Check Point NGFW Reviews

We use our Check Point NGFW firewall mainly for perimeter security. Those firewalls are placed at many sites distributed over Europe. We love the firewall management and think it's still the golden standard for creating a rule base and we go more and more in the direction of identity bases user access to secure our environment.

The other firewall blades, such as Anti-Bot, Application and URL-Filtering, and IPS, are used on all sites. It's easy to deploy, as the firewall is able, with the latest version, to learn from the traffic and adapt the IPS policy.

Check Point NGFW has improved our organization with more security and easier deployments. There is a smaller amount of workload in the supporting area. We find a lot of documentation for the products and benefit from a big community. The Check Point support is much better than what we have seen from other vendors. The firewall policy is easy to deploy and we can do a more granular separation of specific user groups. We feel much more secure with this product - especially the API support - and possible automation has saved us a lot of time in our team and organization.

The most valuable features are the identity-based access and high-quality intrusion prevention functionalities. 

One of the most valuable aspects is the central management, which includes a large wide range of API calls. With the central management, we can define a reasonable security policy for many sites and not only for network segments but for user and AD groups. This gives us a bit more "Zero Trust" in our network.

It's enabled us to move away from basic LAN to LAN segmentation to a more powerful user separation approach.

One area which is still lacking is the site-to-site VPN solution. This is still an area that could be improved, although the features have gotten much broader and I really have seen an improvement over the last 10 years of working with the product. The separation from encryption domains between the tunnels came recently as a new feature to the product. This really helps a lot. Yet, we are still seeing a lack of compatibility with other devices, even though this is the case with many vendors. Especially with IKEv2, we are struggling with many vendors to set up perfectly running tunnels.

I'm working with Check Point for 10 years.

If you go by best practice recommendations from Check Point the stability is very good.

Scalability is really good. Check Point has the Maestro solution, where you can really scale easily without wasting resources.

They are really anxious to solve issues as fast as possible. They also try to get in actual contact with you via phone or chat to fully understand the issue.

Positive

In some areas we were using Cisco, however, we changed to Check Point to centralize things.

The setup is pretty straightforward, at least for the basic setup. Even with more complicated configurations, you have good support and experts at Check Point in the background that can help.

We did it ourselves.

Check Point is definitely not the cheapest solution, but the better security makes it worth the price. The licensing model is pretty easy, especially when it comes to the extension for many environments.

We looked at Cisco, Barracuda, and Fortinet.

I'd advise teams to give it a try!

We use a remote access VPN, and this is a perimeter firewall for our data center to secure our servers and internal applications. We are using model G-6600.

Check Point is awesome from a security standpoint. Based on our experience and also the experience of the other customers, it is a very stable appliance.

It should be user-friendly from an implementation point of view. Its setup is a little bit difficult.

I have been using this solution for four years.

From a security standpoint, it is very stable, and I would rate it a nine out of 10. I don't have any issues with it.

At present, we have 30 for our distribution. So, it is pretty scalable.

Their support is good. Their L1 and L2 support across the globe is great. L3 support is with the Israel team, and they have the right competency to troubleshoot it. Sometimes, when something needs to be done in the software in detail, we need to wait for people to come online from Israel. I would rate their L3 support a six out of 10 because we need to wait for the team from Israel to come online.

It is a little difficult to set up. We need a really skillful engineer to manage it. After we have onboarded it correctly, it is very easy to manage, and it is very secure. Initially, we had some challenges and issues, and when we got the right resource and support from the vendor, they all got resolved. It took four or five days.

It should be user-friendly from an implementation point of view. I would rate it a six out of 10 in terms of implementation.

I would recommend this solution. From a security standpoint, Check Point is the best product, but a customer should have the right skillsets to onboard and manage this.

I've been working with multiple customers in India, and I don't see any specific features that they need. It has covered pretty much everything.

Overall, I would rate it a seven out of 10.

We use Check Point for VPN access for all employees, as a rule. We also used it as a filter, a firewall, and it's the front line of our access to the Internet.

It has VPN access for our employees and it controls access, barring intrusion for non-authorized access.

The URL filter is activated to filter access to our employees. We use filtering for VPN access.

The configuration is one of the best features of this product.

When this product was purchased approximately 12 years ago it was the top of the line.

The product has been working very well.

I don't have any issues with the software of this solution. It works as is expected.

I would like to see more integration with other infrastructures. We are considering Cisco because it is more integrated, and the network limits of the solution are better.

Recently, we experience a problem with the hardware because it was too old, it was blocked. The hardware failed, but the software did not. With older hardware, it is a problem because our network is growing every year. The solution is not at maximum performance. 

It does not have the performance that we require. The network is not the same as it was 12 years ago. There are several logs.

We are looking for a cheaper product that is more integrated than our Cisco Network appliance.

It may also need to support other types of architecture.

The only reasons we are looking at other solutions are price and integration.

Check Point was installed in the company approximately 12 years ago.

The stability is good.

We are a company with 1,200 employees, and approximately 700 are using this solution.

We have five HP Servers, and we have a cluster in different geographic locations. 

Check Point has been installed in an HP-certified server. It is not an appliance, it is an HP Server.

