Check Point NGFW Reviews

We provide solutions for various customers where we apply Check Point Firewalls, either for a VPN gateway or for securing their networks. We have provided them to a couple of financial customers to protect their mobile banking as well.

It has good features for searching the firewall rules and it has drastically changed daily operations. It's very easy, even for novice users or newcomers, to operate and manage this device. It has improved our operations that way.

The most valuable feature of the firewall is the packet inspection. That is an amazing feature from Check Point. Apart from that, we do have identity solutions which we use on a regular basis. Both are very good.

It would be great if the access management, the user management features, were improved in terms of the number of users that can be connected, and how users can access the various resources with the help of firewall authentication.

Also, one of the challenges I hear about from customers or engineers who work with and operate Check Point firewalls is not about the technical capabilities of the product but about understanding the product. There should be whitepapers available on the Check Point portal so that people can understand them more easily.

I have been using Check Point's firewalls for almost 12 years. I started with the IP390.

Stability has improved a lot from Check Point's very early days over the last 12 years. Back then we had to reboot the firewall after every two to four days.

The firewalls are scalable with our workload. We are at about 20 to 30 percent utilization so even if we doubled of our existing network resources and load on the firewalls, they would still have the space to scale. They're enough for the networks that we have implemented.

We recently finished a deployment and it's still in the user acceptance test phase. As of now, I cannot say anything in terms of increased usage. But for the customers that we have deployed it for within India and the APAC region, so far the results have been pretty good.

I have used technical support a couple of times, when it was required, for hardware replacements. Of course, once or twice I contacted them for active devices when we had some glitches. But that turned out to have nothing to do with Check Point.

Overall, technical support has been good. They understand the situation and what part needs to be replaced or what needs troubleshooting through remote support tools.

Before Check Point we used Cisco. And we use Cisco for a couple of customers because it's already pre-deployed, so it's not in our hands. We manage operations, so we are still managing Cisco devices. We don't have Juniper right now, but we have Palo Alto for one of our customers.

The initial setup is very straightforward. When we boot the firewall we have instructions which say how to connect to the QR, and from that portal you go to your gateway and configure all the required network interfaces. Once you have installed your Smart controller, you need not log into the firewall every time. Instead, you can log in through your Smart controller. That's a pretty good method which no other firewall provides.

For the very basic features, it does not take more than two days. But, for a full-fledged implementation, it can take around two months.

Our implementation strategy is to replace existing firewalls in the network. We try to keep the business downtime as short as possible, especially for business-critical applications.

For deployment and maintenance of these firewalls we have a team, worldwide in different regions: APAC, Europe, America, and the Middle East, although in the Middle East we don't use Check Point.

We have definitely achieved ROI with Check Point firewalls.

We definitely evaluate other options based on the customer's budget, and the stability and technical specs of the firewall. We generally choose Check Point as our preferred product vendor.

The biggest lesson I have learned from using Check Point's firewalls is that they are not complex.

I'm expecting a lot of solutions from Check Point and if there are more solutions from them, that would be great. I would like to see more product development.

Overall, I would rate it at 10 out of 10. It's the best firewall in the market.

We use Checkpoint Firewalls to protect Datacenter VLANs against each other. In addition, we use them to protect our perimeter systems from the internet, and our internal network from the perimeter.

We have virtualized the systems on a VSX-Cluster using VSLS, but the basics are still the same compared to a traditional cluster. VSX gives us a bit more flexibility in the case of load-sharing. Therefore, it’s quite easy to react in the case of heavily used hardware distributing the load by failover or prioritizing VSs onto different nodes.

The biggest improvement is the central logging and management of all firewalls. Other IT-departments can get log-access and search for their own if there are missing rules or other issues.

Since we use Identity Awareness the solution becomes more flexible, as users no longer need static IPs. Especially for IT-users, who always need more rights, it was a big improvement.

Implementing Wi-Fi makes it nearly impossible to work without Identity Awareness. Unfortunately, we fought with some bugs in the IA-module, but we got them solved.

R80 management has improved and made the product more comfortable for IT people to use.

Filtering through rules and finding similar ones to add additional objects becomes much faster.

