Check Point NGFW Reviews

I support multiple environments in Brazil, including banks, schools, government, and the military, mostly with on-premise equipment. Some of these environments had more than 30 Check Point NGFW clusters and some of these have 4 on-premise appliances on each cluster, using the full capabilities of the Check Point Blades.

Using the firewall blades, and the threat prevention blades, we can provide big security for our customers. In the lo4j case, Check Point acts fast and all of the systems are already protected from the threat.

My organization already used Check Point before I arrived, however, compared with open-source firewalls, is in another tier. The usability and maintenance are so much better.

The management in Check Point is exceptional. The Smartconsole feature centralizes the management features, reports, log visualizing, rules, objects, et cetera.

The Check Point could use more time to upgrade the VPN configurations console. At the moment it is not easy to configure some VPN S2S in Check Point. You need to keep opening several groups, objects, and options to configure one simple VPN.

I've used the solution for one year.

The stability is very good!

The scalability is very good.

The initial levels of support are not that good. 

Positive

We used pfSense and suggest just to go for the corporative product.

I don't have insights about the pricing for Check Point.

We did not evaluate other options. 

The need to get faster bug resolving issues. For example, the R80.40 has so many bugs at the moment. 

We use this firewall to protect the internal network and to set up the IPSec standard from one location to another.

One of the benefits that we have realized from using this product is that the user interface makes it easier to operate, compared to using the CLI.  In Check Point 5.0, we bought the option, giving us the ability to use the GUI as well as the CLI. A person who is comfortable with the UI can work with it according to different scenarios.

The most valuable feature is the set of encryption options that are available.

Viewing the logs in the interface is easy to do, which is one of the things that I like.

This is a UI-based firewall that is easy to use.

The antivirus feature is a little bit weak and should be improved. The updates are not as regular when compared to other firewalls, such as Palo Alto.

The training materials and certification process should be improved. For example, the certificates are more expensive and there's no good training available on the internet right now.

I have been using Check Point NGFW for approximately seven years, since 2014.

The stability of this firewall is good and we haven't had any problems. It is a well-known, quality brand.

There are no issues with extendability or scalability. Over the course of a year, we added another firewall, bringing us from one to two deployments, and the process was not tough. We were easily able to manage it.

We have approximately 12 people who work with this firewall during different shifts.

I have been in contact with technical support many times, and they are good. Most of the time, they solve the problem as soon as possible, and they give a perfect solution.

Currently, we are using firewalls from different vendors, including Palo Alto and Cisco. Our Cisco ASA solution is completely CLI-based and Palo Alto is like Check Point with an interface that is a mix of UI and CLI-based.

Both Palo Alto and Cisco ASA have very good tutorials available on the internet, including videos on YouTube and courses on Udemy.

On the other hand, Cisco ASA is more difficult to use because there is no UI and for a person who does not have any knowledge of the networking commands, they have to learn them.

The first phase of the implementation is to plan the firewall deployment. After that, we do the configuration and validate it. In the case of a Check Point firewall, this process will take between two and three months to complete.

The complexity of the process depends on the features that you want to add. In general, it is straightforward and not too complex.

I was not present when the first firewall was set up, although I was presented for the deployment of new ones. Whenever there is a new firewall deployment, I am involved. We have between four and five network engineers who take care of this part.

There is no maintenance required from our side. When we have a hardware issue then we contact technical support to get it sorted out.

We have seen ROI; for the purpose that we have deployed this firewall, we are getting returns. Based on this, we are buying more Check Point firewalls.

The price of Check Point is lower than Palo Alto but higher than Cisco ASA. For us, the price for licensing is fine, we have no issue with it, and feel that the cost is justified.

There are no costs in addition to the standard licensing fees.

My advice for anybody who is implementing Check Point NGFW is that if they get stuck, then visit the technical support section of the website and read the articles that are available. I have learned many things from the tech articles, and it's a good website if you want to learn about it in-depth.

One of the things that I learned is that Check Point firewalls also use Linux commands. After working with Check Point, I improved my Linux skills, which is a good thing for me.

I would rate this solution a nine out of ten.

The main use case is Firewall provisioning and integration with Tufin and Skybox. Also, we focus on firewall compliance, rule review, VPN configuration, and network troubleshooting.

Working for one of the largest companies, I found that using Check Point has made firewall provisioning very easy for us, and integration with the above-mentioned tools has eased the process of PCI audit, security compliance, and rule recertification.

I think the VSX has been the most valuable feature for us. We use it for tunnel management, which is great. The configuration has been quite straightforward.

Debugging could be improved when compared to the competition.

I think the product release lifecycle should be improved.                                                       

We have been using Check Point NGFW for almost eight years.

Previously, we used Cisco ASA. We switched because of the fact that Check Point offers more stability and visibility into the firewalls. Management is easier, especially using the GUI version.

I think that the pricing is different for every organization.

We did evaluate Juniper, as well.

We are using this solution for the security enhancement of our internal company network. This is to protect our customers as well as internal users from the untrusted network or outside world.

