Check Point NGFW Reviews

Our primary uses for the Check Point NGFW are network segmentation, identity awareness, and application control.

The most valuable features for us are identity awareness, IDS and IPS, and application control.

The speed of technical support is very slow and is something that should be improved.

We have been using Check Point firewalls for about 20 years.

There were times in the past when it wasn't as stable as it is now. However, with the current version, we have been running for the past year without any issues.

Our company has about 1,000 users that generate traffic that passes through the firewall. Beyond that, we haven't had much need to scale.

The technical support is very slow.

The two firewalls that we having implemented are Check Point and Fortinet.

I have also worked with Juniper but it does not have all of the advanced features that Check Point has, such as application control and identity awareness.

The initial setup is pretty simple. The amount of time required for deployment depends on the number of rules that need to be configured. The initial setup can be done in one day, and the post-setup configuration depends on the rules to be applied.

The initial setup was completed by a partner, who was a certified system integrator.

Our in-house team handles maintenance.

This product is not cheap and there are additional costs that depend on what model or package that you buy. If you need more features then you may have to buy additional modules. In our case, we knew what we wanted in advance so there were no additional costs.

Overall, I am pretty happy with Check Point firewalls. My advice for anybody who is implementing this product is to get somebody with experience to help choose the correct, stable version, and assist with the configuration. All of the new features take time to implement properly, but if the correct steps are followed then they won't run into problems when the system goes into production. 

I would rate this solution a nine out of ten.

We primarily use the solution as a firewall device and for our VPN.

It gives me very detailed reports. The endpoint solution for clients is wonderful.

We're looking at the endpoint because there are some smaller issues with internet connectivity within our country.

Although they have it now, we don't have a license for it, and I think mobile device security should be a standard feature. I cannot control someone bringing their device to my network and what they do.

Within the first four weeks, we had a few little issues with stability, consideration issues here and there. But the partner helped and gave direction that and now it's better. It's still under warranty so we are okay with it. We have about 250 users. We also have the administrative and the IT team in the company that manages different solutions.

We are definitely planning to increase the scale, especially the endpoint. The cost in comparison with the brand new addition will be okay.

Right now, the agreement we have is elaborate enterprise support. That means we are entitled to an engineer within 48 hours if we have issues that can't be resolved remotely. I've been satisfied with technical support so far.

We were using the Sonicwall NSG 3400. It's a good appliance, but the major problem is they don't have competent technical partners in Nigeria. So all our support was via email, phone, and remote. It wasn't very good which is why we had to change it. Sometimes our network went down and we had to start calling so that we can call on the device. They needed to have someone in Nigeria that could assist. That's why we had to leave it.

The initial setup was very straightforward. You can customize it and change it as you need. But the initial information is wonderful. Initial deployment took approximately two and a half days. Then, to complete everything took a week. Deployment took about 3-4 people.

We had a partner. A representative of Check Point came and did the implementation.

We pay a license fee on a three year basis. We have a three-year license. We pay $5,000-$6,000 a year.

I would advise anyone to try Check Point.

I would rate this solution 7.5 out of 10. I think they should make their licensing simpler.

I use the solution in my company for cybersecurity, securing perimeter networks, giving the user access to VPN, URL filtering, antivirus, sandblast, network segmentation, and monitoring purposes.

Regarding the benefits of using the tool, I would say we spend less time investigating security incidents because we have fewer of them to deal with because Check Point works quite well. The tool offers greater visibility when it comes to network traffic.

The solution's most valuable feature is its adaptability and configurable nature. The software's security posture, I would say, has reduced vulnerabilities than other vendors, and we value that greatly in our company.

The product's support is an area of concern where improvements are required. Sometimes, there are bugs in the software, and the speed at which the product resolves those bugs could be improved. The system is quite complex, and you need to be an expert to get the most benefits, making it an area where the tool could be improved.

It would be nice if Check Point could update its own agents, for example, VPN clients or identity clients. I think the product has a very large number of features.

The product's price is an area of concern, making it an area where I would like to see some improvements.

