Check Point NGFW Reviews

We use the solution to protect our organization and workers from the outside Internet or any untrusted network.

We have the three-tier architecture of Check Point. We use its consoles, central management system, and firewall device for managing it. This three-tier architecture is recommended by the Check Point Community.

We protect our internal customers using Check Point Firewalls by providing them security as well as detecting vulnerabilities. 

The most valuable feature would be the central management system of Check Point because we can manage multiple firewalls through it at the same time. It doesn't matter the location.

I also like the advanced Antivirus feature of Check Point.

The Threat Management feature makes it very easy to detect the vulnerabilities and other factors. We can make new policy according to it. Policy creation is very simple in Check Point. Because the logs are very good in Check Point Firewall, this reduces our work with the reports that we are getting from the Threat Management. It is very convenient for us to use the reports to make new policies for security and other things.

It is very user-friendly.

The training for Check Point Firewall should increase, including the number of Training Centers. For most new people in our organization, we have to provide them training from our end, as they are not trained in Check Point Firewalls. So, we have to do the training, from our point of view, to make our engineers able to use Check Point Firewalls. However, with other firewalls, they are already trained, so we are not require to provide them training. This could be improved by the Check Point Community.

I have been using it for the past six years.

The Check Point Firewall is stable. 

The updates that we get are also very stable. We haven't found any stability issues in the updates at all. Features, like the Antivirus, are updated with almost every release and done on a frequent basis.

The scalability is very good for Check Point Firewall. It is very easy to increase. For example, during the COVID-19 period, we increased our deployment on an emergency basis, and it was very easy.

My organization has around 4,000 people. 

For Check Point, we have a team of around eight people who manage it. We are basically a team of senior network engineers.

The tech support is very good for Check Point. We get straightforward solutions for it every time, and they do not take a lot of time since we have to resolve the cases quickly in a live environment. So, they are very helpful and capable.

We are also using Cisco ASA, and we have been thinking that we need to go with Cisco or Check Point. At last, we have decided to go with Check Point because of its advanced features.

The initial setup was very straightforward. We didn't have many problems.

The deployment part took around nine to 10 months. We completely planned the deployment before doing it. Since we already installed Check Point Firewall in multiple branches earlier, we used those same plans to configure it.

We didn't require any external help for the deployment. Our R&D and tech were capable of doing it. Our deployment team consisted of six to eight people, working in different shifts, to configure it.

Overall, it is a good cost saving product. We do not have to purchase additional hardware for it, which is a good. This saves us 10 percent in costs compared to Cisco.

The solution saves us about 20 percent in our time, which is substantial.

The price could be decreased, because the competitors of Check Point Firewall are giving lower prices in comparison.

The licensing part is something that is very easy to do in Check Point Firewall. We just need to purchase the license, then we have to write the keys in while installing it. The good thing is that it is an easy process to update the license.

We are also using Cisco ASA and FTD. The problem with Cisco ASA is the GUI is missing, while the GUI is good for Check Point Firewall. Apart from that, in Check Point, there are advanced features, like Antivirus and Threat Management, for which we do not require other hardware, where it is required for Cisco ASA Firewall. So, Check Point provides us a cost savings in that way.

The central management system of Check Point is missing in Cisco ASA. This is a good feature because it saves time. We can use it to manage multiple firewalls through one central management device. It is also easy to use.

We are slowly eliminating Cisco ASA and using more Check Point Firewalls, bringing more Check Point Firewalls into our environment.

I have also used Palo Alto, but the organization is using Check Point because they have more confidence in things like Check Point's stability factor. However, more people are trained to use Palo Alto.

Get good training on Check Point, which is very rare to obtain at this point of time. Before implementing or deploy the product, you should be trained properly so you know all the features. It has heavy features in terms of quantity. You should know about each feature before using or deploying it.

I would rate the solution as an eight out of 10. 

We use it for VSX virtualization and we use it for normal firewall functions as well as NAT. And we use it for VPN. We don't use a mobile client, we just use the VPN for mobile users.

We are able to virtualize about four firewalls on one machine. Before, we needed to have four firewall hardware devices, physical devices, from Cisco. We had four appliances, but now, with Check Point, we just have one. We can manage them, we can integrate them, and we can increase connections using one and the other. It has broken down connection complexities into just a GUI.

