Check Point NGFW Reviews

For Check Point, the main cases are just perimeter security, network security, basically detecting threats on the network, antivirus, application control, visibility, login, and data threat prevention.

I like the GUI. In terms of functionality, it used to be the detection capability. Check Point has good security intelligence, which helps detect threats. They have the historical background to do that. But now, Fortinet is a bit better. 

A lot of things need to be improved in Check Point NGFW. One, their support team isn't very efficient and useful. 

The solution itself isn't easy to learn, making it hard for support to provide solutions. The design makes it so pockets (specific teams) have to work together when there's an issue, which creates a mess.

Also, Check Point lacks competitive capabilities like SD-WAN and CGM app integration. And visibility needs improvement. For example, Fortinet shows all connected devices with IP addresses, MAC addresses, and sometimes usernames. More granular detail is crucial for security.

So support efficiency, visibility, and adding competitive capabilities are key areas for improvement.

I have been with Check Point for a very long time. So, it has been almost six years.

I would rate the stability a six out of ten. There is room for improvement here. 

I would rate the scalability a seven out of ten. My customers are mostly medium-sized businesses, but my clientele also includes enterprises.

There is room for improvement in the customer service and support. 

Neutral

I'm heavily biased towards Fortinet. Check Point is a direct competitor, so from my experience, it's a decent firewall. There are strong points and weak points, but Fortinet is superior for various reasons.

The initial setup is really straightforward. The GUI is very good. However, the issue I have is with the stability. In terms of simplicity, I don't consider Check Point to be a straightforward solution. Another point to mention is my experience in planning within customer environments. The outcomes are not always as expected. 

For instance, when setting up Check Point firewall and flat policies, the policies didn't take effect immediately. There was a situation where the policies took effect after about two hours. Such instances were mind-boggling. Regarding VPN issues, when implementing IP protection between Check Point and other vendors, remote access can be challenging.

In Nigeria, it's predominantly on-premises. Many organizations are moving towards cloud, but many others use a hybrid approach, both on-premises and in the cloud. 

A few are using Check Point in the cloud, but most test with Fortinet due to easier integration with public cloud providers like Microsoft. Public cloud vendors also have their own firewalls, like Microsoft and AWS. In terms of adoption, Check Point is behind in cloud adoption in Nigeria.

Overall, the process is very fast and depends on the type of deployment. For example, replacing a Cisco firewall with Check Point requires converting policies, which can take quite a while, depending on the size of the policy base. In my personal experience, setting up Check Point was very quick.

It's reasonably priced, but competitors offer much cheaper options. It's market-related, so the pricing makes sense for what Check Point offers.

My recommendation is to consider Fortinet as an alternative. Overall, I'd rate it a seven out of ten. There's room for improvement, especially since Check Point doesn't seem too focused on our region. 

In Nigeria, procuring the firewall and bundled services like technical account management and professional services can be challenging. The service delivery is not as efficient as one would expect, which wouldn't be the case for a European customer.

We require local perimeter security in one of our workshops, which is why we require a new-generation firewall solution. The local equipment works for us to be able to provide perimeter security in our workshop.

Thanks to these Check Point Gateway devices and with the integration of many additional security solutions, we have protection against zero-day threats. In addition, we have the possibility of carrying out all the management from the Infinity security portal and can administer all our policies, view logs, and monitor devices, among other tasks.

Thanks to Check Point, we managed to carry out a better security implementation. By placing one in a workshop, we managed to solve issues with attacks and malware.

The solution is easy to administer thanks to its dashboards. The monitoring is really useful.

The most valuable aspects include:

The best improvements to be considered are:

• Improvements in the time and attention given to solutions for generated cases.
• Licensing that is more comfortable and affordable. Currently, some prices are very expensive.
• In terms of language in the application, they could better facilitate the handling of others.
  

This is an excellent product of the new generation, administered in the Infinity Portal. We have used the product for at least two years.

Previously, we had not carried out verifications of other devices.

We have a very robust implementation of firewalls for a central site, a contingency site, and five agencies, all connected by MPLS. In each perimeter firewall, we apply the security features of FW, IPS, AV, and AB. Additionally, we have a VPN concentrator for VPN S2S and C2S.

Over time, Check Point's solutions have had fewer security breaches than their competitors, which is why they remain in high categories and quadrants, as they are a very robust technology. As pioneers in information security, Check Point has been innovating year after year in information security.

