Try our new research platform with insights from 80,000+ expert users
reviewer1670154 - PeerSpot reviewer
Firewall Engineer at a logistics company with 1,001-5,000 employees
User
Scalable, stable, and configurable
Pros and Cons
  • "Check Point helps a lot with automatization which definitely reduces the effort to maintain the environment."
  • "The policy installation length is still too long. It was promised that the time would be severely reduced in newer versions, but it is still too long."

What is our primary use case?

We use Check Point Gateways for securing our data centers including DMZ networks as well as gateways for our branch offices around the world. They are connected via MPLS, internet, or site-to-site VPNs depending on the branch connectivity.

A minimum standard for the whole environment is the NGFW. Firewall rules according to our security policy. VPN for site-to-site tunnels to our own gateways or to partners and customers. IPS is set primarily to prevent, and for some signatures to detect. 

Application Control is still in the early stages.

How has it helped my organization?

Firewalling is one of Check Point's core business attributes, and it just works.

Creating site-to-site VPNs between Check Point Gateways that are within the same management is unbelievably easy. If you create VPNs for 3rd parties and there are mismatches or issues, you will see logs that help pinpoint issues or misconfiguration.

Application control help with identifying applications and therefore makes firewall rules easier since changing ports don't have to be adapted every time an application changes or updates.

What is most valuable?

Generally speaking, all features are well documented and the two platforms help with configuration. Documentation and knowledgebase articles in the user center as well as user recommendation within the forums are great. The Admin Guides are really well documented, but it's a lot to read.

Check Point helps a lot with automatization which definitely reduces the effort to maintain the environment. The best example would be the CDT tool which helps with decreasing the amount of time for upgrading whole environments.

What needs improvement?

The policy installation length is still too long. It was promised that the time would be severely reduced in newer versions, but it is still too long. R81 promises at least parallel policy installations, which help in larger environments.

Check Point's advantage (to be able to configure everything) is also a disadvantage. The environment is quite complex. Troubleshooting is not always easy as there are a lot of possible debugs that can be taken, and the support will not always send the right or necessary debugs. Some debugs also can cause a heavy load, so you have to keep an eye on what you troubleshoot.

Buyer's Guide
Check Point NGFW
March 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.

For how long have I used the solution?

Our company has used Check Point for well over 10 years.

What do I think about the stability of the solution?

If it's running, it's stable. New setups have to be tested though.

What do I think about the scalability of the solution?

The solution can be scaled from very small branch offices to huge data centers or even cloud data centers.

How are customer service and support?

Support depends on how well you describe the issue and send information. Sometimes escalation is necessary.

How was the initial setup?

The more features (blades) are turned on, the more complex the environment becomes. If something goes wrong, you have to rule out several issues (hardware, blades, et cetera).

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Vinay-Singh - PeerSpot reviewer
Manager IT & Security at mCarbon Tech Innovations Pvt., Ltd.
Real User
Scalable, easy to install, and quick to deploy
Pros and Cons
  • "It's quite a stable solution."
  • "The pricing could always be more competitive."

What is our primary use case?

As a next-generation firewall, this product is capable of handling all kinds of threats that might try to attack the network, including events such as DDoS attacks. 

How has it helped my organization?

The compliance part of the product has been very useful to our organization. There are many useful reports from this firewall device. For example, it can tell us how much of our network has compliance with the guidelines that are in place.

What is most valuable?

The product is very easy to use.

It's quite a stable solution.

The scalability is very good.

The solution is easy to install and deploy.

What needs improvement?

The product could always be even more stable and secure, as it would improve protection.

As we aren't using the very latest iteration, it's hard to say which features are lacking, as some might have been added in the latest releases we haven't yet migrated over to.

The pricing could always be more competitive.

Technical support needs to be more helpful.

For how long have I used the solution?

I've been using the solution for the last six months or so. It's been less than a year, and therefore, it hasn't been that long. 

What do I think about the stability of the solution?

The stability is good. There are no bugs and glitches. It doesn't crash or freeze. It's reliable. 

What do I think about the scalability of the solution?

