Check Point NGFW Reviews

The most valuable feature of the solution is its efficiency.

You have an administration tool that is not on the appliance, and it should be in line with the appliance. You can put your modification online and compile it again before applying.

I have been using Check Point NGFW for seven years.

The solution's technical support is good.

Positive

We previously used Cisco. We switched to Check Point NGFW because Cisco was comparatively a bit outdated.

Check Point NGFW is a little expensive. We paid around 70,000 Euros for it, and the solution's maintenance fee is expensive. We also have to pay for technical support.

I am generally satisfied with the solution. The new Check Point products are more powerful than the previous appliances. The product is good but perhaps more adapted to big firms than small companies.

Overall, I rate the solution an eight out of ten.

We use it for our core firewall and also for VPN.

It can be managed by many people. I have a team, and any of them can manage this firewall and make some changes. All the changes are combined into one policy.

Its usability is the best for me. As compared to Palo Alto, Juniper, or Cisco firewalls, Check Point firewall has the best user interface for management, reading logs, looking for some objects, and looking for policies.

It's expensive.

We have been using this solution for more than 15 years.

It's stable.

I don't know about its scalability because I haven't had to scale. I have a flat traffic rate.

I have 500 users. It's deployed across two data centers.

I contacted them sometimes but not very often. It was a good experience. I have contacts with the engineers in Check Point. They provide the right solution every time. I also use the Check Point support portal. They have many descriptions and solutions for some of the problems.

I have previously used Palo Alto, Juniper, and Cisco. Check Point NGFW is better than all of them. 

I changed from Cisco ASA. It was a long time ago. Cisco ASA was an old technology, whereas Check Point NGFW has better performance and better knowledge about applications.

It was easy for me because I have many years of experience. I could see its benefits within two or three months of deployment.

In terms of maintenance, it requires normal maintenance. Its maintenance is similar to other devices.

It's expensive, but its price is reasonable looking at its functionality and power.

Try many solutions and then choose the best one for you.

I'd rate Check Point NGFW a ten out of ten.

I have a relatively small infrastructure, with a VMware Vsphere running all my servers on virtual machines. My network consists of approximately 30 workstations. The Check Point NGFW helps detect attacks against enterprise applications. 

It can enforce application functionality specific controls, monitor application data and content, and monitor HTTP, HTTPS, SMTP and other application protocols for better protection. I can audit applications running on my network, monitor their content and data, identify hosts on which applications are running, and identify users of the applications.

I have been using the Check Point NGFW as a primary firewall with all policies and rules configured on it. It helps as an Intrusion Detection System. This has improved my network performance as it illuminates suspicious activities before they reach the network. 

The network monitoring tool allows me to know who and what is hogging all the bandwidth and therefore apply it to remediate action and hence improve network performance. The Check Point NGFW helps me with QOS, during these times of work from home and virtual meetings, I can easily allocate required bandwidth to MS Teams, Zoom, and WebEx.

The most valuable features are the application and user control. This allows me to allow applications that encourage productivity and limit those that hinder productivity. The Network Address Translation (NAT) will always be a valuable feature as it allows me to turn my private cloud to the public at the click of a button and have secure control over the accessible servers/applications. sandboxing is also a valuable feature that allows the NGFW to act as an anti-malware, this would be largely helpful to prevent or minimize ransomware attacks.

Although very efficient, the product could be developed in a way that does not take a lot more system resources. It would be very useful if the Check Point NGFW was able to learn the environment and its user's real-time activities and automatically send only logs of interest to the security admin to actually force the security admin to review these logs since the logs are useless if not reviewed. Implementation and setup should be made as easy as possible. At times a misconfigured NGFW because of its complexity will be more of a vulnerability than protection.

I've used the solution for four years.

The stability is very good.

The scalability is very good.

Technical support is always on point.

Positive

We did use a different product. The previous solution was actually more complex to set up and had a high price.

The individual setup was complex. However, with the support of an expert on the solution, it became straightforward.

We used a vendor team. Their level of expertise was acceptable.

The ROI is on the positive side.

I'd advise users to find a local vendor of the solution they are looking into and compare all middleman pricing.

We also looked at Cisco Firepower.

The solution is primarily used as an edge firewall safeguarding any organization or company which are really considering it as their number firewall of choice. In addition, there were also companies that are only using the specific blades, for example, IPS or IPsec, only as their primary solution. It is mostly used as an edge firewall. Sometimes, all security blades are utilized. As a significant part of the whole network infrastructure, Check Point delivers high detection and prevention rates when talking about suspicious and cyberattack types of activities.

Primarily, Check Point played a very vital role in protecting our whole network infrastructure. Having been able to implement such a solution will keep one's organization's security posture well guarded. The best part of Check Point NGFW's operational mechanisms were the Threat Extraction and Threat Emulation blades respectively. The former delivers documents with zero malware in zero seconds and the latter analyzes the original document in an isolated sandbox, identifying unknown threats. 

I'd recommend this kind of firewall for companies considering it since the detection rate for any cyberattacks/suspicious activity is very high (more than 90%).

