Try our new research platform with insights from 80,000+ expert users
reviewer1678710 - PeerSpot reviewer
Senior Cyber Security Consultant at Yapi Kredi
User
Great blade technology, easy to configure, and lowers administrative workloads
Pros and Cons
  • "The ease of configuring VPNs can be very useful especially for companies with lots of remote locations."
  • "If you have a long ruleset, you may experience performance issues on the GUI, and installing rule changes on gateways can take a comparatively long time."

What is our primary use case?

We use Check Point Next Generation Firewalls as a perimeter firewall for all sites, including the DMZ, disaster recovery center, and branch offices. We also use IPS, Anti-Bot, Antivirus, Identity Awareness, Application Control, and URL Filtering blades at all gateways. At our main site, these blades provide additional security controls to our existing security solutions. For our branch offices, Check Point Next Generation Firewalls work as unified security products and we do not need to implement additional security solutions.

How has it helped my organization?

In addition to legacy firewall features, by using Check Point Next Generation Firewalls blade technology, you can improve your security. 

By using the smart console, you can control tens of gateways from a single point. The smart console also allows you to control all the blades from the same GUI. These features decrease our manpower needs. 

The identity awareness feature makes it easier to implement and manage firewall rules. 

The ease of configuring VPNs can be very useful especially for companies with lots of remote locations.

What is most valuable?

Check Point Next Generation Firewalls have numerous blade options such as Anti-bot, IPS, and URL filtering. In most cases, one box could be sufficient to use all these blades. You can manage all these blades from a single console. This feature lowers your administrative workload. 

If you have comparatively small branch offices, in addition to administrative workload, instead of spending money for security products such as proxy or IPS, Check Point Next Generation Firewalls could meet your requirements. 

What needs improvement?

If you have a long ruleset, you may experience performance issues on the GUI, and installing rule changes on gateways can take a comparatively long time. 

If you use Check Point firewalls for a long time, it is inevitable to have long rulesets over the years. The need for using different GUI applications for different versions can be confusing. A backward compatibility feature for smart console versions could be useful - especially if you are an enterprise customer, you probably need to use different versions at the same time. 

Buyer's Guide
Check Point NGFW
December 2024
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,875 professionals have used our research since 2012.

For how long have I used the solution?

We have used the solution for 9+ years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Principal Network and Security Consultant at a comms service provider with 10,001+ employees
Real User
Central architecture means we can see an end-to-end picture of attacks
Pros and Cons
  • "Check Point definitely has a great architecture, where you can just enable the software blades and deploy a secure service. Overall, it provides ease of deployment and ease of use."
  • "The area it needs improvement is the SandBlast Agent. It receives a file, or if it detects a Zero-day attack, it takes the file and analyzes it, either on-premise or in the Check Point Cloud, and then it reports back whether the file is secure or non-secure, or is unknown. That particular area definitely needs a bit more improvement, because there is a delay... where it needs improvement is where [SandBlast is] an appliance-based solution rather than a software or cloud-based solution."

What is our primary use case?

I support multiple clients within the UK, the EMEA region, the US, and now in Asia Pacific as well. I specialize in Check Point firewalls. I design and secure their data centers, their on-premises solutions, or their businesses security.

The firewalls are mostly on-premise because most of our clients are financial organizations and they have strict compliance requirements. They feel more secure and have more control when things are on-premise in the data center. However, there are use cases where I have helped them to deploy Check Point solutions in the cloud: AWS, Azure, and in Google as well. But cloud deployments are very much in the early stages for these clients, on a development or testing basis. Most of the production workloads are still on-premise in data centers.

Most of my customers are still using R77.30, and they are on track to upgrade from that to R80, which is the current proposed version by Check Point.

How has it helped my organization?

One of our customers has just recently been attacked by malware and internal DoS attacks, and they have a multi-vendor, multi-layer firewall approach. The internal firewalls are Check Point. The great thing about Check Point is that because of its central architecture, you can very quickly pinpoint where the attacks are coming from. It gives you comprehensive reporting when the attacks start and when they've stopped, so you can see the complete, end-to-end picture: where the point of attack is, at what time, and what host. They can track all of that.

However, in parallel, that customer is using other firewalls which have no visibility. One of the main advantages of having Check Point firewall is definitely that it gives you absolute in-depth visibility.