Also, previously we had downtime due to memory saturation with our old firewalls. We were using Cisco ASA before. During peak periods, CPU utilization was high. Immediately, when we switched to Check Point, that was the first thing we started monitoring. What is the CPU utilization on the device? We observed that CPU utilization stayed around 30 percent, as compared to 70 percent with the Cisco we had before, although it was an old-generation Cisco. Now, at worst, CPU utilization goes to 35 percent. That gives us confidence in the device. 

In addition, the way Check Point built their solution, there is a Management Server that you do your administration on. You have the main security gateway, so it's like they broke them down into two devices. Previously, on the Cisco, everything was in one box: both the management and the gateway were in one box. With Check Point breaking it into two boxes, if there's a failure point, you know it's either in the management or the security gateway. The management is segmented from the main security gateway. If the security gateway is not functioning properly, we know that we have to isolate the security gateway and find out what the problem is. Or if the management is not coming up or is not sending the rules to the security gateway, we know there's something wrong with it so we isolate it and treat it differently. Just that ability to break them down into different parts, isolating them and isolating problems, is a really nice concept.

And with the security gateway there are two devices, so there's also a failover.

• The most valuable feature for us is the VSX, the virtualization.
• The GUI is also better than what we had previously.
• The third feature is basic IP rules, which are more straightforward.
• And let's not forget the VPN.

The way we use the VPN is usually for partners to connect with. We want a secure connection between our bank and other enterprises so we use the VPN for them. Also, when we want to secure a connection to our staff workstations, when employees want to work from home, we use a VPN. That has been a very crucial feature because of COVID-19. A lot of our people needed to work remotely.

The VPN part was actually one of the most complex parts for us. It was not easy for us to switch from Cisco, because of one particular part of the integration: connecting the Check Point device to an Entrust server. Entrust is a solution that provides two-factor authentication. We got around it by using another server, a solution called RADIUS.

It was very difficult to integrate the VPN. Until now, we still don't know why it didn't work. With our previous environment, Cisco, it worked seamlessly. We could connect an Active Directory server to a two-factor authentication server, and that to the firewall. But when we came onboard with Check Point, the point-of-sale said it's possible for you to use what you have on your old infrastructure. We tried with the same configurations, and we even invited the vendor that provided the stuff for us, but we were not able to go about it. At the end of day they had to use a different two-FA solution. I don't if Check Point has a limitation in connecting with other two-FAs. Maybe it only connects with Microsoft two-FA or Google two-FA or some proprietary two-FA. They could work on this issue to make it easier.

Apart from that, we are coming from something that was not so good to something that is much better.

I have been using the Check Point Next Generation Firewall for 10 months.

The stability of Check Point's firewall, for what we use it for now, is pretty good. Especially, with the licensing of blades and the way they script it down into different managers. You have a part that manages blades, you have the part that manages NAT, and you have the part that manages identity. The VSX is another one on its own. So it is very stable for us.

When we add more load to it, when we go full-blown with what we want to use the device for, that will be a really good test of strength for the device. But for now the stability is top-notch.

They scale well.

All information passes through the firewall. We have about 8,000-plus users, including communicating with third-party or the networks of other enterprises that we do business with.

We've not used technical support. We asked our questions of the vendor that deployed and he was quite free and open in providing solutions. Anytime we call him we can ask. He was like our own local support.

There is also a Check Point community, although we've not really been active there, but you can go and ask questions there too, apart from support.

The initial setup was pretty straightforward.

It took a while about a month, but it was not because of the complexity. It was because we gave them what we already have on the ground. We were on Cisco before and they had to come up with a replica of the configurations for Check Point. When they got back to us we had to make some corrections, and there was some back-and-forth before everything finally stabilized.

Four our day-to-day administrative work, we have about four people involved.

We used a Check Point partner for the installation. I was involved in the deployment, meaning that while they were deploying I was there. They even took us through some training.

We have surely seen ROI compared to the other vendors I mentioned, in terms of costs. And we tested all the firewall features to see if it is doing what it says can do. And so far so good, it's excellent. It's a good return.

Check Point offers good solutions, but it won't kill your budget.

