Check Point NGFW Reviews

I had 3200 appliances deployed in my company where we had two CMSs. We had multiple VSXs on those appliances due to the main firewall that we had on the VLAN. We also had an external firewall on the VLAN, which were used to monitor and allow the traffic within the network. That is how we were using it.

They have a new R81 in place. Currently, they also have R75 deployed in the environment, but they are planning to upgrade to R80.20 because that particular firewall has very high CPU utilization and there is no more support for R75. 

I like that it first checks the SAM database. If there is any suspicious traffic, then you can block that critical traffic in the SAM database instead of creating a rule on the firewall, then pushing that out, which takes time. 

The Anti-Spoofing has the ability to monitor the interfaces. Suppose any spoofed IP addresses are coming from an external interface, it won't allow them. It will drop that traffic. You have two options with the Anti-Spoofing: prevent or detect. If any kind of spoof traffic is coming through the external interface, we can prevent that. 

I like the Check Point SandBlast, which is also the new technology that I like, because it mitigates the zero-day attacks. I haven't worked on SandBlast, but I did have a chance to do the certification two years back, so I have sound knowledge on SandBlast. We can deploy it as a SandBlast appliance or use it along with the Check Point Firewall to forward the traffic to the SandBlast Cloud.

Working on Check Point for me looks simple. For the user or anyone else who is using Check Point, they are more into the GUI stuff. Check Point has its SmartConsole. On the console, you have to log into the MDS or CMS. Then, from there, you have to go onto that particular firewall and put in the changes. If the management console could be integrated onto the GUI itself, that would be one thing that I would recommend.

The ability for the multiple administrators to not do changes was fixed in R80.

I just changed companies six months back. I have been using Check Point for around two and a half years. I was working on the Check Point technologies in my previous company. I did the implementation of Check Point and was also monitoring the Check Point Firewall in my last company during firewall upgrades.

We had two Check Point Firewalls deploy in the HA. There was one particular change that we did regarding the FQDN objects. However, after deploying this new change, which already had multiple FQDN objects, the behavior of the firewall was changed in terms of the live traffic. Because after deploying the critical chain, the users were facing intermittent Skype and Office 365 issues. We checked the performance of the Check Point, which also decreased due to the FQDN objects that were pushed onto the firewall. Therefore, we had to reverse back the change in order to increase the performance, because it was utilizing 80 or 90 percent of it. Once we reversed that particular change, then it was working fine.

These firewalls are stable. The customer is looking forward to upgrading to the latest version of Check Point.

It is scalable.

The entire company network resides behind these particular firewalls. All of the users, if they wanted to go out onto the Internet, have to go through this firewall.

There are around five to eight people who worked for my team. We monitored the firewall. In case of issues, we would then go a call with the customer and troubleshoot that issue.

Sometimes, I faced issues while troubleshooting. In those cases, I did have to contact Check Point's technical support because some of those issues were complex. 

I would give the technical support a four out of five. They would get on the call and try to resolve that issue as soon as possible. 

Initially, I was working on the Cisco ASA Firewall, then I got an opportunity to work on the Check Point Firewall. The main difference is regarding the architecture. Check Point has three-tier architecture, whereas ASA doesn't have that architecture so you have to deploy every rule on the firewall manually. With Check Point, you have a management server and you can have that policy package pushed onto the other firewall, which is one of the key features of Check Point: You don't have to deploy every tool on the firewall manually. We can just push that particular policy package onto the new firewall based on global rules that we have Check Point. 

Every time, I had to deploy all of the rules and basic connectivity, SSH and SNMP management, on the ASA Firewall. Whereas, in Check Point, I can just go onto the global rules and put that policy onto the Check Point Firewall, then it will have all those global rules required in the company.

Check Point also has the Identity Awareness feature, which is using a captive portal. This is something good which I like. 

It was pretty easy and straightforward for me to deploy these firewalls.

It took around the 15 days to do the initial deployment and get the basic connectivity to the Check Point Firewalls. We had to send a field engineer to do the cabling and everything, like the data connectivity. It takes time to do all the network, cabling, etc. Once the basic connectivity is established, then we can move ahead with the implementation of the rules on the firewall. The company had an initial set of rules to follow for the setup.

We initially opened a case regarding the upgrade. Check Point's technical support was there on the call because the upgrade was going from version R77 to R81.10. This was a major update for the entire network, and they were there supporting us in case of any issues.

The customer feels more secure because they have two layers of security and comfortable working with this particular Check Point Firewall because they previously used Check Point R75. 

Pricing is fine. 

We had to get separate licenses for the different blades. It would be nice to have a feature where we can get the multiple licenses all-in-one instead. 

