Try our new research platform with insights from 80,000+ expert users
Maqsood M. - PeerSpot reviewer
Lead - IT Security Operations at MORO
User
Robust and intuitive with a good Smart Console user interface
Pros and Cons
  • "I was impressed by how easy it was to activate blades and implement them on a security gateway, with the process taking less than five minutes."
  • "The need to offer scheduled policy pushes in Smart Console."

What is our primary use case?

We use the product for safeguarding our office network on a routine basis. These firewalls protect against external threats, manage VPN access for remote users, and address various security scenarios. 

Our primary focus involves malware prevention, intrusion detection, and ensuring robust security measures to shield our office network from potential cyber threats originating from the internet. 

It serves as a traditional yet effective security system, providing comprehensive protection against hackers and potential risks associated with internet usage.

How has it helped my organization?

A lot of things need to be improved in Check Point NGFW. For example, their support team isn't very efficient and useful. The solution itself isn't easy to learn, making it hard for support to provide solutions. The design makes it so pockets (specific teams) have to work together when there's an issue, which creates a mess. 

Also, Check Point lacks competitive capabilities like SD-WAN and CGM app integration. And visibility needs improvement. For example, Fortinet shows all connected devices with IP addresses, Mac addresses, and sometimes usernames. More granular detail is crucial for security. 

Support efficiency, visibility, and adding competitive capabilities are key areas for improvement.

What is most valuable?

The product offers a robust and intuitive experience, catering to the essential needs of users. 

The Cleanup Rule's ability to discard unwanted traffic and the inclusion of default Autonomous Threat Prevention Profiles simplifies security measures, catering to various deployment scenarios. I was impressed by how easy it was to activate blades and implement them on a security gateway, with the process taking less than five minutes. 

Additionally, the Smart Console's clear and efficient user interface ensures that the changes to the policy are swiftly made, with the added benefit of maintaining proper audit logs.

What needs improvement?

Places for improvement include:

  • Having a Zone Alarm and the standalone endpoint VPN that become compatible products.
  • Having a Smart Console in-place upgrades with IP/fingerprint retention.
  • Offering a Mac version of Smart Console.
  • Integration of CPview and things like fw accel stat in the monitoring blade.
  • No more legacy SmartDashboard for some features.
  • Streamlining of the endpoint solution and deployment options and also offering the possibility to convert shared policy to unified policy when you run R80.X via some sort of wizard in a layer or so. This is a classical case for people who upgraded their R77 management.
  • Offering a fixed deployment schedule for accumulator hotfixes. This would help us foresee maintenance windows in organizations with rigid change management procedures.
  • Finding a way to restore the object search like in R77, where you could find any part of an object name and not a word in the object.
  • Scheduling policy pushes in Smart Console.
Buyer's Guide
Check Point NGFW
January 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
831,071 professionals have used our research since 2012.

For how long have I used the solution?

I've used the solution for ten years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Vasilis Evgeniou - PeerSpot reviewer
IT Security Pre Sales Engineer at Westnet S.A.
Real User
Top 10
A scalable and easy-to-deploy solution that enables organizations to see what their employees are downloading from the internet
Pros and Cons
  • "Sandboxing is the most valuable feature."
  • "The support team should be faster."

What is our primary use case?

We use the solution to configure sandboxing features for enterprises. We also use it for policy-level configurations and VPNs.

What is most valuable?

Sandboxing is the most valuable feature. A majority of the configurations are very accurate. We can find what an organization's user is downloading from the internet.

What needs improvement?

The support team should be faster.

For how long have I used the solution?

I have been using the solution since 2016.

What do I think about the stability of the solution?

All products have some bugs. However, we had a minimum bug experience with Check Point. I rate the tool’s stability an eight out of ten.

What do I think about the scalability of the solution?

The product is scalable. Everyone in our company uses the product. We are 100 users. We have an on-premise firewall. We use it every day.

How are customer service and support?

I have contacted the support team. I have had good conversations with the engineers. Sometimes, it takes a little bit of time to solve some issues. If it's a complex issue, we need to start from scratch and escalate to a bigger tier of support.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup is very easy.

What's my experience with pricing, setup cost, and licensing?

The product is not that expensive for what it is offering, but it could be cheaper. Nowadays, all the vendors are increasing their prices. Suggesting the product to the customers will be easier if it is a little cheaper. The tool offers good attributes.

Which other solutions did I evaluate?

Palo Alto is also a good vendor. We chose to go with Check Point as well for our enterprise solution as distributors, and we suggest it to our customers.

