Check Point NGFW Reviews

I planned to block traffic from foreign countries, however, Check Point does not have the intelligence to determine VPN connections from foreign countries coming through the local VPN.

I also wish Check Point could be more effective by collaborating with Microsoft to establish a different connection for Outlook cellphones or devices not on the domain. I wish to hide my devices like cellphones only allowing them to connect via capsule, however, it applies to all devices. It works well.

It is an excellent, easy-to-acquire system to protect midsize businesses with up to 100+ users that require a security solution that can scale across corporate networks and give us protections against GenV cyberattacks as the business grows. 

What I recommend the most is its central administration. With the smart controller, you can manage all your firewalls from one location. 

Being able to access almost everything in one location manage all your gateways and get all your logs is great. For me, it's the best feature to work with.

The solution is great for cyber attack prevention, data bridges, and other threats. You need intelligent and effective solutions to minimize cyber attacks and Check Point gave me peace in December when they had an unidentified log4j vulnerability.

Our main benefit was the elimination of a server/VM from our data center and the usage of a cloud solution.

Having all the features on the cloud was also a benefit since some products when migrated to cloud solutions lose some features  - but not his one.

The setup is a little bit rough and requires some technical expertise, however, this is expected with a solution as complete as a firewall and especially a Check Point one.

Sometimes debugging is a hassle. We've had issues with VPN debugging in the past. In the more recent versions, later than R80.10, this seems not to be an issue anymore. 

This year we tried to debug performance issues of the gateways, which was cumbersome. When we finally found the performance bottleneck, it was a licensing issue. 

Check Point uses CPU-based licensing for OpenServer, and buying more licenses helped. However, this is the reason we're upgrading to Check Point appliances next year, as OpenServer becomes pricier every year, and Check Point pushes their customers to use their appliances.

I've used the solution for three years.

We use Check Point firewalls as perimeter firewalls which are restricting the organization's incoming and outgoing traffic and taking advantage of the redundancy capacity of internet providers, which provides fault tolerance when an internet provider has a fault. 

In addition, we use it for the publication of services and with an event viewer that allows us to view alerts about behavior and unusual traffic inside and outside the network. URL filtering and application control are perfect complements to the packet filtering that it offers as a firewall solution.

Check Point offers a reliable firewall solution with VPN options that have allowed us to establish secure and stable connections with other companies and users in a very simple way.

Simple and centralized administration has allowed us to manage all the firewall nodes from a single console, facilitating the deployment of firewalls through the network, since a large part of the configurations and access rules, as well as the protection controls, are managed from a single console and via centralized maintenance.

Check Point is a robust and reliable security solution, whose architecture and design allow centralized administration with a graphical interface that facilitates its management. 

The way in which it manages the nodes within a cluster architecture is excellent, offering fault tolerance which is, in my experience, practically imperceptible when one of the nodes fails. This is thanks to the fact that it maintains a table of shared connections between the nodes and the large number of variables that it takes into consideration to validate the health of the nodes.

As a firewall, Check Point is a great solution and in my experience, there is little that I could indicate how to improve.

That said, a point where it could improve is in the redundancy of the ISP. It should allow more than two internet providers in its configuration of "ISP Redundancy". This redundancy could be managed from variables such as the automatic calculation of the load level between internet lines or load distribution between internet lines in periods of pre-established hours, etc. All could be handled from the same graphical interface.

I have been using Check Point for more than 11 years.

Its stability is one of the selling points. It allows us to have great confidence in Check Point solutions.

The performance is excellent in the new appliances. The solution is very scalable and easy to integrate.

They have a good response time and their personnel have a good technical mastery.

I was using ASA, however, we switched to Check Point as it offered a centralized interface for managing all nodes in addition to having an excellent graphical interface that facilitates day-to-day operational activities.

The initial configuration is very simple and intuitive. Check Point offers a graphical configuration interface that makes the process simple and it is complete in just a few steps.

The provider we have used has highly qualified staff and offers excellent and professional services.

It has an acceptable cost considering the stability and the benefits that Check Point solutions offer.

We did not really look at other options. We are very confident with Check Point solutions and we take the stability it offers very seriously.

You must consider Check Point as your first NGFW option. 

We use a remote access VPN, and this is a perimeter firewall for our data center to secure our servers and internal applications. We are using model G-6600.

Check Point is awesome from a security standpoint. Based on our experience and also the experience of the other customers, it is a very stable appliance.

It should be user-friendly from an implementation point of view. Its setup is a little bit difficult.

I have been using this solution for four years.

From a security standpoint, it is very stable, and I would rate it a nine out of 10. I don't have any issues with it.

At present, we have 30 for our distribution. So, it is pretty scalable.

Their support is good. Their L1 and L2 support across the globe is great. L3 support is with the Israel team, and they have the right competency to troubleshoot it. Sometimes, when something needs to be done in the software in detail, we need to wait for people to come online from Israel. I would rate their L3 support a six out of 10 because we need to wait for the team from Israel to come online.

