Check Point NGFW Reviews

We use this product for providing perimeter security, as well as advanced threat protection capabilities to critical infrastructure. The solution is expected to deliver high-performance throughput for voluminous traffic continuously. 

We are using these gateways for multiple functionalities such as:

• Perimeter Gateways
• Anti - APT (Advanced Persistent Threat)
• Anti Malware / Anti Virus
• SSL Inspection
• Network Intrusion Prevention System
• Private Threat Cloud

All of our solutions are expected to run in high availability and have good resiliency. 

Check Point NGFW is the first perimeter security solution used in our environment and it is able to deliver the expected results. Specifically, it supports high-performance throughput for voluminous traffic.

The vendor has proven capability of identifying known threats, which can be seen while managing the firewall. The OEM has identified a roadmap in line with the emerging threat landscape and evolves the product to counter these threats. 

The central management console has helped with segregation, where planned interventions with management consoles do not have any impact on production or critical business traffic.

Next-Generation Threat Prevention capabilities provide security in a high-traffic load, ensuring detection and prevention of known threats by AME, AV, and Sandblast technologies. 

We are also using the system to create VPN gateways for our multiple partners and we haven't faced any issues with them.

 Check Point gateways are a stable product that can run without any issues until a major upgrade or vulnerability mitigation is required.

The support has been reasonable and they were able to minimize the impact during critical incidents.

There is a scope of improvement in detecting zero-day threats using the SandBlast technology, by introducing emulation of Linux-based operating systems. We have also observed issues while using the products with SSL decryption.

There is room for improvement in application-based filtering, as with other firewalls available in the market today. Check Point has improved its application filtering capabilities in the recent past and their latest version, R80, is more capable but still, creating an application-based filter policy is a little cumbersome. 

We have been using the Check Point NGFW for the past four years.

This solution is very much stable and does not require frequent changes in architecture. The patch frequency is limited, which reduces the downtime requirements.

This NGFW is very much scalable; however, I am not sure about other components such as PTC, etc.

Technical support is a mixed experience. Most of the time, issues are handled well in a timely manner but some issues have lingered for a very long time, causing multiple iterations.

We did not use another similar solution prior to this one.

As we use a lot of components from Check Point, the setup was a little complex in terms of deployment and traffic handling.

We had assistance from the vendor's professional services team to ensure smooth deployment. It was a green field project so the deployment was easy. The team deployed on implementation had expertise with the solution.

The ROI for security is the confidence that the solution is able to deliver the expected outcome. This includes stability, Threat Prevention capabilities, Granular policies, etc.

Licensing is pretty straightforward and is based on the blades available, such as NGFW, NGTP, and NGTX. Generally speaking, the pricing is in line with other players in the industry.

We evaluated products by Fortinet and Palo Alto.

In summary, this is a good solution that is stable, and I recommend it.

Our primary use case is as a perimeter firewall for main and DR sites for a financial institution. It secures Internet access for users through IPS/AV/Threat Emulation/Application control and URL filtering with HTTPS inspection and geolocation restrictions. 

It secures our email and MDM solutions. 

We also use it to create site-to-site VPNs with vendors. Remote access is achieved through the use of a secure workspace and SSL network extender. Securing and inspecting HTTP traffic to our web servers is another important task. 

It secures several DMZs and segregates them from the rest of the network.

We use all of the security features available. 

It has helped us with controlling internet access, securing our external websites, and providing remote access that you can trust (secure workspace). The latter provides with a virtual Windows 7 desktop that only allowed apps can be initiated from. In our case, we launch RDP sessions from secure workspace. 

The latest version of the software is a big win overall, with major improvements in how the rulebase is scanned (it's not the top down classical rulebase checking, but a column based checking) and overall efficiency.

Remote access with a secure workspace provides a clear separation between the client and corporate network. 

Threat Emulation (sandboxing) is great for zero-day malware and it is easy to configure. 

Logging and administration are best-of-breed. You can quickly trace back on all sorts of logs in no time. 

IPS and AV rules are granular and specific for the rules that you need. 

The geolocation feature is good for dropping irrelevant traffic. 

Configuration through SMS is quick and easy. It eliminates administration errors while checking consistency before applying a policy.

