Check Point NGFW Reviews

We use the solution for full-scale integration and end-to-end management at the organization. The Check Point NGFW implementation took place quite smoothly.

Check Point NGFW is the best in terms of comprehensive protection against network threats and security against malware and phishing attacks. It smoothly restricts these via anti-phishing algorithms.

Check Point NGFW source package covers all the bases - application control, NAT, DLP, routing, content awareness, VPN, desktop security, and much more.

It is scalable, provides end-to-end resolution and customized productive services like providing a complete solution for perimeter protection that
blocks the traffic based on an IP address or on applications
and content. This makes Check Point NGFW highly promising and makes it a complete solution.

Check Point NGFW is the best in terms of comprehensive protection against network threats, malware, and phishing and smoothly restricts these via anti-phishing algorithms.

The source package covers all the bases - application control, NAT, DLP, routing, content awareness, VPN, desktop security, et cetera.

It provides end-to-end resolution. It is a customized productive service and a complete solution for perimeter protection that blocks traffic based on IPs, applications, and content.

The most valuable services it provides are end-to-end resolution and perimeter protection; It blocks traffic based on IP address, applications, and content.

Check Point NGFW is best in terms of comprehensive protection against network threats, malware, and phishing. It has great anti-phishing algorithms.

They could improve by lowering prices. The source package is a bit more expensive than its competitors. 

We've had some downtime issues.

It could be more generalized and user-friendly in terms of its support portal for raising tickets. Ads management should all just be on a single click.

Overall Check Point NGFW is highly scalable and provides end-to-end resolution and a wide range of customized productive services with a huge community and team behind it.

I've used the solution for about 1.5 years or so.

I hadn't gone through any such solution earlier. I just tried in-built system solutions.

Check Point NGFW integration is quite smooth in terms of licensing. They are a bit more expensive, yet they are overall a strong product and a must-have for professionals.

No, I did not go through software review websites for recommendations and software services outlooks.

Check Point NGFW is highly scalable. It has a wide range of customized productive services with a huge community and team behind its technology.

We needed a perimeter solution that would add value to our organization by safeguarding our information, equipment, users, and all the infrastructure we have within our entire organization. We needed something that, in the future, had the capacity to be scalable as well as something that was easy to configure. We wanted to ensure that it could be configured in a way that, if high availability is required, it would be fine. In that search, we decided to try the NGFW from Check Point.

With the Next-Generation Firewall disable solution, we have been able to solve not only the issue of perimeter security. We have also managed to incorporate a real-time search and analysis into our organization, which allows us, in some cases, to even enable the emulation capacity and solution in real-time. 

It is giving us a greater reach for greater prevention and is proactively protecting our employees. 

Check Point is a business ally in our organization. We have many users outside of it who are dedicated to the sales part. In my case, in my experience, I have been learning about the solution for a short time. That said, it has been a learning experience and constant evolution as I learn to function in this new position.

The most valuable feature is the ability to emulate the attacks of all those attachments or events that we have. That way, we can find a quick and easy way to clean, examine, and analyze what is happening within our organization. It ensures the end user is given an attachment that is a clean document - both safe and reliable. 

Today, Check Point invests a lot in technology, and that gives us the best security and clear confidence that we are working with a first-world company that will always be at the forefront of security and analysis. They protect us as an organization by providing us with quality services every day.

Innovation is one of the most important things they must adhere to. I have liked seeing how innovation evolves and how security teams protect themselves proactively while always being efficient. Hopefully, in the future, these will be much more plug-and-play and orchestrated from a single administration console. 

Today, I am learning a lot about the cloud. I know that this is one of the solutions that can be placed in any cloud, so we will soon see if it will continue with the virtualization of Web3 equipment.

I've used the solution for seven months.

We use Check Point NGFW as a perimeter firewall.

The most valuable feature of Check Point NGFW is the unparalleled distribution of the network traffic. The central management station they have allows you to manage everything from one place.

Check Point NGFW could improve by introducing machine learning and more modeling dividing the way they manage the ports. However, they have evolved over the last year.

I have been using Check Point NGFW for approximately 15 years.

Check Point NGFW is a stable solution. However, similarly to many other solutions, the stability comes from the engineer that deploys it. It requires a knowledgeable engineer to implement it in the correct way. If you undersize it, for example, you can experience instability.

Check Point NGFW is scalable. The hyper-scale platform can scale up or scale-out. You can buy different powers and stack them.

Check Point NGFW has the most mature technical support in the industry. 