Check Point NGFW has all the security blades a certain company would want to implement for a network firewall facing the public internet. The upsides of choosing this kind of firewall are traffic acceleration, core acceleration, and interface acceleration which would help in maintaining smooth sailing activity, giving administrators less dilemma. 

Administrators always find it hard and disturbing when such a network bottleneck occurs spontaneously out of nowhere. With that said, Check Point still ranks first among other vendors.

It would be best if the security management server console access is simpler for ease of management. System administrators find it really difficult for the management settings to incorporate easily. Most administrators nowadays are looking into something that offers easy access to a management console or GUI. 

I could not think of other areas for improvement. This is the firewall that I liked the most among other vendors in the market. It's by far the best firewall in the security industry.

I've used the solution for three years already - since the start of my Network Security Engineer career.

Stability-wise, it is perfect! 

When you perform sizing, make sure that the necessary scalability is considered. There's no going back when things like this are compromised.

Lately, Check Point support is nowhere to be found.  We are always attending other customer sessions when, in fact, support is needed for a P1.

Neutral

Mostly, they are the Gartner leaders for NGFW. A switch was made when customers found the solution more secure per doing the proof of concept.

I could say that it is complex even though they are already CCSE and Check Point Expert. There is no way I could find its management easy to use.

We handled the setup in-house.

That there is a money-back guarantee for their business. A business being secured is a business of high return.

There are a lot of evaluations to be done prior to choosing the solution. It caught the customer's attention when the threat extraction/emulation blade really did well during the proof of concept activity.

So far I have mentioned all the things needed to be given importance with regard to an NGFW solution.

I have used this product in chemicals, insurance, and industrial sector companies.

The primary use case is to secure the inbound and outbound traffic and secure the DMZ servers. We use this solution for Remote access VPN (on smart view event can see reports more granular level) and IPSEC VPN for using the applications hosted on Public cloud and integrate the customer 3rd parties vendors. 

Using threat prevention helps in securing the customer environment from cyber attacks, ransomware, malwares etc. We use the Sandboxing features to protect the network from zero-day attacks

It improved the performance of the network on large scale. 

It's easy to use and configure. We can build the new firewalls with minimum effort. 

It's easy to upgrade the device. 

You can van view the device health on the smart view monitor and smart event monitor at a more granular level. We're achieving great performance using the latest quantum gateways. You can see the real-time logs on the management and also can configure the logging in redundancy mode. 

Using TCPDUMP, a firewall monitor, and firewall zdebug drop, you can troubleshoot the real-time issues.

We like the SecureXL, CoreXL, and Multi-que.  Using these features improved the performance of the gateway at a more granular level.

The Smart View Event monitor is great. You can see the real-time events on the firewall - including remote access VPN usage.

The smart licensing is great. It's easy to generate the license and apply it on the gateways.

The solution offers very good anti-virus and anti-spam capabilities. It's good security on the network.

Threat Prevention and Sandboxing are useful to have. We're protecting the network from zero-day vulnerabilities and securing the network from the latest cyberattacks.

Pricing for the gateways is too high as compared to the other vendors.

Whenever there is any issue comes checkpoint support ask to keep the gateway on the latest hotfix and OS which is difficult to roll out on all the gateways present in the customer environment.

I am using this product for more than five years.

We can achieve great stability using Check Point Quantum Gateways which improves the performance of the network.

We can achieve great scalability using Check Point Quantum Gateways.

We did not use a different solution. 

The initial setup is straightforward.

We did not evaluate other options.

The solution is primarily used for firewall protection for an enterprise environment, The Check Point firewalls are implemented on the perimeter (DMZ) and Secure Access Domain (SAD) environments. 

We use physical VSLS clusters but have many virtual systems (Vsys) configured for different sub purposes. The Entire management domain is protected by Check Point firewall virtuals running on multiple physical boxes.

We have multiple virtual routers configured on the physical firewalls which connect L3 connectivity to other domains. The Perimeter DMZ firewall protects the boundary zone Environments 

Check Point firewalls have helped our organization to securely promote the traffic flow in a secure way that is fast and swift.

There's faster identification of customer traffic issues identifies via a smart view tracker and centralized management of rules. It has an ease of access policy and a human-readable format.

We have multiple virtual routers configured on the physical firewalls which connect with L3 connectivity to other domains. The Perimeter DMZ firewall protects the boundary zone environments.

Dashboards for rules management and trackers for firewall logs capture are useful.

Traffic flow in Check Point is very structured so that it is easy to understand the path it checks to understand which elements come first and which elements come later.

The smart log compiles from multiple CMAs is an important feature that is very attractive. 

The MDM dashboard is very organized compared to other vendors. The use of CLI tools like TCPDUMP and FW monitor are very useful in verifying the traffic logs.

Objects search and tracker logs are useful.  

To combine CLI routing and GUI application in a way that both interact together would be ideal.

The pricing could be better. In general, the Check Point solutions are not cheap, however, you could try to negotiate on the overall contract, especially if you are purchasing a lot of hardware.

In the CLI, while viewing configs, there is no easy way to snapshot configs. 

I've used the solution for more than 15 years.

The product is very stable.

The solution is scalable.

Technical support is super.

