Check Point NGFW Reviews

Nowadays, there are many threats and it's necessary to have an automatic process to defend your organization. The Check Point NGFW is a good solution for this use case.

For my organization, CheckPoint NGFW helped us with enforcing threat prevention.

Threat prevention capabilities are a natural extension of next-generation firewalls' deep packet inspection capabilities. As the traffic passes through the device, they also inspect the traffic for known exploits of existing vulnerabilities (IPS).

Files can be sent off-device to be emulated in a virtual sandbox to detect malicious behavior, named sandbox security.

I think that the main benefit of an NGFW is the ability to safely enable the use of Internet applications that empower users to be more productive while blocking less desirable applications.

I think that the most valuable feature is the prevention of known and zero-day threats because they are constantly trying to access your company and compromise its data. It is very important to have your solution always update for this.

I think that another important feature is that it is a cloud solution. More and more companies have all of their systems in the cloud and the threats are pointing here.

The features that a next-generation firewall includes are application and user control, integrated intrusion prevention, advanced malware detection such as sandboxing, and leverages threat intelligence feeds.

Check Point products have many places that need to be improved, but they are constantly upgrading.

I have been using Check Point NGFW since 2015.

Check Point has a good support department and they are always ready to help you.

Previously, I used Fortinet but Check Point provides us with more features.

I used this solution for the first time in 2015 when I worked for a local Internet Service Provider. At that point, I used the R77.30 console and I saw all of the good features that it provided.

Now, I use R80.30 in my current company and these products are the best in the market. This company is going to be at the forefront and you can complete your solution with other products in their portfolio.

Today’s next-generation network firewall can be found deployed on-premises at the edge of enterprises and branch offices, on-premises at internal segment boundaries, in public clouds such as Amazon (AWS), Microsoft Azure, and the Google Cloud Platform. They are also deployed in private clouds.

The licensing includes the cost of support.

We evaluated many others options including solutions by Fortinet, Palo Alto, SonicWall, etc.

We think that Check Point is the best because they are at the forefront.

I am using this solution for perimeter security in the company. Our firewall security is centralized under one management. Also, we use this firewall to manage some of the VPN clients and the employees' access across the company. 

Each firewall is capable of using the VPN client, but we only use two. We have five in total, but we only use two for these issues.

I am using the firmware version for the operating system. The blades are firewalled for IPS and mobile access.

Last year, we used the Check Point Identity Awareness Software Blade. Now, we only use a normal firewall with IP address rules, address destination, and services. Then, we can filter by users. So, my boss has access to these things by user. Even if it's connected with the Active Directory, we can filter by user name, or in this case by server name, and it works perfectly. This is very valuable for our company.

The most valuable features about Check Point are the API and automation process.

Using the GUI, you can add comments from your PC or the client server. If I want to check the firewall rules, I can send one line of command to determine if it is configured or not. 

Its implementation and integration with the rest of the network are better than its competitors.

The stability needs improvement for its version releases. They have a feature called Inline Layer as part of the R80.10 release. In the last version, it still had bugs and is not working very well. I would like the developers to release a version that is more stable, because if you start to use the latest release and try to use this newest feature, I'm not 100 percent sure that it will work very well. After six months of development, it might start working better. However, at the beginning, it's not a good choice to implement in your company with your first attempt. But one or two releases later, it might be better. 

If you only have one vendor and they are downgraded or no longer a leader in their industry, then you need to change the entire solution, making it more expensive. For example, Check Point's components are not interchangeable with other vendors.

Around four years.

The stability of the firewall is nice if you use the legacy mode, because the new mode is not good. Things worked in version 77, which is older. It was more stable. When they jumped from version 77 to 88, sometimes things didn't work that used to work in the earlier version.

The scalability of the firewall depends on the model. In terms of the implementation, it's really easy.

We have about 25 users for the entire solution. We have two engineers who work on deployments and implementation. We have another 18 engineers who do support and operations. They have responsibility to monitor the firewall 24/7.

It protects the core network and ISP: the routing, switching, and APM backbone. This is around 8,000 pieces of equipment. 

We don't have plans to increase our usage right now.

I would rate the technical support as a seven out of 10. Sometimes, it's difficult to get them to understand what the issue is. Sometimes, the issue is not resolved, then we solve it by ourselves with Check Point's documentation, which can be useful. When you open a case with Check Point, they can be a little slow. Sometimes, they don't solve things.

In the beginning, we used Fortinet, Juniper, and Cisco. Now, we only use Check Point for firewalls. 

