Try our new research platform with insights from 80,000+ expert users
reviewer1721658 - PeerSpot reviewer
Network administrator at IHSS
User
Good security management with great anti-malware and a helpful sandbox feature
Pros and Cons
  • "The performance has been very good."
  • "The anti-spam needs improvement."

What is our primary use case?

This is the perimeter firewall and manages all security facing towards the internet,

It's a distributed solution composed of a Security Gateway and a Security Manager. It controls all the traffic from the LAN to the Internet and the VPN tunnels for connections with external partners. We control the traffic to the internet with blades as URL filtering to manage the bandwidth, limit the use of this resource, and apply the security policies as well as protect the LAN network against advanced threats from the internet to the servers and PCs. 

How has it helped my organization?

This solution applies NGFW features to the inside and outside traffic of the networks. The other options did not have sandboxing, reports, and the same advantages as Check Point.

We have a small firewall from another vendor. The solution is working with limitations, as it was designed with Check Point as a security solution for the perimeter with more security features for covering our network requirements and specifications and preventing advanced threats from the internet to our servers and PCs. 

What is most valuable?

The sandbox feature is great.

The Sandblast blade is a very powerful solution that works against archives infected with ransomware.

The anti-malware is quite effective as many applications can be infected with any kind of malware with the goal of interrupting the productivity of our work equipment.

The reporting is great.

With this solution, we have had many kinds of logs and a very friendly way to view them. Now can we know what is happening within the network's traffic.

The performance has been very good. 

This security solution has grown more options and has expanded slots, including RAM slots, Optical Fiber slots, and various other features.

What needs improvement?

The anti-spam needs improvement.

A weakness with the Check Point solutions is the anti-spam, as they have a partnership with some solutions for anti-spam. They should have their own solution. We have email provided through Office 365 and they have their own way to fight spam and, due to this, we haven't bothered looking into anti-spam options. That said, Check Point is the most adapted to our necessities.

I consider the price of this solution high. It is very good, however, the prices are high - it's like buying a car.

Buyer's Guide
Check Point NGFW
March 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.

For how long have I used the solution?

I've been using the solution since 2018.

Which solution did I use previously and why did I switch?

We changed from an older solution as it worked for five years and was old. It wasn't equipped for the new generation threats.

What's my experience with pricing, setup cost, and licensing?

The price should be considered, however, it shouldn't be the only reason you choose the solution, or not.

Which other solutions did I evaluate?

We also evaluated WatchGuard, Palo Alto, and FortiGate.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1694958 - PeerSpot reviewer
Service Manager Datacenter LAN at a manufacturing company with 10,001+ employees
User
Great Anti-Bot and application control features but administration of routing should be on the central dashboard
Pros and Cons
  • "The QoS blade is very good for controlling traffic such as Windows patches, mail traffic and other stuff."
  • "The client for the central tools is very big - maybe using web access in future releases, similar to other vendors should be possible."

What is our primary use case?

We primarily use the solution for central administration and management of a lot of locations worldwide. That's the main task for this solution for our Central IT Team. Central logging and troubleshooting are 2nd level topics that are great to handle with the SmartDashboard and other tools.

We started in the past with base features and checked the NGFW features. Application Control gives us the option to permit applications and not just some IP address lists. Before we had so much manual work for dealing with firewall rules.

For some topics, we've given the Service Desk permissions and it's working great.

How has it helped my organization?

We have so many standalone firewalls. The central management of Check Point with different sessions/permissions is great. We can administrate all topics smoothly. The Application Control brings us to the next level of controlling cloud apps and other stuff.

Anti-Bot and the IPS are good features to check/defend our servers and company. We can prevent servers easily for vulnerabilities from/to the public internet and we can see what traffic/actions is active on our lines. 

Our Security Operation Center is very happy about the solutions too due to the fact that they have so much transparency.

What is most valuable?

QoS, Anti-Bot, IPS, and Application Control are the main features we're using.

The QoS blade is very good for controlling traffic such as Windows patches, mail traffic and other stuff. In the past, sometimes we had no control and couldn't help when too much traffic had occurred.

Anti-Bot is great at preventing our clients and corporate network from calling the central control.

IPS is good in protecting our systems in DMZ zones when patching of servers sometimes can't be done.