The Check Point company has been around for approximately 30 years and they have everything well documented, similar to other vendors, such as Juniper and Powervault.

I have used other solutions in the past, such as Palo Alto and it has been more expensive. 

The implementation of Check Point NGFW difficulty level depends on the environment. For example, from the initial deployment, it can be easy, but you have to keep your teams learning, they have to consider their traffic size and many other factors. However, the configuration can be difficult, you need a lot of knowledge. Integrating Check Point NGFW with different networks requires a lot of knowledge about the infrastructure.

There are competitors that have more expensive solutions than Check Point NGFW, such as Palo Alto. There are times when Check Point NGFW can have good offerings with a three-year license. The presence of Palo Alto has been heavily invested in marketing. 

From Check Point's perspective, I am not sure how they compared with other vendors. I'm not heavily involved in the process of the quotations.

I have evaluated other solutions.

Check Point NGFW is trying to innovate in the market, but all the other vendors in the market are doing more the same.

I rate Check Point NGFW a nine out of ten.

It's a unified policy table that combines threat prevention and segmentation policies. 

Smart Event allows consolidated event management and exporting features is very useful when we need to deal in reports, since, for some time now, everyone has been working from home and on the firewall from Check Point. 

This function is implemented very conveniently and securely. The VPN over this firewall works as well as a standard VPN device. All in all, I'm delighted with their security solution. It is making configuring numerous layers of security policies easy to use and it always has been one of the things I liked most about their firewall solution.

Check Point firewalls are one of the most easy-to-use complete firewall solutions on the market. They protect our LANs against intruders, offer VPN for site-to-site connections, and haven't had a major issue in about 15 years. 

While not being cheap, their pricing models are competitive. 

A better approach to security focuses on prevention, blocking malware and other threats was difficult before they entered the network. By blocking the infection of “patient zero,” an NGFW with real-time prevention eliminates risk, damage, and cost to the organization.

It provides an SSL inspection facility. The SSL/TLS protocol improves the privacy and security of traffic by wrapping network communications in a layer of encryption and applying robust authentication. While this is a major benefit for data security, cyber threat actors also use SSL/TLS to conceal their activities on the network. An NGFW must go beyond signature-based detection to use technologies capable of detecting and remediating novel and zero-day threats.  

Sandboxing (including static, dynamic, and behavioral analysis) is great.

It's nearly impossible to add an exception for threat prevention services - like antivirus and anti-bot. You will be stuck with Indicators of Compromise marked as detect only, caching issues, and random effects. 

There is no clear way to report incorrect classification to support and a business is neither happy nor forgiving when they cannot receive mail from a crucial business partner. 

The KBs article should also be improved as all the global KB articles do not provide all the activity steps related to every issue.

I have been using this product for the last five years.

I have not used any other product.

The setup is very easy with minimal cost for licensing as well.

I have not used any other product.

Our primary use case for Check Point NGFW is as our internal firewall within the datacenter to route traffic within it as well establishing our rulebase for part of our datacenter.

We have also implemented some other nodes as ICAP servers only. They have been a great replacement even though the installation was not the easiest.

They are the last line of defense (or first depending on how you look at it) within our perimeter and are therefore a critical part of our system within the company.

Check Point NGFW have been a real rock in terms of reliability (except for Identity Awareness) and we have not had any issues in terms of CPU or memory usage as our model might have been overkill with how well it is able to process traffic and how easy and unimpactful it is when adding new blades to manage this traffic

One ability that Check Point has is that it is the first to provide us with the ability to use identities instead of using the traditional IP-based format, which allows way more flexibility in what we can do with the rule base.

Identity Awareness has been an absolute gamechanger in how we've been able to create rules within the company. It allows us to give access to certain resources in very specific ways that were not possible before.

The SmartConsole is a very powerful interface compared to many other competiting products, which allows us to seamlessly go from watching logs, to modifying the rule base and easily find what objects are used where or even check which logs are linked to a specific rule

Logs are very well parsed when sent to Splunk.

Identity Awareness has been a massive source of problems for our deployment and the ability to debug it has been lacking.

The VPN setup is definitely way harder than it should be. The wizard or anything surrounding it doesn't allow for a quick setup without having to read documentation or actually getting a project with an external company

Our gateways have not felt like a day older than when we first got them, on the other hand, our physical management server Smart-1 has been definitely showing its age as it is sometimes quite long to do anything on SmartConsole when it decides to act up.

I have been using Check Point since joining my current workplace - about 4 years ago.