It is a little difficult to set up. We need a really skillful engineer to manage it. After we have onboarded it correctly, it is very easy to manage, and it is very secure. Initially, we had some challenges and issues, and when we got the right resource and support from the vendor, they all got resolved. It took four or five days.

It should be user-friendly from an implementation point of view. I would rate it a six out of 10 in terms of implementation.

I would recommend this solution. From a security standpoint, Check Point is the best product, but a customer should have the right skillsets to onboard and manage this.

I've been working with multiple customers in India, and I don't see any specific features that they need. It has covered pretty much everything.

Overall, I would rate it a seven out of 10.

We primarily use the solution for perimeter security - including DMZ and as an internet firewall. We use Check Point Firewalls as the first line of defense from the internet and they are also used to segregate the internet, DMZ, and internal networks. Check Point VSX technology is used to split the hardware into multiple virtual firewalls to cater to different environments so they are well segregated. We have BGP running on the firewalls, such as all of our network devices in our environment, to learn and advertise routes. Check Point does a decent job with BGP and does an excellent job as a perimeter firewall.

Check Point was brought into our environment as a perimeter security device to replace the Juniper NetScreen which was originally used as the perimeter firewall. When Juniper announced the end of life of NetScreen devices, we decided to go with Check Point mainly because of the ease of management and also because Check Point was an Industry leader and Juniper was still in the initial stages of building their own firewalls using JunOS. With the introduction of Check Point with the VSX features, we could use BGP instead of the tedious static routes that we had in place with the old NetScreen.

The VSX has been great. The ability to split single hardware into multiple virtuals along with support for dynamic routing using BGP is very useful for our environment.

We like the management console. The Check Point smart dashboard has made things easier for administration and we've been able to manage all the Check Point devices from one place which is very useful.

The operations support is great. There is a smart log system that is very good for troubleshooting and reporting. We also use the CLI for troubleshooting purposes (for the likes of FWMonitor and tcpdump) while the FW rules are managed via the smart console which does wonders for operations support.

It is common for any network device to compromise on stability when more and more features are packed into it. It may work for small organizations when they want a single device to do everything for security. However, it is a big issue for us as a large financial institution when even a small outage costs dearly. Check Point, being our perimeter firewall, has failed quite a few times mainly when handling BGP. I would like less CPU-intensive features to be introduced to replace the existing heavy-duty processes. They may already have a lot of features, so the enhancement of existing features could focus on robustness rather than introducing new features.

I've been using the solution for three years.

With the upgrade to R80, the solution has become more stable. We have had outages because of the gateways failure while running BGP with older versions. After the upgrade, we havent had such outages.

With the latest upgrades of R80, Check Point has bettered its performance, and hence, scalability has improved a lot. Also, there are multiple NG features that can be utilized that makes it more suitable for multiple solutions.

They offer very good customer support; they're always available and capable.

We previously used NetScreen and they were at their end of life.

Check Point has its own design that is a little complex compared to other products. This has a 3-tier architecture and we need management servers and gateways separate. I would still say its not much of a hassle building it.

We handled everything through Check Point PS. They were very good.

I can't really comment, as I do not have much idea about this space.

The solution is priced well in the market in order to compete with the other products.

I wasn't in the organization when the evaluation happened. However, I know Juniper SRX was one of the solutions looked at as we are using them for our internal firewalls.

We deployed a Check Point firewall on the perimeter as well as on the internal network. Both are in HA & we have enabled all threat prevention blades. All devices are 5600 & 4200. We are managing our two firewalls with two different security management servers.

Currently, we are using the R80.20 firmware version and we have a pretty simple design.

Our primary uses are firewall security, VPN, web filtering & monitoring. We have also used the TE-100X appliance for private cloud sandboxing.

With Check Point, we achieved redundancy but the problem was three public IP addresses that were required to be configured as HA, with two physical IPs & one virtual IP.

Our previous firewall used a single public IP but now, with Check Point using three, it became very difficult for us to make available the same segment of public IP addresses from our ISP. After many support calls, however, we found a solution.

The other option which is helpful is that there are no limits for any objects used in the policy. Our previous firewall does support limited time objects & IP address objects.

Check Point's new Smart dashboard has an all-in-one configuration interface. They provide a very easy configuration for NAT and one tick for source & destination NAT is possible.

Policies can be configured in a more organized way using a section & layered approach.

Application control has all of the required application data to introduce it into policy and the URL filtering works great, although creating regular expressions is complicated.

The software upgrade procedure is very easy; it just needs few clicks & we are done.

Check Point has both GUI (Graphical Interface) & smart dashboard, but it will be better if it sticks to either one of them. 

A threat prevention policy needs to be created in a different tab but instead, if those policies could be related to access policy then it will be easier to apply the threat prevention to our relevant traffic.

One of the most complicated aspects is the VPN Configuration, which should be simplified in future releases. The monitor tab should have a VPN tab, where we can see the current tunnel status.

I have been using Check Point NGFW for more than the last three years.

With respect to stability, we always have ongoing support calls. We have faced lots of issues that have led to upgrading with a Hotfix.

When it comes to scalability, our current Check Point is far better than our previous firewall.