The solution offers good scalability. If a company needs to expand it, it can do so. It's not hard.

We have 50 users on the solution right now.

How are customer service and technical support?

I would say that technical support could be better. We also use Cisco, and, in comparison, Cisco's support is way better in terms of how helpful and responsive they are. We aren't as satisfied with Check Point. They need to be faster, friendlier, and much more knowledgeable. 

Which solution did I use previously and why did I switch?

Right now I am using Check Point and Cisco ASA.

How was the initial setup?

The initial setup is not overly complex or difficult. It's pretty straightforward.

The deployment doesn't take long either. It's a fast process.

You only really need two people for deployment and maintenance for most setups.

What about the implementation team?

I handled the implementation myself. I did not need the assistance of an integrator or consultant. 

What's my experience with pricing, setup cost, and licensing?

The solution could work to make the pricing a bit lower. It's similar in cost to Palo Alto, however, if it was lower, it would make them more competitive. 

What other advice do I have?

We are a customer and an end-user. We don't have a business relationship with Check Point. 

We are not using the latest version of the solution, however, I cannot speak to the actual version number. We might be a version or two behind the latest update.

I'd rate the solution at an eight out of ten. We've largely been quite pleased with its capabilities.

I would recommend the solution to other users and companies. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point NGFW
March 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.
Daphne - PeerSpot reviewer
Project Manager at Junta de Andalucia
Real User
Good VPN and deep packet inspection capabilities, helpful reporting
Pros and Cons
  • "The most valuable feature is the powerful, deep packet inspection engine."
  • "There should be better integration with our current NAC solution to increase the granularity of policies that we implement."

What is our primary use case?

Our primary use case is to secure the perimeter and users in our network.

We use IPS/IDS, deep packet inspection, and VPN.

How has it helped my organization?

Our network performance and safety have improved. The reporting also gives us more information about our network, including cost and risk reduction.

This solution helps to keep our network safe and secure, protecting our investment.

What is most valuable?

The most valuable feature is the powerful, deep packet inspection engine.

The management console and diagnostic tools are powerful and we are happy with them.

The reporting is detailed and helpful.

What needs improvement?

There should be better integration with our current NAC solution to increase the granularity of policies that we implement.

For how long have I used the solution?

We have been using the Check Point NGFW for two years.

What other advice do I have?

Overall, this is a very complete tool.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1489602 - PeerSpot reviewer
Network Security Assurance Specialist at Visa Inc.
Real User
Easy to configure, facilitates security compliance, and provides good visibility
Pros and Cons
  • "I think the VSX has been the most valuable feature for us."
  • "Debugging could be improved when compared to the competition."

What is our primary use case?

The main use case is Firewall provisioning and integration with Tufin and Skybox. Also, we focus on firewall compliance, rule review, VPN configuration, and network troubleshooting.

How has it helped my organization?

Working for one of the largest companies, I found that using Check Point has made firewall provisioning very easy for us, and integration with the above-mentioned tools has eased the process of PCI audit, security compliance, and rule recertification.

What is most valuable?

I think the VSX has been the most valuable feature for us. We use it for tunnel management, which is great. The configuration has been quite straightforward.

What needs improvement?

Debugging could be improved when compared to the competition.

I think the product release lifecycle should be improved.                                                       

For how long have I used the solution?

We have been using Check Point NGFW for almost eight years.

Which solution did I use previously and why did I switch?

Previously, we used Cisco ASA. We switched because of the fact that Check Point offers more stability and visibility into the firewalls. Management is easier, especially using the GUI version.

What's my experience with pricing, setup cost, and licensing?

I think that the pricing is different for every organization.

Which other solutions did I evaluate?

We did evaluate Juniper, as well.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network and IT Security Admin at DP World Callao
Real User
The configuration is easier than other firewalls and we have good support
Pros and Cons
  • "We never had an outage of the appliances or the consoles. Stability is very strong. I never had a problem related to stability."
  • "I would like for them to develop the ability to manage a cloud firewall with the same console. That would be very helpful."

What is our primary use case?