Application control for controlling Cloud Apps like MS Teams, M365 Apps, or others, is perfect. Previously, we had only IP Lists for stuff like this.

What needs improvement?

Administration of the routing and system settings should be moved to the central dashboard. It's not good to go to all GAIA Interfaces to change settings there.

The client for the central tools is very big - maybe using web access in future releases, similar to other vendors should be possible.

The firmware for the Check Point Firewalls is very big. It takes a long time when we are using small lines for data transfers. Other vendors have updates lower than 100MB. For Check Point often we need a minimum of 2GB.

For how long have I used the solution?

I've used the solution for nine years.

What do I think about the scalability of the solution?

The scalability is great.

Which solution did I use previously and why did I switch?

We previously used Watchguard. It was not so good with different vendors for some features.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point NGFW
March 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
reviewer1536681 - PeerSpot reviewer
Network, Systems and Security Engineer at SOLTEL Group
Real User
Good support, provides deep packet inspection, and offers sandbox capabilities
Pros and Cons
  • "I think that the most valuable feature is the prevention of known and zero-day threats because they are constantly trying to access your company and compromise its data."
  • "Check Point products have many places that need to be improved, but they are constantly upgrading."

What is our primary use case?

Nowadays, there are many threats and it's necessary to have an automatic process to defend your organization. The Check Point NGFW is a good solution for this use case.

How has it helped my organization?

For my organization, CheckPoint NGFW helped us with enforcing threat prevention.

Threat prevention capabilities are a natural extension of next-generation firewalls' deep packet inspection capabilities. As the traffic passes through the device, they also inspect the traffic for known exploits of existing vulnerabilities (IPS).

Files can be sent off-device to be emulated in a virtual sandbox to detect malicious behavior, named sandbox security.

I think that the main benefit of an NGFW is the ability to safely enable the use of Internet applications that empower users to be more productive while blocking less desirable applications.

What is most valuable?

I think that the most valuable feature is the prevention of known and zero-day threats because they are constantly trying to access your company and compromise its data. It is very important to have your solution always update for this.

I think that another important feature is that it is a cloud solution. More and more companies have all of their systems in the cloud and the threats are pointing here.

The features that a next-generation firewall includes are application and user control, integrated intrusion prevention, advanced malware detection such as sandboxing, and leverages threat intelligence feeds.

What needs improvement?

Check Point products have many places that need to be improved, but they are constantly upgrading.

For how long have I used the solution?

I have been using Check Point NGFW since 2015.

How are customer service and technical support?

Check Point has a good support department and they are always ready to help you.

Which solution did I use previously and why did I switch?

Previously, I used Fortinet but Check Point provides us with more features.

I used this solution for the first time in 2015 when I worked for a local Internet Service Provider. At that point, I used the R77.30 console and I saw all of the good features that it provided.

Now, I use R80.30 in my current company and these products are the best in the market. This company is going to be at the forefront and you can complete your solution with other products in their portfolio.

How was the initial setup?

Today’s next-generation network firewall can be found deployed on-premises at the edge of enterprises and branch offices, on-premises at internal segment boundaries, in public clouds such as Amazon (AWS), Microsoft Azure, and the Google Cloud Platform. They are also deployed in private clouds.

What's my experience with pricing, setup cost, and licensing?

The licensing includes the cost of support.

Which other solutions did I evaluate?

We evaluated many others options including solutions by Fortinet, Palo Alto, SonicWall, etc.

We think that Check Point is the best because they are at the forefront.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1402668 - PeerSpot reviewer
Security Engineer at a tech services company with 1,001-5,000 employees
Real User
You only need to use one rule for both the DMZ and the Internet
Pros and Cons
  • "The Check Point API let me make 100 net rules in just 10 minutes, which saved us time."
  • "I would rate the technical support as a seven out of 10. Sometimes, it's difficult to get them to understand what the issue is. Sometimes, the issue is not resolved, then we solve it by ourselves with Check Point's documentation, which can be useful. When you open a case with Check Point, they can be a little slow. Sometimes, they don't solve things."

What is our primary use case?

I am using this solution for perimeter security in the company. Our firewall security is centralized under one management. Also, we use this firewall to manage some of the VPN clients and the employees' access across the company. 

Each firewall is capable of using the VPN client, but we only use two. We have five in total, but we only use two for these issues.