Technical support is very helpful & always there to help us with issues. Also, the TAC response is quick.

Previously, we had a Fortinet firewall, which was pretty slow when it came to operations.

The initial setup was simple.

We implemented the firewalls with our in-house team.

Check Point should provide some basic license for mobile access VPN by default, for at least five to ten users.

The only other vendor that we have evaluated is Fortinet.

This is a complex high availability solution growing by over 100% per year. The complexity of the business environment made the ability to increase capacity without having to remove previous hardware much easier.

We have a large online presence with users needing realtor access to our environment. 

The improvements to our business are easy to explain. It is faster, easy to use, and there are multiple capabilities all in one box. The best examples are the endpoint and anti-virus options.

The ability to add more firewalls and increase the capabilities, rather than remove the hardware, is an exceptional step forward. No competitor was able to compete with this. Not having to continually replace hardware year after year was a massive driver in the decision-making process. The throughput going up by 100% with each added device is exceptional.

There are many features we have found good.

The best feature is the ability to increase the capacity of the solution by exactly what you add, not losing anything for High Availability. This feature alone will save us as we increase the number of devices in the stack.

Having so many top-end products in one box also assists in managing this device. URL filtering and anti-virus and other services are easy to deploy but assist in getting your company a good name.

The Infinity product seems amazing but we have a long way to go before saying it is successful.

One of the biggest disappointments is the GUI. I felt it was a little bit more clunky than some competitors. The screens don't flow as easily as they should. Improving user experience will further elevate this product.

The way the management console operates is not user-friendly, either. It needs to become less intrusive. The user experience is not as high as it should be due to the problems with the user interface. The newer products in the range seem to address my concerns, which I have had for even the older products.

I have been using Check Point NGFW for six months.

Having leading-class firewalls with massive growth possibilities made the purchasing decision much easier. Having carried out a few PoCs, the obvious decision was the Check Point solution of Maestro and 6500s in a high availability environment.

The primary use case of this solution is to protect the organization's LAN network from cyber threats.

With the help of Check Point NGFW, we are able to prevent attacks like phishing, ransomware, zero-day attacks, malware, etc.

The thing I like about this product is its capability of auto NAT and auto zone detection.

Service support can be improved.

I've been using the solution for the last year. 

The stability is the best.

The scalability is good.

Customer service and support can be improved.

Neutral

No, I did not use a different solution. 

The initial setup is easy.

We implemented it through our in-house team.

For the current market situation setup cost, pricing, and licensing look fine.

No, I did not evaluate other options.

We brought all of our cloud platforms to Microsoft Azure. We needed a tool that would give us the security of regulating access control so that we could monitor our environment in case something was penetrating our internal network.

This was the primary movement for which the Check Point NGFW tool was acquired since we needed our collaborators to have secure access to the company's resources and applications since this tool provides us with the alerts and corrections that must be made when finding a security breach in our environment.

Check Point NGFW also provides a great capacity of features that help us apply them to the organization. It has web filtering limited to third parties, SSL encryption, and the application's administration is very simple and centralized since it helps us a lot in reporting and generating alerts.

The organization needed a tool that would provide various security functionalities in the organization, and so far, Check Point NGFW has helped us a lot. It has helped us by applying access control policies and limiting access to third parties and only those who must enter the organization to use resources and applications.

The application behaved very well with the Azure resources in the cloud; it helped us to prevent several security holes found with web filtering and internal DDoS attack.

Check Point NGFW can quickly identify where the attacks are coming from, provides detailed and complete information on the attacks, and provides zero-day attacks in real-time.

One of the valuable characteristics of Check Point NGFW is that it presents very centralized management. Due to this, it's improved our security throughout the organization and outside of it. Many collaborators work from their homes or different places and help us filter, limit of access to packet inspection with flexibility and speed that was not previously possible.

Other characteristics are the records that it shows us and generates depending on its configuration and they are very visible to be able to attack and correct in time, or when superiors ask us for administrative information in that part it provides great value.

As such, the tool provides what is expected in its security functionality. However, some points must be improved, such as the latency in the GUI entry. It takes a while to register and allow access to the administrative panel.

Another point where customer service should be improved, both in the administrative and technical fields. Support cases have been generated several times, and it takes time for the case to be resolved. In addition to that, the solutions need to attend to us. It takes a long time to coordinate a call since they do not handle a comprehensive schedule.

This solution has been used for approximately one year in the company.

The stability of the tool is good. We have not presented any problem even when an update is made.

The scalability presented by the tool is very good and flexible.

The experience has not been very good. That is one of the points that must be improved.

Positive

There was no type of tool that would supply these qualities.

The configuration of the tool is very simple and quick to install.

The installation was done jointly with an engineer provided by the supplier, and his capacity was good.

The prices are competitive. However, it is worth making an investment since, in the future, the profit will be seen against any environmental attack.

Check Point manages a good cost in its products and it is worth making the investment since this can prevent a collapse in the organization.

Check Point was always our first option. With this type of solution, many security teams are from Check Point.

The tool behaves well. The only improvement that I have seen that is necessary is to improve the latency when entering the application and they must improve the support.