Check Point NGFW Reviews

In my company, we use the Check Point NG Firewall solution to secure the perimeter and user network. We use IPS/IDS, deep packet inspection, and VPN. We have implemented routing rules based on the destination of the traffic, and the performance of the global solution is satisfactory.

We use the solution, too, as the firewall in a core node, which is very important to the business. It secures the network equipment and service integrity.

We are delighted with the powerful management console and diagnostic tools.

The Check Point Next Generation Firewall has improved the performance of our network, bringing the IT administrator a lot of information and data to make decisions about security, vulnerability, strengths, and weaknesses in our deployed projects.

It provides a lot of information to help better understand our users. Now we feel more confident with our network and know what happens on it, as well as what kind of traffic we have.

In addition, we have many reports that include data to help with decision-making and information about how the solution reduces cost and risk.

The most valuable feature in my opinion is the powerful deep packet inspection engine. This engine provides me with a great capacity to control the traffic generated by my users and provides our company with a very real vision of the use that users make of the network.

The reporting capability is very important as we are able to show the company management the benefits and the return on investment, in terms of securing our network.

The number of physical network ports on the device should be increased to allow for greater capacity.

Another point of improvement would be to continue improving the integration line with our current NAC solution in order to exchange more attributes and increase the granularity of the implemented policies.

We have been using the Check Point NGFW for three years.

Compared to other similar solutions on the market, this product is quite complete.

In my opinion, this solution is already quite complete with respect to our requirements.

I'm a consultant and Check Point partner. I have deployed a lot of Check Point firewalls and support Check Point firewalls for our customers. Our customer environments are different. I deployed standalone, cluster, and two-layer firewalls. 

One of our customers has over 200 branch offices which were protected by Check Point SMB appliances. All these appliances are managed by CheckPoint SmartProvisioning. 

This customer has one cluster Check Point which secures server segments and one cluster Check Point which secures client segments.

Check Point firewall products include a lot of modules. Application Control, IPS, email security, mobile access, content awareness, URL filtering, antivirus, antibot, and DLP. Check Point meets our customer requirements at the perimeter with an all-in-one solution. 

For example, the IPS blade prevents attacks with updated signatures. URL filtering policy control customers users' internet activity. Antivirus and antibot blade controls malicious activity and files. Mobile access blades give customers to access their sites from anywhere securely.

There are a lot of features that I found valuable for our customers. 

For example, active-active and active-standby high availability features are very useful. 

If you want to share traffic loads to both cluster members you can use the active-active feature, if you don't want to share traffic loads you can prefer active standby. Your connections sync on both cluster members at both high availability choices. That way, your connections are never lost. 

Another valuable feature is performance improvement ability. With ClusterXL and CoreXL you can improve performance.

Check Point should add additional management choices. For example, Check Point doesn't fully have management support via browser. You need to use Check Point's SmartConsole for management. SmartConsole is .exe and it is supported only on the MS Windows platform. If you are using Linux or a Mac you can not manage Check Point. You should be able to use a virtual PC whose OS is Windows inside the Linux or MAC. Check Point states that this is a decision made for security reasons, however, certain management features can be done through the browser, yet not fully.

I have been using the Check Point firewall for about 20 years.

Check Point support center is very professional.

Positive

We did not use a different solution previously.

After buying the firewall, you can use Check Point for a lifetime, however, it is a subscription base for content security features.

We also evaluated Fortinet and Cisco.

If you are looking for a firewall appliance that has a lot of security features, easy installation, and configuration, Check Point firewall products are the best for you.

The environment in which it was deployed is a financial institution that requires high availability, confidentiality, and integrity of information within the supporting infrastructure. The NGFW is used specifically for the VPN, firewalling and it also serves as virtual patching in the event of zero-day vulnerabilities that are very common within some well know client desktop computers and servers.

Initially, I was using the Cisco ASA5500 series firewall. I never believed there could be better firewall devices in terms of ease of setup and management. The NGFW from Check Point has increased my confidence in terms of performance and ease of configuration with its intuitive interface. It supports the VPN configuration without any unnecessary latency and packet dropping.                                                                                                                              

It blocks over 97% of threats!                                          

VPN, firewalling, and virtual patching are the most valuable aspects for me. The NGFW is so effective that I can go to sleep and vacation. Check Point products rarely have vulnerabilities that put the whole organization at risk, unlike some other firewall products.

The VPN tunnels are very effective in terms of stability and quick connection.