I am using the firmware version for the operating system. The blades are firewalled for IPS and mobile access.

How has it helped my organization?

Last year, we used the Check Point Identity Awareness Software Blade. Now, we only use a normal firewall with IP address rules, address destination, and services. Then, we can filter by users. So, my boss has access to these things by user. Even if it's connected with the Active Directory, we can filter by user name, or in this case by server name, and it works perfectly. This is very valuable for our company.

What is most valuable?

The most valuable features about Check Point are the API and automation process.

Using the GUI, you can add comments from your PC or the client server. If I want to check the firewall rules, I can send one line of command to determine if it is configured or not. 

Its implementation and integration with the rest of the network are better than its competitors.

What needs improvement?

The stability needs improvement for its version releases. They have a feature called Inline Layer as part of the R80.10 release. In the last version, it still had bugs and is not working very well. I would like the developers to release a version that is more stable, because if you start to use the latest release and try to use this newest feature, I'm not 100 percent sure that it will work very well. After six months of development, it might start working better. However, at the beginning, it's not a good choice to implement in your company with your first attempt. But one or two releases later, it might be better. 

If you only have one vendor and they are downgraded or no longer a leader in their industry, then you need to change the entire solution, making it more expensive. For example, Check Point's components are not interchangeable with other vendors.

For how long have I used the solution?

Around four years.

What do I think about the stability of the solution?

The stability of the firewall is nice if you use the legacy mode, because the new mode is not good. Things worked in version 77, which is older. It was more stable. When they jumped from version 77 to 88, sometimes things didn't work that used to work in the earlier version.

What do I think about the scalability of the solution?

The scalability of the firewall depends on the model. In terms of the implementation, it's really easy.

We have about 25 users for the entire solution. We have two engineers who work on deployments and implementation. We have another 18 engineers who do support and operations. They have responsibility to monitor the firewall 24/7.

It protects the core network and ISP: the routing, switching, and APM backbone. This is around 8,000 pieces of equipment. 

We don't have plans to increase our usage right now.

How are customer service and technical support?

I would rate the technical support as a seven out of 10. Sometimes, it's difficult to get them to understand what the issue is. Sometimes, the issue is not resolved, then we solve it by ourselves with Check Point's documentation, which can be useful. When you open a case with Check Point, they can be a little slow. Sometimes, they don't solve things.

Which solution did I use previously and why did I switch?

In the beginning, we used Fortinet, Juniper, and Cisco. Now, we only use Check Point for firewalls. 

Last year, we changed the Fortinet firewall to the Check Point firewall. The Check Point API let me make 100 net rules in just 10 minutes, which saved us time.

The administration is awful in Fortinet. They have the FortiGate portal on an HTTP portal. Therefore, if you want to make a change, you can make a change. But if you do the change, then it's directly applied on the network, and we don't want to do that. We configure and change the policy and routing. We only apply the changes in the night. However, with Fortinet, you need to configure and apply the changes at the same time. So, it's not useful for our operations.

With Fortinet, you need to duplicate the rules from the DMZ to the Internet and the Internet to the DMZ. In Check Point, you only use one rule, which works on both sites.

How was the initial setup?

The initial setup is really easy. You can do it in 30 minutes. Setting up an environment for a firewall and its management with a licensed demo took me an hour last week, and that includes the time for configuring the rules. The whole installation is 30 minutes and the configuration is another 30 minutes.

If you are implementing from another vendor, Check Point has a program called SmartMove. Then, all you need is the configuration of the previous firewall. Once you do some optimization, then you are ready for the integration. This might take a month overall.

What about the implementation team?

We consulted with one partner of Check Point, who is our provider. If the issue is really big, then we open a case with Check Point directly via the partner. My experience with them was really nice. It was the best experience that I had ever had.

They have amazing engineers. Their expertise is unbelievable. They do integrations really well. They could improve on routing and networking, but the product is what is important for me. 

What was our ROI?

The firewall is only for protection. It is not used to sell services.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing are expensive. If you compare it with Fortinet, then it is cheaper on a yearly basis. However, Check Point is the most expensive firewall right now in terms of licenses and its appliance. My recommendation is if you want a long-term investment, then you should use an open server. If you use an open server, then the latency is really low. If you pay for a full appliance, it's more expensive.