Check Point is a very good solution. My primary use case is as a perimeter firewall. I never use Check Point's IPS. I always work with another IPS, in a different appliance. I always use the firewall modem as a firewall.

How has it helped my organization?

We have good support from Check Point. They always send us information about new products, new technologies, and new attacks worldwide. We are looking for endpoint protection and Check Point is one of the brands that could provide that technology to us.

What is most valuable?

The most valuable feature of Check Point is the management console. Another feature that is most valuable for me is that the configuration is easier than other firewalls.

What needs improvement?

I would like for them to develop the ability to manage a cloud firewall with the same console. That would be very helpful.

Another thing I would like to see improved is that when I start policies in Check Point's console, it takes a few minutes. It could be better and faster.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

We never had an outage of the appliances or the consoles. Stability is very strong. I never had a problem related to stability.

What do I think about the scalability of the solution?

Scalability is good. Since four years ago, we have been increasing the number of users and the traffic. The solution is working well and working with our progress.

How are customer service and technical support?

I always work with a partner so the partner is in contact with Check Point. Their response is very fast. In all of the cases, it's very fast.

Which solution did I use previously and why did I switch?

We switched because it is a good product and because of the cloud support. We are moving to the cloud step by step and the cloud support is important. If another company has better cloud support it may be a factor that would influence my company to switch to another solution. 

Important criteria that we look at when choosing a solution is the local experience and the local support. That it is very important. 

How was the initial setup?

I wasn't there for the initial setup but from what I heard, it was straightforward. 

Which other solutions did I evaluate?

We looked at Cisco vs Fortinet. We chose Check Point because of the cost benefit that this product offers.

What other advice do I have?

I would rate this solution an eight. It's a good solution. The management is easy. The console is very practical but in order to be a ten, it should be faster.

I would advise someone considering this or a similar solution to prove the solution before choosing the final vendor. Prove that it will be very helpful for you.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Business Development Manager - Security at a computer software company with 201-500 employees
Real User
Excellent security solution that could be more user-friendly
Pros and Cons
  • "Check Point offers excellent security."
  • "Check Point is a bit difficult to use and manage so it would be nice to see some improvement in those areas."

What is most valuable?

Check Point offers excellent security.

What needs improvement?

Check Point is a bit difficult to use and manage so it would be nice to see some improvement in those areas.

What do I think about the stability of the solution?

This is a stable solution.

What do I think about the scalability of the solution?

This is a scalable solution. We have about twenty customers that are using the solution currently.

How are customer service and support?

I have not needed to contact support.

How was the initial setup?

The initial setup was a bit complex only because there are no vendors to help with the installation requiring you to need to be trained.

Which other solutions did I evaluate?

Other competitors would be Fortinet and Palo Alto.

Check Point is more complex than Fortinet and less complicated than Palo Alto.

What other advice do I have?

I would recommend this solution to anyone with an eye for security and would rate it a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
IT Consultant/Engineer at a computer software company with 11-50 employees
User
Great scalability with an updated management console and convenient implementation
Pros and Cons
  • "We found a very successful implementation of the virtual private network client, since, for some time now, everyone has been working from home."
  • "You need to merge all the old consoles into one new one and make the interface more convenient for the novice administrator."

What is our primary use case?

Our organization implements, maintains, and operates Check Point's firewall. 

Check Point solutions were implemented by our organization in accordance with the project documentation and further adjusted at the request of the customer. 

We ourselves also use a Check Point firewall in conjunction with a firewall from another vendor - both to protect our network perimeter and to test various functions and new emerging firewall capabilities and identify various bugs before they reach customers in the product environment.

How has it helped my organization?

We and our customers use almost the entire palette of capabilities of the firewall solution from Check Point. We use almost every feature, from anti-spoofing and network segmentation to URL filtering and intrusion prevention systems. We also willingly use virtual private networks from Check Point, both site to site and client to site. We also leverage the antivirus blade and anti-DDoS attacks. Some of our customers use Check Point capabilities for mobile devices, which are also successfully implemented in the firewall.

What is most valuable?

We found a very successful implementation of the virtual private network client, since, for some time now, everyone has been working from home. With the firewall from Check Point, this function is implemented very conveniently and securely. 

