Try our new research platform with insights from 80,000+ expert users
PeerSpot user
Security IT at a tech services company with 51-200 employees
Real User
Top 20
Easy to implement - NGFW CheckPoint
Pros and Cons
  • "There is modern protection against current threats."
  • "The documentation could be better."

What is our primary use case?

This is a very good application to be able to provide security to our infrastructure in Microsoft Azure. The provisioning through the Azure templates was very good. It is exactly the same security application of Check Point gateways as the one on-premises.

Now we can use the tool to provide granular security between subnets or generate VPNs against other offices, all with the great security that the manufacturer provides us.

The application control provided by the gateways is also very good for our objectives, which were to block some general access applications or categories that are prohibited by the business.

How has it helped my organization?

This security tool helps us a lot in the public cloud environment. We can provide perimeter security in the environment now.

We have been able to implement server policies, DMZ subnets, and updates, among others, that are not available for all VNETs, subnets, or servers, and with this, we have greater control.

Additionally, we have created new VPNs against some offices, which are monitored, encrypted traffic, and find it really easy to provide the required service.

Finally, we have created nets for public access to the infrastructure. It has really helped us a lot.

What is most valuable?

The most important features of this application are:

1- An easy implementation at the virtual level. This helps us to be able to have security in the cloud.

2- The monitor and records are shown from the security management environment, where we can validate many events that happen over time to improve security through the dashboard.

3- There is modern protection against current threats. All new Check Point protection features are included and ready to provide more protection.

4- The licensing includes management service.

What needs improvement?

The documentation could be better. Sometimes they do not update their manuals effectively. Not everything is the same, and it generates some problems in the implementations.

There's an issue with licensing provisioning within the Check Point NGFW Gateway. It is really difficult to place the licenses correctly, generating additional work or limiting the solution due to poor provisioning.

I would like them to improve the response speed of technical support.

Buyer's Guide
Check Point NGFW
April 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.

For how long have I used the solution?

We have used the Check Point Next Generation Firewalls for the last four years.

Which solution did I use previously and why did I switch?

Four years ago, we had not used an NGFW in Azure. We used the basic security until we could meet and receive support from a Check Point partner.

What's my experience with pricing, setup cost, and licensing?

The best option is to have a partner to support you with quotes, features, and other valuable details. They can guide you via details that Check Point currently does not provide publicly, to make good decisions.

Which other solutions did I evaluate?

We always evaluate the options. We take into account Check Point, Palo Alto, Cisco, and Fortinet.

The benefits provided by Check Point turned out better than what we requested, which is why this was our first choice.

What other advice do I have?

This is a very good security application, both physically and as a virtual appliance.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1821144 - PeerSpot reviewer
IT Security Officer at a tech services company with 1,001-5,000 employees
Real User
Detects malicious signatures, offers good log storage, and improved security posture
Pros and Cons
  • "Log storage gives us insights when required."
  • "Log queries are slow and take time to load."

What is our primary use case?

We are using Check Point Next-Generation Firewalls to protect and prevent our corporate network and infrastructure from attackers.  We are using NGFWs to filter unwanted and malicious traffic from the internet. Check Point NGFWs provide Layer 7 or application layer monitoring and detection. 

It is a stateless firewall which examines packets deeply and detects any malware or malicious URLs. It greatly protects our infrastructure by acting as a perimeter for our organization. 

Moreover, it has log ingestion and deep packet analysis capabilities. 

How has it helped my organization?

Check Point Next-Generation Firewalls improved the security posture of our organization by detecting, analyzing, and blocking unwanted traffic. It blocks any malicious files, processes and URLs due to having deep packet inspection and monitoring. 

Check Point firewalls not only detects anything malicious against it's signatures rather it analyses and monitors all processes running on different machines to detect anything wrong and then block those processes or URLs. 

Log storage gives us insights when required. 

What is most valuable?

Deep packet inspection, Layer 7, and application layer monitoring and detection are the great features of Check Point Next-Generation Firewalls. They greatly improve and protect an organization, its staff, and its resources. 

Check Point's SmartConsole is a great tool for admins as all firewalls can be centrally managed and all policies can be pushed as and when required by using SmartConsole. Log ingestion and threat hunting are also great functions in Check Point firewalls that enhances and improves a security posture. 

What needs improvement?