With an additional hotfix starting from R80.10, we are able to use the management with Ansible. From R80 on, we started creating objects via script or adding them to groups. That makes some parts “automatic”, or at least much faster.

With the new SmartTask offered in R80.40, we will be happy to configure some automatic control-functions.

The Check Point support needs a lot of improvement. We spend a lot of time troubleshooting issues ourselves, create good ticket descriptions, and try to explain in detail what has already been tested. Even so, it takes at least three ticket-updates before support really understands the issue. If you manage to reach the third-level support, you are still forced to be really critical of what kind of suggestions Check Point support is offering you. Running debugs on a test environment is quite different than running them in a heavily used production environment.

We have been using Check Point firewalls for 16 years.

We use the tool as a data center firewall. Some of our customers use it as a perimeter firewall. We are only using the security gateway.

The product is flexible. I like the product’s performance and throughput.

The cost of add-on features is too high.

I have been using the solution for five to six years.

The tool is stable. We haven’t faced any issues after configuring and putting it in production.

We have roughly 7000 appliances. The tool is scalable. I like the scalability of the solution. We have 10 to 20 customers.

The technical support is good.

Positive

The initial setup is easy.

The pricing is moderate. The license cost is good. However, some features like VPN are costly.

We use the solution for our clients. My recommendation depends upon the requirements. I do not recommend the product for an SMB. I recommend it for enterprises. It has good performance and throughput. Overall, I rate the solution a seven or eight out of ten.

We primarily use it for internet security. We use it for firewalling, ePass, and threat detection including anti-malware protection, bug protection, and social inspection. We can also use it for DLP.

The solution helps out in our security goals. It acts as a primary source of protection for threats from the internet and is great for data leakage protection.

Most of the time, it's pretty stable. 

We have all the features we want or need in this appliance. It's been good so far. 

Sometimes there are security bugs, which is frustrating.  

Right now, we have a problem with DLP and this problem has become very big. Check Point, our firewall, is not handling data properly. There seems to be some sort of security bug.

I've used the solution for ten years or so. It's been a decade at least. 

The solution, for the most part, is very stable. We find it to be quite reliable. There are bugs, however, which have caused some issues. 

The solution is not scalable per se. There is only one way to upgrade and that is to buy new appliances.

Currently, we have around 7,000 people using this solution.

Likely, we won't be increasing usage. We are building new releases and we are considering changing this solution to another vendor. We might switch from Check Point to maybe Palo Alto or Cisco. We don't know which yet.

We haven't really dealt with technical support. We typically go through our partners.

We also use Cisco as well. We use Cisco ASA. Check Point, right now, is our primary firewall.

Check Point offers very good management. For an administrator, it's easy to manage this appliance, this firewall. Cisco, historically, has a big problem with this, specifically with FTD firewalls. There also tend to be some bugs you have to contend with.

I can't speak to the initial setup process. Our partner handled it and therefore I wasn't really part of the process. That said, for me. the process is pretty simple.

My understanding is that the deployment took a few days. 

I'd rate the experience of the initial setup at a four out of five. 

About two people were able to handle the implementation process. Typically, they are architects and engineers. 

We had a partner set up the solution for us.

We have seen a decent ROI. I'd rate it at a four out of five. 

I can't speak to the cost of the solution. We deal with it through a partner, and I'm not involved in any of the pricing aspects. 

We are considering switching to Palo Alto or maybe Cisco in the near future. 

We are a customer and an end-user.

Some blades, some function blades on Check Point, are very good, however, it's not all of them. Right now, I know DLP and social inspection are a problem. New users should be aware of this. 

Overall, I would rate the solution at a seven out of ten.

We wanted to deploy a specialized Next-Generation Firewall in our perimeter security.

The solution addresses the Security requirements at Perimeter Layer including:

1. Network IPS
2. Application Control
3. IPSEC VPN
4. SSL VPN.
5. Proxy

It was required to enable IPSEC VPN between our vendors across the world

We got positive responses on Check Point Firewalls from our vendors as well.

Our team addresses the regular audits with a Next-Generation Firewall, starting from configuration and application vulnerabilities to customized reporting.

We have planned to achieve many business use cases including IPS, Network AV, Content Awareness - Data Leakage Prevention, IPSEC VPNs between our peers, SSL VPN with Posture Assessment, and Web Proxy as well.

