Check Point NGFW Reviews

Our branch offices and customer sites require Internet access for the on-site staff and remote access capabilities for after-hours and remote support.

The Check Point firewalls allow us to provide site-to-site VPN, client VPN, web/app filtering, and IPS functionalities.

Client VPN is leveraged by site staff due to the majority of our sites requiring 24-hour support and also allows centralized teams to remotely assist with multiple sites globally.

We also use these at locations to provide security when our stand-alone network requires connectivity to the customer's network.

Check Point's solution is both affordable and easy to manage for the small business applications that we utilize them for. Due to the great pricing and support, we can afford to deploy the firewalls in a high-availability solution providing greater uptime and less worry. 

The price point of their equipment also means that we can often purchase a more robust solution compared to some competitors and Check Point's inclusion of more advanced features, such as IPS, by default, is a great selling point.

We greatly appreciate the ease of configuring firewall policy ACL rules and how the seamless integration with VPN users and user groups provides the ability to granularly restrict access. The uncomplicated configuration ensures that mistakes are avoided and rules are easily audited.

Having the ability to set an expiration date for remote access VPN users simplifies the process and increases security by ensuring that stale accounts and not forgotten.

In general, we find that CheckPoint offers a great balance between ease of use and configurability.

The one thing I have been continually asking for is a more robust certification process including self-paced study material similar to Cisco's Security certification track. Not everyone can afford the time and money to attend the official in-person classes offered by Check Point. Even if someone was not interested in fully pursuing a certification, offering certification guides is often a method that IT professionals follow in order to learn about a specific topic and keep for reference.

An area that I sometimes find lacking is the information provided by the system when performing troubleshooting issues such as site-to-site VPN tunnels. The logs provide general information regarding what is happening but often, it leaves you wanting additional details. This also ties back into the lack of training and knowledge required to utilize the more advanced features of the command line.

We have been using Check Point NGFW for more than five years.

We have never had a device or software failure in the more than five years that we have been using Check Point devices. To date, we are extremely happy with the performance.

The few times that we required customer service, they have been extremely helpful and knowledgeable. I would rate them on par with the other top-tier companies.

We previously utilized Cisco firewalls but the cost structure of the hardware, licensing, and support became prohibitive. Check Point offered a more robust solution at an affordable price point.

The initial setup was extremely quick and easy, and the deployment time for a new site is often under a day.  

The price point and licensing was the main factor in moving away from Cisco and migrating all of our sites to Check Point. They offered more features for a lower cost than competitors, and the licensing model was easy to understand.

We evaluated NGFWs from Cisco, Palo Alto, and Fortinet in addition to the Check Point.

My company had the need to replace the existing firewall cluster of our data center, due to the end of support and end of life of the model. The choice of our next firewall depended on the following:

1) Ease of use

2) Ease of deployment

3)Centralized Management

4) Remote Access VPN Support

5) Strong Forums and Community

6) Strong Technical Support in case of any failure

7) Training of administrators via vendor certifications

8) Reporting capabilities for capacity planning

We have many site-to-site VPNs with our partners; they access our platform via site-to-site VPNs, remote access VPNs, and the internet.

With the outstanding capabilities of Check Point, we managed to have stable site-to-site VPNs with all our partners and with every other vendor's devices. The remote access capabilities and features are considered very strong, since the settings are excessive, and focused on each customer's need. 

The IPS engine and all threat prevention features are considered stable. Central management of every firewall spread all over the world is achieved by setting up an SMS server, which makes our lives easier.

SMS server is considered very valuable, as Central management of every firewall spread all over the world is achieved by setting it up.

Remote Access VPN is used by our company for work-from-home purposes of our employees and for partners that need to access our resources.

Reporting of network interface traffic is very valuable since capacity planning for the next quarter or year takes place, and provides us with valid data.

Firewall access rules contain the negative choice.

IPS engine protects our infrastructure from malicious events.

NAT counters, ACL Counters.

Monitoring of the site-to-site VPNs and administration of the site-to-site VPNs (bring tunnel down, bring tunnel up) should be improved, as this will make the troubleshooting process easier, if something goes wrong, in order to understand which side has the issue.

As a company, we have the need to pass traffic from one site to site VPN to another, and this is not achieved directly via ACL policies; we need to create another VS environment in order to achieve it.

SmartEvent Settings and Policy GUI, and the rest of external apps should be improved.

I've used the solution for three years.

The device is being used for perimeter security devices across multiple clients across sites. Check Point has not only improved our organization - it also has given us holistic perimeter and endpoint security protection throughout the enterprise.  

Our sites across the globe have Check Point perimeter protection.

