Try our new research platform with insights from 80,000+ expert users
Anil Redekar - PeerSpot reviewer
Network and Security Engineer at a consultancy with 10,001+ employees
MSP
Top 5
Good pricing, straightforward to set up, and offers a very good distributed deployment
Pros and Cons
  • "The solution can scale."
  • "We would like to see constant improvement in anti-malware functionality and anti-threat protection."

What is our primary use case?

In our organization, we are using distributed device management. Here, management and distributed devices are separate deployments. Therefore, our management is very easy in our organization for traffic management. Here, tier architectures are used. That smart console, smart getaway, and management are different devices. Each device is connected to the other. 

Threat prevention is used as well. Basically, threat prevention is used for preventative management traffic entering into our internal organization. The hash value is used whether traffic is legitimate or not for distributed traffic. 

We are using Check Point for URL filtering. 

How has it helped my organization?

In our organization, we are using policy configurations where various policies are configured for internal to outside organization communication, and our DM's are there too. Various zones are created in our organization. 

For each particular zone, if I want to communicate with the external zone, then I need to create a policy for internal to external. Various rules can be created, particularly for organization communication outside the organization. It will be configured in our organization and four gateways are there allowing for our four different locations to communicate. 

In our HR deployment, hiring deployment, there is a new and legacy mode that we are currently using.

What is most valuable?

The distributed deployment is very helpful. This way, the burden on each device is less and management is very easy and CPU process utilization will be not high on a particular device - it'll be distributed on each device. Management is very easy.

We like that it is a next-generation firewall where hackers would need to inspect down to a seventh layer, an application layer, and that offers us better protection. 

The initial setup was straightforward.

The solution can scale.

What needs improvement?

We would like to see constant improvement in anti-malware functionality and anti-threat protection.

Various functions affect our organization's traffic performance.

They need more focus on the stability of IP security.

Buyer's Guide
Check Point NGFW
March 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.

For how long have I used the solution?

The organization has used the solution for five years, however, I only joined the company two years ago. 

What do I think about the stability of the solution?

It provides very good stability for traffic management and network flow. We monitor various locks that will be there for internal and external traffic. I'd like, however, more stability of IP security, more of that is needed. Sometimes there is an issue in IP security clarity.

What do I think about the scalability of the solution?

The scale is currently very good. In our organization around 3000 or more employees use it. There is two IT personnel that will configure 30 Check Points, 13,500 gateways will be there and it will handle around 3000 plus employees. 

We will increase usage. Currently, one new branch will be open. They are also migrating from Fortinet to Check Point's firewall. The previous they did 40 deployments here, however, currently they're migrating to the Check Point next-generation firewall.

How are customer service and support?

Tech support is very good. After logging the call, if there is an issue discovered, they are very supportive. They are helpful and responsive. We've very happy with them.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used to use Fortinet, however, it did not go deep enough and check down to layer seven.

How was the initial setup?

The initial setup was straightforward. That said, I wasn't part of the initial setup, as it was set up before I came to work with the organization.

What's my experience with pricing, setup cost, and licensing?

I'm comfortable with the licensing. The pricing, for what you get, is pretty reasonable. 

What other advice do I have?

I'm an end-user of the product. I don't have a specific business relationship with the company.

I'd rate the solution at a ten out of ten.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
PeerSpot user
Sitti Ridzma Salahuddin - PeerSpot reviewer
System Engineer at Trends and Technologies, Inc
Reseller
Top 5
Offers good protection
Pros and Cons
  • "Check Point NGFW is popular because of the protection it offers."
  • "The pricing and UI need to be improved."

What is our primary use case?

We use the solution for threat protection in the banking and finance sectors.

What is most valuable?

Check Point NGFW is popular because of the protection it offers. 

What needs improvement?

The pricing and UI need to be improved. 

The enterprise is quite expensive. There are small boxes that are competitive enough.

For how long have I used the solution?

I have been using Check Point NGFW for a year.

What do I think about the stability of the solution?

