Check Point NGFW Reviews

It is a typical firewall that has been implemented in most of our regions. We use it for normal firewall policies and VPNs.

We are mainly using Check Point firewalls. We also have a few Check Point cloud security programs.

Everything can be managed from a single dashboard nowadays.

Since we upgraded to R.80 from our previous R.77 version, the activity of my team has improved a lot. We don't have to open multiple consoles or go to multiple nodes. Even though we are managing multiple solutions of Check Point, they feel similar to us now.

The most valuable feature is the Check Point Management Server, especially version R.80 onward. We can manage everything. We have endpoint security, cloud security, and email security. Everything can be managed from a single management server, making this a very unique and easy solution to use in the market now.

From a technical perspective, it is an easy solution to use. Everything seems perfect. We are not using all of its features, like sandboxing. 

The main thing for a normal operations guy who is creating tools and firewalls, it is quite difficult to manage. It requires an expert level of knowledge in Check Point products to manage these scalable platform appliances and the virtual firewall that comes with it. We have to educate our guys and give them training on a regular basis to work on these products. Otherwise, it's fine.

About five years.

It is pretty stable. It hasn't caused many issues over the years, unlike normal network issues. They do release bug fixes at least once a month. We keep very good track of that and update the patches regularly, but we haven't run into bigger issues so far. So, I'd say it is quite stable. 

The firewall is very easy to use and hasn't caused much trouble for us over the years.

From a scalability perspective, they have a solutions like Check Point Maestro. Therefore, it is easy to upscale nowadays.

We have over 200,000 end users.

They should improve the support a bit. Though they have expert engineers in tech, sometimes the amount of time to get back a solution for an issue is more than what is acceptable, even though it is a high priority.

During a scheduled activity or an implementation, they find their highest level of support. During an implementation, I never faced an issue with the support. I would rate them a nine out of ten for this.

The company has been using Check Point firewalls for the past 10 years. Before that, they used Cisco ASA.

Mostly, I have worked on Check Point products. Therefore, the initial setup was straightforward. It was not that complicated. 

I can spin up a firewall and put it in production within an hour. If it's a migration from a different solution or upgrading an existing management solution, it might take some time because of the planning. There are a lot of things that have to be a part of the implementation or migration activities.

We do it ourselves most of the time. We only take help when it comes to scalable platforms, like big chassis firewalls, which are little complicated. Then, we get outside help.

I manage the operations team and have also been involved as a consultant.

We have some best practices in place that we follow.

There are four security engineers who deploy and maintain this solution.

Comparatively, Check Point pricing is a little high. However, if you have that budget, I would recommend anybody to go with Check Point.

For cloud security purposes, we looked at FortiGate. In the end, we decided to go with Check Point. Primarily, we went with Check Point because of the fee. We also already had expertise on Check Point and the team is comfortable around it. We like that Check Point has a single dashboard. Feedback from peers suggests that the support in India for NGFWs is not as good with other vendors as it is at Check Point.

Get a team who has expertise on this product and educate your team. Give them training. If Check Point is using a new version, make sure your team is aware of that. If there are any changes, let them know and make them comfortable working around this product because we have had some issues due to lack of expertise.

If you don't have an expert in-house team for implementation, I would strongly recommend getting help of the Check Point professional services team. There are a few third-party operational services, but I would go with Check Point professional services.

We are planning to increase our usage of the solution. Every project that we take on has Check Point security products as part of the solution.

I would give this solution an eight out of 10 because of the support. They take too much time when they should give you a result.

We use Check Point on a daily basis. It is our primary gateway to the internet, with an extensive rule base that's used to block unwanted connections and protect our internal networks. 

Multiple gateways are used in a VPN community to build a secure homogenous company network over the Internet. 

We also use the two-factor authentication with RSA-Tokens to authenticate users that are away at conferences or in the home office to the firewall. 

RSA is also used on a portal (called mobile access) on the gateway, where users can easily check their e-mails and access company resources. 

Check Point NGFW has proven to be a reliable firewall. We have been using it for over 15 years now. 

It's offering great security while also being rather easy to manage. 

We evaluated a couple of other firewall solutions over the years, yet always came back for Check Point for a couple of reasons. First, they are the market leader and there are just very many resources online for installing, configuring, debugging, and so on. Second, other firewall solutions may initially be cheaper (especially for basic firewalling), but when you need more features Check Point has a surprisingly good price point. 

I personally like the SmartDashboard client best, which is the rule base management solution. You have a nice overview of the existing rules, and new rules are easily implemented. You can filter by IP, application, rule number, port, or hostname, so you easily find what you are looking for. Rules can be grouped by topic (internal, external, Internet, DMZ, etc.). It all can be well arranged to suit your needs. 

