Check Point NGFW Reviews

Check Point NGFW is a solid, up-to-date solution that helps protect the network infrastructure, resolving unauthorized access, attacks, and access to the infrastructure by cyber attackers.

We've been pleased to use Check Point's security tool.

To shield our perimeter, we decided to acquire a security manufacturer that would provide its gateway security applications both on-premise and in Microsoft Azure, for which Check Point, with its GW tool, fulfilled what was required to improve perimeter security.

Check Point NGFW gives us granular security with its intuitive policies, application control, monitoring, logs, and a wide range of blades that can be purchased and included in this tool, providing a more integrated and centralized security to improve infrastructure protection.

With this, we can use S2S VPNs to communicate with other sites. We can monitor and protect with Check Point.

There are several ways to implement it. In our case, we use an HA solution, a Check Point cluster that safely provides us with work continuity.

The characteristic that has caught our attention the most is its easy implementation in Microsoft Azure. Under a template, the tool can be provisioned with the best practices. Its licensing can be BYOL or PAYG through Microsoft Azure where it can be licensed on a monthly basis.

The different implementation options create wide variability for users.

This security tool is also up-to-date against the most modern threats, constantly being updated globally to provide intelligence accumulated by other devices worldwide to combat computer insecurity.

The tool is somewhat more expensive than its competitors. It could equalize the costs a little to be able to be more competitive.

On the other hand, Check Point documentation does not always help easy implementation for new users or amateurs in the security field.

Finally, the support must be improved. They need to improve times and schedules and solve both in local applications and in the cloud. Sometimes a solution is extended in the newest tools. Sometimes it is better to investigate one on your own than to wait for a Check Point solution.

We have used this Check Point NGFW for about three consecutive years. We have improved the technical capacity of the staff to use it. It's an excellent tool.

We used Cisco and Fortinet as tests. Check Point seems more robust.

A Check Point vendor is necessary to be able to address licensing properly.

I'd recommend carefully validating the documentation and carrying out test environments before implementing NGFW solutions in production to see the pros and cons that are generated in your infrastructure.

We evaluated various options, including security upgrades, performance, and Gartner ratings, to make the decision.

It is an expensive tool. It's very good and effective. If you have the option or facility to acquire it, I recommend you try it first and you will love it.

Currently, we have a need for security when it comes to protecting the company's infrastructure on a perimeter basis. We need to cover many branches that must be protected and require a solution that provides us with technological security solutions that allow us to establish and configure in a simple and centralized way for each of the branches.

As a result, we have searched for solutions that meet these requirements, in addition, we are seeking out solutions with technological innovation capabilities constantly.

Check Point has given us the ability to comply with regulations and with capacities in a way that we never could before. Not only have we managed to secure our network, our infrastructure, and our equipment - we have also managed to gain analysis and additional configurations in each of the complex procedures that are carried out daily.

The Next Generation firewalls are quite flexible in many of their characteristics. These devices have blades or sections or small spaces where they have additional features that we can use. That way, we are not only protecting our organization and other branches that belong to our company - we also have other features if the need arises. These are the features that will always help us to put safety first in our organization.

In the future, some of the features that I would like to see would be the ability to integrate environmental solutions such as the metaverse or blockchain so that we can see them also in applications directly and on mobile devices or natively. 

I've used the solution for three years.

We are using Check Point Next-Generation Firewalls to protect and prevent our corporate network and infrastructure from attackers.  We are using NGFWs to filter unwanted and malicious traffic from the internet. Check Point NGFWs provide Layer 7 or application layer monitoring and detection. 

It is a stateless firewall which examines packets deeply and detects any malware or malicious URLs. It greatly protects our infrastructure by acting as a perimeter for our organization. 

Moreover, it has log ingestion and deep packet analysis capabilities. 

Check Point Next-Generation Firewalls improved the security posture of our organization by detecting, analyzing, and blocking unwanted traffic. It blocks any malicious files, processes and URLs due to having deep packet inspection and monitoring. 

Check Point firewalls not only detects anything malicious against it's signatures rather it analyses and monitors all processes running on different machines to detect anything wrong and then block those processes or URLs. 

Log storage gives us insights when required. 

Deep packet inspection, Layer 7, and application layer monitoring and detection are the great features of Check Point Next-Generation Firewalls. They greatly improve and protect an organization, its staff, and its resources. 

Check Point's SmartConsole is a great tool for admins as all firewalls can be centrally managed and all policies can be pushed as and when required by using SmartConsole. Log ingestion and threat hunting are also great functions in Check Point firewalls that enhances and improves a security posture. 

The SmartConsole to manage Checkpoint Next Generation Firewalls takes a long time to load and gets stuck sometimes. It could be due to a lot of rules and policies defined on the firewalls. However, SmartConsole software needs to be improved by having some more functions to make an admin's life easier. 

