Try our new research platform with insights from 80,000+ expert users
reviewer1613238 - PeerSpot reviewer
IT Manager at a comms service provider with 51-200 employees
Real User
Great mobile access with good security and excellent stability
Pros and Cons
  • "The AntiSpam/Mail blade was also one of the main reasons we went with this product since we hosted our email server locally. This was an extra layer of protection on top of the existing solution."
  • "It would be ideal to manage everything from one central place."

What is our primary use case?

It's our main firewall and the first line of protection from the outside! We use it to interconnect our remote locations (that use different vendors and equipment) and let the employees work remotely.

We're a small site with 300 users and this equipment is more than enough for us. We use almost all the blades and the equipment has run smoothly for years.

This NGFW monitors all the traffic outside of the main network, prevents malicious activities, and lets us easily manage network policies to shape our connections.

How has it helped my organization?

Stability and security are the best way to describe this solution. The attacks from the outside still exist, but now we're better protected. We can view everything that goes in and out of our network with all the information in one place. The drill-down is very helpful and easy to use. Currently, we can troubleshoot connection problems live and solve them in a couple of minutes. This is an improvement on the 1-2 hours with the old solution.

In 4 years we've only had one problem with the equipment (due to a malfunctioning UPS). That corrupted the boot of the equipment, but was easily solved with an fsck.

What is most valuable?

We basically use almost all the blades, since the IPS, Threat Emulation, Spam, etc., are essential for our work. However, currently, Mobile Access is the most valuable. The stability of the solution and the security it gives when working remotely is great. It lets our employees work from everywhere, anytime!

The AntiSpam/Mail blade was also one of the main reasons we went with this product since we hosted our email server locally. This was an extra layer of protection on top of the existing solution.

Threat and Application control are also very important to us.

What needs improvement?

I do prefer to manage everything from only one point of entry/one application. Some things can only be configured from the smart console and others from the smart dashboard. This is the only handicap in this solution. It would be ideal to manage everything from one central place.

Instead of using a windows application to manage the equipment, it would be better to use a web app to configure the solution from a browser.  I know that it's not as powerful (you can't do everything from there), but then we could manage the solution and troubleshoot from any device.

It's faster to see the event logs on a webpage than it is to see them in the smart console.

Buyer's Guide
Check Point NGFW
January 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
831,071 professionals have used our research since 2012.

For how long have I used the solution?

I've used the solution for 4 years.

What do I think about the stability of the solution?

It's very stable. It's also the main reason I love the solution.

During this time i never had to manually restart the equipment because of connectivity problems or because of CPU/memory degradation performance. Sometimes these values get high, but i never lose Throughtput, the equipment continues to run smoothly. We used to restart our older firewall at least 2 times per month.

In the beginning, because we use the spam blade, the memory usage was always high, and the administration was a little bit slow. But Checkpoint provided us an extra memory upgrade and after that we never had administration problems. If we don't have internet connection it's allways the ISP, it was never because of the firewall.

What do I think about the scalability of the solution?

Although I only have one unit, I know that it scales perfectly.

How are customer service and support?

We only had one problem with this equipment. That was because it couldn't boot properly due to disk corruption (malfunction UPS), however, searching the technical Check Point forums it was easy to find a solution to the problem at hand.

We managed to solve the problem without contacting customer service at all.

Which solution did I use previously and why did I switch?

We used to have Zyxel products, but they were aging and couldn't let us connect at faster speeds.

How was the initial setup?

The setup was easy. It didn't take long to have it up and running.

The only concern for us was the remote sites - since it was different vendors. However, we had everything documented and prepared and due to that, it went flawlessly.

It was also easy to create access policies.

What about the implementation team?

The implementation was through a vendor, and the installation went really well. The consultant was Check Point certified and explained everything in detail.

Later on, we added new remote sites to the configuration (in-house) without any problem. We didn't need to check with the vendor.

What was our ROI?

It's not easy to calculate, however, given the stability and security of the solution, it's elevated. There are no bulletproof solutions. That said, now we can rest a bit more because our assets are more protected than they were a couple of years ago.

What's my experience with pricing, setup cost, and licensing?

The setup cost, pricing, and licensing can be a bit expensive, but, I promise, it's completely worth the cost.

Which other solutions did I evaluate?

I evaluated Fortinet and Check Point.

