Check Point NGFW Reviews

The role NGFW plays is to protect the organization against Layer 7 network attacks.

The solution has helped us to guard our perimeter security on a wider level. This is not like plain vanilla firewall. We have got a wider visibility with the help of this next-generation firewall; it shows us the traffic flowing across the network and based upon that, we have made the modifications required to restrict access.

Also, the active cluster module has helped us to balance the load during peak hours. Since moving to the active-active module, we have got the much-needed breathing space.

It has helped us to inspect traffic, not only with a limited protocol base but on the application/service level inspection too.

The service base access policy has provided us with a next-level restriction, which wasn't there on old school firewalls.

The integrated threat & anti-bot blade gives us protection from zero-day attacks and these can be blocked using analysis & signature matching.

The integrated intrusion prevention blade not only gives an additional level of security but also cuts down the load to manage an extra device.

The threat emulation blade and user identity awareness feature has helped us a lot in terms of perimeter security and have given us granular visibility of user access.

The integration with third-party vendors is quite easy and well defined, which really helps you with the automation.

The integration of gateways with a centralized managed server gives you full control in a single place.

The setup and implementation are quite easy and the logs and reports are elaborative and effective for securing the network.

The one area that I would like to see a change in is policy installation. Right now, with a larger user database and a high number of rules, it takes a bit of time for policy installation. There is definitely some improvement in the R80 version; however, I believe that it should not take more than one minute to refresh the database. Also, there is a significant spike in gateway resource utilization during policy installation. 

The additional blades have an impact on resource utilization, hence scope of improvement is needed here too.

I am using Check Point NGFW for the past five to six years for perimeter & internal security.

The solution is quite stable, however some issues also observed in new version release & same is fixed through hotfix/portfix once it is highlighted to the TAC 

The new hyperscale module gives you the much-needed breathing space, which the industry was looking at for quite a long time.

When it comes to technical support, Check Point is on another level. The support engineers are very well versed with the solution they are managing.

The initial setup & integration was quite easy, and the support during migration was outstanding.

It was a collaborative effort of our in-house and vendor teams. The support was good & quite appreciable.

It's good & the same as expected.

We have two clusters. We are using them as both perimeter firewalls and data center firewalls.

In the past few years, we encountered attempted attacks on our company and we succeeded in finding that we were those attacks, or that some user or workstation was communicating with malicious sites. Without the Check Point Next Generation Firewall, we wouldn't have had the tools to identify these things and to remediate the problems.

A firewall is a firewall. It's a Layer 4 machine that blocks or allows traffic for ports. That's the basics and we don't need a next-generation firewall for that. But the features that are important include:

• IPS
• sandbox
• SandBlast
• Anti-Bot
• URL filtering.

A basic firewall is a basic firewall. You don't need Check Point and you don't need Palo Alto or the other vendors to block ports from source to destination. But we need the advanced features of this product to give us the visibility into, and the security and protection from, scenarios that are not the usual source-to-destination attacks. The solution needs to understand what the connection is, what the behavior of the connection is, and what the reason for the connection is. It can't be a stupid machine. It needs to know that if you're allowing port 53 from source to destination, that it has to check and give us the information that this communication is legitimate, and not something that is malicious.

We just upgraded to the latest software version of Check Point so we have a lot of new stuff to learn. The older version had a little bit of a problem with identity awareness and with HTTPS inspection with the visibility of the logs, and the implementing of rules. But as far as I can see now, with the new version, most of the problems were fixed.

In terms of new features, maybe it would help if we could start to manage all the stuff in the cloud and not in the on-prem servers. The management side could also be faster when you install policies. But other than that, I'm satisfied.

I've used Check Point NGFW firewalls for more than eight years.

In all the time I've been using Check Point there have been no major issues or problems. It's a very stable environment and a very stable solution, in my experience.

We have around 600 to 700 endpoints, workstations, points of sale, and mobile devices. We also have about 200 servers, a WiFi environment, and a networking environment that is not small. We have implemented it 100 percent but, because of the Coronavirus, the company itself is not 100 percent capacity.

For now, we have implemented everything that we wanted and the firewalls are working 100 percent. There are no plans in the near future to grow. Of course, if everything goes back to normal, maybe we will grow.

There are no problems for us in terms of scalability because we're not working at full capacity. We designed the new solution to give us the resources that meet our needs for the moment and for the future. There is no problem with scalability and we can add new firewalls, or replace what we have with bigger firewalls. Everything is okay in terms of scalability from our side.

We continue using our partner for resolving problems and doing the changes that we need. That is the way that most vendors are working. First of all you need a partner and then the partner will open up a case with Check Point.

But one of the best things about working with Check Point, especially here in Israel, is that there is a direct line to the support, because we have such a good relationship with them, to speed things up.