What is most valuable?

Among the valuable features are antivirus, URL inspection, and anti-malware protection. These are all advanced features.

One of the great advantages of having Check Point as a firewall is that all of these are software blades, so you can buy a license or subscription and enable them and get the security up and running. With other firewalls, it's a completely different agenda, meaning some of them require hardware modules, and some of them have a complex way of adding the licensing, etc. Check Point definitely has a great architecture, where you can just enable the software blades and deploy a secure service. Overall, it provides ease of deployment and ease of use.

What needs improvement?

The area it needs improvement is the SandBlast Agent. It receives a file, or if it detects a Zero-day attack, it takes the file and analyzes it, either on-premise or in the Check Point Cloud, and then it reports back whether the file is secure or non-secure, or is unknown. That particular area definitely needs a bit more improvement, because there is a delay. That's one of the main complaints for most of our customers. Or if it is quick, then it's very complex. For example, if they have received a file which is "unknown" or has Zero-day attack malware, sometimes it doesn't get analyzed properly or it's locked into the cloud. So there are various small issues with the product that need possible improvement.

The SandBlast product on its own is a very good concept, and it works absolutely brilliantly. However, when you integrate it with existing firewalls, it just doesn't play very well.

The cloud solution is quite straightforward because it seems the SandBlast solution was designed, initially, for cloud deployments, where you've got multiple clouds or multiple vendors, and you are receiving files from different points. And on the cloud edge, for example in AWS, if you have Check Point sitting there, it works very well if you're running a virtual firewall. However, if it's on-premise and it's a dedicated appliance, then the performance is slightly different and the way it works is very different. So where it needs improvement is where it's an appliance-based solution rather than a software or cloud-based solution.

If I am using SandBlast on a virtual appliance — for example, I've got Check Point virtual appliances in AWS, and Azure as well, for a customer — those virtual appliances work absolutely fine as a service, as does SandBlast as a service. However, if it's an appliance, if it's a dedicated firewall on-premise in a data center and you add SandBlast as a software service, the integration is not that straightforward, so the experience is very different. 

It seems like they were possibly built by different teams, independent of each other.

For how long have I used the solution?

I've been using Check Point firewalls for about 16 years. I am the main network or security lead and I have four other engineers who report to me. They also do design and deployment.

I work with approximately 40 companies that utilize Check Point.

What do I think about the stability of the solution?

Check Point firewalls are very stable. One good thing about Check Point is that they do rigorous testing internally before releasing updates, which is something I have not found with any other firewall products. With most of the other firewall products, when they release something, it's like the customer becomes the guinea pig for that particular version, whether a minor or a major update. However, with Check Point, you can see all the white papers and what ways they have tested a minor or major upgrade of the software version, and what the performance was like. What are their known issues and is somebody working on them or not?

So the software releases are very stable and you have visibility into how they operate and what the known issues are, so you know whether you should go ahead with them or not. And in case there is a problem, the support is excellent. You can reach out to Check Point and say, "Look, I've done the software upgrade and I'm experiencing these problems. How can I deal with them?" They are there to help you out.

There are times when we have problems in terms of software or hardware defects. We have sustained downtime, but most of the architecture I design is resilient, so if one device is down, the other one is working fine. Then in the background, I or my support team will deal with Check Point directly, to get a replacement. They're definitely quick to respond and very efficient. 

In the past, we had a lot of problems with licensing, specifically, but Check Point has redone the whole way they do licensing. It's very quick now, and very efficient.

What do I think about the scalability of the solution?

Check Point firewalls are extremely scalable. Recently, I deployed Check Point in an AWS cloud solution for one of my clients, and it's been absolutely excellent in handling growth. They've grown from 10,000 users to a million users. The way Check Point has advertised the product, it is supposed to be highly scalable, which means it grows as your demand grows, and that has been the case. 

Recently we have set up a test case where we are moving over management servers from on-premise to a Check Point-provided Infinity cloud solution. We are still at the testing phase but, overall, it's been a great experience so far.

How are customer service and technical support?

