We work with these firewalls for overall security, including content filtering.
High-capability devices help us to integrate with cloud infrastructure and internet applications
Pros and Cons
- "It also gives us a single console for everything. Rather than having one device for URL filtering and a different device as a firewall, this gives us everything in one place."
- "It would help if they were easier to deploy, without needing more technical people. It would be nice if we could just give basic information, how to connect, and that would be all, while the rest of the setup could be done remotely."
What is our primary use case?
How has it helped my organization?
High-capacity and high-capability devices help us to integrate with the cloud infrastructure as well as internet applications.
What is most valuable?
The most valuable feature is the URL filtering.
It also gives us a single console for everything. Rather than having one device for URL filtering and a different device as a firewall, this gives us everything in one place.
What needs improvement?
It would help if they were easier to deploy, without needing more technical people. It would be nice if we could just give basic information, how to connect, and that would be all, while the rest of the setup could be done remotely.
Buyer's Guide
Check Point NGFW
December 2024
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,875 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Check Point NGFWs for six years.
What do I think about the stability of the solution?
They're pretty stable. I don't see any issues there.
What do I think about the scalability of the solution?
Scalability means upgrading to newer, better hardware.
From an end-user perspective, everyone in our organization is using it, as it's a perimeter device. If they have to access the internet, they use this firewall to allow that access. We have about 4,000 end-users and about 200,000 concurrent connections.
How are customer service and support?
Check Point's technical support is a seven out of 10. Sometimes it takes a lot of time to get the right people on TAC issues. And to buy time, they just use generic questions, which is really time-consuming and doesn't relate to the problem at all.
Which solution did I use previously and why did I switch?
For the infrastructure in question, we have always used Check Point firewalls.
I have worked with Cisco ASA. Cisco is more CLI oriented, whereas Check Point is more GUI oriented. With the GUI, it's easier to manage and administrate it. If the configuration becomes bigger and bigger, it is really easy to see things in the GUI versus a CLI.
The advantage of the CLI is that you can create scripts and execute them. But the disadvantage is that they become so lengthy that it becomes very difficult to manage.
How was the initial setup?
The initial setup is straightforward because it's a GUI interface. Even when it was upgraded, things didn't change in terms of the look and feel. It was still the same. There was no need to learn new things. It's easy for any administrator to learn new features.
On average, deployment takes one to two hours, including mounting and everything, from the physical work to moving the traffic there.
The issue is that we still need people to be onsite to do this because some tasks have to be done on the day. That means a technical person is required to do that work. We can't give it to any other person to do this because, until those particular steps are completed, things can't go any further.
We have six people, network admins, for deployment and maintenance because we have about 30 of firewalls.
What about the implementation team?
We do it ourselves.
What was our ROI?
When we first started using them, we were just using them for basic functionality. Then we started using more features and introducing other components. For example, we had a different proxy server which we depended on. Once we got the Check Point, we could use the same device for multiple roles, which reduced the cost a lot. I would estimate our costs have been reduced by 30 percent.
What's my experience with pricing, setup cost, and licensing?
If you use the features then it's cost-effective. Otherwise, it's expensive.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Sr. Network Engineer at a insurance company with 5,001-10,000 employees
Provides security to users working within our LAN environment, but also to remote end-users
Pros and Cons
- "The central management makes it easier, and is a time-saver, when implementing changes."
- "The antivirus Check Point offers could be better when compared to competitors' firewalls. Updates should be more frequent."
What is our primary use case?
We use Check Point's firewall to provide network security to our organization as well as to other, third-party vendors.
How has it helped my organization?
The Check Point firewall is providing advanced-level security. Compared to before, our company is more secure now. It is not only securing the users working within the LAN environment, but also to the end-users or remote users in the company.
What is most valuable?
The most valuable features are its
- antivirus
- threat detection
- central management system.
The central management makes it easier, and is a time-saver, when implementing changes. We can do all the changes within Check Point and not use any third-party device.
What needs improvement?
The antivirus Check Point offers could be better when compared to competitors' firewalls. Updates should be more frequent. With other firewalls, updates are very frequent, but with Check Point updates are not so frequent. That needs to be improved.
Also, the certification as well as learning about this Check Point is much costlier when compared to the other firewalls. I have recently done certifications in various firewalls and Check Point's certification was more costly.
For how long have I used the solution?