It also offers a dashboard to see recent threats, errors, or other issues with your gateways, as well as Logs for debugging.

Unfortunately, as is the case with many big companies, new features seem to always be more important than fixing the last little bugs that affect only a minor customer base. 

The command line, for instance, is still needed regularly if you want to dive deeper into debugging certain issues. 

While it certainly has improved over the years, it still doesn't feel like a polished product. Some features (e.g. super netting VPN connections) need to be enabled by editing a configuration file, which is sometimes lost upon upgrading to a new version. I'd really like to see more easily manageable debugging solutions. 

I've used the solution for 15 years.

We did have stability issues by using a not officially supported Check Point setup, running it in a virtualization environment, so the Firewall gateway was running on a Xen cluster. In the beginning this was running fine, buter after a couple of months the Checkpoint services kept freezing and needed to be restarted manually. As this started to occur more regularly (a couple of times per week) we migrated the firewall to dedicated hardware.

So I'd recommend always using supported setups.

The biggest enterprises in the world use Check Point products. Scalability is not an issue.

We used Microsoft ISA Server, which is a discontinued product before Check Point. 

Check Point has a pretty competitive price point if you use the features it has to offer. If you need only basic firewalling other solutions may be better suited to your needs. 

We evaluated Palo Alto, Fortinet, and Barracuda. 

On-premises

I planned to block traffic from foreign countries, however, Check Point does not have the intelligence to determine VPN connections from foreign countries coming through the local VPN.

I also wish Check Point could be more effective by collaborating with Microsoft to establish a different connection for Outlook cellphones or devices not on the domain. I wish to hide my devices like cellphones only allowing them to connect via capsule, however, it applies to all devices. It works well.

It is an excellent, easy-to-acquire system to protect midsize businesses with up to 100+ users that require a security solution that can scale across corporate networks and give us protections against GenV cyberattacks as the business grows. 

What I recommend the most is its central administration. With the smart controller, you can manage all your firewalls from one location. 

Being able to access almost everything in one location manage all your gateways and get all your logs is great. For me, it's the best feature to work with.

The solution is great for cyber attack prevention, data bridges, and other threats. You need intelligent and effective solutions to minimize cyber attacks and Check Point gave me peace in December when they had an unidentified log4j vulnerability.

Our main benefit was the elimination of a server/VM from our data center and the usage of a cloud solution.

Having all the features on the cloud was also a benefit since some products when migrated to cloud solutions lose some features  - but not his one.

The setup is a little bit rough and requires some technical expertise, however, this is expected with a solution as complete as a firewall and especially a Check Point one.

Sometimes debugging is a hassle. We've had issues with VPN debugging in the past. In the more recent versions, later than R80.10, this seems not to be an issue anymore. 

This year we tried to debug performance issues of the gateways, which was cumbersome. When we finally found the performance bottleneck, it was a licensing issue. 

Check Point uses CPU-based licensing for OpenServer, and buying more licenses helped. However, this is the reason we're upgrading to Check Point appliances next year, as OpenServer becomes pricier every year, and Check Point pushes their customers to use their appliances.

I've used the solution for three years.

We use the product to secure our network, using all Check Point has to offer, including multi-domain servers, centralized log servers, gateways on-premise, and VSX. It has improved a lot with the last versions making day-to-day operations very user-friendly. 

I have used almost all the blades Check Point has and it's incredible what a Next-Generation firewall is capable of, including VPN, IPS, monitoring, mobile access, compliance, and more. The reports of the Smart Event console are also very useful. It's good to have a view of what's going on in our network. 

Since Check Point has Linux working on them, it gives us plenty of tools to adapt to any specific need we have.

In actuality, Firewalls are a must in any organization. Check Point's ability to adapt to any environment is their strength. The interface is very easy to understand, and the Smart Console can be configured to fit almost anything you need to.

When an issue appears, the logs are very easy to read, and that helps to identify the reason for the problem and solves it faster. The issues are not so annoying. 

The support Check Point gives is key. As the Firewall vendor, I recommend them. It's always great to work with them. For this reason, I am very satisfied with Check Point. Every doubt I had they were pleased to help with and we ab;e to provide a resolution. The technical services always replied in a very fast and effective way. The live chat is great as well. There is always someone willing to help. This makes working with Check Point a good experience.

Check Point expert mode is basically Linux, so working with that allows us to implement a variety of scripts.

In earlier versions, it was a bit hard to do migrations of Multi-Domain Servers/CMAs, nowadays, with +R80.30 it has gotten much easier. I cannot really think of many things to improve. 

One thing that could be useful is to have a website to analyze CP Infos. This way, it would be much faster to debug problems or check configurations. 