The teams we deal with within Check Point are extremely knowledgeable. They know how to understand the background of the problem, and they're very good about articulating how we deal with the issue, whether it's a minor software upgrade issue or it's a major failure of the hardware itself. They know where to look for the right stuff. The key point is they're very knowledgeable and very technical. And if somebody doesn't have the technical capability, they will definitely help you out to make sure you get to the bottom of the problem.

Which solution did I use previously and why did I switch?

In the past, most of the customers I've worked with have used different firewall vendors, such as Cisco, Palo Alto, and Juniper.

I've recently seen deployments where customers have tried to move from Cisco ASA to Cisco Firepower and the deployment has gone horribly wrong because the product has not been tested by Cisco very well and is not a mature product. I've gone in and reviewed their business requirements and technical requirements and, based on that, I've recommended Check Point and done the design and deployment. They've absolutely been happy with the solution, how secure and how capable it is.

We use Check Point across multiple types of customers, such as financials, retail, and various other public and private sector organizations. I review their security architecture, which is firewall specific and, based on that, I have recommended Check Point. In most cases, I've managed to convince them to go ahead with Check Point firewalls as a preferred secure firewall solution.

The main reason is that Check Point is far ahead in the game. They're definitely the market leader. They are visionaries when it comes to security. Another reason is that a lot of firewall architecture starts from the firewall itself, which is the local firewall. It can easily be hacked and manipulated. However, the Check Point architecture, out-of-the-box, is very secure. They have a central Management Server and all of the firewalls are managed through that one central point. So in case somebody breaks into your firewall, the firewall is encrypted; they will delete the database. The architecture is secure by default. The good thing is that other firewall vendors have realized this and they've started to copy the same system that Check Point has used for the past 20 years now.

How was the initial setup?

When working with the Check Point team on deployment, they're really helpful and very talented people. When you speak to other firewall vendors, they just think about the firewall from their point of view. The good thing about Check Point engineers, or technical staff, or even management staff, is that they understand what the requirements of business are and how they can improve or align the proposed solution. Overall, Check Point staff are very knowledgeable, they understand different industries, and they understand the product very well. That's definitely a competitive edge compared to other firewalls.

Once the design is done, for something simple the deployment can take half a day, whereas for a complex deployment in a data center it can take about five days.

Our implementation plan is divided into different phases. Phase One might be the physical cabling of the firewall device itself. Phase Two would be the logical setup, which means defining the interfaces and the virtual setup of the firewall itself. The final phase would be to bring it online in parallel with production, in a non-prod service, and test it to ensure it works as per the design.

What was our ROI?

A customer I'm working with right now was running with Check Point and they wanted to move to Fortinet firewalls. However, when I worked with them on the design to upgrade the existing Check Point firewalls, what we worked out was that even though the Fortinet might have seemed like a cheaper option, it didn't have the security capabilities that Check Point is offering. On that basis, the customer signed off on a project for upgrading their existing firewalls, on-premise and cloud, from R77.30 to R80.10.

What's my experience with pricing, setup cost, and licensing?

It can be expensive, but it's value for money. What you pay for is what you get. You can go down in price and buy some cheap firewalls, but you're not going to get great support and you're not going to get the level of protection you need. With Check Point you get all of that.

Which other solutions did I evaluate?

With Juniper, one of the biggest downsides is support. The support portal is slow and I won't say the staff is competent in terms of understanding. They're very disconnected internally. What I mean is that the team working on the software development of the firewall has no interface with the support teams that are handling day-to-day TAC cases. They definitely struggle when it comes to understanding challenges, problems, and incidents with the firewalls.

In the past, Juniper firewalls were good, but recently the security offering has just not been there. They don't have anything like SandBlast from Check Point. They don't have up-to-date Zero-day attacks control. They're still running a very old architecture. They can do things like antivirus and URL proxy, but those are very simple features. They have none of the advanced feature set that Check Point has.

Palo Alto is very competitive with Check Point when it comes to security. However, one of the challenges with Palo Alto is that, overall, the solution can be extremely complex and expensive. That is one thing I've heard from customers again and again. Either they have existing Palo Altos or they plan to go to Palo Alto, but when they do a comparison with Check Point, what they find is that the overall value with Check Point is much greater than with Palo Alto firewalls.

What other advice do I have?