We switched from Cisco to Check Point. Cisco was CLI-based and cumbersome with rulesets.

The setup is straightforward as there are many videos available on the net to practice with.

We had vendor involvement.

It serves the purpose and primarly gets the best output.

The pricing is high. In general, the Check Point solutions are not cheap, however, you could try to negotiate on the overall contract, especially if you are purchasing a lot of hardware.

Yes, the vendor ran through the options and based their decision on the company security standards.

We are satisfied with the product and support.

We are a financial institution and we use Check Point as a firewall that is positioned for external connections, like the Internet, leased lines, and site-to-site VPNs for other companies. Check Point protects our mobile applications connected to the internet, as well as the main company website. Some firewalls are positioned on some of our HQs.

We're on version R80.40 (some minor firewalls are on R80.30) and we use 13000, 23000, and 26000 series appliances. We use Application Control, Identity Awareness, IPS, URL Filtering, Anti-bot, Antivirus, Threat extraction, and Threat emulation blades.

I've been in the same company for 11 years, and Check Point has been running in a stable manner for our company's main internet connection (and 7 years before that).

It has protected our main applications successfully without any performance drops, and with its flawless logging capabilities, we were able to pinpoint any issues every time.

The management is also the best among any other firewall, with the convenience to create the objects and rules on the same page. This has helped us save time on operations. We can use APIs to create objects and rules to easily finish some projects.

The best features are the stability and the performance of the firewall and its software blades, simplicity to write the firewall rules on its GUI, and its logging capabilities.

The firewalls are working stably, without any interruptions. As we planned our capacity well, we've never had any performance issues.

The firewall rule writing and object creation are the best and simplest I've seen on a firewall (I've looked at 6 different vendors). I often wonder why the other vendors don't do it Check Point's way.

To see the logs, we can search like a search engine, and we can combine different search strings to pinpoint the interesting traffic.

The product can be improved with fewer hotfixes, and if more generally available jumbo hotfixes were used.

We don't often hit bugs. It's perfectly normal for an NGFW device as other vendors are always fixing bugs too. However, when we hit a bug, the support team recommends some hotfix, and if we upgrade to that, we have to uninstall it before we apply some newer jumbo hotfix. If those fixes were included in a fast manner in the jumbo hotfix (as jumbo hotfixes are tested thoroughly for general availability), it would be ideal.

I've used the solution for 11 years.

Our primary use case is as a perimeter firewall for main and DR sites for a financial institution. It secures Internet access for users through IPS/AV/Threat Emulation/Application control and URL filtering with HTTPS inspection and geolocation restrictions. 

It secures our email and MDM solutions. 

We also use it to create site-to-site VPNs with vendors. Remote access is achieved through the use of a secure workspace and SSL network extender. Securing and inspecting HTTP traffic to our web servers is another important task. 

It secures several DMZs and segregates them from the rest of the network.

We use all of the security features available. 

It has helped us with controlling internet access, securing our external websites, and providing remote access that you can trust (secure workspace). The latter provides with a virtual Windows 7 desktop that only allowed apps can be initiated from. In our case, we launch RDP sessions from secure workspace. 

The latest version of the software is a big win overall, with major improvements in how the rulebase is scanned (it's not the top down classical rulebase checking, but a column based checking) and overall efficiency.

Remote access with a secure workspace provides a clear separation between the client and corporate network. 

Threat Emulation (sandboxing) is great for zero-day malware and it is easy to configure. 

Logging and administration are best-of-breed. You can quickly trace back on all sorts of logs in no time. 

IPS and AV rules are granular and specific for the rules that you need. 

The geolocation feature is good for dropping irrelevant traffic. 

Configuration through SMS is quick and easy. It eliminates administration errors while checking consistency before applying a policy.

I would like to have an improved secure workspace solution for remote access. I hear that the Apache Guacamole solution has been integrated into R81. 

The site-to-site VPN options are numerous, but they can get confusing. Interoperability with other vendors is not the strongest when it comes to setting up VPNs. It's totally different from any other VPN vendors I have come across. 

Improvements are needed in policy backups and reverting to the previous policy. This used to be better in R77.30. 

Policy installation tends to take a long time when the rule base increases in size, which can become frustrating. 

I have been using Check Point NGFW for 10 years.

We have never had any unexpected crashes or issues.

It should scale well as they now support more than 40 CPUs on a single system. 

Our experience has been great, although we don't have direct support. This means that sometimes, it takes a while to get to the bottom of issues.

Check Point is really the best NGFW I have come across and I have worked with many vendors including Cisco, Juniper, and FortiGate. It's a platform that a huge amount of research has gone into over the years. It has a great support community and clear guides to solve all sorts of problems and issues.

I didn't switch to Check Point, as it was always there. We haven't switched away from it over the past 10 years. 

We always need some help on installs or major upgrades. 

We have used several vendors and some are better than others. 

It is difficult to calculate ROI when it comes to security products. 

The hardware cost is not huge, but you need to push for good pricing on software licensing and blades.

Check Point was implemented in the company before I arrived. 

It's demanding for the administrator, as it takes years to get an in-depth knowledge of the platform. Otherwise, it is easy to use from day one.