The licensing feature is good for the Check Point. It attaches to the management IP address of the central management server. So, you can remove that particular IP and then use that license on another device on some other firewall, if you want.

Compared to the Cisco ASA Firewall, the Check Point Firewall makes your work easier because you're not deploying the firewall, then pushing the policy, which takes time. Initially, when I was working with the ASA Firewall, we used to implement the firewall, then we used to hand it over to operations for the maintenance. So, I had to manually implement all of these rules, etc. 

When I learned about Check Point and had basic training for it, I got to know the architecture was different for the Check Point Firewall. You can just have a policy package and deploy that policy package on any of the firewalls that you want. It already has that particular set of rules, which makes your life easier while implementing the rules on the firewall, e.g., if there are multiple firewalls on the network that should have the same policy.

Anyone who is new to Check Point Firewalls should have the basic understanding and training so it becomes easy to deploy and implement. You can go onto YouTube and find various training videos regarding Check Point, where you can get a basic understanding of the Check Point Firewall.

I would rate this solution as an eight out of 10.

Check Point NGFW is being used as a security product in the environment. It is securing the IT infrastructure and delivering the services as expected. In the current world scenario, IT is becoming the backbone for every organization, and most business is highly dependant on IT so securing the IT infrastructure is becoming challenging. Check Point NGFW meets the expectations of our organization to secure the IT infrastructure as per organizational need. Check Point NGFW also gives many security features in single box which reduce your management complexities.

Our organization's primary need is to make information available and secure from an insider as well as outsider threats. Check Point NGFW can give you lots of security features on a single device that can be used as per the organization's need, you not need to procure separate security devices to strengthen the security. The organization also provides services like service providers so it becomes more critical to secure the IT environment and we believe Check Point NGFW family is meeting the requirement as per the expectation.

Advanced logging capabilities: Check Point generates extensive logs which may be very useful to figure out the issues. Its logs also contain too much information which can be used to modify the policy as per user need and organizational security environment. The same can be used to figure out probable attack surface or necessary steps for mitigation. 

Anti-spoofing security feature: Check Point has inbuilt by default enabled feature of anti-spoofing which reduces the attack surface from the spoofed IP addresses. 

IPS: Check Point IPS is one of the best products in the market.  

Management: Check Point should move away from its current architecture wherein it mandatorily requires a management server to manage the gateways. They should develop A feature in the gateway itself so that no management server is needed for policy and gateway management. They should leave it to the user whether they want to procure a dedicated management server or run the show with the gateway itself. It will also reduce the operation cost.

They should also optimize the packet mode feature like Cisco’s firewall packet tracer wherein it tells administrators which policy or rule is processing the intended traffic.

More than two years.

Check Point maestro is highly scalable, their other chassis base solutions are also scalable 

If you choose Check Point maestro platform they you need not to worry about the scalability.

They are very cooperative and supportive in nature. 

We were using an ACL based firewall which was traditional and not meets the current security expectation. So to meet the advance security requirement product like Check Point is needed.

It was straightforward.

Check Point authorised partner had been involved in the migration to avoid any operation issue 

Hard to calculate.

They should first understand their organization's needs and accordingly choose the product. In case if someone is not sure especially about sizing then they should use the Check Point maestro platform as it gives you the flexibility to augment the capacity on the fly without disrupting the existing running operation.

We have not evaluated any other option before Check Point. 

Check Point gives you flexibility and eases the management with meeting organisation’s security need. But before choosing proper sizing has to be done.

Our primary uses for the Check Point NGFW are network segmentation, identity awareness, and application control.

The most valuable features for us are identity awareness, IDS and IPS, and application control.

The speed of technical support is very slow and is something that should be improved.

We have been using Check Point firewalls for about 20 years.

There were times in the past when it wasn't as stable as it is now. However, with the current version, we have been running for the past year without any issues.

Our company has about 1,000 users that generate traffic that passes through the firewall. Beyond that, we haven't had much need to scale.

The technical support is very slow.

The two firewalls that we having implemented are Check Point and Fortinet.

I have also worked with Juniper but it does not have all of the advanced features that Check Point has, such as application control and identity awareness.

The initial setup is pretty simple. The amount of time required for deployment depends on the number of rules that need to be configured. The initial setup can be done in one day, and the post-setup configuration depends on the rules to be applied.

The initial setup was completed by a partner, who was a certified system integrator.

Our in-house team handles maintenance.

This product is not cheap and there are additional costs that depend on what model or package that you buy. If you need more features then you may have to buy additional modules. In our case, we knew what we wanted in advance so there were no additional costs.