Pros include:

• Internal Network Protection from outside network
• VPN connectivity for secure data transmission across multiple vendors
• File download antivirus security
• URL Filtering
• Application filtering
• Malicious domains blocking

The solution has helped out organization stay safe with its depth application filter, URL filtering, and SSL inspection. It's mitigated a significant amount of risk for corporate users as well as to host services at our terminal that need access from the internet. By far, it's the best security solution one can adopt for their organization. 

It's:

• Reduced attacks on DMZ servers
• Blocked access of malicious destinations hit by internal users
• Complete visibility about what is going and what is coming via internet
• Check Point is the industry’s unified cybersecurity architecture that protects businesses against sophisticated 5th generation cyber-attacks.
• Having multiple checkpoint products under the same roof provides consolidated security.
• Ultimately saving cost by having better centralized solution

The solution has a lot of valuable aspects, including:

• IPS & IDS
• Sandbox (Threat Emulation & Extraction)
• Ease of management
• Reports for analysis
• Better technical support
• Stateful inspection
• Application-aware boxes
• Threat detection capabilities
• Hyperscaling

Data loss prevention, compliance, threat emulation, and other blades overall make this a robustly unified platform for the implementation and management of security controls.

Since it is Layer 7, we are able to get down to the application level and block certain applications from even running.

Since it has an IPS in place, we are able to see possible attacks that have been prevented by the firewall.

The perimeter antivirus can be improved. It's not as good as other leaders.

Additional features that could be good to have/improved include:

• Modular capabilities 
• Integration with VMware and NSX products per client requirement
• 3rd Party support product is very limited 

The solution can integrate with other vendors to form IPsec connectivity with redundancy - which is only possible now between the CP to CP FW only.

The licensing part is a bit tricky. The product can simplify this further for ease of use.

They need to work on log size optimization.

Antivirus signatures should be updated in real-time.

We've used the solution for the last eight years.

The stability is very good.

The scalability is very good.

Technical support has been great.

Positive

We did not use a different solution previously.

The initial setup is straightforward. 

We had a vendor assist us.

We haven't used other products.

We also looked at FortiGate and Palo Alto.

Currently, I'm working as a Lead Security Architect in the healthcare industry. We have two data centers, multiple branch offices, multiple cloud subscriptions, and over 200 employees. Our operation is mission-critical and requires it to be up and running 24/7. We need to protect multiple applications that are developed in-house, sensitive data including PHI, Financial, intellectual property, et cetera.

Check Point NGFW and its security modules have been our security solution for the past six years to protect all of our assets, including our cloud subscriptions.

Check Point Next Generation Firewalls are key components in protecting our assets and information. Their security modules are very easy to use and understand. Also, it's one of the most user-friendly interfaces I’ve had the opportunity to use and I’ve had the chance to work with more than four firewall solutions.

Their reporting and logs modules are amazing. It provides a level of detail and visibility that we haven't had before. It’s useful to understand what is happening on our network and has been very successful in blocking attacks and providing options for executive summaries. 

Being able to manage all the security gateways for our multiple sites in a single management console and share policies has been very beneficial.

The Remote Access VPN has been crucial to us, especially during this pandemic. We had to be on lockdown for a couple of months and being able to deploy a remote workforce with Check Point VPN was a crucial part of our business continuity strategy.

The logs and reporting are very easy to use and manage. Also, the IPS and IDS are critical components to keeping our network secure. They are very easy to configure and there are multiple templates that can be used out of the box that provides maximum protection to our network.

The support offers the best services I have experienced. It's better than any other IT vendor.

Check Point Firewalls haven't failed me during the past six years that I have been using them. 

If I had to mention anything that I would like to see some improvement on, it’s on the internet load balancing options. Internet load balancing provides either active/passive or active/active load balancing, however, I would like to see more options that provide SD-WAN capabilities while also allowing for more than two links. I know this can be performed with other network devices, however, adding the option as part of the NGFW would be awesome.

I have been using Check Point for 6 years now.

I've never had a single issue on any of my security gateways.

I haven't had the opportunity to scale, however, I have seen many demos of maestro architecture, and it looks awesome.

As I mentioned before, Check Point support is one of the best services from any IT vendor I have experienced. They answer very quickly and also provide solutions most of the time within the first call.

I have used multiple solutions in the past. We migrated from Cisco ASA to Check Point six years ago and have never looked back. Our old ASA required additional hardware components for additional security services.

The product is very easy to set up.

The implementation was performed by a vendor team in combination with our in-house security team.

My peace of mind is the ROI.

Check Point is not the cheapest firewall solution, but you get what you pay for. It's super reliable and their service is great.

I had the opportunity to review Palo Alto and Fortinet.

I'd advise other users to give it a try.

