architecture. Firstly, gateways cannot be managed without the Management server, which sometimes creates a problem. There is no way to extract policies or other configurations from gateways in case a management server goes down. That is something other companies provide. Another major issue is the Smart console application is very heavy and cannot install anything other than the Windows operating system. Every time I open Smart console it becomes unresponsive for some time. Lastly, the stability of R80 is an issue. Regularly we get some issues or bugs that are resolved by custom or new hotfixes. Sometimes it is a tedious task as this has a production impact.

Oleg P. - PeerSpot reviewer
Senior Network and Security Engineer at a computer software company with 201-500 employees
Real User
2020-07-23T10:53:00Z
Jul 23, 2020

The pricing for the Check Point products should be reconsidered - we found it to be quite expensive to purchase and to maintain (the licenses and the support services need to be prolonged regularly). We also had several support cases opened for software issues (e.g. unstable BGP sessions over VPN tunnels), which, in our opinion, took too long to resolve - up to one month. Also, even so, the new SmartConsole is declared to be unified starting from version R80.10, there are still some features that have to be configured in the old SmartDashboard (e.g. Mobile Access policy and Antivirus), or on the Gaia OS level (all the routing features).

TH
Network Engineer at a legal firm with 1,001-5,000 employees
Real User
2020-07-22T08:17:00Z
Jul 22, 2020

With the version we're on, it's a bit time-consuming if you have multiple IP addresses to add. But in the later versions, which we're moving to, it makes it a lot easier to add IP addresses with dynamic objects, as they call it. In the next release, I would like to have the ability to automatically add rules from the tracking log. I've used that in other firewall software whereby you can trace the logs, and from the log, you can add a new rule automatically. That would be a nice feature.

AA
Sr. Security Engineer at EY
Real User
2020-07-22T08:17:00Z
Jul 22, 2020

The main thing for a normal operations guy who is creating tools and firewalls, it is quite difficult to manage. It requires an expert level of knowledge in Check Point products to manage these scalable platform appliances and the virtual firewall that comes with it. We have to educate our guys and give them training on a regular basis to work on these products. Otherwise, it's fine.

Amit Kuhar - PeerSpot reviewer
Network Security Consultant at Atos Syntel
Reseller
2020-07-14T08:15:00Z
Jul 14, 2020

In a VPN setup, we have Internet connection via Check Point. The connectivity is not turnkey like competing devices. We have not yet terminated our site-to-site VPN because things are fluctuating right now and Check Point needs to be upgraded. Also, their troubleshooting needs to be improved for this.

RF
Manager for Operations, Security and Management at REN - Rede Energeticas Nacionais, S.A.
Real User
2020-06-28T08:51:00Z
Jun 28, 2020

The speed of technical support is very slow and is something that should be improved.

BG
IT Operation Manager at a transportation company with 1,001-5,000 employees
Real User
2020-06-28T08:51:00Z
Jun 28, 2020

The user interface for management could be improved. In the future, I would like to see support for SD-WAN capabilities.

AJ
Sales Engineer at Unistar
Real User
2020-06-25T10:49:23Z
Jun 25, 2020

Compliance and centralized management can be improved.

ChandanSingh - PeerSpot reviewer
Senior Technical Consultant at Ivalue Infosolution
Consultant
2020-06-17T10:55:58Z
Jun 17, 2020

There is always room for improvement and CP Dev team is on right path.

mervemetin - PeerSpot reviewer
Network Security Engineer at Türkiye İş Bankası
Real User
2020-02-17T15:12:00Z
Feb 17, 2020

The SmartUpdate interface is a little bit crowded if your company has a lot of software items. As an administrator, one should know how to troubleshoot by issuing related CLI commands before or after upgrading gateways, or the management server, in case of a problem. Hardware problems on Check Point devices, such as those related to NIC or disk problems, may occur at times. In cases such as this, the support team is available and does what is needed, including the RMA process if necessary.

reviewer1284540 - PeerSpot reviewer
ICT-System-Specialist at a insurance company with 5,001-10,000 employees
Real User
2020-02-10T14:40:00Z
Feb 10, 2020

The Check Point support needs a lot of improvement. We spend a lot of time troubleshooting issues ourselves, create good ticket descriptions, and try to explain in detail what has already been tested. Even so, it takes at least three ticket-updates before support really understands the issue. If you manage to reach the third-level support, you are still forced to be really critical of what kind of suggestions Check Point support is offering you. Running debugs on a test environment is quite different than running them in a heavily used production environment.