This solution addressed most of our needs but required multiple license subscriptions.

Below are the few Business use cases we achieved through Check Point NGFW:

1. SSL VPN with Security Posture Assessment
2. SSL VPN with In-build Multi-Factor Authentication Option (Certificate + User Credentials)
3. Content Filtering (Identity Awareness and DLP)
4. Forward Proxy with Web and Application Control
5. Enabling Anti-Bots and IPS

The SSL VPN with posture assessment helped us to remove the dedicated Standalone SSL VPN solution which was benefited both commercially and technically.

Anti-Bots and IPS enabled security on the network traffic.

Along with VPN and Proxy (Web and application control), we removed another standalone proxy for internal use and extended the content filtering to roaming users as well.

The security posture assessment with two-factor authentication has saved more time and commercial costs by avoiding deploying having to deploy another solution.

It took so many weeks to migrate our old firewall to Check Point after we did internal and external assessments on earlier setups and enabled multiple security features.

We had difficulty configuring the NAT. For example, instead of following A-B-C, we need to do A-C-B

Initially, we faced a few challenges with firmware. Later this was addressed with jumbo hotfixes.

We tried to create a single management software to manage the policies, view the logs, have a mobile access VPN, and do reporting.

Please concentrate on local services enablement for faster resolutions.

We have been using this solution since July 2020.

Initially, we faced a few challenges with the firmware. We later addressed this with help of jumbo and custom hotfixes. Later, it performed well.

The solution is scalable in terms of enabling the features and deploying management servers.

We would recommend they have regular feedback sessions with customers.

Neutral

We used another firewall that enables basic security features with lot of limitations.

We found the setup difficult in the earlier stages as our team used to work with another CLI-based solution.

Our In-house team handled the implementation. 

I'd advise users to validate the licensing model during the pre-evaluation period itself. It took a few days for us to understand DLP and Mobile Access Blades that had to be procured separately along with the NGTP bundle to address our requirements.

We evaluated Palo Alto and FortiGate.

We're using Check Point Next Generation Firewalls to secure the internal LAN network from unwanted threats and for protecting the environment for business use.

The most valuable feature is the central management system through the Security Management Server. Apart from that, the graphical user interface helps us to do things easily.

The frequency of the antivirus updates which we get for Check Point firewalls should increase. They should be of good quality compared to the competitive firewalls on the market. They should give us stable antivirus signatures. That is an area in which they can improve.

I have been using Check Point's Next Generation Firewalls for the last three-and-a-half years.

These firewalls are very stable and, apart from the antivirus issue which I mentioned, everything is stable in them. The best thing is that they are the most advanced firewall on the market.

Per my experience, it is very easy to scale these firewalls, because they are combined with the central management point. It is very easy to push the same configuration to different firewalls at the same time. It does not take much time to extend usage.

We use them throughout our organization. Currently we have used them for around 50 percent of our needs and there is definitely a room to grow. In the future we will definitely try to increase usage, if it is required.

We have had a good experience with the Check Point support guys. The solutions they provide are very straightforward and are provided quickly.

I used Palo Alto firewalls. Compared to Palo Alto we are happier with the Check Point Firewall features. Key differences are the ease of operating Check Point firewalls and the use of Linux, as we are all trained in Linux. It is easier for us to work on the ELA of Check Point firewalls. And Check Point's support is good.

Check Point is the best firewall we have found for our organization so we went with it.

In our company we do setup of Check Point firewalls very frequently because we are a growing company and we are required to do them on a fresh basis for our new branches.

The initial setup for these firewalls is straightforward. There's nothing complex about Check Point firewalls. They are easy to install and configure. We have cloud-based VM firewalls. We configure them in our environment. It is easy to access them and it is also easy to implement the changes on them.

Deployment time depends on the condition and the space of the organization. In our case, it requires three to six months for the setup phase. We have the same implementation strategy for all our branches, which is very simple. It is a three-level hierarchy which is recommended by Check Point. We use the SmartConsole, we use the Security Gateway, and we use the Security Management Server.

In my organization there are six people who have the access to the Check Point firewalls. Two of them are network administrators and four are managers.

