Check Point NGFW Reviews

Check Point NGFW is a critical component of our security infrastructure. It provides comprehensive next-generation firewall (NGFW) security for our perimeter and DMZs, protecting us from a wide range of cyber threats, including malware, viruses, ransomware, phishing attacks, and zero-day threats.

Check Point NGFW uses a variety of advanced technologies to protect our network, including intrusion prevention, application control, and threat intelligence. It is also able to detect and block sophisticated cyberattacks that traditional firewalls cannot.

Check Point NGFW has helped us to significantly reduce our risk of cyberattacks by providing comprehensive protection against a wide range of threats, including malware, viruses, ransomware, phishing attacks, and zero-day threats. 

It has also improved our network performance and reliability by optimizing traffic flow and reducing latency. 

We are confident that Check Point NGFW will continue to protect our network from the latest cyber threats due to its advanced security features and its team of experts who are constantly monitoring and updating the product.

As a security professional with over ten years of experience, I've seen firsthand the devastating impact that cyberattacks can have on organizations of all sizes. That's why I'm so passionate about using the best possible security solutions to protect my clients.

One of my favorite security solutions is Check Point NGFW. It provides comprehensive protection against a wide range of cyber threats, including malware, viruses, ransomware, phishing attacks, and zero-day threats. It is also designed to deliver high performance even in the most demanding environments, and it can be scaled to meet the needs of organizations of all sizes.

I've also found Check Point NGFW to be very easy to use and manage, even for users with limited IT expertise. This is important to me because I want to make sure that my clients can focus on their business without having to worry about complex security solutions.

Overall, I highly recommend Check Point NGFW to any organization that is looking for a comprehensive and effective security solution.

There are a few areas where Check Point NGFW could be improved. First, it can be expensive, especially for small businesses. Second, it can be complex to configure and manage, especially for users with limited IT expertise. Finally, its licensing model can be complex and confusing.

Despite these areas for improvement, I still highly recommend Check Point NGFW to any organization that is looking for a comprehensive and effective security solution. I am confident that Check Point will continue to improve its products in the future, and I am excited to see what new features and capabilities they come up with next.  

One thing I would like to see in the next release is an AI-powered threat detection and prevention system that can automatically identify and block new and emerging threats.

We've been a Check Point customer for over 21 years, and we've always felt that they are a trusted partner in our cybersecurity efforts.

Overall, I'm very impressed with the stability of Check Point NGFW. It's a powerful security solution that can meet the needs of organizations of all sizes.

One of the things that I appreciate most about Check Point NGFW is its flexibility. It can be deployed in a variety of ways, including physical appliances, virtual machines, and cloud-based instances. This makes it easy to scale your security infrastructure up or down as needed.

I've always been impressed with the responsiveness and expertise of Checkpoint's customer service and support team.

Positive

We have never used a different solution. We have been using Check Point NGFW since we first launched our network 21 years ago, and we have been very satisfied with its performance and reliability.

The complexity of the initial setup of Check Point NGFW depends on the size and complexity of your network, as well as the features and capabilities that you need.  

If you have a large enterprise with a complex network or need to configure all of the features and capabilities of Check Point NGFW, I would highly recommend that you engage Check Point Professional Services to help you with the setup process.

We have always used Check Point Professional Services to assist with our implementation.  They are very knowledgeable and can save you a lot of time and frustration.

To maximize the ROI of Check Point NGFW, it is important to choose the right deployment model, use Check Point's security services, and keep the software up to date.

There are a few areas where Check Point NGFW could be improved. First, it can be expensive, especially for small businesses. Second, it can be complex to configure and manage, especially for users with limited IT expertise. Finally, its licensing model can be complex and confusing.

Despite these areas for improvement, I still highly recommend Check Point NGFW to any organization that is looking for a comprehensive and effective security solution. I am confident that Check Point will continue to improve its products in the future, and I am excited to see what new features and capabilities they come up with next.

We evaluated Cisco ASA Firewall before choosing Check Point NGFW.