My solution is based on an on-site architecture. I currently manage a Check Point Next-Generation Firewall for my more than 400 sites such as perimeter and DMZ. For the sites with a perimeter to the internet, I have them in a high availability scheme with balancing internet services. In the case of DMZ, they allow me to control incoming and outgoing traffic through policies based on Identity awareness. I use the application control blade to allow RDP access to the specific servers needed by administrators.

In the beginning, my organization did not have a security scheme, which caused a latent security risk. My internet services were never enough due to the high traffic used towards social networks and entertainment sites. With my Next-Generation Firewall, I have managed to reduce the cost of my links since now we use them appropriately in the resources and tasks that are necessary. 

For the lateral movements, previously all of my users had access to server networks and communication could cause lateral movement of viruses and ransomware. Now, I have the perimeter towards the internet protected and I am protected against unauthorized access.

What gives me the most value is undoubtedly the security that the anti-bot and anti-virus blades provide. With the automatic updates of signatures, I am always protected against new threats. The identity awareness blade helps me to have better control and organization over unauthorized access of my users onto exclusion sites such as social networks. In the DMZ it allows me to control administrators with access to highly important networks such as servers, developments, etc.

Of the areas of improvement that I want to see in this product, without a doubt, one is the technical support. In this time of globalization, with so many cyberattacks and risks, the Check Point support staff take a long time to attend to incidents due to the high demand. 

Another change that I would like to see is the ability to be able to test the policies before launching a change. It is somewhat annoying to apply a change and then notice that, after a while, the message appears that the installation of policies has failed, either due to some duplicate rule, some duplicate port, duplicate service or IP, et cetera.

I've been using the solution for 5 years.

It really is a very stable and reliable brand.

it is better when using an open server solution since some teams are limited to growth.

The support service can improve the attention to clients as well as the escalation times.

I did not previously use a different solution. I've just used Check Point.

The installation is really simple and easy to manage.

We also previously looked at Meraki, Fortigate, and Palo Alto as options. 

We are mainly using it for policy installation and access purposes. We have a bank project where we are using mobile access, Antivirus, and IPS. These are all are configured on the Check Point Firewall, where we are using it on a daily basis. 

I have worked on the following firewall series and models:

• 15000
• 23900
• 41000 
• 44000. 

I have worked on the following versions:

• R77.30
• R80.10
• R80.20. 

I am currently working on the R80.20 version and the hardware version is from the 23000 series.

We installed this firewall in our organization one year ago, and it is completely fine. There are other deployment also going on for other customers. Most of those deployments are handled by our project teams. 

What I like most about Check Point Firewall is that it is easy to use. 

The most valuable feature is the IPS. For our bank project, we are using it as an external firewall. All the traffic is going through the Check Point Firewall. Then, using the IPS, we can easily identify if there is any malicious activity or anything else. We also have to update signatures on a regular basis.

We are facing some problems with the management on our Check Point Management Server. There are some issues with R80.20, so Check Point suggested to upgrade. However, we are in lockdown, so we will upgrade after the lockdown. We are coordinating this issue with the Check Point guys. After upgrading, I think these issues will get resolved.

For R80.10 and above, if you want to install a hotfix, then you can't install it through the GUI. I don't know why. In the earlier days, I was able to do the installation of hotfixes through the GUI. Now, Check Point said that you have to install hotfixes through the CLI. If that issue could be resolved, then it would be great because the GUI is more handy than the CLI.

Two and a half years.

They are completely stable. I haven't faced any issue with stability. 

There are no issues with scalability.

In Hitachi Systems in Mumbai, there are around 10 to 12 clients who are using Check Point Firewall. There are around 40 network security engineers who support Check Point Firewall in our organization for the Mumbai location, and there are multiple locations.

The technical support is very good. The Check Point guys are very humble and quick. They are always ready to support us if we call them.

I have done four to five initial setups and configurations of firewalls, which have been completely fine and proper. There are no improvements needed.

For one firewall, it will take around two and a half hours to configure the interface and everything else. For the deployment of one firewall, it will take around two and a half hours. If you want to make any clusters, then it is around five to six hours. 

We support companies locally and remotely. Since the lockdown, we have been supporting companies only in a remote fashion.

We have to first make a plan of action, then verify that it meets Check Point's requirements. Then, we will raise a case with the Check Point desk. We verify with them if there are any changes that they need us to do. After that, we will go for deployment. Check Point engineering will also help if there are issues with the deployment.

They have made domain improvements to SmartConsole. If you check older versions, such as R77.30, you have to open a separate, smart tracker to view logs. However, in R80.10 and above, you can view logs in SmartConsole. You don't have to open another smart tracker to view logs. That is the improvement Check Point has done which makes it better because it is much easier to find logs. This saves time, approximately 40 to 50 a day in one shift.

