Check Point NGFW Reviews

My role is to do implementation and troubleshooting on the Check Point Firewall. We use this firewall for our organization's security by adding restrictions and security from viruses and other tech from the external Internet.

It is used in our internal company-wide network. It protects our company throughout the LAN network.

We have needed to install many third-party devices to provide major security to our organization. Because of Check Point and its many features, we do not require other third-party devices. We only require Check Point to provide the security.

It gives us centralized management for multiple firewalls. For example, if I want to push the same configuration to 10 firewalls, I can push it all at once with the help of the centralized management system.

It is easy to use because it supports Linux language in the CLI. This is a good for someone who already knows Linux language.

The company should increase the learning platform free of charge. For example, Palo Alto and Cisco ASA have very good platforms that are completely free. Almost everyone in this field has good product knowledge. Therefore, I would like more training and expertise to be available for Check Point NGFWs.

I would like the graphic user interface to be easier to use. For example, the NAT policy should be easier to use. Check Point's NAT policy is somewhat confused compared to other competitors.

I have been using it four years and four months.

It is a stable firewall that has new updates. The new updates are very impressive. There is also a good antivirus update which comes out very frequently and is completely stable.

The solution's scalability is good.

With our increasing business, we have given a proposal to increase the number of firewalls.

In my organization, there were five associate consultants included in the deployment process, including me.

The solution has very good, timely support. Most of the time, when we opened a case with their tech support, we have been in a panic situation because of the case's priority. However, the solution that we get is very straightforward and in very short amount of time.

My issues were resolved by the Check Point team or available on the Internet. So, all my problems were resolved.

I have used Palo Alto and Cisco ASA. When I used Check Point, I got to know that the CLI is based on Linux. I already know Linux, so it was very comfortable for me. Apart from that, it was the company's decision. They wanted to use this firewall.

The initial setup was straightforward because I have done training on Check Point. I didn't face any issue while implementing or while configuring it. I only faced a few issues, and they were resolved by the Check Point team.

It takes around nine to 12 months for the complete deployment of this solution. My deployment plan was a three-tier architecture, which is one of Check Point's features.

I deployed it myself with the help of one or two of my colleagues.

I am happy with the investment that we made on Check Point. The reason behind this: It has advanced features for protecting the environment.

I also evaluated Palo Alto and Cisco ASA.

Check Point pros:

• The CLI is very ease to use.
• It provides advanced security threat prevention.

Check Point cons:

• The graphical user interface should be easier to use.
• More training should be provided by Check Point. 

I would recommend this solution because it is a firewall that replaces many other devices. Money-wise, it is good. It also has many features. These can be utilized to protect your environment from outside threats.

You should have a couple of training and hands-on experiences before deploying the changes by yourself on the firewall. It has many features of which people are not knowledgeable so they usually utilize them.

With time, technology is getting better. Check Point is one of these examples. They have changed their products completely from the old R80 version, where their UI and CLI were much different. 

I would rate this solution as a nine out of 10.

We use this solution for our perimeter firewall to protect our web applications, systems, and network. We are running our complete business with Check Point.

The complete traffic is managed by Check Point. The Check Point threat emulation blade is enabled to protect zero-day attacks and it will detect and prevent attachments and other payloads from this type of attack.

We have been running Check Point for the last ten years and it protected our network, systems, and applications against the latest attack. Our organization is running 500 applications that are being protected.

The next-generation firewall will manage all of the traffic and prevent the latest & advanced threats from attackers. The latest operating systems R 80.20 is wonderfully designed and allows customers to manage everything with a single console.

The most valuable feature is that we are protected against zero-day threats.

Everything can be managed from a single console.

We would like to see the following improvements:

1. Multiple ISP redundancy.
2. CPU utilization.
3. VPN traffic.
4. HA concept, where if we apply the policy in the primary appliance that should be applied to HA appliance automatically.
5. The number of bugs has to be reduced.
6. The number of false positives should be reduced. 
7. Threat emulation has to be improved.
   
8. Reporting has to be improved.

I have been using Check Point Next Generation Firewall for ten years.

We are happy with Check Point technology and support.

Both IN and OUT traffic is managed by Check Point. We are happy with Check Point technology including the protection, management, and the ability to secure the enterprise network against advanced threats.

We utilize the Check Point NGFW to segregate our environment, separating our network to filter traffic between segments. Additionally, we leverage its features such as IPS, antivirus, and more, making it the foundation for all the Check Point features we use.

Check Point enables us to secure all our networks by segregating the different areas of our network. It also allows us to view logs of all traffic crossing the various areas. Through the firewall, we can access logs and evidence of activity between our areas, whether within or from the data center to the Internet.

We like the way it protects our network, how easy it is to see and filter logs, and how easy it is to manage next-generation firewall policies.

The upgrade process for Check Point NGFW is not very simple, making it difficult to find the resources needed for the upgrade compared to competitors like Fortinet. Fortinet makes the upgrade process much more manageable. 

