Check Point NGFW Reviews

We are using Check Point Next-Generation Firewalls to protect and prevent our corporate network and infrastructure from attackers.  We are using NGFWs to filter unwanted and malicious traffic from the internet. Check Point NGFWs provide Layer 7 or application layer monitoring and detection. 

It is a stateless firewall which examines packets deeply and detects any malware or malicious URLs. It greatly protects our infrastructure by acting as a perimeter for our organization. 

Moreover, it has log ingestion and deep packet analysis capabilities. 

Check Point Next-Generation Firewalls improved the security posture of our organization by detecting, analyzing, and blocking unwanted traffic. It blocks any malicious files, processes and URLs due to having deep packet inspection and monitoring. 

Check Point firewalls not only detects anything malicious against it's signatures rather it analyses and monitors all processes running on different machines to detect anything wrong and then block those processes or URLs. 

Log storage gives us insights when required. 

Deep packet inspection, Layer 7, and application layer monitoring and detection are the great features of Check Point Next-Generation Firewalls. They greatly improve and protect an organization, its staff, and its resources. 

Check Point's SmartConsole is a great tool for admins as all firewalls can be centrally managed and all policies can be pushed as and when required by using SmartConsole. Log ingestion and threat hunting are also great functions in Check Point firewalls that enhances and improves a security posture. 

The SmartConsole to manage Checkpoint Next Generation Firewalls takes a long time to load and gets stuck sometimes. It could be due to a lot of rules and policies defined on the firewalls. However, SmartConsole software needs to be improved by having some more functions to make an admin's life easier. 

Log queries are slow and take time to load. 

Query functions need to be improved and should be quick to give the required information. 

There should be filters having drop-down options to use and select during log analysis. 

I have been using Check Point firewalls for more than two years. 

We use it as a firewall solution with built-in VPN capabilities, anti-virus, and malware detection. It has good blocking abilities and is easy to set up and maintain.  

They allow VOIP traffic to pass through the firewall as well to onsite PBXes. The firewalls themselves are for SMB environments, with between five and 25 users at different sites and in different states.  

Employees regularly work from home, so a VPN solution is a necessity to allow for remote file shares and or/remote desktop through a encrypted VPN tunnel.  

With the added ability to have multiple VPN methods to connect, the solution has worked well for remote workers who are either utilizing the Check Point VPN client or the SSL VPN web client.

The throughput with full threat detection is adequate for the Internet circuit installed at most of the client locations and is in fact better than the previous firewall solution.

The support has been great whenever Check Point has been contacted. They help resolve an issue or explain how to perform some necessary action. 

For the most part, the NGFW is easy to understand and set up and there are, of course, advanced options if a non-standard problem arises.

The reporting feature has been helpful to get a quick understanding of network traffic and threats identified. Even if a false positive is identified, it's been helpful to perform more of a deep dive into what triggered the detection and to certify that there is a problem or that there isn't a problem.

Anti-virus and anti-malware on the NGFW device have been pretty solid and have caught many threats before they entered the network.

The event logs are relatively informative and can provide information on why traffic was accepted or rejected.

Geo-blocking would be very useful. There are too many attempts to infiltrate by non-country users. I can block access by IP address or IP network, however, a country-level blocking would be more useful and much quicker to implement.

It would also be nice to have a smaller home user device that could automatically contact the main firewall and establish a VPN connection. This would be great for remote users to secure their work PC at home.

On the front page of the appliance, it lists current threats identified. It would be helpful if clicking on the threat took you to the exact logs instead of showing all host logs as you still have to scroll through the host logs to find the information you are looking for.

I have been using Check Point since 2016. It's been a little over five years.

We've had very few issues; the builds themselves haven't had any issues.

The solution is very scalable; Check Point has a variety of NGSW devices that can scale with the user base.

Support is excellent, quick to respond, and quick to provide a resolution to any problem.

Positive

We used Watchguard. We switched due to the threat protection and we felt that Check Point did a better job of providing protection.

The initial setup is straightforward and plug and play for a basic configuration to get you started. You can then begin building the NAT and policy rules, which are easy enough to do.

We implemented the solution in-house.

The malware blocking capabilities more than paid for the cost of the device and license.

