Check Point NGFW Reviews

In the search to establish the best perimeter security while achieving standards, protection, reduced expenses, and additional benefits, we found this product. It allows us to see a low return on the investment that could be established. We like the Check Point brand, thanks to the characteristic benefits, evolution, and innovation that the brand has. It's allowed us to establish and meet the needs we have.

The state-of-the-art perimeter firewall we use today has great benefits and an outstanding number of available features put into place. The characteristics on offer have come to give an added value under a single investment, thus offering many advantages. We have achieved and a return on investment and the benefits are consistent with the expectations set in motion. We are managing to correct and protect not only one area, but we are putting into operation additional functions to achieve an appropriate level of security. 

We like that we can create different VPN services connected from site to site or remote desktop connections to establish connections from point to site or from site to site, thus giving us a really high capacity to establish and manage simultaneously. This has allowed us to be a little more flexible, giving each of the members of the organization the possibility of working from home and being able to interconnect with the different branches of our central service quickly, safely, and efficiently. 

The policy installation module should be improved. It needs to be faster and have a complete interface to manage and apply changes more quickly when creating a policy or wanting to modify an existing one. 

One of the features that has been getting better over time is the way you install and apply your policies. Before, they were very slow. Today, it has improved. That said, it could be a little faster and more efficient and thus achieve a fast, light, and efficient installation in the services that are being configured instantly when they are applied.

I've used the solution for one year.

Check Point Next Generation Firewall is one of the most secure and stable firewalls present in the market. the integration & implementation of Check Point Next Generation firewall took place due to security concerns, and we were impressed by what this product brings with it.

The integration of Check Point Next Generation Firewall in my organization has taken over one year or so, and it helps to segregate the internal network and build a secure VLAN that separates every department.

Scalability, end-to-end resolution, and customized productive services make Check Point Next Generation Firewall far better than the alternatives present in the market. It has services like navigation, control, and filtering that ensure that all users stay connected to business applications and helps restrict traffic.

The integration of Check Point Next Generation Firewall proved to be highly productive and scalable, and everything was offered at a lower price.

Check Point Next Generation Firewall helped out us drive innovation and growth in our organization. It provided a safe passage for system and data security via its services of navigation, control, and filtering. The product ensures that all users stay connected to business applications and helps restrict traffic.

Overall, the Check Point Next Generation Firewall protects us from all types of internal and external threats while being easy to use and set up.

The integration of the Check Point Next Generation Firewall in my organization has taken over one year. It helps to segregate the internal network and build a secure VLAN that separates every department.

We like the scalability, end-to-end resolution, and customized productive services. This makes Check Point Next Generation Firewall far better than any alternative present in the market.

It offers services like navigation, control, and filtering, which ensure that all users stay connected to business applications.

Check Point Next Generation Firewall Protects systems from all types of internal and external threats.

Check Point Next Generation Firewall requires frequent updates. They need to build a more user-friendly dashboard and have the implementation of more active VPN support.

Apart from this, Check Point Next Generation Firewall customer support service needs to be improved. They need to offer quicker resolution and maintenance during downtime.

Check Point Next Generation Firewall Protects from all types of internal and external attacks and is a must-have software for professionals and organizations.

It has been more than one year since I integrated Check Point NGFW.

I haven't been in integration with any other solution.

We decided on this solution after looking at reviews and comparing prices. Check Point proved to be the best option in the end. 

I would advise others to go for it. It's easy to set up and available at lower pricing than alternatives.

No, we did not evaluate other options. We just compared other alternatives from some review websites and decided to go for Check Point.

It's a must-integrate solution for professionals and organizations.

The primary use of Check Point NGFW is as a firewall that gives us the control of allowing in non-threatening traffic in and blocking malicious traffic. It is also a valuable tool that allows us to interconnect our remote sites via IPSEC VPN. 

This, alongside all of the basic blades such as Application Control, allows us to be granular when choosing what applications we allow within our organization and additionally filters based on categories combined with identity awareness. This allows us to be as granular as we would like with specific users/departments within our organization.