What other advice do I have?

It simply works like a charm. The stability and trust in the vendor are also very important to us.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1573887 - PeerSpot reviewer
CTO at a computer software company with 11-50 employees
Real User
Easy to configure, provides automatic isolation and notification of problem systems
Pros and Cons
  • "The way in which a computer is immediately isolated if it starts behaving badly and I get a notification of an infected computer is also extremely nice and a great feature."
  • "It would be nice to add more features to the WatchTower app to be able to perform certain administrative functions without the need for local access."

What is our primary use case?

We have a pretty small office and therefore, a small network environment, and the SMB appliances from Check Point were a perfect fit and exactly what we were looking for in order to improve our overall security posture in the office.

It was critical for us to be able to secure our network, including intrusion detection and prevention along with threat emulation and extraction for zero-day threat help, and Check Point fit perfectly.

After implementing the solution, we were able to get through a third-party penetration test of our network without issue.

How has it helped my organization?

Check Point NGFW has improved our organization by making our corporate network much more secure. Once our SMB appliance was installed, configured, and up and running, we could rest a little easier knowing that unauthorized access to our network just became much more difficult.

By turning on the various software blades, intrusion detection and prevention were in place, we had threat emulation and extraction in place, etc. It was a one-stop-shop for us and gave users on our network a certain peace of mind knowing that there was something in place to help keep them safe from malicious actors.

What is most valuable?

There are many aspects of Check Point NGFW that are valuable and important to our organization, but I'd say the top three are intrusion detection and prevention, threat emulation, and threat extraction. These three features have set a good baseline of security on top of the normal application URL filtering and other services of the firewall.

The way in which a computer is immediately isolated if it starts behaving badly and I get a notification of an infected computer is also extremely nice and a great feature.

What needs improvement?

When first looking into the Check Point offerings, it was fairly confusing trying to determine the differences between the different offerings. Specifically, SMBs versus other models, and which one would work best within my environment for my use case. I think we ended up in a good spot after speaking with a reseller in the area, but it would have been nice to be able to get there independently.

The WatchTower app that can be used to access the SMB appliance remotely is a nice touch, but it doesn't allow for many actions to be taken and therefore is relegated to mostly notifications. At that point, it requires me to gain local access to go further. It would be nice to add more features to the WatchTower app to be able to perform certain administrative functions without the need for local access. 

For how long have I used the solution?

We have been using Check Point NGFW for two years.

What do I think about the stability of the solution?

This product is stable and we have had no issues.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

How was the initial setup?

Easy setup and configuration by a non-network/security person.

What's my experience with pricing, setup cost, and licensing?

Check Point brings good value for the money and is competitive in the market.

Which other solutions did I evaluate?

We evaluated Fortinet FortiGate but Check Point seemed like a better fit for us in terms of features and value.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point NGFW
January 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
831,071 professionals have used our research since 2012.
Technical Specialist at Tech Hat Pvt Ltd
User
Great security management, packet filtering, and built-in high availability
Pros and Cons
  • "In a single bundle we have the all solutions we need - like application/URL filtering, and threat emulation/extraction."
  • "They could improve by lowering prices."

What is our primary use case?

We use the solution for full-scale integration and end-to-end management at the organization in a distributed deployment. The deployment/installation is quite easy.

Check Point NGFW is the best in terms of comprehensive protection against network threats and security against malware and phishing attacks. It smoothly restricts these via anti-phishing algorithms. 

Check Point NGFW source package covers all the bases - application control, NAT, DLP, routing, content awareness, VPN, desktop security, and much more. 

It is scalable, provides end-to-end resolution and customized productive services like providing a complete solution for perimeter protection that blocks the traffic based on an IP address or on applications and content. This makes Check Point NGFW a highly promising and more or less a complete solution.   

How has it helped my organization?

Check Point NGFW proved to be highly scalable, secure, and stable, among other alternatives to multiple firewalls present in the market. 

Before we used Check Point, we faced many issues such as latency, business interruptions, etc. In a single bundle we have the all solutions we need - like application/URL filtering, and threat emulation/extraction. In one single platform, we can manage everything with no need for a separate console to check/manage the features and behaviors. It has improved the performance and has minimal latency.

What is most valuable?

The most valuable aspects include:

Security Management. In a single console, we can manage the policies. It includes all the included bundles, features, and monitoring of logs.