Gerry Moore - PeerSpot reviewer
Head Of Technical Operations at Boylesports
Real User
2020-02-07T20:14:00Z
Feb 7, 2020

One of the biggest disappointments is the GUI. I felt it was a little bit more clunky than some competitors. The screens don't flow as easily as they should. Improving user experience will further elevate this product. The way the management console operates is not user-friendly, either. It needs to become less intrusive. The user experience is not as high as it should be due to the problems with the user interface. The newer products in the range seem to address my concerns, which I have had for even the older products.

reviewer1281831 - PeerSpot reviewer
Security and Network Engineer at a tech services company with 501-1,000 employees
Real User
2020-02-06T11:13:00Z
Feb 6, 2020

One of the main features that need improvement is the rule filter export. All of the other vendors can export the filtered IPS as a PDF or CSV file, but with the smart dashboard, it’s just not possible. One can only export the whole rule base and then search for the IPS, which is super time-consuming as you can’t send the whole rule base to a customer. You would get weird questions about certain rules, why they are deployed or configured as they are, and maybe even get unwanted tips on how to change them.

reviewer1266306 - PeerSpot reviewer
Deputy Manager - Cyber Security at a transportation company with 5,001-10,000 employees
Real User
2020-01-14T11:08:00Z
Jan 14, 2020

We would like to see the following improvements: * Multiple ISP redundancy. * CPU utilization. * VPN traffic. * HA concept, where if we apply the policy in the primary appliance that should be applied to HA appliance automatically. * The number of bugs has to be reduced. * The number of false positives should be reduced. * Threat emulation has to be improved. * Reporting has to be improved.

JG
Network Manager at a retailer with 10,001+ employees
Real User
2019-07-07T06:35:00Z
Jul 7, 2019

All the advanced features of automation, especially the first installation of tunnels, need improvement. Also, in terms of configuration, in terms of tuning, and fine-tuning the system, I think they do make it a bit hard for users. Right now, we need to teach admins, the network and security admins about system fine-tuning in terms of load balancing between CPUs, assignment of processes. I don't think a network admin or a system admin should deal with it in terms of when we are speaking about the firewall or networking device. It should be automatic.

RA
Security Engineer at Tenece Professional services
Reseller
2019-07-02T11:50:00Z
Jul 2, 2019

This product has room for improvement in technical support for Africa. There are some problems with African countries. We also need to provide excellent services. The additional feature I would most like to see included in the next release of this solution is removal management.

SA
Network Administrator at N S PHARMACY SDN.BHD.
Real User
2019-06-24T12:13:00Z
Jun 24, 2019

We're looking at the endpoint because there are some smaller issues with internet connectivity within our country. Although they have it now, we don't have a license for it, and I think mobile device security should be a standard feature. I cannot control someone bringing their device to my network and what they do.

Related Questions
Yunus Yavuz - PeerSpot reviewer
Product Manager at Neteks
Nov 10, 2022
Hi peers,  I am a Product Manager at a small computer networking company. At the moment, I am researching Check Point's products. Is Check Point's software compatible with other products (including firewall products, servers, and more)? If so, which products? Are there products that are not compatible with Check Point's software? In addition, can you provide any specific documentation that ...
See 1 answer
Larry Chisholm - PeerSpot reviewer
Network Engineer at Solvonex
Nov 10, 2022
Checkpoint is an INCREDIBLY secure, but inherently frustrating platform to manage.    The gui/cli must often be used together to effect the changes you're looking for.   Don't get me started on the gaia hardware management interface.    If you must buy it, ensure that you get support.     Personally, I'll take Fortinet, Palo Alto or even Juniper SRX over anything checkpoint.
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Feb 3, 2022
Why?
See 2 answers
Oct 24, 2021
Azure Firewall is easy to use and provides excellent support. Valuable features include integration into the overall cloud platform, autoscaling, and the ability for users to create virtual IP addresses. The cost of the solution is also competitive. Check Point NGFW solution offers zero-day protection and provides absolute in-depth visibility with a multi-layer, multi-blade approach. This solution has a Smart Controller that allows you to manage all firewalls from one single location. It also has good antivirus protection and knowledgeable, responsive support. Check Point NGFW is cost-effective and provides valuable support to get through required compliance audits. For Azure Firewall you have to specify each IP address used. We also found Azure to be challenging to implement from region to region, as it does not currently offer a universal approach across regions. Support can be very slow to respond and has caused us some downtime, affecting productivity and overall satisfaction. Check Point NGFW VPN can be very complex to set up. The deployment can be more challenging than many other solutions on the market. Although once fully deployed, things do get easier. Debugging can also be very difficult and makes it seem less stable than other solutions out there. Training and support could be better overall. Conclusion Azure is great, especially since almost everyone is part of the Azure ecosystem. However, it may not be the best solution for larger enterprises, as stability is limited, and the scale-up scale-out approach needs improvement. Check Point can be very challenging to set up and deploy, but the unique multi-layer, multi-blade approach gives greater flexibility and transparency, which makes it a great option for larger enterprises with more complex, intricate needs.
Anil Redekar - PeerSpot reviewer
Senior Network Engineer at Infosys
Feb 3, 2022
Check Point firewall does a deep inspection of packets till Layer 7 and is more compatible with the organizational environment.  The Azure firewall is also a cloud-based security solution that also provides Advance Threat Protection. 
Download Free Report
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
655,465 professionals have used our research since 2012.