I am using the physical appliances of Check Point Firewall as well as virtual machines (VMs). We are using the same versions of R80 on our VMs that we are using for our physical appliances.

It saves a lot of manpower. If we have centralized management, then we do not require as many members on our team. So, this is a cost saving feature. If there wasn't centralized management, we would need 30 members instead of 11 members for our team. 

The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them. 

It has various features, like Threat Prevention and Antivirus. It is easier to use and have knowledge of a single device rather than multiple devices/technologies when doing an installation. It is also easy to use because of having Antivirus and Threat Prevention features within the same firewall.

I would like the user interface to be more user-friendly. I want the UI to be easier to use than Check Point's competitors. 

We have been using this technology for the last four years.

Check Point is the one of the most trusted vendors in the market. All the Checkpoint Firewall updates are very nice. We get the updates every months, and they are very stable updates.

The solution is very scalable. It is easy to expand it, if required. and doesn't take too much time. It also doesn't require too much manpower.

There are 2000 to 4000 people who are indirectly using Check Point Firewall.

It is always a good experience to work with their technical support. They are knowledgeable, always finding a solution. If we send them a bug, they fix it as soon as they can. 

I previously used Cisco ASA Firewalls for network security. 

Check Point is more advanced in comparison to Cisco Firewall. It has many good features, like central management, Threat Prevention, and Antivirus included in one device. With Cisco, we didn't have that.

The setup is straightforward, not complex; it was a simple setup. For the physical firewall, we just required a physical appliance, then we set it up according to our requirements. We had the complete setup guidelines. We used the three-tier hierarchy, which is standard and recommended for Check Point. We could also purchase service from Check Point to assist with the setup process. So, it was a good experience.

Our deployment took six to eight months.

We didn't require Check Point's help during deployment. After deployment, we did require their help for critical cases.

This product provides a complete return on investment. It gives us the level of security that we expect and should have.

The pricing and licensing part is something that could be improved. Check Point license and pricing are a bit higher compared to competing firewalls. I think they can work on that.

We didn't require an evaluation process. We knew that we had to go for Check Point.

I would rate the solution an eight out of 10.

The biggest thing is the central management. It is quite good and allows us to manage the different firewalls from it. We can implement and configure many firewalls and push our policies to them as well.

One of the most valuable features is the antivirus. It's very good.

We also now support cascading objects. We didn't support this previously, but on Check Point we do.

The dashboard is quite good, you can explore a lot of features there and it's easy to understand.

It also gives us SSL inspection, which provides more effective mitigation of defects and data leakage.

The antivirus is not as effective as it could be because updates are not that frequent.

Another area for improvement is that certifications are quite expensive with Check Point.

I've been using the Check Point Next Generation Firewall for the last year.

My role includes working on Check Point and Cisco ASA firewalls to make changes on them, per customer requirements or as the organization needs. I also explore new features and do troubleshooting.

It's quite stable. Until now, we haven't faced any issues.

The Check Point 44000 and 64000 Next Generation Firewalls are designed to be quite scalable. 

If we do face an issue which is not our support boundaries, we involve the Check Point TAC. They're quite technical, so they help us to resolve things. They are always helpful. They're knowledgeable and their response time is very fast.

Previously we were working on Cisco ASA firewall which didn't support the cascading objects. Also, Cisco supports two gateways, whereas the Check Point supports up to five gateways.

We also decided to bring on Check Point because there are a lot of switches that are not supported in Cisco ASA. Also, with Cisco, IPS does not come with the firewall and we have to configure it separately. The Check Point IPS comes with it.

There are a lot of features which are not supported in the Cisco ASA Firewalls.

The initial setup of the firewall is straightforward. I didn't find any difficulties in moving from Cisco ASA to Check Point. The dashboard is quite friendly, so it didn't take much time to learn.

Deployment took about three days.

We have different stages in our implementation process like planning, approving, implementing, checking and validating, and the last one is matching. Job roles in our organization go according to these stages the approvals. I do the planning part and my approval request goes to my team leader.

We have about 400 to 500 users. They are semi-technical or non-technical people, such as network and security engineers, who are tracking and monitoring the firewalls. If we're talking about troubleshooting we have from different levels, like L1, L2, L3.

It's saving us a notable amount of time. 

Check Point is good. It has a lot of features which will support a lot of things in your organization, and the dashboard is quite good. There are a lot of features, such as data protection and data inspection, at a good price.

We use them to protect our edge infrastructure and for interconnecting our sites using the VPN.

One of the most valuable features is the data center object integration with Azure. We are using Azure a lot and there is very nice synchronization between the objects in Azure, and it's very easy to implement rules using this feature.

Other valuable features include: 

• the VPN — it's quite easy to configure it and it provides us with an easy way to interconnect our sites.
• the CLI, for automating things
• it is very easy to manage, to make backups, and to configure
• the support and the graphical user interface.

The NAT services part needs improvement. It's not sophisticated. It needs functions like range assignment for NATing. The way you assign a list of IPs for NATing is too simple. It just allows you to use pools.

There could also be improvement to the automation. They should provide a tool for creating and maintaining rules.

I have been using Check Point firewalls for more than five years.