Going into Next-Generation firewalls, you should know what the different blades are for, and when you want to buy a solution, know what you want to use that solution for. If it's for your normal IP rule set, for identity awareness, content awareness, for VPN, or for NAT, know the blades you want. Every solution or every feature of the firewall has license blades. If you want to activate a feature to see how that feature handles the kind of work you give, and it handles it pretty well, you can then move to other features.

We evaluated Palo Alto, Fortinet FortiGate, and Cisco FirePOWER.

Check Point was new to the market so we had to ask questions among other users. "How is this solution? Is it fine?" We got some top users, some top enterprises, that said, "Yes, we've been using it for a while and it's not bad. It's actually great." So we said, "Okay, let's go ahead."

I would recommend going into Check Point solutions. Although Check Point has the option of implementing your firewall on a server, I would advise implementing it on a perimeter device because servers have latency. So deploy it on a dedicated device. Carry out a survey to find out if the device can handle the kind of workload you need to put through it.

Also, make it a redundant solution, apart from the Management Server, which can be just one device. Although I should note that up until now, we have not had anything like that.

We use the product for safeguarding our office network on a routine basis. These firewalls protect against external threats, manage VPN access for remote users, and address various security scenarios. 

Our primary focus involves malware prevention, intrusion detection, and ensuring robust security measures to shield our office network from potential cyber threats originating from the internet. 

It serves as a traditional yet effective security system, providing comprehensive protection against hackers and potential risks associated with internet usage.

A lot of things need to be improved in Check Point NGFW. For example, their support team isn't very efficient and useful. The solution itself isn't easy to learn, making it hard for support to provide solutions. The design makes it so pockets (specific teams) have to work together when there's an issue, which creates a mess. 

Also, Check Point lacks competitive capabilities like SD-WAN and CGM app integration. And visibility needs improvement. For example, Fortinet shows all connected devices with IP addresses, Mac addresses, and sometimes usernames. More granular detail is crucial for security. 

Support efficiency, visibility, and adding competitive capabilities are key areas for improvement.

The product offers a robust and intuitive experience, catering to the essential needs of users. 

The Cleanup Rule's ability to discard unwanted traffic and the inclusion of default Autonomous Threat Prevention Profiles simplifies security measures, catering to various deployment scenarios. I was impressed by how easy it was to activate blades and implement them on a security gateway, with the process taking less than five minutes. 

Additionally, the Smart Console's clear and efficient user interface ensures that the changes to the policy are swiftly made, with the added benefit of maintaining proper audit logs.

Places for improvement include:

• Having a Zone Alarm and the standalone endpoint VPN that become compatible products.
• Having a Smart Console in-place upgrades with IP/fingerprint retention.
• Offering a Mac version of Smart Console.
• Integration of CPview and things like fw accel stat in the monitoring blade.
• No more legacy SmartDashboard for some features.
• Streamlining of the endpoint solution and deployment options and also offering the possibility to convert shared policy to unified policy when you run R80.X via some sort of wizard in a layer or so. This is a classical case for people who upgraded their R77 management.
• Offering a fixed deployment schedule for accumulator hotfixes. This would help us foresee maintenance windows in organizations with rigid change management procedures.
• Finding a way to restore the object search like in R77, where you could find any part of an object name and not a word in the object.
• Scheduling policy pushes in Smart Console.

I've used the solution for ten years.

We are resellers, and our customers need a robust and well-performing NGFW. The Check Point NGFW tool was acquired since they needed collaborators to have secure access to the company's resources and applications. This tool provides us with the alerts and corrections that must be made when finding a security breach in their environment. 

Check Point NGFW also provides a great capacity of features and helps us apply them to the organization. It has web filtering limited to third parties and SSL encryption. The application's administration is very simple and centralized since it helps them a lot in reporting and generating alerts.

The organization needed a tool that would provide various security functionalities in the organization, and so far, Check Point NGFW has helped them a lot. 

It has helped the company by applying access control policies and limiting access to third parties and only those who must enter the organization to use resources and applications. 

The application behaved very well with the current resources in the company network; it helped us to prevent several security holes found with web filtering and internal DDoS attacks. 

Check Point NGFW can quickly identify where the attacks are coming from, provide detailed and complete information on the attacks, and provide zero-day attacks in real-time.

One of the valuable characteristics of Check Point NGFW is that it presents very centralized management. Due to this, their security throughout and outside of the organization has improved. 