The SmartConsole to manage Checkpoint Next Generation Firewalls takes a long time to load and gets stuck sometimes. It could be due to a lot of rules and policies defined on the firewalls. However, SmartConsole software needs to be improved by having some more functions to make an admin's life easier. 

Log queries are slow and take time to load. 

Query functions need to be improved and should be quick to give the required information. 

There should be filters having drop-down options to use and select during log analysis. 

For how long have I used the solution?

I have been using Check Point firewalls for more than two years. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point NGFW
April 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.
IT Manager at a tech services company with 5,001-10,000 employees
Consultant
Great for threat prevention, offers features on the cloud, and has useful logs
Pros and Cons
  • "Being able to access almost everything in one location manage all your gateways and get all your logs is great."
  • "Sometimes debugging is a hassle."

What is our primary use case?

I planned to block traffic from foreign countries, however, Check Point does not have the intelligence to determine VPN connections from foreign countries coming through the local VPN.

I also wish Check Point could be more effective by collaborating with Microsoft to establish a different connection for Outlook cellphones or devices not on the domain. I wish to hide my devices like cellphones only allowing them to connect via capsule, however, it applies to all devices. It works well.

How has it helped my organization?

It is an excellent, easy-to-acquire system to protect midsize businesses with up to 100+ users that require a security solution that can scale across corporate networks and give us protections against GenV cyberattacks as the business grows. 

What I recommend the most is its central administration. With the smart controller, you can manage all your firewalls from one location. 

Being able to access almost everything in one location manage all your gateways and get all your logs is great. For me, it's the best feature to work with.

What is most valuable?

The solution is great for cyber attack prevention, data bridges, and other threats. You need intelligent and effective solutions to minimize cyber attacks and Check Point gave me peace in December when they had an unidentified log4j vulnerability.

Our main benefit was the elimination of a server/VM from our data center and the usage of a cloud solution.

Having all the features on the cloud was also a benefit since some products when migrated to cloud solutions lose some features  - but not his one.

The setup is a little bit rough and requires some technical expertise, however, this is expected with a solution as complete as a firewall and especially a Check Point one.

What needs improvement?

Sometimes debugging is a hassle. We've had issues with VPN debugging in the past. In the more recent versions, later than R80.10, this seems not to be an issue anymore. 

This year we tried to debug performance issues of the gateways, which was cumbersome. When we finally found the performance bottleneck, it was a licensing issue. 

Check Point uses CPU-based licensing for OpenServer, and buying more licenses helped. However, this is the reason we're upgrading to Check Point appliances next year, as OpenServer becomes pricier every year, and Check Point pushes their customers to use their appliances.

For how long have I used the solution?

I've used the solution for three years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1853787 - PeerSpot reviewer
Systems Engineer at HarborTech Mobility
User
Good interface, excellent GUI, and helpful integrations
Pros and Cons
  • "Making configuring numerous layers of security policies easy to use was always one of the things I liked most about their firewall solution."
  • "There is no email security."

What is our primary use case?

We've been using Check Point Firewalls for about nine years, from the early Nokia boxes to the most recent OpenServer architecture. Next year we're finally going to upgrade to an appliance directly from Check Point.

Check Point Next-Generation Firewall (NGFW) is a very good firewall. It is one of the best firewalls that I have used. I would rate Check Point Next-Generation Firewalls (NGFWs) a nine out of ten. 

Also, Check Point has a great architecture, where you can just enable the software blades and deploy a secure service. 

Overall, it provides ease of deployment and ease of use.

How has it helped my organization?

All in all, I'm delighted with their security solution. Making configuring numerous layers of security policies easy to use was always one of the things I liked most about their firewall solution. 

You have multiple security layers that build upon each other, from the traditional security policy that is IP and port-based to application security, intrusion prevention, and their latest sandblast cloud-based malware detection. Everything is easily managed through their "SmartConsole" dashboard. 

What is most valuable?

It's valuable as a next-level network security appliance for your enterprise.

It comes with advanced features like web filtering, app filtering, user-based policies to restrict web and application uses, tunneling, restricting bandwidth uses according to policy, load balancing, etc., and helps to cover almost all network security requirements.

Our IT team has installed a firewall on all of our company's workstations and laptops to keep our own data and our customer's data secure. This program runs in the background and I don't even notice it, but it keeps me secure at work.