The product is stable.

I rate the solution’s stability a nine-point five out of ten.

What do I think about the scalability of the solution?

The solution can scale up to enterprises.

I rate the solution’s scalability a nine-point five out of ten.

How was the initial setup?

The initial setup is easy, but maintenance is very difficult. Deployment and fine-tuning take a day.

What was our ROI?

There were no glitches or issues. We were able to achieve a positive ROI for our business. It saved them a significant amount of money that would otherwise have been spent on dealing with ransomware activities.

What's my experience with pricing, setup cost, and licensing?

The product is expensive and costs around one-point-five million.

I rate the product’s pricing an eight out of ten, where one is cheap, and ten is expensive.

What other advice do I have?

Thorough planning is essential when implementing a Check Point NGFW. You need a checklist outlining what policies to establish. While the installation is straightforward and does not require much effort beyond obtaining a license, creating and configuring policies can be time-consuming. Therefore, allocating sufficient time and resources to policy creation is crucial to ensure effective security management.

Overall, I rate the solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
PeerSpot user
Buyer's Guide
Check Point NGFW
March 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
SanjeevKumar20 - PeerSpot reviewer
Network Security Engineer at NTT Security
Real User
Top 5
Issue-free with excellent support and training
Pros and Cons
  • "I came across the Check Point Infinity AI feature in one of the Check Point webinars, which I believe is unique and will be very useful in the future."
  • "The upgrade process of Check Point could be simplified to match other products."

What is our primary use case?

Currently, we utilize Check Point firewalls, IPS, site-to-site VPN, and remote access VPN features for our various client operations.

We have implemented a cloud firewall for one of our customers and primarily handle perimeter security using Check Point firewalls for multiple customers.

We also handle POCs, implementation, upgrades, and daily security operations as part of our services.

We are distributor partners who also distribute Check Point products to our customers. We recently convinced our clients to use Check Point firewall services and signed a contract with them.

How has it helped my organization?

We have not received any issues from any clients using Check Point services so far. It is really great to use and up-to-date. In Check Point, we have never seen it hit any vulnerabilities like other products.

Also, the TAC support from Check Point is excellent. I really appreciate it when dealing with complex issues. It allows us to easily obtain vendor support without many issues compared to other products.

Certifications and training from Check Point are valuable. I recently attended a boot camp and found it both knowledgeable and enjoyable.

What is most valuable?

Recently, I came across the Check Point Infinity AI feature in one of the Check Point webinars, which I believe is unique and will be very useful in the future.

Also, Check Point Harmony and Quantum deliver uncompromising performance with advanced threat prevention, policy management, remote access VPN IoT security, SD-WAN, and more.

Infinity Threat Prevention is an innovative management model. It provides zero-maintenance protection from zero-day threats and continuously and autonomously ensures that your protection is up-to-date with the latest cyber threats and prevention technologies.

What needs improvement?

The upgrade process of Check Point could be simplified to match other products.

For some of the MSSP partners, Check Point should personally go and give demos to them. This way, the MSSP can show their clients what Check Point is capable of and what kind of new technologies and features Check Point is coming up with.

Adding automation for upgrades and hotfix installation would be a beneficial new feature for administrators from an operations standpoint. Additionally, Check Point should pay more attention to endpoint security; they are currently lacking in that area compared to other competitors.

For how long have I used the solution?

I've been using Check Point products for more than eight years.

What do I think about the stability of the solution?

The solution is 100% stable. 

What do I think about the scalability of the solution?

The solution offers 100% scalability.

How are customer service and support?

Technical support is very good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

No; we have multiple clients, so we use multiple products.

How was the initial setup?

The setup is fine; I've only faced issues during upgrades.

What about the implementation team?

The expertise of the vendor is excellent. I'd rate them ten out of ten.

What was our ROI?

The ROI is really good.

What's my experience with pricing, setup cost, and licensing?

In terms of cost, pricing, and licensing, Check Point is not very expensive or complex.