Log queries are slow and take time to load. 

Query functions need to be improved and should be quick to give the required information. 

There should be filters having drop-down options to use and select during log analysis. 

I have been using Check Point firewalls for more than two years. 

We've been using Check Point Firewalls for about nine years, from the early Nokia boxes to the most recent OpenServer architecture. Next year we're finally going to upgrade to an appliance directly from Check Point.

Check Point Next-Generation Firewall (NGFW) is a very good firewall. It is one of the best firewalls that I have used. I would rate Check Point Next-Generation Firewalls (NGFWs) a nine out of ten. 

Also, Check Point has a great architecture, where you can just enable the software blades and deploy a secure service. 

Overall, it provides ease of deployment and ease of use.

All in all, I'm delighted with their security solution. Making configuring numerous layers of security policies easy to use was always one of the things I liked most about their firewall solution. 

You have multiple security layers that build upon each other, from the traditional security policy that is IP and port-based to application security, intrusion prevention, and their latest sandblast cloud-based malware detection. Everything is easily managed through their "SmartConsole" dashboard. 

It's valuable as a next-level network security appliance for your enterprise.

It comes with advanced features like web filtering, app filtering, user-based policies to restrict web and application uses, tunneling, restricting bandwidth uses according to policy, load balancing, etc., and helps to cover almost all network security requirements.

Our IT team has installed a firewall on all of our company's workstations and laptops to keep our own data and our customer's data secure. This program runs in the background and I don't even notice it, but it keeps me secure at work.

Configuration using the command line is not that simple and user-friendly.

There is no email security.

It's a bit confusing to configure at first. An example is having to set up separate source and destination NAT rather than a simple static mapping. Some configurations require accessing multiple different sections rather than being consolidated in one area. License subscriptions are a bit confusing as well for additional features.

The CLI is not very useful.

There's no option to import bulk address objects.

The firewall default rule 0 blocks rule matches to allowed traffic, even though allow rule is written.

I started using this solution in 2009.

I am very satisfied with this product.

I have been using Check Point firewalls for a few years now and I enjoy the interface.

It also integrates great with our other security tools.

The GUI is much more user-friendly than other Firewall vendors.

I use Check Point Next-Generation Firewalls since things are automated and updated frequently. I did not use a different solution. 

It's not the cheapest solution, however, it's one of the most advanced and competent.

I am not responsible for our manager's choice of this product. He said it's the best product to secure our network. 

Check Point licenses work very differently compared to other vendors. We need to purchase each blade in order to make it work, however, we can easily obtain a trial (evaluation) license from Check Point to get visibility for the blade. Check Point tries to maintain relationships with customers and they try to match their price with customer expectations.

We initially started using the Check Point device for the VPN blade.  

After using the VPN blade for several months and using the hardware interface we found it very easy to use.  

The small business hardware device was powerful and easy to set up. We started using the firewall and Nat shortly after that. 

Having additional features like the threat prevention that has IPS antivirus antibot and threat emulation we're all added bonuses. This also gives us a piece of mind for the safety of our business.  

Securing our organization was our main goal. Check Point, with threat prevention which includes IPS antivirus antibot and threat emulation has better secured our business from the internet.  

With the auto-updates made simple and knowledgeable support personnel, it has freed up our time to focus on other IT strategies.  

Utilizing the Check Point support team has allowed us to configure and use other money-saving features like VPN tunneling to remote offices, while still remaining secure in our systems.

Check Point VPN has been most valuable to our organization. Having a hardware solution that allows our remote users to connect securely to our business is extremely valuable. 

The ease of use, setup and configuration backed by the knowledgeable support of Check Point has made this a smooth and easy setup. Our users can get connected securely, anywhere. When connected with our Check Point VPN endpoint, users get the same security and prevention from the threat prevention module as the rest of the devices on our network.

As a small business, IT expenditures are always a tough call and hard sell. With every business connected to the internet these days, firewalls and threat prevention are very important for any business of any size. Check Point's small business devices are a great fit for most any business. However, including some sort of menu or grouping for VOIP would help the small business area that has limited support. Check Point support is very knowledgeable and can also help in this area as they've helped our business evolve as well.

I've been using the solution for 20 years.

The hardware units are solid. It is a stable solution. While you're subscription is active checkpoint fully supports your hardware and will replace if you have any uncorrectable issues.  After 20 years, I've only had to do a hardware replacement once.  Once setup, they just do what their supposed to do.

The solution is very scalable. Configurations can be imported to other units.  Many levels of hardware and software are available.

Customer service has always been very knowledgeable about their products.