What needs improvement?

Configuration using the command line is not that simple and user-friendly.

There is no email security.

It's a bit confusing to configure at first. An example is having to set up separate source and destination NAT rather than a simple static mapping. Some configurations require accessing multiple different sections rather than being consolidated in one area. License subscriptions are a bit confusing as well for additional features.

The CLI is not very useful.

There's no option to import bulk address objects.

The firewall default rule 0 blocks rule matches to allowed traffic, even though allow rule is written.

For how long have I used the solution?

I started using this solution in 2009.

What do I think about the stability of the solution?

I am very satisfied with this product.

What do I think about the scalability of the solution?

I have been using Check Point firewalls for a few years now and I enjoy the interface.

It also integrates great with our other security tools.

The GUI is much more user-friendly than other Firewall vendors.

Which solution did I use previously and why did I switch?

I use Check Point Next-Generation Firewalls since things are automated and updated frequently. I did not use a different solution. 

What's my experience with pricing, setup cost, and licensing?

It's not the cheapest solution, however, it's one of the most advanced and competent.

Which other solutions did I evaluate?

I am not responsible for our manager's choice of this product. He said it's the best product to secure our network. 

What other advice do I have?

Check Point licenses work very differently compared to other vendors. We need to purchase each blade in order to make it work, however, we can easily obtain a trial (evaluation) license from Check Point to get visibility for the blade. Check Point tries to maintain relationships with customers and they try to match their price with customer expectations.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1830165 - PeerSpot reviewer
Technology at Partswerx
User
Very easy to use, setup and configure
Pros and Cons
  • "The small business hardware device was powerful and easy to set up."
  • "Including some sort of menu or grouping for VOIP would help the small business area that has limited support."

What is our primary use case?

We initially started using the Check Point device for the VPN blade.  

After using the VPN blade for several months and using the hardware interface we found it very easy to use.  

The small business hardware device was powerful and easy to set up. We started using the firewall and Nat shortly after that. 

Having additional features like the threat prevention that has IPS antivirus antibot and threat emulation we're all added bonuses. This also gives us a piece of mind for the safety of our business.  

How has it helped my organization?

Securing our organization was our main goal. Check Point, with threat prevention which includes IPS antivirus antibot and threat emulation has better secured our business from the internet.  

With the auto-updates made simple and knowledgeable support personnel, it has freed up our time to focus on other IT strategies.  

Utilizing the Check Point support team has allowed us to configure and use other money-saving features like VPN tunneling to remote offices, while still remaining secure in our systems.

What is most valuable?

Check Point VPN has been most valuable to our organization. Having a hardware solution that allows our remote users to connect securely to our business is extremely valuable. 

The ease of use, setup and configuration backed by the knowledgeable support of Check Point has made this a smooth and easy setup. Our users can get connected securely, anywhere. When connected with our Check Point VPN endpoint, users get the same security and prevention from the threat prevention module as the rest of the devices on our network.

What needs improvement?

As a small business, IT expenditures are always a tough call and hard sell. With every business connected to the internet these days, firewalls and threat prevention are very important for any business of any size. Check Point's small business devices are a great fit for most any business. However, including some sort of menu or grouping for VOIP would help the small business area that has limited support. Check Point support is very knowledgeable and can also help in this area as they've helped our business evolve as well.

For how long have I used the solution?

I've been using the solution for 20 years.

What do I think about the stability of the solution?

The hardware units are solid. It is a stable solution. While you're subscription is active checkpoint fully supports your hardware and will replace if you have any uncorrectable issues.  After 20 years, I've only had to do a hardware replacement once.  Once setup, they just do what their supposed to do.

What do I think about the scalability of the solution?

The solution is very scalable. Configurations can be imported to other units.  Many levels of hardware and software are available.

How are customer service and support?

Customer service has always been very knowledgeable about their products.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used to use Norton VPN. We switched due to the fact that we had issues with the system.

How was the initial setup?

The product offers a simple basic setup.

What about the implementation team?

We handled the implementation in-house.

What's my experience with pricing, setup cost, and licensing?

There are different levels of protection and yearly maintenance on offer.

Which other solutions did I evaluate?

We did not evaluate other options previously. 

What other advice do I have?

