Try our new research platform with insights from 80,000+ expert users
reviewer1724517 - PeerSpot reviewer
Senior Infrastructure Technical Analyst at https://www.linkedin.com/in/robchaykoski/
User
Excellent management interface and logging facility with good stability
Pros and Cons
  • "By deploying Check Point, it has made it easier to manage everything from a single interface. The management dashboard and policies are on its single pane of glass."
  • "I would like to see better Data Leakage protection options and easier-to-understand deployment models for this."

What is our primary use case?

I protect customers and other types of data by ensuring a secure environment. Check Point allows me to deploy quickly and securely, along with using more advanced detection and prevention. By securing multiple sites and various infrastructure elements, I have reduced my overall workload.

I'm using a lot of permanent tunnels and protecting them to ensure that monitoring customer infrastructure is not compromised in any way, shape, or form.

Various hardware has been deployed at proper sizing for customers and the equipment is stable without the need for a lot of custom configuration

How has it helped my organization?

By deploying Check Point, it has made it easier to manage everything from a single interface. The management dashboard and policies are on its single pane of glass. This has allowed for faster resolution of problems during deployment.

Being able to look at log events and sort quickly for information in regards to problems with connectivity or traffic makes it easier to troubleshoot and gain other insights into traffic-related problems.

Overall, the insights provided also allow for data to be presented to customers to give them an overall perspective of their security.

What is most valuable?

The management interface is well designed and easy to understand. It reduces the time for deployment, changes, and onboarding new customers.

The logging facility is amazing and gives great insights into traffic. Although Event Management is also amazing, it can be cost-prohibitive for other companies to onboard.

The ability to deploy VPN communities makes onboarding new sites easy. Multi-site configurations can be deployed with very little oversight and with minimal additional work after the initial deployment is successful.

What needs improvement?

I would like to see better Data Leakage protection options and easier-to-understand deployment models for this. I have been working with DLP for a while now and find that other vendors seem to be doing better at this. That said, having to deploy another solution adds other costs.

Some error messages could be better and more specific. The days of generic error messages should be over by now to allow faster, better insights into fixes for any traffic-related problems.

Some of the sizings of firewalls for deployment seem not exact and require some tweaking based on real-world traffic and connectivity types (for example, PPPoE).

Buyer's Guide
Check Point NGFW
December 2024
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,875 professionals have used our research since 2012.

For how long have I used the solution?

I have been deploying Check Point firewalls for about 12 years and still work with them on many projects. I trust them to protect my infrastructure along with other tools.

I will continue to use Check Point as long as they keep pace with the innovation currently in place without sacrificing customer service.

What do I think about the stability of the solution?

The product is very stable once deployed.

What do I think about the scalability of the solution?

So far, no issues with scalability have been detected - other than hardware replacement on the growth of traffic

How was the initial setup?

The initial setup has some come complexities, however, that is the nature with multiple types of connectivity and different customer requirements.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: I am a partner with Check Point
PeerSpot user
reviewer1718679 - PeerSpot reviewer
Senior Network Engineer at Arvest Bank Group
User
Unstable with unreliable hardware and poor technical support
Pros and Cons
  • "The only area that Check Point still seems to excel in is their logging."
  • "Check Point's support, at all levels, needs a complete overhaul."

What is our primary use case?

Check Point firewalls are/were deployed in various parts of our network to achieve perimeter defense and internal network segmentation. 

In addition to the firewall functionality, each appliance also leveraged Check Point's IPS blades. The perimeter Check Point appliances were also responsible for terminating any and all site-to-site VPN connections with third parties. 

All traffic from remote locations, remote VPN users, and egress traffic to the internet is filtered through the Check Point equipment at some point in our network.

How has it helped my organization?

Check Point has not improved our organization. We have observed a sharp decline in the quality of both products and support. 

Over the last several years, there has not been a single week where we have not had an outstanding issue open with Check Point support's advanced tier teams. 

Initially, we had incredibly impactful issues regarding their scalable platform hardware (which is being discontinued in favor of Maestro) to the point we were forced to rip them out due to them being completely unreliable. 

Check Point support has also seen a significant drop in quality, despite my organization even being a Diamond Support customer with Check Point. We fully believe it would be a wiser investment of time to call Geek Squad rather than Check Point.

What is most valuable?

The only area that Check Point still seems to excel in is their logging. Reviewing logs on Check Point is a snappy and intuitive process that allows the end-user to filter down traffic to specifically what they're looking for very easily and even with little knowledge of Check Point. 