What other advice do I have?

I was an engineer for AT&T. I helped customers with configurations. The vendor is taking care of the user side of security with Check Point Harmony. It is a very good product. Check Point Harmony must provide administrators the ability to manage external programs remotely. Some customers want such features, and other vendors provide them. I would recommend the solution to others. The vendor has been investing a lot of money and effort to prevent zero-day attacks. Overall, I rate the tool a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Check Point NGFW
January 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
831,071 professionals have used our research since 2012.
Fabian Miranda - PeerSpot reviewer
Cloud computing at Tech Data Limited
Real User
Helpful management console with a good security posture and protects from threats
Pros and Cons
  • "Admins and executives are more at ease with the compliance engine within the software as it measures how many of the security requirements we're compliant with, making their work much more accessible from that standpoint."
  • "VMware is not supported by the platform."

What is our primary use case?

We have different cloud platforms within the organization and needed a solution that would allow us to control different aspects of them from one single platform, which has allowed us to manage and apply policies across all different locations. 

It has allowed us to be more efficient with compliance and maintenance of all different platforms; management of the users is now tighter, and fewer resources have to be invested in applying all the needed policies and levels of access based on company roles.

How has it helped my organization?

The product provides a full security posture for our cloud environment. We get complete visibility of all the workload hosted across all different platforms and all traffic coming in/ out of these cloud platforms. These policies are on 24/7 from any device, say desktop, laptop, mobile, etc. 

All this is pretty easy to set up and notifies any anomaly as soon as it arises for immediate attention/ correction; some of these issues will be addressed automatically and just let you know it was identified and solved.

What is most valuable?

The management console offers excellent visibility of all security options and configurations, also showing all the traffic from each user. 

Once you're working on a specific action, the interface will pop relevant information around past actions contradicting the new policy, showing you strictly where potential threats may come from. 

Admins and executives are more at ease with the compliance engine within the software as it measures how many of the security requirements we're compliant with, making their work much more accessible from that standpoint.

What needs improvement?

This is something that doesn't directly affect us. However, I know VMware is not supported by the platform. 

Also, it seems that plenty of features you may not know even exist unless you do some extensive, deep digging as they're not coming up in the initial configuration, so you have to go through the documentation to realize their existence. 

Support is really good, so you may rely on them to learn more about these coded features I'm talking about, also to make the proper calibration for the rules/policies you're applying as they may not turn the results expected from the first config.

For how long have I used the solution?

We've used the solution for +2 years now.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
erdemerdag - PeerSpot reviewer
Cybersecurity Operations Engineer at a tech services company with 201-500 employees
Real User
Top 10Leaderboard
Easy to install, protects well, and offers an excellent GUI
Pros and Cons
  • "It is always on the top of the list of best firewall solutions."
  • "The routing rules and some more network settings should be listed on the Check Point Smart Console instead of GAIA Web GUI."

What is our primary use case?

I have been using this solution as a perimeter firewall. 

Our organization has ISP-based DDoS protection on the outer attack surface. Then, we have Check Point Next Generation Firewall with an IPS module as a second layer of protection. And then, we have Check Point Access Control, Application, and URL filtering, anti-virus, and anti-bot modules enabled. We also have the cloud-based Check Point Threat Emulation solution and different segmentations on Check Point Firewall as a DMZ zone, internal zone, and external zone. Our internal zones have different segments to improve our security level. We apply it by dividing our network into different VLANs by using the Check Point solution.

How has it helped my organization?

Check Point is the first vendor in which we found the stateful firewall terminology. It is always on the top of the list of best firewall solutions. 

Financially, the benefit of Check Point is very high when I compare it with an average firewall solution. At the end of the day, the benefits it provides are already higher than I paid. 

Our business performance is already doubled by the help of Check Point. If we need to talk about efficiency of administrators while managing a security  solution, I consider it as one of the most important item. 

Thanks to Check Point, our security team can easily handle different problems in time.

What is most valuable?

Check Point gateway and management installation are very easy. After the console-based installation steps, you can continue on the web GUI interface. This is very valuable. It doesn't let you make a simple mistake, which might be a reason to install all the systems from the beginning. It has been designed to give you flexibility as much as needed; not more, not less. It prevents human mistakes, basically.

If I have to say just one thing as the most valuable; I will say it is the most reliable firewall solution in the world. It is easy to prove that when I compare the number of CVEs which are published in a year among firewall vendors.