Which other solutions did I evaluate?

We did not evaluate other options. 

What other advice do I have?

My overall experience is really good. I am enjoying working with Check Point products, especially on the firewall. It's much easier compared to other firewalls.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Champika Wijewickrama - PeerSpot reviewer
Senior Network Security Engineer at EIT
Real User
Top 10
Enables exceptional security with its comprehensive suite of features and ensures robust protection against cyber threats
Pros and Cons
  • "One of the most advantageous features of Check Point firewall is its multi-interface capability."
  • "There's a significant area for improvement when it comes to pricing."

What is our primary use case?

Our customers have been using it for the network security.

How has it helped my organization?

Unlike Fortinet, where the log loading process can take up to a month, Check Point stands out for its efficiency. While other solutions may only provide logs for a short period, such as one or two months, Check Point impressively retains logs for up to six months on some machines and at least three months on others. This extended log retention period is a significant advantage for our customers, providing them with valuable insights and enhancing their overall security posture.

What is most valuable?

One of the most advantageous features of Check Point firewall is its multi-interface capability. While traditional firewalls typically have a single interface, Check Point stands out by offering tools with multiple interfaces. This capability, now known as SmartConsole, allows users to manage policies, security objects, and routing points all from one dashboard. This contrasts with other firewalls where users often have to log in separately to access different functionalities. The hierarchical structure of communication and management in Check Point firewalls adds complexity, making it more challenging for attackers to exploit vulnerabilities. Additionally, Check Point introduced SD-WAN functionality in December 2013, further enhancing its capabilities and staying ahead of the curve in network security.

What needs improvement?

There's a significant area for improvement when it comes to pricing. While frequent updates and patches are released, which is commendable and adds significant value, the loading time for SD-WAN updates can be excessively long.

The feature we're eager to see enhanced in Check Point is reporting, particularly in terms of highlighting past reports. Currently, if we create a rule for a report in the morning, we expect to receive an email highlighting it. While we can set this up, the issue lies in segregating the project into separate reports.

For how long have I used the solution?

I have been working with it for five years.

What do I think about the stability of the solution?

Occasionally, we face certain issues and downtimes. Downtime varies depending on the type of changes or updates being made. For instance, a version upgrade typically requires only fifteen minutes for reboots. However, for patch updates or version updates, downtime can extend to at least one hour. In some cases, especially in custom environments, downtime may exceed two to three hours.

What do I think about the scalability of the solution?

It provides good scalability. Despite having only three customers, I've implemented the firewall for over a thousand users. These users are situated in factory environments, meaning there are thousands of endpoints, including those connected via VPN.

How are customer service and support?

I am relatively satisfied with the level of technical support provided. We primarily work with Indian support teams, and while some technical engineers are exceptionally intelligent and quick to resolve issues within ten to fifteen minutes, others may take longer. However, the crucial aspect is that they eventually provide an answer or escalate the issue if needed. When I contact support, I first inquire about the assigned person, and if I am familiar with them, I proceed with the interaction. Otherwise, I prefer to escalate the query to another region to avoid wasting time. I would rate it eight out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have experience working with Fortigate and Palo Alto in the past. In Sri Lanka, Check Point has a strong marketing presence, which influences customer decisions.

How was the initial setup?

The initial setup can be complex and may pose a challenge, especially for those without prior experience. Setting it up for the first time requires careful attention and a level of expertise to navigate effectively.

What about the implementation team?

The deployment process begins with configuring the firewall's IP and other settings. Once this initial configuration is complete, we proceed to the AI portal. In the AI portal, the first step is to configure the interfaces. After configuring the interfaces, we proceed to install the created interface. Next, we move on to the SmartConsole. To access the SmartConsole, we download it from the app portal. Once the SmartConsole is installed, we can easily create rules for logging purposes, manage objects, configure networking, and VPN, and other technical tasks from the SmartConsole. Routing and related tasks are typically handled in the data portal. One individual is enough for the deployment. The duration of the setup process varies depending on factors such as the complexity of the customer's environment and the site architecture. For instance, in a relatively simple scenario with just two VLANs and a couple of VPNs, the configuration could be completed within a few working days. Maintenance is essential, with upgrades and patch updates being mandatory at least once every six months. This ensures the system remains up-to-date and secure.

