Check Point NGFW Reviews

This is the perimeter firewall and manages all security facing towards the internet,

It's a distributed solution composed of a Security Gateway and a Security Manager. It controls all the traffic from the LAN to the Internet and the VPN tunnels for connections with external partners. We control the traffic to the internet with blades as URL filtering to manage the bandwidth, limit the use of this resource, and apply the security policies as well as protect the LAN network against advanced threats from the internet to the servers and PCs. 

This solution applies NGFW features to the inside and outside traffic of the networks. The other options did not have sandboxing, reports, and the same advantages as Check Point.

We have a small firewall from another vendor. The solution is working with limitations, as it was designed with Check Point as a security solution for the perimeter with more security features for covering our network requirements and specifications and preventing advanced threats from the internet to our servers and PCs. 

The sandbox feature is great.

The Sandblast blade is a very powerful solution that works against archives infected with ransomware.

The anti-malware is quite effective as many applications can be infected with any kind of malware with the goal of interrupting the productivity of our work equipment.

The reporting is great.

With this solution, we have had many kinds of logs and a very friendly way to view them. Now can we know what is happening within the network's traffic.

The performance has been very good. 

This security solution has grown more options and has expanded slots, including RAM slots, Optical Fiber slots, and various other features.

The anti-spam needs improvement.

A weakness with the Check Point solutions is the anti-spam, as they have a partnership with some solutions for anti-spam. They should have their own solution. We have email provided through Office 365 and they have their own way to fight spam and, due to this, we haven't bothered looking into anti-spam options. That said, Check Point is the most adapted to our necessities.

I consider the price of this solution high. It is very good, however, the prices are high - it's like buying a car.

I've been using the solution since 2018.

We changed from an older solution as it worked for five years and was old. It wasn't equipped for the new generation threats.

The price should be considered, however, it shouldn't be the only reason you choose the solution, or not.

We also evaluated WatchGuard, Palo Alto, and FortiGate.

We use the solution as a frontend firewall in our headquarters and in our branches. We use packet inspection, the antispam feature, and the VPN. We have configured threat prevention and content awareness to improve security on incoming email and on web surfing from interlan networks wits SSL inspection. Mobile access through the VPN mobile client is also used from all outside workers and is fully integrated with our AD. We also use the solution to route traffic on internal networks and manage security through client and server networks.

We have improved our performance and bandwidth through the networks. Security is also improved. We have better control over the logs and better integration with our SIEM. 

We can also manage all our firewall from a central management console so each policy is under control and can be developed better. Inline policies help to understand on the correct use of the policies and a more readable list. We can also manage policies in two or more people at once without problems or risk of making the wrong policy.

VPN and mobile VPN are extremely valuable to us. The policies are simple to deploy to the new branches. 

All policies can be deployed and managed in a very simple way. 

AD single sign-on with VPN mobile is very helpful and simple to manage and deploy. 

Log management is also a good place to make troubleshooting and through console manage events. 

Management of the object is also a valuable feature. At every point in the console you can manage object properties and look to each policy where it is used and simply change or find where the object is involved.

Some features, like the VPN, antispam, data loss prevention, etc., are managed in an external console. In the future, I'd like all features in the same console, in one place, where we can see and configure all features. I'd like a web console so that all firewalls can be managed from a web browser and we don't need to be installed on dedicated consoles and applications. 

I use the web console to mange the Gaia software in the firewall and it would be nice to have also policy management inside the web browser. 

I've used the solution for four months.

It is very stable. We have reboot only to install updates.

We chose the solution for scalability and now we are running with all branches with a Check Point firewall. The solution is meeting our expectations.

We do not need customer support.

Positive

We did use a different solution. We switched to improve security.

It was complex to set up due to the fact that we changed our mind on how the firewall works. Central management is hard to improve.

We implemented it through a vendor. There was not a high level of expertise, however, I took a course with Check Point and that was very clear and now I'm very expert on the Check Point world.

We have seen an ROI in that we need less time on managed policies and we have better control.

The cost is high but the benefits are too.

We also looked at Palo Alto, WatchGuard, and Fortinet.

The solution is a good solution and at the top of the market.

We used this firewall to replace a faulty Cisco 2500. The main solution needed packet filtering and port restriction. We found the functionality handy for filtering email spam. There's a helpful API embedded in the device. 

The online version of the documentation is well written.

The speed of the device is really impressive as it is able to process 1.8 GPS, which is a big improvement over the older device.

The delivery time was really fast. With the help of the reseller, we got the device in less than three days.  

As a replacement for an old solution in the office, we were not expecting big improvements with the firewall. However, we had noticed an improvement while we added rules into the system. The new GUI is really nice and easy to use.

We are now able to use infrastructure as a code and add the firewall into the pipeline with terraform as a controller and everything works really well. 

The API is handy and we are now testing how we can add rules via code. Also, the GUI is easy to use.

The Terraform module for Check Point is complete and really useful for managing the firewall.

Mail filtering is a really good feature that we are implementing for scam protection. 

The graphic interface is really easy to use and easy to teach to other members of the team.

The online documentation is complete and easy to read and understand.