The support is great.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1767759 - PeerSpot reviewer
Network at financial sector
User
Good application control and user access capabilities with easy troubleshooting
Pros and Cons
  • "When applying application control, we can ensure user access to the internet in accordance with company policy and easy implementation if some users need exception access."
  • "There needs to be more storage space for reporting."

What is our primary use case?

We use Check Point for the firewall in DMZ and surrounding zones and another product we have. We use a variety of series from 2000, 4000, and 6000 gateways, and also we use Smart-1 and Maestro solutions. 

We apply some features (IPS - Intrusion Prevention System, application control, reporting, antivirus, and anti-spam) using Smart-1 to make day-to-day operation more simple and easy using one management for all gateways. The remote console, such as SSH, is a little complicated, however, you can use it for troubleshooting.

How has it helped my organization?

It's improved our organization with simple day-to-day operations with easy tracking of traffic for troubleshooting, with a variety of features. The latest benefit for our company is to save more space for our rack with Maestro and virtualization. 

Some problems may appear and we can open TAC to get assistance from the principal. We also can control more traffic of users to the internet using application control. Our email is more secure using anti-spam and currently, we are in the middle of activating HTTPS inspection to secure our application on the internet.

What is most valuable?

I enjoy the application control for user traffic control to the internet and the tcpdump command for troubleshooting.

When applying application control, we can ensure user access to the internet in accordance with company policy and easy implementation if some users need exception access.

There is an easy troubleshooting network connection via logs and monitoring menu. We often use this menu for checking connections and if the traffic is not in the logs menu, we can use the tcpdump command from the ssh session to the gateway. It's the fastest way to troubleshoot.

What needs improvement?

For the migration for Smart-1, I wish the security policy could allow for a migration per gateway. 

There needs to be more storage space for reporting. The storage is always full if the reporting feature is on.

We need HA for Smart-1.

The traffic trekking (logs view) needs to be more accurate. Some traffic is often not in the logs view.

We'd like to have more user friendly menu for import vpn users.

There needs to be more compatibility with SIEM.

It would be great if we could join domains with more than one Active Directory server (active-active).

There needs to be an easy menu for export backup configuration (the current menu always has an error).

The signature information needs more detail. We need to know current update versions and on running versions.

For how long have I used the solution?

I have been using Check Point since 2010 (12 years).

Which solution did I use previously and why did I switch?

We already are using a variety of brands.

How was the initial setup?

Sometimes you need to repeatedly upgrade the version or update the patch.

What about the implementation team?

The help we received was good.

What's my experience with pricing, setup cost, and licensing?

The cost is pricey. 

Which other solutions did I evaluate?

We did not evaluate other solutions first. 

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1692972 - PeerSpot reviewer
Works at PROWERS COUNTY HOSPITAL DISTRICT
User
Extremely stable with many great features and a helpful web GUI
Pros and Cons
  • "We used Check Point for implementation, and they are top-notch. They know the hardware and software better than anyone."
  • "I have had some issues in the past with the desktop client being slow to come up for logging in, and then slow to respond to screen changes, however, overall, it really hasn't been too bad."

What is our primary use case?

We are a Critical Access hospital with close to 1,000 endpoints and hundreds of users. We currently have multiple ISPs coming into the hospital for internet redundancy. There are multiple buildings on our campus that are connected with copper and fiber. We have had clinics in multiple cities attached to our network at various times. 

We installed the Check Point NGFW in our environment to act as our main firewall and gateway. This allows us to keep several of the vendor devices (lab analyzers and other third-party equipment) segregated on different VLANs so they have no access to our production VLAN. This system is also our VPN concentrator for several site to site VPNs and remote software VPN connections.

How has it helped my organization?

In the past 15+ years that I have run these firewalls, we have been able to make huge strides in increasing our security posture. This has been evidenced by our annual Security Risk Assessments run by a third party. Check Point is always coming out with new features that help make it easer to manage our security posture. We have received multiple comments from other organizations praising us for the speed and accuracy of setting up new site-to-site VPNs with the proper access. This is all possible because of the intuitive Check Point software.

What is most valuable?

There are many great features, however, with our last upgrade, we now have a web GUI that allows us to pull up multiple facets of the firewall environment. This feature has been very handy. There have been times we have a connectivity issue, and both sides are blaming each other. If I'm away from my desk and don't have my laptop, I can quickly bring up the interface on my phone and search through the logs, rule base, and VPN communities to help quickly troubleshoot the problem. I can't say it enough - this has been invaluable.