I have been using Check Point NGFW for a bit less than fifteen years. I use Check Point R81.20.

In the past three months, my company has had stability issues, but the impact was quite low, which is great because we have a cluster environment. When one node fails, the other one picks up the job. When changing from version to version, sometimes bugs show up that need to be resolved.

The tool allows you to add as many nodes as you like or can afford. If it is virtualized, you can also give it more resources.

In my company, I think we have four nodes, which are the main nodes, and then we have eight smaller regional nodes. We have around 260 users and 280 endpoints.

I rate the technical support a five or six out of ten.

Neutral

The product's initial setup phase was so long ago that I don't remember how it went. The product is not the most intuitive and easy to set up because of the large number of settings you can configure and the ways how you can configure those settings. Without an expert or consultant, I wouldn't recommend implementing the tool by yourself if you value your time and don't want a big downtime later.

The tool's ROI is almost impossible to calculate because it's a security product. If nothing happens, then you always feel like you are paying too much, but you don't know how the situation would change if you use cheaper firewalls and have to face a security breach.

The product's price is on the higher side but I also feel that it is more secure than the other solutions in the market.

In the past, my company had tested Fortinet and Sophos, but we did not migrate to them. Though the price of the firewalls from Fortinet and Sophos were better, from a security perspective, Check Point was better. In the recent years, there have been a lot of critical vulnerabilities detected in those firewalls and breaches because those vulnerabilities were detected and we didn't get them. So we value that greatly.

The tool requires maintenance. You need to update the product version. If we don't encounter any bugs in the installation process, I would say that the maintenance process is quite straightforward.

I recommend the tool to others. If you value your data and it is a mission-critical project, then Check Point is the right choice.

I rate the tool an eight out of ten.

We brought all of our cloud platforms to Microsoft Azure. We needed a tool that would give us the security of regulating access control so that we could monitor our environment in case something was penetrating our internal network.

This was the primary movement for which the Check Point NGFW tool was acquired since we needed our collaborators to have secure access to the company's resources and applications since this tool provides us with the alerts and corrections that must be made when finding a security breach in our environment.

Check Point NGFW also provides a great capacity of features that help us apply them to the organization. It has web filtering limited to third parties, SSL encryption, and the application's administration is very simple and centralized since it helps us a lot in reporting and generating alerts.

The organization needed a tool that would provide various security functionalities in the organization, and so far, Check Point NGFW has helped us a lot. It has helped us by applying access control policies and limiting access to third parties and only those who must enter the organization to use resources and applications.

The application behaved very well with the Azure resources in the cloud; it helped us to prevent several security holes found with web filtering and internal DDoS attack.

Check Point NGFW can quickly identify where the attacks are coming from, provides detailed and complete information on the attacks, and provides zero-day attacks in real-time.

One of the valuable characteristics of Check Point NGFW is that it presents very centralized management. Due to this, it's improved our security throughout the organization and outside of it. Many collaborators work from their homes or different places and help us filter, limit of access to packet inspection with flexibility and speed that was not previously possible.

Other characteristics are the records that it shows us and generates depending on its configuration and they are very visible to be able to attack and correct in time, or when superiors ask us for administrative information in that part it provides great value.

As such, the tool provides what is expected in its security functionality. However, some points must be improved, such as the latency in the GUI entry. It takes a while to register and allow access to the administrative panel.

Another point where customer service should be improved, both in the administrative and technical fields. Support cases have been generated several times, and it takes time for the case to be resolved. In addition to that, the solutions need to attend to us. It takes a long time to coordinate a call since they do not handle a comprehensive schedule.

This solution has been used for approximately one year in the company.

The stability of the tool is good. We have not presented any problem even when an update is made.

The scalability presented by the tool is very good and flexible.

The experience has not been very good. That is one of the points that must be improved.

Positive

There was no type of tool that would supply these qualities.

The configuration of the tool is very simple and quick to install.

The installation was done jointly with an engineer provided by the supplier, and his capacity was good.

The prices are competitive. However, it is worth making an investment since, in the future, the profit will be seen against any environmental attack.