The ability to create filters on the fly in the GUI with simple clicks to various areas of the log is fantastic and allows one to find exactly what they're looking for with very little effort. Note that this is probably the only thing Check Point still has going for it.

What needs improvement?

Check Point's support, at all levels, needs a complete overhaul. The Check Point support staff aren't even shy about telling you how understaffed, underpaid, and underappreciated they are. Any engineer with a hint of talent is pulled from general support to higher tiers, and then, once they reach a level of competency above that of your average acorn, they leave for better-paying jobs elsewhere. 

My organization witnessed this first hand fighting through the lower tiers of support and working frequently with the scalable platform team. When we switched to Diamond Support we saw no significant improvement in support save for shorter hold times.

For how long have I used the solution?

I have personally used Check Point solutions for nearly ten years. My organization has used Check Point for 15+ years.

What do I think about the stability of the solution?

The solution is absolutely unstable. My organization follows vendor best practices exactly and has every deployment vetted by multiple levels within the vendor. Despite this, Check Point hardware has repeatedly proved unreliable at best, sometimes resulting in total outages for our company. 

Which solution did I use previously and why did I switch?

My current organization has used Check Point for the relevant past and is only recently completely switching vendors to Palo Alto.

What was our ROI?

All current Check Point hardware is destined for the recycle bin. There is a pretty low ROI.

What's my experience with pricing, setup cost, and licensing?

Most firewall vendors, Check Point included, make the selection of hardware easy enough based on projected usage. Likewise setup on many vendors in greenfield environments is simple enough and should not require professional services.

Which other solutions did I evaluate?

I was not involved with the initial deployment of Check Point in our environment as it was before my time. However, each subsequent deployment I have been involved in with Check Point was used based on the existing relationship. Once the issues became too impactful and we realized we had no hope of seeing any improvements we began efforts to rip out the existing Check Point equipment.

What other advice do I have?

Do not let Check Point's past success lure you into their current state of bottom of the barrel.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point NGFW
December 2024
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,875 professionals have used our research since 2012.
reviewer1026111 - PeerSpot reviewer
IT Security Manager at a retailer with 10,001+ employees
Real User
Highly secure, good performance, and reliable
Pros and Cons
  • "Check Point NGFW is easy to use, flexible and provides good performance. The security of the product is excellent, we do not have to do a lot of patching or upgrades because of vulnerabilities."
  • "The solution could improve by keeping more up-to-date with technology. For example, if Amazon releases something in the security field, Check Point should have integration or adoption of this feature a bit faster than it is today. Sometimes we can hear a lot of the marketing information about an attractive feature, which we would like to have, but the feature will be released in two years. This timeframe should decrease."

What is our primary use case?

We use the solution for a perimeter firewall, an internal segmentation firewall, and a routing device in our organization.

What is most valuable?

Check Point NGFW is easy to use, flexible and provides good performance. The security of the product is excellent, we do not have to do a lot of patching or upgrades because of vulnerabilities.

What needs improvement?

The solution could improve by keeping more up-to-date with technology. For example, if Amazon releases something in the security field, Check Point should have integration or adoption of this feature a bit faster than it is today. Sometimes we can hear a lot of the marketing information about an attractive feature, which we would like to have, but the feature will be released in two years. This timeframe should decrease.

For how long have I used the solution?

I have been using Check Point NGFW for approximately nine years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

This solution provides service for 50,000 employees in my organization.

How are customer service and technical support?

We have premium support which is different from regular support. We have had good experiences with the support.

Which solution did I use previously and why did I switch?

We have used BitScaler previously and use Check Point CloudGuard Network Security.

How was the initial setup?

The installation is easy. It can be installed through an image very quickly.

What was our ROI?

The solution has saved us a lot of costs from an operational perspective.

What's my experience with pricing, setup cost, and licensing?

There is an annual license required for this solution.

What other advice do I have?

I would recommend this solution. However, I would advise everyone to carefully evaluate their needs against this vendor and compare them with the competition. There is a lot of strong competition between Palo Alto and Fortinet. One could have an advantage over the other for a customer's specific use case.

I rate Check Point an eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sreegith Sreedharan Nair - PeerSpot reviewer
Senior Network Engineer at LTI - Larsen & Toubro Infotech
Real User
Centralized management, good VPN functionality, provides valuable insights into our traffic
Pros and Cons
  • "The SmartView monitor and SmartReporter help us to monitor and report on traffic."
  • "Integration with a third-party authentication mechanism is tricky and needs to be planned well."