What needs improvement?

The routing rules and some more network settings should be listed on the Check Point Smart Console instead of GAIA Web GUI. It might be a little bit confusing when an administrator remembers the location of the settings. Also, it is hard to manage the settings by always jumping from GAIA Web-based graphical user interface to Java based Smart Console dashboard. Also, Check Point Next Generation Firewall has a very detailed and well-organized CP view on the console on both CLISH and expert (/bin/bash) shells; which gives an administrator a real-time monitoring option on the console.

For how long have I used the solution?

I have been using it for more than six years.

What do I think about the stability of the solution?

On a heavy load, I haven't experienced packet loss or inconsistent behaviors.

What do I think about the scalability of the solution?

In the beginning, I would consider Check Point solution as not scalable enough. However, after Maestro architecture, it is extremely scalable now. The organizations does not have to pay a lot of money to plan for the next 2-3 years. They are flexible enough to allow for the extension of their systems by adding another module like a blade.

How are customer service and support?

The customer service and support team respond in minutes. If it is a critical issue, you can reach them in seconds via chat.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I used Palo Alto and Fortinet firewalls before. From Fortinet to Palo Alto it was a big change. 

Fortinet was not a good enough solution as compared to PA. Then, due to finances and some other reasons, I switched to the Check Point and it was one of the best decisions in my life.

How was the initial setup?

The initial setup is straightforward. You just need to define disk allocation for logs and system files and backup files as an amount. Then you can continue with Web GUI to set up network, DNS, etc. settings. Then you complete your setup by installing the Smart Console interface.

What about the implementation team?

The Check Point support team is one of the best. When I need them, they can escalate the ticket to an appropriate level of engineer to fix the problem.

What was our ROI?

As a security solution in this kind of market, prestige and being reliable cannot be measured with money. It costs more than a million dollars to have a defacement attack. The costs to prevent this kind of attack cannot be measured with money, in my opinion.

What's my experience with pricing, setup cost, and licensing?

I'd advise others to worry about changing their firewall habits from any vendor to Check Point. It will be one of the best decisions of their life. If you have time and money to take care of other vendors, go ahead. However, if you are smart enough to manage your money and time, don't be afraid to give a chance to Check Point solution.

Which other solutions did I evaluate?

I did get some PoCs from other vendors such as Sophos and some other firewall vendors which are focused on small-size organizations mostly.

What other advice do I have?

I recommend to all system managers and security administrators to try all the enterprise firewall solutions. Then, most likely the final decision will be to use the Check Point Next Generation firewall.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1767759 - PeerSpot reviewer
Network at financial sector
User
Good application control and user access capabilities with easy troubleshooting
Pros and Cons
  • "When applying application control, we can ensure user access to the internet in accordance with company policy and easy implementation if some users need exception access."
  • "There needs to be more storage space for reporting."

What is our primary use case?

We use Check Point for the firewall in DMZ and surrounding zones and another product we have. We use a variety of series from 2000, 4000, and 6000 gateways, and also we use Smart-1 and Maestro solutions. 

We apply some features (IPS - Intrusion Prevention System, application control, reporting, antivirus, and anti-spam) using Smart-1 to make day-to-day operation more simple and easy using one management for all gateways. The remote console, such as SSH, is a little complicated, however, you can use it for troubleshooting.

How has it helped my organization?

It's improved our organization with simple day-to-day operations with easy tracking of traffic for troubleshooting, with a variety of features. The latest benefit for our company is to save more space for our rack with Maestro and virtualization. 

Some problems may appear and we can open TAC to get assistance from the principal. We also can control more traffic of users to the internet using application control. Our email is more secure using anti-spam and currently, we are in the middle of activating HTTPS inspection to secure our application on the internet.

What is most valuable?

I enjoy the application control for user traffic control to the internet and the tcpdump command for troubleshooting.

When applying application control, we can ensure user access to the internet in accordance with company policy and easy implementation if some users need exception access.

There is an easy troubleshooting network connection via logs and monitoring menu. We often use this menu for checking connections and if the traffic is not in the logs menu, we can use the tcpdump command from the ssh session to the gateway. It's the fastest way to troubleshoot.

What needs improvement?

For the migration for Smart-1, I wish the security policy could allow for a migration per gateway. 

There needs to be more storage space for reporting. The storage is always full if the reporting feature is on.

We need HA for Smart-1.

The traffic trekking (logs view) needs to be more accurate. Some traffic is often not in the logs view.

We'd like to have more user friendly menu for import vpn users.

