The product is basically for completing a firewall task. On top of that, the aim is to find a comprehensive solution with the innovations from next-gen. We made an isolated zone in a small part of the company. Here, we aimed to provide basic security features with few security devices. In this context, we ran the Check Point appliance by opening almost all the blades on it. The Check Point software architecture was able to provide quite good results because it ran on its own OS. It's pretty good as a VM. At a point where we wanted to isolate VM devices, we provided a solution with a VM series of Check Point.
Information Technology Security Specialist at AKBANK TAS
A good firewall with useful app and URL filtering
Pros and Cons
- "The fact that these can be separated and made in different layers provides excellent convenience for the administrators who regulate the rules."
- "When you want to open the gateway by double-clicking on the interface, sometimes it can cause silly problems such as freezing."
What is our primary use case?
How has it helped my organization?
It has similar features to other competitors in standard sizes, so it's not a subject where it differs much. It provides us with a layer of security as a firewall. With the new blades that are opened as an extra, it can provide solutions that are needed today, such as IPS and URL filtering.
You can do app and URL filtering through a separate policy layer. The fact that these can be separated and made in different layers provides excellent convenience for the administrators who regulate the rules. In object searches, object explorer is very easy and fast.
What is most valuable?
In my company, there have between ten and 15 firewalls on-premises, and if I want to configure or push the same configuration to all of the firewalls, then the centralized management system is easy and very helpful.
It is difficult to convey the end-user experience. However, in general, administrators can get used to the interface and start working quickly. Especially after Revision 81.10, I can say that everything became more stable and faster in terms of management. It should be said that it does quite well on the DDOS side.
What needs improvement?
There are parts that are still on the SmartDashboard screen and that condemn you to use it, which should be removed and moved to the SamartConsole interface, which is the main screen.
In addition, when you want to open the gateway by double-clicking on the interface, sometimes it can cause silly problems such as freezing. To fix these problems, Check Point needs to get rid of the SmartDashboard screen completely. Also, there is a need for performance improvements in the interface so that when the data and rulesets are large, there is a need for performance improvements in the next versions.
Buyer's Guide
Check Point NGFW
March 2025

Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
For how long have I used the solution?
I've used the solution for about six years.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Ingeniero de Infraestructura at E-Global S.A.
It enabled us to switch from a decentralized solution with seven firewalls to a solution that's easier to manage
Pros and Cons
- "Check Point's most useful feature is threat prevention and extraction. It was tough to manage seven firewalls and a perimeter solution for IPS, anti-malware, anti-bot, and sandboxing."
- "It could be easier to access the installation of the Hostfix for VSX solutions. The CLI commands help us understand how virtual firewalls behave in terms of processor, memory, and other aspects. More graphic visualizations of CPUSE commands would be a welcome improvement, and Check Point could expand scripts to run within the solution for multiple tasks."
What is our primary use case?
We use Check Point to protect our two data centers under an active scheme. It allows us to protect our customer information while preventing cybersecurity events that put our customers at risk. We use threat prevention and extraction, VPN, firewall blade, VSX, and the entire Check Point management suite. Our setup includes two firewalls in a high availability and VSX environment, respectively. We also take advantage of Check Point's load balancer, which works very well. The failover is performed automatically, without any flashing or noticeable impact on the user.
How has it helped my organization?
Check Point NGFW enabled us to switch from a decentralized solution with seven firewalls to a solution that's easier to manage with high-availability firewalls and capabilities that were previously lacking in NGFX. It helped us connect our users working remotely during the quarantine while maintaining our security policies and avoiding zero-day attacks.
The solution makes administration more straightforward because we can replicate the policies in both data centers with a single click, helping us to deploy quickly in both gateways without problems.
What is most valuable?
Check Point's most useful feature is threat prevention and extraction. It was tough to manage seven firewalls and a perimeter solution for IPS, anti-malware, anti-bot, and sandboxing.