Since we implemented this architecture in our client, we have not had any security breach exploited and the organization maintains communication with its different sites through MPLS and VPN to secure and encrypt the traffic that passes through said connection.

In addition to the different security features that Check Point security solutions have, their integration with other technologies makes the security environment a complete security type.

Apart from the technological and innovative solution, a point in favor of Check Point is the support provided by the manufacturer, since over time, we have not had any case that is not resolved, they have a good escalation process and highly qualified staff. 

The process of opening a case has different options that are convenient.

Check Point could do better to include acceleration technologies like SD-WAN in an integrated or embedded way to provide these new features that Check Point never had and is of great importance in the market.

Its competitors have this SD-WAN technology, if it were not for the fact that Check Point has been more stable historically, this value would weigh negatively for Check Point when choosing a solution.

If Check Point includes this feature, they will be able to cover those architectures where traffic between sites must be protected and accelerated.

I have been using Check Point for ten years. It is a very mature and robust technology. R81 is a very stable version and always has great security features.

I consider that they have good support engineers at each level of escalation, according to the criticality of the issue.

Positive

I do use other technologies, however, Check Point is historically more stable for me, as they have had fewer exploitable security breaches.

Check Point has a good cost-benefit ratio.

We also evaluated Fortinet, Palo Alto, and Watchguard.

We use this firewall to protect the internal network and to set up the IPSec standard from one location to another.

One of the benefits that we have realized from using this product is that the user interface makes it easier to operate, compared to using the CLI.  In Check Point 5.0, we bought the option, giving us the ability to use the GUI as well as the CLI. A person who is comfortable with the UI can work with it according to different scenarios.

The most valuable feature is the set of encryption options that are available.

Viewing the logs in the interface is easy to do, which is one of the things that I like.

This is a UI-based firewall that is easy to use.

The antivirus feature is a little bit weak and should be improved. The updates are not as regular when compared to other firewalls, such as Palo Alto.

The training materials and certification process should be improved. For example, the certificates are more expensive and there's no good training available on the internet right now.

I have been using Check Point NGFW for approximately seven years, since 2014.

The stability of this firewall is good and we haven't had any problems. It is a well-known, quality brand.

There are no issues with extendability or scalability. Over the course of a year, we added another firewall, bringing us from one to two deployments, and the process was not tough. We were easily able to manage it.

We have approximately 12 people who work with this firewall during different shifts.

I have been in contact with technical support many times, and they are good. Most of the time, they solve the problem as soon as possible, and they give a perfect solution.

Currently, we are using firewalls from different vendors, including Palo Alto and Cisco. Our Cisco ASA solution is completely CLI-based and Palo Alto is like Check Point with an interface that is a mix of UI and CLI-based.

Both Palo Alto and Cisco ASA have very good tutorials available on the internet, including videos on YouTube and courses on Udemy.

On the other hand, Cisco ASA is more difficult to use because there is no UI and for a person who does not have any knowledge of the networking commands, they have to learn them.

The first phase of the implementation is to plan the firewall deployment. After that, we do the configuration and validate it. In the case of a Check Point firewall, this process will take between two and three months to complete.

The complexity of the process depends on the features that you want to add. In general, it is straightforward and not too complex.

I was not present when the first firewall was set up, although I was presented for the deployment of new ones. Whenever there is a new firewall deployment, I am involved. We have between four and five network engineers who take care of this part.

There is no maintenance required from our side. When we have a hardware issue then we contact technical support to get it sorted out.

We have seen ROI; for the purpose that we have deployed this firewall, we are getting returns. Based on this, we are buying more Check Point firewalls.

The price of Check Point is lower than Palo Alto but higher than Cisco ASA. For us, the price for licensing is fine, we have no issue with it, and feel that the cost is justified.

There are no costs in addition to the standard licensing fees.

My advice for anybody who is implementing Check Point NGFW is that if they get stuck, then visit the technical support section of the website and read the articles that are available. I have learned many things from the tech articles, and it's a good website if you want to learn about it in-depth.

One of the things that I learned is that Check Point firewalls also use Linux commands. After working with Check Point, I improved my Linux skills, which is a good thing for me.

I would rate this solution a nine out of ten.

I use Check Point NGFW in my role as an Information Technology Security Engineer. We have implemented it for our customers and use it ourselves.

Fortinet is easier to set up due to its understandable interface and ability to connect to the CLI directly from the web interface without needing an external SSH client.