In 4 years, we've only really had one big incident with availability that was due to a faulty network card, which was changed quickly once diagnosed.

Since we chose a model larger than our needs, we aren't looking for a scalable solution.

Customer service and support have been a bit hit or miss and it takes a while for escalation to happen, however, once it does happen, you get proper support right away.

Neutral

I was not present within the company when it was decided to switch from one solution to another, and actually our previous solution was Check Point as well - and it was just reaching its end of support.

I did not participate in the setup.

We used a vendor team along with our in-house team.

I would need to compare it with other solutions used in our environment, which I haven't done.

I'd advise users to only choose blades when they are absolutely necessary - unless getting a good deal with a package.

As mentioned, we switched from Check Point to Check Point.

For the Identity Awareness setup, try to follow Check Point guidelines from the start as it is really capricious and hard to debug.

The Check Point firewall is a reliable perimeter security product. Check Point gives me access to explore various security features in a single box (loaded with all features that an organization needs most). 

I can say I have been using it for one year and getting a grip on it and I will always try to implement it wherever it is required. 

When it comes to Check Point, there are great security features and a marvelous inbuilt design that caters to handling all threats, including zero-day attacks and perimeter security. I really like the user-friendly interface of the Smart Console dashboard and the maximum security is integrated.

The intruder blocking real-time is a great feature that does not even require policy installation or committing to something. This feature enables real-time attack mitigation along with full security access which helps our organization to improve its security factors. 

IPS detection is a big plus for me since it deeply scans the packet. 

URL fileting along with application control gives me the access to manage the least privilege to maximum rights on a single click.

The product provides multiple security layers that build upon each other, from the traditional security policy that is IP and port-based to application security, intrusion prevention, and their latest sandblast cloud-based malware detection. 

Everything is easily managed through their Smart Console dashboard. It's a very easy-to-understand dashboard that provides a detailed view. Check Point helps to resolve a lot of problems, such as showing our organization all known threats. 

It is easy to deploy and manage. 

The product offers a simple Web User Interface.

While not being cheap, their pricing models are competitive. In the pricing structure, however, they need improvement. 

I would love to see an SSL offloading feature that is not there right now. I am following many forums related to Check Point and it seems like they are going to launch it very soon. SSL Offloading will be very helpful for NBFC and for financial institutes.'

The Check Point NGFW OS is a historically grown OS. It has been on the market for a long time and has many releases. It is a very complex system. All features are done in software - no extra hardware chips are installed.

I have been using this solution for almost a year.

This solution is one of the best solutions in terms of stability.

It is highly scalable.

I have been using this solution from the start as it was recommended by my organization.

The pricing is a little bit high, although I have no issue with the licensing or setup. It is easy to use.

I have stuck to this solution as I read reviews before and it was all positive in regards to Check Point NGFW. I did not use a different solution.

The solution protects our internal network (traffic between VLANS) and also is used as a perimeter firewall in our on-premise and cloud environments. Also, we use functionalities such as IPS, ABOT, AV, VPN, and mobile access.

We have about 200 small branches distributed all over the world protected with 1,430 devices and connected via VPN to AWS Cloud Guard and Check Point firewall.

We also have endpoint protection in about 500 devices with firewalls, antimalware, antibot, anti-ransomware, threat emulation and prevention enabled, and also port control.

We have NGTX blades so that we have protection against known and unknown attacks (zero-day). In terms of protection, we passed from none to one of the most advanced protections in the market. 

Regarding endpoints, we can see a lot of prevented attacks and phishing attempts every day. We can see the whole solution running in our environment correctly.

We gained a lot of visibility of traffic patterns, destinations, and use of network (internal and external) resources due to the logs and views within the Smartconsole.

The centrally managed firewalls are great. We can save a lot of configuration time in configuration tasks. We have deployed about 200 devices in record time due to the fact that we use a unique policy for almost all of them.

Logs, Views and Reports are the most detailed compared to other vendors (FortiGate, etc.) We can see a lot of detail in the logs and also we can configure any report we need without any problem and in two clicks.

We can see that, for IPS signatures, we have updates every day, sometimes twice a day, so we see a lot of effort from the vendor. They really try to protect our environment from known attacks and vulnerabilities.

We try to not depend of the SMS application and leave it as a web application. Sometimes it takes a long time to authenticate and open correctly. It's a windows application, so you need a machine to install the application on.