Packet Filtering. This is used to examine every packet of data passing through your network. 

Built-in High Availability. A standard backup feature should be included if you cannot risk losing your firewall. 

Bandwidth control and monitoring. It's important to control the use of the bandwidth you have available.

Policy verification/validation. Check Point provides a convenient abstraction for bundling the validation of data against an expectation suite. 

What needs improvement?

They could improve by lowering prices. The source package is a bit more expensive than its competitors. We've had some downtime issues

Improvements in the time and attention given to solutions for generated cases.  Licensing that is more comfortable and affordable.

Check Point NGFW Firewall requires frequent updates to build more user-friendly dashboards.

A few services of Check Point NGFW require immediate improvements, like the customer support portal and the ads management on the platform.

Sometimes the KB article does not include all the steps. There is a chance for improvement in the content of global KB articles.

For how long have I used the solution?

I've used the solution for eight or more years. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security Analyst at M3
User
Top 20
Great import, logging, and IPS features
Pros and Cons
  • "The IPS is frequently updated so the rules are always new and in place."
  • "The firewall can improved to make it more user-friendly."

What is our primary use case?

The primary use case for this solution is to protect the devices under the firewall.

There is a customer who has many switches and routers in their network. They are only protected by an old Cisco ASA firewall. So, the customer instead finds a new vendor or service, and thus we install the Check Point Firewall.

Since the customer has many devices, it takes quite some time to move the Cisco ASA firewall rules to the Check Point policies. However, Check Point has a function to import the policies so it takes less time to do so. Still, the rules that were imported are a mess so we still need to check them one by one and fix the errors before installing them in the customer environment.

How has it helped my organization?

The Check Point NGFW has improved the organization by helping with multi-tasking.

The Check Point Firewall that we have is better than the previous Cisco ASA as the firewall has IPS, anti-virus, and anti-bot installed into it at the same time. The IPS is frequently updated so the rules are always new and in place. The firewall IPS and anti-virus can also get other threat intelligence from the web so that the firewall will always have good protection that is up to date. 

The anti-bot is good as it can prevent the firewall from being protected from DDoS without creating any rules as it automatically blocks IPs that are sending too much information to the servers.

What is most valuable?

The features I found most valuable are the import, logging, and IPS.

The import makes it easier for us to copy the rules without starting from scratch, which will take lots of time. The next thing I find most valuable is the logging. The logging which is called Smartview can distill the logs into simple reports which makes it easier to see all the attacks and issues the firewall faces without diving deep into the logs. Lastly, the IPS is always new and up to date so the attacks that happen are always blocked.

What needs improvement?

The firewall can improved to make it more user-friendly. The firewall is somewhat not user-friendly as it has many sections and makes it complicated for a layman to understand where to put the policies and rules. 

The firewall also doesn't save the policies immediately after you save them, which means you need to do one more extra step in order for the new rules or policies to take effect. During my first time handling it, I did not understand why the rules and policies I put in didn't work until I found out that you need to click the install button until it takes effect.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Manzoom Ahmed Khan - PeerSpot reviewer
Senior Network Security Engineer at C-Edge Technologies Limited
Integrator
Good support with advanced blades and good reliability
Pros and Cons
  • "The Check Point architecture and packet are very good."
  • "There is a huge amount of revenue lost in the financial/banking sector due to cyber attacks, so we need to have something that can highly concentrate on future cyber attacks."

What is our primary use case?

I am using Check Point NGFW in an internet-facing manner thanks to the advanced features and security, like the SAM database.

If anyone wants to use the firewall as internet facing, then Check Point NGFW is the best option.

How has it helped my organization?

Our organization gets many attacks on our server, so we have installed Check Point firewall for internet-facing scenarios,

What is most valuable?

The SAM database and advanced blade are the most valuable aspects of the product.

The Check Point architecture and packet are very good.

What needs improvement?

We need further protection from future critical cyber attacks, as cyber-attacks are growing day by day, and every day new attack is happening in the real world.

There is a huge amount of revenue lost in the financial/banking sector due to cyber attacks, so we need to have something that can highly concentrate on future cyber attacks.

Check Point should release some new technology that no vendor has ever done before.

Check Point NGFW helps me as a network security engineer as it is easy to troubleshoot the issue and also its easy to clear all vulnerabilities in Check Point after upgrading.