Last year, we changed the Fortinet firewall to the Check Point firewall. The Check Point API let me make 100 net rules in just 10 minutes, which saved us time.

The administration is awful in Fortinet. They have the FortiGate portal on an HTTP portal. Therefore, if you want to make a change, you can make a change. But if you do the change, then it's directly applied on the network, and we don't want to do that. We configure and change the policy and routing. We only apply the changes in the night. However, with Fortinet, you need to configure and apply the changes at the same time. So, it's not useful for our operations.

With Fortinet, you need to duplicate the rules from the DMZ to the Internet and the Internet to the DMZ. In Check Point, you only use one rule, which works on both sites.

The initial setup is really easy. You can do it in 30 minutes. Setting up an environment for a firewall and its management with a licensed demo took me an hour last week, and that includes the time for configuring the rules. The whole installation is 30 minutes and the configuration is another 30 minutes.

If you are implementing from another vendor, Check Point has a program called SmartMove. Then, all you need is the configuration of the previous firewall. Once you do some optimization, then you are ready for the integration. This might take a month overall.

We consulted with one partner of Check Point, who is our provider. If the issue is really big, then we open a case with Check Point directly via the partner. My experience with them was really nice. It was the best experience that I had ever had.

They have amazing engineers. Their expertise is unbelievable. They do integrations really well. They could improve on routing and networking, but the product is what is important for me. 

The firewall is only for protection. It is not used to sell services.

The pricing and licensing are expensive. If you compare it with Fortinet, then it is cheaper on a yearly basis. However, Check Point is the most expensive firewall right now in terms of licenses and its appliance. My recommendation is if you want a long-term investment, then you should use an open server. If you use an open server, then the latency is really low. If you pay for a full appliance, it's more expensive.

Check Point's web administration is not complete. If you compare it to Fortinet's web administration, Check Point's web administration is not nice. However, Check Point's full solution, including SmartConsole, is better than Fortinet's solution.

If you use Apple computers or Linux, the product may not be a good choice for you.

I would rate the solution as a seven point eight out of 10. They can improve some things. They can make it more flexible in terms of its software. It is a good solution, and I like it. For me, it's the best firewall solution.

*Perimeter Firewalls - to protect regional hubs and local offices from public space and provide L3-L7 filtering

*Internal Segmentation Firewalls - to secure company's internal network from movement of malicious actors and reduce traffic flows only to authorised ones

*Public and Private Cloud - to secure hybrid environment either onprem or in the cloud while achieving micro segmentation per host

*Cloud Compliance - to get a visibility into cloud environment and and related vulnerabilities 

*Data Center

*SaaS

Check Point is able to satisfy almost any security tool for enterprise clients. This allows us to deploy complex changes from a single management interface, get better visibility, and significantly reduce operational complexity.

I have to emphasize the value of Diamond support here where most senior engineers can provide great support with any challenges. Thinking out of the box, sense of responsibility, professionalism and much more - such an attitude helps to provide resolution to any crisis in the shortest term

With the new capabilities embedded into R80.XX flavor it is possible to achieve great flexibility while defining your security policy. It is possible to utilize a variety of objects to define static or dynamic criteria for inspection and reduce general rule base size and complexity, while not giving up on security

The security research team is doing a great job staying on top of ongoing threats and releasing fixes for ongoing attacks within days or sometimes hours.

Check Point always actively listens to its customers trying to identify emerging needs and satisfy them pro-actively

I would like to see an improvement of built-in monitoring capabilities such as throughput. Practically visualization of CPview outputs into beautiful pink GUI will do it. 

The monitoring of scalable solutions is quite tricky, but it could be relevant for all vendors who possess the same technology.

IPS fine-tuning may require some time to understand the interrelation between IPS protections, core Protections and other IPS profile elements. But in general, Check Point is on the way of great simplification of TP management

Check Point products are being in use for the last 6 years.

The firewall is the primary use case of this solution & IPS is secondary use case of the solutions.

We are looking forward to Sandblast solutions.

We also use it for cloud expansions 

The Check Point NGFWs brought up the security level with the help of the advanced software blades - we use Application Control, URL Filtering, IPS, Anti-Bot, and Antivirus. The setup was simple, and the performance is great - we have significant resources to expand the environment in the future without disabling any blades and thus maintaining the security on the same, high level.

It has improved the security posture of the organization by implementing this solution.

Now we can add application signature in the same rule base & don't have to create a different policy for that.

Advanced networking and routing features - we use Proxy ARP to announced virtual IPs to ISP and bing domain names to it; BGP for dynamic routing over IPSec VPN tunnels to other environments, and Policy-Based Routing for connecting to two ISPs.