I would like to have an improved secure workspace solution for remote access. I hear that the Apache Guacamole solution has been integrated into R81. 

The site-to-site VPN options are numerous, but they can get confusing. Interoperability with other vendors is not the strongest when it comes to setting up VPNs. It's totally different from any other VPN vendors I have come across. 

Improvements are needed in policy backups and reverting to the previous policy. This used to be better in R77.30. 

Policy installation tends to take a long time when the rule base increases in size, which can become frustrating. 

I have been using Check Point NGFW for 10 years.

We have never had any unexpected crashes or issues.

It should scale well as they now support more than 40 CPUs on a single system. 

Our experience has been great, although we don't have direct support. This means that sometimes, it takes a while to get to the bottom of issues.

Check Point is really the best NGFW I have come across and I have worked with many vendors including Cisco, Juniper, and FortiGate. It's a platform that a huge amount of research has gone into over the years. It has a great support community and clear guides to solve all sorts of problems and issues.

I didn't switch to Check Point, as it was always there. We haven't switched away from it over the past 10 years. 

We always need some help on installs or major upgrades. 

We have used several vendors and some are better than others. 

It is difficult to calculate ROI when it comes to security products. 

The hardware cost is not huge, but you need to push for good pricing on software licensing and blades.

Check Point was implemented in the company before I arrived. 

It's demanding for the administrator, as it takes years to get an in-depth knowledge of the platform. Otherwise, it is easy to use from day one.

We have two clusters. We are using them as both perimeter firewalls and data center firewalls.

In the past few years, we encountered attempted attacks on our company and we succeeded in finding that we were those attacks, or that some user or workstation was communicating with malicious sites. Without the Check Point Next Generation Firewall, we wouldn't have had the tools to identify these things and to remediate the problems.

A firewall is a firewall. It's a Layer 4 machine that blocks or allows traffic for ports. That's the basics and we don't need a next-generation firewall for that. But the features that are important include:

• IPS
• sandbox
• SandBlast
• Anti-Bot
• URL filtering.

A basic firewall is a basic firewall. You don't need Check Point and you don't need Palo Alto or the other vendors to block ports from source to destination. But we need the advanced features of this product to give us the visibility into, and the security and protection from, scenarios that are not the usual source-to-destination attacks. The solution needs to understand what the connection is, what the behavior of the connection is, and what the reason for the connection is. It can't be a stupid machine. It needs to know that if you're allowing port 53 from source to destination, that it has to check and give us the information that this communication is legitimate, and not something that is malicious.

We just upgraded to the latest software version of Check Point so we have a lot of new stuff to learn. The older version had a little bit of a problem with identity awareness and with HTTPS inspection with the visibility of the logs, and the implementing of rules. But as far as I can see now, with the new version, most of the problems were fixed.

In terms of new features, maybe it would help if we could start to manage all the stuff in the cloud and not in the on-prem servers. The management side could also be faster when you install policies. But other than that, I'm satisfied.

I've used Check Point NGFW firewalls for more than eight years.

In all the time I've been using Check Point there have been no major issues or problems. It's a very stable environment and a very stable solution, in my experience.

We have around 600 to 700 endpoints, workstations, points of sale, and mobile devices. We also have about 200 servers, a WiFi environment, and a networking environment that is not small. We have implemented it 100 percent but, because of the Coronavirus, the company itself is not 100 percent capacity.

For now, we have implemented everything that we wanted and the firewalls are working 100 percent. There are no plans in the near future to grow. Of course, if everything goes back to normal, maybe we will grow.

There are no problems for us in terms of scalability because we're not working at full capacity. We designed the new solution to give us the resources that meet our needs for the moment and for the future. There is no problem with scalability and we can add new firewalls, or replace what we have with bigger firewalls. Everything is okay in terms of scalability from our side.

We continue using our partner for resolving problems and doing the changes that we need. That is the way that most vendors are working. First of all you need a partner and then the partner will open up a case with Check Point.

But one of the best things about working with Check Point, especially here in Israel, is that there is a direct line to the support, because we have such a good relationship with them, to speed things up.

The support is fast, professional, and thorough. Those are the most important things when you have a problem. If we need to call for support from either our partner or Check Point, we get a quick response and, usually, a fast resolution of the problem.