If you're looking to implement Check Point as a security solution, definitely do your homework. Do some research, not just in terms of firewalls, but overall security architecture. Which ones are the leaders in the field? Which ones are there to deliver what they promise? And overall, how does the architecture work? Is it secure or not? And does it come from a team that understands how to support the solution itself? Are they consistent? Look at their track record for the past 10 or 15 years, or are they a new player? If they are, you don't know whether they're going to stay in the game or not. A good thing about Check Point is that its core product is security. They've been doing it day in and day out. You know they're there to stay in the game. You can trust them.

Check Point is a proven solution. A lot of customers and clients already rely on it. And for the Next Generation Firewalls, they're coming up with new features as security threats become known.

If somebody wants a secure and stable environment, Check Point is definitely the leader to go to; definitely the number-one choice. It's not only what it says on the box. In reality, I've worked with hundreds of banks and they're happy with the product because it works; in practice, it works. That's the main thing.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer1956729 - PeerSpot reviewer
reviewer1956729Works at Hughes Communications India Limited
User

We have been using Check Point for the last 14+ years since it was called Nokia Check Point. It is a wonderful product with wonderful support. Technology advancement is also part of the life cycle. 

Buyer's Guide
Check Point NGFW
December 2024
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,875 professionals have used our research since 2012.
RSSI at SDIS49
Real User
Top 10
Provides good efficiency and technical support
Pros and Cons
  • "The most valuable feature of the solution is its efficiency."
  • "You have an administration tool that is not on the appliance, and it should be in line with the appliance."

What is most valuable?

The most valuable feature of the solution is its efficiency.

What needs improvement?

You have an administration tool that is not on the appliance, and it should be in line with the appliance. You can put your modification online and compile it again before applying.

For how long have I used the solution?

I have been using Check Point NGFW for seven years.

How are customer service and support?

The solution's technical support is good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used Cisco. We switched to Check Point NGFW because Cisco was comparatively a bit outdated.

What's my experience with pricing, setup cost, and licensing?

Check Point NGFW is a little expensive. We paid around 70,000 Euros for it, and the solution's maintenance fee is expensive. We also have to pay for technical support.

What other advice do I have?

I am generally satisfied with the solution. The new Check Point products are more powerful than the previous appliances. The product is good but perhaps more adapted to big firms than small companies.

Overall, I rate the solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Bijoy Chowdhury - PeerSpot reviewer
CEO at Fred Intelligence Limited
Real User
Top 20
Offers real-time zero-day protection along with excellent architecture
Pros and Cons
  • "The architecture of the solution is extraordinary"
  • "The user interface should be user-friendly"

What is our primary use case?

The product is an excellent perimeter firewall solution. But compared to Palo Alto, the management console is critical. It's difficult to let customers understand the dashboard of the firewall because there are three distinct dashboards. The three dashboards include smart connect, Check Point Firewall dashboard and more. 

The solution is used by our organization for security purposes across small and medium banks in our country, who happen to be customers of our company. 

What is most valuable?

The architecture of the solution is extraordinary because when a Check Point Firewall protects a customer or organization, a DDoS attack can hardly occur. Another valuable feature is the real-time zero-day protection.  

What needs improvement?

The user interface needs to improve and should be user-friendly. The customer of this solution also needs to undergo training to use the solution dashboards, unlike products like Palo Alto. 

In the next release, Check Point can try to add the DDoS or web application firewall within the overall firewall. If Check Point is able to implement the aforementioned integration within the firewall module, then people don't need to buy each firewall separately. The comprehensive firewall addition will increase the sales volume of any next generation firewall because TCO (Total Cost of Ownership) will be low. 

For how long have I used the solution?

I have been using Check Point NGFW for five years. 

What do I think about the stability of the solution?

I would rate the stability an eight out of ten. 

What do I think about the scalability of the solution?

If you have the Maestro version, scalability is the best among all competitors. For large organizations that have ten thousand users, they don't need to bother about the extra cost of the Maestro version. For organizations with one or two thousand users, the Maestro version can be a luxury for them. 

How are customer service and support?

The tech support is very helpful for Check Point NGFW. The support team even asks for remote access to resolve the problem immediately. But sometimes, it takes between eight to twelve hours to connect with a level three engineer to get the support. The response time needs to improve. I would rate the tech support a six out of ten. 

