Try our new research platform with insights from 80,000+ expert users
reviewer1602702 - PeerSpot reviewer
TitleManager - Datacenter IT at a manufacturing company with 10,001+ employees
Real User
Reliable with a great re-designed interface with excellent policy management
Pros and Cons
  • "I love the redesigned interface starting with R80 as well as the ability for multiple engineers to work on the policy simultaneously."
  • "Check Point solutions have always been more complex to deploy than their competitors."

What is our primary use case?

The primary use of the solution is as an enterprise perimeter firewall in our data centers. We also use software blades for IPS/IDS functions as well. We have a combination of enterprise-grade firewalls like the 15000 and16000 series as well as mid-size versions like the 5000 and 6000 series which are for specific segment isolation or other purposes. The software blades are running on HP servers. Management is done via 5150 appliances. 5000 and 6000 series appliances are primarily used for segment isolation while the larger appliances are used for perimeter security.

How has it helped my organization?

We have been using Check Point firewalls as our main security devices for many years and thus have a strong level of expertise within the organization on implementing various features. We love the reliability and strong feature set of the firewall appliances and software blades. Managing policies with v80 and above is also much more streamlined. Troubleshooting events via logs makes identifying issues straightforward. We have multiple engineers working on policies at the same time, so the newer versions help simplify this tasks for us.

What is most valuable?

I love the redesigned interface starting with R80 as well as the ability for multiple engineers to work on the policy simultaneously. Policy management is simplified and the virtualization options help us to plan for future deployments in a much easier way. While we haven't tried out all the features available - like Sandblast, AntiBot, URL filtering, etc. - the fact that these are available to use is definitely a plus. We were able to use the IPS features, negating the deployment of an expensive standalone IPS solution.

What needs improvement?

Check Point solutions have always been more complex to deploy than their competitors. There may be multiple scenarios where we may need to engage support, however, the customer support is very good. There are certain features that are only possible from the command line (e.g. packet captures) and it would be good to integrate everything into the GUI to reduce the learning curve for newer engineers. Finally, it can be a costlier solution - especially for the smaller firewalls as compared to the competition. It would be beneficial to have more training options or documentation as well.

Buyer's Guide
Check Point NGFW
April 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.

For how long have I used the solution?

I've been using the solution for over 15 years.

What do I think about the stability of the solution?

The solution is extremely stable. There have been a few software bugs that have caused some unwanted glitches but these were fixed with updates.

What do I think about the scalability of the solution?

If the product is sized correctly in terms of appliances, then it is easy to scale. 

How are customer service and support?

The support is excellent and knowledgeable. The service offered sets them apart from the competition.

Which solution did I use previously and why did I switch?

We have used Juniper SSG firewalls in the past and moved to Check Point due to the learning curve on the new JunOS deployments with the SRX firewalls.

How was the initial setup?

The setup required some planning and was slightly complex. The process requires good expertise on the product before deployment.

What about the implementation team?

We had an in-house team for deployment with active support from Check Point.

What was our ROI?

I don't have much detail on this.

Which other solutions did I evaluate?

We evaluated Cisco ASA firewalls and Palo Alto devices as well as Juniper SRXs.

What other advice do I have?

Setup can be complex and it is very helpful to first plan the deployment before rushing into it. Use the support available to find out the best options to use.

We would love to have more training materials and/or courses available so that I can onboard engineers in a faster way.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security Administrator at R Systems
Real User
Central management allows us to push policies to multiple firewalls
Pros and Cons
  • "The biggest thing is the central management. It is quite good and allows us to manage the different firewalls from it. We can implement and configure many firewalls and push our policies to them as well."
  • "The antivirus is not as effective as it could be because updates are not that frequent."

How has it helped my organization?

The biggest thing is the central management. It is quite good and allows us to manage the different firewalls from it. We can implement and configure many firewalls and push our policies to them as well.

What is most valuable?

One of the most valuable features is the antivirus. It's very good.

We also now support cascading objects. We didn't support this previously, but on Check Point we do.

The dashboard is quite good, you can explore a lot of features there and it's easy to understand.