I'd advise users to size their appliance correctly before purchasing it.

We did not evaluate other options. 

Our network security is based heavily on Check Point products. We secure our Internet gateway with Check Point. We also secure our production and other very important systems and solution that are mission-critical with Check Point NGFW. For an extra layer of security, we heavily use Check Point Identity Awareness to make Client IP-based rules obsolete. We control the access via dedicated Active Directory Security to groups. These user groups are used instead of IP Client Subnet ranges, increasing our security.

The Check Point Management makes troubleshooting and log analytics very comfortable. Our Engineers only need a few seconds to see if a connection is dropped or allowed, et cetera. This makes fulfilling these standard tasks easy for the operation team. The easy ruleset management helps us not lose the overview over the Check Point Firewall (NGFW) rulesets in daily operation. Good security should always be simple and clean and this product helps to make our environment more secure against any attacks from the outside.

We are using the classic firewalling, the Intrusion Preventions System (IPS) and we also use Check Point Identity Awareness. The most useful feature is for sure the classic firewalling, however, we could get this feature also from other vendors. The most valuable feature is the highly integrated NGFW features such as the IPS or Check Point Identity Awareness, which makes Check Point the best choice on the market. They have been leading the market for 20 years. This is deserved, in our opinion.

Check Point, of course, has flaws. As a Check Point Engineer, you must also be a Junior Linux Engineer as many things are happening on the command line in daily operation and almost all the time during troubleshooting. This makes learning Check Point a little bit harder than other firewall brands. The licensing was always a pain and is still a pain to deal with. 

For the next release, we would like to have better ruleset cleanup tools that are already included. It would make security management tools obsolete.

We've used Check Point for almost ten years.

We use this solution for permissions regarding access ports and services. We also use Check Point Remote Access VPN as an endpoint VPN. We use it for site-to-site configuration. 

All of the traffic that comes through our sites passes through our firewall. Basically, everyone, including our staff and clients, passes through our firewall. In other words, we have thousands of users using this solution.

The NGFW has helped our compliance to regulations authorities such as PCIDSS. It has has helped the bank create secure connections to vendors and third party service providers as well as remain stay protected from attacks and intrusion attempts.

The management of services, including forming access lists with the services we have, connecting servers to servers, permissions between servers and users — this is all great. In addition, Check Point has a really cool GUI.

The end-user VPN could be improved. It could benefit from some modification. 

The VPN timeout feature needs to be improved. When we try to connect to the VPN, it times out before we can even enter our user name and password. If you can't prove you are who you say you are within seven to ten seconds, it just kicks you out.

1 year +

Check Point has actually failed twice within the last year. The first failure was a disk failure. Check Point offers a software solution, they don't actually offer hardware. They will only provide you with the software and licenses. Because of this, when our disk failed, we had to wait for them to ship in some new hardware for us to fix the issue.

Aside from the disk failure issue, a month ago, our Check Point device froze. We don't exactly know what caused it to happen. It caused the entire organization to go down for about two to three hours until we found out that Check Point was not allowing anything to pass through. Our Check Point is clustered, so primarily it's supposed to have a failover feature. For some reason, the failover feature didn't work. When the primary gateway went down, it affected everyone.

We've not tried to expand Check Point. We have two sites. We have a primary site and a secondary site that is off-prem. For this reason, we planned big. We planned for a high amount of availability for our two sites. We use clusters of four gateways: two gateways are in one cluster, and another two gateways are in another cluster. If one goes down, it switches to the other. If the second goes down, it switches to the other DR site. We've got backups of everything. 

The technical support is very responsive. We have a vendor that acts as a buffer between us and Check Point. In our country, these companies all have a local vendor that pushes their product.

When we contacted our vendor, our vendor called Check Point and as they were talking, Check Point shipped the hard disk, to fix the issue I mentioned earlier. They just placed the order immediately, while we were still talking. We think that they knew that delivery was going to take about five days — it was actually very fast.

The initial setup and deployment were straightforward. We deployed it with RADIUS servers;  it was not complex at all.

From scratch to finish, deployment took about a month. It took this long because we had to convert all of our existing configurations from Cisco Firewall to Check Point. We had to get help from our vendor to do this. He had to manually convert each and every command from our existing Cisco device to Check Point — that took a while. This was the main reason that deployment took so much time.

