Try our new research platform with insights from 80,000+ expert users
Technical Specialist at Tech Hat Pvt Ltd
User
Great security management, packet filtering, and built-in high availability
Pros and Cons
  • "In a single bundle we have the all solutions we need - like application/URL filtering, and threat emulation/extraction."
  • "They could improve by lowering prices."

What is our primary use case?

We use the solution for full-scale integration and end-to-end management at the organization in a distributed deployment. The deployment/installation is quite easy.

Check Point NGFW is the best in terms of comprehensive protection against network threats and security against malware and phishing attacks. It smoothly restricts these via anti-phishing algorithms. 

Check Point NGFW source package covers all the bases - application control, NAT, DLP, routing, content awareness, VPN, desktop security, and much more. 

It is scalable, provides end-to-end resolution and customized productive services like providing a complete solution for perimeter protection that blocks the traffic based on an IP address or on applications and content. This makes Check Point NGFW a highly promising and more or less a complete solution.   

How has it helped my organization?

Check Point NGFW proved to be highly scalable, secure, and stable, among other alternatives to multiple firewalls present in the market. 

Before we used Check Point, we faced many issues such as latency, business interruptions, etc. In a single bundle we have the all solutions we need - like application/URL filtering, and threat emulation/extraction. In one single platform, we can manage everything with no need for a separate console to check/manage the features and behaviors. It has improved the performance and has minimal latency.

What is most valuable?

The most valuable aspects include:

Security Management. In a single console, we can manage the policies. It includes all the included bundles, features, and monitoring of logs.

Packet Filtering. This is used to examine every packet of data passing through your network. 

Built-in High Availability. A standard backup feature should be included if you cannot risk losing your firewall. 

Bandwidth control and monitoring. It's important to control the use of the bandwidth you have available.

Policy verification/validation. Check Point provides a convenient abstraction for bundling the validation of data against an expectation suite. 

What needs improvement?

They could improve by lowering prices. The source package is a bit more expensive than its competitors. We've had some downtime issues

Improvements in the time and attention given to solutions for generated cases.  Licensing that is more comfortable and affordable.

Check Point NGFW Firewall requires frequent updates to build more user-friendly dashboards.

A few services of Check Point NGFW require immediate improvements, like the customer support portal and the ads management on the platform.

Sometimes the KB article does not include all the steps. There is a chance for improvement in the content of global KB articles.

Buyer's Guide
Check Point NGFW
February 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: February 2025.
838,737 professionals have used our research since 2012.

For how long have I used the solution?

I've used the solution for eight or more years. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security Analyst at M3
User
Top 20
Great import, logging, and IPS features
Pros and Cons
  • "The IPS is frequently updated so the rules are always new and in place."
  • "The firewall can improved to make it more user-friendly."

What is our primary use case?

The primary use case for this solution is to protect the devices under the firewall.

There is a customer who has many switches and routers in their network. They are only protected by an old Cisco ASA firewall. So, the customer instead finds a new vendor or service, and thus we install the Check Point Firewall.

Since the customer has many devices, it takes quite some time to move the Cisco ASA firewall rules to the Check Point policies. However, Check Point has a function to import the policies so it takes less time to do so. Still, the rules that were imported are a mess so we still need to check them one by one and fix the errors before installing them in the customer environment.

How has it helped my organization?

The Check Point NGFW has improved the organization by helping with multi-tasking.

The Check Point Firewall that we have is better than the previous Cisco ASA as the firewall has IPS, anti-virus, and anti-bot installed into it at the same time. The IPS is frequently updated so the rules are always new and in place. The firewall IPS and anti-virus can also get other threat intelligence from the web so that the firewall will always have good protection that is up to date. 

The anti-bot is good as it can prevent the firewall from being protected from DDoS without creating any rules as it automatically blocks IPs that are sending too much information to the servers.

What is most valuable?

The features I found most valuable are the import, logging, and IPS.

The import makes it easier for us to copy the rules without starting from scratch, which will take lots of time. The next thing I find most valuable is the logging. The logging which is called Smartview can distill the logs into simple reports which makes it easier to see all the attacks and issues the firewall faces without diving deep into the logs. Lastly, the IPS is always new and up to date so the attacks that happen are always blocked.