Virtual patching is useful as a workaround for zero-day vulnerabilities.                           

It offers excellent filtering of URLs.

The interface can be more user-friendly in terms of the design and location of critical and commonly used icons.

They could add a web user Interface.

I have been using the Check Point NGFW since 2018 when it was deployed in my company.

The stability is awesome and it puts me in a no-worries mood!

The scalability is awesome.

Technical support is friendly and awesome.

Positive

I did use Cisco ASA. The administration was grueling coupled with some nefarious vulnerabilities and the cost of ownership.

The initial deployment was demanding due to my network architecture, not because of the product.

The implementation was done through a vendor.

We've seen ROI at 6 months to 1 year.

However, the ROI was realized within weeks of deployment.

The solution is reasonably priced relative to some other brands.

We did not evaluate other options.

It is the best amongst the rest.

Check Point is very strong as compared to the other vendors in the market.

The solution offers a very good centralized management console. 

It works well even for small deployments. 

The perimeter security is excellent. 

It works well even for cloud environments and has been very useful during COVID when people weren't necessarily in the office. 

The creation of policies is simple. It's easy to configure them when we need to.

We have found the troubleshooting process to be very easy and helpful.

The GUI is simple and straightforward. 

The sandbox environment on offer has been great. 

The support has been super-helpful. They've always been great, even at a pre-sales level.

The initial setup is very straightforward. 

From a stability standpoint, sometimes when upgrading to a new version, there are some stability issues. The device occasionally may stop responding. 

It would be beneficial if they offered better load balancing. 

They could make the licensing a bit easier to deal with, especially for enterprise-level options. 

We primarily use the solution for security, as a next-generation firewall that we use in our environments. It is very good at detection and prevention. However, we are still exploring use cases.

While the solution is mostly stable, we do find that we have stability issues moving to different versions. You run the risk of the device not responding in some cases. 

The scalability is possible, however, it's based on requirements. When we get a new solution, we plan out for the next four or five years. It can scale so long as you design it properly at the outset. 

Technical support is helpful and responsive. We're quite satisfied with the level of service we can expect. They are very good.

I've also worked with Palo Alto and Cisco. 

The initial setup is extremely straightforward. You don't even have to be overly technical to manage it. They make it very easy. It's not overly complex or difficult.

The licensing is okay. Clients can go for a one, three, or five-year license. 

Sometimes it's complicated to put new licensing on existing devices. If we have issues, we can raise questions with the sales management team and they are always very helpful. Larger, enterprise-level devices, in particular, can be a bit complex to deal with. 

We are integrated partners and we provide services to the customers.

I didn't get any chance to work on version 80.40, however, a lot of the customers are on versions 80.10, 80.20, and 80.40.

I would encourage users and companies to use Check Point. It's quite a good solution. I find it to be a better solution than, for example, Palo Alto.

I'd rate the solution at a ten out of ten.

I use Check Point NGFW for controlling traffic and controlling access to the production server. It is a HA (high availability) environment. It is easy to use failover solutions.

We use it on our disaster recovery (DR Site) and it runs smoothly.

In the office, Check Point Infinity is the only fully consolidated cybersecurity architecture that protects your business and IT infrastructure.

Integrating the most advanced threat prevention and consolidated management, the security gateway appliance is designed to prevent any cyber attack, reduce complexity, and lower costs.

Check Point gateways provide superior security beyond any Next-Generation Firewall (NGFW).

Best designed for network protection, these gateways are the best at preventing the fifth generation of cyber attacks.

Overall, for us, it improves the private cloud security and helps to prevent the spread of threats while consolidating visibility and management across our physical and virtual networks.

The most valuable feature is the next-generation firewall (NGFW) protection.

Check Point has long been a leader in the firewall market. It offers Quantum Security Gateways for a wide range of use cases and CloudGuard FWaaS and cloud security products too. NSS Labs scored Check Point just behind Palo Alto in security effectiveness and ahead of Palo Alto in TCO. Check Point’s management features are among the best in the business, but SD-WAN capabilities are lagging.

A firewall rule is the same on all systems, and I am very happy with the correlation and the display of the rules.

From the logs, you can trace back to the rule with a click, which makes it easy to investigate cases. It is also easy to search the log.

They have few predefined reports and it would be nice to increase them since the logs are excellent.

They should be quicker to release fixes for known vulnerabilities, including those related to Microsoft products.

