Check Point NGFW Reviews

We use it to provide security to our environment from the outside world. We are using it to provide security against vulnerabilities using threat prevention, Antivirus, and IPS.

In advance, we get security vulnerabilities. So, we can configure new security policies, update our antivirus, or check the configuration to protect the environment.

We like the centralized management for configuring multiple firewalls. It also gives us the Antivirus, threat prevention, and vulnerability tests. These four features protect the environment with security checks. Vulnerability tests allow us to configure changes that can protect the environment.

The Antivirus feature is something that could be improved. We don't get much from the Antivirus update in comparison to their competitor's firewalls. It needs to be more advanced because Check Point is nowadays sent all over the world. Therefore, the Antivirus feature should be of very good quality and cover all virus checks. I would also like the Antivirus updates to be more frequent.

I have been working with it for the last seven years.

It is a very stable firewall. The updates that we get from this Check Point Firewall are also very stable. 

The scalability is good.

There are more than 10,000 users. The Check Point Firewall is deployed through the company.

All their technical people are very solid in their knowledge.

I have used Cisco ASA and FTD. We switched from Cisco ASA to Check Point because there were no antivirus, vulnerabilities, or security prevention features. Check Point has more advance features, which are easier to use, than Cisco.

We also had to install IPS devices with Cisco.

The initial setup was straightforward. It was not too difficult to deploy the Check Point firewall. Deployment takes between 12 to 15 months.

We have done a cloud-based deployment throughout our network.

We did the deployment ourselves. We have onsite specialists who have done many deployments.

20 people take care of the deployment and troubleshooting of this firewall.

There is a money saving because we no longer require other devices, like an IPS, a separate antivirus, or vulnerability tests. We get all the devices within a single tool. Before, we would have different teams taking care of different devices. Now, we take care of only one device, which is another source of savings. We have saved a lot of money with this solution.

The prices are good for its features. The benefit of its license is we get timely security prevention updates. The price is good for the technology that we get.

This is a good solution. I would recommend to take advantage of as many features as you can. It has many features, and to protect security, you should use all the best features that you can.

As soon as the company will grow, we will definitely increase our usage of the firewall. We have already increased our usage due to employees working from home.

The biggest lesson that I learned is we can use the features of a firewall security to protect our environment. Also, rather than deploying multiple firewalls, we can configure a centralized management system, and this saves time.

I would rate this solution an eight out of 10.

I usually apply Check Point to protect my customer's environment as a main solution boundary gateway, DMZ gateway, LAN gateway, or VPN site-to-site with other Check Point appliances and other vendors. I do a Harmony Endpoint full integration. I use other tools such as threat prevention blades (like IPS and IDS), anti-virus, anti-bot, anti-malware, and the Sandblast solution.

I haven't had any data leaks or vulnerability situations. The NGFW has been working as it should! It's performing well and offers great security for me and my customers by protecting the environment. Administrators can easily follow and monitor security events, or the health status of the environment or appliance using Smarteview, SmartEvent, and the monitoring blade. We can look at CPU usage, disk space, and traffic and can see user history in real-time. 

The threat extraction is the most valuable aspect. It protects the final user and prevents them from falling into the trap of infected files. When a file needs to be downloaded by a machine user, this solution analyzes the file at the same time to send to the user a clean version of this file. If not infected, the real version is available. The threat emulation can scan the computer applications searching for malicious activities and block them according to policy.

It could be easier to manage the licenses on blades and contracts. If you have a large environment it will take too much time for your team to verify if all the licenses and contracts are correct and work well. Although it is possible to manage licenses using SmartUpate and SmartConsole, if there are issues, you can only fix them using an expert shell. Simplifying the process would help simplify the daily tasks of administrators.  

I've been using the solution for two years.

Technical support works well.

Positive

NGFW is not a cheap solution, however, it does guarantee security. If the goal is to protect assets, using NGFW by Check Point helps immensely.

I use this in my company environment. I did not evaluate other options. 

Check Point NGFW is a solid, up-to-date solution that helps protect the network infrastructure, resolving unauthorized access, attacks, and access to the infrastructure by cyber attackers.

We've been pleased to use Check Point's security tool.

To shield our perimeter, we decided to acquire a security manufacturer that would provide its gateway security applications both on-premise and in Microsoft Azure, for which Check Point, with its GW tool, fulfilled what was required to improve perimeter security.

Check Point NGFW gives us granular security with its intuitive policies, application control, monitoring, logs, and a wide range of blades that can be purchased and included in this tool, providing a more integrated and centralized security to improve infrastructure protection.

With this, we can use S2S VPNs to communicate with other sites. We can monitor and protect with Check Point.

There are several ways to implement it. In our case, we use an HA solution, a Check Point cluster that safely provides us with work continuity.

The characteristic that has caught our attention the most is its easy implementation in Microsoft Azure. Under a template, the tool can be provisioned with the best practices. Its licensing can be BYOL or PAYG through Microsoft Azure where it can be licensed on a monthly basis.

The different implementation options create wide variability for users.