Many collaborators work from their homes or different places and help them filter and limit access to packet inspection with flexibility and speed that was not previously possible. 

The records that it shows and generates (depending on its configuration) make everything very visible to be able to adjust and correct in time. When superiors ask for administrative information, it provides great value. 

Its management web interface is very easy and user-friendly.

The tool provides what is expected in its security functionality. However, some points must be improved, such as the latency in the GUI entry. It takes a while to register and allow access to the administrative panel.

Customer service should be improved, both in the administrative and technical fields. Support cases have been generated several times, and it takes time to resolve the case. Finding support is a little bit hard. This needs to be improved.

I've used the solution for one and a half years.

We use the solution to configure sandboxing features for enterprises. We also use it for policy-level configurations and VPNs.

Sandboxing is the most valuable feature. A majority of the configurations are very accurate. We can find what an organization's user is downloading from the internet.

The support team should be faster.

I have been using the solution since 2016.

All products have some bugs. However, we had a minimum bug experience with Check Point. I rate the tool’s stability an eight out of ten.

The product is scalable. Everyone in our company uses the product. We are 100 users. We have an on-premise firewall. We use it every day.

I have contacted the support team. I have had good conversations with the engineers. Sometimes, it takes a little bit of time to solve some issues. If it's a complex issue, we need to start from scratch and escalate to a bigger tier of support.

Positive

The initial setup is very easy.

The product is not that expensive for what it is offering, but it could be cheaper. Nowadays, all the vendors are increasing their prices. Suggesting the product to the customers will be easier if it is a little cheaper. The tool offers good attributes.

Palo Alto is also a good vendor. We chose to go with Check Point as well for our enterprise solution as distributors, and we suggest it to our customers.

I was an engineer for AT&T. I helped customers with configurations. The vendor is taking care of the user side of security with Check Point Harmony. It is a very good product. Check Point Harmony must provide administrators the ability to manage external programs remotely. Some customers want such features, and other vendors provide them. I would recommend the solution to others. The vendor has been investing a lot of money and effort to prevent zero-day attacks. Overall, I rate the tool a nine out of ten.

We use the solution for full-scale integration and end-to-end management at the organization. The Check Point NGFW implementation took place quite smoothly.

Check Point NGFW is the best in terms of comprehensive protection against network threats and security against malware and phishing attacks. It smoothly restricts these via anti-phishing algorithms.

Check Point NGFW source package covers all the bases - application control, NAT, DLP, routing, content awareness, VPN, desktop security, and much more.

It is scalable, provides end-to-end resolution and customized productive services like providing a complete solution for perimeter protection that
blocks the traffic based on an IP address or on applications
and content. This makes Check Point NGFW highly promising and makes it a complete solution.

Check Point NGFW is the best in terms of comprehensive protection against network threats, malware, and phishing and smoothly restricts these via anti-phishing algorithms.

The source package covers all the bases - application control, NAT, DLP, routing, content awareness, VPN, desktop security, et cetera.

It provides end-to-end resolution. It is a customized productive service and a complete solution for perimeter protection that blocks traffic based on IPs, applications, and content.

The most valuable services it provides are end-to-end resolution and perimeter protection; It blocks traffic based on IP address, applications, and content.

Check Point NGFW is best in terms of comprehensive protection against network threats, malware, and phishing. It has great anti-phishing algorithms.

They could improve by lowering prices. The source package is a bit more expensive than its competitors. 

We've had some downtime issues.

It could be more generalized and user-friendly in terms of its support portal for raising tickets. Ads management should all just be on a single click.

Overall Check Point NGFW is highly scalable and provides end-to-end resolution and a wide range of customized productive services with a huge community and team behind it.

I've used the solution for about 1.5 years or so.

I hadn't gone through any such solution earlier. I just tried in-built system solutions.

Check Point NGFW integration is quite smooth in terms of licensing. They are a bit more expensive, yet they are overall a strong product and a must-have for professionals.

No, I did not go through software review websites for recommendations and software services outlooks.

Check Point NGFW is highly scalable. It has a wide range of customized productive services with a huge community and team behind its technology.

Currently, we have a need for security when it comes to protecting the company's infrastructure on a perimeter basis. We need to cover many branches that must be protected and require a solution that provides us with technological security solutions that allow us to establish and configure in a simple and centralized way for each of the branches.