A firewall is a critical asset, and when there is a problem with the perimeter firewall, an individual cannot communicate outside the organization, so support is required immediately. 

How would you rate customer service and support?

Neutral

How was the initial setup?

Our company's usual deployment model for the solution is on-premises because cross-border data transmission is prohibited. The installation of Check Point NGFW takes between seven to ten days (working five hours a day). For the banks who are customers of our company, we could only work for deployment after the usual banking hours, so it took longer. 

I can conclude that deployment and running the User Accessibility Test (UAT) can take a maximum of forty hours. Two engineers are needed to deploy Check Point NGFW. 

Which other solutions did I evaluate?

I have evaluated SentinelOne and CrowdStrike. The rollback feature of ransomware attacks in SentinelOne cannot be found in competitors. 

What other advice do I have?

I would recommend Check Point NGFW over Palo Alto and Cisco as a complex security solution for a complex environment. I would rate the solution a ten out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
Flag as inappropriate
PeerSpot user
reviewer2323554 - PeerSpot reviewer
Technical Engineer at a tech services company with 11-50 employees
Real User
Top 10
Advanced threat prevention with unified threat management and precise application control, offering robust security features to safeguard networks against a wide range of cyber threats
Pros and Cons
  • "Its most significant strength lies in its superior threat detection engines."
  • "I would highlight the need for enhancements in technical support services."

What is our primary use case?

Our customers primarily use it to safeguard their organization's network against malicious activities and closely monitor user internet usage. The key objectives include implementing controls on web and application usage to restrict unwanted activities among users.

How has it helped my organization?

The primary advantage stems from the precision of the application engines. Customers can rest assured that unwanted infiltrations into their organizations are unlikely due to the advanced nature of the IAV engines. The algorithms employed are notably stringent, and while they may not be publicly disclosed, they play a crucial role in thoroughly scanning all incoming network traffic. Leveraging this technology, customers can swiftly and effectively protect their LAN network with Check Point.

What is most valuable?

Its most significant strength lies in its superior threat detection engines.

What needs improvement?

I would highlight the need for enhancements in technical support services.

For how long have I used the solution?

I have been working with it for four months.

What do I think about the stability of the solution?

I found it to be reliable and stable.

What do I think about the scalability of the solution?

It provides good scalability. In total, we are responsible for around three hundred and fifty endpoints.

How are customer service and support?

Our experience with their customer support is not very satisfactory. We've encountered an incident at one of our customer sites, and despite reaching out for support and raising the issue with them, we haven't received a satisfactory solution from the support team in the past three months. I would rate it three out of ten.

How would you rate customer service and support?

Negative

Which solution did I use previously and why did I switch?

Compared to other vendors such as FortiGate and Kaspersky, Check Point's protection engines stand out for their intuitiveness. However, the drawback lies in the pricing.

What about the implementation team?

In our deployment process, there are two methods available: standard and distributed. The predominant choice in our country is the standard deployment, utilized by approximately ninety-two to ninety-five percent of our customers. In the standard deployment approach, a separate server is configured with three ports, situated between the firewall and the switch. Configurations are not directly applied to the firewall; instead, they are made on the server. After completing the configurations on the server, the changes, such as creating new firewall rules, are not immediately connected to the firewall. Instead, they go through the server, where calculations are performed, and the configured rules are loaded. If a misconfiguration is detected, the server notifies us, highlighting any inaccuracies in the rules or policies. This preventive measure helps avoid applying flawed configurations directly to the firewall. Regarding the ISMP modules, I believe a single individual is sufficient. Given some time for research, this person should be able to deploy it efficiently for me. The deployment time varies depending on the configurations. Maintenance primarily involves updating the firmware; aside from that, there are no additional requirements.

What was our ROI?

The greatest value is evident when an immediate threat targets your organization. Check Point firewalls excel in preventing such attacks, thanks to their highly advanced protection engines.

What's my experience with pricing, setup cost, and licensing?

It is a notably expensive product in our country compared to FortiGate and other servers. The support services, licenses, and the additional requirement for another license to avail 24/7 support from Check Point contribute to its overall higher cost.

What other advice do I have?