I have been using Check Point's NGFW for the last six years.
What do I think about the stability of the solution?
The Check Point firewall is very stable. It is one of the oldest firewalls in the market. It has all the advanced features, according to the security features we have. It's quite a stable firewall.
What do I think about the scalability of the solution?
It is very good and scalable. We have recently expanded the usage of Check Point and it was not a very tough process to scale this firewall.
Right now it's protecting around 3,000-plus employees.
How are customer service and technical support?
It has been a very good experience every time we call Check Point. We usually get them on a phone call and they are very informative people. They always provide us the solution.
Which solution did I use previously and why did I switch?
We had another solution. We switched because Check Point gave us more advanced features and there was market demand for network security.
How was the initial setup?
The initial setup was a little complex. The training from Check Point should be increased. It was a little complex, but with the help of their TAC and the help of other engineers, we installed it.
The deployment has taken about eight months. We have deployed it in a three-way architecture. We have installed a security gateway, an SMS (security management system) and we have installed the console.
We have a team of four people, all network engineers, for deployment and maintenance of the solution. We take care of all the firewalls for the organization, including Check Point's.
What about the implementation team?
We had help from a Check Point integrator. It was a good experience. They were very helpful.
What was our ROI?
We are happy with our investment in Check Point's firewall. Per our standards, and for our environment, it is a very good firewall. It is protecting us well.
What's my experience with pricing, setup cost, and licensing?
Pricing is a little high compared to competitive firewalls, but it is easy to go through the licensing steps.
Which other solutions did I evaluate?
We evaluated other options, including Cisco ASA. The difference was that Check Point provides advanced features, such as threat prevention and antivirus. Apart from those, it also provides us with IPS. Also, for Cisco ASA, we had to take extra services to install it, so we went for Check Point.
What other advice do I have?
Make sure you get good training on Check Point's firewall, and it would be good if you have working experience on the device.
Using Check Point, I have learned that we need to serve our remote users as well, and Check Point is a firewall which is capable of doing that.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Check Point NGFW
December 2024
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,875 professionals have used our research since 2012.
Network Administrator at Türkiye İş Bankası
Easy to use, configure, and manage and offers good security
Pros and Cons
- "SmartCenter and SmartLog are the best platforms to manage firewall rules. SandBlast Zero-Day is very useful when encountering any security leaks."
- "Check Point needs to work on hardware problems also."
I have been working with Check Point for almost three years in my career and 8+ years on my company.
We are using Check Point as a perimeter firewall in our data center and we are using all NGFW specs on our firewalls like IPS, identity awareness, Anti-Bot, application firewall antivirus and SandBlast solutions in our environment.
It is generally easy to configure and manage using SmartCenter. Also, SmartLog really helps troubleshoot any problems that we encounter. SandBlast Zero-Day security helps our organization become safer. SmartConsole is the best GUI when compared to other companies. It is very easy to use and it is much more secure when compared to a web GUI.
SmartCenter and SmartLog are the best platforms to manage firewall rules. SandBlast Zero-Day is very useful when encountering any security leaks.
Maestro looks very sophisticated and it is the most important feature. We have to see how it works and if it's stable or not.
Check Point needs to work on hardware problems also. There are some hardware problems on NIC cards and hard disks. Lately, we have encountered some problems with it. There needs to be an RMA on some devices. Also, management and data plane separation need to be done as soon as possible because if you encounter a problem with gateways, you can't reach the management which will create more problematic situations.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Deputy Manager - Cyber Security at a transportation company with 5,001-10,000 employees
Easy to manage from a single console and offers zero-day protection against advanced threats
Pros and Cons
- "The most valuable feature is that we are protected against zero-day threats."
- "Reporting has to be improved."
What is our primary use case?
We use this solution for our perimeter firewall to protect our web applications, systems, and network. We are running our complete business with Check Point.
The complete traffic is managed by Check Point. The Check Point threat emulation blade is enabled to protect zero-day attacks and it will detect and prevent attachments and other payloads from this type of attack.
How has it helped my organization?
We have been running Check Point for the last ten years and it protected our network, systems, and applications against the latest attack. Our organization is running 500 applications that are being protected.
The next-generation firewall will manage all of the traffic and prevent the latest & advanced threats from attackers. The latest operating systems R 80.20 is wonderfully designed and allows customers to manage everything with a single console.
