Try our new research platform with insights from 80,000+ expert users
RSSI at SDIS49
Real User
Top 10
Provides good efficiency and technical support
Pros and Cons
  • "The most valuable feature of the solution is its efficiency."
  • "You have an administration tool that is not on the appliance, and it should be in line with the appliance."

What is most valuable?

The most valuable feature of the solution is its efficiency.

What needs improvement?

You have an administration tool that is not on the appliance, and it should be in line with the appliance. You can put your modification online and compile it again before applying.

For how long have I used the solution?

I have been using Check Point NGFW for seven years.

How are customer service and support?

The solution's technical support is good.

Buyer's Guide
Check Point NGFW
March 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used Cisco. We switched to Check Point NGFW because Cisco was comparatively a bit outdated.

What's my experience with pricing, setup cost, and licensing?

Check Point NGFW is a little expensive. We paid around 70,000 Euros for it, and the solution's maintenance fee is expensive. We also have to pay for technical support.

What other advice do I have?

I am generally satisfied with the solution. The new Check Point products are more powerful than the previous appliances. The product is good but perhaps more adapted to big firms than small companies.

Overall, I rate the solution an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Telecommunication Team Leader at a financial services firm with 201-500 employees
Real User
Top 5
Good UI, easy management, and good performance
Pros and Cons
  • "Its usability is the best for me. As compared to Palo Alto, Juniper, or Cisco firewalls, Check Point firewall has the best user interface for management, reading logs, looking for some objects, and looking for policies."
  • "It's expensive, but its price is reasonable looking at its functionality and power"

What is our primary use case?

We use it for our core firewall and also for VPN.

How has it helped my organization?

It can be managed by many people. I have a team, and any of them can manage this firewall and make some changes. All the changes are combined into one policy.

What is most valuable?

Its usability is the best for me. As compared to Palo Alto, Juniper, or Cisco firewalls, Check Point firewall has the best user interface for management, reading logs, looking for some objects, and looking for policies.

What needs improvement?

It's expensive.

For how long have I used the solution?

We have been using this solution for more than 15 years.

What do I think about the stability of the solution?

It's stable.

What do I think about the scalability of the solution?

I don't know about its scalability because I haven't had to scale. I have a flat traffic rate.

I have 500 users. It's deployed across two data centers.

How are customer service and support?

I contacted them sometimes but not very often. It was a good experience. I have contacts with the engineers in Check Point. They provide the right solution every time. I also use the Check Point support portal. They have many descriptions and solutions for some of the problems.

Which solution did I use previously and why did I switch?

I have previously used Palo Alto, Juniper, and Cisco. Check Point NGFW is better than all of them. 

I changed from Cisco ASA. It was a long time ago. Cisco ASA was an old technology, whereas Check Point NGFW has better performance and better knowledge about applications.

How was the initial setup?

It was easy for me because I have many years of experience. I could see its benefits within two or three months of deployment.

In terms of maintenance, it requires normal maintenance. Its maintenance is similar to other devices.

What's my experience with pricing, setup cost, and licensing?

It's expensive, but its price is reasonable looking at its functionality and power.

What other advice do I have?

Try many solutions and then choose the best one for you.

I'd rate Check Point NGFW a ten out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point NGFW
March 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.
Thapelo Kwesi Baabusi - PeerSpot reviewer
ICT Manager at Engineers Registration Board
Real User
Great application and user control but takes up system resources
Pros and Cons
  • "The Network Address Translation (NAT) will always be a valuable feature as it allows me to turn my private cloud to the public at the click of a button and have secure control over the accessible servers/applications."
  • "Although very efficient, the product could be developed in a way that does not take a lot more system resources."

What is our primary use case?

I have a relatively small infrastructure, with a VMware Vsphere running all my servers on virtual machines. My network consists of approximately 30 workstations. The Check Point NGFW helps detect attacks against enterprise applications. 

It can enforce application functionality specific controls, monitor application data and content, and monitor HTTP, HTTPS, SMTP and other application protocols for better protection. I can audit applications running on my network, monitor their content and data, identify hosts on which applications are running, and identify users of the applications.

How has it helped my organization?