We migrated from Check Point to Check Point

It was really pretty straight forward because we upgraded from an older Check Point product. The installation and the assimilation of the new firewall was very quick with almost no downtime and almost no problems.

We deployed four firewalls in two clusters and, all in all, it took about one day of work; half a day for each side. That includes the installation, the configuration, and the exporting of the configuration from the old system and, of course, all the fixes and patches.

On our side there was one person involved in the initial setup, just to make sure that everything was going okay and, after the installation, to do all the checks and verify that everything was working fine and as needed.

We deployed it with the help of a partner, called Spider Solutions, here in Israel. Our experience with them was good. The technician that came here to install the firewalls was professional and thorough. Everything went according to plan, with no issues.

The whole initial setup was done by the partner and our role was more oversight to see that everything was okay and to give the information that was needed to proceed.

The pricing in this category is a jungle, but Check Point was very competitive. They were very forthcoming and agile for our budget needs.

I have checked a few other vendors and solutions but, in the end, Check Point is the best candidate for our organization. That's true technology-wise and because of the support. Because Check Point is an Israeli company, it's very easy to get help very fast. We speak the same language and that helps as well. Doing support in Hebrew is very helpful for us. 

Other vendors were either more expensive or, to get some of the features, we would have had to upgrade to a bigger, stronger, and more expensive machine. But with Check Point, that wasn't the case.

Check this solution and see how it fits with your organization. See how easily you can manage and control the environment. The visibility and the management provided by the product is one of the most important things, other than the security features that the product has. And check the sizing carefully. Check that the machines you're going to buy are sufficient for your current needs and the future needs of your organization.

Check Point is a very good solution. My primary use case is as a perimeter firewall. I never use Check Point's IPS. I always work with another IPS, in a different appliance. I always use the firewall modem as a firewall.

We have good support from Check Point. They always send us information about new products, new technologies, and new attacks worldwide. We are looking for endpoint protection and Check Point is one of the brands that could provide that technology to us.

The most valuable feature of Check Point is the management console. Another feature that is most valuable for me is that the configuration is easier than other firewalls.

I would like for them to develop the ability to manage a cloud firewall with the same console. That would be very helpful.

Another thing I would like to see improved is that when I start policies in Check Point's console, it takes a few minutes. It could be better and faster.

We never had an outage of the appliances or the consoles. Stability is very strong. I never had a problem related to stability.

Scalability is good. Since four years ago, we have been increasing the number of users and the traffic. The solution is working well and working with our progress.

I always work with a partner so the partner is in contact with Check Point. Their response is very fast. In all of the cases, it's very fast.

We switched because it is a good product and because of the cloud support. We are moving to the cloud step by step and the cloud support is important. If another company has better cloud support it may be a factor that would influence my company to switch to another solution. 

Important criteria that we look at when choosing a solution is the local experience and the local support. That it is very important. 

I wasn't there for the initial setup but from what I heard, it was straightforward. 

We looked at Cisco vs Fortinet. We chose Check Point because of the cost benefit that this product offers.

I would rate this solution an eight. It's a good solution. The management is easy. The console is very practical but in order to be a ten, it should be faster.

I would advise someone considering this or a similar solution to prove the solution before choosing the final vendor. Prove that it will be very helpful for you.

I use Check Point NGFW in my role as an Information Technology Security Engineer. We have implemented it for our customers and use it ourselves.

Fortinet is easier to set up due to its understandable interface and ability to connect to the CLI directly from the web interface without needing an external SSH client.

Check Point NGFW should improve its user interface to make it more user-friendly and intuitive. Additionally, the issue with link selection on VPNs needs to be addressed.

I have been familiar with Check Point NGFW for around two years.

Overall, I am satisfied with the stability of Check Point NGFW.

I am satisfied with the scalability of Check Point NGFW.

We have an engineer who is certified to work with Check Point, and I am satisfied with their technical support.

We have an engineer who is certified to work with Check Point.

I am not dealing with the pricing of Check Point products since I am a technician, not a seller or buyer.

I proposed Check Point, Fortinet, and Juniper to our customers. Fortinet is popular for its ease of use and cost-effectiveness.

I would recommend Check Point NGFW even if the customer doesn't have a Check Point infrastructure.

I'd rate the solution nine out of the ten.