We have one or two professionals who work on the platform.

It is not a cheap solution, which is why we are looking for another one.

We are currently evaluating new firewall solutions because the Check Point that we have was installed approximately 12 years ago, and wanted to change to a next-generation firewall.

The HP Server works fine without any maintenance, but it needs to be taken care of. We did not, which caused a disk to fail. We have one or maybe two that are working. I don't have any complaints about the HP Server. It was sized for that network load at that time.

I would rate Check Point a ten out of ten. It works as expected.

In today's world, we can't completely rely on traditional signature-based devices, as technology involving cyberattacks is becoming more sophisticated. We require an all-in-one solution that can defend against newly-created attacks, necessitating the usage of NGFW firewalls. This is where Check Point comes into the picture.

Our environment contains multiple roaming users, where we have to extend trust beyond the organizational network. Not only is there east-west traffic to deal with, but a large volume of north-south traffic, as well. We are required to monitor all of the traffic, which includes many branch offices connected centrally.

Monitoring Data via DLP in such a scenario, we require a single solution, which is nothing but Checkpoint.

It has not only improved our environment but the entire organization. Adopting it brings better functionality.

Starting from the basic firewall blade to sandbox threat emulation and threat extraction, it works seamlessly to protect against both known and unknown malware.

After the version 80.xx migration, Check Point stability and security have improved tremendously.

Through the management server, it has become very easy to manage the configuration for each of the blades, as well as the day-to-day operations. With central management, it has become possible to manage endpoint devices as well.

Check Point has the best technical support, which I feel if we consider other firewall vendors in the market, is an important distinguishing point.

Stateful inspection is one of the strongest points in this product, which is applicable while creating policies for application and URL filtering.

Check Point provides dedicated blades to monitor network traffic, which helps while troubleshooting network and packet-related issues.

It is easy to filter traffic based on source-destination services, time, etc, which is an enhancement over other firewalls in the market.

Check Point fulfills our requirements but it is important that they stay on top of competitors by addressing certain points.

There are issues with stability while upgrading devices with hotfixes. For example, many times, a device will stop giving responses after an upgrade (observed in 80.10 release).

The rule database needs to be improved because when we apply rules for the destination, based on service and application and URL filtering Layer, the parallel lookup fails.

I have more than three years of experience with Check Point NGFW.

Stability can be improved further.

Scalability is excellent.

Technical support is very good and provides the right solutions every time. They are highly skilled.

We have seen many customers migrating their firewall from Sophos to Check Point, or from Cisco to Check Point. The main reason has been that they were not getting NGFW functionality and the security feature sets that Check Point provides.

The initial setup is straightforward.

I implemented it with the help of a vendor.

We are definitely getting most of the things that we expect from this product.

Check Point is a vendor that listens to customers and determines what they want. Based on the requirements and the solutions offered by other vendors, Check Point will negotiate to try and give the customer the best price.

Check Point offers options and operates differently from other vendors with respect to licensing. Each blade requires that you have a license.

We also evaluated Palo alto.

I think people like me love Check Point because in my experience over the years, I have not heard of a comprise where Check Point was protecting the network. As long as the devices are configured properly, this is a very small chance of being compromised.

In general, the NGFW features in Check Point fulfill our requirements, which is expected from a Cybersecurity firm that has been involved in the field for a long time. 

Our company works in developing and delivering online gambling platforms. The Check Point NGFWs are the core security solution we use to protect our DataCenter environment located in Asia (Taiwan). The environment has about ~50 physical servers as virtualization hosts, and we have two HA Clusters consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix. The Clusters serve as firewalls for both inter-VLAN and external traffic.

The overall security of the environment has been greatly improved by the Check Point NGFWs. Before implementing this solution we have to rely on the Cisco ACLs and Zone-Based firewall that we had configured on switches and routers, which in fact a simple stateful firewall, and currently not an efficient for protecting from advanced threats. The Check Point NGFWs brought up the security level with the help of the advanced software blades - we use Application Control, URL Filtering, IPS, Anti-Bot, and Antivirus. The setup was simple, and the performance is great - we have significant resources to expand the environment in the future without disabling any blades and thus maintaining the security on the same, high level.

1. Advanced logging capabilities - our support team on duty constantly monitors the security logs in the SmartConsole, and notifies the security team in case of major alerts.

2. Advanced networking and routing features - we use Proxy ARP to announced virtual IPs to ISP and bing domain names to it; BGP for dynamic routing over IPSec VPN tunnels to other environments, and Policy-Based Routing for connecting to two ISPs.

3. The new Policy Layers feature for building up the Access Control policy - the rules are now more understandable and efficient.

The pricing for the Check Point products should be reconsidered - we found it to be quite expensive to purchase and to maintain (the licenses and the support services need to be prolonged regularly). 

We also had several support cases opened for software issues (e.g. unstable BGP sessions over VPN tunnels), which, in our opinion, took too long to resolve - up to one month.

Also, even so, the new SmartConsole is declared to be unified starting from version R80.10, there are still some features that have to be configured in the old SmartDashboard (e.g. Mobile Access policy and Antivirus), or on the Gaia OS level (all the routing features).