My recommendation is to allocate time for thorough research when working with it. Relying solely on their support may not be sufficient. Overall, I would rate it nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
PeerSpot user
reviewer1961277 - PeerSpot reviewer
Senior Ts Systems Integration Specialist at NTT Security
Real User
Top 5
User-friendly with good dashboards and helpful support
Pros and Cons
  • "The Check Point firewall features for Next Generation Firewalls are excellent."
  • "Bug Fixes and enhancement requests should be remediated earlier, as we have multiple dependencies and auditors are forced to have the latest possible environments."

What is our primary use case?

Our customer has been the best in stock trading; they observed that in peak hours or business hours buying and selling the stocks was time-consuming.

When they reached out to the firewall team, we checked the disk space, memory, and HDD we didn't notice much difference.

However, we monitored the interface utilization, and 1 GB was choking up and being consumed. The cpstat status on the interface level monitor and bundling the multiple interfaces fixed the issue.

How has it helped my organization?

We have been fixing the performance and also found that the solution offers:
1. A user-friendly dashboard with all the information available in front view and we view according to our requirements in graphical, statistically, etc.
2. Check Point firewall can combine all locations in one Check Point management console so that we can monitor everything with alert configuration.
3. We have multiple options for SIC resetting.
4. We can monitor the complete organization (for RAM, Memory, Disk, and CPU) and alert handle monitoring. We can now easily handle failovers.

What is most valuable?

The Check Point firewall features for Next Generation Firewalls are excellent. Through scripts, we can easily push firewall rules, extract, and import as per availability. Scripting is the best way to support the firewall functionality and it's been supported by all major versions. We can monitor all types of logs (traffic logs, management logs, and active logs). 

The firewall is EDR-supported; we can block or allow the URLs as per phishing or detection. 

Firewall flow and logs analysis is awesome.  

What needs improvement?

Bug Fixes and enhancement requests should be remediated earlier, as we have multiple dependencies and auditors are forced to have the latest possible environments.

Check Point's major version should have an extended time than the default time mentioned in the end-of-life policy document with additional prices.

As for deployment, we follow best practices for long-term support services. Tools must be introduced and supportive in analyzing the data, flow, and threats. We have to introduce the scripting part to work seamlessly.

For how long have I used the solution?

I've been using the solution for more than ten years.

What do I think about the stability of the solution?

The stability offers high performance.

What do I think about the scalability of the solution?

The scalability offers high performance.

How are customer service and support?

The support is the best in the marketplace.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did not use a different solution. It's the best in the marketplace and stronger than any other firewall. We can trust it 100%.

How was the initial setup?

The initial setup was complex.

What about the implementation team?

We handled the setup in-house.

What's my experience with pricing, setup cost, and licensing?

Definitely, every sector [banks, finance, corporate, etc] should have a Check Point Firewall for strengthening/securing the environment.

Which other solutions did I evaluate?

We did not evaluate other options.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Anil Redekar - PeerSpot reviewer
Network and Security Engineer at a consultancy with 10,001+ employees
MSP
Top 5
Good pricing, straightforward to set up, and offers a very good distributed deployment
Pros and Cons
  • "The solution can scale."
  • "We would like to see constant improvement in anti-malware functionality and anti-threat protection."

What is our primary use case?

In our organization, we are using distributed device management. Here, management and distributed devices are separate deployments. Therefore, our management is very easy in our organization for traffic management. Here, tier architectures are used. That smart console, smart getaway, and management are different devices. Each device is connected to the other. 

Threat prevention is used as well. Basically, threat prevention is used for preventative management traffic entering into our internal organization. The hash value is used whether traffic is legitimate or not for distributed traffic. 

We are using Check Point for URL filtering. 

How has it helped my organization?

In our organization, we are using policy configurations where various policies are configured for internal to outside organization communication, and our DM's are there too. Various zones are created in our organization. 

For each particular zone, if I want to communicate with the external zone, then I need to create a policy for internal to external. Various rules can be created, particularly for organization communication outside the organization. It will be configured in our organization and four gateways are there allowing for our four different locations to communicate. 

In our HR deployment, hiring deployment, there is a new and legacy mode that we are currently using.

What is most valuable?

The distributed deployment is very helpful. This way, the burden on each device is less and management is very easy and CPU process utilization will be not high on a particular device - it'll be distributed on each device. Management is very easy.