Another thing not very annoying but enough to comment on is when preparing a bootable UBS with the ISOMorphic (Check Point's bootable USB tool), it gives the option to attach a Hotfix. However, this usually causes corrupted ISO installations.

One thing to improve is the VSX gateway. It is quite complex to work with VSX and they are quite easy to break if you aren't familiar with them.

I've used the solution for three years.

With other products, I have used quite a lot of RMAs, usually for not the most important component, however, enough to need an RMA, such as FANs or PSUs.

With Check Point it's quite easy, if it's needed, to replace. You just install the correct version and hotfix and load a backup from the old device. After that, the new device is ready to go.

The scalability of Check Point is great. With the usage of Multi-Domain Servers, you can integrate all the devices into one console. You also always have the chance to expand creating new domains. Also, this distribution helps to have a very structured and organized management. It is always a very good thing when things don't go as expected and you need to solve any problem. Finding where the issue is in your organization is key.

The technical cases are replied to in a very fast and effective way. The live chat means there is always someone willing to help. This makes working with Check Point a good experience.

Positive

The most I have used are Forcepoint, Cisco, F5, FortiGate, and Palo Alto.

The initial setup is very straightforward and very guided. 

With the few replacements we need to do, there is very little downtime. It is worth the investment. The great support team behind Check Point is also worth the cost.

Check Point is not the cheapest manufacturer, however, it's worth the price.

I have been always on the side of Check Point, however, Palo Alto was another option we considered.

Having the option to use a UNIX-based shell instead of being forced to use GAIA, in this case, is great. It makes Check Point very customizable.

On-premises

We use a remote access VPN, and this is a perimeter firewall for our data center to secure our servers and internal applications. We are using model G-6600.

Check Point is awesome from a security standpoint. Based on our experience and also the experience of the other customers, it is a very stable appliance.

It should be user-friendly from an implementation point of view. Its setup is a little bit difficult.

I have been using this solution for four years.

From a security standpoint, it is very stable, and I would rate it a nine out of 10. I don't have any issues with it.

At present, we have 30 for our distribution. So, it is pretty scalable.

Their support is good. Their L1 and L2 support across the globe is great. L3 support is with the Israel team, and they have the right competency to troubleshoot it. Sometimes, when something needs to be done in the software in detail, we need to wait for people to come online from Israel. I would rate their L3 support a six out of 10 because we need to wait for the team from Israel to come online.

It is a little difficult to set up. We need a really skillful engineer to manage it. After we have onboarded it correctly, it is very easy to manage, and it is very secure. Initially, we had some challenges and issues, and when we got the right resource and support from the vendor, they all got resolved. It took four or five days.

It should be user-friendly from an implementation point of view. I would rate it a six out of 10 in terms of implementation.

I would recommend this solution. From a security standpoint, Check Point is the best product, but a customer should have the right skillsets to onboard and manage this.

I've been working with multiple customers in India, and I don't see any specific features that they need. It has covered pretty much everything.

Overall, I would rate it a seven out of 10.

On-premises

It's our main firewall and the first line of protection from the outside! We use it to interconnect our remote locations (that use different vendors and equipment) and let the employees work remotely.

We're a small site with 300 users and this equipment is more than enough for us. We use almost all the blades and the equipment has run smoothly for years.

This NGFW monitors all the traffic outside of the main network, prevents malicious activities, and lets us easily manage network policies to shape our connections.

Stability and security are the best way to describe this solution. The attacks from the outside still exist, but now we're better protected. We can view everything that goes in and out of our network with all the information in one place. The drill-down is very helpful and easy to use. Currently, we can troubleshoot connection problems live and solve them in a couple of minutes. This is an improvement on the 1-2 hours with the old solution.

In 4 years we've only had one problem with the equipment (due to a malfunctioning UPS). That corrupted the boot of the equipment, but was easily solved with an fsck.

We basically use almost all the blades, since the IPS, Threat Emulation, Spam, etc., are essential for our work. However, currently, Mobile Access is the most valuable. The stability of the solution and the security it gives when working remotely is great. It lets our employees work from everywhere, anytime!

The AntiSpam/Mail blade was also one of the main reasons we went with this product since we hosted our email server locally. This was an extra layer of protection on top of the existing solution.

Threat and Application control are also very important to us.

I do prefer to manage everything from only one point of entry/one application. Some things can only be configured from the smart console and others from the smart dashboard. This is the only handicap in this solution. It would be ideal to manage everything from one central place.

Instead of using a windows application to manage the equipment, it would be better to use a web app to configure the solution from a browser.  I know that it's not as powerful (you can't do everything from there), but then we could manage the solution and troubleshoot from any device.