What is our primary use case?

We have deployed Check Point firewalls for perimeter security and also for filtering East-West traffic. 

Check Point helps in improving perimeter security along with giving insights into different kinds of traffic and attacks.

Isolation between different tiers of APPs is critical for us and Check Point is utilized for handling high traffic volumes of East-West traffic.

We are leveraging the VPN module on the perimeter firewall for users to access the VPNs. VPN authentication is integrated with RSA for multi-factor authentication.

How has it helped my organization?

We have reduced the number of firewalls using the VSX cluster from Check Point. This reduced management overhead to a great extent. Also, the stability of clustered firewall helps us in meeting SLAs with clients.

Check Point firewalls can be tuned for one-off cases like allowing out-of-sync packets for a source-destination pair, which is a feature that helped us tackle application issues. 

We have deployed VPN firewalls in multiple data centers, which help with load sharing and redundancy for the VPN traffic.

Managing all of our user VPNs, customer VPNs, and Cloud VPN tunnels' endpoint encryption from a single management portal is helping us.

What is most valuable?

VSX helps to reduce the physical footprint on datacenter racks.

The SmartView monitor and SmartReporter help us to monitor and report on traffic.

Centralized management and management high availability give the ability to manage firewalls in a DR scenario. 

Features such as the ability to simultaneously edit the rule base by multiple admins and revert to a previous rule base revision are very useful.

Having a separate appliance for logging helps us in meeting the security audit requirements, without having an overhead on management.

What needs improvement?

Configurations can be complex in some situations and need experienced engineers for managing the solution.

Integration with a third-party authentication mechanism is tricky and needs to be planned well.

SmartView monitor can be enhanced to display granular details of gateways with a single click. Also, having the ability to generate alerts from the Smart Monitor would be a nice feature.

For how long have I used the solution?

We have been using Check Point firewalls for the last eight years.

How are customer service and technical support?

Support might take a long time to resolve issues in rare scenarios.

What other advice do I have?

My advice for anybody who is implementing this solution is to always keep an identical configuration, even interface statuses, in a VSX cluster before an upgrade to minimize upgrade failures.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Security Engineer at a tech services company with 10,001+ employees
Real User
Good support, granular policy configuration options, and a good VPN that facilitates remote working
Pros and Cons
  • "There are many useful features including the Office VPN, which provides us with a seamless connection for users who are working remotely."
  • "The study material for Check Point needs to be improved, as well as the cost for certification."

What is our primary use case?

The purpose of using the firewall is to protect the users from the external network, internet. Apart from that, we have set up IPsec tunnels between two different sites, and for internal usage, between two different zones, we use these firewalls as well.

Our environment consists of a 3-tier architecture, which is recommended by Check Point. We use the central management system to manage our 3-tier architecture, and we use the Smart Console as well.

How has it helped my organization?

This solution has improved the way our organization functions in multiple ways. For example, during the pandemic situation, things completely shifted. People who are working from the office are now working from home, and it is our responsibility, as network security engineers, to monitor the home users. We do not want them to access any blacklisted sites and we want to make sure that they are protected from threats and risks from the internet.

With the Office Mode VPN, it would not be possible to manage work from home because the security would not be in place. We have more granular security options with this firewall.

What is most valuable?

There are many useful features including the Office VPN, which provides us with a seamless connection for users who are working remotely. This is helpful for our employees that are working from home, as they get the same office environment as if they were on-premises. It is also helpful for us as an organization because we have good control and visibility over their data, including network traffic packets.

What needs improvement?

There are two major areas that need to be improved.

The study material for Check Point needs to be improved, as well as the cost for certification. One of my friends recently completed the certification and it was costlier than other firewall security certificates.

The reports are generally good but there is not much control. We would like to have more filters. Essentially, we want more granular reporting.

For how long have I used the solution?

I have been using Check Point NGFW since 2018.

What do I think about the stability of the solution?

There are no issues with stability that we have found. It is a good brand, and it is one of the oldest and finest firewalls on the market right now.

What do I think about the scalability of the solution?

Scalability is not a problem. It has both UI and CLI-based options to configure it, and it is not difficult to extend or scale. We have between four and six deployments and we plan to continue using it in the future. As we are growing, we will continue to expand its usage.

We have about 12 people working directly with Check Point NGFW. There are approximately 4,000 users who are indirectly using it, as their traffic passes through the firewall. It is used by the entire organization.

How are customer service and technical support?