The 3-year warranty offered is nice to have with no extra costs needed from us.

The exterior of the physical device can be improved with the use of a display and not just simple lights.

All the physical devices located in the rack are similar, Just a box with some small lights that does not provide too much information. 

For. me as a final user I will be happy if I can get a display that can show the error code when is a failure and not a simple  red led (This is the common practice). 

I just want more information when I'm on front the device. i know always can walk to my desk and check the GUI with the documentation and the information required. 

I've used the solution for three months now.

I have not had any issues since the moment of installation.

Users get a really nice performance in the order of 2.5 GPS.

Technical support is excellent. I do not have any complaints.

Positive

Yes. We used to use a Cisco 2500 and a Fortinet 110C. 

The Check Point device is better and the speed is superior.

We got full support from the provider and the manufacturer.

The vendor did all the migration in just a couple of hours.

I'm not involved in finance. I can't speak to any ROI.

I was not involved in the pricing; I was only involved in the installation and use it regularly.

The provider offers us the device in three days with the support to import the existing rules and make the migration. We didn't evaluate anything else. 

I really love the device and would choose it over the Cisco and the Fortinet 110C.

We first deployed Check Point for our clients. Our first client wanted to deploy the security appliances in a cluster solution for their network infrastructure solution. The NGTW chosen was the 5800 series and it was deployed as a software solution on clients' servers. Everything is going smoothly and the client seems happy with our proposal.

For our client, it is extremely important to protect the internal network infrastructure from any malicious attempt to break into their critical data. The NFGW cluster has been a step towards greater visibility in regards to their internal operations. The logs give a very detailed panorama of risks.

URL filtering, Application Control, and the Intrusion Prevention System are the features that almost every client wants to be guaranteed by their security appliances. 

Check Point NGFW also generates very helpful reports based on the logs of the activated features, including the features mentioned (URL filtering, Application Control, and the Intrusion Prevention System, as well as anti-bot and anti-spam). 

Sandblast is also a great feature, soon to be added to this solution through endpoints.

The appliances are quite intuitive and easy to be used. The hotfixes are useful and often released with notifications sent to the client.

There have been a few requests/issues about the Identity Awareness feature. The connection to AD, which was a request from the user, required the TAC team's support. 

I've been using the solution for more than 3 years.

This solution is stable and its replacement will not be needed for some time. Security is a need, and as such, it should be a permanent investment.

It seems pretty scalable. Scalability is one of the features that make Check Point different from other vendors. Most of the Quantum series are usable with the Maestro solution, where the client can practically add up other appliances on top of the previous one, without replacing it.

Cases don't always get a resolution immediately, however, the TAC team is supportive and through continuous interactions and suggestions, all cases have been resolved (within 1-2 weeks when they are not urgent).

Positive

For our own infrastructure, Check Point was the first vendor chosen.

The implementation is straightforward. The setup is clear and simple, much like any other software nowadays.

We did an in-house implementation.

The biggest investment is the initial one when you purchase the solution. It needs very little maintenance, and the automation it offers makes it easy to maintain.

The setup is easy and intuitive, and licensing has good coverage to meet the needs for most of the clients. Price is the least favorite element regarding Check Point. Its products aren't the cheapest ones in the market, however, the ratio of value to money is fair.

Fortinet was considered as an option as well.

We primarily use Check Point NGFW for network segmentation and traffic control. It effectively segments our network into zones, allowing us to manage and secure traffic flows between different segments.

The platform's technical support services need enhancement. 

The product is highly scalable and crucial for our large-scale deployment needs. Its scalability is a ten out of ten.

The technical support is generally responsive, although there have been occasional delays in accessing specialized assistance tailored to our needs.

Positive

The deployment was handled by dedicated experts within our organization, ensuring a smooth setup. While I didn't oversee the technical aspects directly, our team found the process straightforward, minimizing operational disruptions.

The product is on the higher end of the cost spectrum, but the investment is justified by its high-quality performance and reliability, which are paramount for our security infrastructure.

Check Point NGFW has consistently provided stable operation which is critical for our organization's security needs.

Managing firewall rules and policies is intuitive and efficient. The interface allows us to quickly adapt to new security requirements and maintain compliance with organizational policies.

I highly recommend it for organizations seeking robust network security.

Overall, I rate it an eight. 

It can function as either a standalone appliance or as part of a clustered solution, offering flexibility to suit the needs of various customers, ranging from small businesses to large enterprises. We have experience working with a diverse clientele across different industries, leveraging Check Point's solutions to provide comprehensive network security tailored to each organization's requirements.

Extracting data from the logs and utilizing the log analyzer tool provides valuable insights and enhances the product's overall effectiveness.

Managing a smaller number of firewalls is straightforward, but as the scale increases, especially with numerous firewall instances, the complexity grows significantly. Scalability should be improved.

I have been working with it for twenty years.

It offers good stability capabilities.

We've encountered challenges related to scalability, particularly with its performance slowing down as the volume of objects in the network grows.

While most engineers are typically responsive, there may be variations in their availability and response times. I would rate its customer service and support eight out of ten.