What is most valuable?
The most valuable feature is that we are protected against zero-day threats.
Everything can be managed from a single console.
What needs improvement?
We would like to see the following improvements:
- Multiple ISP redundancy.
- CPU utilization.
- VPN traffic.
- HA concept, where if we apply the policy in the primary appliance that should be applied to HA appliance automatically.
- The number of bugs has to be reduced.
- The number of false positives should be reduced.
- Threat emulation has to be improved.
- Reporting has to be improved.
For how long have I used the solution?
I have been using Check Point Next Generation Firewall for ten years.
How are customer service and technical support?
We are happy with Check Point technology and support.
What other advice do I have?
Both IN and OUT traffic is managed by Check Point. We are happy with Check Point technology including the protection, management, and the ability to secure the enterprise network against advanced threats.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Supervisor of Network and Datacentre Operations at Manitoba eHealth
Consolidated many of our DMZ services into one appliance
What is our primary use case?
- Perimeter and datacentre firewalls
- URL filtering
- Anti-bot
- Anti-malware
- Application awareness.
How has it helped my organization?
Consolidated many of our DMZ services into one appliance, and it's easy to add IPS functionality on firewalls.
What is most valuable?
All of the above mentioned.
What needs improvement?
Simplify licensing.
For how long have I used the solution?
Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
System Administrator at a tech services company
I faced stability issues, both reboots and tunnels needing to be bounced, frequently
Pros and Cons
- "Stability issues. I built out this firewall in a cluster, and I had stability issues day one. Needs to be rebooted frequently. Tunnels need to be bounced frequently. Their hardware compatibility guide, when I built out the servers to host them on, was not accurate."
What is our primary use case?
We leverage it as a next gen firewall, it does all of our IPS, URL filtering. We use it for our remote users, for VPN access. We use it to build VPN tunnels out to remote sites. It handles quite a bit.
How has it helped my organization?
It allows us to be a little bit more diverse in our hiring. We can hire people out in remote areas, that otherwise we wouldn't be able to because they'd have to come into the office without it.
What is most valuable?
The VPN side of it. Obviously without the VPN, we'd have tons of end users that wouldn't be able to connect to our environment.
What needs improvement?
Stability issues. I built out this firewall in a cluster, and I had stability issues day one. Needs to be rebooted frequently. Tunnels need to be bounced frequently. Their hardware compatibility guide, when I built out the servers to host them on, was not accurate. And there are compatibility issues and stability issues.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
We would lose our remote sites, they would just dump. Say we had our site in California, all of a sudden we're not connected to them anymore. Or we have site in AWS, then we can't connect there anymore. So I'd have to go in and reset the IPSec VPN tunnels, in order to regain connectivity, more frequently than I should have to. Obviously that can happen from time to time, but it was pretty frequent with Check Point, to the point where we're going to rip it out the next two weeks, and install Cisco everything.
What do I think about the scalability of the solution?
As far as scalability goes, I don't feel we really had to push it. We're not a huge company. It was literally always resolved with a license upgrade. If there were too many users connected, we would just upgrade a license and then have more users connected concurrently. So scalability, not an issue. But we sized it pretty appropriately when we installed.
How are customer service and technical support?
We had third-party tech support through our contract, and it was okay. I pretty much ended up having to figure everything out if there was a problem. As far as Check Point goes, I haven't really dealt directly with their tech support.
Which solution did I use previously and why did I switch?
When I started at the company, this solution had been in place, and it was failing, the cluster was failing. So I was tasked with rebuilding the entire solution, to make it a little bit more stable. I bought two brand new servers, and spun up a cluster for Check Point. And it improved a little bit, but for what we paid for that solution, it was not really worth it. Because of stability.
We have migrated some stuff over to Cisco ASA Firewalls. And those seems to be more stable. A lot easier to use, more stable, faster to get going.
How was the initial setup?
I thought it was pretty straightforward, myself. The issue that I ran into, on their website, when you go to install a solution they have something called the hardware compatibility list. That assures you that if you install their product, you also have the right servers to do it, you have the right NICs card, etc. So I actually bought brand new servers with brand new NIC cards that matched all the specs for the hardware compatibility list. I started getting everything setup, and it turns out the hardware compatibility list was wrong. It was wrought with issues. And I ended up having to pull some old NIC cards to throw in the servers to even get the thing to work.