Check Point should start working on a new, more straightforward process. Perhaps a graphical interface where you can just click to initiate the upgrade, and it will automatically replace the nodes, starting with the secondary node in a cluster and then upgrading the primary node. This would make the process automatic with just one quick action, similar to what we see in competitors like Fortinet.

I have been using Check Point NGFW for ten years.

We're encountering some issues with the Check Point NGFW. They've stopped communicating with the manager, and sometimes, we cannot push policies from the manager to the FortiGate and Check Point. The latest versions we've been working with, especially the Check Point software, haven't been very stable.

I rate the solution's stability a seven out of ten.

There are performance issues with certain Check Point NGFW models, particularly when enabling multiple features. These issues are often related to CPU utilization, causing some traffic to slow down. Competitors like Fortinet offer greater scalability than Check Point. In equivalent models, Fortinet performs better with lower CPU usage for the same amount of traffic. However, it's worth noting that Check Point excels in traffic inspection and detecting malicious activities. 

While Fortinet may offer better performance, Check Point provides superior security capabilities. Check Point's scalability is not as efficient, as it consumes more CPU when handling higher traffic volumes. Therefore, if speed is a priority, Fortinet may be a better option, but for comprehensive traffic inspection and security, Check Point remains a strong choice despite its scalability limitations.

I rate the solution's scalability an eight out of ten.

The support engineers sometimes lack sufficient knowledge, making it very difficult to receive a prompt response to our problems. Sometimes, we need ten remote sessions with them before they assign someone capable of resolving the issue. They start escalating only after we complain to the managers. When we open a case, we are assigned a junior staff member who requests information, resulting in lengthy delays in communication.

Neutral

The initial step is much more complex than other methods. The integration process will be a bit simpler. It takes two days. You need to start by configuring the management IPs, then proceed to establish the connection to the manager using what they call the sync password. Finally, you need to start creating the policy that you want to use.

I rate the initial setup a seven out of ten, where one is difficult, and ten is easy.

The solution is expensive compared to Fortinet.

AI is more commonly utilized on the vendor rather than the client side. Therefore, they employ AI to enhance their product and understand and detect more threats that require attention, albeit with a turnaround time.

One should opt for Check Point if they have engineers or partners with expertise in Check Point because it's not the easiest product to work with. It's much simpler for someone who has never worked with Check Point or Fortinet to start with Fortinet, which is much easier to manage. However, if you possess the knowledge of the security blades in Check Point, they are superior to those in Fortinet, with the IPA.

Overall, I rate the solution an eight out of ten.

I'm a consultant and Check Point partner. I have deployed a lot of Check Point firewalls and support Check Point firewalls for our customers. Our customer environments are different. I deployed standalone, cluster, and two-layer firewalls. 

One of our customers has over 200 branch offices which were protected by Check Point SMB appliances. All these appliances are managed by CheckPoint SmartProvisioning. 

This customer has one cluster Check Point which secures server segments and one cluster Check Point which secures client segments.

Check Point firewall products include a lot of modules. Application Control, IPS, email security, mobile access, content awareness, URL filtering, antivirus, antibot, and DLP. Check Point meets our customer requirements at the perimeter with an all-in-one solution. 

For example, the IPS blade prevents attacks with updated signatures. URL filtering policy control customers users' internet activity. Antivirus and antibot blade controls malicious activity and files. Mobile access blades give customers to access their sites from anywhere securely.

There are a lot of features that I found valuable for our customers. 

For example, active-active and active-standby high availability features are very useful. 

If you want to share traffic loads to both cluster members you can use the active-active feature, if you don't want to share traffic loads you can prefer active standby. Your connections sync on both cluster members at both high availability choices. That way, your connections are never lost. 

Another valuable feature is performance improvement ability. With ClusterXL and CoreXL you can improve performance.

Check Point should add additional management choices. For example, Check Point doesn't fully have management support via browser. You need to use Check Point's SmartConsole for management. SmartConsole is .exe and it is supported only on the MS Windows platform. If you are using Linux or a Mac you can not manage Check Point. You should be able to use a virtual PC whose OS is Windows inside the Linux or MAC. Check Point states that this is a decision made for security reasons, however, certain management features can be done through the browser, yet not fully.

I have been using the Check Point firewall for about 20 years.

Check Point support center is very professional.

Positive

We did not use a different solution previously.

After buying the firewall, you can use Check Point for a lifetime, however, it is a subscription base for content security features.

We also evaluated Fortinet and Cisco.

If you are looking for a firewall appliance that has a lot of security features, easy installation, and configuration, Check Point firewall products are the best for you.

I support multiple environments in Brazil, including banks, schools, government, and the military, mostly with on-premise equipment. Some of these environments had more than 30 Check Point NGFW clusters and some of these have 4 on-premise appliances on each cluster, using the full capabilities of the Check Point Blades.

Using the firewall blades, and the threat prevention blades, we can provide big security for our customers. In the lo4j case, Check Point acts fast and all of the systems are already protected from the threat.

My organization already used Check Point before I arrived, however, compared with open-source firewalls, is in another tier. The usability and maintenance are so much better.

The management in Check Point is exceptional. The Smartconsole feature centralizes the management features, reports, log visualizing, rules, objects, et cetera.

