Check Point NGFW Reviews

The primary use of the solution is as an enterprise perimeter firewall in our data centers. We also use software blades for IPS/IDS functions as well. We have a combination of enterprise-grade firewalls like the 15000 and16000 series as well as mid-size versions like the 5000 and 6000 series which are for specific segment isolation or other purposes. The software blades are running on HP servers. Management is done via 5150 appliances. 5000 and 6000 series appliances are primarily used for segment isolation while the larger appliances are used for perimeter security.

We have been using Check Point firewalls as our main security devices for many years and thus have a strong level of expertise within the organization on implementing various features. We love the reliability and strong feature set of the firewall appliances and software blades. Managing policies with v80 and above is also much more streamlined. Troubleshooting events via logs makes identifying issues straightforward. We have multiple engineers working on policies at the same time, so the newer versions help simplify this tasks for us.

I love the redesigned interface starting with R80 as well as the ability for multiple engineers to work on the policy simultaneously. Policy management is simplified and the virtualization options help us to plan for future deployments in a much easier way. While we haven't tried out all the features available - like Sandblast, AntiBot, URL filtering, etc. - the fact that these are available to use is definitely a plus. We were able to use the IPS features, negating the deployment of an expensive standalone IPS solution.

Check Point solutions have always been more complex to deploy than their competitors. There may be multiple scenarios where we may need to engage support, however, the customer support is very good. There are certain features that are only possible from the command line (e.g. packet captures) and it would be good to integrate everything into the GUI to reduce the learning curve for newer engineers. Finally, it can be a costlier solution - especially for the smaller firewalls as compared to the competition. It would be beneficial to have more training options or documentation as well.

I've been using the solution for over 15 years.

The solution is extremely stable. There have been a few software bugs that have caused some unwanted glitches but these were fixed with updates.

If the product is sized correctly in terms of appliances, then it is easy to scale. 

The support is excellent and knowledgeable. The service offered sets them apart from the competition.

We have used Juniper SSG firewalls in the past and moved to Check Point due to the learning curve on the new JunOS deployments with the SRX firewalls.

The setup required some planning and was slightly complex. The process requires good expertise on the product before deployment.

We had an in-house team for deployment with active support from Check Point.

I don't have much detail on this.

We evaluated Cisco ASA firewalls and Palo Alto devices as well as Juniper SRXs.

Setup can be complex and it is very helpful to first plan the deployment before rushing into it. Use the support available to find out the best options to use.

We would love to have more training materials and/or courses available so that I can onboard engineers in a faster way.

The biggest thing is the central management. It is quite good and allows us to manage the different firewalls from it. We can implement and configure many firewalls and push our policies to them as well.

One of the most valuable features is the antivirus. It's very good.

We also now support cascading objects. We didn't support this previously, but on Check Point we do.

The dashboard is quite good, you can explore a lot of features there and it's easy to understand.

It also gives us SSL inspection, which provides more effective mitigation of defects and data leakage.

The antivirus is not as effective as it could be because updates are not that frequent.

Another area for improvement is that certifications are quite expensive with Check Point.

I've been using the Check Point Next Generation Firewall for the last year.

My role includes working on Check Point and Cisco ASA firewalls to make changes on them, per customer requirements or as the organization needs. I also explore new features and do troubleshooting.

It's quite stable. Until now, we haven't faced any issues.

The Check Point 44000 and 64000 Next Generation Firewalls are designed to be quite scalable. 

If we do face an issue which is not our support boundaries, we involve the Check Point TAC. They're quite technical, so they help us to resolve things. They are always helpful. They're knowledgeable and their response time is very fast.

Previously we were working on Cisco ASA firewall which didn't support the cascading objects. Also, Cisco supports two gateways, whereas the Check Point supports up to five gateways.

We also decided to bring on Check Point because there are a lot of switches that are not supported in Cisco ASA. Also, with Cisco, IPS does not come with the firewall and we have to configure it separately. The Check Point IPS comes with it.