This security tool is also up-to-date against the most modern threats, constantly being updated globally to provide intelligence accumulated by other devices worldwide to combat computer insecurity.

The tool is somewhat more expensive than its competitors. It could equalize the costs a little to be able to be more competitive.

On the other hand, Check Point documentation does not always help easy implementation for new users or amateurs in the security field.

Finally, the support must be improved. They need to improve times and schedules and solve both in local applications and in the cloud. Sometimes a solution is extended in the newest tools. Sometimes it is better to investigate one on your own than to wait for a Check Point solution.

We have used this Check Point NGFW for about three consecutive years. We have improved the technical capacity of the staff to use it. It's an excellent tool.

We used Cisco and Fortinet as tests. Check Point seems more robust.

A Check Point vendor is necessary to be able to address licensing properly.

I'd recommend carefully validating the documentation and carrying out test environments before implementing NGFW solutions in production to see the pros and cons that are generated in your infrastructure.

We evaluated various options, including security upgrades, performance, and Gartner ratings, to make the decision.

It is an expensive tool. It's very good and effective. If you have the option or facility to acquire it, I recommend you try it first and you will love it.

Check Point NGFW proved to be highly scalable, secure, and stable, among other alternatives of multiple firewalls present in the market.

At an organizational level, the integration and implementation of Check Point NGFW took place on a priority basis due to data and system security concerns against malware and phishing attacks.

Check Point NGFW bifurcates, channels, and segregates the internal network and builds a secure VLAN, and separates it for every department.

Check Point NGFW is highly scalable and provides end-to-end resolution and customized productive service making Check Point NGFW more promising and user-friendly than its alternatives and services like navigation, control, and filtering ensure that all users stay connected to business applications and restrict traffic.

At the organizational level, the integration and implementation of Check Point NGFW took place on a priority basis based on our data and system security concerns about malware and phishing attacks.

Check Point NGFW bifurcates, channels, and segregates internal networks. It builds a secure VLAN and separates it for every department.

It's scalable and provides end-to-end resolution. It offers services like navigation, control, and filtering and ensures that all users stay connected to business applications while restricting traffic.

Check Point NGFW is great for data and system security management against malware and phishing attacks.

Check Point NGFW Firewall requires frequent updates to build more user-friendly dashboards. They need to begin the implementation of more active VPN support.

A few services of Check Point NGFW require immediate improvements, like the customer support portal and the ads management on the platform. These services need to be improved to help ensure mass adoption of Check Point NGFW.

Check Point NGFW Protects from all types of internal and external attacks, and it is easy to use. 

The integration of Check Point NGFW in my organization has taken about 1.5 years or so, and it's still going smoothly.

I haven't gone through any other platforms or solutions. However, these platforms have become a key part of our organization & work management.

Check Point NGFW is a highly scalable and secure solution that is user-friendly. It is up to the mark in terms of data and system security management. Potential users should just go for it. 

I haven't personally evaluated other solutions via reviews from some software review websites.

Go for Check Point NGFW. It's the best among market alternatives and is a must-have solution for professionals.

We use Check Point as well as Cisco. The firewall is used in order to continue filtering with VMware VMotion on different data centers. 

We have several data centers that are stretched. Our Check Point firewalls are used to filter north/south traffic.

With BGP on Gaia, when one of the clusters is unreacheable, the traffic is rerouted to another cluster. 

We also use VSX which is really a very good product for macrosegmentation.

The management of the firewall and advanced routing is great. It's easy to use and troubleshoot.

We need east/west Check Point firewalls in order to do micro-segmentation. A good solution for us is a solution that can be installed on différent systems (Linux, Windows K8S, bare metal, etc.) and can have centralized management.

Troubleshooting is also a big feature that will be necessary in this use case. 

I've used the solution for many years.

We also looked at Ciscos ASA and Fortigate.

We use it as a firewall solution with built-in VPN capabilities, anti-virus, and malware detection. It has good blocking abilities and is easy to set up and maintain.  

They allow VOIP traffic to pass through the firewall as well to onsite PBXes. The firewalls themselves are for SMB environments, with between five and 25 users at different sites and in different states.  

Employees regularly work from home, so a VPN solution is a necessity to allow for remote file shares and or/remote desktop through a encrypted VPN tunnel.  

With the added ability to have multiple VPN methods to connect, the solution has worked well for remote workers who are either utilizing the Check Point VPN client or the SSL VPN web client.

The throughput with full threat detection is adequate for the Internet circuit installed at most of the client locations and is in fact better than the previous firewall solution.

The support has been great whenever Check Point has been contacted. They help resolve an issue or explain how to perform some necessary action. 

For the most part, the NGFW is easy to understand and set up and there are, of course, advanced options if a non-standard problem arises.

The reporting feature has been helpful to get a quick understanding of network traffic and threats identified. Even if a false positive is identified, it's been helpful to perform more of a deep dive into what triggered the detection and to certify that there is a problem or that there isn't a problem.

Anti-virus and anti-malware on the NGFW device have been pretty solid and have caught many threats before they entered the network.