We have been using the Check Point Next-Generation Firewalls for about 3 years, starting from late 2017.

In general, the solution is stable, but we still have had some support cases opened and have to install the JumboHotfixes on a regular basis to fix the minor bugs. Please note that the current version of the software we use - R80.10 - is not the latest one (R80.40).

The solution is scalable - we use the Active-Standby Clusters, but could switch to Active-Active and add additional Gateway nodes if needed.

We have had several support cases opened. Some of the were resolved by installing the latest recommended JumoHotfix, some required additional configuration on OS kernel level (e.g. TCP MSS clamping). The longest issue took about one month to be resolved, which we consider too long.

We relied on the ACLs and Zone-Based firewalls of the Cisco switches and firewalls, which doesn't provide sufficient security protection against the modern advanced threats. 

The equipment has been delivered on time, without delays. The setup was straightforward. The configuration was easy and understandable. 

In-house team - we have a Check Point Certified engineer.

Use the Check Point Performance Sizing Utility to measure and estimate the hardware needed to purchase for your environment.

The most valuable feature of the solution is its efficiency.

You have an administration tool that is not on the appliance, and it should be in line with the appliance. You can put your modification online and compile it again before applying.

I have been using Check Point NGFW for seven years.

The solution's technical support is good.

Positive

We previously used Cisco. We switched to Check Point NGFW because Cisco was comparatively a bit outdated.

Check Point NGFW is a little expensive. We paid around 70,000 Euros for it, and the solution's maintenance fee is expensive. We also have to pay for technical support.

I am generally satisfied with the solution. The new Check Point products are more powerful than the previous appliances. The product is good but perhaps more adapted to big firms than small companies.

Overall, I rate the solution an eight out of ten.

We use it for our core firewall and also for VPN.

It can be managed by many people. I have a team, and any of them can manage this firewall and make some changes. All the changes are combined into one policy.

Its usability is the best for me. As compared to Palo Alto, Juniper, or Cisco firewalls, Check Point firewall has the best user interface for management, reading logs, looking for some objects, and looking for policies.

It's expensive.

We have been using this solution for more than 15 years.

It's stable.

I don't know about its scalability because I haven't had to scale. I have a flat traffic rate.

I have 500 users. It's deployed across two data centers.

I contacted them sometimes but not very often. It was a good experience. I have contacts with the engineers in Check Point. They provide the right solution every time. I also use the Check Point support portal. They have many descriptions and solutions for some of the problems.

I have previously used Palo Alto, Juniper, and Cisco. Check Point NGFW is better than all of them. 

I changed from Cisco ASA. It was a long time ago. Cisco ASA was an old technology, whereas Check Point NGFW has better performance and better knowledge about applications.

It was easy for me because I have many years of experience. I could see its benefits within two or three months of deployment.

In terms of maintenance, it requires normal maintenance. Its maintenance is similar to other devices.

It's expensive, but its price is reasonable looking at its functionality and power.

Try many solutions and then choose the best one for you.

I'd rate Check Point NGFW a ten out of ten.

We have deployed this software to provide comprehensive security beyond the Next Generation Firewall (NGFW). 

This software provides advanced analytics on any security measures that can have a great impact on our applications. 

It blocks malware attacks that can destroy data and leak confidential information to unauthorized parties. Check Point NGFW has helped the company to set up security policies that enhance the effective transfer of files and secure browsing strategies. There is improved prevention of external threats to data and increased production across the networking infrastructure.

Check Point NGFW has helped the company in the prevention of cyber attacks that could affect operations and slow down production. 

The intelligence reports from the real-time insights have helped members to avoid risks and plan efficiently for the future. 

Security threats that we used to experience before we deployed this product have been reduced, and the networking channels are ever safe. 

Sharing documents under secure infrastructure has increased the confidence of employees and enhanced faster implementation of tasks and projects.

The software provision of uncompromising security models across all the company applications has stimulated increased production. 

It has given the IT team full control and setup authority to scale down and deploy security to the most demanding platforms. 

The solution is safeguarding our financial databases and always has prevented fraud while giving employees peace of mind. 

The software has enabled us to come up with a unified dashboard that can monitor all accounting operations and investigate when there are security loopholes that can lead to data mismanagement.

The current features have a full set of security models that can protect any organization's information from ransomware attacks. 

When installed on Windows, the system with low storage space slows down. It is not compatible with all mobile devices and this may be unfair to some users. The next release can be more compatible with Windows and mobile devices for increased efficiency. 

I have experienced the best environment while working with this platform. All the data across the transactional records is ever secure under Check Point NGFW and I am proud of that great step ahead.

I've used the solution for nine months.

This platform is stable in the prevention of ransomware attacks.

I have been impressed by the performance of this software since we deployed it.

The customer support team has been always been responsive and interactive with our members.

Positive

I have not used a similar solution.

The setup was straightforward.

The deployment was done through the vendor team.

The current ROI is 35%.

The setup cost is good and the solution is affordable.

I evaluated other options. However, the company settled on Check Point NGFW due to its performance.

This is a great solution for many organizations that require stable data security.