For how long have I used the solution?

I have been using this solution for five years.

What do I think about the stability of the solution?

The stability is good. 

What do I think about the scalability of the solution?

The scalability is good.

How are customer service and support?

They are awesome. They offer a high level of support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have used Cisco, however, due to multiple vulnerabilities, I have switched to Check Point.

How was the initial setup?

The initial setup is straightforward.

What was our ROI?

The ROI is good. 

What's my experience with pricing, setup cost, and licensing?

They offer good quality, therefore, the pricing doesn’t matter.

Which other solutions did I evaluate?

I have compared many vendors, including Sophos and Fortinet.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer947427 - PeerSpot reviewer
Technical Architect at a computer software company with 10,001+ employees
MSP
It's easier to manage and has better support than competing solutions
Pros and Cons
  • "Check Point is more expensive but easier to manage, and their presales and after-sale support are way better than Fortinet's."
  • "I would like to see Check Point add more cloud management features and better integration with LAN software-defined networking."

What needs improvement?

I would like to see Check Point add more cloud management features and better integration with LAN software-defined networking. 

What do I think about the stability of the solution?

I rate Check Point eight out of 10 for stability. 

What do I think about the scalability of the solution?

Check Point is definitely scalable.

Which solution did I use previously and why did I switch?

It really depends on the customer's deployment and environment, but we often mix and match firewalls. Check Point is more expensive but easier to manage, and their presales and after-sale support are way better than Fortinet's.

How was the initial setup?

Check Point is more complicated to deploy than Fortinet.

What's my experience with pricing, setup cost, and licensing?

Check Point needs to lower its price drastically, and the licensing model is very complex.

What other advice do I have?

I rate Check Point NGFW nine out of 10. I would only recommend it for medium to large enterprises.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
reviewer1721655 - PeerSpot reviewer
Networking engineer at Hewlett Packard Enterprise
Real User
Great Identity-Based Inspection Control with pleasant technical support and good scalability
Pros and Cons
  • "The Identity-Based Inspection Control gives us the ability to leverage the organization’s Microsoft AD, LDAP, RADIUS, and Cisco pxGrid."
  • "With the increase of volume of traffic, the required resource/hardware to properly run goes up. Therefore, the hardware engineering to architecture flow has to be more efficient."

What is our primary use case?

Working in an MSP environment, there are more than a hundred firewalls and we use Check Point NGFW firewall which is mainly implemented as perimeter security and internal segmentation firewall. 

Due to our requirements, we implement site-to-site VPN between clients and cloud providers (AWS/Goggle/Azure). The centralized managed infrastructure makes it simple for the IT staff to operate and monitor the firewalls. 

The Smart Console provides a single pane of glass that allows the IT staff to easily manage the environment and troubleshoot issues.

How has it helped my organization?

The Smart Console provides a single pane of glass that allows the IT staff to easily manage the environment and troubleshoot issues. 

The UI decreases the hours required to complete a task. It also incorporates compliance and audit control validation into the system. 

IT staff can construct a single policy across all enforcement points in the Infinity architecture. 

There's a unified policy table that combines threat prevention and segmentation policies. 

SmartEvent allows consolidated event management and export.

What is most valuable?

The Identity-Based Inspection Control gives us the ability to leverage the organization’s Microsoft AD, LDAP, RADIUS, and Cisco pxGrid. 

The Terminal Servers group membership allows policies to automate typical processes (user moves/add/changes) and decrease configuration changes required on the firewall, which is tremendously beneficial. This limits the integration with the identity store to just one interface, and we still get broad security coverage based on a single set of identity policies. 

We leverage the combination of identity and application awareness, which is mandatory in order to build scalable security policies that protect the business without compromising user experience. This feature is extended to the SmartEvent console.

What needs improvement?

The SmartEvent blade has a huge number of security events/logs. We are trying to find correlation with the help of the SmartEvent blade, however, it may impact the performance of our Check Point management server. It requires additional licenses for Check Point management servers. It should be inbuilt within the management server.

With the increase of volume of traffic, the required resource/hardware to properly run goes up. Therefore, the hardware engineering to architecture flow has to be more efficient.

For how long have I used the solution?

I've used the solution actively since 2008.

What do I think about the stability of the solution?