• Easiness while working on all blade of firewalls 
• Flexibility in NAT rules 
• The new Policy Layers feature for building up the Access Control policy - the rules are now more understandable and efficient.
• Also, even so, the new SmartConsole is declared to be unified starting from version R80.10, there are still some features that have to be configured in the old SmartDashboard (e.g. Mobile Access policy and Antivirus), or on the Gaia OS level (all the routing features).
  

• Offline Sandblast solution, which should send malicious sources to other security solutions.
  
• TAC Support level to be enhanced 
• More details to be included while VPN troubleshooting, using GUI representation 
• Integrate all blades to use a single policy rather than multiple.

I have been using Check Point for more than 14 years.

We are using Palo Alto and Check together.

Cost is negotiable always & matches the expectations and licences are flexible and are added advantage. 

We evaluated other solutions.

The primary use case of this solution is to protect the organization's LAN network from cyber threats.

With the help of Check Point NGFW, we are able to prevent attacks like phishing, ransomware, zero-day attacks, malware, etc.

The thing I like about this product is its capability of auto NAT and auto zone detection.

Service support can be improved.

I've been using the solution for the last year. 

The stability is the best.

The scalability is good.

Customer service and support can be improved.

Neutral

No, I did not use a different solution. 

The initial setup is easy.

We implemented it through our in-house team.

For the current market situation setup cost, pricing, and licensing look fine.

No, I did not evaluate other options.

It can function as either a standalone appliance or as part of a clustered solution, offering flexibility to suit the needs of various customers, ranging from small businesses to large enterprises. We have experience working with a diverse clientele across different industries, leveraging Check Point's solutions to provide comprehensive network security tailored to each organization's requirements.

Extracting data from the logs and utilizing the log analyzer tool provides valuable insights and enhances the product's overall effectiveness.

Managing a smaller number of firewalls is straightforward, but as the scale increases, especially with numerous firewall instances, the complexity grows significantly. Scalability should be improved.

I have been working with it for twenty years.

It offers good stability capabilities.

We've encountered challenges related to scalability, particularly with its performance slowing down as the volume of objects in the network grows.

While most engineers are typically responsive, there may be variations in their availability and response times. I would rate its customer service and support eight out of ten.

Positive

I also work with Fortinet, and I find it preferable because it offers a wider range of options. Additionally, its integrated package functions exceptionally well, with seamless coordination between services.

The initial setup process is typically straightforward for most customers. However, when comparing Check Point with other solutions like FortiGate, there's a notable difference in how policy rules are implemented. With Check Point, you need to install the entire policy each time you want to make changes, whereas FortiGate allows for more streamlined updates by simply accepting the modifications. This can sometimes add complexity to installing a new policy with Check Point.

The deployment time varies depending on the scale of the project. For small cases, it may only take a couple of minutes, while larger-scale deployments can span up to a month. Having a skilled engineer is crucial; one proficient engineer can handle the job effectively. Maintenance is relatively straightforward.

While it may be slightly more expensive, when compared with competition it is reasonable. Licenses are renewed annually.

Overall, I would rate it nine out of ten.

Check Point NGFW is a critical component of our security infrastructure. It provides comprehensive next-generation firewall (NGFW) security for our perimeter and DMZs, protecting us from a wide range of cyber threats, including malware, viruses, ransomware, phishing attacks, and zero-day threats.

Check Point NGFW uses a variety of advanced technologies to protect our network, including intrusion prevention, application control, and threat intelligence. It is also able to detect and block sophisticated cyberattacks that traditional firewalls cannot.

Check Point NGFW has helped us to significantly reduce our risk of cyberattacks by providing comprehensive protection against a wide range of threats, including malware, viruses, ransomware, phishing attacks, and zero-day threats. 

It has also improved our network performance and reliability by optimizing traffic flow and reducing latency. 

We are confident that Check Point NGFW will continue to protect our network from the latest cyber threats due to its advanced security features and its team of experts who are constantly monitoring and updating the product.

As a security professional with over ten years of experience, I've seen firsthand the devastating impact that cyberattacks can have on organizations of all sizes. That's why I'm so passionate about using the best possible security solutions to protect my clients.

One of my favorite security solutions is Check Point NGFW. It provides comprehensive protection against a wide range of cyber threats, including malware, viruses, ransomware, phishing attacks, and zero-day threats. It is also designed to deliver high performance even in the most demanding environments, and it can be scaled to meet the needs of organizations of all sizes.