Check Point NGFW was one of the top contenders when we were looking to implement a new firewall strategy. 

We have had some issues with VPN tunnels specific to AWS, which were eventually resolved after a lengthy case however, other than that, the features offered are all great, and the firewall has done its job to my expectation. 

It is, however, difficult at times to read the actual documentation for the blades/appliance as it would appear that sometimes the terminology is incorrect or skewed, which leads to a longer implementation time.

As with any firewall, IPSEC VPN is the critical functionality. Not every organization has the budget to implement MPLS or SD-WAN, which makes IPSEC the go-to for site-to-site connectivity. 

Another critical blade/feature is the application control blade in combination with URL filtering. These two security features, tied together with identity awareness, are a game changer and allows an admin to be as granular as possible when blocking specific applications or allowing a specific application to a specific user/department within the organization

Being on R80.40, I am sure a bunch of features have already been implemented that I am not currently taking advantage of. However, one feature I have yet to see implemented is authenticated email support for alerts generated via the GW or SMS. As a security product, it is mind-blowing that this is not a thing today, and it only relies on SMTP un-authenticated to send emails to administrators. However, I'm not sure if that really applies to the firewall itself or if it is more so a topic of discussion for the SMS.

I've used the solution for five years.

We switched from SonicWall back in the day due to the feature sets available at the time.

We also evaluated Palo Alto.

We first deployed Check Point for our clients. Our first client wanted to deploy the security appliances in a cluster solution for their network infrastructure solution. The NGTW chosen was the 5800 series and it was deployed as a software solution on clients' servers. Everything is going smoothly and the client seems happy with our proposal.

For our client, it is extremely important to protect the internal network infrastructure from any malicious attempt to break into their critical data. The NFGW cluster has been a step towards greater visibility in regards to their internal operations. The logs give a very detailed panorama of risks.

URL filtering, Application Control, and the Intrusion Prevention System are the features that almost every client wants to be guaranteed by their security appliances. 

Check Point NGFW also generates very helpful reports based on the logs of the activated features, including the features mentioned (URL filtering, Application Control, and the Intrusion Prevention System, as well as anti-bot and anti-spam). 

Sandblast is also a great feature, soon to be added to this solution through endpoints.

The appliances are quite intuitive and easy to be used. The hotfixes are useful and often released with notifications sent to the client.

There have been a few requests/issues about the Identity Awareness feature. The connection to AD, which was a request from the user, required the TAC team's support. 

I've been using the solution for more than 3 years.

This solution is stable and its replacement will not be needed for some time. Security is a need, and as such, it should be a permanent investment.

It seems pretty scalable. Scalability is one of the features that make Check Point different from other vendors. Most of the Quantum series are usable with the Maestro solution, where the client can practically add up other appliances on top of the previous one, without replacing it.

Cases don't always get a resolution immediately, however, the TAC team is supportive and through continuous interactions and suggestions, all cases have been resolved (within 1-2 weeks when they are not urgent).

Positive

For our own infrastructure, Check Point was the first vendor chosen.

The implementation is straightforward. The setup is clear and simple, much like any other software nowadays.

We did an in-house implementation.

The biggest investment is the initial one when you purchase the solution. It needs very little maintenance, and the automation it offers makes it easy to maintain.

The setup is easy and intuitive, and licensing has good coverage to meet the needs for most of the clients. Price is the least favorite element regarding Check Point. Its products aren't the cheapest ones in the market, however, the ratio of value to money is fair.

Fortinet was considered as an option as well.

I had 3200 appliances deployed in my company where we had two CMSs. We had multiple VSXs on those appliances due to the main firewall that we had on the VLAN. We also had an external firewall on the VLAN, which were used to monitor and allow the traffic within the network. That is how we were using it.

They have a new R81 in place. Currently, they also have R75 deployed in the environment, but they are planning to upgrade to R80.20 because that particular firewall has very high CPU utilization and there is no more support for R75. 

I like that it first checks the SAM database. If there is any suspicious traffic, then you can block that critical traffic in the SAM database instead of creating a rule on the firewall, then pushing that out, which takes time. 