Integrating everything in Check Point allows us to see all the attacks that are blocked with our perimeter countermeasures every day. Check Point's high detection rate improves our overall security posture, and we can achieve a low rate of false positives through a few adjustments to the configuration.
What needs improvement?
It could be easier to access the installation of the Hostfix for VSX solutions. The CLI commands help us understand how virtual firewalls behave in terms of processor, memory, and other aspects. More graphic visualizations of CPUSE commands would be a welcome improvement, and Check Point could expand scripts to run within the solution for multiple tasks.
For how long have I used the solution?
I've been using Check Point NGFW for seven years
What do I think about the stability of the solution?
Check Point works well in a high-availability setup, and the failover is fast. We had very few instances of unavailability. It happened once when we had hard disk issues, but the RMA process was quite simple, and the replacement part came quickly.
What do I think about the scalability of the solution?
We added new Check Point firewalls twice this year, and it was relatively simple. You can quickly migrate the configurations, and your new firewall is ready to go after a few adjustments to the settings.
How are customer service and support?
Check Point's support has been excellent, and they respond immediately via phone, chat, and email. In particular, I think the chat support was great.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously, we were using seven open-source firewalls, and we decided to go for a solution with good ratings from NGFW users. We wanted something well-positioned in the market that had good support.
How was the initial setup?
Migrating from an open-source, decentralized setup with seven firewalls to centralized management was complex, but it was less complicated than we expected thanks to Check Point’s management features. The ability to perform a parallel startup helped a lot during deployment.
What about the implementation team?
A vendor team helped us, and the migration was smooth. The Check Point engineers who worked for our partner were well trained to handle the implementation.
What's my experience with pricing, setup cost, and licensing?
Check Point NGFW can be expensive compared to other competitors, but the price matches the functionality and efficiency of the solution.
Which other solutions did I evaluate?
We considered Fortinet, Palo Alto, and SonicWall before settling on Check Point
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Check Point NGFW
March 2025

Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
TitleNetwork Manager at Destinology
Very configurable with good VPN clients and a helpful smart view tracker
Pros and Cons
- "As a system administrator my favourite part of Check Point is the smart view tracker. This alone is a must-have tool for tracking all traffic traversing the Check Point appliance."
- "The only downside to Check Point, is, due to the vast expanse of configurable options, it does become easily overwhelming."
What is our primary use case?
Our business houses just over 100 staff, along with over 200 devices ranging from mobile to tablets, computers, laptops, and Servers.
We use a Check Point 5100 cluster running R80.40 to protect our business from external threats.
Our network is also extended to the likes of Microsoft Azure, Amazon AWS, and other 3rd parties utilizing secure VPN tunnels terminating on our Check Point 5100 cluster.
Our business also offers the ability of hybrid working - which is only possible with our Check Point solution.
How has it helped my organization?
Prior to using Check Point, we had a Draytek small business firewall, the Draytek would often hard lock, which resulted in the loss of internet connectivity for the business. The only way around this was to reboot the Draytek device which in turn would lose logging data as to what was causing the issue.
Moving onto Check Point completely solved this problem. The hardware is much more capable and the logging and alerting functionality means, should anything happen (like it did with the Draytek), we would have visibility on the logs which would give us a direction for troubleshooting and mitigation.
What is most valuable?
Check Point offers a secure VPN client. We distribute to our agents via group policy. Our agents can then connect to our network when working from home - which was a game-changer due to the recent pandemic situation.
Check Point also offers a mobile app capsule connect which, as a system administrator, has proven very useful when a high-priority issue occurs. I am able to connect to my internal network via a phone or tablet - which has proven useful in some scenarios.
As a system administrator my favourite part of Check Point is the smart view tracker. This alone is a must-have tool for tracking all traffic traversing the Check Point appliance. It makes troubleshooting much easier. This software alone sets Check Point out in front of the competition.
What needs improvement?
Check Point is very feature-rich. There aren't any features missing or that I am awaiting in a future release.
The only downside to Check Point, is, due to the vast expanse of configurable options, it does become easily overwhelming - especially if your coming from a small business solution like Draytek.