We have support available from the Check Point TAC team. Our experience with them has been pretty good. We haven't had any issues or problems communicating with them or getting a solution from them.

Which solution did I use previously and why did I switch?

Prior to Check Point, we were using Cisco ASA.

The problem with Cisco ASA is that it is a purely CLl-based firewall. Check Point is not only UI and CLI-based, but it is also a next-generation firewall. It has many different and more advanced features, compared to Cisco ASA.

For example, in Cisco ASA, we can use only two gateways in active-active mode, but with this product, we can use five gateways at a time. Another difference is that the Cisco ASA policy configuration options are not as granular as Check Point.

How was the initial setup?

The initial setup process was very straightforward.

Our deployment took between seven and eight months, which included replacing our Cisco ASA firewall. It began with the planning, then implementation, followed by validation, and then we replaced the existing firewall. It would have been a little complex for us, but we did it all in a very straightforward manner.

What about the implementation team?

We have a very good in-house engineering team that does the setup and configuration. We did not require any third-party assistance because we have had full training on it.

Our deployment included seven or eight people who were working in different shifts. Similarly, we have three to four network security engineers working in shifts who maintain it. This includes things like dealing with tickets for updating policies.

What was our ROI?

We are happy with the return that we are getting from this firewall.

Rather than money, this product is saving the security of our organization. This is the first thing that we were looking for, before deploying this firewall in our organization. We know that ASA is cheaper than Check Point, but our concentration was making the environment more secure.

Cost-wise, it is more expensive than Cisco ASA, but the returns include better security and more granular options. We are happy with that. We were not looking to save money but rather, providing a safer environment for our users.

What's my experience with pricing, setup cost, and licensing?

The price of this product is not too costly and you do not need to pay for all of the features. It is more expensive than Cisco ASA, yet cheaper than a similar product by Palo Alto. The cost varies, depending on the service. For example, we have opted for Geo Protection, which is something that costs extra, but we wanted that feature.

Which other solutions did I evaluate?

We did not evaluate other options. We only compared the differences between our existing Cisco ASA implementation and Check Point.

What other advice do I have?

The biggest lesson that I have learned from using this product is that the TAC team is very knowledgeable and supportive. If I want to understand something or if I have doubts, then usually clear it up and make sure that I understand the logic. I have learned a lot from them.

This is a product that is rich in features and my advice for anybody who is deploying it for the first time is to learn about them in advance. It is a little bit different than a CLI-based firewall and I recommend learning about all of the features before deploying it.

At this point, we are happy with the results that we are getting from Check Point, and are not looking to replace it. It works as we were expecting before it was deployed.

I would rate this solution a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Director of Enterprise Solution at KMD Company Limited
Real User
Top 5
Offer robust protection for networks and data
Pros and Cons
  • "Check Point NGFW provides essential security, featuring no-obligation access for secure connections, strong intrusion prevention, and comprehensive antivirus protection."
  • "One area for improvement in Check Point NGFW is the support process."

What is our primary use case?

In our logistics setup, we employ Check Point NGFW across various critical areas. For instance, we use it to secure different database applications within our systems, ensuring robust protection for our operations. Whether it is managing updates, maintaining standby reliability, or enhancing system performance, Check Point NGFW plays a vital role in safeguarding our logistics infrastructure.

How has it helped my organization?

Using Check Point in our system has provided several benefits. Firstly, it ensures secure access for authorized users while preventing unauthorized access from public users. Secondly, it enables us to monitor application usage closely, identifying any suspicious activity such as repeated failed login attempts. 

What is most valuable?

Check Point NGFW provides essential security, featuring no-obligation access for secure connections, strong intrusion prevention, and comprehensive antivirus protection.

What needs improvement?

One area for improvement in Check Point NGFW is the support process. It can be challenging to open a technical support case through the customer portal, often requiring additional steps to open the case.

For how long have I used the solution?

I have been working with Check Point NGFW since 2015.

What do I think about the stability of the solution?

We have not experienced any major stability issues with Check Point NGFW.

What do I think about the scalability of the solution?

Check Point NGFW is fairly scalable.

How are customer service and support?

The technical support is decent. I would rate them as an eight out of ten.

How would you rate customer service and support?

Positive

How was the initial setup?

Setting up a new Check Point NGFW is generally straightforward for us. With our experience and familiarity with the process, we can handle it without encountering any significant issues. We are used to creating simulations and implementing improvements, which facilitates the setup process, even at an intermediary level. We usually require two engineers for the deployment process, along with additional resources like network switches, PCs, and testing equipment.

