We use Check Point NGFW as a perimeter firewall.
Senior Solution Architect at a comms service provider with 51-200 employees
Effective central management, excellent technical support, and reliable
Pros and Cons
- "The most valuable feature of Check Point NGFW is the unparalleled distribution of the network traffic. The central management station they have allows you to manage everything from one place."
- "Check Point NGFW could improve by introducing machine learning and more modeling dividing the way they manage the ports. However, they have evolved over the last year."
What is our primary use case?
What is most valuable?
The most valuable feature of Check Point NGFW is the unparalleled distribution of the network traffic. The central management station they have allows you to manage everything from one place.
What needs improvement?
Check Point NGFW could improve by introducing machine learning and more modeling dividing the way they manage the ports. However, they have evolved over the last year.
For how long have I used the solution?
I have been using Check Point NGFW for approximately 15 years.
Buyer's Guide
Check Point NGFW
March 2025

Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
What do I think about the stability of the solution?
Check Point NGFW is a stable solution. However, similarly to many other solutions, the stability comes from the engineer that deploys it. It requires a knowledgeable engineer to implement it in the correct way. If you undersize it, for example, you can experience instability.
What do I think about the scalability of the solution?
Check Point NGFW is scalable. The hyper-scale platform can scale up or scale-out. You can buy different powers and stack them.
How are customer service and support?
Check Point NGFW has the most mature technical support in the industry.
The Check Point company has been around for approximately 30 years and they have everything well documented, similar to other vendors, such as Juniper and Powervault.
Which solution did I use previously and why did I switch?
I have used other solutions in the past, such as Palo Alto and it has been more expensive.
How was the initial setup?
The implementation of Check Point NGFW difficulty level depends on the environment. For example, from the initial deployment, it can be easy, but you have to keep your teams learning, they have to consider their traffic size and many other factors. However, the configuration can be difficult, you need a lot of knowledge. Integrating Check Point NGFW with different networks requires a lot of knowledge about the infrastructure.
What's my experience with pricing, setup cost, and licensing?
There are competitors that have more expensive solutions than Check Point NGFW, such as Palo Alto. There are times when Check Point NGFW can have good offerings with a three-year license. The presence of Palo Alto has been heavily invested in marketing.
From Check Point's perspective, I am not sure how they compared with other vendors. I'm not heavily involved in the process of the quotations.
Which other solutions did I evaluate?
I have evaluated other solutions.
What other advice do I have?
Check Point NGFW is trying to innovate in the market, but all the other vendors in the market are doing more the same.
I rate Check Point NGFW a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner

Network Security Engineer at a tech services company with 10,001+ employees
Easy to use, good encryption options, stable, helpful support
Pros and Cons
- "One of the benefits that we have realized from using this product is that the user interface makes it easier to operate, compared to using the CLI."
- "The antivirus feature is a little bit weak and should be improved."
What is our primary use case?
We use this firewall to protect the internal network and to set up the IPSec standard from one location to another.
How has it helped my organization?
One of the benefits that we have realized from using this product is that the user interface makes it easier to operate, compared to using the CLI. In Check Point 5.0, we bought the option, giving us the ability to use the GUI as well as the CLI. A person who is comfortable with the UI can work with it according to different scenarios.
What is most valuable?
The most valuable feature is the set of encryption options that are available.
Viewing the logs in the interface is easy to do, which is one of the things that I like.
This is a UI-based firewall that is easy to use.
What needs improvement?
The antivirus feature is a little bit weak and should be improved. The updates are not as regular when compared to other firewalls, such as Palo Alto.
The training materials and certification process should be improved. For example, the certificates are more expensive and there's no good training available on the internet right now.
For how long have I used the solution?
I have been using Check Point NGFW for approximately seven years, since 2014.
What do I think about the stability of the solution?
The stability of this firewall is good and we haven't had any problems. It is a well-known, quality brand.
What do I think about the scalability of the solution?
There are no issues with extendability or scalability. Over the course of a year, we added another firewall, bringing us from one to two deployments, and the process was not tough. We were easily able to manage it.