Check Point comes with a very steep learning curve. However, they do offer a solid knowledge base. Some issues I have encountered in my five years have only been resolvable via manually editing configuration files and using the CLI. Users need to keep this in mind as not everything can be configured via the web interface or their smart dashboard software.
For how long have I used the solution?
I've used the solution for five years.
What do I think about the stability of the solution?
The solution was not always stable when running the older R77.30 version. Paired with a mid-spec box, we did find some issues with performance on more than one occasion, specifically the network would slow to a halt until a system reboot, there was nothing within the error logging and our external SOC couldnt find anything either. We'd often when updating the firewall policy it would fail to deploy usually taking around three or four policy pushes each taking about 20 minutes. We are now running much faster hardware with the later R80.30 release and those issues have completely disappeared.
What do I think about the scalability of the solution?
Scaling is dependant on the size of your network. Check Point does offer a wide range of lower to high spec appliances depending on your scale set.
How are customer service and support?
I've only had two instances using their support as we have a third party on contract for third-line issues that I cannot resolve. They were prompt yet not shy about pointing out potential issues with third parties and it not being their appliance.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We used Draytek. It didn't offer the security features that Check Point does and we were a victim to a successful attack from external sources which Check Point would have caught. We also found the hardware of Draytek was too underpowered to handle the size of our network.
How was the initial setup?
A third party installed the appliances initially. It is a complex process, as Check Point is vast in features and very configurable. You find yourself using the web interface, their own management software smart dashboard, and a mixture of CLI and config files to get your end result.
What about the implementation team?
We implemented it through a vendor team. Their level of expertise ranged as we moved through three separate technicians during our installation which was problematic. I wouldn't use this particular vendor again. That said, this was nothing against Check Point.
What was our ROI?
You cannot put a price on security. Check Point is a field leader. However, it comes at a high price.
What's my experience with pricing, setup cost, and licensing?
If you have no experience with Check Point and you are on a deadline, it's essential you find a company certified to help with the deployment and configuration. The feature set is rich however, it's not always user-friendly.
Pricing, including licensing, is very expensive compared to alternate products such as Sophos, Barracuda, or FortiGate
Which other solutions did I evaluate?
We evaluated Fortigate, Sophos XG, and Barracuda. However, ultimately the decision boiled down to our parent company already using Check Point.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Principal Associate at Eurofins
Stable with great technical support and time-saving central management capabilities
Pros and Cons
- "The logging and central policy management are the most valuable aspects for us as we were not having success earlier with the ASA in terms of upgrading/managing."
- "The smart consoles could be improved."
What is our primary use case?
We primarily use the solution on all branch sites and now in DCs as well. We have more than 500 sites using Check Point NGFW in our organization.
Earlier, we were using Cisco ASA and now it looks much better in many aspects, including upgrading/managing. I had only experience with Cisco ASA before, but after implementing this in my branch location it became quite easy to manage the firewalls remotely.
A few of our engineers use APIs to upgrade or push global changes for all regional locations which was tough to do. Now, with Check Point on board, it has eased our job as network engineers.
How has it helped my organization?
Central management saves so much time. We were spending so much time with ASAs. I only had experience with Cisco ASA before, however, after implementing this in branch location it became quite easy to manage the firewalls remotely.
As mentioned, a few of our engineers use APIs to upgrade or push global changes for all regional locations which were tough to manage. Now, it has eased our job as network engineers. It was a good decision by our organization.
What is most valuable?
The logging and central policy management are the most valuable aspects for us as we were not having success earlier with the ASA in terms of upgrading/managing. We are still exploring more features like IPS and IDS. We hope that these aspects will be a great experience for us as well.
What needs improvement?
The smart consoles could be improved. Many times we have seen that smart console lags or has issues during the change. It also closes sometimes. Otherwise, the overall experience was great until now.
As we are still exploring more features, we need more time to provide more reviews in the future. I would like to explore more with Check Point and would like to provide improvement review as we go into using the MDMS. It will be in our organization here by year-end.