It also gives us SSL inspection, which provides more effective mitigation of defects and data leakage.

What needs improvement?

The antivirus is not as effective as it could be because updates are not that frequent.

Another area for improvement is that certifications are quite expensive with Check Point.

For how long have I used the solution?

I've been using the Check Point Next Generation Firewall for the last year.

My role includes working on Check Point and Cisco ASA firewalls to make changes on them, per customer requirements or as the organization needs. I also explore new features and do troubleshooting.

What do I think about the stability of the solution?

It's quite stable. Until now, we haven't faced any issues.

What do I think about the scalability of the solution?

The Check Point 44000 and 64000 Next Generation Firewalls are designed to be quite scalable. 

How are customer service and technical support?

If we do face an issue which is not our support boundaries, we involve the Check Point TAC. They're quite technical, so they help us to resolve things. They are always helpful. They're knowledgeable and their response time is very fast.

Which solution did I use previously and why did I switch?

Previously we were working on Cisco ASA firewall which didn't support the cascading objects. Also, Cisco supports two gateways, whereas the Check Point supports up to five gateways.

We also decided to bring on Check Point because there are a lot of switches that are not supported in Cisco ASA. Also, with Cisco, IPS does not come with the firewall and we have to configure it separately. The Check Point IPS comes with it.

There are a lot of features which are not supported in the Cisco ASA Firewalls.

How was the initial setup?

The initial setup of the firewall is straightforward. I didn't find any difficulties in moving from Cisco ASA to Check Point. The dashboard is quite friendly, so it didn't take much time to learn.

Deployment took about three days.

We have different stages in our implementation process like planning, approving, implementing, checking and validating, and the last one is matching. Job roles in our organization go according to these stages the approvals. I do the planning part and my approval request goes to my team leader.

We have about 400 to 500 users. They are semi-technical or non-technical people, such as network and security engineers, who are tracking and monitoring the firewalls. If we're talking about troubleshooting we have from different levels, like L1, L2, L3.

What was our ROI?

It's saving us a notable amount of time. 

What other advice do I have?

Check Point is good. It has a lot of features which will support a lot of things in your organization, and the dashboard is quite good. There are a lot of features, such as data protection and data inspection, at a good price.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Check Point NGFW
April 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,989 professionals have used our research since 2012.
Manegnet677 - PeerSpot reviewer
Network Manager at a retailer with 10,001+ employees
Real User
Easy to use with good monitoring features
Pros and Cons
  • "The solution is easy to use. I like the monitoring the most."
  • "All the advanced features of automation, especially the first installation of tunnels, need improvement."

What is most valuable?

The solution is easy to use. I like the monitoring the most.

What needs improvement?

All the advanced features of automation, especially the first installation of tunnels, need improvement. Also, in terms of configuration, in terms of tuning, and fine-tuning the system, I think they do make it a bit hard for users. Right now, we need to teach admins, the network and security admins about system fine-tuning in terms of load balancing between CPUs, assignment of processes. I don't think a network admin or a system admin should deal with it in terms of when we are speaking about the firewall or networking device. It should be automatic.

For how long have I used the solution?

I've been using the solution for five to six years.

What do I think about the stability of the solution?

It's a stable solution. There are about 15,000 users installed behind the firewall.

What do I think about the scalability of the solution?

It's a scalable solution. It's very good.

How was the initial setup?

It's easy to install Check Point, but not in the case of a large environment and multiple clusters. This is an ongoing project I can't tell you how long deployment takes. It's a huge network that I have. I have three people maintaining the solution.

What other advice do I have?

I have a basic network firewall and not the advanced feature, full feature security system. I think they are the best. Still, for instance, when installing a tunnel in Check Point vs installing a tunnel in Cisco, the difference is that in Check Point nothing makes sense, and in Cisco you have the duration capability, the hierarchy of the configuration.