Overall, I am pretty happy with Check Point firewalls. My advice for anybody who is implementing this product is to get somebody with experience to help choose the correct, stable version, and assist with the configuration. All of the new features take time to implement properly, but if the correct steps are followed then they won't run into problems when the system goes into production. 

I would rate this solution a nine out of ten.

We have a big environment with nearly fifteen multi-vendor clusters. We are using firewalls mainly for layer three access rules. But nowadays, application-layer-based security and threat prevention are also important. We are using IPS and antivirus blades actively, too.

In the Intrusion Prevention System blade, we are using a lot of different signatures and actions according to the impact, severity, and cost of the specified signature. The antivirus blade is also in the same logic as the Intrusion Prevention System.

Multilayered protection is provided thanks to Check Point. For instance, security is achieved both on the endpoint side, as well as the firewall side.

Another example is that we can prevent critical and high-risk applications from being reached through the internal network by utilizing the application blade.

All of the blades, except URL filtering, are in the same interface and provide big savings when leading the security operations.

Firstly, inline layer technology is helpful because it will classify the traffic according to different security groups. This means that we can isolate them totally and it will also prevent human error because you are limiting source, destination, service, and application parameters at the top of the inline layer rule.

Check Point is very administrator-friendly and the SmartDashboard is easy to use.

The Blades and security features are also very innovative and up-to-date.

With the IPS blade, the administrator can write signature-based exceptions for specific users. This provides flexibility to except specific connections from specific signatures.

The cloning and copy/paste operations are very useful.

The SmartUpdate interface is a little bit crowded if your company has a lot of software items.

As an administrator, one should know how to troubleshoot by issuing related CLI commands before or after upgrading gateways, or the management server, in case of a problem.

Hardware problems on Check Point devices, such as those related to NIC or disk problems, may occur at times. In cases such as this, the support team is available and does what is needed, including the RMA process if necessary.

We have been using Check Point for 10 years.

In my opinion, scaling is very important and it must be done ahead of time. I would suggest considering scale three years in advance, as opposed to just the present.

We did not use another solution prior to this one.

Licensing issues may be confusing at times.

We did not evaluate other products before choosing Check Point NGFW.

We use Check Point NGFW to provide more protection for our network from internal and external sources. I also work on creating checks, rules, troubleshooting, and generating daily reports.

Check Point NGFW makes it easier to handle and use the firewall efficiently. It helps protect our network from internal and external threats.

The firewall's default behavior of blocking all traffic, including a cleanup rule that blocks everything from external to internal sources, is highly valuable for protecting our network.

In the rule creation process, we need to decide on the source address, destination address, and services. There are improvements needed in this area.

I have used Check Point NGFW for one and a half years.

To maintain stability, I monitor high utilization and CPU usage, enabling and disabling connections as necessary.

Check Point NGFW is not scalable enough. However, it enhances performance with high availability, shifting to a secondary firewall if one fails.

When I can't resolve an issue technically, I consult with a senior engineer. I rate the technical support seven out of ten.

Neutral

I did not work with any other firewalls before Check Point. I am familiar with CCNA routing and switching.

The initial setup involves connecting cables, opening the IP address using a browser, and configuring the firewall. It takes about one hour.

Only one person is required for the deployment.

Check Point NGFW is very important because it is easier to handle and use.

I don't have information regarding the pricing, as it is considered an internal matter of the organization.

I did not evaluate any other options. I chose Check Point firewall based on my knowledge of CCNA routing and switching.

Check Point NGFW is easy to use, create rules, and take backups. It simplifies backing up and managing processes with click-and-go options.

I'd rate the solution seven out of ten.

I use the solution in my company for cybersecurity, securing perimeter networks, giving the user access to VPN, URL filtering, antivirus, sandblast, network segmentation, and monitoring purposes.

Regarding the benefits of using the tool, I would say we spend less time investigating security incidents because we have fewer of them to deal with because Check Point works quite well. The tool offers greater visibility when it comes to network traffic.

The solution's most valuable feature is its adaptability and configurable nature. The software's security posture, I would say, has reduced vulnerabilities than other vendors, and we value that greatly in our company.

The product's support is an area of concern where improvements are required. Sometimes, there are bugs in the software, and the speed at which the product resolves those bugs could be improved. The system is quite complex, and you need to be an expert to get the most benefits, making it an area where the tool could be improved.

It would be nice if Check Point could update its own agents, for example, VPN clients or identity clients. I think the product has a very large number of features.

The product's price is an area of concern, making it an area where I would like to see some improvements.

I have been using Check Point NGFW for a bit less than fifteen years. I use Check Point R81.20.