If you have the standard support level, sometimes they take a long time to understand or even give you a solution or good workaround to a problematic situation. We had a problem in the past with a VPN blade that lead some devices to flap the VPN up and down. That case lasted 6 months as we were jumping between Check Point's internal departments in order to find a solution on our problem.

I've used the solution for eight years.

We are very happy regarding the stability. In last year, we only have had three problems regarding software bugs or stability problems.

They have a solution called Maestro where you can add devices in 10 minutes to scale the solution without doing a lot of configuration.

In our environment, we have a classic deployment so it's not as easy to scale; you need to do some configuration and have a maintenance window in which to do it. 

We have the standard support service. I can't say anything too bad and nothing too good. It's normal. Regarding customer service at the local office, I can say that it is very good. They have helped us a lot in deploying some complex characteristics without cost.

Neutral

We have Cisco, however, that's for networking and not security. 

The installation was done by a partner, however, it was very straightforward.

The product was implemented by a partner and their expertise was very good.

There are a lot of licenses for almost every feature, therefore, it's possible to buy only the licenses needed and not a bundle that would have unused features. That leads to savings in costs.

We have evaluated FortiGate, and we saw that it was more user-friendly, however, some characteristics we needed in regards to complex VPN deployments were only available from Check Point.

We use five NGFWs for four of our sites, with our primary site having an active/backup HA pair. All sites are running anti-virus/malware/bots as well as HTTPS Inspection, IPS/IDS, threat emulation, application filtering, and identity awareness. These are our first line of defense at the perimeter of our network and we have seen a decrease in the number of detections on our endpoints. We've also implemented these firewalls to handle our external VPN connections from remote clients. We've had a few small hiccups, however, there was nothing Check Point support wasn't able to resolve.

This solution has improved our organization by allowing us to use one management point where everyone can see the current state, future changes, and logging for our perimeter. We've been able to streamline our staff to use one primary and two backup users for support. Previously, we did not have a good way to allow Remote Users to VPN directly to our network. Once we implemented and worked with Check Point, they showed us what their solution was capable of and worked with us to allow 300 remote workers to connect to our network and share policies. 

We've found threat emulation, application control (with identity awareness), and HTTPS inspection to be the most valuable aspects. It allows managers the flexibility to grant access to high-risk sites based on groups/roles and yet still be protected with threat emulation and HTTPS inspection. We've seen the rate of detection on our endpoints plummet. 

I've found that, over the last 4 years, they have constantly improved the user interface (SmartConsole) as they have moved away from four Control panels for different functions and are constantly adding new features with no impact on our availability during upgrades.

The improvement could come from better monitoring of traffic data in and out of the firewall. I'd also like to see more built-in automation in regards to activity against the firewall to trigger an automatic response for a period of time.

There is currently no way to allow a user to have access for X period of time. I also find that keeping up with the IPS additions to be a three-stage process which includes having to go to email to see new updates, reviewing those updates on the firewall, and then making necessary changes. I would like to see these new IPS updates shown as a notification when I log in (as an alert) so I can review and modify from one pane.

I have been using this solution for four years, however, they've been installed for six years at our company.

In the four years I have worked on the five firewalls we have not had any downtime caused by stability issues. We've had more issues with our ISP/people hitting the ISP equipment, for example there have been three accidents at the near by intersection that has damage the network cabinet or digging has cut the line.

We haven't had any issues where the Firewall has had a memory leak, rebooted, corrupted or had a NIC fail. 

Our team didn't account for a vast increase in workload as new features were added to our firewall (HTTPS inspection, threat emulation, etc.) and therefore we bought the lowest tier for what we thought we would need. We've found that this is a little too strenuous on our gateway and are working on purchasing more powerful firewalls based on the recommendation of our local Check Point engineer.  

I've always been able to get in contact with Check Point at the right level within their SLA. Everyone has been helpful with tickets requiring escalation.

Positive

I have not been here while a different solution has been used. We do use a separate brand of firewall internally to prevent an exploit against Check Point, allowing someone to penetrate the perimeter and the internal firewall containers.

I was not involved with the initial setup. That said, I have brought up three new sites, and adding a new firewall to our infrastructure has gone off without a hitch.

We handled the implementation in-house.

Check Point Firewalls are more expensive from what I have seen compared to the competition and the yearly licensing does periodically increase. We've seen an increase of 8% over one year (new features were wrapped into the license). 

I was not involved with the evaluation process; I was told that Cisco Firewalls and SonicWall were evaluated at that time.

You're paying a premium price, for what is a premium product and support. I have opened several tickets with their support team and have had excellent service each time.