What needs improvement?

Overall, this is a great system, and I'm struggling to come up with things that I think should be improved. 

I have had some issues in the past with the desktop client being slow to come up for logging in, and then slow to respond to screen changes, however, overall, it really hasn't been too bad. 

For additional features in the next release, I would like to see more change functions available in the new Web GUI version. This is still a new offering from the company, therefore, I can only assume it will get better as customers make suggestions/requests.

For how long have I used the solution?

I've used the solution for over 15 years.

What do I think about the stability of the solution?

This system has been rock solid in our environment. I have even run beta software to try out new features. I trust the company and their top-notch support staff to keep us running smoothly.

What do I think about the scalability of the solution?

This system has been very scalable. Check Point offers multiple security 'blades' that let you start out small, and increase as needed without having to drop a bunch of money on new hardware.

How are customer service and support?

I rarely have critical issues, however, when I do, I can call and get an engineer rather quickly. For most of my issues, I utilize the online support portal and/or knowledge base articles.

How would you rate customer service and support?

Positive

How was the initial setup?

We had engineers online with us to help us get everything setup. They have done this many times, and they were able to give us a lot of information to help prep the environment. This left us with minimal downtime.

What about the implementation team?

We used Check Point for implementation, and they are top-notch. They know the hardware and software better than anyone.

What was our ROI?

That is difficult to calculate. We have had hospitals and clinics drop like flies to ransomware, DDOS attacks, and other issues. The financial impact of something like that would be huge. You can't put a price on safety. 

We are trying to do the best we can in an ever-changing landscape of cyber dangers, and we feel that Check Point has been a great name to hang our safety on. In the 15+ years I've been working with Check Point, I have only changed out the hardware twice. We pay an annual fee to cover licenses and support. In general, this is a great investment.

What's my experience with pricing, setup cost, and licensing?

We purchased this through a VAR, so your mileage may vary when it comes to cost and initial service for setup. 

The licensing can be a bit tricky when you have more than one appliance. That said, they are very open and explain how it all works. They give the ability to set up trials of all the different license 'blades' to let you try before you buy.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1678710 - PeerSpot reviewer
Senior Cyber Security Consultant at Yapi Kredi
User
Great blade technology, easy to configure, and lowers administrative workloads
Pros and Cons
  • "The ease of configuring VPNs can be very useful especially for companies with lots of remote locations."
  • "If you have a long ruleset, you may experience performance issues on the GUI, and installing rule changes on gateways can take a comparatively long time."

What is our primary use case?

We use Check Point Next Generation Firewalls as a perimeter firewall for all sites, including the DMZ, disaster recovery center, and branch offices. We also use IPS, Anti-Bot, Antivirus, Identity Awareness, Application Control, and URL Filtering blades at all gateways. At our main site, these blades provide additional security controls to our existing security solutions. For our branch offices, Check Point Next Generation Firewalls work as unified security products and we do not need to implement additional security solutions.

How has it helped my organization?

In addition to legacy firewall features, by using Check Point Next Generation Firewalls blade technology, you can improve your security. 

By using the smart console, you can control tens of gateways from a single point. The smart console also allows you to control all the blades from the same GUI. These features decrease our manpower needs. 

The identity awareness feature makes it easier to implement and manage firewall rules. 

The ease of configuring VPNs can be very useful especially for companies with lots of remote locations.

What is most valuable?

Check Point Next Generation Firewalls have numerous blade options such as Anti-bot, IPS, and URL filtering. In most cases, one box could be sufficient to use all these blades. You can manage all these blades from a single console. This feature lowers your administrative workload. 

If you have comparatively small branch offices, in addition to administrative workload, instead of spending money for security products such as proxy or IPS, Check Point Next Generation Firewalls could meet your requirements. 

What needs improvement?

If you have a long ruleset, you may experience performance issues on the GUI, and installing rule changes on gateways can take a comparatively long time. 

If you use Check Point firewalls for a long time, it is inevitable to have long rulesets over the years. The need for using different GUI applications for different versions can be confusing. A backward compatibility feature for smart console versions could be useful - especially if you are an enterprise customer, you probably need to use different versions at the same time. 

For how long have I used the solution?

We have used the solution for 9+ years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2025
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.