Check Point NGFW should improve its user interface to make it more user-friendly and intuitive. Additionally, the issue with link selection on VPNs needs to be addressed.

I have been familiar with Check Point NGFW for around two years.

Overall, I am satisfied with the stability of Check Point NGFW.

I am satisfied with the scalability of Check Point NGFW.

We have an engineer who is certified to work with Check Point, and I am satisfied with their technical support.

We have an engineer who is certified to work with Check Point.

I am not dealing with the pricing of Check Point products since I am a technician, not a seller or buyer.

I proposed Check Point, Fortinet, and Juniper to our customers. Fortinet is popular for its ease of use and cost-effectiveness.

I would recommend Check Point NGFW even if the customer doesn't have a Check Point infrastructure.

I'd rate the solution nine out of the ten.

The primary use case is to enhance security by safeguarding the internet connection for both servers and users.

Its greatest asset lies in its user-friendly interface, making it exceptionally suitable and reliable for managing gateways.

When it comes to Check Point's small business gateway series, there might be a need for hardware upgrades, as configuring them can sometimes be a bit challenging.

I have been working with it for two years.

I would rate its stability capabilities eight out of ten.

I would rate its scalability abilities eight out of ten.

Seeking solutions from them can be quite challenging and often takes a while, which then impacts our workload. I would rate it seven out of ten.

Neutral

I have some experience with Juniper, WatchGuard, Cisco, and Fortinet.

The initial setup is relatively complex.

Deployment duration varies based on the customer's specific conditions. On average, an installation might take around twenty minutes.

The best solutions tend to come with a higher price tag. If something is inexpensive, it often implies a compromise in quality. The solution is indeed costly. I would rate it eight out of ten.

Overall, I would rate it eight out of ten.

I use the solution in my company since the solution serves as a firewall and functions on a DMZ network while also providing public-facing services. I serve my company's customers as a firewall administrator.

My company's customers have benefited from the solution's performance, especially when dealing with a huge amount of traffic. Check Point is a well-known name in the security industry that opts for functionalities like signature-based detection and beyond.

The most valuable feature of the solution is the Quantum Intrusion Prevention System (IPS). I also like the solution's functionality, like autonomous threat prevention.

The complexity involved in the solution's initial setup phase and deployment process is an area of concern where improvement is required.

I have been using Check Point NGFW for two years. I work as the solution's integrator. Speaking about the version, I use Check Point Quantum 6400 Next Generation Firewalls.

So far, I haven't faced any issues related to the solution's stability.

Scalability-wise, I rate the solution a nine out of ten.

If I take into consideration my company's customers who use the solution, then I would have to say that there are around 300 to 400 users.

I have availed the services provided by the solution's technical support. My company engages with the solution's local partner to avail the services provided by Check Point's technical support team.

Compared to Palo Alto and Fortinet, Check Point provides good internal performance, especially for big-scale enterprises and entities, making it a tool that is not just suitable for SMEs or mid-sized companies. Check Point is, however, pricier than other solutions.

The initial setup of Check Point NGFW is quite complex. When it comes to the product's setup phase, the engineer should understand the product, and instead of understanding the firewall, it is important to know how to manage or be an admin.

The solution is deployed on an on-premises model.

The solution's deployment is complex.

My company's customers have seen a return on investment from the use of Check Point NGFW.

I rate the pricing of Check Point NGFW a five on a scale of one to ten, where one is high price, and ten is low price.

I take care of the solution's maintenance part, and I feel that it is a straightforward process.

Check Point NGFW is good for big companies.

I rate the overall solution an eight out of ten.

We use Check Point as well as Cisco. The firewall is used in order to continue filtering with VMware VMotion on different data centers. 

We have several data centers that are stretched. Our Check Point firewalls are used to filter north/south traffic.

With BGP on Gaia, when one of the clusters is unreacheable, the traffic is rerouted to another cluster. 

We also use VSX which is really a very good product for macrosegmentation.

The management of the firewall and advanced routing is great. It's easy to use and troubleshoot.

We need east/west Check Point firewalls in order to do micro-segmentation. A good solution for us is a solution that can be installed on différent systems (Linux, Windows K8S, bare metal, etc.) and can have centralized management.

Troubleshooting is also a big feature that will be necessary in this use case. 

I've used the solution for many years.

We also looked at Ciscos ASA and Fortigate.