I've also found Check Point NGFW to be very easy to use and manage, even for users with limited IT expertise. This is important to me because I want to make sure that my clients can focus on their business without having to worry about complex security solutions.

Overall, I highly recommend Check Point NGFW to any organization that is looking for a comprehensive and effective security solution.

There are a few areas where Check Point NGFW could be improved. First, it can be expensive, especially for small businesses. Second, it can be complex to configure and manage, especially for users with limited IT expertise. Finally, its licensing model can be complex and confusing.

Despite these areas for improvement, I still highly recommend Check Point NGFW to any organization that is looking for a comprehensive and effective security solution. I am confident that Check Point will continue to improve its products in the future, and I am excited to see what new features and capabilities they come up with next.  

One thing I would like to see in the next release is an AI-powered threat detection and prevention system that can automatically identify and block new and emerging threats.

We've been a Check Point customer for over 21 years, and we've always felt that they are a trusted partner in our cybersecurity efforts.

Overall, I'm very impressed with the stability of Check Point NGFW. It's a powerful security solution that can meet the needs of organizations of all sizes.

One of the things that I appreciate most about Check Point NGFW is its flexibility. It can be deployed in a variety of ways, including physical appliances, virtual machines, and cloud-based instances. This makes it easy to scale your security infrastructure up or down as needed.

I've always been impressed with the responsiveness and expertise of Checkpoint's customer service and support team.

Positive

We have never used a different solution. We have been using Check Point NGFW since we first launched our network 21 years ago, and we have been very satisfied with its performance and reliability.

The complexity of the initial setup of Check Point NGFW depends on the size and complexity of your network, as well as the features and capabilities that you need.  

If you have a large enterprise with a complex network or need to configure all of the features and capabilities of Check Point NGFW, I would highly recommend that you engage Check Point Professional Services to help you with the setup process.

We have always used Check Point Professional Services to assist with our implementation.  They are very knowledgeable and can save you a lot of time and frustration.

To maximize the ROI of Check Point NGFW, it is important to choose the right deployment model, use Check Point's security services, and keep the software up to date.

There are a few areas where Check Point NGFW could be improved. First, it can be expensive, especially for small businesses. Second, it can be complex to configure and manage, especially for users with limited IT expertise. Finally, its licensing model can be complex and confusing.

Despite these areas for improvement, I still highly recommend Check Point NGFW to any organization that is looking for a comprehensive and effective security solution. I am confident that Check Point will continue to improve its products in the future, and I am excited to see what new features and capabilities they come up with next.

We evaluated Cisco ASA Firewall before choosing Check Point NGFW.

A few months ago, one of my clients was targeted by a sophisticated ransomware attack. Check Point NGFW was able to detect and block the attack before it could cause any damage. My client was very grateful for Check Point NGFW's protection, and I was relieved that I was able to help them avoid a costly and disruptive attack.

We needed a perimeter solution that would add value to our organization by safeguarding our information, equipment, users, and all the infrastructure we have within our entire organization. We needed something that, in the future, had the capacity to be scalable as well as something that was easy to configure. We wanted to ensure that it could be configured in a way that, if high availability is required, it would be fine. In that search, we decided to try the NGFW from Check Point.

With the Next-Generation Firewall disable solution, we have been able to solve not only the issue of perimeter security. We have also managed to incorporate a real-time search and analysis into our organization, which allows us, in some cases, to even enable the emulation capacity and solution in real-time. 

It is giving us a greater reach for greater prevention and is proactively protecting our employees. 

Check Point is a business ally in our organization. We have many users outside of it who are dedicated to the sales part. In my case, in my experience, I have been learning about the solution for a short time. That said, it has been a learning experience and constant evolution as I learn to function in this new position.

The most valuable feature is the ability to emulate the attacks of all those attachments or events that we have. That way, we can find a quick and easy way to clean, examine, and analyze what is happening within our organization. It ensures the end user is given an attachment that is a clean document - both safe and reliable. 

Today, Check Point invests a lot in technology, and that gives us the best security and clear confidence that we are working with a first-world company that will always be at the forefront of security and analysis. They protect us as an organization by providing us with quality services every day.

Innovation is one of the most important things they must adhere to. I have liked seeing how innovation evolves and how security teams protect themselves proactively while always being efficient. Hopefully, in the future, these will be much more plug-and-play and orchestrated from a single administration console. 

Today, I am learning a lot about the cloud. I know that this is one of the solutions that can be placed in any cloud, so we will soon see if it will continue with the virtualization of Web3 equipment.

I've used the solution for seven months.