There were moments of where it did struggle when the rules were not properly maintained meaning that rules clean up exercise has to be performed annually to prune out rules no longer being use to allow the firewall to function more efficiently.

What do I think about the scalability of the solution?

Overall, the product handles a production workload like a champ.

How are customer service and support?

Customer service was pleasant.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Working in an MSP, we have multiple vendors/principals of NGFWs.

How was the initial setup?

You have to work with a sales account manager to get the best price.

What about the implementation team?

You need to work with a vendor that is overall quite knowledgeable. 

What's my experience with pricing, setup cost, and licensing?

The solution should be evaluated and a trial run should be done in the lab as Check Point provides VM instances that can be installed on an open server box. Make sure to check with sales about the features and if they require additional licenses before purchasing.

Which other solutions did I evaluate?

Working in MSP, we have looked at various NGFWs. Check Point is one of them.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1718679 - PeerSpot reviewer
Senior Network Engineer at Arvest Bank Group
User
Unstable with unreliable hardware and poor technical support
Pros and Cons
  • "The only area that Check Point still seems to excel in is their logging."
  • "Check Point's support, at all levels, needs a complete overhaul."

What is our primary use case?

Check Point firewalls are/were deployed in various parts of our network to achieve perimeter defense and internal network segmentation. 

In addition to the firewall functionality, each appliance also leveraged Check Point's IPS blades. The perimeter Check Point appliances were also responsible for terminating any and all site-to-site VPN connections with third parties. 

All traffic from remote locations, remote VPN users, and egress traffic to the internet is filtered through the Check Point equipment at some point in our network.

How has it helped my organization?

Check Point has not improved our organization. We have observed a sharp decline in the quality of both products and support. 

Over the last several years, there has not been a single week where we have not had an outstanding issue open with Check Point support's advanced tier teams. 

Initially, we had incredibly impactful issues regarding their scalable platform hardware (which is being discontinued in favor of Maestro) to the point we were forced to rip them out due to them being completely unreliable. 

Check Point support has also seen a significant drop in quality, despite my organization even being a Diamond Support customer with Check Point. We fully believe it would be a wiser investment of time to call Geek Squad rather than Check Point.

What is most valuable?

The only area that Check Point still seems to excel in is their logging. Reviewing logs on Check Point is a snappy and intuitive process that allows the end-user to filter down traffic to specifically what they're looking for very easily and even with little knowledge of Check Point. 

The ability to create filters on the fly in the GUI with simple clicks to various areas of the log is fantastic and allows one to find exactly what they're looking for with very little effort. Note that this is probably the only thing Check Point still has going for it.

What needs improvement?

Check Point's support, at all levels, needs a complete overhaul. The Check Point support staff aren't even shy about telling you how understaffed, underpaid, and underappreciated they are. Any engineer with a hint of talent is pulled from general support to higher tiers, and then, once they reach a level of competency above that of your average acorn, they leave for better-paying jobs elsewhere. 

My organization witnessed this first hand fighting through the lower tiers of support and working frequently with the scalable platform team. When we switched to Diamond Support we saw no significant improvement in support save for shorter hold times.

For how long have I used the solution?

I have personally used Check Point solutions for nearly ten years. My organization has used Check Point for 15+ years.

What do I think about the stability of the solution?

The solution is absolutely unstable. My organization follows vendor best practices exactly and has every deployment vetted by multiple levels within the vendor. Despite this, Check Point hardware has repeatedly proved unreliable at best, sometimes resulting in total outages for our company. 

Which solution did I use previously and why did I switch?

My current organization has used Check Point for the relevant past and is only recently completely switching vendors to Palo Alto.

What was our ROI?

All current Check Point hardware is destined for the recycle bin. There is a pretty low ROI.

What's my experience with pricing, setup cost, and licensing?

Most firewall vendors, Check Point included, make the selection of hardware easy enough based on projected usage. Likewise setup on many vendors in greenfield environments is simple enough and should not require professional services.

Which other solutions did I evaluate?

I was not involved with the initial deployment of Check Point in our environment as it was before my time. However, each subsequent deployment I have been involved in with Check Point was used based on the existing relationship. Once the issues became too impactful and we realized we had no hope of seeing any improvements we began efforts to rip out the existing Check Point equipment.

What other advice do I have?

Do not let Check Point's past success lure you into their current state of bottom of the barrel.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: January 2025
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.