There are a lot of features which are not supported in the Cisco ASA Firewalls.

The initial setup of the firewall is straightforward. I didn't find any difficulties in moving from Cisco ASA to Check Point. The dashboard is quite friendly, so it didn't take much time to learn.

Deployment took about three days.

We have different stages in our implementation process like planning, approving, implementing, checking and validating, and the last one is matching. Job roles in our organization go according to these stages the approvals. I do the planning part and my approval request goes to my team leader.

We have about 400 to 500 users. They are semi-technical or non-technical people, such as network and security engineers, who are tracking and monitoring the firewalls. If we're talking about troubleshooting we have from different levels, like L1, L2, L3.

It's saving us a notable amount of time. 

Check Point is good. It has a lot of features which will support a lot of things in your organization, and the dashboard is quite good. There are a lot of features, such as data protection and data inspection, at a good price.

The solution is easy to use. I like the monitoring the most.

All the advanced features of automation, especially the first installation of tunnels, need improvement. Also, in terms of configuration, in terms of tuning, and fine-tuning the system, I think they do make it a bit hard for users. Right now, we need to teach admins, the network and security admins about system fine-tuning in terms of load balancing between CPUs, assignment of processes. I don't think a network admin or a system admin should deal with it in terms of when we are speaking about the firewall or networking device. It should be automatic.

It's a stable solution. There are about 15,000 users installed behind the firewall.

It's a scalable solution. It's very good.

It's easy to install Check Point, but not in the case of a large environment and multiple clusters. This is an ongoing project I can't tell you how long deployment takes. It's a huge network that I have. I have three people maintaining the solution.

I have a basic network firewall and not the advanced feature, full feature security system. I think they are the best. Still, for instance, when installing a tunnel in Check Point vs installing a tunnel in Cisco, the difference is that in Check Point nothing makes sense, and in Cisco you have the duration capability, the hierarchy of the configuration.

I would rate this solution as 8 out of 10. Mostly because of configuration problems - problems with configuring VPNs, and panels, etc.

Currently, we have a need for security when it comes to protecting the company's infrastructure on a perimeter basis. We need to cover many branches that must be protected and require a solution that provides us with technological security solutions that allow us to establish and configure in a simple and centralized way for each of the branches.

As a result, we have searched for solutions that meet these requirements, in addition, we are seeking out solutions with technological innovation capabilities constantly.

Check Point has given us the ability to comply with regulations and with capacities in a way that we never could before. Not only have we managed to secure our network, our infrastructure, and our equipment - we have also managed to gain analysis and additional configurations in each of the complex procedures that are carried out daily.

The Next Generation firewalls are quite flexible in many of their characteristics. These devices have blades or sections or small spaces where they have additional features that we can use. That way, we are not only protecting our organization and other branches that belong to our company - we also have other features if the need arises. These are the features that will always help us to put safety first in our organization.

In the future, some of the features that I would like to see would be the ability to integrate environmental solutions such as the metaverse or blockchain so that we can see them also in applications directly and on mobile devices or natively. 

I've used the solution for three years.

We are using these Next Generations Firewalls to segregate and protect our data center and business-critical data from the user LAN. 

We have some of the resources behind these firewalls which should be allowed to a certain set of users only. This is done using the authentication against the Active Directory groups and only the designated users are allowed to access the contents based on the firewall rules. 

Along with this, we use IPS and Antivirus features to protect our most critical network.

The solution is great and simple to implement. It has improved the security posture and overall management of this segregated network.

We have this deployed globally across multiple sites and it's very easy to manage compared to other vendors. 

We have been using this solution now for a few years and never came across any issues. 

The documentation is simple to understand and is easily available. 

The support is also observed to be good and we never had to escalate the cases due to support issues.

We have been using Check Point NGFW to protect the business-critical data from the other networks and provide secured access to the users best on the authentication, integrated with the Active Directory. 