The Anti-Spoofing has the ability to monitor the interfaces. Suppose any spoofed IP addresses are coming from an external interface, it won't allow them. It will drop that traffic. You have two options with the Anti-Spoofing: prevent or detect. If any kind of spoof traffic is coming through the external interface, we can prevent that. 

I like the Check Point SandBlast, which is also the new technology that I like, because it mitigates the zero-day attacks. I haven't worked on SandBlast, but I did have a chance to do the certification two years back, so I have sound knowledge on SandBlast. We can deploy it as a SandBlast appliance or use it along with the Check Point Firewall to forward the traffic to the SandBlast Cloud.

Working on Check Point for me looks simple. For the user or anyone else who is using Check Point, they are more into the GUI stuff. Check Point has its SmartConsole. On the console, you have to log into the MDS or CMS. Then, from there, you have to go onto that particular firewall and put in the changes. If the management console could be integrated onto the GUI itself, that would be one thing that I would recommend.

The ability for the multiple administrators to not do changes was fixed in R80.

I just changed companies six months back. I have been using Check Point for around two and a half years. I was working on the Check Point technologies in my previous company. I did the implementation of Check Point and was also monitoring the Check Point Firewall in my last company during firewall upgrades.

We had two Check Point Firewalls deploy in the HA. There was one particular change that we did regarding the FQDN objects. However, after deploying this new change, which already had multiple FQDN objects, the behavior of the firewall was changed in terms of the live traffic. Because after deploying the critical chain, the users were facing intermittent Skype and Office 365 issues. We checked the performance of the Check Point, which also decreased due to the FQDN objects that were pushed onto the firewall. Therefore, we had to reverse back the change in order to increase the performance, because it was utilizing 80 or 90 percent of it. Once we reversed that particular change, then it was working fine.

These firewalls are stable. The customer is looking forward to upgrading to the latest version of Check Point.

It is scalable.

The entire company network resides behind these particular firewalls. All of the users, if they wanted to go out onto the Internet, have to go through this firewall.

There are around five to eight people who worked for my team. We monitored the firewall. In case of issues, we would then go a call with the customer and troubleshoot that issue.

Sometimes, I faced issues while troubleshooting. In those cases, I did have to contact Check Point's technical support because some of those issues were complex. 

I would give the technical support a four out of five. They would get on the call and try to resolve that issue as soon as possible. 

Initially, I was working on the Cisco ASA Firewall, then I got an opportunity to work on the Check Point Firewall. The main difference is regarding the architecture. Check Point has three-tier architecture, whereas ASA doesn't have that architecture so you have to deploy every rule on the firewall manually. With Check Point, you have a management server and you can have that policy package pushed onto the other firewall, which is one of the key features of Check Point: You don't have to deploy every tool on the firewall manually. We can just push that particular policy package onto the new firewall based on global rules that we have Check Point. 

Every time, I had to deploy all of the rules and basic connectivity, SSH and SNMP management, on the ASA Firewall. Whereas, in Check Point, I can just go onto the global rules and put that policy onto the Check Point Firewall, then it will have all those global rules required in the company.

Check Point also has the Identity Awareness feature, which is using a captive portal. This is something good which I like. 

It was pretty easy and straightforward for me to deploy these firewalls.

It took around the 15 days to do the initial deployment and get the basic connectivity to the Check Point Firewalls. We had to send a field engineer to do the cabling and everything, like the data connectivity. It takes time to do all the network, cabling, etc. Once the basic connectivity is established, then we can move ahead with the implementation of the rules on the firewall. The company had an initial set of rules to follow for the setup.

We initially opened a case regarding the upgrade. Check Point's technical support was there on the call because the upgrade was going from version R77 to R81.10. This was a major update for the entire network, and they were there supporting us in case of any issues.

The customer feels more secure because they have two layers of security and comfortable working with this particular Check Point Firewall because they previously used Check Point R75. 

Pricing is fine. 

We had to get separate licenses for the different blades. It would be nice to have a feature where we can get the multiple licenses all-in-one instead. 