Which other solutions did I evaluate?

Check Point's web administration is not complete. If you compare it to Fortinet's web administration, Check Point's web administration is not nice. However, Check Point's full solution, including SmartConsole, is better than Fortinet's solution.

What other advice do I have?

If you use Apple computers or Linux, the product may not be a good choice for you.

I would rate the solution as a seven point eight out of 10. They can improve some things. They can make it more flexible in terms of its software. It is a good solution, and I like it. For me, it's the best firewall solution.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer1026111 - PeerSpot reviewer
IT Security Manager at a retailer with 10,001+ employees
Real User
Enables us to deploy complex changes from a single management interface and get better visibility
Pros and Cons
  • "Check Point is able to satisfy almost any security tool for enterprise clients. This allows us to deploy complex changes from a single management interface, get better visibility, and significantly reduce operational complexity."
  • "I would like to see an improvement of built-in monitoring capabilities such as throughput. Practically visualization of CPview outputs into beautiful pink GUI will do it."

What is our primary use case?

*Perimeter Firewalls - to protect regional hubs and local offices from public space and provide L3-L7 filtering

*Internal Segmentation Firewalls - to secure company's internal network from movement of malicious actors and reduce traffic flows only to authorised ones

*Public and Private Cloud - to secure hybrid environment either onprem or in the cloud while achieving micro segmentation per host

*Cloud Compliance - to get a visibility into cloud environment and and related vulnerabilities 

*Data Center

*SaaS

How has it helped my organization?

Check Point is able to satisfy almost any security tool for enterprise clients. This allows us to deploy complex changes from a single management interface, get better visibility, and significantly reduce operational complexity.

I have to emphasize the value of Diamond support here where most senior engineers can provide great support with any challenges. Thinking out of the box, sense of responsibility, professionalism and much more - such an attitude helps to provide resolution to any crisis in the shortest term

What is most valuable?

With the new capabilities embedded into R80.XX flavor it is possible to achieve great flexibility while defining your security policy. It is possible to utilize a variety of objects to define static or dynamic criteria for inspection and reduce general rule base size and complexity, while not giving up on security

The security research team is doing a great job staying on top of ongoing threats and releasing fixes for ongoing attacks within days or sometimes hours.

Check Point always actively listens to its customers trying to identify emerging needs and satisfy them pro-actively

What needs improvement?

I would like to see an improvement of built-in monitoring capabilities such as throughput. Practically visualization of CPview outputs into beautiful pink GUI will do it. 

The monitoring of scalable solutions is quite tricky, but it could be relevant for all vendors who possess the same technology.

IPS fine-tuning may require some time to understand the interrelation between IPS protections, core Protections and other IPS profile elements. But in general, Check Point is on the way of great simplification of TP management

For how long have I used the solution?

Check Point products are being in use for the last 6 years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Manager, Information Technology at a financial services firm with 10,001+ employees
Real User
We can add application signature in the same rule base & don't have to create a different policy for that
Pros and Cons
  • "Now we can add application signature in the same rule base & don't have to create a different policy for that."
  • "They should integrate all blades to use a single policy rather than multiple."

What is our primary use case?

The firewall is the primary use case of this solution & IPS is secondary use case of the solutions.

We are looking forward to Sandblast solutions.

We also use it for cloud expansions 

The Check Point NGFWs brought up the security level with the help of the advanced software blades - we use Application Control, URL Filtering, IPS, Anti-Bot, and Antivirus. The setup was simple, and the performance is great - we have significant resources to expand the environment in the future without disabling any blades and thus maintaining the security on the same, high level.

How has it helped my organization?

It has improved the security posture of the organization by implementing this solution.

Now we can add application signature in the same rule base & don't have to create a different policy for that.

Advanced networking and routing features - we use Proxy ARP to announced virtual IPs to ISP and bing domain names to it; BGP for dynamic routing over IPSec VPN tunnels to other environments, and Policy-Based Routing for connecting to two ISPs.

What is most valuable?

  • Easiness while working on all blade of firewalls 
  • Flexibility in NAT rules 
  • The new Policy Layers feature for building up the Access Control policy - the rules are now more understandable and efficient.
  • Also, even so, the new SmartConsole is declared to be unified starting from version R80.10, there are still some features that have to be configured in the old SmartDashboard (e.g. Mobile Access policy and Antivirus), or on the Gaia OS level (all the routing features).