A few months ago, one of my clients was targeted by a sophisticated ransomware attack. Check Point NGFW was able to detect and block the attack before it could cause any damage. My client was very grateful for Check Point NGFW's protection, and I was relieved that I was able to help them avoid a costly and disruptive attack.

We use the solution for full-scale integration and end-to-end management at the organization. The Check Point NGFW implementation took place quite smoothly.

Check Point NGFW is the best in terms of comprehensive protection against network threats and security against malware and phishing attacks. It smoothly restricts these via anti-phishing algorithms.

Check Point NGFW source package covers all the bases - application control, NAT, DLP, routing, content awareness, VPN, desktop security, and much more.

It is scalable, provides end-to-end resolution and customized productive services like providing a complete solution for perimeter protection that
blocks the traffic based on an IP address or on applications
and content. This makes Check Point NGFW highly promising and makes it a complete solution.

Check Point NGFW is the best in terms of comprehensive protection against network threats, malware, and phishing and smoothly restricts these via anti-phishing algorithms.

The source package covers all the bases - application control, NAT, DLP, routing, content awareness, VPN, desktop security, et cetera.

It provides end-to-end resolution. It is a customized productive service and a complete solution for perimeter protection that blocks traffic based on IPs, applications, and content.

The most valuable services it provides are end-to-end resolution and perimeter protection; It blocks traffic based on IP address, applications, and content.

Check Point NGFW is best in terms of comprehensive protection against network threats, malware, and phishing. It has great anti-phishing algorithms.

They could improve by lowering prices. The source package is a bit more expensive than its competitors. 

We've had some downtime issues.

It could be more generalized and user-friendly in terms of its support portal for raising tickets. Ads management should all just be on a single click.

Overall Check Point NGFW is highly scalable and provides end-to-end resolution and a wide range of customized productive services with a huge community and team behind it.

I've used the solution for about 1.5 years or so.

I hadn't gone through any such solution earlier. I just tried in-built system solutions.

Check Point NGFW integration is quite smooth in terms of licensing. They are a bit more expensive, yet they are overall a strong product and a must-have for professionals.

No, I did not go through software review websites for recommendations and software services outlooks.

Check Point NGFW is highly scalable. It has a wide range of customized productive services with a huge community and team behind its technology.

We needed a perimeter solution that would add value to our organization by safeguarding our information, equipment, users, and all the infrastructure we have within our entire organization. We needed something that, in the future, had the capacity to be scalable as well as something that was easy to configure. We wanted to ensure that it could be configured in a way that, if high availability is required, it would be fine. In that search, we decided to try the NGFW from Check Point.

With the Next-Generation Firewall disable solution, we have been able to solve not only the issue of perimeter security. We have also managed to incorporate a real-time search and analysis into our organization, which allows us, in some cases, to even enable the emulation capacity and solution in real-time. 

It is giving us a greater reach for greater prevention and is proactively protecting our employees. 

Check Point is a business ally in our organization. We have many users outside of it who are dedicated to the sales part. In my case, in my experience, I have been learning about the solution for a short time. That said, it has been a learning experience and constant evolution as I learn to function in this new position.

The most valuable feature is the ability to emulate the attacks of all those attachments or events that we have. That way, we can find a quick and easy way to clean, examine, and analyze what is happening within our organization. It ensures the end user is given an attachment that is a clean document - both safe and reliable. 

Today, Check Point invests a lot in technology, and that gives us the best security and clear confidence that we are working with a first-world company that will always be at the forefront of security and analysis. They protect us as an organization by providing us with quality services every day.

Innovation is one of the most important things they must adhere to. I have liked seeing how innovation evolves and how security teams protect themselves proactively while always being efficient. Hopefully, in the future, these will be much more plug-and-play and orchestrated from a single administration console. 

Today, I am learning a lot about the cloud. I know that this is one of the solutions that can be placed in any cloud, so we will soon see if it will continue with the virtualization of Web3 equipment.