The licensing feature is good for the Check Point. It attaches to the management IP address of the central management server. So, you can remove that particular IP and then use that license on another device on some other firewall, if you want.

Compared to the Cisco ASA Firewall, the Check Point Firewall makes your work easier because you're not deploying the firewall, then pushing the policy, which takes time. Initially, when I was working with the ASA Firewall, we used to implement the firewall, then we used to hand it over to operations for the maintenance. So, I had to manually implement all of these rules, etc. 

When I learned about Check Point and had basic training for it, I got to know the architecture was different for the Check Point Firewall. You can just have a policy package and deploy that policy package on any of the firewalls that you want. It already has that particular set of rules, which makes your life easier while implementing the rules on the firewall, e.g., if there are multiple firewalls on the network that should have the same policy.

Anyone who is new to Check Point Firewalls should have the basic understanding and training so it becomes easy to deploy and implement. You can go onto YouTube and find various training videos regarding Check Point, where you can get a basic understanding of the Check Point Firewall.

I would rate this solution as an eight out of 10.

It is a typical firewall that has been implemented in most of our regions. We use it for normal firewall policies and VPNs.

We are mainly using Check Point firewalls. We also have a few Check Point cloud security programs.

Everything can be managed from a single dashboard nowadays.

Since we upgraded to R.80 from our previous R.77 version, the activity of my team has improved a lot. We don't have to open multiple consoles or go to multiple nodes. Even though we are managing multiple solutions of Check Point, they feel similar to us now.

The most valuable feature is the Check Point Management Server, especially version R.80 onward. We can manage everything. We have endpoint security, cloud security, and email security. Everything can be managed from a single management server, making this a very unique and easy solution to use in the market now.

From a technical perspective, it is an easy solution to use. Everything seems perfect. We are not using all of its features, like sandboxing. 

The main thing for a normal operations guy who is creating tools and firewalls, it is quite difficult to manage. It requires an expert level of knowledge in Check Point products to manage these scalable platform appliances and the virtual firewall that comes with it. We have to educate our guys and give them training on a regular basis to work on these products. Otherwise, it's fine.

About five years.

It is pretty stable. It hasn't caused many issues over the years, unlike normal network issues. They do release bug fixes at least once a month. We keep very good track of that and update the patches regularly, but we haven't run into bigger issues so far. So, I'd say it is quite stable. 

The firewall is very easy to use and hasn't caused much trouble for us over the years.

From a scalability perspective, they have a solutions like Check Point Maestro. Therefore, it is easy to upscale nowadays.

We have over 200,000 end users.

They should improve the support a bit. Though they have expert engineers in tech, sometimes the amount of time to get back a solution for an issue is more than what is acceptable, even though it is a high priority.

During a scheduled activity or an implementation, they find their highest level of support. During an implementation, I never faced an issue with the support. I would rate them a nine out of ten for this.

The company has been using Check Point firewalls for the past 10 years. Before that, they used Cisco ASA.

Mostly, I have worked on Check Point products. Therefore, the initial setup was straightforward. It was not that complicated. 

I can spin up a firewall and put it in production within an hour. If it's a migration from a different solution or upgrading an existing management solution, it might take some time because of the planning. There are a lot of things that have to be a part of the implementation or migration activities.

We do it ourselves most of the time. We only take help when it comes to scalable platforms, like big chassis firewalls, which are little complicated. Then, we get outside help.

I manage the operations team and have also been involved as a consultant.

We have some best practices in place that we follow.

There are four security engineers who deploy and maintain this solution.

Comparatively, Check Point pricing is a little high. However, if you have that budget, I would recommend anybody to go with Check Point.

For cloud security purposes, we looked at FortiGate. In the end, we decided to go with Check Point. Primarily, we went with Check Point because of the fee. We also already had expertise on Check Point and the team is comfortable around it. We like that Check Point has a single dashboard. Feedback from peers suggests that the support in India for NGFWs is not as good with other vendors as it is at Check Point.

Get a team who has expertise on this product and educate your team. Give them training. If Check Point is using a new version, make sure your team is aware of that. If there are any changes, let them know and make them comfortable working around this product because we have had some issues due to lack of expertise.