As a result, we have searched for solutions that meet these requirements, in addition, we are seeking out solutions with technological innovation capabilities constantly.

Check Point has given us the ability to comply with regulations and with capacities in a way that we never could before. Not only have we managed to secure our network, our infrastructure, and our equipment - we have also managed to gain analysis and additional configurations in each of the complex procedures that are carried out daily.

The Next Generation firewalls are quite flexible in many of their characteristics. These devices have blades or sections or small spaces where they have additional features that we can use. That way, we are not only protecting our organization and other branches that belong to our company - we also have other features if the need arises. These are the features that will always help us to put safety first in our organization.

In the future, some of the features that I would like to see would be the ability to integrate environmental solutions such as the metaverse or blockchain so that we can see them also in applications directly and on mobile devices or natively. 

I've used the solution for three years.

We've used the solution for perimeter and DMZ security as we host a website that is accessible online.

On the perimeter, we have Check Point acting as the entry point to our web server farm with load balancers. The access policy is configured with the least privilege, only allowing connections that are part of business requirements.

Intrusion prevention is enabled in prevent mode to detect and block well-known vulnerabilities and attacks. The device connects to Check Point's cloud for updates on signatures to new threats. 

We are peering with Partners via Site-to-Site VPNs for Services.

1. It's offering perimeter security to publicly accessible sites. There's better security at the edge and DMZ with the use of access policies. 

2. The activation of Intrusion Prevention Blades offers better security at the perimeter and between DMZ Zones. IPs also have prebuilt security profiles making deployments of IPS fast and efficient, and exceptions to the rule base are easy.

3. The use of a remote access VPN is used to connect to partner sites.

4. Check Point offers virtualized systems, making it easy to scale. Instead of buying new equipment, we have set up virtual systems for the DC and user networks.

1. Intrusion prevention. Preventing and detecting well know vulnerabilities to our publicly accessible systems is easy. Inbuilt predefined security profiles can be deployed out of the box.

2. Virtualized security. Virtualized products are used to provide more scalability and ease of administration to the network.

3. Identity awareness. Granular policies on the firewall are based on identities.

4. Site-to-site VPN. We can make connections with partners securely.

5. Reporting. Prebuilt reports that are already in a well-presented manner could be presented to management.

6. Access Policy and NAT rules base.

1. Complexity in upgrades. Currently, upgrades are quite cumbersome. I would prefer the click of a button and process upgrades.

2. Pricing. The pricing is quite high as compared to other industry firewalls (such as Cisco or Fortinet).

3. Documentation. They have to improve on providing more documentation and examples for certain features online. In other sections, it feels shallow and we could use more information and examples.

4. Complexity in system tweaks. There are some knobs that need to be tweaked at the configuration files on the CLI which can be considered complex.

5. Check Point Virtual Security. The features take a bit more time to be released as compared to physical gateways.

I've used the solution from 2017 until now.

A word of caution, especially on new software: you might hit a couple of bugs. Therefore, the general recommendation is to wait for a few takes before upgrading to a major version.

With older versions it's stable.

The solution offers high-performance devices ranging from small to big data centers.

Virtual Security offers up to 13 connected gateways helping with managed security.

First-line support is hit or miss, and at times getting an engineer to assist on the call can take hours.

Opening tickets on the Check Point platform is ok with the first response depending on the workload of the engineers.

This is one place Check Point needs to improve.

Positive

Previously we were using Cisco ASA 5585. However, the performance was not reliable, and scaling would have been an issue.

We opted to go with Check Point, which could handle high performance and scaling was easier. Check Point also offered IPS features which were easier. Check Point also had better reporting and management tools.

The initial setup was a bit complex since we were deploying virtual systems.

The interface configurations, access policy, VPNs, and NAT setup were easy. The complexity was in understanding how Check Point handles virtualized security instead of physical security gateways.

The initial implementation was with the help of a vendor with good knowledge of the product.

It's used to protect the organization from security threats and provide connectivity to our applications which is the main platform for business. That's the ROI we've noted.

The pricing and licensing for Check Point are high.

Due to experience with Check Point, we did not evaluate other options (like Fortigate or Palo Alto).

Generally, Check Point is a good product with a lot of security features that I would recommend to any organization.