I have been using the Check Point NGFW as a primary firewall with all policies and rules configured on it. It helps as an Intrusion Detection System. This has improved my network performance as it illuminates suspicious activities before they reach the network. 

The network monitoring tool allows me to know who and what is hogging all the bandwidth and therefore apply it to remediate action and hence improve network performance. The Check Point NGFW helps me with QOS, during these times of work from home and virtual meetings, I can easily allocate required bandwidth to MS Teams, Zoom, and WebEx.

What is most valuable?

The most valuable features are the application and user control. This allows me to allow applications that encourage productivity and limit those that hinder productivity. The Network Address Translation (NAT) will always be a valuable feature as it allows me to turn my private cloud to the public at the click of a button and have secure control over the accessible servers/applications. sandboxing is also a valuable feature that allows the NGFW to act as an anti-malware, this would be largely helpful to prevent or minimize ransomware attacks.

What needs improvement?

Although very efficient, the product could be developed in a way that does not take a lot more system resources. It would be very useful if the Check Point NGFW was able to learn the environment and its user's real-time activities and automatically send only logs of interest to the security admin to actually force the security admin to review these logs since the logs are useless if not reviewed. Implementation and setup should be made as easy as possible. At times a misconfigured NGFW because of its complexity will be more of a vulnerability than protection.

For how long have I used the solution?

I've used the solution for four years.

What do I think about the stability of the solution?

The stability is very good.

What do I think about the scalability of the solution?

The scalability is very good.

How are customer service and support?

Technical support is always on point.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did use a different product. The previous solution was actually more complex to set up and had a high price.

How was the initial setup?

The individual setup was complex. However, with the support of an expert on the solution, it became straightforward.

What about the implementation team?

We used a vendor team. Their level of expertise was acceptable.

What was our ROI?

The ROI is on the positive side.

What's my experience with pricing, setup cost, and licensing?

I'd advise users to find a local vendor of the solution they are looking into and compare all middleman pricing.

Which other solutions did I evaluate?

We also looked at Cisco Firepower.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
rblog - PeerSpot reviewer
Systems Engineer at Trends and Technologies Inc.
User
Protects network infrastructure, offers great security blades, and good core acceleration
Pros and Cons
  • "The detection rate for any cyberattacks/suspicious activity is very high (more than 90%)."
  • "It would be best if the security management server console access is simpler for ease of management."

What is our primary use case?

The solution is primarily used as an edge firewall safeguarding any organization or company which are really considering it as their number firewall of choice. In addition, there were also companies that are only using the specific blades, for example, IPS or IPsec, only as their primary solution. It is mostly used as an edge firewall. Sometimes, all security blades are utilized. As a significant part of the whole network infrastructure, Check Point delivers high detection and prevention rates when talking about suspicious and cyberattack types of activities.

How has it helped my organization?

Primarily, Check Point played a very vital role in protecting our whole network infrastructure. Having been able to implement such a solution will keep one's organization's security posture well guarded. The best part of Check Point NGFW's operational mechanisms were the Threat Extraction and Threat Emulation blades respectively. The former delivers documents with zero malware in zero seconds and the latter analyzes the original document in an isolated sandbox, identifying unknown threats. 

I'd recommend this kind of firewall for companies considering it since the detection rate for any cyberattacks/suspicious activity is very high (more than 90%).

What is most valuable?

Check Point NGFW has all the security blades a certain company would want to implement for a network firewall facing the public internet. The upsides of choosing this kind of firewall are traffic acceleration, core acceleration, and interface acceleration which would help in maintaining smooth sailing activity, giving administrators less dilemma. 

Administrators always find it hard and disturbing when such a network bottleneck occurs spontaneously out of nowhere. With that said, Check Point still ranks first among other vendors.

What needs improvement?

It would be best if the security management server console access is simpler for ease of management. System administrators find it really difficult for the management settings to incorporate easily. Most administrators nowadays are looking into something that offers easy access to a management console or GUI. 

I could not think of other areas for improvement. This is the firewall that I liked the most among other vendors in the market. It's by far the best firewall in the security industry.

For how long have I used the solution?