I would rate this solution as 8 out of 10. Mostly because of configuration problems - problems with configuring VPNs, and panels, etc.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Edwin Solano Salmeron - PeerSpot reviewer
Soporte técnico superior at Acobo
Real User
Secure, helps comply with regulations, and offers good flexibility
Pros and Cons
  • "Check Point has given us the ability to comply with regulations and with capacities in a way that we never could before."
  • "In the future, some of the features that I would like to see would be the ability to integrate environmental solutions such as the metaverse or blockchain so that we can see them also in applications directly and on mobile devices or natively."

What is our primary use case?

Currently, we have a need for security when it comes to protecting the company's infrastructure on a perimeter basis. We need to cover many branches that must be protected and require a solution that provides us with technological security solutions that allow us to establish and configure in a simple and centralized way for each of the branches.

As a result, we have searched for solutions that meet these requirements, in addition, we are seeking out solutions with technological innovation capabilities constantly.

How has it helped my organization?

Check Point has given us the ability to comply with regulations and with capacities in a way that we never could before. Not only have we managed to secure our network, our infrastructure, and our equipment - we have also managed to gain analysis and additional configurations in each of the complex procedures that are carried out daily.

What is most valuable?

The Next Generation firewalls are quite flexible in many of their characteristics. These devices have blades or sections or small spaces where they have additional features that we can use. That way, we are not only protecting our organization and other branches that belong to our company - we also have other features if the need arises. These are the features that will always help us to put safety first in our organization.

What needs improvement?

In the future, some of the features that I would like to see would be the ability to integrate environmental solutions such as the metaverse or blockchain so that we can see them also in applications directly and on mobile devices or natively. 

For how long have I used the solution?

I've used the solution for three years.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1965855 - PeerSpot reviewer
Senior Network Engineer at Siltronic
User
Great packet filtering and authentication with good documentation
Pros and Cons
  • "The documentation is simple to understand and is easily available."
  • "The upgrade is something we would like to be improved in the future as the frequency of hotfixes is too much, and by the time we finish the one round, we already have the new version released and are required to upgrade."

What is our primary use case?

We are using these Next Generations Firewalls to segregate and protect our data center and business-critical data from the user LAN. 

We have some of the resources behind these firewalls which should be allowed to a certain set of users only. This is done using the authentication against the Active Directory groups and only the designated users are allowed to access the contents based on the firewall rules. 

Along with this, we use IPS and Antivirus features to protect our most critical network.

How has it helped my organization?

The solution is great and simple to implement. It has improved the security posture and overall management of this segregated network.

We have this deployed globally across multiple sites and it's very easy to manage compared to other vendors. 

We have been using this solution now for a few years and never came across any issues. 

The documentation is simple to understand and is easily available. 

The support is also observed to be good and we never had to escalate the cases due to support issues.

What is most valuable?

We have been using Check Point NGFW to protect the business-critical data from the other networks and provide secured access to the users best on the authentication, integrated with the Active Directory. 

We have been using packet filtering, stateful inspection, and VPN awareness along with user authentication and have not observed any performance issues in the last several years. If you are looking for a solid solution that is very stable in nature, this is the best choice.

What needs improvement?

We have been using CheckPoint NGFW for quite some time now, and the only thing that could be improved is the upgrade procedure and the frequency of the hotfixes we get. 

We have this deployed in multiple sites globally and managed via the central management server. The upgrade is something we would like to be improved in the future as the frequency of hotfixes is too much, and by the time we finish the one round, we already have the new version released and are required to upgrade. We would like to see some improvement in this area.

For how long have I used the solution?

I've used the solution for 15 years.

What do I think about the stability of the solution?

The stability is rock solid.

What do I think about the scalability of the solution?

The solution is easily scalable.

Which solution did I use previously and why did I switch?

It's been a long time since we started using this. When we decided to expand several years before and we decided to go ahead with Check Point and continued with Check Point. We reviewed a lot of other products from different vendors, however, his was chosen as the best by our engineering team and we decided to stick with this.

How was the initial setup?

The set up is very simple and more straightforward than we thought.

What's my experience with pricing, setup cost, and licensing?

The setup cost is pretty much the same as compared to the other vendors. The initial pricing could be slightly better, however, the licensing and maintenance cost is much better compared to the other similar products in the market.

Which other solutions did I evaluate?