It's faster to see the event logs on a webpage than it is to see them in the smart console.

I've used the solution for 4 years.

It's very stable. It's also the main reason I love the solution.

During this time i never had to manually restart the equipment because of connectivity problems or because of CPU/memory degradation performance. Sometimes these values get high, but i never lose Throughtput, the equipment continues to run smoothly. We used to restart our older firewall at least 2 times per month.

In the beginning, because we use the spam blade, the memory usage was always high, and the administration was a little bit slow. But Checkpoint provided us an extra memory upgrade and after that we never had administration problems. If we don't have internet connection it's allways the ISP, it was never because of the firewall.

Although I only have one unit, I know that it scales perfectly.

We only had one problem with this equipment. That was because it couldn't boot properly due to disk corruption (malfunction UPS), however, searching the technical Check Point forums it was easy to find a solution to the problem at hand.

We managed to solve the problem without contacting customer service at all.

We used to have Zyxel products, but they were aging and couldn't let us connect at faster speeds.

The setup was easy. It didn't take long to have it up and running.

The only concern for us was the remote sites - since it was different vendors. However, we had everything documented and prepared and due to that, it went flawlessly.

It was also easy to create access policies.

The implementation was through a vendor, and the installation went really well. The consultant was Check Point certified and explained everything in detail.

Later on, we added new remote sites to the configuration (in-house) without any problem. We didn't need to check with the vendor.

It's not easy to calculate, however, given the stability and security of the solution, it's elevated. There are no bulletproof solutions. That said, now we can rest a bit more because our assets are more protected than they were a couple of years ago.

The setup cost, pricing, and licensing can be a bit expensive, but, I promise, it's completely worth the cost.

I evaluated Fortinet and Check Point.

It simply works like a charm. The stability and trust in the vendor are also very important to us.

On-premises

Check Point leading industry provides a complete solution that is required to perimeter security along with deep packet inspection for network traffic.

Check Point not only acts as a traditional firewall but it provides you with complete security for users who work from home. Work from home users observed that Check Point gives 100 % functionality without any trouble.

It offers centralized management to customers where they have an IT member so there Check Point management can work properly. It is available in a smaller range to higher. Customers can get it at an affordable price. 

As we vendor, we deployed the Check Point firewall in many organizations and they are renewing its license as they trust the product and support.

Whatever feature they want is possible with Check Point and 80.20 later versions are coming in, that feature set was previously not available. Customers are satisfied. 

No other firewall provides a feature set in log monitoring and threat detection blades.

Apart from it having very good features, I personally like the vulnerability assistance via report management which detects host and network vulnerability.

Most customers need reports which define how many users are infected, how many viruses and malware there is, botnet traffic firewall deteted all this type of information. Check Point is in a very easy and understandable format based on logs history.

Sometimes the stability related application, URL filtering, and troubleshooting issues take longer than expected. I observed some feature set that is very easy to add from the deployment team but Check Point needs a longer procedure so customers relating those features with Check Point firewall and Palo Alto.

Heavy load causes a higher CPU peek which causes us to need to reboot the device. Malicious activity database corrupts the directory or path and restoring it take a lot of time .

We receive performance but sometimes there are stability-caused issues. 

I have been using Check Point for three years. 

Check Point can defend Palo Alto if they work on stability.

Tech support is very helpful and provides the right solution.

We went from Sophos to Check Point.

The initial setup was simple.

We are only vendors.

The pricing is really negotiable based on other competitor solutions.

On-premises

The solution is easy to use. I like the monitoring the most.

All the advanced features of automation, especially the first installation of tunnels, need improvement. Also, in terms of configuration, in terms of tuning, and fine-tuning the system, I think they do make it a bit hard for users. Right now, we need to teach admins, the network and security admins about system fine-tuning in terms of load balancing between CPUs, assignment of processes. I don't think a network admin or a system admin should deal with it in terms of when we are speaking about the firewall or networking device. It should be automatic.

I've been using the solution for five to six years.

It's a stable solution. There are about 15,000 users installed behind the firewall.

It's a scalable solution. It's very good.

It's easy to install Check Point, but not in the case of a large environment and multiple clusters. This is an ongoing project I can't tell you how long deployment takes. It's a huge network that I have. I have three people maintaining the solution.

I have a basic network firewall and not the advanced feature, full feature security system. I think they are the best. Still, for instance, when installing a tunnel in Check Point vs installing a tunnel in Cisco, the difference is that in Check Point nothing makes sense, and in Cisco you have the duration capability, the hierarchy of the configuration.

I would rate this solution as 8 out of 10. Mostly because of configuration problems - problems with configuring VPNs, and panels, etc.