The support is fast, professional, and thorough. Those are the most important things when you have a problem. If we need to call for support from either our partner or Check Point, we get a quick response and, usually, a fast resolution of the problem.

We migrated from Check Point to Check Point

It was really pretty straight forward because we upgraded from an older Check Point product. The installation and the assimilation of the new firewall was very quick with almost no downtime and almost no problems.

We deployed four firewalls in two clusters and, all in all, it took about one day of work; half a day for each side. That includes the installation, the configuration, and the exporting of the configuration from the old system and, of course, all the fixes and patches.

On our side there was one person involved in the initial setup, just to make sure that everything was going okay and, after the installation, to do all the checks and verify that everything was working fine and as needed.

We deployed it with the help of a partner, called Spider Solutions, here in Israel. Our experience with them was good. The technician that came here to install the firewalls was professional and thorough. Everything went according to plan, with no issues.

The whole initial setup was done by the partner and our role was more oversight to see that everything was okay and to give the information that was needed to proceed.

The pricing in this category is a jungle, but Check Point was very competitive. They were very forthcoming and agile for our budget needs.

I have checked a few other vendors and solutions but, in the end, Check Point is the best candidate for our organization. That's true technology-wise and because of the support. Because Check Point is an Israeli company, it's very easy to get help very fast. We speak the same language and that helps as well. Doing support in Hebrew is very helpful for us. 

Other vendors were either more expensive or, to get some of the features, we would have had to upgrade to a bigger, stronger, and more expensive machine. But with Check Point, that wasn't the case.

Check this solution and see how it fits with your organization. See how easily you can manage and control the environment. The visibility and the management provided by the product is one of the most important things, other than the security features that the product has. And check the sizing carefully. Check that the machines you're going to buy are sufficient for your current needs and the future needs of your organization.

Our primary uses for the Check Point NGFW are network segmentation, identity awareness, and application control.

The most valuable features for us are identity awareness, IDS and IPS, and application control.

The speed of technical support is very slow and is something that should be improved.

We have been using Check Point firewalls for about 20 years.

There were times in the past when it wasn't as stable as it is now. However, with the current version, we have been running for the past year without any issues.

Our company has about 1,000 users that generate traffic that passes through the firewall. Beyond that, we haven't had much need to scale.

The technical support is very slow.

The two firewalls that we having implemented are Check Point and Fortinet.

I have also worked with Juniper but it does not have all of the advanced features that Check Point has, such as application control and identity awareness.

The initial setup is pretty simple. The amount of time required for deployment depends on the number of rules that need to be configured. The initial setup can be done in one day, and the post-setup configuration depends on the rules to be applied.

The initial setup was completed by a partner, who was a certified system integrator.

Our in-house team handles maintenance.

This product is not cheap and there are additional costs that depend on what model or package that you buy. If you need more features then you may have to buy additional modules. In our case, we knew what we wanted in advance so there were no additional costs.

Overall, I am pretty happy with Check Point firewalls. My advice for anybody who is implementing this product is to get somebody with experience to help choose the correct, stable version, and assist with the configuration. All of the new features take time to implement properly, but if the correct steps are followed then they won't run into problems when the system goes into production. 

I would rate this solution a nine out of ten.

We primarily use the solution as a firewall device and for our VPN.

It gives me very detailed reports. The endpoint solution for clients is wonderful.

We're looking at the endpoint because there are some smaller issues with internet connectivity within our country.

Although they have it now, we don't have a license for it, and I think mobile device security should be a standard feature. I cannot control someone bringing their device to my network and what they do.

Within the first four weeks, we had a few little issues with stability, consideration issues here and there. But the partner helped and gave direction that and now it's better. It's still under warranty so we are okay with it. We have about 250 users. We also have the administrative and the IT team in the company that manages different solutions.

We are definitely planning to increase the scale, especially the endpoint. The cost in comparison with the brand new addition will be okay.

Right now, the agreement we have is elaborate enterprise support. That means we are entitled to an engineer within 48 hours if we have issues that can't be resolved remotely. I've been satisfied with technical support so far.

We were using the Sonicwall NSG 3400. It's a good appliance, but the major problem is they don't have competent technical partners in Nigeria. So all our support was via email, phone, and remote. It wasn't very good which is why we had to change it. Sometimes our network went down and we had to start calling so that we can call on the device. They needed to have someone in Nigeria that could assist. That's why we had to leave it.

The initial setup was very straightforward. You can customize it and change it as you need. But the initial information is wonderful. Initial deployment took approximately two and a half days. Then, to complete everything took a week. Deployment took about 3-4 people.

We had a partner. A representative of Check Point came and did the implementation.