Positive

We used to use Norton VPN. We switched due to the fact that we had issues with the system.

The product offers a simple basic setup.

We handled the implementation in-house.

There are different levels of protection and yearly maintenance on offer.

We did not evaluate other options previously. 

The support is great.

Check Point offers excellent security.

Check Point is a bit difficult to use and manage so it would be nice to see some improvement in those areas.

This is a stable solution.

This is a scalable solution. We have about twenty customers that are using the solution currently.

I have not needed to contact support.

The initial setup was a bit complex only because there are no vendors to help with the installation requiring you to need to be trained.

Other competitors would be Fortinet and Palo Alto.

Check Point is more complex than Fortinet and less complicated than Palo Alto.

I would recommend this solution to anyone with an eye for security and would rate it a seven out of ten.

I use the solution for VPN mostly, for the IDS and prevention and detection. I use it for security exploits, like HTTPS exploits.

I also use Check Point NGFW as a federation. I use it to connect to my other sites. We have five of them, mostly in cities where we need a high bandwidth.

I use it as well as a VM. We use it a lot because we have all fiber optic connections, so we could use almost all of that. The federation is beautiful because I can transfer all traffic to my main site where I can use just one link to the internet, and I can use it as a proxy as well. It is good to keep control and security.

In terms of what could be improved, we have a cluster with two nodes and usually we have some problems when process gets really high and it has to choose which services it keeps going. I would like to have a better solution here, like if instead of just one we could use both at the same time. It would be good if it could work together. Then when one has a failure or something like that, the other one is there to transfer, to take all the services and keep working. They have an integration between the nodes but I would like to use both of them working together. In the solution they could both be active, instead of active and passive. I would like them to add backup features to Check Point Firewall.

Many companies are going to the cloud. In future releases, it would be nice to have a cloud integration so we could work in a hybrid form for some years, like some services in the cloud and others on-premises. So it would be nice to have some features in this sense.

I've been using Check Point NGFW since 2018. For two years now.

It is stable.

I couldn't tell you about the scalability. I don't know. I know that we can use a federation, but I think it is scalable because we can buy additional licenses. As I mentioned, right now we have five working together, but we can buy until 50 or a 100, so I guess that it is scalable because you can keep increasing.

The initial setup is hard. We came from another Cisco solution and even then it is hard, especially talking about the traffic. So we had to inspect the traffic and sometimes we had to do a lot of configurations. It would be nice if it was easier.

It took about three months to deploy.

It would be nice if it was easier to set up and to maintain.

Right now we keep a contract with a company in Brazil, so we hardly talk to Check Point itself and we don't like it very much. In most cases we have to search and look into the database to really find the solution, so it could be better.

I'd say that Check Point NGFW is a good product but it's hard to set up and keep it going, so we had to invest in some training and we have to keep at least two employees just to keep it working.

On a scale of one to ten, I would give Check Point NGFW an eight.

Our organization implements, maintains, and operates Check Point's firewall. 

Check Point solutions were implemented by our organization in accordance with the project documentation and further adjusted at the request of the customer. 

We ourselves also use a Check Point firewall in conjunction with a firewall from another vendor - both to protect our network perimeter and to test various functions and new emerging firewall capabilities and identify various bugs before they reach customers in the product environment.

We and our customers use almost the entire palette of capabilities of the firewall solution from Check Point. We use almost every feature, from anti-spoofing and network segmentation to URL filtering and intrusion prevention systems. We also willingly use virtual private networks from Check Point, both site to site and client to site. We also leverage the antivirus blade and anti-DDoS attacks. Some of our customers use Check Point capabilities for mobile devices, which are also successfully implemented in the firewall.

We found a very successful implementation of the virtual private network client, since, for some time now, everyone has been working from home. With the firewall from Check Point, this function is implemented very conveniently and securely. 

A convenient new version of the firewall management console, which, starting with the R80 version, has become standard for many Check Point blades, however, unfortunately, not for all. You still need to use older consoles to manage some features. For example, to access the monitoring blade, I need the old console, but the new console should start it.

You need to merge all the old consoles into one new one and make the interface more convenient for the novice administrator. Until now, the initial settings as well as subsequent changes to the "iron" part of the firewall, namely its interfaces, routing, or DCCP settings, you must use the web interface through a browser. This is inconvenient. Of course, you can use the command-line for these purposes, however, this also complicates the configuration process for the administrator and requires a well-known habit.

I've used the solution for six years.

There is room for improvement in terms of stability.

The scalability is great.

Technical support could sometimes be better.

Neutral

I have used and still use solutions from Sophos, however, in Check Point, some functions are implemented more conveniently. For example, work with logs.

Before installing, I recommend to go through the training.

I handled the implementation myself.

The ROI is good.