What was our ROI?

Our customers are pleased with the return on investment. The occasional bugs and updates, common to all firewalls including Check Point, are being addressed promptly. The platform is regularly updated to ensure optimal performance.

What's my experience with pricing, setup cost, and licensing?

The price is on the higher side.

What other advice do I have?

While the cost may be a consideration, the level of security provided by Check Point is exceptional. In my experience, I have not encountered any cyber attacks. The only negative experience was not related to the firewall but rather to customer issues with the router. It's important to remember that compromising security for cost savings can ultimately lead to vulnerabilities. Therefore, investing in high-security solutions like Check Point is worthwhile. Overall, I would rate it eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Nagendra Nekkala - PeerSpot reviewer
Senior Manager ICT & Innovations at Bangalore International Airport Limited
Real User
Top 5Leaderboard
A scalable and user-friendly tool that can be customized and deployed easily
Pros and Cons
  • "The product is very user-friendly."
  • "It will be good if the product is rack-mounted."

What is our primary use case?

We use the solution as a perimeter firewall. We also use it for endpoint security and VPN.

What is most valuable?

The product is very user-friendly. The configuration can be managed and customized as required. We can customize the tool for each stakeholder.

What needs improvement?

It will be good if the product is rack-mounted. The product must be updated to protect users from the latest firewall threats.

For how long have I used the solution?

I have been using the solution for almost six years.

What do I think about the stability of the solution?

The tool is very stable.

What do I think about the scalability of the solution?

The tool is easily scalable. Almost 2000 people are using the product in my organization.

How are customer service and support?

The support is good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We also work with other vendors. Check Point is as good as its competitors, but its cost is a bit higher.

How was the initial setup?

The initial setup is very easy. One firewall engineer can deploy the product within a few hours. It is very easy to maintain the tool. We need only one person to maintain it.

What's my experience with pricing, setup cost, and licensing?

The tool is a bit expensive. The product’s operational cost is very high. We pay a yearly licensing fee. We also pay for support.

What other advice do I have?

Check Point is the most user-friendly solution. It can be configured quickly. Overall, I rate the product an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1768698 - PeerSpot reviewer
Jr. ISO at BancNet, Inc.
User
Easy to deploy with good pricing and excellent advanced security capabilities
Pros and Cons
  • "Only allows authorized connections and prevents vulnerabilities in a network."
  • "Check Point should improve services related to the cloud-based solution."

What is our primary use case?

Checkpoint Firewall provides advanced security for the organization and its connection to the members/participants. The Check Point FW controls access and traffic to and from the internal and external networks. The Check Point Firewall rule base defines the access control and network performance to help our organization achieve the below security goals:

  • Only allows authorized connections and prevents vulnerabilities in a network
  • Gives authorized users access to the correct internal networks
  • Optimizes network performance and efficiently inspects connections

How has it helped my organization?

Check Point Firewall provides advanced security for the organization. The FW controls access and traffic to/from the internal and external networks. The Firewall rule base defines the access control and network performance to help our organization achieve the below security advantages:

  • Only allows authorized connections and prevents vulnerabilities in a network
  • Gives authorized users access to the correct internal networks
  • Optimizes network performance and efficiently inspects connections
  • Protection of all assets from internal and external threats

What is most valuable?

The following features are most valuable: 

  • Threat prevention
  • Malware prevention
  • IPS
  • IDS

What needs improvement?

Check Point should improve services related to the cloud-based solution. Due to these challenging times, most organizations seek to move to cloud-based implementation to minimize the cost and for easy deployment, access, and remote support. 

The Next-Generation Firewall should also be focused on zero-day threats as attacks have improved the past few years. They need to ensure that all connections and nodes are being protected. 