The event logs are relatively informative and can provide information on why traffic was accepted or rejected.

Geo-blocking would be very useful. There are too many attempts to infiltrate by non-country users. I can block access by IP address or IP network, however, a country-level blocking would be more useful and much quicker to implement.

It would also be nice to have a smaller home user device that could automatically contact the main firewall and establish a VPN connection. This would be great for remote users to secure their work PC at home.

On the front page of the appliance, it lists current threats identified. It would be helpful if clicking on the threat took you to the exact logs instead of showing all host logs as you still have to scroll through the host logs to find the information you are looking for.

I have been using Check Point since 2016. It's been a little over five years.

We've had very few issues; the builds themselves haven't had any issues.

The solution is very scalable; Check Point has a variety of NGSW devices that can scale with the user base.

Support is excellent, quick to respond, and quick to provide a resolution to any problem.

Positive

We used Watchguard. We switched due to the threat protection and we felt that Check Point did a better job of providing protection.

The initial setup is straightforward and plug and play for a basic configuration to get you started. You can then begin building the NAT and policy rules, which are easy enough to do.

We implemented the solution in-house.

The malware blocking capabilities more than paid for the cost of the device and license.

I'd advise users to size their appliance correctly before purchasing it.

We did not evaluate other options. 

Our network security is based heavily on Check Point products. We secure our Internet gateway with Check Point. We also secure our production and other very important systems and solution that are mission-critical with Check Point NGFW. For an extra layer of security, we heavily use Check Point Identity Awareness to make Client IP-based rules obsolete. We control the access via dedicated Active Directory Security to groups. These user groups are used instead of IP Client Subnet ranges, increasing our security.

The Check Point Management makes troubleshooting and log analytics very comfortable. Our Engineers only need a few seconds to see if a connection is dropped or allowed, et cetera. This makes fulfilling these standard tasks easy for the operation team. The easy ruleset management helps us not lose the overview over the Check Point Firewall (NGFW) rulesets in daily operation. Good security should always be simple and clean and this product helps to make our environment more secure against any attacks from the outside.

We are using the classic firewalling, the Intrusion Preventions System (IPS) and we also use Check Point Identity Awareness. The most useful feature is for sure the classic firewalling, however, we could get this feature also from other vendors. The most valuable feature is the highly integrated NGFW features such as the IPS or Check Point Identity Awareness, which makes Check Point the best choice on the market. They have been leading the market for 20 years. This is deserved, in our opinion.

Check Point, of course, has flaws. As a Check Point Engineer, you must also be a Junior Linux Engineer as many things are happening on the command line in daily operation and almost all the time during troubleshooting. This makes learning Check Point a little bit harder than other firewall brands. The licensing was always a pain and is still a pain to deal with. 

For the next release, we would like to have better ruleset cleanup tools that are already included. It would make security management tools obsolete.

We've used Check Point for almost ten years.

We are using this solution for the security enhancement of our internal company network. This is to protect our customers as well as internal users from the untrusted network or outside world.

I am using the physical appliances of Check Point Firewall as well as virtual machines (VMs). We are using the same versions of R80 on our VMs that we are using for our physical appliances.

It saves a lot of manpower. If we have centralized management, then we do not require as many members on our team. So, this is a cost saving feature. If there wasn't centralized management, we would need 30 members instead of 11 members for our team. 

The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them. 

It has various features, like Threat Prevention and Antivirus. It is easier to use and have knowledge of a single device rather than multiple devices/technologies when doing an installation. It is also easy to use because of having Antivirus and Threat Prevention features within the same firewall.

I would like the user interface to be more user-friendly. I want the UI to be easier to use than Check Point's competitors. 

We have been using this technology for the last four years.

Check Point is the one of the most trusted vendors in the market. All the Checkpoint Firewall updates are very nice. We get the updates every months, and they are very stable updates.

The solution is very scalable. It is easy to expand it, if required. and doesn't take too much time. It also doesn't require too much manpower.

There are 2000 to 4000 people who are indirectly using Check Point Firewall.

It is always a good experience to work with their technical support. They are knowledgeable, always finding a solution. If we send them a bug, they fix it as soon as they can. 

I previously used Cisco ASA Firewalls for network security. 

Check Point is more advanced in comparison to Cisco Firewall. It has many good features, like central management, Threat Prevention, and Antivirus included in one device. With Cisco, we didn't have that.

The setup is straightforward, not complex; it was a simple setup. For the physical firewall, we just required a physical appliance, then we set it up according to our requirements. We had the complete setup guidelines. We used the three-tier hierarchy, which is standard and recommended for Check Point. We could also purchase service from Check Point to assist with the setup process. So, it was a good experience.

Our deployment took six to eight months.

We didn't require Check Point's help during deployment. After deployment, we did require their help for critical cases.

This product provides a complete return on investment. It gives us the level of security that we expect and should have.

The pricing and licensing part is something that could be improved. Check Point license and pricing are a bit higher compared to competing firewalls. I think they can work on that.

We didn't require an evaluation process. We knew that we had to go for Check Point.

I would rate the solution an eight out of 10.