We have approximately 12 people who work with this firewall during different shifts.
How are customer service and technical support?
I have been in contact with technical support many times, and they are good. Most of the time, they solve the problem as soon as possible, and they give a perfect solution.
Which solution did I use previously and why did I switch?
Currently, we are using firewalls from different vendors, including Palo Alto and Cisco. Our Cisco ASA solution is completely CLI-based and Palo Alto is like Check Point with an interface that is a mix of UI and CLI-based.
Both Palo Alto and Cisco ASA have very good tutorials available on the internet, including videos on YouTube and courses on Udemy.
On the other hand, Cisco ASA is more difficult to use because there is no UI and for a person who does not have any knowledge of the networking commands, they have to learn them.
How was the initial setup?
The first phase of the implementation is to plan the firewall deployment. After that, we do the configuration and validate it. In the case of a Check Point firewall, this process will take between two and three months to complete.
The complexity of the process depends on the features that you want to add. In general, it is straightforward and not too complex.
What about the implementation team?
I was not present when the first firewall was set up, although I was presented for the deployment of new ones. Whenever there is a new firewall deployment, I am involved. We have between four and five network engineers who take care of this part.
There is no maintenance required from our side. When we have a hardware issue then we contact technical support to get it sorted out.
What was our ROI?
We have seen ROI; for the purpose that we have deployed this firewall, we are getting returns. Based on this, we are buying more Check Point firewalls.
What's my experience with pricing, setup cost, and licensing?
The price of Check Point is lower than Palo Alto but higher than Cisco ASA. For us, the price for licensing is fine, we have no issue with it, and feel that the cost is justified.
There are no costs in addition to the standard licensing fees.
What other advice do I have?
My advice for anybody who is implementing Check Point NGFW is that if they get stuck, then visit the technical support section of the website and read the articles that are available. I have learned many things from the tech articles, and it's a good website if you want to learn about it in-depth.
One of the things that I learned is that Check Point firewalls also use Linux commands. After working with Check Point, I improved my Linux skills, which is a good thing for me.
I would rate this solution a nine out of ten.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Check Point NGFW
March 2025

Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
Information Technology Security Engineer at a tech services company with 11-50 employees
Improved accessibility in securing technology environments with intuitive interface and direct connectivity
Pros and Cons
- "Fortinet is easier to set up due to its understandable interface and ability to connect to the CLI directly from the web interface without needing an external SSH client."
- "Check Point NGFW should improve its user interface to make it more user-friendly and intuitive."
What is our primary use case?
I use Check Point NGFW in my role as an Information Technology Security Engineer. We have implemented it for our customers and use it ourselves.
What is most valuable?
Fortinet is easier to set up due to its understandable interface and ability to connect to the CLI directly from the web interface without needing an external SSH client.
What needs improvement?
Check Point NGFW should improve its user interface to make it more user-friendly and intuitive. Additionally, the issue with link selection on VPNs needs to be addressed.
For how long have I used the solution?
I have been familiar with Check Point NGFW for around two years.
What do I think about the stability of the solution?
Overall, I am satisfied with the stability of Check Point NGFW.
What do I think about the scalability of the solution?
I am satisfied with the scalability of Check Point NGFW.
How are customer service and support?
We have an engineer who is certified to work with Check Point, and I am satisfied with their technical support.
What about the implementation team?
We have an engineer who is certified to work with Check Point.
What's my experience with pricing, setup cost, and licensing?
I am not dealing with the pricing of Check Point products since I am a technician, not a seller or buyer.
Which other solutions did I evaluate?
I proposed Check Point, Fortinet, and Juniper to our customers. Fortinet is popular for its ease of use and cost-effectiveness.
What other advice do I have?
I would recommend Check Point NGFW even if the customer doesn't have a Check Point infrastructure.
I'd rate the solution nine out of the ten.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Last updated: Oct 30, 2024
Flag as inappropriateTechnical Engineer at a tech services company with 11-50 employees
Robust network security with advanced features, user-friendly management, and good scalability
Pros and Cons
- "Its greatest asset lies in its user-friendly interface, making it exceptionally suitable and reliable for managing gateways."