I've used the solution for seven months.

It's used for a small business network which needed additional protection and threat prevention, remote work capabilities, and excellent support. It's capable of handling multiple public IPs and directing traffic to the appropriate interfaces.  The solution can handle multiple ISPs for backup or aggregation of traffic. 

The environment consists of eight PCs and six other devices which need Internet access and which must be protected.  The ability to restrict traffic to specific network addresses as well as the ability to block malicious hosts trying to get into the network has been great.

Check Point's Next Generation Firewall solution was perfect for reviewing logs, providing an initial layer of anti-virus/malware protection, and providing the support, when needed, to ensure that the product remained up-to-date.  

The ease of searching through the logs for specific incidents is outstanding and very easy to understand. In addition, the categories for web content blocking have been helpful for setting base traffic standards, can block P2P networks, social media, and content not suitable for business.

The protection has been outstanding! I have not had an infected machine behind the firewall since I first installed and started using NGFW. I appreciate the network health reports, the infected devices report, they make my job a lot easier by providing the information right there in the interface. 

With the web category blocking turned on, I can set it and forget it so that inappropriate business content is not brought into my network, it makes it easier to ensure that time isn't being wasted on non-business-related activities.

I really want to see geo-blocking as a feature of NGFW. Way too many hacking attempts from other countries are coming from where we don't travel. In addition, would like to see the VPN use MFA easily, just as another layer of protection.  

Another area of improvement would be a click to block when there are attempted hacks. While the infected device blocking is a good start, you should block traffic from the originator of the traffic; it would be great to be able to do that with any traffic. 

Also, it would be helpful to set thresholds on attempts and then autoblock that traffic for X amount of time, or permanently.

I've used the solution for six years.

I have not had any issues with the device for the past six years; it has just worked.  By that I mean that unlike some cheaper firewalls (consumer grade), the Checkpoint NGFW is enterprise grade, I never had to reboot the firewall to get traffic working again, I would just leave it up and running until a firmware upgrade was available and after the upgrade, the firewall would automatically reboot, but aside from those times, firewall was on 24/7.

The solution is very scalable. There are a lot of different types of devices to choose from.

Anytime I needed support, they've worked with me until the issue has been resolved.  I'd give them an A+.

Positive

We used Watchguard, however, we needed better protection and also wanted to try out Check Point NGFW as I'd heard good things about it.

The initial setup was straightforward. I just needed to figure out how to migrate policies (recreate them) from a different vendor to Check Point. It was relatively easy to figure out and there has extensive documentation available.

We handled the initial setup in-house

Peace of mind is my real ROI.

The pricing is a little on the high side, however, the protection afforded is worth it.

I did not evaluate other solutions. I previously utilized devices from Sonicwall and Watchguard.

Do your research and size the appliance correctly.

It's a unified policy table that combines threat prevention and segmentation policies. 

Smart Event allows consolidated event management and exporting features is very useful when we need to deal in reports, since, for some time now, everyone has been working from home and on the firewall from Check Point. 

This function is implemented very conveniently and securely. The VPN over this firewall works as well as a standard VPN device. All in all, I'm delighted with their security solution. It is making configuring numerous layers of security policies easy to use and it always has been one of the things I liked most about their firewall solution.

Check Point firewalls are one of the most easy-to-use complete firewall solutions on the market. They protect our LANs against intruders, offer VPN for site-to-site connections, and haven't had a major issue in about 15 years. 

While not being cheap, their pricing models are competitive. 

A better approach to security focuses on prevention, blocking malware and other threats was difficult before they entered the network. By blocking the infection of “patient zero,” an NGFW with real-time prevention eliminates risk, damage, and cost to the organization.

It provides an SSL inspection facility. The SSL/TLS protocol improves the privacy and security of traffic by wrapping network communications in a layer of encryption and applying robust authentication. While this is a major benefit for data security, cyber threat actors also use SSL/TLS to conceal their activities on the network. An NGFW must go beyond signature-based detection to use technologies capable of detecting and remediating novel and zero-day threats.  