There needs to be more compatibility with SIEM.

It would be great if we could join domains with more than one Active Directory server (active-active).

There needs to be an easy menu for export backup configuration (the current menu always has an error).

The signature information needs more detail. We need to know current update versions and on running versions.

For how long have I used the solution?

I have been using Check Point since 2010 (12 years).

Which solution did I use previously and why did I switch?

We already are using a variety of brands.

How was the initial setup?

Sometimes you need to repeatedly upgrade the version or update the patch.

What about the implementation team?

The help we received was good.

What's my experience with pricing, setup cost, and licensing?

The cost is pricey. 

Which other solutions did I evaluate?

We did not evaluate other solutions first. 

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
System Administrator at Grant Thornton
Real User
Reliable with good central management capabilities and useful dynamic definitions
Pros and Cons
  • "The solution offers very good central management, which saves time and is hassle-free."
  • "There are some GUI features in Check Point's SmartConsole that are still from the old versions and are in separate/duplicated interfaces; it would be most useful if it is integrated and not on different menus."

What is our primary use case?

We use the product as our main and only Firewall/Gateway/VPN Gateway. we are in the finance sector, and we need a very reliable and robust system. 

We rely heavily on the VPN system, as most of our employees are working outside the office at this time. 

We also have two appliances to improve reliability, we have internet access through two ISPs configured to work simultaneously. 

Our internal LAN is with duplicated network nodes that are double connected to our Check Point cluster. That way, we have full High Availability.

How has it helped my organization?

Before our purchase of Check Point products, we used an open-source product that lacked good integration between products and setting up to work was very tricky.

We use the Check Point mobile VPN, which is very stable and easy to use. It allows our employees to change their internal domain password when it becomes old, even when they are outside of the office for a long time. The VPN client can connect to our internal network even before the user is logged into his laptop. This allows users to receive GPO policy updates. 

What is most valuable?

The solution offers very good central management, which saves time and is hassle-free.

One of the most useful new feature is dynamic definitions. For example, if you need to allow all of the Microsoft Azure IP addresses, you can insert them dynamically and Check Point will update them for you. Without it, to find all IP addresses would be almost impossible.

You can create additional layers for the firewall rules. This allows better organization and performance of the product by skipping to the rules that are responsible for this group of protected devices.

What needs improvement?

There are some GUI features in Check Point's SmartConsole that are still from the old versions and are in separate/duplicated interfaces; it would be most useful if it is integrated and not on different menus.

We would like to have a better search engine on the checkpoint.com site. Right now, it is difficult to find, for example, a newer version of the Check Point VPN Mobile client. The search engine shows most visited sites and the newer version won't be the most recently viewed site page. As it is right now, you have to find the general VPN page form, and from there you have to look at what version of the product you need and then go to the page of the latest version.

For how long have I used the solution?

We have been using this product for five years.

What do I think about the stability of the solution?

Check Point is very stable.

What do I think about the scalability of the solution?

We haven't needed to expand our throughput capacity.
However, based on the Check Point documentation, it is hyperscale ready  capable of up to 475 Gbps of Threat Prevention.

How are customer service and support?

It is very good. Our local representatives are very helpful.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We moved from a previous solution to Check Point as it is more reliable and easy to manage, and our old solution wasn't able to provide the level of security we desired.

How was the initial setup?

We have had some problems understanding how to set up HA, however, we managed to do it. This was mainly due to the fact that we didn't have experience with Check Point products in the past.

What about the implementation team?

We did everything in-house.

What's my experience with pricing, setup cost, and licensing?

New users should know that the first year of support is included in the equipment. After that, you have to buy it.

Which other solutions did I evaluate?

We choose between Palo Alto and Checkpoint.

What other advice do I have?

We like it. It works well.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1691745 - PeerSpot reviewer
Technology Architect at BearingPoint
Consultant
East to setup with great central management capabilities and identity-based access
Pros and Cons
  • "It's enabled us to move away from basic LAN to LAN segmentation to a more powerful user separation approach."
  • "One area which is still lacking is the site-to-site VPN solution."

What is our primary use case?

We use our Check Point NGFW firewall mainly for perimeter security. Those firewalls are placed at many sites distributed over Europe. We love the firewall management and think it's still the golden standard for creating a rule base and we go more and more in the direction of identity bases user access to secure our environment.

The other firewall blades, such as Anti-Bot, Application and URL-Filtering, and IPS, are used on all sites. It's easy to deploy, as the firewall is able, with the latest version, to learn from the traffic and adapt the IPS policy.

