What is our primary use case?
We use it as a firewall solution with built-in VPN capabilities, anti-virus, and malware detection. It has good blocking abilities and is easy to set up and maintain.
They allow VOIP traffic to pass through the firewall as well to onsite PBXes. The firewalls themselves are for SMB environments, with between five and 25 users at different sites and in different states.
Employees regularly work from home, so a VPN solution is a necessity to allow for remote file shares and or/remote desktop through a encrypted VPN tunnel.
How has it helped my organization?
With the added ability to have multiple VPN methods to connect, the solution has worked well for remote workers who are either utilizing the Check Point VPN client or the SSL VPN web client.
The throughput with full threat detection is adequate for the Internet circuit installed at most of the client locations and is in fact better than the previous firewall solution.
The support has been great whenever Check Point has been contacted. They help resolve an issue or explain how to perform some necessary action.
For the most part, the NGFW is easy to understand and set up and there are, of course, advanced options if a non-standard problem arises.
What is most valuable?
The reporting feature has been helpful to get a quick understanding of network traffic and threats identified. Even if a false positive is identified, it's been helpful to perform more of a deep dive into what triggered the detection and to certify that there is a problem or that there isn't a problem.
Anti-virus and anti-malware on the NGFW device have been pretty solid and have caught many threats before they entered the network.
The event logs are relatively informative and can provide information on why traffic was accepted or rejected.
What needs improvement?
Geo-blocking would be very useful. There are too many attempts to infiltrate by non-country users. I can block access by IP address or IP network, however, a country-level blocking would be more useful and much quicker to implement.
It would also be nice to have a smaller home user device that could automatically contact the main firewall and establish a VPN connection. This would be great for remote users to secure their work PC at home.
On the front page of the appliance, it lists current threats identified. It would be helpful if clicking on the threat took you to the exact logs instead of showing all host logs as you still have to scroll through the host logs to find the information you are looking for.
For how long have I used the solution?
I have been using Check Point since 2016. It's been a little over five years.
What do I think about the stability of the solution?
We've had very few issues; the builds themselves haven't had any issues.
What do I think about the scalability of the solution?
The solution is very scalable; Check Point has a variety of NGSW devices that can scale with the user base.
How are customer service and support?
Support is excellent, quick to respond, and quick to provide a resolution to any problem.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We used Watchguard. We switched due to the threat protection and we felt that Check Point did a better job of providing protection.
How was the initial setup?
The initial setup is straightforward and plug and play for a basic configuration to get you started. You can then begin building the NAT and policy rules, which are easy enough to do.
What about the implementation team?
We implemented the solution in-house.
What was our ROI?
The malware blocking capabilities more than paid for the cost of the device and license.
What's my experience with pricing, setup cost, and licensing?
I'd advise users to size their appliance correctly before purchasing it.
Which other solutions did I evaluate?
We did not evaluate other options.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.