The end-user VPN didn't take much time to deploy. Neither did the site-connecting with the VPN — that took a day or two to deploy.

I think our licensing is on a yearly basis, but it could be every three years. Either way, it's not more than three years — that I am certain of.  

The pricing was actually what made us go for Check Point. Palo Alto was much more expensive. Check Point offers the same applications and features as Palo Alto for roughly a third of the price.

We evaluated Palo Alto, Cisco (which we were using), and we also evaluated Check Point — which we ended up with.

I would recommend Check Point to others. We are still learning as we're just about a year into using it, but so far, the support and the solution in general has been good. I'd recommend Check Point, especially to users that are looking for an affordable solution. 

Check Point also has a great community. They have this community where users can go to share ideas. They also have great networks. 

Overall, on a scale from one to ten, I would give this solution a rating of eight. Cisco dominated the African market until Check Point came along. 

We are using this solution for the security enhancement of our internal company network. This is to protect our customers as well as internal users from the untrusted network or outside world.

I am using the physical appliances of Check Point Firewall as well as virtual machines (VMs). We are using the same versions of R80 on our VMs that we are using for our physical appliances.

It saves a lot of manpower. If we have centralized management, then we do not require as many members on our team. So, this is a cost saving feature. If there wasn't centralized management, we would need 30 members instead of 11 members for our team. 

The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them. 

It has various features, like Threat Prevention and Antivirus. It is easier to use and have knowledge of a single device rather than multiple devices/technologies when doing an installation. It is also easy to use because of having Antivirus and Threat Prevention features within the same firewall.

I would like the user interface to be more user-friendly. I want the UI to be easier to use than Check Point's competitors. 

We have been using this technology for the last four years.

Check Point is the one of the most trusted vendors in the market. All the Checkpoint Firewall updates are very nice. We get the updates every months, and they are very stable updates.

The solution is very scalable. It is easy to expand it, if required. and doesn't take too much time. It also doesn't require too much manpower.

There are 2000 to 4000 people who are indirectly using Check Point Firewall.

It is always a good experience to work with their technical support. They are knowledgeable, always finding a solution. If we send them a bug, they fix it as soon as they can. 

I previously used Cisco ASA Firewalls for network security. 

Check Point is more advanced in comparison to Cisco Firewall. It has many good features, like central management, Threat Prevention, and Antivirus included in one device. With Cisco, we didn't have that.

The setup is straightforward, not complex; it was a simple setup. For the physical firewall, we just required a physical appliance, then we set it up according to our requirements. We had the complete setup guidelines. We used the three-tier hierarchy, which is standard and recommended for Check Point. We could also purchase service from Check Point to assist with the setup process. So, it was a good experience.

Our deployment took six to eight months.

We didn't require Check Point's help during deployment. After deployment, we did require their help for critical cases.

This product provides a complete return on investment. It gives us the level of security that we expect and should have.

The pricing and licensing part is something that could be improved. Check Point license and pricing are a bit higher compared to competing firewalls. I think they can work on that.

We didn't require an evaluation process. We knew that we had to go for Check Point.

I would rate the solution an eight out of 10.

The Next Generation Firewalls, the 64000 and 44000 series, provide us with support for large data centers and telco environments. They're quite reliable and provide great performance.

There are a lot of features which help us in providing a more secure environment for our organization, such as when we have Active-Active.

The most valuable feature is that the scalable 64000 Next Generation Firewalls are designed to excel in large data centers and the telco environment as well. We have a lot of these types of customers, and these Check Point firewalls support them.

In addition 

• it supports dynamic objects, which we use for security purposes
• the antivirus is quite effective
• the logging and tracking are quite easy
• overall, it is easy to use.

The area where Check Point can improve is the antivirus, as it only provides a small number of updates for it. Updates should be more frequent.

In addition, the certification process is quite expensive. It should be a little cheaper so that everyone can be trained and certified and have better knowledge of Check Point's products.

I have been using Check Point's firewalls for more than a year. My responsibilities include implementing changes on the firewalls and troubleshooting.

They're quite stable and quite good. Management is simple because we can implement a lot of changes on the firewalls through the central manager.