For the firewall, there is a limitation on the license. We are facing some problems with mobile access. We have a license for 450 licenses of VPN users. We would like Check Point to have more than that, e.g., if the organization gets bigger and there are more users, then that will be a problem.

I have done licensing and contracts for multiple firewalls. The license and contract configuration is completely fine, but if it is possible to make them cost a bit less, then this would be better.

Palo Alto is a zone-based firewall and Check Point is an interface-based firewall. With Palo Alto, we are using Panorama to install policy, and in Check Point, we are using their Management Server to install policy. The Palo Alto Panorama console has more options than Check Point.

On the Check Point Firewall, you can install policy. With the Palo Alto firewall, you can install policy on multiple gateways. You cannot install policy on multiple gateways with the Check Point Firewall.

If you are making a plan of action for the installation of firewalls, clarify with the Check Point tech engineers that all is proper and good. We always arrange a Check Point standby engineer for this activity, because if anything goes wrong, then they can help on the call.

I would rate this solution as an eight out of 10.

We are a large University with more than 1000 employees across seven faculties and growing. Student population is more than 15,000 in-house and 30,000 external. The University of Kelaniya Sri Lanka primarily uses the Check Point 4800 device to protect users and servers. The product also enables the VPN with advanced security policies inside our network. This gives us a better security posture. Valuable features include a good VPN, IPsec, and SSL. We use Check Point 4800 as a perimeter firewall and our internet bandwidth expanded to 1Gbps.

We use it mainly for security and content control. Earlier, we could not block BitTorrent and other high bandwidth downloads from our firewall. After introducing this NGFW, we have improved our security posture, and now, have peace of mind. 

The most valuable feature is the IPsec VPN. The application and content filtering is perfect for our university. This device gives us alerts and reports on a daily and weekly basis. It gives us the opportunity to know what is going on. The Smart Dashboard and other user interfaces are very easy to use and can be handled without any significant IT skills. It allows for easy policy management.

The Check Point Capsule VPN is a great feature. It connects to our university in a few seconds.

It's easy to handle and manage. No need for significant IT skills to manage this solution.

Check Point Smart Dashboard does not support my Apple MacBook Air. It only supports Windows versions. Checkpoint does not support captive portal in IPv6. We had a big issue. Not solved yet by Checkpoint experts.

Check Point is a stable product.

No issues with scalability. 

We used Cisco ASA 5510 as our perimeter firewall before purchasing this NGFW. It only had firewall features. We switched because we were looking for a strong gateway level security with attributes like antivirus, anti-spam, IPS, web content filtering, application control, and secure wireless access points.

The initial setup was straightforward.

A vendor team implemented this. They gave us in-house training for our staff. They are experts in Check Point and taught us well.

It has a great ROI. 

Pricing is negotiable and competitive.

We selected the following brands and models by going through different reviews:

• SonicWall 9200
• Sophos XG 750
• Fortinet FortiGate 1500D
  
• Check Point 15400

We requested that the vendors do a PoC. Check Point, SonicWall, Sophos and Fortinet agreed to run one. Finally, we chose Check Point.

We are in the higher education sector in Sri Lanka. We produce graduates to our country and other countries.

The primary use case of many organizations is to protect their environments from outside cyber threats across multiple layers of infrastructure. For example:

1. At a perimeter level, it protects the network at the parameter; many organizations use this firewall.

2. It provides scalability and seamless traffic flow in a network. 

3. It has all-in-one next-generation features, so many organizations save money using this firewall.

Check Point NGFW helps in many ways, including:

1. Using the application filter feature, I can block all the unwanted applications which are not used in the organization. Due to this, less bandwidth is used in the network. This leads to a cost cut in the ISP bill. 

2. With the help of URL filtering, I can block very easily. If this is not blocked, users may surf malicious websites or download malicious files.                             

3. Evaluation licensing helps us to conduct POCs and explain all features to customers. 

I love the application filter, as the user cannot access any applications that are not relevant to them. This reduces the likelihood that someone may access an application that contains a malicious link or file that the user may download, which in turn reduces ransomware attacks and DDoS attacks.

They just need to improve the technical support and professional services in India. We have received many complaints about them from clients and also face the same issue ourselves. 

For the past one and half years I have been using Check Point Firewall for security.

We have a good impression of stability. 

The performance is very good; there is no issue with performance.

I've only deployed Check Point Firewalls and have used other older Check Point devices that reached EoL.

The initial set up is simple. Users just need to run the wizard to set up, and they are done.

I deployed the solution for many customers in the banking sector.

Costing and licensing are high as compared to other OEMs.

I mostly work on Check Point; others which I have evaluated include Cisco and Fortigate.