The stability is an eight out of 10 because we have had some problems with URL filtering, with the domain filtering in particular. When the domain is under a CDN, it sometimes gives us problems because there is more than one IP for each domain.

We have also had problems with data center objects or Azure objects where we have created a rule and the rule stops working. We opened a case with Check Point and they answered us. We installed fixes and it looks like it's working now.

The scalability is quite nice at the firewall level. It gives us the possibility of implementing clusters and high-availability.

We are also working on an Azure implementation and it looks good. We have not yet deployed to the Azure Check Point implementation, but it promises a lot.

We have about 200 employees and, on the administrative side, there are 12 to 15 people working with the Check Point solution. They are mostly networking infra engineers. We are using about 40 percent of the firewall capacity. We don't currently have plans to increase capacity.

We are satisfied with the support. When we have a problem, it's very easy to contact the support center and they give a fast response. I would give their support a nine out of 10.

I have worked with the Cisco ASA firewalls and with firewalls from manufacturers like MikroTik.

It's hard to measure ROI, but our sense of security, as a company, is good with Check Point.

In terms of quality versus price, Check Point is very balanced.

The biggest lesson I have learned from using Check Point firewalls is that if you know how to work with Linux, you will be able to manage almost all the features.

We utilize the Check Point NGFW to segregate our environment, separating our network to filter traffic between segments. Additionally, we leverage its features such as IPS, antivirus, and more, making it the foundation for all the Check Point features we use.

Check Point enables us to secure all our networks by segregating the different areas of our network. It also allows us to view logs of all traffic crossing the various areas. Through the firewall, we can access logs and evidence of activity between our areas, whether within or from the data center to the Internet.

We like the way it protects our network, how easy it is to see and filter logs, and how easy it is to manage next-generation firewall policies.

The upgrade process for Check Point NGFW is not very simple, making it difficult to find the resources needed for the upgrade compared to competitors like Fortinet. Fortinet makes the upgrade process much more manageable. 

Check Point should start working on a new, more straightforward process. Perhaps a graphical interface where you can just click to initiate the upgrade, and it will automatically replace the nodes, starting with the secondary node in a cluster and then upgrading the primary node. This would make the process automatic with just one quick action, similar to what we see in competitors like Fortinet.

I have been using Check Point NGFW for ten years.

We're encountering some issues with the Check Point NGFW. They've stopped communicating with the manager, and sometimes, we cannot push policies from the manager to the FortiGate and Check Point. The latest versions we've been working with, especially the Check Point software, haven't been very stable.

I rate the solution's stability a seven out of ten.

There are performance issues with certain Check Point NGFW models, particularly when enabling multiple features. These issues are often related to CPU utilization, causing some traffic to slow down. Competitors like Fortinet offer greater scalability than Check Point. In equivalent models, Fortinet performs better with lower CPU usage for the same amount of traffic. However, it's worth noting that Check Point excels in traffic inspection and detecting malicious activities. 

While Fortinet may offer better performance, Check Point provides superior security capabilities. Check Point's scalability is not as efficient, as it consumes more CPU when handling higher traffic volumes. Therefore, if speed is a priority, Fortinet may be a better option, but for comprehensive traffic inspection and security, Check Point remains a strong choice despite its scalability limitations.

I rate the solution's scalability an eight out of ten.

The support engineers sometimes lack sufficient knowledge, making it very difficult to receive a prompt response to our problems. Sometimes, we need ten remote sessions with them before they assign someone capable of resolving the issue. They start escalating only after we complain to the managers. When we open a case, we are assigned a junior staff member who requests information, resulting in lengthy delays in communication.

Neutral

The initial step is much more complex than other methods. The integration process will be a bit simpler. It takes two days. You need to start by configuring the management IPs, then proceed to establish the connection to the manager using what they call the sync password. Finally, you need to start creating the policy that you want to use.

I rate the initial setup a seven out of ten, where one is difficult, and ten is easy.

The solution is expensive compared to Fortinet.

AI is more commonly utilized on the vendor rather than the client side. Therefore, they employ AI to enhance their product and understand and detect more threats that require attention, albeit with a turnaround time.

One should opt for Check Point if they have engineers or partners with expertise in Check Point because it's not the easiest product to work with. It's much simpler for someone who has never worked with Check Point or Fortinet to start with Fortinet, which is much easier to manage. However, if you possess the knowledge of the security blades in Check Point, they are superior to those in Fortinet, with the IPA.

Overall, I rate the solution an eight out of ten.

I am using Check Point Next Generation.

The solution boasts a host of features that we like. 

Tech support should be improved. There are times when the technical team fails to understand things at the ground-level. 

The dashboard can stand improvement. 

The solution is overly expensive. 

The initial setup is a bit complex. 

The solution is scalable. 

Technical support could be better, as the tech team at times does not manage to understand ground-level issues. 

The setup is somewhat on the easy side, but certain things are complex. While the solution is a little easier to manage than Palo Alto, I was forced to make comparisons between the two products. 

The price is too high. 

The solution is geared towards organizations hosting more than 50,000 employees.