What needs improvement?

  • Offline Sandblast solution, which should send malicious sources to other security solutions.
  • TAC Support level to be enhanced 
  • More details to be included while VPN troubleshooting, using GUI representation 
  • Integrate all blades to use a single policy rather than multiple.

For how long have I used the solution?

I have been using Check Point for more than 14 years.

Which solution did I use previously and why did I switch?

We are using Palo Alto and Check together.

What's my experience with pricing, setup cost, and licensing?

Cost is negotiable always & matches the expectations and licences are flexible and are added advantage. 

Which other solutions did I evaluate?

We evaluated other solutions.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Mohit Shah - PeerSpot reviewer
Network Security Engineer at Digitaltrack
User
Top 10
Helps prevents phishing, ransomware, and zero-day attacks
Pros and Cons
  • "The thing I like about this product is its capability of auto NAT and auto zone detection."
  • "Service support can be improved."

What is our primary use case?

The primary use case of this solution is to protect the organization's LAN network from cyber threats.

How has it helped my organization?

With the help of Check Point NGFW, we are able to prevent attacks like phishing, ransomware, zero-day attacks, malware, etc.

What is most valuable?

The thing I like about this product is its capability of auto NAT and auto zone detection.

What needs improvement?

Service support can be improved.

For how long have I used the solution?

I've been using the solution for the last year. 

What do I think about the stability of the solution?

The stability is the best.

What do I think about the scalability of the solution?

The scalability is good.

How are customer service and support?

Customer service and support can be improved.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

No, I did not use a different solution. 

How was the initial setup?

The initial setup is easy.

What about the implementation team?

We implemented it through our in-house team.

What's my experience with pricing, setup cost, and licensing?

For the current market situation setup cost, pricing, and licensing look fine.

Which other solutions did I evaluate?

No, I did not evaluate other options.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
reviewer2335599 - PeerSpot reviewer
Chief Information Security Officer at a consultancy with 1-10 employees
Real User
Top 10
Safeguards networks against a wide range of cyber threats with its robust security features, advanced threat prevention and centralized management
Pros and Cons
  • "Extracting data from the logs and utilizing the log analyzer tool provides valuable insights and enhances the product's overall effectiveness."
  • "Scalability should be improved."

What is our primary use case?

It can function as either a standalone appliance or as part of a clustered solution, offering flexibility to suit the needs of various customers, ranging from small businesses to large enterprises. We have experience working with a diverse clientele across different industries, leveraging Check Point's solutions to provide comprehensive network security tailored to each organization's requirements.

What is most valuable?

Extracting data from the logs and utilizing the log analyzer tool provides valuable insights and enhances the product's overall effectiveness.

What needs improvement?

Managing a smaller number of firewalls is straightforward, but as the scale increases, especially with numerous firewall instances, the complexity grows significantly. Scalability should be improved.

For how long have I used the solution?

I have been working with it for twenty years.

What do I think about the stability of the solution?

It offers good stability capabilities.

What do I think about the scalability of the solution?

We've encountered challenges related to scalability, particularly with its performance slowing down as the volume of objects in the network grows.

How are customer service and support?

While most engineers are typically responsive, there may be variations in their availability and response times. I would rate its customer service and support eight out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I also work with Fortinet, and I find it preferable because it offers a wider range of options. Additionally, its integrated package functions exceptionally well, with seamless coordination between services.

How was the initial setup?

The initial setup process is typically straightforward for most customers. However, when comparing Check Point with other solutions like FortiGate, there's a notable difference in how policy rules are implemented. With Check Point, you need to install the entire policy each time you want to make changes, whereas FortiGate allows for more streamlined updates by simply accepting the modifications. This can sometimes add complexity to installing a new policy with Check Point.

What about the implementation team?

The deployment time varies depending on the scale of the project. For small cases, it may only take a couple of minutes, while larger-scale deployments can span up to a month. Having a skilled engineer is crucial; one proficient engineer can handle the job effectively. Maintenance is relatively straightforward.

What's my experience with pricing, setup cost, and licensing?

While it may be slightly more expensive, when compared with competition it is reasonable. Licenses are renewed annually.

What other advice do I have?

Overall, I would rate it nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Consultant
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.