What needs improvement?

The firewall can improved to make it more user-friendly. The firewall is somewhat not user-friendly as it has many sections and makes it complicated for a layman to understand where to put the policies and rules. 

The firewall also doesn't save the policies immediately after you save them, which means you need to do one more extra step in order for the new rules or policies to take effect. During my first time handling it, I did not understand why the rules and policies I put in didn't work until I found out that you need to click the install button until it takes effect.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point NGFW
February 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: February 2025.
838,737 professionals have used our research since 2012.
Manzoom Ahmed Khan - PeerSpot reviewer
Senior Network Security Engineer at C-Edge Technologies Limited
Integrator
Good support with advanced blades and good reliability
Pros and Cons
  • "The Check Point architecture and packet are very good."
  • "There is a huge amount of revenue lost in the financial/banking sector due to cyber attacks, so we need to have something that can highly concentrate on future cyber attacks."

What is our primary use case?

I am using Check Point NGFW in an internet-facing manner thanks to the advanced features and security, like the SAM database.

If anyone wants to use the firewall as internet facing, then Check Point NGFW is the best option.

How has it helped my organization?

Our organization gets many attacks on our server, so we have installed Check Point firewall for internet-facing scenarios,

What is most valuable?

The SAM database and advanced blade are the most valuable aspects of the product.

The Check Point architecture and packet are very good.

What needs improvement?

We need further protection from future critical cyber attacks, as cyber-attacks are growing day by day, and every day new attack is happening in the real world.

There is a huge amount of revenue lost in the financial/banking sector due to cyber attacks, so we need to have something that can highly concentrate on future cyber attacks.

Check Point should release some new technology that no vendor has ever done before.

Check Point NGFW helps me as a network security engineer as it is easy to troubleshoot the issue and also its easy to clear all vulnerabilities in Check Point after upgrading.

For how long have I used the solution?

I have been using this solution for five years.

What do I think about the stability of the solution?

The stability is good. 

What do I think about the scalability of the solution?

The scalability is good.

How are customer service and support?

They are awesome. They offer a high level of support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have used Cisco, however, due to multiple vulnerabilities, I have switched to Check Point.

How was the initial setup?

The initial setup is straightforward.

What was our ROI?

The ROI is good. 

What's my experience with pricing, setup cost, and licensing?

They offer good quality, therefore, the pricing doesn’t matter.

Which other solutions did I evaluate?

I have compared many vendors, including Sophos and Fortinet.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1721655 - PeerSpot reviewer
Networking engineer at Hewlett Packard Enterprise
Real User
Great Identity-Based Inspection Control with pleasant technical support and good scalability
Pros and Cons
  • "The Identity-Based Inspection Control gives us the ability to leverage the organization’s Microsoft AD, LDAP, RADIUS, and Cisco pxGrid."
  • "With the increase of volume of traffic, the required resource/hardware to properly run goes up. Therefore, the hardware engineering to architecture flow has to be more efficient."

What is our primary use case?

Working in an MSP environment, there are more than a hundred firewalls and we use Check Point NGFW firewall which is mainly implemented as perimeter security and internal segmentation firewall. 

Due to our requirements, we implement site-to-site VPN between clients and cloud providers (AWS/Goggle/Azure). The centralized managed infrastructure makes it simple for the IT staff to operate and monitor the firewalls. 

The Smart Console provides a single pane of glass that allows the IT staff to easily manage the environment and troubleshoot issues.

How has it helped my organization?

The Smart Console provides a single pane of glass that allows the IT staff to easily manage the environment and troubleshoot issues. 

The UI decreases the hours required to complete a task. It also incorporates compliance and audit control validation into the system. 

IT staff can construct a single policy across all enforcement points in the Infinity architecture. 

There's a unified policy table that combines threat prevention and segmentation policies. 

SmartEvent allows consolidated event management and export.

What is most valuable?