- "When it comes to Check Point's small business gateway series, there might be a need for hardware upgrades, as configuring them can sometimes be a bit challenging."
What is our primary use case?
The primary use case is to enhance security by safeguarding the internet connection for both servers and users.
What is most valuable?
Its greatest asset lies in its user-friendly interface, making it exceptionally suitable and reliable for managing gateways.
What needs improvement?
When it comes to Check Point's small business gateway series, there might be a need for hardware upgrades, as configuring them can sometimes be a bit challenging.
For how long have I used the solution?
I have been working with it for two years.
What do I think about the stability of the solution?
I would rate its stability capabilities eight out of ten.
What do I think about the scalability of the solution?
I would rate its scalability abilities eight out of ten.
How are customer service and support?
Seeking solutions from them can be quite challenging and often takes a while, which then impacts our workload. I would rate it seven out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have some experience with Juniper, WatchGuard, Cisco, and Fortinet.
How was the initial setup?
The initial setup is relatively complex.
What about the implementation team?
Deployment duration varies based on the customer's specific conditions. On average, an installation might take around twenty minutes.
What's my experience with pricing, setup cost, and licensing?
The best solutions tend to come with a higher price tag. If something is inexpensive, it often implies a compromise in quality. The solution is indeed costly. I would rate it eight out of ten.
What other advice do I have?
Overall, I would rate it eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
RESIDENT ENGINEER at NetAssist (M) Sdn Bhd
A stable tool that offers high performance and requires an easy and straightforward maintenance process
Pros and Cons
- "The most valuable feature of the solution is the Quantum Intrusion Prevention System (IPS). I also like the solution's functionality, like autonomous threat prevention."
- "The complexity involved in the solution's initial setup phase and deployment process is an area of concern where improvement is required."
What is our primary use case?
I use the solution in my company since the solution serves as a firewall and functions on a DMZ network while also providing public-facing services. I serve my company's customers as a firewall administrator.
How has it helped my organization?
My company's customers have benefited from the solution's performance, especially when dealing with a huge amount of traffic. Check Point is a well-known name in the security industry that opts for functionalities like signature-based detection and beyond.
What is most valuable?
The most valuable feature of the solution is the Quantum Intrusion Prevention System (IPS). I also like the solution's functionality, like autonomous threat prevention.
What needs improvement?
The complexity involved in the solution's initial setup phase and deployment process is an area of concern where improvement is required.
For how long have I used the solution?
I have been using Check Point NGFW for two years. I work as the solution's integrator. Speaking about the version, I use Check Point Quantum 6400 Next Generation Firewalls.
What do I think about the stability of the solution?
So far, I haven't faced any issues related to the solution's stability.
What do I think about the scalability of the solution?
Scalability-wise, I rate the solution a nine out of ten.
If I take into consideration my company's customers who use the solution, then I would have to say that there are around 300 to 400 users.
How are customer service and support?
I have availed the services provided by the solution's technical support. My company engages with the solution's local partner to avail the services provided by Check Point's technical support team.
Which solution did I use previously and why did I switch?
Compared to Palo Alto and Fortinet, Check Point provides good internal performance, especially for big-scale enterprises and entities, making it a tool that is not just suitable for SMEs or mid-sized companies. Check Point is, however, pricier than other solutions.
How was the initial setup?
The initial setup of Check Point NGFW is quite complex. When it comes to the product's setup phase, the engineer should understand the product, and instead of understanding the firewall, it is important to know how to manage or be an admin.
The solution is deployed on an on-premises model.
The solution's deployment is complex.
What was our ROI?
My company's customers have seen a return on investment from the use of Check Point NGFW.
What's my experience with pricing, setup cost, and licensing?
I rate the pricing of Check Point NGFW a five on a scale of one to ten, where one is high price, and ten is low price.
What other advice do I have?
I take care of the solution's maintenance part, and I feel that it is a straightforward process.