For how long have I used the solution?
I've been using the solution for three years.
What do I think about the stability of the solution?
It looks very stable as compared to others.
What do I think about the scalability of the solution?
The scalability looks great.
How are customer service and support?
A few times I reached out to support help and in no time I was able to get experts who helped me through any issue I was having.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We used Cisco ASA, however, we wanted a product that was more stable with central management.
How was the initial setup?
It was not easy to set up initially, however, we got some support from external vendors.
What about the implementation team?
We had help through a vendor and the experience was great.
What was our ROI?
The stability makes it all worthwhile.
What's my experience with pricing, setup cost, and licensing?
It looks great the cost-wise for our organization. I've also suggested this product to other ex-colleagues for their companies.
Which other solutions did I evaluate?
We did check out FortiGate and Palo Alto as well.
What other advice do I have?
We have had a great experience so far.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior IT Security Manager at a manufacturing company with 201-500 employees
Stable and easy to manage with a good single sign-on
Pros and Cons
- "All policies can be deployed and managed in a very simple way."
- "Some features, like the VPN, antispam, data loss prevention, etc., are managed in an external console. In the future, I'd like all features in the same console, in one place, where we can see and configure all features."
What is our primary use case?
We use the solution as a frontend firewall in our headquarters and in our branches. We use packet inspection, the antispam feature, and the VPN. We have configured threat prevention and content awareness to improve security on incoming email and on web surfing from interlan networks wits SSL inspection. Mobile access through the VPN mobile client is also used from all outside workers and is fully integrated with our AD. We also use the solution to route traffic on internal networks and manage security through client and server networks.
How has it helped my organization?
We have improved our performance and bandwidth through the networks. Security is also improved. We have better control over the logs and better integration with our SIEM.
We can also manage all our firewall from a central management console so each policy is under control and can be developed better. Inline policies help to understand on the correct use of the policies and a more readable list. We can also manage policies in two or more people at once without problems or risk of making the wrong policy.
What is most valuable?
VPN and mobile VPN are extremely valuable to us. The policies are simple to deploy to the new branches.
All policies can be deployed and managed in a very simple way.
AD single sign-on with VPN mobile is very helpful and simple to manage and deploy.
Log management is also a good place to make troubleshooting and through console manage events.
Management of the object is also a valuable feature. At every point in the console you can manage object properties and look to each policy where it is used and simply change or find where the object is involved.
What needs improvement?
Some features, like the VPN, antispam, data loss prevention, etc., are managed in an external console. In the future, I'd like all features in the same console, in one place, where we can see and configure all features. I'd like a web console so that all firewalls can be managed from a web browser and we don't need to be installed on dedicated consoles and applications.
I use the web console to mange the Gaia software in the firewall and it would be nice to have also policy management inside the web browser.
For how long have I used the solution?
I've used the solution for four months.
What do I think about the stability of the solution?
It is very stable. We have reboot only to install updates.
What do I think about the scalability of the solution?
We chose the solution for scalability and now we are running with all branches with a Check Point firewall. The solution is meeting our expectations.
How are customer service and support?
We do not need customer support.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We did use a different solution. We switched to improve security.
How was the initial setup?
It was complex to set up due to the fact that we changed our mind on how the firewall works. Central management is hard to improve.
What about the implementation team?
We implemented it through a vendor. There was not a high level of expertise, however, I took a course with Check Point and that was very clear and now I'm very expert on the Check Point world.
What was our ROI?
We have seen an ROI in that we need less time on managed policies and we have better control.
What's my experience with pricing, setup cost, and licensing?
The cost is high but the benefits are too.
Which other solutions did I evaluate?
We also looked at Palo Alto, WatchGuard, and Fortinet.
What other advice do I have?
The solution is a good solution and at the top of the market.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Systems Architect at PHARMPIX CORP
Excellent support, great remote access, and very good reporting capabilities
Pros and Cons
- "The support offers the best services I have experienced. It's better than any other IT vendor."