They're quite scalable because they support large data centers, while offering reliability and performances as well.

The initial setup is quite easy. You don't need much training for it. Deployment takes around one week.

We have different stages in the setup process and we follow all the stages. We have to give structure to the plan, outline what we need to do. That goes to our manager, our senior experts, for approval. Then we implement the changes after their approval. Once the changes are implemented, we have our team leaders who validate whether everything is good and as expected or not. Then we close it. This is the basic strategy we follow in our organization.

About 500 to 600 employees work on Check Point firewalls in our organization and they have different roles. For example, I handle network and security admin. There are also security associates, consultants, and analysts.

The pricing of Check Point's firewalls is good. It is not that expensive.

Check Point leading industry provides a complete solution that is required to perimeter security along with deep packet inspection for network traffic.

Check Point not only acts as a traditional firewall but it provides you with complete security for users who work from home. Work from home users observed that Check Point gives 100 % functionality without any trouble.

It offers centralized management to customers where they have an IT member so there Check Point management can work properly. It is available in a smaller range to higher. Customers can get it at an affordable price. 

As we vendor, we deployed the Check Point firewall in many organizations and they are renewing its license as they trust the product and support.

Whatever feature they want is possible with Check Point and 80.20 later versions are coming in, that feature set was previously not available. Customers are satisfied. 

No other firewall provides a feature set in log monitoring and threat detection blades.

Apart from it having very good features, I personally like the vulnerability assistance via report management which detects host and network vulnerability.

Most customers need reports which define how many users are infected, how many viruses and malware there is, botnet traffic firewall deteted all this type of information. Check Point is in a very easy and understandable format based on logs history.

Sometimes the stability related application, URL filtering, and troubleshooting issues take longer than expected. I observed some feature set that is very easy to add from the deployment team but Check Point needs a longer procedure so customers relating those features with Check Point firewall and Palo Alto.

Heavy load causes a higher CPU peek which causes us to need to reboot the device. Malicious activity database corrupts the directory or path and restoring it take a lot of time .

We receive performance but sometimes there are stability-caused issues. 

I have been using Check Point for three years. 

Check Point can defend Palo Alto if they work on stability.

Tech support is very helpful and provides the right solution.

We went from Sophos to Check Point.

The initial setup was simple.

We are only vendors.

The pricing is really negotiable based on other competitor solutions.

I've been dealing with the Check Point environment for over eight years, ever since SPLAT, the R75 versions, and mainly with a multi-domain management (former Provider1) set-up. I also use the Smart Management Server, with a standalone/distributed deployment.

I'm currently engaged in the design, implementation, and maintenance of a large-scale Check Point firewall environment (~100 GWs).

Presently, the customer is using Check Point for perimeter security, IPS, threat prevention, encrypted traffic, as well as access to the internet, and multi-domain server architecture.

The Check Point solution has improved the way the customer organization functions.

People are working within the organization all over the world, across NALA, APAC, and EMEA regions. Having Check Point as a security vendor made it easy to assure people they could access the resources everywhere, from offices, homes, and across the globe, especially during the pandemic, safely.

One of the last implemented projects was replacing an obsolete Client Auth solution with Identity Awareness, including integration to AVD.

The solution plays an important role in preventing security incidents from happening and preventing malicious attempts to infiltrate into the organization while quickly adapting and reacting to any attempts. For example, it protected us against Log4J vulnerability a few months ago.

It is easy to administrate and maintain.

The product is very granular in the Logs & Monitor section and also intuitive to use.

It offers good control and visibility over users' identities and actions.

It provides central policy management, which is easy to manage and maintain.

The product offers great performance tuning features like SecureXL, CoreXL, HyperThreading, and Multi-Queue.

The study material and training need to be improved and become more accessible to security engineers working with Check Point.

Needs serious skills for advanced troubleshooting. The configuration might get a little bit too complex for regular engineers, compared with easy administration.

We've encountered a few limitations when trying to accomplish simple tasks required by customers. For example, changing a domain name inside an MDS environment or missing a function in the database which removes the domain object completely from the database.

There are plenty of bugs that are not documented, or with too generic error messages.

I've used the solution for eight years.