I've used the solution for three years already - since the start of my Network Security Engineer career.

What do I think about the stability of the solution?

Stability-wise, it is perfect! 

What do I think about the scalability of the solution?

When you perform sizing, make sure that the necessary scalability is considered. There's no going back when things like this are compromised.

How are customer service and support?

Lately, Check Point support is nowhere to be found.  We are always attending other customer sessions when, in fact, support is needed for a P1.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

Mostly, they are the Gartner leaders for NGFW. A switch was made when customers found the solution more secure per doing the proof of concept.

How was the initial setup?

I could say that it is complex even though they are already CCSE and Check Point Expert. There is no way I could find its management easy to use.

What about the implementation team?

We handled the setup in-house.

What's my experience with pricing, setup cost, and licensing?

That there is a money-back guarantee for their business. A business being secured is a business of high return.

Which other solutions did I evaluate?

There are a lot of evaluations to be done prior to choosing the solution. It caught the customer's attention when the threat extraction/emulation blade really did well during the proof of concept activity.

What other advice do I have?

So far I have mentioned all the things needed to be given importance with regard to an NGFW solution.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Amar Gadge - PeerSpot reviewer
Engineer Security Management at BT - British Telecom
MSP
Easy to set up, use, and upgrade
Pros and Cons
  • "We can build the new firewalls with minimum efforts."
  • "Pricing for the gateways is too high as compared to the other vendors."

What is our primary use case?

I have used this product in chemicals, insurance, and industrial sector companies.

The primary use case is to secure the inbound and outbound traffic and secure the DMZ servers. We use this solution for Remote access VPN (on smart view event can see reports more granular level) and IPSEC VPN for using the applications hosted on Public cloud and integrate the customer 3rd parties vendors. 

Using threat prevention helps in securing the customer environment from cyber attacks, ransomware, malwares etc. We use the Sandboxing features to protect the network from zero-day attacks

How has it helped my organization?

It improved the performance of the network on large scale. 

It's easy to use and configure. We can build the new firewalls with minimum effort. 

It's easy to upgrade the device. 

You can van view the device health on the smart view monitor and smart event monitor at a more granular level. We're achieving great performance using the latest quantum gateways. You can see the real-time logs on the management and also can configure the logging in redundancy mode. 

Using TCPDUMP, a firewall monitor, and firewall zdebug drop, you can troubleshoot the real-time issues.

What is most valuable?

We like the SecureXL, CoreXL, and Multi-que.  Using these features improved the performance of the gateway at a more granular level.

The Smart View Event monitor is great. You can see the real-time events on the firewall - including remote access VPN usage.

The smart licensing is great. It's easy to generate the license and apply it on the gateways.

The solution offers very good anti-virus and anti-spam capabilities. It's good security on the network.

Threat Prevention and Sandboxing are useful to have. We're protecting the network from zero-day vulnerabilities and securing the network from the latest cyberattacks.

What needs improvement?

Pricing for the gateways is too high as compared to the other vendors.

Whenever there is any issue comes checkpoint support ask to keep the gateway on the latest hotfix and OS which is difficult to roll out on all the gateways present in the customer environment.

For how long have I used the solution?

I am using this product for more than five years.

What do I think about the stability of the solution?

We can achieve great stability using Check Point Quantum Gateways which improves the performance of the network.

What do I think about the scalability of the solution?

We can achieve great scalability using Check Point Quantum Gateways.

Which solution did I use previously and why did I switch?

We did not use a different solution. 

How was the initial setup?

The initial setup is straightforward.

Which other solutions did I evaluate?

We did not evaluate other options.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1686129 - PeerSpot reviewer
Senior infrastructure technical lead at Westpac Bank
User
Super technical support, scalable, and has very useful dashboards
Pros and Cons
  • "Objects search and tracker logs are useful."
  • "The pricing could be better."

What is our primary use case?

The solution is primarily used for firewall protection for an enterprise environment, The Check Point firewalls are implemented on the perimeter (DMZ) and Secure Access Domain (SAD) environments. 

We use physical VSLS clusters but have many virtual systems (Vsys) configured for different sub purposes. The Entire management domain is protected by Check Point firewall virtuals running on multiple physical boxes.