- "Internet load balancing provides either active/passive or active/active load balancing, however, I would like to see more options that provide SD-WAN capabilities while also allowing for more than two links."
What is our primary use case?
Currently, I'm working as a Lead Security Architect in the healthcare industry. We have two data centers, multiple branch offices, multiple cloud subscriptions, and over 200 employees. Our operation is mission-critical and requires it to be up and running 24/7. We need to protect multiple applications that are developed in-house, sensitive data including PHI, Financial, intellectual property, et cetera.
Check Point NGFW and its security modules have been our security solution for the past six years to protect all of our assets, including our cloud subscriptions.
How has it helped my organization?
Check Point Next Generation Firewalls are key components in protecting our assets and information. Their security modules are very easy to use and understand. Also, it's one of the most user-friendly interfaces I’ve had the opportunity to use and I’ve had the chance to work with more than four firewall solutions.
Their reporting and logs modules are amazing. It provides a level of detail and visibility that we haven't had before. It’s useful to understand what is happening on our network and has been very successful in blocking attacks and providing options for executive summaries.
Being able to manage all the security gateways for our multiple sites in a single management console and share policies has been very beneficial.
What is most valuable?
The Remote Access VPN has been crucial to us, especially during this pandemic. We had to be on lockdown for a couple of months and being able to deploy a remote workforce with Check Point VPN was a crucial part of our business continuity strategy.
The logs and reporting are very easy to use and manage. Also, the IPS and IDS are critical components to keeping our network secure. They are very easy to configure and there are multiple templates that can be used out of the box that provides maximum protection to our network.
The support offers the best services I have experienced. It's better than any other IT vendor.
What needs improvement?
Check Point Firewalls haven't failed me during the past six years that I have been using them.
If I had to mention anything that I would like to see some improvement on, it’s on the internet load balancing options. Internet load balancing provides either active/passive or active/active load balancing, however, I would like to see more options that provide SD-WAN capabilities while also allowing for more than two links. I know this can be performed with other network devices, however, adding the option as part of the NGFW would be awesome.
For how long have I used the solution?
I have been using Check Point for 6 years now.
What do I think about the stability of the solution?
I've never had a single issue on any of my security gateways.
What do I think about the scalability of the solution?
I haven't had the opportunity to scale, however, I have seen many demos of maestro architecture, and it looks awesome.
How are customer service and technical support?
As I mentioned before, Check Point support is one of the best services from any IT vendor I have experienced. They answer very quickly and also provide solutions most of the time within the first call.
Which solution did I use previously and why did I switch?
I have used multiple solutions in the past. We migrated from Cisco ASA to Check Point six years ago and have never looked back. Our old ASA required additional hardware components for additional security services.
How was the initial setup?
The product is very easy to set up.
What about the implementation team?
The implementation was performed by a vendor team in combination with our in-house security team.
What was our ROI?
My peace of mind is the ROI.
What's my experience with pricing, setup cost, and licensing?
Check Point is not the cheapest firewall solution, but you get what you pay for. It's super reliable and their service is great.
Which other solutions did I evaluate?
I had the opportunity to review Palo Alto and Fortinet.
What other advice do I have?
I'd advise other users to give it a try.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network & Systems Administrator I at Department of Mental Health
Simple to navigate, making it easy to identify and fix issues and minimize downtime
Pros and Cons
- "The simplicity of the access control is the most valuable feature for us. It gives us the ability to easily identify traffic that is either being allowed or denied to our network."
- "I would like there to be a way to run packet captures more easily in the GUI environment. Right now, if we want to read packet captures, we have to do so from the command line."
What is our primary use case?
We use several of the blades. We use it for regular access control, but we also use the application control. We use HTTPS inspection and threat prevention. We use the Mobile Access blades as well IPS.
We have a Smart-1 205 as our management server and for the gateway we've got 3200s.
How has it helped my organization?
Over time, we've enabled different blades on the firewall. We started off with the access control policy, and since then we enabled the HTTPS inspection and the IPS blade. That's helped reduce our risk landscape as a whole.