Check Point NGFW is good for big companies.
I rate the overall solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Network Engineer at Fujairah Port
Offers a secure environment with great protection and simple upgrade capabilities
Pros and Cons
- "We can also run policies with two or more people simultaneously without problems or the risk of developing the wrong policy."
- "The smart console is heavy."
What is our primary use case?
We currently use Check Point's firewall for our data center. We use Check Point firewall for providing the first layer of security to web application servers and intranet servers. It is robust and easy to upgrade, which makes it less stressful for the administrators. Its failover clustering option also works seamlessly.
The Check Point firewall is used to secure our environments. It also allows us to set up tunnels between our various sites.
We use it for the publication of services, as well as a notification system that reports on user behavior and unusual traffic - both within and outside of the network.
How has it helped my organization?
Over the years, we have experienced various types of attacks on our company, and, without the help of the Next Generation CheckPoint Firewall, we would have lost.
The spoofing feature helps us to prevent various attacks in our organization.
The firewall policy designing and implementation allow for inline policies that make for clearer teaching on the correct use of policies as well as a more readable list. We can also run policies with two or more people simultaneously without problems or the risk of developing the wrong policy.
What is most valuable?
The initial sizing is not a problem. You can easily add more resources if needed. Reliability is a major factor in any hardware or software solution, and Check Point uses cutting-edge hardware. Their software upgrade process is flexible for different deployment requirements.
Their threat analysis reporting in their management console is comprehensive and easy to use. The web-based dashboard is well designed and offers a wide variety of out-of-the-box reporting. It offers admins extensive customization.
What needs improvement?
The list of site-to-site VPN configuration options is long. They can become confusing and communication with other vendors when deploying VPNs is not the strongest. It's totally different from any other VPN vendor I've encountered.
It lists the current threats identified on the appliance's front page. It would be easier to find information by clicking on the threat and clicking the exact logs, rather than all host logs.
The smart console is heavy. It would be better if it was like the web-based consoles that Palo Alto and Fortigate FW offer.
For how long have I used the solution?
I've been using the solution for more than a year.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Security Specialist at Tech Mahindra Limited
Great URL filtering, Data Loss Prevention, and mobile device connectivity
Pros and Cons
- "Its auditing features are good for checking who did what changes and when."
- "The URL objects take significant time in processing compared to other products like Cisco FTD; it would be better if they could improve it."
What is our primary use case?
Check Point NGFW is great in terms of functionality. We use it to control the infra outbound/inbound traffic and with it and we can block suspicious IPs directly on our SAM database instead of creating or adding in firewall rules. This not only saves time but also provides immediate protection from malicious traffic without deploying the changes in firewall gateways.
We used to check who is doing what changes and when. We can now check logs to find why any traffic is blocked, and, if blocked, it gives good details of each error. We can easily organize all firewalls through one smart console.
How has it helped my organization?
Its GUI platform is very good. It helps us to divide up the rule base which made it easier to recognize the rules. Its SAM database gives us the amazing ability to block suspicious activity without waiting for the next change window to push the changes. In packet flows, it first checks the SAM database beforehand in order to process the packet further.
The logs give us plenty of detail as to why any packet was blocked or allowed. It really proves the purpose of getting a stateful firewall, showing the context of every packet.
What is most valuable?
The SAM database, URL/application filtering and IPS, Data Loss prevention, VPN and mobile device connectivity, stateful packet inspection, and unified management console are all useful features.
It allows us to avoid having to go and log in to each firewall device for creating the rules as it can be done from its central console. We can manage all the firewalls and create rules and deploy them through the smart console which is really good. It helps us avoid creating the same object in each firewall.
Its auditing features are also good for checking who did what changes and when.
What needs improvement?
The URL objects take significant time in processing compared to other products like Cisco FTD; it would be better if they could improve it.
We have seen that whenever we configured URL objects, the CPU percentage went higher. Therefore, we started using IKP-based objects, however, in today's cloud world where every application is in the cloud and they change IPs on a random basis, whenever each new IP change happens, it's too risky to allow the whole cloud subnet (like Google or Azure). They need to therefore fix URL processing times.