In the past three months, my company has had stability issues, but the impact was quite low, which is great because we have a cluster environment. When one node fails, the other one picks up the job. When changing from version to version, sometimes bugs show up that need to be resolved.

The tool allows you to add as many nodes as you like or can afford. If it is virtualized, you can also give it more resources.

In my company, I think we have four nodes, which are the main nodes, and then we have eight smaller regional nodes. We have around 260 users and 280 endpoints.

I rate the technical support a five or six out of ten.

Neutral

The product's initial setup phase was so long ago that I don't remember how it went. The product is not the most intuitive and easy to set up because of the large number of settings you can configure and the ways how you can configure those settings. Without an expert or consultant, I wouldn't recommend implementing the tool by yourself if you value your time and don't want a big downtime later.

The tool's ROI is almost impossible to calculate because it's a security product. If nothing happens, then you always feel like you are paying too much, but you don't know how the situation would change if you use cheaper firewalls and have to face a security breach.

The product's price is on the higher side but I also feel that it is more secure than the other solutions in the market.

In the past, my company had tested Fortinet and Sophos, but we did not migrate to them. Though the price of the firewalls from Fortinet and Sophos were better, from a security perspective, Check Point was better. In the recent years, there have been a lot of critical vulnerabilities detected in those firewalls and breaches because those vulnerabilities were detected and we didn't get them. So we value that greatly.

The tool requires maintenance. You need to update the product version. If we don't encounter any bugs in the installation process, I would say that the maintenance process is quite straightforward.

I recommend the tool to others. If you value your data and it is a mission-critical project, then Check Point is the right choice.

I rate the tool an eight out of ten.

We primarily use the product to block traffic at the application layer, limiting access to YouTube and social media during busy periods while allowing it during lunchtime or office hours.

The product's primary benefits include effective intrusion blocking and improved network management. 

I appreciate the support provided as well. It is highly reliable and has a prompt response time. 

The system's operation could be enhanced. I recommend developing a management console that can more efficiently handle multiple Check Point devices, as we have multiple appliances across different sites. 

We have been using Check Point NGFW since 2016 for approximately eight years.

There are occasional issues, but they are typically resolved with subsequent updates. I rate the stability a six out of ten. 

We have three sites where we use Check Point NGFW. The first site has about 1000 users, the second site has between 800 and 900 users, and the third site has approximately 100 to 200 users.

I rate the product scalability as two out of ten. Improvement is needed as it could be more convergent, particularly for on-premises solutions.

We are currently using Check Point, Palo Alto, and Cisco.

Check Point's advantages include its lower cost than Palo Alto. However, it requires maintenance of many parts, as it is only partially GUI-based. In contrast, Palo Alto is mostly GUI-based, simplifying operations for our IT security team.

The setup process was straightforward. Some aspects in terms of maintenance are easier due to the GUI-based interface.

We took help from a consultant for implementation. 

I recommend Check Point Firewalls. It is a solid product with reliable support and frequent updates.

I rate it an eight.

We use Check Point NGFW as a perimeter firewall.

The most valuable feature of Check Point NGFW is the unparalleled distribution of the network traffic. The central management station they have allows you to manage everything from one place.

Check Point NGFW could improve by introducing machine learning and more modeling dividing the way they manage the ports. However, they have evolved over the last year.

I have been using Check Point NGFW for approximately 15 years.

Check Point NGFW is a stable solution. However, similarly to many other solutions, the stability comes from the engineer that deploys it. It requires a knowledgeable engineer to implement it in the correct way. If you undersize it, for example, you can experience instability.

Check Point NGFW is scalable. The hyper-scale platform can scale up or scale-out. You can buy different powers and stack them.

Check Point NGFW has the most mature technical support in the industry. 

The Check Point company has been around for approximately 30 years and they have everything well documented, similar to other vendors, such as Juniper and Powervault.

I have used other solutions in the past, such as Palo Alto and it has been more expensive. 

The implementation of Check Point NGFW difficulty level depends on the environment. For example, from the initial deployment, it can be easy, but you have to keep your teams learning, they have to consider their traffic size and many other factors. However, the configuration can be difficult, you need a lot of knowledge. Integrating Check Point NGFW with different networks requires a lot of knowledge about the infrastructure.

There are competitors that have more expensive solutions than Check Point NGFW, such as Palo Alto. There are times when Check Point NGFW can have good offerings with a three-year license. The presence of Palo Alto has been heavily invested in marketing. 

From Check Point's perspective, I am not sure how they compared with other vendors. I'm not heavily involved in the process of the quotations.

I have evaluated other solutions.

Check Point NGFW is trying to innovate in the market, but all the other vendors in the market are doing more the same.

I rate Check Point NGFW a nine out of ten.