If you make a mistake when creating rules, it is time-consuming to fix them. However, there is no problem with traffic processing. 

Sometimes you are forced to interact on several different levels. On the one hand, you put the rules in, and on the other, you put in the route. 

I have been using Check Point NGFW for between five and six years.

They have a good support team that is fast to respond. However, there are open cases that should be resolved in a more timely fashion.

We used another solution prior to this one, but the updates were too slow and it was harder to monitor the log.

The initial setup is very hard.

The vendor implemented this product for us.

This product is a good investment and I expect a full return in approximately three years.

The price of the appliance should be decreased.

 I evaluated several other solutions and compared them before choosing Check Point.

This is a product that I recommend.

I use the solution in my company since the solution serves as a firewall and functions on a DMZ network while also providing public-facing services. I serve my company's customers as a firewall administrator.

My company's customers have benefited from the solution's performance, especially when dealing with a huge amount of traffic. Check Point is a well-known name in the security industry that opts for functionalities like signature-based detection and beyond.

The most valuable feature of the solution is the Quantum Intrusion Prevention System (IPS). I also like the solution's functionality, like autonomous threat prevention.

The complexity involved in the solution's initial setup phase and deployment process is an area of concern where improvement is required.

I have been using Check Point NGFW for two years. I work as the solution's integrator. Speaking about the version, I use Check Point Quantum 6400 Next Generation Firewalls.

So far, I haven't faced any issues related to the solution's stability.

Scalability-wise, I rate the solution a nine out of ten.

If I take into consideration my company's customers who use the solution, then I would have to say that there are around 300 to 400 users.

I have availed the services provided by the solution's technical support. My company engages with the solution's local partner to avail the services provided by Check Point's technical support team.

Compared to Palo Alto and Fortinet, Check Point provides good internal performance, especially for big-scale enterprises and entities, making it a tool that is not just suitable for SMEs or mid-sized companies. Check Point is, however, pricier than other solutions.

The initial setup of Check Point NGFW is quite complex. When it comes to the product's setup phase, the engineer should understand the product, and instead of understanding the firewall, it is important to know how to manage or be an admin.

The solution is deployed on an on-premises model.

The solution's deployment is complex.

My company's customers have seen a return on investment from the use of Check Point NGFW.

I rate the pricing of Check Point NGFW a five on a scale of one to ten, where one is high price, and ten is low price.

I take care of the solution's maintenance part, and I feel that it is a straightforward process.

Check Point NGFW is good for big companies.

I rate the overall solution an eight out of ten.

We use Check Point as well as Cisco. The firewall is used in order to continue filtering with VMware VMotion on different data centers. 

We have several data centers that are stretched. Our Check Point firewalls are used to filter north/south traffic.

With BGP on Gaia, when one of the clusters is unreacheable, the traffic is rerouted to another cluster. 

We also use VSX which is really a very good product for macrosegmentation.

The management of the firewall and advanced routing is great. It's easy to use and troubleshoot.

We need east/west Check Point firewalls in order to do micro-segmentation. A good solution for us is a solution that can be installed on différent systems (Linux, Windows K8S, bare metal, etc.) and can have centralized management.

Troubleshooting is also a big feature that will be necessary in this use case. 

I've used the solution for many years.

We also looked at Ciscos ASA and Fortigate.

I support multiple environments in Brazil, including banks, schools, government, and the military, mostly with on-premise equipment. Some of these environments had more than 30 Check Point NGFW clusters and some of these have 4 on-premise appliances on each cluster, using the full capabilities of the Check Point Blades.

Using the firewall blades, and the threat prevention blades, we can provide big security for our customers. In the lo4j case, Check Point acts fast and all of the systems are already protected from the threat.

My organization already used Check Point before I arrived, however, compared with open-source firewalls, is in another tier. The usability and maintenance are so much better.

The management in Check Point is exceptional. The Smartconsole feature centralizes the management features, reports, log visualizing, rules, objects, et cetera.

The Check Point could use more time to upgrade the VPN configurations console. At the moment it is not easy to configure some VPN S2S in Check Point. You need to keep opening several groups, objects, and options to configure one simple VPN.

I've used the solution for one year.

The stability is very good!

The scalability is very good.

The initial levels of support are not that good. 

Positive

We used pfSense and suggest just to go for the corporative product.

I don't have insights about the pricing for Check Point.

We did not evaluate other options. 

The need to get faster bug resolving issues. For example, the R80.40 has so many bugs at the moment.