Sandblast technology is also a good tool as it offers enterprise solutions on malware detection and prevention.

For how long have I used the solution?

I've used the solution for five years.

What do I think about the stability of the solution?

The solution is stable and can support all OS deployments. It's easy to manage.

What do I think about the scalability of the solution?

We recommend the product as it is excellent and very scalable.

How are customer service and support?

There have been no issues regarding the support from Check Point and the local vendor.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used Fortinet.

How was the initial setup?

The initial setup was straightforward. 

What about the implementation team?

We did the deployment in-house and with a vendor team. The level of expertise was a 10/10.

What's my experience with pricing, setup cost, and licensing?

The solution is easy to deploy. The pricing is lower than other solutions. We've had no issue with licensing.

Which other solutions did I evaluate?

We looked into Watchguard, Palo Alto, and Sophos.

What other advice do I have?

We need more information on the ability to collaborate enterprise support.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sr. Network Engineer at a tech services company with 1,001-5,000 employees
Real User
Provides us with more security features than our previous solution and everything is managed from a central device
Pros and Cons
  • "There are also additional features, compared to a Layer 4 or Layer 3 firewall, such as AV signatures and devices, which are very helpful for securing the company's network."
  • "The only thing which I think should be improved is that training should be increased. In my position I also interview potential employees and I haven't found many people in the market, nowadays, who are familiar with the Check Point firewall. They are more familiar with Palo Alto and Cisco ASA and they are more comfortable with them."

What is our primary use case?

We use Check Point firewalls to secure our internal network from the outside world and to provide a good, comfortable, and secure environment for our employees.

We have various models from the R80 series, such as the R80.10 and the R80.30.

How has it helped my organization?

Before, we were using firewalls from Palo Alto. The benefit of the Check Point firewall is that it has more security features. It has antivirus signatures and additional features for which we should require additional hardware devices in the firewall. It also gives us a central management system, which was not present in the Cisco ASA.

What is most valuable?

Check Point's Next Generation Firewall has many good features. It has a central management system, and that means we do not have to go to each and every firewall to configure it. We can manage them with the central device. 

There are also additional features, compared to a Layer 4 or Layer 3 firewall, such as AV signatures and devices, which are very helpful for securing the company's network.

What needs improvement?

The only thing which I think should be improved is that training should be increased. In my position I also interview potential employees and I haven't found many people in the market, nowadays, who are familiar with the Check Point firewall. They are more familiar with Palo Alto and Cisco ASA and they are more comfortable with them. Check Point is one of the good firewalls and training should be increased by the company so that more people are familiar with it and with their switches.

For how long have I used the solution?

I have been using Check Point's firewalls for the last three-and-a-half years.

What do I think about the stability of the solution?

The stability is very good. The updates we get for the antivirus and the URL filtering sites are also very nice and happen very often. That is a good thing because there are various new attacks coming out but we get their updates on time. 

What do I think about the scalability of the solution?

In terms of the scalability, it is very easy to extend the utilization of Check Point firewalls. We did so in the past. We extended our environment in our organization and it was very easy to extend it.

We have around 4,000 to 5,000 people who are using the Check Point firewalls directly or indirectly. They are passing their traffic through it. Expansion of our usage completely depends on the organization. If they want to do so they will tell us and, if that happens, we will definitely go for Check Point firewalls.

How are customer service and technical support?

We have used Check Point TAC to resolve our issues. We have had good support. They have good engineers there.

Which solution did I use previously and why did I switch?

We were using Palo Alto and Cisco before and we replaced them with Check Points.

We used Palo Alto in a  few of our sites, but we found Palo Alto was more expensive and its updates and services were also more expensive compared to the Check Point firewall.

Cisco is a very basic firewall in the market, and it has a limited set of features, compared to Palo Alto and Check Point. Palo Alto has rich features, but it is one of the more expensive firewalls in the market. The Check Point firewall is not too expensive, but it is also a third-generation firewall.