How has it helped my organization?

Check Point NGFW has improved our organization with more security and easier deployments. There is a smaller amount of workload in the supporting area. We find a lot of documentation for the products and benefit from a big community. The Check Point support is much better than what we have seen from other vendors. The firewall policy is easy to deploy and we can do a more granular separation of specific user groups. We feel much more secure with this product - especially the API support - and possible automation has saved us a lot of time in our team and organization.

What is most valuable?

The most valuable features are the identity-based access and high-quality intrusion prevention functionalities. 

One of the most valuable aspects is the central management, which includes a large wide range of API calls. With the central management, we can define a reasonable security policy for many sites and not only for network segments but for user and AD groups. This gives us a bit more "Zero Trust" in our network.

It's enabled us to move away from basic LAN to LAN segmentation to a more powerful user separation approach.

What needs improvement?

One area which is still lacking is the site-to-site VPN solution. This is still an area that could be improved, although the features have gotten much broader and I really have seen an improvement over the last 10 years of working with the product. The separation from encryption domains between the tunnels came recently as a new feature to the product. This really helps a lot. Yet, we are still seeing a lack of compatibility with other devices, even though this is the case with many vendors. Especially with IKEv2, we are struggling with many vendors to set up perfectly running tunnels.

For how long have I used the solution?

I'm working with Check Point for 10 years.

What do I think about the stability of the solution?

If you go by best practice recommendations from Check Point the stability is very good.

What do I think about the scalability of the solution?

Scalability is really good. Check Point has the Maestro solution, where you can really scale easily without wasting resources.

How are customer service and support?

They are really anxious to solve issues as fast as possible. They also try to get in actual contact with you via phone or chat to fully understand the issue.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

In some areas we were using Cisco, however, we changed to Check Point to centralize things.

How was the initial setup?

The setup is pretty straightforward, at least for the basic setup. Even with more complicated configurations, you have good support and experts at Check Point in the background that can help.

What about the implementation team?

We did it ourselves.

What's my experience with pricing, setup cost, and licensing?

Check Point is definitely not the cheapest solution, but the better security makes it worth the price. The licensing model is pretty easy, especially when it comes to the extension for many environments.

Which other solutions did I evaluate?

We looked at Cisco, Barracuda, and Fortinet.

What other advice do I have?

I'd advise teams to give it a try!

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Solutions Architect Infrastructure and Security Manager at Jumbo Electronics Co. Ltd. LLC.
Reseller
Top 5
Stable and secure, but not user-friendly in terms of implementation
Pros and Cons
  • "Check Point is awesome from a security standpoint. Based on our experience and also the experience of the other customers, it is a very stable appliance."
  • "It should be user-friendly from an implementation point of view. Its setup is a little bit difficult."

What is our primary use case?

We use a remote access VPN, and this is a perimeter firewall for our data center to secure our servers and internal applications. We are using model G-6600.

What is most valuable?

Check Point is awesome from a security standpoint. Based on our experience and also the experience of the other customers, it is a very stable appliance.

What needs improvement?

It should be user-friendly from an implementation point of view. Its setup is a little bit difficult.

For how long have I used the solution?

I have been using this solution for four years.

What do I think about the stability of the solution?

From a security standpoint, it is very stable, and I would rate it a nine out of 10. I don't have any issues with it.

What do I think about the scalability of the solution?

At present, we have 30 for our distribution. So, it is pretty scalable.

How are customer service and technical support?

Their support is good. Their L1 and L2 support across the globe is great. L3 support is with the Israel team, and they have the right competency to troubleshoot it. Sometimes, when something needs to be done in the software in detail, we need to wait for people to come online from Israel. I would rate their L3 support a six out of 10 because we need to wait for the team from Israel to come online.

How was the initial setup?

It is a little difficult to set up. We need a really skillful engineer to manage it. After we have onboarded it correctly, it is very easy to manage, and it is very secure. Initially, we had some challenges and issues, and when we got the right resource and support from the vendor, they all got resolved. It took four or five days.

It should be user-friendly from an implementation point of view. I would rate it a six out of 10 in terms of implementation.

What other advice do I have?

I would recommend this solution. From a security standpoint, Check Point is the best product, but a customer should have the right skillsets to onboard and manage this.

I've been working with multiple customers in India, and I don't see any specific features that they need. It has covered pretty much everything.

Overall, I would rate it a seven out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: January 2025
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.