We pay a license fee on a three year basis. We have a three-year license. We pay $5,000-$6,000 a year.

I would advise anyone to try Check Point.

I would rate this solution 7.5 out of 10. I think they should make their licensing simpler.

I use the solution in my company for cybersecurity, securing perimeter networks, giving the user access to VPN, URL filtering, antivirus, sandblast, network segmentation, and monitoring purposes.

Regarding the benefits of using the tool, I would say we spend less time investigating security incidents because we have fewer of them to deal with because Check Point works quite well. The tool offers greater visibility when it comes to network traffic.

The solution's most valuable feature is its adaptability and configurable nature. The software's security posture, I would say, has reduced vulnerabilities than other vendors, and we value that greatly in our company.

The product's support is an area of concern where improvements are required. Sometimes, there are bugs in the software, and the speed at which the product resolves those bugs could be improved. The system is quite complex, and you need to be an expert to get the most benefits, making it an area where the tool could be improved.

It would be nice if Check Point could update its own agents, for example, VPN clients or identity clients. I think the product has a very large number of features.

The product's price is an area of concern, making it an area where I would like to see some improvements.

I have been using Check Point NGFW for a bit less than fifteen years. I use Check Point R81.20.

In the past three months, my company has had stability issues, but the impact was quite low, which is great because we have a cluster environment. When one node fails, the other one picks up the job. When changing from version to version, sometimes bugs show up that need to be resolved.

The tool allows you to add as many nodes as you like or can afford. If it is virtualized, you can also give it more resources.

In my company, I think we have four nodes, which are the main nodes, and then we have eight smaller regional nodes. We have around 260 users and 280 endpoints.

I rate the technical support a five or six out of ten.

Neutral

The product's initial setup phase was so long ago that I don't remember how it went. The product is not the most intuitive and easy to set up because of the large number of settings you can configure and the ways how you can configure those settings. Without an expert or consultant, I wouldn't recommend implementing the tool by yourself if you value your time and don't want a big downtime later.

The tool's ROI is almost impossible to calculate because it's a security product. If nothing happens, then you always feel like you are paying too much, but you don't know how the situation would change if you use cheaper firewalls and have to face a security breach.

The product's price is on the higher side but I also feel that it is more secure than the other solutions in the market.

In the past, my company had tested Fortinet and Sophos, but we did not migrate to them. Though the price of the firewalls from Fortinet and Sophos were better, from a security perspective, Check Point was better. In the recent years, there have been a lot of critical vulnerabilities detected in those firewalls and breaches because those vulnerabilities were detected and we didn't get them. So we value that greatly.

The tool requires maintenance. You need to update the product version. If we don't encounter any bugs in the installation process, I would say that the maintenance process is quite straightforward.

I recommend the tool to others. If you value your data and it is a mission-critical project, then Check Point is the right choice.

I rate the tool an eight out of ten.

We brought all of our cloud platforms to Microsoft Azure. We needed a tool that would give us the security of regulating access control so that we could monitor our environment in case something was penetrating our internal network.

This was the primary movement for which the Check Point NGFW tool was acquired since we needed our collaborators to have secure access to the company's resources and applications since this tool provides us with the alerts and corrections that must be made when finding a security breach in our environment.

Check Point NGFW also provides a great capacity of features that help us apply them to the organization. It has web filtering limited to third parties, SSL encryption, and the application's administration is very simple and centralized since it helps us a lot in reporting and generating alerts.

The organization needed a tool that would provide various security functionalities in the organization, and so far, Check Point NGFW has helped us a lot. It has helped us by applying access control policies and limiting access to third parties and only those who must enter the organization to use resources and applications.

The application behaved very well with the Azure resources in the cloud; it helped us to prevent several security holes found with web filtering and internal DDoS attack.

Check Point NGFW can quickly identify where the attacks are coming from, provides detailed and complete information on the attacks, and provides zero-day attacks in real-time.

One of the valuable characteristics of Check Point NGFW is that it presents very centralized management. Due to this, it's improved our security throughout the organization and outside of it. Many collaborators work from their homes or different places and help us filter, limit of access to packet inspection with flexibility and speed that was not previously possible.

Other characteristics are the records that it shows us and generates depending on its configuration and they are very visible to be able to attack and correct in time, or when superiors ask us for administrative information in that part it provides great value.

As such, the tool provides what is expected in its security functionality. However, some points must be improved, such as the latency in the GUI entry. It takes a while to register and allow access to the administrative panel.

Another point where customer service should be improved, both in the administrative and technical fields. Support cases have been generated several times, and it takes time for the case to be resolved. In addition to that, the solutions need to attend to us. It takes a long time to coordinate a call since they do not handle a comprehensive schedule.