The Identity-Based Inspection Control gives us the ability to leverage the organization’s Microsoft AD, LDAP, RADIUS, and Cisco pxGrid. 

The Terminal Servers group membership allows policies to automate typical processes (user moves/add/changes) and decrease configuration changes required on the firewall, which is tremendously beneficial. This limits the integration with the identity store to just one interface, and we still get broad security coverage based on a single set of identity policies. 

We leverage the combination of identity and application awareness, which is mandatory in order to build scalable security policies that protect the business without compromising user experience. This feature is extended to the SmartEvent console.

What needs improvement?

The SmartEvent blade has a huge number of security events/logs. We are trying to find correlation with the help of the SmartEvent blade, however, it may impact the performance of our Check Point management server. It requires additional licenses for Check Point management servers. It should be inbuilt within the management server.

With the increase of volume of traffic, the required resource/hardware to properly run goes up. Therefore, the hardware engineering to architecture flow has to be more efficient.

For how long have I used the solution?

I've used the solution actively since 2008.

What do I think about the stability of the solution?

There were moments of where it did struggle when the rules were not properly maintained meaning that rules clean up exercise has to be performed annually to prune out rules no longer being use to allow the firewall to function more efficiently.

What do I think about the scalability of the solution?

Overall, the product handles a production workload like a champ.

How are customer service and support?

Customer service was pleasant.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Working in an MSP, we have multiple vendors/principals of NGFWs.

How was the initial setup?

You have to work with a sales account manager to get the best price.

What about the implementation team?

You need to work with a vendor that is overall quite knowledgeable. 

What's my experience with pricing, setup cost, and licensing?

The solution should be evaluated and a trial run should be done in the lab as Check Point provides VM instances that can be installed on an open server box. Make sure to check with sales about the features and if they require additional licenses before purchasing.

Which other solutions did I evaluate?

Working in MSP, we have looked at various NGFWs. Check Point is one of them.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1718679 - PeerSpot reviewer
Senior Network Engineer at Arvest Bank Group
User
Unstable with unreliable hardware and poor technical support
Pros and Cons
  • "The only area that Check Point still seems to excel in is their logging."
  • "Check Point's support, at all levels, needs a complete overhaul."

What is our primary use case?

Check Point firewalls are/were deployed in various parts of our network to achieve perimeter defense and internal network segmentation. 

In addition to the firewall functionality, each appliance also leveraged Check Point's IPS blades. The perimeter Check Point appliances were also responsible for terminating any and all site-to-site VPN connections with third parties. 

All traffic from remote locations, remote VPN users, and egress traffic to the internet is filtered through the Check Point equipment at some point in our network.

How has it helped my organization?

Check Point has not improved our organization. We have observed a sharp decline in the quality of both products and support. 

Over the last several years, there has not been a single week where we have not had an outstanding issue open with Check Point support's advanced tier teams. 

Initially, we had incredibly impactful issues regarding their scalable platform hardware (which is being discontinued in favor of Maestro) to the point we were forced to rip them out due to them being completely unreliable. 

Check Point support has also seen a significant drop in quality, despite my organization even being a Diamond Support customer with Check Point. We fully believe it would be a wiser investment of time to call Geek Squad rather than Check Point.

What is most valuable?

The only area that Check Point still seems to excel in is their logging. Reviewing logs on Check Point is a snappy and intuitive process that allows the end-user to filter down traffic to specifically what they're looking for very easily and even with little knowledge of Check Point. 

The ability to create filters on the fly in the GUI with simple clicks to various areas of the log is fantastic and allows one to find exactly what they're looking for with very little effort. Note that this is probably the only thing Check Point still has going for it.

What needs improvement?

Check Point's support, at all levels, needs a complete overhaul. The Check Point support staff aren't even shy about telling you how understaffed, underpaid, and underappreciated they are. Any engineer with a hint of talent is pulled from general support to higher tiers, and then, once they reach a level of competency above that of your average acorn, they leave for better-paying jobs elsewhere. 

My organization witnessed this first hand fighting through the lower tiers of support and working frequently with the scalable platform team. When we switched to Diamond Support we saw no significant improvement in support save for shorter hold times.