The drawback of the Check Point firewall is the lack of training materials. That should be increased.

How was the initial setup?

We have a team of seven to eight people who have all installed and configured environments so the initial setup, for us, was a very straightforward process. And these are the people who handle maintenance of the firewall and manage it, during different shifts. They are all network engineers.

It took us between nine and 12 months to do the implementation. We have Check Point hardware so we followed the recommended, three-level architecture, in which there is a SmartConsole, the hardware security gateway firewall, and the central management device.

What's my experience with pricing, setup cost, and licensing?

The pricing is good. It is less than Palo Alto's firewalls. Check Point has the same features as Palo Alto, but the licensing and cost of these firewalls are not too expensive. It is one of the best firewalls in the market in this range.

What other advice do I have?

Check Point firewalls have many features. Before configuring it in an environment, you should know each and every feature of the firewall. You should also follow the three-level hierarchy which is recommended by Check Point.

There are a few add-on features for Check Point firewalls. I only learned that by using the firewalls. I'm very happy with the way Check Point is progressing. They continue to work on their firewalls even after making their name. That is something we should follow in our lives as well: Once we have made our name, we should not stop there. We should further build the reputation of the company and product.

We are very happy with the Check Point firewalls. The only thing missing, as I mentioned earlier, is that training should be increased for the firewall by the organization. Otherwise, we are very happy with investment in this solution.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Network security engineer at Fidelity Bank
Real User
Enabled us to virtualize multiple firewalls on one machine
Pros and Cons
  • "The most valuable feature for us is the VSX, the virtualization."
  • "The VPN part was actually one of the most complex parts for us. It was not easy for us to switch from Cisco, because of one particular part of the integration: connecting the Check Point device to an Entrust server. Entrust is a solution that provides two-factor authentication. We got around it by using another server, a solution called RADIUS."

What is our primary use case?

We use it for VSX virtualization and we use it for normal firewall functions as well as NAT. And we use it for VPN. We don't use a mobile client, we just use the VPN for mobile users.

How has it helped my organization?

We are able to virtualize about four firewalls on one machine. Before, we needed to have four firewall hardware devices, physical devices, from Cisco. We had four appliances, but now, with Check Point, we just have one. We can manage them, we can integrate them, and we can increase connections using one and the other. It has broken down connection complexities into just a GUI.

Also, previously we had downtime due to memory saturation with our old firewalls. We were using Cisco ASA before. During peak periods, CPU utilization was high. Immediately, when we switched to Check Point, that was the first thing we started monitoring. What is the CPU utilization on the device? We observed that CPU utilization stayed around 30 percent, as compared to 70 percent with the Cisco we had before, although it was an old-generation Cisco. Now, at worst, CPU utilization goes to 35 percent. That gives us confidence in the device. 

In addition, the way Check Point built their solution, there is a Management Server that you do your administration on. You have the main security gateway, so it's like they broke them down into two devices. Previously, on the Cisco, everything was in one box: both the management and the gateway were in one box. With Check Point breaking it into two boxes, if there's a failure point, you know it's either in the management or the security gateway. The management is segmented from the main security gateway. If the security gateway is not functioning properly, we know that we have to isolate the security gateway and find out what the problem is. Or if the management is not coming up or is not sending the rules to the security gateway, we know there's something wrong with it so we isolate it and treat it differently. Just that ability to break them down into different parts, isolating them and isolating problems, is a really nice concept.

And with the security gateway there are two devices, so there's also a failover.

What is most valuable?

  • The most valuable feature for us is the VSX, the virtualization.
  • The GUI is also better than what we had previously.
  • The third feature is basic IP rules, which are more straightforward.
  • And let's not forget the VPN.

The way we use the VPN is usually for partners to connect with. We want a secure connection between our bank and other enterprises so we use the VPN for them. Also, when we want to secure a connection to our staff workstations, when employees want to work from home, we use a VPN. That has been a very crucial feature because of COVID-19. A lot of our people needed to work remotely.