What is most valuable?
The simplicity of the access control is the most valuable feature for us. It gives us the ability to easily identify traffic that is either being allowed or denied to our network. The ease of use is important to us. The more difficult something is to use, the more likely it is that you'll experience some type of service failure. When we do have issues, with the Check Point SmartConsole being as simple as it is to navigate, it makes it easy for us to identify problems and fix them, to minimize our downtime.
What needs improvement?
I would like there to be a way to run packet captures more easily in the GUI environment. Right now, if we want to read packet captures, we have to do so from the command line.
For how long have I used the solution?
We have been using Check Point's NGFWs for as long as I've been with the Department of Mental Health, so it's three years that I've personally been using them.
What do I think about the stability of the solution?
Based on other networking hardware that I've used, I would say the Check Point NGFWs are just as stable, if not more so. We rarely have any issues. In the past, I've experienced networking hardware often needing to be rebooted. That's not something that happens with these devices. They're on 24/7 and we have next to no downtime. I can't think of a time in my three years here that one of the devices has gone down and caused us any downtime.
What do I think about the scalability of the solution?
We've already purchased a new management server from Check Point, and it will be replacing our 205 appliance. They make it easy. These devices inter-operate together, so if we need more resources, for example, on the management end, we're able to buy that server and replace our old one and scale up as needed.
As far as users are concerned, we have 70 locations throughout the State of South Carolina with a total of 400 to 500 devices that can be connected at any point in time.
I would think we have plans to increase our usage. We work in tele-psychiatry, for the State of South Carolina, and telemedicine right now is a hot topic. I see it very likely that our usage could double and triple in the coming years.
How are customer service and technical support?
We've had an issue with licenses not populating to a new device, but that is the only thing we've ever called them for in relation to replacing or adding in a new device.
They're very helpful. They're easy to get in touch with. It's not like you're sitting there on hold for hours at a time, and they're quick to get back to you. It might be that they're taking packet captures and analyzing them and then getting back to you. It's a quick turnaround. I can't think of any time we've ever had to wait more than 24 hours to get an answer on an issue we've had.
How was the initial setup?
I have set up replacements and it's very straightforward. It's very easy. It's much easier than some of the other network equipment that I've had to deal with. Check Point provides a wizard that walks you through the process and that streamlines the entire process. They also provide instructions on how to go about getting to the wizard and the process that we needed to take to complete that configuration. It was relatively painless.
The replacement was configured in one day and deployed the next, with no issues.
There are five of us in our company who have management access. I'm the network administrator, and I've got four IT technicians who work under me and assist in the firewall configuration and deployment.
What about the implementation team?
I don't believe we've ever had to actually call Check Point to assist with anything. It's pretty straightforward. The wizard does most of the work and we have all the instructions we need. It's pretty much all done in-house.
What was our ROI?
I definitely feel it's been worth our investment. Check Point is there to help when we need them. Our downtime has been very minimal, and when we do have issues, they're there to help us. They're there to get us back up and running as quickly as possible. It's definitely been worth its weight.
What's my experience with pricing, setup cost, and licensing?
One of the main reasons that we went with Check Point is that they provide a good solution for a firewall but at an affordable price. As a state agency, we can't afford Cisco Firepower. It's just out of our budget to be able to pay for something where licensing and hardware are so expensive. Check Point has really met our needs for a budget-friendly solution.
We pay a yearly support fee in addition to the standard licensing fees with Check Point.
Which other solutions did I evaluate?
I've worked with Cisco routers and firewalls. I've worked with Ruckus switches and routers, and Aruba access points.
A drawback with these products is their stability. Almost all other networking devices I've seen need to be rebooted over time. If they're left unattended for extended periods of time, we experience some sort of downtime. That is not an issue with our Check Point products.
What other advice do I have?
Do your research and look into cloud solutions. Check Point offers many cloud services, and that's where everything's moving, towards the future. Research the different appliances and solutions that Check Point offers and find out what works best for your particular situation.