The primary use case is to enhance security by safeguarding the internet connection for both servers and users.

Its greatest asset lies in its user-friendly interface, making it exceptionally suitable and reliable for managing gateways.

When it comes to Check Point's small business gateway series, there might be a need for hardware upgrades, as configuring them can sometimes be a bit challenging.

I have been working with it for two years.

I would rate its stability capabilities eight out of ten.

I would rate its scalability abilities eight out of ten.

Seeking solutions from them can be quite challenging and often takes a while, which then impacts our workload. I would rate it seven out of ten.

Neutral

I have some experience with Juniper, WatchGuard, Cisco, and Fortinet.

The initial setup is relatively complex.

Deployment duration varies based on the customer's specific conditions. On average, an installation might take around twenty minutes.

The best solutions tend to come with a higher price tag. If something is inexpensive, it often implies a compromise in quality. The solution is indeed costly. I would rate it eight out of ten.

Overall, I would rate it eight out of ten.

This is a very good application to be able to provide security to our infrastructure in Microsoft Azure. The provisioning through the Azure templates was very good. It is exactly the same security application of Check Point gateways as the one on-premises.

Now we can use the tool to provide granular security between subnets or generate VPNs against other offices, all with the great security that the manufacturer provides us.

The application control provided by the gateways is also very good for our objectives, which were to block some general access applications or categories that are prohibited by the business.

This security tool helps us a lot in the public cloud environment. We can provide perimeter security in the environment now.

We have been able to implement server policies, DMZ subnets, and updates, among others, that are not available for all VNETs, subnets, or servers, and with this, we have greater control.

Additionally, we have created new VPNs against some offices, which are monitored, encrypted traffic, and find it really easy to provide the required service.

Finally, we have created nets for public access to the infrastructure. It has really helped us a lot.

The most important features of this application are:

1- An easy implementation at the virtual level. This helps us to be able to have security in the cloud.

2- The monitor and records are shown from the security management environment, where we can validate many events that happen over time to improve security through the dashboard.

3- There is modern protection against current threats. All new Check Point protection features are included and ready to provide more protection.

4- The licensing includes management service.

The documentation could be better. Sometimes they do not update their manuals effectively. Not everything is the same, and it generates some problems in the implementations.

There's an issue with licensing provisioning within the Check Point NGFW Gateway. It is really difficult to place the licenses correctly, generating additional work or limiting the solution due to poor provisioning.

I would like them to improve the response speed of technical support.

We have used the Check Point Next Generation Firewalls for the last four years.

Four years ago, we had not used an NGFW in Azure. We used the basic security until we could meet and receive support from a Check Point partner.

The best option is to have a partner to support you with quotes, features, and other valuable details. They can guide you via details that Check Point currently does not provide publicly, to make good decisions.

We always evaluate the options. We take into account Check Point, Palo Alto, Cisco, and Fortinet.

The benefits provided by Check Point turned out better than what we requested, which is why this was our first choice.

This is a very good security application, both physically and as a virtual appliance.

I am using Check Point NGFW in an internet-facing manner thanks to the advanced features and security, like the SAM database.

If anyone wants to use the firewall as internet facing, then Check Point NGFW is the best option.

Our organization gets many attacks on our server, so we have installed Check Point firewall for internet-facing scenarios,

The SAM database and advanced blade are the most valuable aspects of the product.

The Check Point architecture and packet are very good.

We need further protection from future critical cyber attacks, as cyber-attacks are growing day by day, and every day new attack is happening in the real world.

There is a huge amount of revenue lost in the financial/banking sector due to cyber attacks, so we need to have something that can highly concentrate on future cyber attacks.

Check Point should release some new technology that no vendor has ever done before.

Check Point NGFW helps me as a network security engineer as it is easy to troubleshoot the issue and also its easy to clear all vulnerabilities in Check Point after upgrading.

I have been using this solution for five years.

The stability is good. 

The scalability is good.

They are awesome. They offer a high level of support.

Positive

I have used Cisco, however, due to multiple vulnerabilities, I have switched to Check Point.

The initial setup is straightforward.

The ROI is good. 

They offer good quality, therefore, the pricing doesn’t matter.

I have compared many vendors, including Sophos and Fortinet.