So they don't have accurate documentation, I guess you could chalk it up to that. Or they didn't test it very thoroughly before they put it on the website. So that caused us a lot of heartache. This was a business-impacting setup. I had to do late-night maintenance windows, so when things don't work, it affects us at a pretty big level.
What's my experience with pricing, setup cost, and licensing?
I don't think the product's pricing is a good value. I feel it's very overpriced.
I feel a lot of the features for a next gen firewall are there. But I feel it's overpriced, because of the stability issues. As far as support goes, I really can't speak to direct Check Point support, but the third-party was pretty terrible.
I feel you'd get a lot more out of it with Cisco. With Cisco you'd pay about the same. I feel the licensing is a lot more straightforward. It's easier to understand.
That's another thing about Check Point, I think their licensing model is very confusing. As far as the licensing goes, it's pretty complex. If anybody was to purchase the Check Point product, definitely make sure they have an account rep come on site, and explain it line by line, what each thing is. It's not straightforward. It's very convoluted. There's no way you could just figure it out by looking at it.
Which other solutions did I evaluate?
We're halfway there right now, with the Cisco Firewalls we're switching to. They're very capable, they work like you'd expect, simple licensing, simple upgrades. It's been a breeze with those so far.
What other advice do I have?
I would say avoid it. There are definitely better solutions out there. For the amount of headache that you get with this product, it's not like you're saving yourself any money. It's just as much, if not more, than other solutions.
When it works, it works well. But, like I said, I've never really had a stretch of time where it just worked really well for everyone. It's been a constant pain point for our organization.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network security engineer at a tech services company with 1,001-5,000 employees
Supports site-to-site and remote VPN, good sandboxing capabilities, and it's reliable
Pros and Cons
- "All of the features are very valuable, but the most valuable features are the sandboxing and the advanced IPS/IDS."
- "The command line is very difficult to use, which is one of the biggest drawbacks of this solution."
What is our primary use case?
We use this solution for the VPN, from site-to-site and remote.
We also use it for advanced IPS, IDS, malware protection, and the sandbox. The sandboxing functionality is one of the best features.
What is most valuable?
All of the features are very valuable, but the most valuable features are the sandboxing and the advanced IPS/IDS.
What needs improvement?
The web filtering and CLI commands need to be improved.
The CLI command is very difficult to deploy.
If you are an engineer and considering configuring through the command line, you can't. The command line is very difficult to use, which is one of the biggest drawbacks of this solution.
The initial setup could be simplified.
Technical support is another big drawback and needs to be improved.
In the next release, there should be improvements made to the sandboxing functionality.
What do I think about the stability of the solution?
It's a very reliable solution. There are no issues with the stability of it.
What do I think about the scalability of the solution?
Currently, Check Point NGFW is the most scalable firewall on the market.
We have more than 500 users in our organization.
We will continue to use this solution and we plan to increase the sandboxing feature, which is the best feature of Check Point.
How are customer service and technical support?
The technical support is not good, which is the biggest drawback to Check Point. They will never compare to Cisco. Cisco's technical support is the best.
Which solution did I use previously and why did I switch?
I have also used Cisco, which is more expensive but the support is better.
How was the initial setup?
The initial setup was very complex.
It can take 20 to 30 days to deploy to the network.
What's my experience with pricing, setup cost, and licensing?
It is less expensive than Palo Alto.
Licensing is on a yearly basis and I am happy with the pricing.
Which other solutions did I evaluate?
I also considered the Palo Alto Next-Generation Firewall. I evaluated this solution and compared the price.
We chose Check Point because the price for Palo Alto is very high.
What other advice do I have?
If you are looking for deep security and have a good budget for security and firewalling then I would recommend Check Point, as it will meet the requirements.
Every product has its drawbacks and advantages, but I am very happy with this solution. In my opinion, this is the best firewall in the market at the current time.
I would rate this solution a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Firewall Administrator at a tech services company with 1,001-5,000 employees
Centralized management makes it easy to scale and the GUI makes it easy to use
Pros and Cons
- "The most valuable feature is the central management system through the Security Management Server. Apart from that, the graphical user interface helps us to do things easily."
- "The frequency of the antivirus updates which we get for Check Point firewalls should increase. They should be of good quality compared to the competitive firewalls on the market. They should give us stable antivirus signatures. That is an area in which they can improve."