Sandboxing (including static, dynamic, and behavioral analysis) is great.

It's nearly impossible to add an exception for threat prevention services - like antivirus and anti-bot. You will be stuck with Indicators of Compromise marked as detect only, caching issues, and random effects. 

There is no clear way to report incorrect classification to support and a business is neither happy nor forgiving when they cannot receive mail from a crucial business partner. 

The KBs article should also be improved as all the global KB articles do not provide all the activity steps related to every issue.

I have been using this product for the last five years.

I have not used any other product.

The setup is very easy with minimal cost for licensing as well.

I have not used any other product.

Our primary use case for Check Point NGFW is as our internal firewall within the datacenter to route traffic within it as well establishing our rulebase for part of our datacenter.

We have also implemented some other nodes as ICAP servers only. They have been a great replacement even though the installation was not the easiest.

They are the last line of defense (or first depending on how you look at it) within our perimeter and are therefore a critical part of our system within the company.

Check Point NGFW have been a real rock in terms of reliability (except for Identity Awareness) and we have not had any issues in terms of CPU or memory usage as our model might have been overkill with how well it is able to process traffic and how easy and unimpactful it is when adding new blades to manage this traffic

One ability that Check Point has is that it is the first to provide us with the ability to use identities instead of using the traditional IP-based format, which allows way more flexibility in what we can do with the rule base.

Identity Awareness has been an absolute gamechanger in how we've been able to create rules within the company. It allows us to give access to certain resources in very specific ways that were not possible before.

The SmartConsole is a very powerful interface compared to many other competiting products, which allows us to seamlessly go from watching logs, to modifying the rule base and easily find what objects are used where or even check which logs are linked to a specific rule

Logs are very well parsed when sent to Splunk.

Identity Awareness has been a massive source of problems for our deployment and the ability to debug it has been lacking.

The VPN setup is definitely way harder than it should be. The wizard or anything surrounding it doesn't allow for a quick setup without having to read documentation or actually getting a project with an external company

Our gateways have not felt like a day older than when we first got them, on the other hand, our physical management server Smart-1 has been definitely showing its age as it is sometimes quite long to do anything on SmartConsole when it decides to act up.

I have been using Check Point since joining my current workplace - about 4 years ago.

In 4 years, we've only really had one big incident with availability that was due to a faulty network card, which was changed quickly once diagnosed.

Since we chose a model larger than our needs, we aren't looking for a scalable solution.

Customer service and support have been a bit hit or miss and it takes a while for escalation to happen, however, once it does happen, you get proper support right away.

Neutral

I was not present within the company when it was decided to switch from one solution to another, and actually our previous solution was Check Point as well - and it was just reaching its end of support.

I did not participate in the setup.

We used a vendor team along with our in-house team.

I would need to compare it with other solutions used in our environment, which I haven't done.

I'd advise users to only choose blades when they are absolutely necessary - unless getting a good deal with a package.

As mentioned, we switched from Check Point to Check Point.

For the Identity Awareness setup, try to follow Check Point guidelines from the start as it is really capricious and hard to debug.

The Check Point firewall is a reliable perimeter security product. Check Point gives me access to explore various security features in a single box (loaded with all features that an organization needs most). 

I can say I have been using it for one year and getting a grip on it and I will always try to implement it wherever it is required. 

When it comes to Check Point, there are great security features and a marvelous inbuilt design that caters to handling all threats, including zero-day attacks and perimeter security. I really like the user-friendly interface of the Smart Console dashboard and the maximum security is integrated.

The intruder blocking real-time is a great feature that does not even require policy installation or committing to something. This feature enables real-time attack mitigation along with full security access which helps our organization to improve its security factors. 

IPS detection is a big plus for me since it deeply scans the packet. 

URL fileting along with application control gives me the access to manage the least privilege to maximum rights on a single click.

The product provides multiple security layers that build upon each other, from the traditional security policy that is IP and port-based to application security, intrusion prevention, and their latest sandblast cloud-based malware detection. 