Positive

I also work with Fortinet, and I find it preferable because it offers a wider range of options. Additionally, its integrated package functions exceptionally well, with seamless coordination between services.

The initial setup process is typically straightforward for most customers. However, when comparing Check Point with other solutions like FortiGate, there's a notable difference in how policy rules are implemented. With Check Point, you need to install the entire policy each time you want to make changes, whereas FortiGate allows for more streamlined updates by simply accepting the modifications. This can sometimes add complexity to installing a new policy with Check Point.

The deployment time varies depending on the scale of the project. For small cases, it may only take a couple of minutes, while larger-scale deployments can span up to a month. Having a skilled engineer is crucial; one proficient engineer can handle the job effectively. Maintenance is relatively straightforward.

While it may be slightly more expensive, when compared with competition it is reasonable. Licenses are renewed annually.

Overall, I would rate it nine out of ten.

Check Point Next Generation Firewall is one of the most secure and stable firewalls present in the market. the integration & implementation of Check Point Next Generation firewall took place due to security concerns, and we were impressed by what this product brings with it.

The integration of Check Point Next Generation Firewall in my organization has taken over one year or so, and it helps to segregate the internal network and build a secure VLAN that separates every department.

Scalability, end-to-end resolution, and customized productive services make Check Point Next Generation Firewall far better than the alternatives present in the market. It has services like navigation, control, and filtering that ensure that all users stay connected to business applications and helps restrict traffic.

The integration of Check Point Next Generation Firewall proved to be highly productive and scalable, and everything was offered at a lower price.

Check Point Next Generation Firewall helped out us drive innovation and growth in our organization. It provided a safe passage for system and data security via its services of navigation, control, and filtering. The product ensures that all users stay connected to business applications and helps restrict traffic.

Overall, the Check Point Next Generation Firewall protects us from all types of internal and external threats while being easy to use and set up.

The integration of the Check Point Next Generation Firewall in my organization has taken over one year. It helps to segregate the internal network and build a secure VLAN that separates every department.

We like the scalability, end-to-end resolution, and customized productive services. This makes Check Point Next Generation Firewall far better than any alternative present in the market.

It offers services like navigation, control, and filtering, which ensure that all users stay connected to business applications.

Check Point Next Generation Firewall Protects systems from all types of internal and external threats.

Check Point Next Generation Firewall requires frequent updates. They need to build a more user-friendly dashboard and have the implementation of more active VPN support.

Apart from this, Check Point Next Generation Firewall customer support service needs to be improved. They need to offer quicker resolution and maintenance during downtime.

Check Point Next Generation Firewall Protects from all types of internal and external attacks and is a must-have software for professionals and organizations.

It has been more than one year since I integrated Check Point NGFW.

I haven't been in integration with any other solution.

We decided on this solution after looking at reviews and comparing prices. Check Point proved to be the best option in the end. 

I would advise others to go for it. It's easy to set up and available at lower pricing than alternatives.

No, we did not evaluate other options. We just compared other alternatives from some review websites and decided to go for Check Point.

It's a must-integrate solution for professionals and organizations.

We use Check Point for the firewall in DMZ and surrounding zones and another product we have. We use a variety of series from 2000, 4000, and 6000 gateways, and also we use Smart-1 and Maestro solutions. 

We apply some features (IPS - Intrusion Prevention System, application control, reporting, antivirus, and anti-spam) using Smart-1 to make day-to-day operation more simple and easy using one management for all gateways. The remote console, such as SSH, is a little complicated, however, you can use it for troubleshooting.

It's improved our organization with simple day-to-day operations with easy tracking of traffic for troubleshooting, with a variety of features. The latest benefit for our company is to save more space for our rack with Maestro and virtualization. 

Some problems may appear and we can open TAC to get assistance from the principal. We also can control more traffic of users to the internet using application control. Our email is more secure using anti-spam and currently, we are in the middle of activating HTTPS inspection to secure our application on the internet.

I enjoy the application control for user traffic control to the internet and the tcpdump command for troubleshooting.

When applying application control, we can ensure user access to the internet in accordance with company policy and easy implementation if some users need exception access.

There is an easy troubleshooting network connection via logs and monitoring menu. We often use this menu for checking connections and if the traffic is not in the logs menu, we can use the tcpdump command from the ssh session to the gateway. It's the fastest way to troubleshoot.

For the migration for Smart-1, I wish the security policy could allow for a migration per gateway. 

There needs to be more storage space for reporting. The storage is always full if the reporting feature is on.

We need HA for Smart-1.

The traffic trekking (logs view) needs to be more accurate. Some traffic is often not in the logs view.

We'd like to have more user friendly menu for import vpn users.

There needs to be more compatibility with SIEM.

It would be great if we could join domains with more than one Active Directory server (active-active).

There needs to be an easy menu for export backup configuration (the current menu always has an error).

The signature information needs more detail. We need to know current update versions and on running versions.

I have been using Check Point since 2010 (12 years).

We already are using a variety of brands.

Sometimes you need to repeatedly upgrade the version or update the patch.

The help we received was good.

The cost is pricey. 

We did not evaluate other solutions first.