A convenient new version of the firewall management console, which, starting with the R80 version, has become standard for many Check Point blades, however, unfortunately, not for all. You still need to use older consoles to manage some features. For example, to access the monitoring blade, I need the old console, but the new console should start it.

What needs improvement?

You need to merge all the old consoles into one new one and make the interface more convenient for the novice administrator. Until now, the initial settings as well as subsequent changes to the "iron" part of the firewall, namely its interfaces, routing, or DCCP settings, you must use the web interface through a browser. This is inconvenient. Of course, you can use the command-line for these purposes, however, this also complicates the configuration process for the administrator and requires a well-known habit.

For how long have I used the solution?

I've used the solution for six years.

What do I think about the stability of the solution?

There is room for improvement in terms of stability.

What do I think about the scalability of the solution?

The scalability is great.

How are customer service and support?

Technical support could sometimes be better.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I have used and still use solutions from Sophos, however, in Check Point, some functions are implemented more conveniently. For example, work with logs.

How was the initial setup?

Before installing, I recommend to go through the training.

What about the implementation team?

I handled the implementation myself.

What was our ROI?

The ROI is good.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1721643 - PeerSpot reviewer
Security Engineer at Netpoleons
User
Good packet filtering and proxy firewalls with an excellent intrusion prevention system
Pros and Cons
  • "One of the solution's best features include a packet-filtering firewall that examines packets in isolation."
  • "One of the main features that need improvement is the rule filter export."

What is our primary use case?

What can you do about threats that get past simple packet inspection by a regular firewall? You could have a layer 3 firewall inspect the protocol and block known threats from certain URLs, however, what if it comes from a URL that has not been reported and is a socially engineered exploit designed to hijack your data? This is where a Layer 7 firewall will be able to inspect the application, known as payload inspection.

While this is possible to do with a Layer 3 firewall, it can be difficult due to the number of protocol messages in Layer 7. You would need to create a signature for each application you wanted to protect; however, network signatures tend to block legitimate data and increase your MTTR (mean time to resolve an issue).

Plus, having these signatures makes it hard to manage and keep up with by the IT staff. Relying on the power of AI and the cloud in order to leverage the Layer 7 firewall is key. The advantage of Layer 7 is its protocol awareness, which allows it to differentiate between different network traffic (application knowledge) and not just packets or flows that identify ports and IPs (Layer 3).

How has it helped my organization?

Let's say most of the traffic nowadays goes through HTTP, your web browser.

When you browse the web, what do you suspect happens? Your browser sends HTTP requests to servers around the world, and in return, you receive a response. Big data packets originate from business applications as well, such as file transfer protocols (FTP) or web services such as MapReduce or Twitters API. Oftentimes, a breach happens through these protocols, whereby a Layer 3 firewall could potentially let the threat in (such as SQL injection by default) without explicitly denying these requests.

What is most valuable?

The solution's best features include:

  • A packet-filtering firewall that examines packets in isolation and does not know the packet's context.
  • A stateful inspection firewall that examines network traffic to determine whether one packet is related to another packet.
  • A proxy firewall (aka application-level gateway) that inspects packets at the application layer of the Open Systems Interconnection (OSI) reference model.
  • A Next-Generation Firewall (NGFW) that uses a multilayered approach to integrate enterprise firewall capabilities with an intrusion prevention system (IPS) and application control.

What needs improvement?

One of the main features that need improvement is the rule filter export. All of the other vendors can export the filtered IPS as a PDF or CSV file, however, with the smart dashboard, it’s just not possible. One can only export the whole rule base and then search for the IPS, which is super time-consuming as you can’t send the whole rule base to a customer. You would get weird questions about certain rules such as why they are deployed or configured as they are, and maybe even get unwanted tips on how to change them.

For how long have I used the solution?

I've used the solution for four years.

Which solution did I use previously and why did I switch?

We did not previously use a different solution.

What's my experience with pricing, setup cost, and licensing?

The costs involved depend on your needs and budget.

Which other solutions did I evaluate?

We did not evaluate other options.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.