Cisco and PaloAlto were the other options evaluated.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1855908 - PeerSpot reviewer
System Administrator at System Administrator
User
Great SmartDashboard, easy to manage, and offers good security
Pros and Cons
  • "It's offering great security while also being rather easy to manage."
  • "Unfortunately, as is the case with many big companies, new features seem to always be more important than fixing the last little bugs that affect only a minor customer base."

What is our primary use case?

We use Check Point on a daily basis. It is our primary gateway to the internet, with an extensive rule base that's used to block unwanted connections and protect our internal networks. 

Multiple gateways are used in a VPN community to build a secure homogenous company network over the Internet. 

We also use the two-factor authentication with RSA-Tokens to authenticate users that are away at conferences or in the home office to the firewall. 

RSA is also used on a portal (called mobile access) on the gateway, where users can easily check their e-mails and access company resources. 

How has it helped my organization?

Check Point NGFW has proven to be a reliable firewall. We have been using it for over 15 years now. 

It's offering great security while also being rather easy to manage. 

We evaluated a couple of other firewall solutions over the years, yet always came back for Check Point for a couple of reasons. First, they are the market leader and there are just very many resources online for installing, configuring, debugging, and so on. Second, other firewall solutions may initially be cheaper (especially for basic firewalling), but when you need more features Check Point has a surprisingly good price point. 

What is most valuable?

I personally like the SmartDashboard client best, which is the rule base management solution. You have a nice overview of the existing rules, and new rules are easily implemented. You can filter by IP, application, rule number, port, or hostname, so you easily find what you are looking for. Rules can be grouped by topic (internal, external, Internet, DMZ, etc.). It all can be well arranged to suit your needs. 

It also offers a dashboard to see recent threats, errors, or other issues with your gateways, as well as Logs for debugging.

What needs improvement?

Unfortunately, as is the case with many big companies, new features seem to always be more important than fixing the last little bugs that affect only a minor customer base. 

The command line, for instance, is still needed regularly if you want to dive deeper into debugging certain issues. 

While it certainly has improved over the years, it still doesn't feel like a polished product. Some features (e.g. super netting VPN connections) need to be enabled by editing a configuration file, which is sometimes lost upon upgrading to a new version. I'd really like to see more easily manageable debugging solutions. 

For how long have I used the solution?

I've used the solution for 15 years.

What do I think about the stability of the solution?

We did have stability issues by using a not officially supported Check Point setup, running it in a virtualization environment, so the Firewall gateway was running on a Xen cluster. In the beginning this was running fine, buter after a couple of months the Checkpoint services kept freezing and needed to be restarted manually. As this started to occur more regularly (a couple of times per week) we migrated the firewall to dedicated hardware.

So I'd recommend always using supported setups.

What do I think about the scalability of the solution?

The biggest enterprises in the world use Check Point products. Scalability is not an issue.

Which solution did I use previously and why did I switch?

We used Microsoft ISA Server, which is a discontinued product before Check Point. 

What's my experience with pricing, setup cost, and licensing?

Check Point has a pretty competitive price point if you use the features it has to offer. If you need only basic firewalling other solutions may be better suited to your needs. 

Which other solutions did I evaluate?

We evaluated Palo Alto, Fortinet, and Barracuda. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1720029 - PeerSpot reviewer
Snr Information Security Analyst at The Toronto Star
User
Great compliance with good application control and a robust IPS blade
Pros and Cons
  • "We can easily check firewall configurations against any compliance standard."
  • "Support for customers really needs to improve."

What is our primary use case?

Check Point firewall is used as edge protection.

Traffic to the internet and from the internet does go through the firewall where IPS, URL, and app policies are applied.

Check Point was also used as an internal firewall to segment traffic between the data center and the user network. Basically, all traffic from any user will have to be inspected by an internal Check Point firewall before any server is accessed.

Check Point is also used for PCI-DSS credit card checks within any email sent or received. This is effective in detecting credit card numbers within any email sent by a user in error and blocks that from being exposed. 

How has it helped my organization?

The product has improved visibility into the traffic going through our network.