For how long have I used the solution?

I have personally used Check Point solutions for nearly ten years. My organization has used Check Point for 15+ years.

What do I think about the stability of the solution?

The solution is absolutely unstable. My organization follows vendor best practices exactly and has every deployment vetted by multiple levels within the vendor. Despite this, Check Point hardware has repeatedly proved unreliable at best, sometimes resulting in total outages for our company. 

Which solution did I use previously and why did I switch?

My current organization has used Check Point for the relevant past and is only recently completely switching vendors to Palo Alto.

What was our ROI?

All current Check Point hardware is destined for the recycle bin. There is a pretty low ROI.

What's my experience with pricing, setup cost, and licensing?

Most firewall vendors, Check Point included, make the selection of hardware easy enough based on projected usage. Likewise setup on many vendors in greenfield environments is simple enough and should not require professional services.

Which other solutions did I evaluate?

I was not involved with the initial deployment of Check Point in our environment as it was before my time. However, each subsequent deployment I have been involved in with Check Point was used based on the existing relationship. Once the issues became too impactful and we realized we had no hope of seeing any improvements we began efforts to rip out the existing Check Point equipment.

What other advice do I have?

Do not let Check Point's past success lure you into their current state of bottom of the barrel.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Contracted IT Staff at Sağlık Bakanlığı-Turkish Ministry of Health
Real User
User-friendly, easy to configure, and great for corporate environments
Pros and Cons
  • "It is a very friendly platform and easy to configure."
  • "It is a bit expensive according to the required blades but it is a platform that is worth having as security in a corporate."

How has it helped my organization?

It is a bit expensive according to the required blades but it is a platform that is worth having as security in a corporate.

What is most valuable?

I have worked for several years with the Check Point platform (NGFW) and it is by far the most stable in hardware and software.

It is a very friendly platform and easy to configure. It is true that it is a bit expensive (according to the required blades), however, it is a platform that is worth having as security in a corporate environment. 

For how long have I used the solution?

I've used the solution for more than five years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1678680 - PeerSpot reviewer
Senior Linux Administrator at Cartrack
User
Simple to scale with a nice management interface and good technical support
Pros and Cons
  • "Many problems have been solved with these firewalls and we've largely been very satisfied."
  • "The predefined reports are few and it would be nice to increase them since the logs are excellent."

What is our primary use case?

Check Point's Next Generation Firewall has definitely improved our organization as we previously used a Linux firewall and we have had to manually configure internet control measures. When it comes to configuring firewall policies it was time-consuming. This has been taken care of by Check Point's Next Generation firewall. Even the integration to the Active Directory has been made to be seamless and requires a minimum effort from our security and network administrators. The technologies that are in place are amazing. For example, the Threat Extraction and Threat Emulation technologies. The Sandbox technology, or Threat Cloud, is world-class.

How has it helped my organization?

The remote access blade functionality is really valuable as we now need to just install the client on the user's machines and the client can be preconfigured with the site details. This makes our lives very simple. The logging of the firewall is also phenomenal as it is very granular and very easy to filter. 

The Application control blade is another valuable feature as we now only need to create a rule to be applied and to specify the applicable application which is categorized. The ability to configure dynamic objects, for example, Microsoft Office 365, is also a valuable feature.

The reports are very detailed and the variety is amazing. It caters to everything and is even more that what we had bargained for. They are also customizable, which makes them extremely valuable to us. 

Another great feature is the ability to publish corporate applications in a secure web environment.

What is most valuable?

Many problems have been solved with these firewalls and we've largely been very satisfied. Thanks to this infrastructure that we have managed, in this pandemic time, to quickly and effectively offer the potential to remotely work for everyone has been good. 

Also important is the separate management interface that has made it possible to carry out even the most operations while comfortably seated at the desk. It provides multiple profiles that you can apply depending on the scenario that presents itself.

What needs improvement?

It takes a while to install the rules so that if you make a mistake you can only fix it after a few minutes. There's no problem with traffic processing. 