For how long have I used the solution?
I've used the solution for four years.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Infrastructure Manager at trt18
Very good security especially where high bandwidth is needed
Pros and Cons
- "I use it as well as a VM. We use it a lot because we have all fiber optic connections, so we could use almost all of that. The federation is beautiful because I can transfer all traffic to my main site where I can use just one link to the internet, and I can use it as a proxy as well. It is good to keep control and security."
- "In terms of what could be improved, we have a cluster with two nodes and usually we have some problems when process gets really high and it has to choose which services it keeps going. I would like to have a better solution here, like if instead of just one we could use both at the same time. It would be good if it could work together. Then when one has a failure or something like that, the other one is there to transfer, to take all the services and keep working."
What is our primary use case?
I use the solution for VPN mostly, for the IDS and prevention and detection. I use it for security exploits, like HTTPS exploits.
I also use Check Point NGFW as a federation. I use it to connect to my other sites. We have five of them, mostly in cities where we need a high bandwidth.
What is most valuable?
I use it as well as a VM. We use it a lot because we have all fiber optic connections, so we could use almost all of that. The federation is beautiful because I can transfer all traffic to my main site where I can use just one link to the internet, and I can use it as a proxy as well. It is good to keep control and security.
What needs improvement?
In terms of what could be improved, we have a cluster with two nodes and usually we have some problems when process gets really high and it has to choose which services it keeps going. I would like to have a better solution here, like if instead of just one we could use both at the same time. It would be good if it could work together. Then when one has a failure or something like that, the other one is there to transfer, to take all the services and keep working. They have an integration between the nodes but I would like to use both of them working together. In the solution they could both be active, instead of active and passive. I would like them to add backup features to Check Point Firewall.
Many companies are going to the cloud. In future releases, it would be nice to have a cloud integration so we could work in a hybrid form for some years, like some services in the cloud and others on-premises. So it would be nice to have some features in this sense.
For how long have I used the solution?
I've been using Check Point NGFW since 2018. For two years now.
What do I think about the stability of the solution?
It is stable.
What do I think about the scalability of the solution?
I couldn't tell you about the scalability. I don't know. I know that we can use a federation, but I think it is scalable because we can buy additional licenses. As I mentioned, right now we have five working together, but we can buy until 50 or a 100, so I guess that it is scalable because you can keep increasing.
How was the initial setup?
The initial setup is hard. We came from another Cisco solution and even then it is hard, especially talking about the traffic. So we had to inspect the traffic and sometimes we had to do a lot of configurations. It would be nice if it was easier.
It took about three months to deploy.
It would be nice if it was easier to set up and to maintain.
What's my experience with pricing, setup cost, and licensing?
Right now we keep a contract with a company in Brazil, so we hardly talk to Check Point itself and we don't like it very much. In most cases we have to search and look into the database to really find the solution, so it could be better.
What other advice do I have?
I'd say that Check Point NGFW is a good product but it's hard to set up and keep it going, so we had to invest in some training and we have to keep at least two employees just to keep it working.
On a scale of one to ten, I would give Check Point NGFW an eight.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
OPNsense
Sophos XG
Cisco Secure Firewall
Palo Alto Networks NG Firewalls
Azure Firewall
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Fortinet FortiGate-VM
SonicWall NSa
Sophos XGS
Untangle NG Firewall
KerioControl
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How does Check Point NGFW compare with Fortinet Fortigate?
- Is Palo Alto Networks NG Firewalls better than Check Point NGFW?
- Which would you recommend - Azure Firewall or Check Point NGFW?
- Is Check Point's software compatible with other products?
- What do you recommend for a corporate firewall implementation?
- Comparison of Barracuda F800, SonicWall 5600 and Fortinet
- Sophos XG 210 vs Fortigate FG 100E
- Which is the best network firewall for a small retailer?
- When evaluating Firewalls, what aspect do you think is the most important to look for?
- Cyberoam or Fortinet?