We like that it is a next-generation firewall where hackers would need to inspect down to a seventh layer, an application layer, and that offers us better protection. 

The initial setup was straightforward.

The solution can scale.

What needs improvement?

We would like to see constant improvement in anti-malware functionality and anti-threat protection.

Various functions affect our organization's traffic performance.

They need more focus on the stability of IP security.

For how long have I used the solution?

The organization has used the solution for five years, however, I only joined the company two years ago. 

What do I think about the stability of the solution?

It provides very good stability for traffic management and network flow. We monitor various locks that will be there for internal and external traffic. I'd like, however, more stability of IP security, more of that is needed. Sometimes there is an issue in IP security clarity.

What do I think about the scalability of the solution?

The scale is currently very good. In our organization around 3000 or more employees use it. There is two IT personnel that will configure 30 Check Points, 13,500 gateways will be there and it will handle around 3000 plus employees. 

We will increase usage. Currently, one new branch will be open. They are also migrating from Fortinet to Check Point's firewall. The previous they did 40 deployments here, however, currently they're migrating to the Check Point next-generation firewall.

How are customer service and support?

Tech support is very good. After logging the call, if there is an issue discovered, they are very supportive. They are helpful and responsive. We've very happy with them.

Which solution did I use previously and why did I switch?

We used to use Fortinet, however, it did not go deep enough and check down to layer seven.

How was the initial setup?

The initial setup was straightforward. That said, I wasn't part of the initial setup, as it was set up before I came to work with the organization.

What's my experience with pricing, setup cost, and licensing?

I'm comfortable with the licensing. The pricing, for what you get, is pretty reasonable. 

What other advice do I have?

I'm an end-user of the product. I don't have a specific business relationship with the company.

I'd rate the solution at a ten out of ten.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer1858884 - PeerSpot reviewer
Network Administrator at a computer software company with 1,001-5,000 employees
User
Top 20
Controls traffic, offers good application control, and has great URL filtering
Pros and Cons
  • "As with any firewall, IPSEC VPN is the critical functionality. Not every organization has the budget to implement MPLS or SD-WAN, which makes IPSEC the go-to for site-to-site connectivity."
  • "One feature I have yet to see implemented is authenticated email support for alerts generated via the GW or SMS."

What is our primary use case?

The primary use of Check Point NGFW is as a firewall that gives us the control of allowing in non-threatening traffic in and blocking malicious traffic. It is also a valuable tool that allows us to interconnect our remote sites via IPSEC VPN. 

This, alongside all of the basic blades such as Application Control, allows us to be granular when choosing what applications we allow within our organization and additionally filters based on categories combined with identity awareness. This allows us to be as granular as we would like with specific users/departments within our organization.

How has it helped my organization?

Check Point NGFW was one of the top contenders when we were looking to implement a new firewall strategy. 

We have had some issues with VPN tunnels specific to AWS, which were eventually resolved after a lengthy case however, other than that, the features offered are all great, and the firewall has done its job to my expectation. 

It is, however, difficult at times to read the actual documentation for the blades/appliance as it would appear that sometimes the terminology is incorrect or skewed, which leads to a longer implementation time.

What is most valuable?

As with any firewall, IPSEC VPN is the critical functionality. Not every organization has the budget to implement MPLS or SD-WAN, which makes IPSEC the go-to for site-to-site connectivity. 

Another critical blade/feature is the application control blade in combination with URL filtering. These two security features, tied together with identity awareness, are a game changer and allows an admin to be as granular as possible when blocking specific applications or allowing a specific application to a specific user/department within the organization

What needs improvement?

Being on R80.40, I am sure a bunch of features have already been implemented that I am not currently taking advantage of. However, one feature I have yet to see implemented is authenticated email support for alerts generated via the GW or SMS. As a security product, it is mind-blowing that this is not a thing today, and it only relies on SMTP un-authenticated to send emails to administrators. However, I'm not sure if that really applies to the firewall itself or if it is more so a topic of discussion for the SMS.

For how long have I used the solution?

I've used the solution for five years.

Which solution did I use previously and why did I switch?

We switched from SonicWall back in the day due to the feature sets available at the time.

Which other solutions did I evaluate?

We also evaluated Palo Alto.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.