Check Point manages a good cost in its products and it is worth making the investment since this can prevent a collapse in the organization.

Check Point was always our first option. With this type of solution, many security teams are from Check Point.

The tool behaves well. The only improvement that I have seen that is necessary is to improve the latency when entering the application and they must improve the support.

My primary use case of Check Point's firewalls is to provide in-depth network filtering with advanced threat prevention, which can be set up simply using autonomous threat prevention where the firewall learns about the environment and then actions threat prevention based upon that. The threat prevention can also be custom-built for your environment. 

I also use the Check Point Always On VPN for remote endpoints, which allows users to authenticate and connect to the VPN pre-login without any input from the users.

It has improved my organization due to the in-depth security it provides. Check Point has a lot of security-focused features that provide a great level of network security. It has improved the security posture of the organization due to the granularity that can be set in the policies, such as using access roles to set user-based access, and time-based rules to only apply a specific firewall rule at a specific time. It has also improved my organization because of the in-depth troubleshooting steps that are made available to the end user, meaning we can troubleshoot issues easily, and troubleshooting steps can get very advanced.

I have found the VPN and the application control/URL filtering the most valuable features. The main reason for this is that the VPN blade allows easy VPN setup between two VPN gateways, allowing for not only site-to-site VPNs but also for remote users to connect to the Check Point gateways. This feature is easy to set up. Also, users can troubleshoot the VPNs very in-depth.

The application control and URL filtering features are valuable since they allow very granular control of what is coming in and out of a network. Instead of just allowing certain Layer 4 ports in/out of the network, specific applications can be allowed, which not only can tighten a security posture. It makes administering the product easier as, when a new app is rolled out, it can simply be added to the policy.

One feature that could be improved is the internet object in the application control/URL filtering blade. In most deployments, this works as it says it will. However, the object is based on topology, not internet IP ranges. This means that in certain scenarios (and likely a non-standard deployment), the internet object can not refer to the internet. This can be bypassed by creating a networking group containing class A, B & C networks and using this in the policy, right-clicking the group and ticking 'negate.' 

Another improvement would be to improve the simplicity of deploying SAML as an authentication option when connecting using a remote access VPN. Check Point's deployment guide is very in-depth. However, the process could be simpler.

I've used the solution for three years.

The stability is very good.

The scalability is good.

Support is very good from Check Point.

Positive

The initial setup can be straightforward or complex depending on the complexity of the environment. Usually, it is fairly straightforward.

We implemented the solution in-house.

My company had the need to replace the existing firewall cluster of our data center, due to the end of support and end of life of the model. The choice of our next firewall depended on the following:

1) Ease of use

2) Ease of deployment

3)Centralized Management

4) Remote Access VPN Support

5) Strong Forums and Community

6) Strong Technical Support in case of any failure

7) Training of administrators via vendor certifications

8) Reporting capabilities for capacity planning

We have many site-to-site VPNs with our partners; they access our platform via site-to-site VPNs, remote access VPNs, and the internet.

With the outstanding capabilities of Check Point, we managed to have stable site-to-site VPNs with all our partners and with every other vendor's devices. The remote access capabilities and features are considered very strong, since the settings are excessive, and focused on each customer's need. 

The IPS engine and all threat prevention features are considered stable. Central management of every firewall spread all over the world is achieved by setting up an SMS server, which makes our lives easier.

SMS server is considered very valuable, as Central management of every firewall spread all over the world is achieved by setting it up.

Remote Access VPN is used by our company for work-from-home purposes of our employees and for partners that need to access our resources.

Reporting of network interface traffic is very valuable since capacity planning for the next quarter or year takes place, and provides us with valid data.

Firewall access rules contain the negative choice.

IPS engine protects our infrastructure from malicious events.

NAT counters, ACL Counters.

Monitoring of the site-to-site VPNs and administration of the site-to-site VPNs (bring tunnel down, bring tunnel up) should be improved, as this will make the troubleshooting process easier, if something goes wrong, in order to understand which side has the issue.