What is our primary use case?
We're using Check Point Next Generation Firewalls to secure the internal LAN network from unwanted threats and for protecting the environment for business use.
What is most valuable?
The most valuable feature is the central management system through the Security Management Server. Apart from that, the graphical user interface helps us to do things easily.
What needs improvement?
The frequency of the antivirus updates which we get for Check Point firewalls should increase. They should be of good quality compared to the competitive firewalls on the market. They should give us stable antivirus signatures. That is an area in which they can improve.
For how long have I used the solution?
I have been using Check Point's Next Generation Firewalls for the last three-and-a-half years.
What do I think about the stability of the solution?
These firewalls are very stable and, apart from the antivirus issue which I mentioned, everything is stable in them. The best thing is that they are the most advanced firewall on the market.
What do I think about the scalability of the solution?
Per my experience, it is very easy to scale these firewalls, because they are combined with the central management point. It is very easy to push the same configuration to different firewalls at the same time. It does not take much time to extend usage.
We use them throughout our organization. Currently we have used them for around 50 percent of our needs and there is definitely a room to grow. In the future we will definitely try to increase usage, if it is required.
How are customer service and technical support?
We have had a good experience with the Check Point support guys. The solutions they provide are very straightforward and are provided quickly.
Which solution did I use previously and why did I switch?
I used Palo Alto firewalls. Compared to Palo Alto we are happier with the Check Point Firewall features. Key differences are the ease of operating Check Point firewalls and the use of Linux, as we are all trained in Linux. It is easier for us to work on the ELA of Check Point firewalls. And Check Point's support is good.
Check Point is the best firewall we have found for our organization so we went with it.
How was the initial setup?
In our company we do setup of Check Point firewalls very frequently because we are a growing company and we are required to do them on a fresh basis for our new branches.
The initial setup for these firewalls is straightforward. There's nothing complex about Check Point firewalls. They are easy to install and configure. We have cloud-based VM firewalls. We configure them in our environment. It is easy to access them and it is also easy to implement the changes on them.
Deployment time depends on the condition and the space of the organization. In our case, it requires three to six months for the setup phase. We have the same implementation strategy for all our branches, which is very simple. It is a three-level hierarchy which is recommended by Check Point. We use the SmartConsole, we use the Security Gateway, and we use the Security Management Server.
In my organization there are six people who have the access to the Check Point firewalls. Two of them are network administrators and four are managers.
What was our ROI?
We are happy with the return on investment from the Check Point firewalls. We are happy with the features and with the protection they provide us.
What's my experience with pricing, setup cost, and licensing?
The licensing part is easy for Check Point firewalls. You just purchase the license and install it on the firewall. The pricing is a bit high, but obviously it gives you advanced features. If you want to buy the best thing on the market, you have to pay extra money.
What other advice do I have?
When implementing the product, follow the recommendations which Check Point provides. Follow the backup for the firewall so that in case of an issue, you have a secondary firewall active.
The biggest lesson I have learned is that there is a scope of improvement. Companies that are improving and providing updates frequently are growing more. In addition, improving support is a very key part of things. Check Point rates well on all these points.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
OPNsense
Cisco Secure Firewall
Sophos XG
Palo Alto Networks NG Firewalls
Azure Firewall
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Untangle NG Firewall
Fortinet FortiGate-VM
SonicWall NSa
Sophos XGS
KerioControl
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How does Check Point NGFW compare with Fortinet Fortigate?
- Is Palo Alto Networks NG Firewalls better than Check Point NGFW?
- Which would you recommend - Azure Firewall or Check Point NGFW?
- Is Check Point's software compatible with other products?
- What do you recommend for a corporate firewall implementation?
- Comparison of Barracuda F800, SonicWall 5600 and Fortinet
- Sophos XG 210 vs Fortigate FG 100E
- Which is the best network firewall for a small retailer?
- When evaluating Firewalls, what aspect do you think is the most important to look for?
- Cyberoam or Fortinet?
I know how you feel, we have about 500 of CP FWs. Endless issues and endless pain. Their support is the worse ever, might as well fix the issue or apply work around yourself.
We have many nick names for CheckPoint, such as CheckBug, CheckFail, ChockPoint, CheckLeak and so on... Our pain is almost over, because our 5 years license is coming to an end!