If you don't have an expert in-house team for implementation, I would strongly recommend getting help of the Check Point professional services team. There are a few third-party operational services, but I would go with Check Point professional services.

We are planning to increase our usage of the solution. Every project that we take on has Check Point security products as part of the solution.

I would give this solution an eight out of 10 because of the support. They take too much time when they should give you a result.

We primarily use the product to block traffic at the application layer, limiting access to YouTube and social media during busy periods while allowing it during lunchtime or office hours.

The product's primary benefits include effective intrusion blocking and improved network management. 

I appreciate the support provided as well. It is highly reliable and has a prompt response time. 

The system's operation could be enhanced. I recommend developing a management console that can more efficiently handle multiple Check Point devices, as we have multiple appliances across different sites. 

We have been using Check Point NGFW since 2016 for approximately eight years.

There are occasional issues, but they are typically resolved with subsequent updates. I rate the stability a six out of ten. 

We have three sites where we use Check Point NGFW. The first site has about 1000 users, the second site has between 800 and 900 users, and the third site has approximately 100 to 200 users.

I rate the product scalability as two out of ten. Improvement is needed as it could be more convergent, particularly for on-premises solutions.

We are currently using Check Point, Palo Alto, and Cisco.

Check Point's advantages include its lower cost than Palo Alto. However, it requires maintenance of many parts, as it is only partially GUI-based. In contrast, Palo Alto is mostly GUI-based, simplifying operations for our IT security team.

The setup process was straightforward. Some aspects in terms of maintenance are easier due to the GUI-based interface.

We took help from a consultant for implementation. 

I recommend Check Point Firewalls. It is a solid product with reliable support and frequent updates.

I rate it an eight.

The product is an excellent perimeter firewall solution. But compared to Palo Alto, the management console is critical. It's difficult to let customers understand the dashboard of the firewall because there are three distinct dashboards. The three dashboards include smart connect, Check Point Firewall dashboard and more. 

The solution is used by our organization for security purposes across small and medium banks in our country, who happen to be customers of our company. 

The architecture of the solution is extraordinary because when a Check Point Firewall protects a customer or organization, a DDoS attack can hardly occur. Another valuable feature is the real-time zero-day protection.  

The user interface needs to improve and should be user-friendly. The customer of this solution also needs to undergo training to use the solution dashboards, unlike products like Palo Alto. 

In the next release, Check Point can try to add the DDoS or web application firewall within the overall firewall. If Check Point is able to implement the aforementioned integration within the firewall module, then people don't need to buy each firewall separately. The comprehensive firewall addition will increase the sales volume of any next generation firewall because TCO (Total Cost of Ownership) will be low. 

I have been using Check Point NGFW for five years. 

I would rate the stability an eight out of ten. 

If you have the Maestro version, scalability is the best among all competitors. For large organizations that have ten thousand users, they don't need to bother about the extra cost of the Maestro version. For organizations with one or two thousand users, the Maestro version can be a luxury for them. 

The tech support is very helpful for Check Point NGFW. The support team even asks for remote access to resolve the problem immediately. But sometimes, it takes between eight to twelve hours to connect with a level three engineer to get the support. The response time needs to improve. I would rate the tech support a six out of ten. 

A firewall is a critical asset, and when there is a problem with the perimeter firewall, an individual cannot communicate outside the organization, so support is required immediately. 

Neutral

Our company's usual deployment model for the solution is on-premises because cross-border data transmission is prohibited. The installation of Check Point NGFW takes between seven to ten days (working five hours a day). For the banks who are customers of our company, we could only work for deployment after the usual banking hours, so it took longer. 

I can conclude that deployment and running the User Accessibility Test (UAT) can take a maximum of forty hours. Two engineers are needed to deploy Check Point NGFW. 

I have evaluated SentinelOne and CrowdStrike. The rollback feature of ransomware attacks in SentinelOne cannot be found in competitors. 

I would recommend Check Point NGFW over Palo Alto and Cisco as a complex security solution for a complex environment. I would rate the solution a ten out of ten.