We have multiple virtual routers configured on the physical firewalls which connect L3 connectivity to other domains. The Perimeter DMZ firewall protects the boundary zone Environments 

How has it helped my organization?

Check Point firewalls have helped our organization to securely promote the traffic flow in a secure way that is fast and swift.

There's faster identification of customer traffic issues identifies via a smart view tracker and centralized management of rules. It has an ease of access policy and a human-readable format.

We have multiple virtual routers configured on the physical firewalls which connect with L3 connectivity to other domains. The Perimeter DMZ firewall protects the boundary zone environments.

What is most valuable?

Dashboards for rules management and trackers for firewall logs capture are useful.

Traffic flow in Check Point is very structured so that it is easy to understand the path it checks to understand which elements come first and which elements come later.

The smart log compiles from multiple CMAs is an important feature that is very attractive. 

The MDM dashboard is very organized compared to other vendors. The use of CLI tools like TCPDUMP and FW monitor are very useful in verifying the traffic logs.

Objects search and tracker logs are useful.  

What needs improvement?

To combine CLI routing and GUI application in a way that both interact together would be ideal.

The pricing could be better. In general, the Check Point solutions are not cheap, however, you could try to negotiate on the overall contract, especially if you are purchasing a lot of hardware.

In the CLI, while viewing configs, there is no easy way to snapshot configs. 

For how long have I used the solution?

I've used the solution for more than 15 years.

What do I think about the stability of the solution?

The product is very stable.

What do I think about the scalability of the solution?

The solution is scalable.

How are customer service and support?

Technical support is super.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We switched from Cisco to Check Point. Cisco was CLI-based and cumbersome with rulesets.

How was the initial setup?

The setup is straightforward as there are many videos available on the net to practice with.

What about the implementation team?

We had vendor involvement.

What was our ROI?

It serves the purpose and primarly gets the best output.

What's my experience with pricing, setup cost, and licensing?

The pricing is high. In general, the Check Point solutions are not cheap, however, you could try to negotiate on the overall contract, especially if you are purchasing a lot of hardware.

Which other solutions did I evaluate?

Yes, the vendor ran through the options and based their decision on the company security standards.

What other advice do I have?

We are satisfied with the product and support.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Checkpoint firewall has helped organisation to securely promote the traffic flow in secure way that is fast and swift.
PeerSpot user
PeerSpot user
Network Security Administrator at a financial services firm with 10,001+ employees
Real User
Great protection, very stable, and offers excellent management
Pros and Cons
  • "The firewall rule writing and object creation are the best and simplest I've seen on a firewall."
  • "When we hit a bug, the support team recommends some hotfix, and if we upgrade to that, we have to uninstall it before we apply some newer jumbo hotfix."

What is our primary use case?

We are a financial institution and we use Check Point as a firewall that is positioned for external connections, like the Internet, leased lines, and site-to-site VPNs for other companies. Check Point protects our mobile applications connected to the internet, as well as the main company website. Some firewalls are positioned on some of our HQs.

We're on version R80.40 (some minor firewalls are on R80.30) and we use 13000, 23000, and 26000 series appliances. We use Application Control, Identity Awareness, IPS, URL Filtering, Anti-bot, Antivirus, Threat extraction, and Threat emulation blades.

How has it helped my organization?

I've been in the same company for 11 years, and Check Point has been running in a stable manner for our company's main internet connection (and 7 years before that).

It has protected our main applications successfully without any performance drops, and with its flawless logging capabilities, we were able to pinpoint any issues every time.

The management is also the best among any other firewall, with the convenience to create the objects and rules on the same page. This has helped us save time on operations. We can use APIs to create objects and rules to easily finish some projects.

What is most valuable?

The best features are the stability and the performance of the firewall and its software blades, simplicity to write the firewall rules on its GUI, and its logging capabilities.

The firewalls are working stably, without any interruptions. As we planned our capacity well, we've never had any performance issues.

The firewall rule writing and object creation are the best and simplest I've seen on a firewall (I've looked at 6 different vendors). I often wonder why the other vendors don't do it Check Point's way.