Everything is easily managed through their Smart Console dashboard. It's a very easy-to-understand dashboard that provides a detailed view. Check Point helps to resolve a lot of problems, such as showing our organization all known threats. 

It is easy to deploy and manage. 

The product offers a simple Web User Interface.

While not being cheap, their pricing models are competitive. In the pricing structure, however, they need improvement. 

I would love to see an SSL offloading feature that is not there right now. I am following many forums related to Check Point and it seems like they are going to launch it very soon. SSL Offloading will be very helpful for NBFC and for financial institutes.'

The Check Point NGFW OS is a historically grown OS. It has been on the market for a long time and has many releases. It is a very complex system. All features are done in software - no extra hardware chips are installed.

I have been using this solution for almost a year.

This solution is one of the best solutions in terms of stability.

It is highly scalable.

I have been using this solution from the start as it was recommended by my organization.

The pricing is a little bit high, although I have no issue with the licensing or setup. It is easy to use.

I have stuck to this solution as I read reviews before and it was all positive in regards to Check Point NGFW. I did not use a different solution.

The solution protects our internal network (traffic between VLANS) and also is used as a perimeter firewall in our on-premise and cloud environments. Also, we use functionalities such as IPS, ABOT, AV, VPN, and mobile access.

We have about 200 small branches distributed all over the world protected with 1,430 devices and connected via VPN to AWS Cloud Guard and Check Point firewall.

We also have endpoint protection in about 500 devices with firewalls, antimalware, antibot, anti-ransomware, threat emulation and prevention enabled, and also port control.

We have NGTX blades so that we have protection against known and unknown attacks (zero-day). In terms of protection, we passed from none to one of the most advanced protections in the market. 

Regarding endpoints, we can see a lot of prevented attacks and phishing attempts every day. We can see the whole solution running in our environment correctly.

We gained a lot of visibility of traffic patterns, destinations, and use of network (internal and external) resources due to the logs and views within the Smartconsole.

The centrally managed firewalls are great. We can save a lot of configuration time in configuration tasks. We have deployed about 200 devices in record time due to the fact that we use a unique policy for almost all of them.

Logs, Views and Reports are the most detailed compared to other vendors (FortiGate, etc.) We can see a lot of detail in the logs and also we can configure any report we need without any problem and in two clicks.

We can see that, for IPS signatures, we have updates every day, sometimes twice a day, so we see a lot of effort from the vendor. They really try to protect our environment from known attacks and vulnerabilities.

We try to not depend of the SMS application and leave it as a web application. Sometimes it takes a long time to authenticate and open correctly. It's a windows application, so you need a machine to install the application on.

If you have the standard support level, sometimes they take a long time to understand or even give you a solution or good workaround to a problematic situation. We had a problem in the past with a VPN blade that lead some devices to flap the VPN up and down. That case lasted 6 months as we were jumping between Check Point's internal departments in order to find a solution on our problem.

I've used the solution for eight years.

We are very happy regarding the stability. In last year, we only have had three problems regarding software bugs or stability problems.

They have a solution called Maestro where you can add devices in 10 minutes to scale the solution without doing a lot of configuration.

In our environment, we have a classic deployment so it's not as easy to scale; you need to do some configuration and have a maintenance window in which to do it. 

We have the standard support service. I can't say anything too bad and nothing too good. It's normal. Regarding customer service at the local office, I can say that it is very good. They have helped us a lot in deploying some complex characteristics without cost.

Neutral

We have Cisco, however, that's for networking and not security. 

The installation was done by a partner, however, it was very straightforward.

The product was implemented by a partner and their expertise was very good.

There are a lot of licenses for almost every feature, therefore, it's possible to buy only the licenses needed and not a bundle that would have unused features. That leads to savings in costs.

We have evaluated FortiGate, and we saw that it was more user-friendly, however, some characteristics we needed in regards to complex VPN deployments were only available from Check Point.