We have been using packet filtering, stateful inspection, and VPN awareness along with user authentication and have not observed any performance issues in the last several years. If you are looking for a solid solution that is very stable in nature, this is the best choice.

We have been using CheckPoint NGFW for quite some time now, and the only thing that could be improved is the upgrade procedure and the frequency of the hotfixes we get. 

We have this deployed in multiple sites globally and managed via the central management server. The upgrade is something we would like to be improved in the future as the frequency of hotfixes is too much, and by the time we finish the one round, we already have the new version released and are required to upgrade. We would like to see some improvement in this area.

I've used the solution for 15 years.

The stability is rock solid.

The solution is easily scalable.

It's been a long time since we started using this. When we decided to expand several years before and we decided to go ahead with Check Point and continued with Check Point. We reviewed a lot of other products from different vendors, however, his was chosen as the best by our engineering team and we decided to stick with this.

The set up is very simple and more straightforward than we thought.

The setup cost is pretty much the same as compared to the other vendors. The initial pricing could be slightly better, however, the licensing and maintenance cost is much better compared to the other similar products in the market.

Cisco and PaloAlto were the other options evaluated.

We use Check Point on a daily basis. It is our primary gateway to the internet, with an extensive rule base that's used to block unwanted connections and protect our internal networks. 

Multiple gateways are used in a VPN community to build a secure homogenous company network over the Internet. 

We also use the two-factor authentication with RSA-Tokens to authenticate users that are away at conferences or in the home office to the firewall. 

RSA is also used on a portal (called mobile access) on the gateway, where users can easily check their e-mails and access company resources. 

Check Point NGFW has proven to be a reliable firewall. We have been using it for over 15 years now. 

It's offering great security while also being rather easy to manage. 

We evaluated a couple of other firewall solutions over the years, yet always came back for Check Point for a couple of reasons. First, they are the market leader and there are just very many resources online for installing, configuring, debugging, and so on. Second, other firewall solutions may initially be cheaper (especially for basic firewalling), but when you need more features Check Point has a surprisingly good price point. 

I personally like the SmartDashboard client best, which is the rule base management solution. You have a nice overview of the existing rules, and new rules are easily implemented. You can filter by IP, application, rule number, port, or hostname, so you easily find what you are looking for. Rules can be grouped by topic (internal, external, Internet, DMZ, etc.). It all can be well arranged to suit your needs. 

It also offers a dashboard to see recent threats, errors, or other issues with your gateways, as well as Logs for debugging.

Unfortunately, as is the case with many big companies, new features seem to always be more important than fixing the last little bugs that affect only a minor customer base. 

The command line, for instance, is still needed regularly if you want to dive deeper into debugging certain issues. 

While it certainly has improved over the years, it still doesn't feel like a polished product. Some features (e.g. super netting VPN connections) need to be enabled by editing a configuration file, which is sometimes lost upon upgrading to a new version. I'd really like to see more easily manageable debugging solutions. 

I've used the solution for 15 years.

We did have stability issues by using a not officially supported Check Point setup, running it in a virtualization environment, so the Firewall gateway was running on a Xen cluster. In the beginning this was running fine, buter after a couple of months the Checkpoint services kept freezing and needed to be restarted manually. As this started to occur more regularly (a couple of times per week) we migrated the firewall to dedicated hardware.

So I'd recommend always using supported setups.

The biggest enterprises in the world use Check Point products. Scalability is not an issue.

We used Microsoft ISA Server, which is a discontinued product before Check Point. 

Check Point has a pretty competitive price point if you use the features it has to offer. If you need only basic firewalling other solutions may be better suited to your needs. 

We evaluated Palo Alto, Fortinet, and Barracuda. 

Check Point firewall is used as edge protection.

Traffic to the internet and from the internet does go through the firewall where IPS, URL, and app policies are applied.