What needs improvement?

The VPN part was actually one of the most complex parts for us. It was not easy for us to switch from Cisco, because of one particular part of the integration: connecting the Check Point device to an Entrust server. Entrust is a solution that provides two-factor authentication. We got around it by using another server, a solution called RADIUS.

It was very difficult to integrate the VPN. Until now, we still don't know why it didn't work. With our previous environment, Cisco, it worked seamlessly. We could connect an Active Directory server to a two-factor authentication server, and that to the firewall. But when we came onboard with Check Point, the point-of-sale said it's possible for you to use what you have on your old infrastructure. We tried with the same configurations, and we even invited the vendor that provided the stuff for us, but we were not able to go about it. At the end of day they had to use a different two-FA solution. I don't if Check Point has a limitation in connecting with other two-FAs. Maybe it only connects with Microsoft two-FA or Google two-FA or some proprietary two-FA. They could work on this issue to make it easier.

Apart from that, we are coming from something that was not so good to something that is much better.

For how long have I used the solution?

I have been using the Check Point Next Generation Firewall for 10 months.

What do I think about the stability of the solution?

The stability of Check Point's firewall, for what we use it for now, is pretty good. Especially, with the licensing of blades and the way they script it down into different managers. You have a part that manages blades, you have the part that manages NAT, and you have the part that manages identity. The VSX is another one on its own. So it is very stable for us.

When we add more load to it, when we go full-blown with what we want to use the device for, that will be a really good test of strength for the device. But for now the stability is top-notch.

What do I think about the scalability of the solution?

They scale well.

All information passes through the firewall. We have about 8,000-plus users, including communicating with third-party or the networks of other enterprises that we do business with.

How are customer service and technical support?

We've not used technical support. We asked our questions of the vendor that deployed and he was quite free and open in providing solutions. Anytime we call him we can ask. He was like our own local support.

There is also a Check Point community, although we've not really been active there, but you can go and ask questions there too, apart from support.

How was the initial setup?

The initial setup was pretty straightforward.

It took a while about a month, but it was not because of the complexity. It was because we gave them what we already have on the ground. We were on Cisco before and they had to come up with a replica of the configurations for Check Point. When they got back to us we had to make some corrections, and there was some back-and-forth before everything finally stabilized.

Four our day-to-day administrative work, we have about four people involved.

What about the implementation team?

We used a Check Point partner for the installation. I was involved in the deployment, meaning that while they were deploying I was there. They even took us through some training.

What was our ROI?

We have surely seen ROI compared to the other vendors I mentioned, in terms of costs. And we tested all the firewall features to see if it is doing what it says can do. And so far so good, it's excellent. It's a good return.

What's my experience with pricing, setup cost, and licensing?

Check Point offers good solutions, but it won't kill your budget.

Going into Next-Generation firewalls, you should know what the different blades are for, and when you want to buy a solution, know what you want to use that solution for. If it's for your normal IP rule set, for identity awareness, content awareness, for VPN, or for NAT, know the blades you want. Every solution or every feature of the firewall has license blades. If you want to activate a feature to see how that feature handles the kind of work you give, and it handles it pretty well, you can then move to other features.

Which other solutions did I evaluate?

We evaluated Palo Alto, Fortinet FortiGate, and Cisco FirePOWER.

Check Point was new to the market so we had to ask questions among other users. "How is this solution? Is it fine?" We got some top users, some top enterprises, that said, "Yes, we've been using it for a while and it's not bad. It's actually great." So we said, "Okay, let's go ahead."

What other advice do I have?

I would recommend going into Check Point solutions. Although Check Point has the option of implementing your firewall on a server, I would advise implementing it on a perimeter device because servers have latency. So deploy it on a dedicated device. Carry out a survey to find out if the device can handle the kind of workload you need to put through it.

Also, make it a redundant solution, apart from the Management Server, which can be just one device. Although I should note that up until now, we have not had anything like that.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.