What's my experience with pricing, setup cost, and licensing?

The pricing for Check Point NGFW tends to be higher compared to other options in the market, especially for high-end models. In comparison with enterprise-grade firewalls like Palo Alto, Check Point is among the more expensive choices.

What other advice do I have?

My recommendation for organizations considering implementing Check Point NGFW is to prioritize selecting high-end models for optimal performance and security. Check Point NGFW offers robust protection for networks and data, allowing businesses to maintain their operations with confidence. Overall, I would rate Check Point NGFW as an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
PeerSpot user
DouglasSantos - PeerSpot reviewer
Junior Cyber Security Analyst | CCSE | CCSA | CC at Security4IT
Real User
Top 10
Good support, threat extraction, and analysis
Pros and Cons
  • "I haven't had any data leaks or vulnerability situations."
  • "It could be easier to manage the licenses on blades and contracts."

What is our primary use case?

I usually apply Check Point to protect my customer's environment as a main solution boundary gateway, DMZ gateway, LAN gateway, or VPN site-to-site with other Check Point appliances and other vendors. I do a Harmony Endpoint full integration. I use other tools such as threat prevention blades (like IPS and IDS), anti-virus, anti-bot, anti-malware, and the Sandblast solution.

How has it helped my organization?

I haven't had any data leaks or vulnerability situations. The NGFW has been working as it should! It's performing well and offers great security for me and my customers by protecting the environment. Administrators can easily follow and monitor security events, or the health status of the environment or appliance using Smarteview, SmartEvent, and the monitoring blade. We can look at CPU usage, disk space, and traffic and can see user history in real-time. 

What is most valuable?

The threat extraction is the most valuable aspect. It protects the final user and prevents them from falling into the trap of infected files. When a file needs to be downloaded by a machine user, this solution analyzes the file at the same time to send to the user a clean version of this file. If not infected, the real version is available. The threat emulation can scan the computer applications searching for malicious activities and block them according to policy.

What needs improvement?

It could be easier to manage the licenses on blades and contracts. If you have a large environment it will take too much time for your team to verify if all the licenses and contracts are correct and work well. Although it is possible to manage licenses using SmartUpate and SmartConsole, if there are issues, you can only fix them using an expert shell. Simplifying the process would help simplify the daily tasks of administrators.  

For how long have I used the solution?

I've been using the solution for two years.

How are customer service and support?

Technical support works well.

How would you rate customer service and support?

Positive

What's my experience with pricing, setup cost, and licensing?

NGFW is not a cheap solution, however, it does guarantee security. If the goal is to protect assets, using NGFW by Check Point helps immensely.

Which other solutions did I evaluate?

I use this in my company environment. I did not evaluate other options. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: I am security analyst and support my company environment and customer environment. I work with this solution daily.
PeerSpot user
Support at a security firm with 51-200 employees
User
Top 5Leaderboard
Nice portal, good security, and great dashboards
Pros and Cons
  • "The solution is easy to administer thanks to its dashboards. The monitoring is really useful."
  • "Currently, some prices are very expensive."

What is our primary use case?

We require local perimeter security in one of our workshops, which is why we require a new-generation firewall solution. The local equipment works for us to be able to provide perimeter security in our workshop.

Thanks to these Check Point Gateway devices and with the integration of many additional security solutions, we have protection against zero-day threats. In addition, we have the possibility of carrying out all the management from the Infinity security portal and can administer all our policies, view logs, and monitor devices, among other tasks.

How has it helped my organization?

Thanks to Check Point, we managed to carry out a better security implementation. By placing one in a workshop, we managed to solve issues with attacks and malware.

The solution is easy to administer thanks to its dashboards. The monitoring is really useful.

What is most valuable?

The most valuable aspects include:

  • Mobile security. Check Point NGFW includes mobile security features that enable you to secure mobile devices and protect against threats such as mobile malware and phishing attacks.
  • Scalability: Check Point NGFW is highly scalable and can support large networks with high traffic volumes. 
  • What needs improvement?

    The best improvements to be considered are:

    • Improvements in the time and attention given to solutions for generated cases.
    • Licensing that is more comfortable and affordable. Currently, some prices are very expensive.
    • In terms of language in the application, they could better facilitate the handling of others.

    For how long have I used the solution?

    This is an excellent product of the new generation, administered in the Infinity Portal. We have used the product for at least two years.

    Which solution did I use previously and why did I switch?

    Previously, we had not carried out verifications of other devices.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
    Updated: December 2024
    Buyer's Guide
    Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.