The Check Point could use more time to upgrade the VPN configurations console. At the moment it is not easy to configure some VPN S2S in Check Point. You need to keep opening several groups, objects, and options to configure one simple VPN.

I've used the solution for one year.

The stability is very good!

The scalability is very good.

The initial levels of support are not that good. 

Positive

We used pfSense and suggest just to go for the corporative product.

I don't have insights about the pricing for Check Point.

We did not evaluate other options. 

The need to get faster bug resolving issues. For example, the R80.40 has so many bugs at the moment. 

The environment in which it was deployed is a financial institution that requires high availability, confidentiality, and integrity of information within the supporting infrastructure. The NGFW is used specifically for the VPN, firewalling and it also serves as virtual patching in the event of zero-day vulnerabilities that are very common within some well know client desktop computers and servers.

Initially, I was using the Cisco ASA5500 series firewall. I never believed there could be better firewall devices in terms of ease of setup and management. The NGFW from Check Point has increased my confidence in terms of performance and ease of configuration with its intuitive interface. It supports the VPN configuration without any unnecessary latency and packet dropping.                                                                                                                              

It blocks over 97% of threats!                                          

VPN, firewalling, and virtual patching are the most valuable aspects for me. The NGFW is so effective that I can go to sleep and vacation. Check Point products rarely have vulnerabilities that put the whole organization at risk, unlike some other firewall products.

The VPN tunnels are very effective in terms of stability and quick connection.

Virtual patching is useful as a workaround for zero-day vulnerabilities.                           

It offers excellent filtering of URLs.

The interface can be more user-friendly in terms of the design and location of critical and commonly used icons.

They could add a web user Interface.

I have been using the Check Point NGFW since 2018 when it was deployed in my company.

The stability is awesome and it puts me in a no-worries mood!

The scalability is awesome.

Technical support is friendly and awesome.

Positive

I did use Cisco ASA. The administration was grueling coupled with some nefarious vulnerabilities and the cost of ownership.

The initial deployment was demanding due to my network architecture, not because of the product.

The implementation was done through a vendor.

We've seen ROI at 6 months to 1 year.

However, the ROI was realized within weeks of deployment.

The solution is reasonably priced relative to some other brands.

We did not evaluate other options.

It is the best amongst the rest.

We implement Check Point in the front end to protect internet platforms and security platforms. 

Check Point provides very good performance with many solution options and many kinds of modules.

I'd like to see more integration with other solutions. 

I've been using this solution for a couple of months. 

This solution is stable and scalable.

We've rarely used support but they've been helpful when we needed them. 

We migrated from Cisco to Check Point. Check Point is easier for the administration console.

Before migrating to Check Point, we tested it in several environments. We used a consultant for deployment and we now have 800 users in the company and six engineers responsible for maintenance. 

We pay an annual license fee. 

I recommend this solution and rate it a 10 out of 10. 

We deployed a Check Point firewall on the perimeter as well as on the internal network. Both are in HA & we have enabled all threat prevention blades. All devices are 5600 & 4200. We are managing our two firewalls with two different security management servers.

Currently, we are using the R80.20 firmware version and we have a pretty simple design.

Our primary uses are firewall security, VPN, web filtering & monitoring. We have also used the TE-100X appliance for private cloud sandboxing.

With Check Point, we achieved redundancy but the problem was three public IP addresses that were required to be configured as HA, with two physical IPs & one virtual IP.

Our previous firewall used a single public IP but now, with Check Point using three, it became very difficult for us to make available the same segment of public IP addresses from our ISP. After many support calls, however, we found a solution.

The other option which is helpful is that there are no limits for any objects used in the policy. Our previous firewall does support limited time objects & IP address objects.

Check Point's new Smart dashboard has an all-in-one configuration interface. They provide a very easy configuration for NAT and one tick for source & destination NAT is possible.

Policies can be configured in a more organized way using a section & layered approach.

Application control has all of the required application data to introduce it into policy and the URL filtering works great, although creating regular expressions is complicated.

The software upgrade procedure is very easy; it just needs few clicks & we are done.

Check Point has both GUI (Graphical Interface) & smart dashboard, but it will be better if it sticks to either one of them. 

A threat prevention policy needs to be created in a different tab but instead, if those policies could be related to access policy then it will be easier to apply the threat prevention to our relevant traffic.

One of the most complicated aspects is the VPN Configuration, which should be simplified in future releases. The monitor tab should have a VPN tab, where we can see the current tunnel status.

I have been using Check Point NGFW for more than the last three years.

With respect to stability, we always have ongoing support calls. We have faced lots of issues that have led to upgrading with a Hotfix.

When it comes to scalability, our current Check Point is far better than our previous firewall.

Technical support is very helpful & always there to help us with issues. Also, the TAC response is quick.

Previously, we had a Fortinet firewall, which was pretty slow when it came to operations.

The initial setup was simple.

We implemented the firewalls with our in-house team.

Check Point should provide some basic license for mobile access VPN by default, for at least five to ten users.

The only other vendor that we have evaluated is Fortinet.