To see the logs, we can search like a search engine, and we can combine different search strings to pinpoint the interesting traffic.

What needs improvement?

The product can be improved with fewer hotfixes, and if more generally available jumbo hotfixes were used.

We don't often hit bugs. It's perfectly normal for an NGFW device as other vendors are always fixing bugs too. However, when we hit a bug, the support team recommends some hotfix, and if we upgrade to that, we have to uninstall it before we apply some newer jumbo hotfix. If those fixes were included in a fast manner in the jumbo hotfix (as jumbo hotfixes are tested thoroughly for general availability), it would be ideal.

For how long have I used the solution?

I've used the solution for 11 years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Real User
Good VPN and remote access functionality, efficient, and the logging works well
Pros and Cons
  • "Remote access with a secure workspace provides a clear separation between the client and corporate network."
  • "Interoperability with other vendors is not the strongest when it comes to setting up VPNs."

What is our primary use case?

Our primary use case is as a perimeter firewall for main and DR sites for a financial institution. It secures Internet access for users through IPS/AV/Threat Emulation/Application control and URL filtering with HTTPS inspection and geolocation restrictions. 

It secures our email and MDM solutions. 

We also use it to create site-to-site VPNs with vendors. Remote access is achieved through the use of a secure workspace and SSL network extender. Securing and inspecting HTTP traffic to our web servers is another important task. 

It secures several DMZs and segregates them from the rest of the network.

We use all of the security features available. 

How has it helped my organization?

It has helped us with controlling internet access, securing our external websites, and providing remote access that you can trust (secure workspace). The latter provides with a virtual Windows 7 desktop that only allowed apps can be initiated from. In our case, we launch RDP sessions from secure workspace. 

The latest version of the software is a big win overall, with major improvements in how the rulebase is scanned (it's not the top down classical rulebase checking, but a column based checking) and overall efficiency.

What is most valuable?

Remote access with a secure workspace provides a clear separation between the client and corporate network. 

Threat Emulation (sandboxing) is great for zero-day malware and it is easy to configure. 

Logging and administration are best-of-breed. You can quickly trace back on all sorts of logs in no time. 

IPS and AV rules are granular and specific for the rules that you need. 

The geolocation feature is good for dropping irrelevant traffic. 

Configuration through SMS is quick and easy. It eliminates administration errors while checking consistency before applying a policy.

What needs improvement?

I would like to have an improved secure workspace solution for remote access. I hear that the Apache Guacamole solution has been integrated into R81. 

The site-to-site VPN options are numerous, but they can get confusing. Interoperability with other vendors is not the strongest when it comes to setting up VPNs. It's totally different from any other VPN vendors I have come across. 

Improvements are needed in policy backups and reverting to the previous policy. This used to be better in R77.30. 

Policy installation tends to take a long time when the rule base increases in size, which can become frustrating. 

For how long have I used the solution?

I have been using Check Point NGFW for 10 years.

What do I think about the stability of the solution?

We have never had any unexpected crashes or issues.

What do I think about the scalability of the solution?

It should scale well as they now support more than 40 CPUs on a single system. 

How are customer service and technical support?

Our experience has been great, although we don't have direct support. This means that sometimes, it takes a while to get to the bottom of issues.

Which solution did I use previously and why did I switch?

Check Point is really the best NGFW I have come across and I have worked with many vendors including Cisco, Juniper, and FortiGate. It's a platform that a huge amount of research has gone into over the years. It has a great support community and clear guides to solve all sorts of problems and issues.

I didn't switch to Check Point, as it was always there. We haven't switched away from it over the past 10 years. 

How was the initial setup?

We always need some help on installs or major upgrades. 

What about the implementation team?

We have used several vendors and some are better than others. 

What was our ROI?

It is difficult to calculate ROI when it comes to security products. 

What's my experience with pricing, setup cost, and licensing?

The hardware cost is not huge, but you need to push for good pricing on software licensing and blades.

Which other solutions did I evaluate?

Check Point was implemented in the company before I arrived. 

What other advice do I have?

It's demanding for the administrator, as it takes years to get an in-depth knowledge of the platform. Otherwise, it is easy to use from day one.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.