The biggest lesson I have learned from using Check Point's firewalls is not to be afraid to call for help. There are times where I may be trying to figure something out myself, when in all reality, all I need to do is call Check Point customer support. They'll explain to me why something is configured a certain way, or if there's a better way that I could go about configuring something, and things of that nature. They have been very helpful and have saved me time, anytime I've called.
I can't think of any additional features their NGFW needs that we don't already have access to. I know there are features such as moving the dashboard toward the cloud, and I think that's beneficial, but it's something they already offer. We just don't take advantage of it right now.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Network Engineer at LTTS
Helps with security against upcoming and unknown threats and activities
Pros and Cons
- "It secures my organization. With the application blade, I can make security as application based and the custom application is also very useful. With identity awareness blades we get insights on our local users who are accessing/passing through the respective rule as users. We also use the DLP, IPS, and VPN features."
- "Our SAM rule is also not working to block the IP address which we don't allow in our organization so we have to create a traditional rule base block which is a time-consuming job for me and my team."
What is our primary use case?
I have been using this solution since the GAIA OS R77 was there. I am using it for my day to day access such as policy creation, policy modification, and also regularly policy disabling and deletion. I have 17K+ users in my organization, 100 + client to site VPN and I have a number of S2S as well. My daily job is health checkup, security log monitoring and incident management, daily IPS checks, threat presentation reports and to analyze the risk and take necessary action on that as well.
How has it helped my organization?
It secures my organization. With the application blade, I can make security as application based and the custom application is also very useful. With identity awareness blades we get insights on our local users who are accessing/passing through the respective rule as users. We also use the DLP, IPS, and VPN features. We have multiple site to sites with our clients and it is very easy to configure and manage.
What is most valuable?
IPS helps with security against upcoming and unknown threats and activities. We regularly check the report and as per daily report we will check the risk and prevent each alert that is critical based on our business requirement and make it secure.
IPSec VPN is also our key feature as our organization having widely customer across globe so it is very good feature to us to connect and run our business with them very smoothly and softly.
What needs improvement?
The unknown category has been a pain point. We cannot understand this category and the Check Point engineers are also stuck with it. If we enable HTTPS inspection then without this category my URL will stop working. This has a huge impact on my business. We are still running without HTTPS inspection even in a monitoring mode.
Our SAM rule is also not working to block the IP address which we don't allow in our organization so we have to create a traditional rule base block which is a time-consuming job for me and my team.
For how long have I used the solution?
I am using this solution for four years.
What do I think about the scalability of the solution?
This is widely scalable solution.
How are customer service and technical support?
I would say not much exp and not lower, average technical support. We are struggling in most of the cases.
How was the initial setup?
Very easy.
What about the implementation team?
In-house team and technical support team.
What was our ROI?
I would say it's complete ROI for us.
What's my experience with pricing, setup cost, and licensing?
Setup is easy, in my short tenure I have done multiple migrations and have set up our new organization. For cost and pricing, I don't have an idea.
What other advice do I have?
This is a very good and best solution as a perimeter device for NGFW.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
OPNsense
Sophos XG
Cisco Secure Firewall
Palo Alto Networks NG Firewalls
Azure Firewall
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Fortinet FortiGate-VM
SonicWall NSa
Sophos XGS
Untangle NG Firewall
KerioControl
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How does Check Point NGFW compare with Fortinet Fortigate?
- Is Palo Alto Networks NG Firewalls better than Check Point NGFW?
- Which would you recommend - Azure Firewall or Check Point NGFW?
- Is Check Point's software compatible with other products?
- What do you recommend for a corporate firewall implementation?
- Comparison of Barracuda F800, SonicWall 5600 and Fortinet
- Sophos XG 210 vs Fortigate FG 100E
- Which is the best network firewall for a small retailer?
- When evaluating Firewalls, what aspect do you think is the most important to look for?
- Cyberoam or Fortinet?
I have very good command on Checkpoint NGFW