Check Point was also used as an internal firewall to segment traffic between the data center and the user network. Basically, all traffic from any user will have to be inspected by an internal Check Point firewall before any server is accessed.

Check Point is also used for PCI-DSS credit card checks within any email sent or received. This is effective in detecting credit card numbers within any email sent by a user in error and blocks that from being exposed. 

The product has improved visibility into the traffic going through our network.

For all traffic leaving the network, Check Point provides the capability to inspect and permit traffic using not just ports but application IDs, which is more secure than simply permitting TCP/UDP.

Check Point has a robust IPS Blade which has added an additional layer of security on connections to the data center.

Check Point's compliance blade also helps in checking how Check Point's appliance configuration is in compliance with any requirement that we need to provide evidence for.

Check Point application control is very useful. This blade detects traffic and provides the ability to grant access based on the application and not the port as TCP/UDP can easily grant access for more than what's required.

The Check Point compliance model is also great. We can easily check firewall configurations against any compliance standard. It has made it easy to provide evidence and reports.

Check Point integrates with third-party user directories such as Microsoft Active Directory. The dynamic, identity-based policy provides granular visibility and control of users, groups, and machines and is easier to manage than static, IP-based policy.

Support for customers really needs to improve.

Check Point also needs to create a study license that will enable the customer to install a firewall (maybe with reduced connectivity) for a bit longer so that one can simulate scenarios without having to re-install it every 15 days.

We had a lot of problems with the VPN blade on the solution. We sometimes have trouble with the performance of the solution. Maybe some performance tuning options could be added in a future release.

Check Point needs to create a certification program that involves practical applications. 

I've used the Check Point firewall for three years.

Customer service really needs to improve.

Positive

We used Cisco ASA for Internet-facing Web applications, however, Check Point was used at the EDGE ( all user traffic to the internet), internal firewall ( all user traffic to datacenter), all internet traffic to PCI-DSS applications instead.

Implementation was done with the help of Check Point's professional services.

If you have the budget, it's a good idea to go for the Check Point Firewall.

We also evaluated Palo Alto.

We are using Check Point NGFW for controlling the traffic on our entire network. It controls the traffic and access of the networks and also the traffic outside of our network. The firewalls are used in and HA-Setup.  

The features we use are application and URL-filtering, anti-bot/virus, and sandboxing functions. It is also used for Site2Site VPNs and endpoint VPNs. For us, the Check Point NGFW is the center of network traffic and security. 

We use the new features of Check Point to reduce standalone systems. 

In the past few years, the attacks and risks have grown. That's why we introduced a NGFW. All the securtiy risks can be minimized with the product. Especially if you route the whole network trafiic over the firewall. You can filter malicious sites and traffic and can analyze the entirety of traffic. The URL filter works much better and is much stronger than our other previous solution. 

In the case of migrating or patching, it is very easy due to the fact that you can transfer the whole ruleset and settings from your old device. Patching is very easy and we've never had problems.

If you have an HA Setup you will have zero downtime. Teams and VoIP traffic will also not get stuck; you would notice anything while switching to the backup module. 

The quality of the patches and hotfixes is great. We never had any issues during or after patching. All patches and hotfixes are well documented and if you have any issues the KB is very helpful. 

The log is very clear and can be filtered very easily. If you need to analyze not only the connection you can use the CLI to dump TCP packets. 

The activation of additional features is very easy and well documented.

Sometimes, the firewall has its peculiarities which you have to know especially when you want to set up a Site2Site VPN with a third-party vendor - specifically if you want to set up IKEv2. 

The debugging of VPN tunnels is very stressful. Sometimes you don't know what the firewall negotiates with the other site, so you have to use the command-line for the VPN debugging. However, if you use both sites, the setup is very easy. 

The speed could be better when installing policy changes. In the beginning, we didn't have all features active. Now, it is all active and it takes some time to install. This is sometimes annoying if you forget a small change.

We've been using this solution for several years. This is our 3rd Check Point firewall.