As a company, we have the need to pass traffic from one site to site VPN to another, and this is not achieved directly via ACL policies; we need to create another VS environment in order to achieve it.

SmartEvent Settings and Policy GUI, and the rest of external apps should be improved.

I've used the solution for three years.

This is the perimeter firewall and manages all security facing towards the internet,

It's a distributed solution composed of a Security Gateway and a Security Manager. It controls all the traffic from the LAN to the Internet and the VPN tunnels for connections with external partners. We control the traffic to the internet with blades as URL filtering to manage the bandwidth, limit the use of this resource, and apply the security policies as well as protect the LAN network against advanced threats from the internet to the servers and PCs. 

This solution applies NGFW features to the inside and outside traffic of the networks. The other options did not have sandboxing, reports, and the same advantages as Check Point.

We have a small firewall from another vendor. The solution is working with limitations, as it was designed with Check Point as a security solution for the perimeter with more security features for covering our network requirements and specifications and preventing advanced threats from the internet to our servers and PCs. 

The sandbox feature is great.

The Sandblast blade is a very powerful solution that works against archives infected with ransomware.

The anti-malware is quite effective as many applications can be infected with any kind of malware with the goal of interrupting the productivity of our work equipment.

The reporting is great.

With this solution, we have had many kinds of logs and a very friendly way to view them. Now can we know what is happening within the network's traffic.

The performance has been very good. 

This security solution has grown more options and has expanded slots, including RAM slots, Optical Fiber slots, and various other features.

The anti-spam needs improvement.

A weakness with the Check Point solutions is the anti-spam, as they have a partnership with some solutions for anti-spam. They should have their own solution. We have email provided through Office 365 and they have their own way to fight spam and, due to this, we haven't bothered looking into anti-spam options. That said, Check Point is the most adapted to our necessities.

I consider the price of this solution high. It is very good, however, the prices are high - it's like buying a car.

I've been using the solution since 2018.

We changed from an older solution as it worked for five years and was old. It wasn't equipped for the new generation threats.

The price should be considered, however, it shouldn't be the only reason you choose the solution, or not.

We also evaluated WatchGuard, Palo Alto, and FortiGate.

We primarily use the solution for central administration and management of a lot of locations worldwide. That's the main task for this solution for our Central IT Team. Central logging and troubleshooting are 2nd level topics that are great to handle with the SmartDashboard and other tools.

We started in the past with base features and checked the NGFW features. Application Control gives us the option to permit applications and not just some IP address lists. Before we had so much manual work for dealing with firewall rules.

For some topics, we've given the Service Desk permissions and it's working great.

We have so many standalone firewalls. The central management of Check Point with different sessions/permissions is great. We can administrate all topics smoothly. The Application Control brings us to the next level of controlling cloud apps and other stuff.

Anti-Bot and the IPS are good features to check/defend our servers and company. We can prevent servers easily for vulnerabilities from/to the public internet and we can see what traffic/actions is active on our lines. 

Our Security Operation Center is very happy about the solutions too due to the fact that they have so much transparency.

QoS, Anti-Bot, IPS, and Application Control are the main features we're using.

The QoS blade is very good for controlling traffic such as Windows patches, mail traffic and other stuff. In the past, sometimes we had no control and couldn't help when too much traffic had occurred.

Anti-Bot is great at preventing our clients and corporate network from calling the central control.

IPS is good in protecting our systems in DMZ zones when patching of servers sometimes can't be done.

Application control for controlling Cloud Apps like MS Teams, M365 Apps, or others, is perfect. Previously, we had only IP Lists for stuff like this.

Administration of the routing and system settings should be moved to the central dashboard. It's not good to go to all GAIA Interfaces to change settings there.

The client for the central tools is very big - maybe using web access in future releases, similar to other vendors should be possible.

The firmware for the Check Point Firewalls is very big. It takes a long time when we are using small lines for data transfers. Other vendors have updates lower than 100MB. For Check Point often we need a minimum of 2GB.

I've used the solution for nine years.

The scalability is great.

We previously used Watchguard. It was not so good with different vendors for some features.