For all traffic leaving the network, Check Point provides the capability to inspect and permit traffic using not just ports but application IDs, which is more secure than simply permitting TCP/UDP.

Check Point has a robust IPS Blade which has added an additional layer of security on connections to the data center.

Check Point's compliance blade also helps in checking how Check Point's appliance configuration is in compliance with any requirement that we need to provide evidence for.

What is most valuable?

Check Point application control is very useful. This blade detects traffic and provides the ability to grant access based on the application and not the port as TCP/UDP can easily grant access for more than what's required.

The Check Point compliance model is also great. We can easily check firewall configurations against any compliance standard. It has made it easy to provide evidence and reports.

Check Point integrates with third-party user directories such as Microsoft Active Directory. The dynamic, identity-based policy provides granular visibility and control of users, groups, and machines and is easier to manage than static, IP-based policy.

What needs improvement?

Support for customers really needs to improve.

Check Point also needs to create a study license that will enable the customer to install a firewall (maybe with reduced connectivity) for a bit longer so that one can simulate scenarios without having to re-install it every 15 days.

We had a lot of problems with the VPN blade on the solution. We sometimes have trouble with the performance of the solution. Maybe some performance tuning options could be added in a future release.

Check Point needs to create a certification program that involves practical applications. 

For how long have I used the solution?

I've used the Check Point firewall for three years.

How are customer service and support?

Customer service really needs to improve.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used Cisco ASA for Internet-facing Web applications, however, Check Point was used at the EDGE ( all user traffic to the internet), internal firewall ( all user traffic to datacenter), all internet traffic to PCI-DSS applications instead.

What about the implementation team?

Implementation was done with the help of Check Point's professional services.

What's my experience with pricing, setup cost, and licensing?

If you have the budget, it's a good idea to go for the Check Point Firewall.

Which other solutions did I evaluate?

We also evaluated Palo Alto.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1698246 - PeerSpot reviewer
System administrator at BINDER GmbH
User
Offers quality patches and hot fixes and has very clear logs
Pros and Cons
  • "The activation of additional features is very easy and well documented."
  • "The debugging of VPN tunnels is very stressful."

What is our primary use case?

We are using Check Point NGFW for controlling the traffic on our entire network. It controls the traffic and access of the networks and also the traffic outside of our network. The firewalls are used in and HA-Setup.  

The features we use are application and URL-filtering, anti-bot/virus, and sandboxing functions. It is also used for Site2Site VPNs and endpoint VPNs. For us, the Check Point NGFW is the center of network traffic and security. 

We use the new features of Check Point to reduce standalone systems. 

How has it helped my organization?

In the past few years, the attacks and risks have grown. That's why we introduced a NGFW. All the securtiy risks can be minimized with the product. Especially if you route the whole network trafiic over the firewall. You can filter malicious sites and traffic and can analyze the entirety of traffic. The URL filter works much better and is much stronger than our other previous solution. 

In the case of migrating or patching, it is very easy due to the fact that you can transfer the whole ruleset and settings from your old device. Patching is very easy and we've never had problems.

What is most valuable?

If you have an HA Setup you will have zero downtime. Teams and VoIP traffic will also not get stuck; you would notice anything while switching to the backup module. 

The quality of the patches and hotfixes is great. We never had any issues during or after patching. All patches and hotfixes are well documented and if you have any issues the KB is very helpful. 

The log is very clear and can be filtered very easily. If you need to analyze not only the connection you can use the CLI to dump TCP packets. 

The activation of additional features is very easy and well documented.

What needs improvement?

Sometimes, the firewall has its peculiarities which you have to know especially when you want to set up a Site2Site VPN with a third-party vendor - specifically if you want to set up IKEv2. 

The debugging of VPN tunnels is very stressful. Sometimes you don't know what the firewall negotiates with the other site, so you have to use the command-line for the VPN debugging. However, if you use both sites, the setup is very easy. 

The speed could be better when installing policy changes. In the beginning, we didn't have all features active. Now, it is all active and it takes some time to install. This is sometimes annoying if you forget a small change.

For how long have I used the solution?

We've been using this solution for several years. This is our 3rd Check Point firewall.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2025
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.