This solution has been used for approximately one year in the company.

The stability of the tool is good. We have not presented any problem even when an update is made.

The scalability presented by the tool is very good and flexible.

The experience has not been very good. That is one of the points that must be improved.

Positive

There was no type of tool that would supply these qualities.

The configuration of the tool is very simple and quick to install.

The installation was done jointly with an engineer provided by the supplier, and his capacity was good.

The prices are competitive. However, it is worth making an investment since, in the future, the profit will be seen against any environmental attack.

Check Point manages a good cost in its products and it is worth making the investment since this can prevent a collapse in the organization.

Check Point was always our first option. With this type of solution, many security teams are from Check Point.

The tool behaves well. The only improvement that I have seen that is necessary is to improve the latency when entering the application and they must improve the support.

My primary use case of Check Point's firewalls is to provide in-depth network filtering with advanced threat prevention, which can be set up simply using autonomous threat prevention where the firewall learns about the environment and then actions threat prevention based upon that. The threat prevention can also be custom-built for your environment. 

I also use the Check Point Always On VPN for remote endpoints, which allows users to authenticate and connect to the VPN pre-login without any input from the users.

It has improved my organization due to the in-depth security it provides. Check Point has a lot of security-focused features that provide a great level of network security. It has improved the security posture of the organization due to the granularity that can be set in the policies, such as using access roles to set user-based access, and time-based rules to only apply a specific firewall rule at a specific time. It has also improved my organization because of the in-depth troubleshooting steps that are made available to the end user, meaning we can troubleshoot issues easily, and troubleshooting steps can get very advanced.

I have found the VPN and the application control/URL filtering the most valuable features. The main reason for this is that the VPN blade allows easy VPN setup between two VPN gateways, allowing for not only site-to-site VPNs but also for remote users to connect to the Check Point gateways. This feature is easy to set up. Also, users can troubleshoot the VPNs very in-depth.

The application control and URL filtering features are valuable since they allow very granular control of what is coming in and out of a network. Instead of just allowing certain Layer 4 ports in/out of the network, specific applications can be allowed, which not only can tighten a security posture. It makes administering the product easier as, when a new app is rolled out, it can simply be added to the policy.

One feature that could be improved is the internet object in the application control/URL filtering blade. In most deployments, this works as it says it will. However, the object is based on topology, not internet IP ranges. This means that in certain scenarios (and likely a non-standard deployment), the internet object can not refer to the internet. This can be bypassed by creating a networking group containing class A, B & C networks and using this in the policy, right-clicking the group and ticking 'negate.' 

Another improvement would be to improve the simplicity of deploying SAML as an authentication option when connecting using a remote access VPN. Check Point's deployment guide is very in-depth. However, the process could be simpler.

I've used the solution for three years.

The stability is very good.

The scalability is good.

Support is very good from Check Point.

Positive

The initial setup can be straightforward or complex depending on the complexity of the environment. Usually, it is fairly straightforward.

We implemented the solution in-house.

My company had the need to replace the existing firewall cluster of our data center, due to the end of support and end of life of the model. The choice of our next firewall depended on the following:

1) Ease of use

2) Ease of deployment

3)Centralized Management

4) Remote Access VPN Support

5) Strong Forums and Community

6) Strong Technical Support in case of any failure

7) Training of administrators via vendor certifications

8) Reporting capabilities for capacity planning

We have many site-to-site VPNs with our partners; they access our platform via site-to-site VPNs, remote access VPNs, and the internet.

With the outstanding capabilities of Check Point, we managed to have stable site-to-site VPNs with all our partners and with every other vendor's devices. The remote access capabilities and features are considered very strong, since the settings are excessive, and focused on each customer's need. 

The IPS engine and all threat prevention features are considered stable. Central management of every firewall spread all over the world is achieved by setting up an SMS server, which makes our lives easier.

SMS server is considered very valuable, as Central management of every firewall spread all over the world is achieved by setting it up.

Remote Access VPN is used by our company for work-from-home purposes of our employees and for partners that need to access our resources.

Reporting of network interface traffic is very valuable since capacity planning for the next quarter or year takes place, and provides us with valid data.

Firewall access rules contain the negative choice.

IPS engine protects our infrastructure from malicious events.

NAT counters, ACL Counters.

Monitoring of the site-to-site VPNs and administration of the site-to-site VPNs (bring tunnel down, bring tunnel up) should be improved, as this will make the troubleshooting process easier, if something goes wrong, in order to understand which side has the issue.

As a company, we have the need to pass traffic from one site to site VPN to another, and this is not achieved directly via ACL policies; we need to create another VS environment in order to achieve it.

SmartEvent Settings and Policy GUI, and the rest of external apps should be improved.

I've used the solution for three years.