Try our new research platform with insights from 80,000+ expert users
Check Point NGFW Logo

Check Point NGFW pros and cons

4.4 out of 5
Badge Ranked 1
1,253 followers
Post review

Pros & Cons summary

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Check Point NGFW features centralized management, enabling configuration and updates across multiple firewalls simultaneously.
The system enhances security with deep packet inspection and threat prevention capabilities, protecting against both known and zero-day threats.
IPsec VPN, advanced IPS, and application control enhance network security and compliance by regulating and monitoring traffic thoroughly.
Configuration and deployment processes for Check Point NGFW are straightforward, and the management console facilitates quick policy deployment.
The SmartEvent feature and detailed logging capabilities greatly assist in fast and effective troubleshooting and network management.

CONS

Check Point NGFW experiences stability issues, with frequent reboots and unreliable tunnels.
Integration with third-party vendors is limited, causing challenges in interoperability with other systems like ArcSight and RSA.
The pricing of Check Point NGFW is considered high, with suggestions for more competitive structuring to accommodate different market segments.
Technical support is criticized for being slow and lacking in efficiency, particularly in regions like Africa and India.
Users find the initial setup process complex, requiring expert knowledge and additional training.
 

Check Point NGFW Pros review quotes

PS
Sep 14, 2020
Check Point definitely has a great architecture, where you can just enable the software blades and deploy a secure service. Overall, it provides ease of deployment and ease of use.
SV
Sep 6, 2020
The feature I like the most is their central management, the Smart controller which you can use to manage all the firewalls from one location... Being able to access almost everything in one location — manage all your gateways and get all your logs — for me, is the best feature to work with.
BF
Oct 9, 2020
The packet inspections have been a strong point. Our identity collectors have also been helpful. In many ways, Check Point has been a step up from our SonicWalls that we had in-house before that. There's a lot of additional flexibility that we didn't have before.
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,795 professionals have used our research since 2012.
reviewer1425090 - PeerSpot reviewer
Sep 23, 2020
I love the interface of R.80.30. The R.80 interface is very nicely thought out with everything in one place, which makes Check Point easier to use.
I.
Sep 7, 2020
The most valuable feature for us is the VSX, the virtualization.
AS
Sep 6, 2020
The Anti-Spoofing has the ability to monitor the interfaces. Suppose any spoofed IP addresses are coming from an external interface, it won't allow them. It will drop that traffic. You have two options with the Anti-Spoofing: prevent or detect. If any kind of spoof traffic is coming through the external interface, we can prevent that.
Genwhisper - PeerSpot reviewer
Jun 5, 2024
The solution's technical support is fine.
reviewer1098015 - PeerSpot reviewer
Sep 9, 2020
The most valuable features are the security blades and the ease of managing the policies, searching log for events, and correlating them.
Matt Millen - PeerSpot reviewer
Sep 2, 2020
The simplicity of the access control is the most valuable feature for us. It gives us the ability to easily identify traffic that is either being allowed or denied to our network.
KK
Feb 17, 2021
We have between five and ten firewalls on-premises, and if we want to configure or push the same configuration to all of the firewalls, then the centralized management system is very helpful.
 

Check Point NGFW Cons review quotes

PS
Sep 14, 2020
The area it needs improvement is the SandBlast Agent. It receives a file, or if it detects a Zero-day attack, it takes the file and analyzes it, either on-premise or in the Check Point Cloud, and then it reports back whether the file is secure or non-secure, or is unknown. That particular area definitely needs a bit more improvement, because there is a delay... where it needs improvement is where [SandBlast is] an appliance-based solution rather than a software or cloud-based solution.
SV
Sep 6, 2020
The biggest improvement they could make is having one software to install on all three levels of their products, so that the SMBs, the normal models, and the chassis would all run the same software. Now, while there is central management, everything that has to be configured on the gateway itself works differently on the three kinds of devices.
BF
Oct 9, 2020
The VPN setup could be simplified. We had to engage professional services for that. That's not a problem, but compared to other products we've used, it was a little more complex.
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,795 professionals have used our research since 2012.
reviewer1425090 - PeerSpot reviewer
Sep 23, 2020
The naming in the inline layers and ordered layers needs improvement. It makes things very complicated. I've seen quite a lot of people saying that. For audit policies, it is okay since it's very simple to see. However, this area is for very large organizations, which have too many policies, and they need to share all these policies. For small to medium-sized businesses, they don't need it. Even if somebody has 500 rules, if they try to use it, it can be very confusing.
I.
Sep 7, 2020
The VPN part was actually one of the most complex parts for us. It was not easy for us to switch from Cisco, because of one particular part of the integration: connecting the Check Point device to an Entrust server. Entrust is a solution that provides two-factor authentication. We got around it by using another server, a solution called RADIUS.
AS
Sep 6, 2020
For the user or anyone else who is using Check Point, they are more into the GUI stuff. Check Point has its SmartConsole. On the console, you have to log into the MDS or CMS. Then, from there, you have to go onto that particular firewall and put in the changes. If the management console could be integrated onto the GUI itself, that would be one thing that I would recommend.
Genwhisper - PeerSpot reviewer
Jun 5, 2024
If you check each and every point from this part, you will find some flow in an area, or you will discover another flow in another area.
reviewer1098015 - PeerSpot reviewer
Sep 9, 2020
Debugging is very complex when compared to Fortinet, for example. That's the worst thing about Check Point. The deployment of the solution is harder than it is with the competitors. But after you've deployed it, the operation is easy.
Matt Millen - PeerSpot reviewer
Sep 2, 2020
I would like there to be a way to run packet captures more easily in the GUI environment. Right now, if we want to read packet captures, we have to do so from the command line.
KK
Feb 17, 2021
The level and availability of training should be improved.