Sometimes you are forced to interact on several levels: on the one hand, you put in the rules, and on the other, you put in the route. The predefined reports are few and it would be nice to increase them since the logs are excellent.

In my work experience, I have been able to use multiple firewall platforms. There are only two valid ones for me and one of them is definitely Check Point. The others charge less but there is a reason for that. It is a good idea to think carefully before rather than after you suffer from a serious attack.

For how long have I used the solution?

We have been using the solution for three years now.

What do I think about the stability of the solution?

For me, the solution has been stable. Perhaps running it on a small scale helps.

What do I think about the scalability of the solution?

I like the fact that it's so simple to scale.

How are customer service and technical support?

I find the support to be very prompt. They go the extra mile to assist and are thorough in their troubleshooting.

Which solution did I use previously and why did I switch?

I did not use a different solution, however, I came to know about this product while I was working for a company called Syrex.

How was the initial setup?

It was set up for us by a company I used to work for.

What about the implementation team?

It was through a vendor, and they were very good and did it on time as they promised.

What was our ROI?

A stable and fully functioning solution has enabled us to focus on other aspects of growing the business.

Which other solutions did I evaluate?

I looked at Fortigate, and it was not as clearly defined, and easy to follow as Check Point is.

What other advice do I have?

Check Point does cost a lot, but for me, it's worth the money I paid.

Some of the products are easier to deploy. For example, the Harmony products are simpler as they have a per user/per device pricing model.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1670154 - PeerSpot reviewer
Firewall Engineer at a logistics company with 1,001-5,000 employees
User
Scalable, stable, and configurable
Pros and Cons
  • "Check Point helps a lot with automatization which definitely reduces the effort to maintain the environment."
  • "The policy installation length is still too long. It was promised that the time would be severely reduced in newer versions, but it is still too long."

What is our primary use case?

We use Check Point Gateways for securing our data centers including DMZ networks as well as gateways for our branch offices around the world. They are connected via MPLS, internet, or site-to-site VPNs depending on the branch connectivity.

A minimum standard for the whole environment is the NGFW. Firewall rules according to our security policy. VPN for site-to-site tunnels to our own gateways or to partners and customers. IPS is set primarily to prevent, and for some signatures to detect. 

Application Control is still in the early stages.

How has it helped my organization?

Firewalling is one of Check Point's core business attributes, and it just works.

Creating site-to-site VPNs between Check Point Gateways that are within the same management is unbelievably easy. If you create VPNs for 3rd parties and there are mismatches or issues, you will see logs that help pinpoint issues or misconfiguration.

Application control help with identifying applications and therefore makes firewall rules easier since changing ports don't have to be adapted every time an application changes or updates.

What is most valuable?

Generally speaking, all features are well documented and the two platforms help with configuration. Documentation and knowledgebase articles in the user center as well as user recommendation within the forums are great. The Admin Guides are really well documented, but it's a lot to read.

Check Point helps a lot with automatization which definitely reduces the effort to maintain the environment. The best example would be the CDT tool which helps with decreasing the amount of time for upgrading whole environments.

What needs improvement?

The policy installation length is still too long. It was promised that the time would be severely reduced in newer versions, but it is still too long. R81 promises at least parallel policy installations, which help in larger environments.

Check Point's advantage (to be able to configure everything) is also a disadvantage. The environment is quite complex. Troubleshooting is not always easy as there are a lot of possible debugs that can be taken, and the support will not always send the right or necessary debugs. Some debugs also can cause a heavy load, so you have to keep an eye on what you troubleshoot.

For how long have I used the solution?

Our company has used Check Point for well over 10 years.

What do I think about the stability of the solution?

If it's running, it's stable. New setups have to be tested though.

What do I think about the scalability of the solution?

The solution can be scaled from very small branch offices to huge data centers or even cloud data centers.

How are customer service and technical support?

Support depends on how well you describe the issue and send information. Sometimes escalation is necessary.

How was the initial setup?

The more features (blades) are turned on, the more complex the environment becomes. If something goes wrong, you have to rule out several issues (hardware, blades, et cetera).

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: February 2025
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.