We are happy with the return on investment from the Check Point firewalls. We are happy with the features and with the protection they provide us.

The licensing part is easy for Check Point firewalls. You just purchase the license and install it on the firewall. The pricing is a bit high, but obviously it gives you advanced features. If you want to buy the best thing on the market, you have to pay extra money.

When implementing the product, follow the recommendations which Check Point provides. Follow the backup for the firewall so that in case of an issue, you have a secondary firewall active.

The biggest lesson I have learned is that there is a scope of improvement. Companies that are improving and providing updates frequently are growing more. In addition, improving support is a very key part of things. Check Point rates well on all these points.

It's an on-prem deployment where we use it to protect our client and end-users who are working with the internet, and to protect their servers from external access. They have about 100 users and two servers.

When we did not have SSO, we had problems related to attacks compromising our firewall. That has been mitigated. We have the traffic going through the firewall to the server, so those types of things have really improved. We are seeing less traffic going to the server. When there was direct access to it, there was more and more traffic going to our server. So it has improved our server performance.

My favorite feature is the UTM piece and that was the main reason we bought it. It helps us to fine tune the network. We use it to block certain websites, to block access to particular locations, such as in Singapore or say Malaysia, where we have offices. We keep the previous device updated and, based on that, we also have static MAC address binding.

We also use the VPN services. The VPN features are mostly for our cloud connectivity and for our remote users to have local server access.

When I was creating the VPN on it and the client side through the portal, that feature was very annoying. I could not use it. It was much more usable after downloading it to the laptop. That was very good compared to using it directly from the browser.

I have been using Check Point NGFW for almost two-and-a-half years.

It's a stable solution. In the time I have been using this product, I have hardly seen anything break.

In terms of scalability, they have products that can fit into the environment. It's a very scalable solution. For our requirements, it fits very well. You can go with whatever kind of setup you want: Active-Passive, Active-Active. Check Point is very easy. Their solution is ready for our market; it's very well suited. Wherever we want to go, Check Point can provide a solution.

Currently, we are using somewhere around 50 to 60 percent of the box's capacity.

Sometimes, when I have gotten stuck, I have reached out to support and it's okay. They have helped me very quickly.

We did not have a previous solution. We went directly with Check Point. We liked the features provided by Check Point and we went for it.

The setup is not complex. It's easy to deploy. The documentation provided is very good. Deployment takes me two to three days. The hardware takes one-and-a-half days and then I get all the features up and running.

We have a standard implementation strategy. We have a checklist. We plan it out. Then we go into the field for the deployment. We have one dedicated engineer for deployment, and I also check it on a regular basis. The two of us are also the ones who manage the solution.

We have to consider things, cost-wise, when we are expanding into other locations. We don't have the budget to use it in other platforms. We have some servers that we deploy in AWS and other locations. But instead of going with Check Point, we go with other vendors to fit into the budget.

Check Point is really costly. When it comes to the Indian market, where we are located, we always consider budget solutions. So this is an area where Check Point could use some improvement.

In addition to the standard fees, support is an added expense.

The biggest lesson learned from using this solution is in terms of security. It is a really good product. I don't think there is anything missing from the Check Point firewalls. The features provided by the company are very good and provide what we need.

It's a very good security product, as long as you have the budget. It provides modern security and the architecture Check Point provides is good. And the application side will really help any size of business to deal with traffic based on the application.

We use the solution for network security, perimeter security, DMZ, antibot, antivirus, endpoint protection, email security, sandblast, and DLP. The environment is a multi-environment and consists of multiple networks, segmented and managed by a management server. These firewalls protect the network, external and internal. 

We are also protecting several customers and it allows remote access connection from anywhere in a secure way.

There are also site-to-site VPNs with different customers, vendors, and cloud providers, using the highest security encryption algorithms.

The organization is more secure. These firewalls work as expected. We have a perimeter and network segmentation well defined and firewall features and blades like IPS, Identity awareness, antibot, antivirus, threat prevention, endpoint security, and DLP, all allow the organization to have most of the security components centralized which allows for easier maintenance and monitoring. 

In relation to the monitoring, Check Point has tools that allow the administrator to track the traffic, and identify threats, attacks, and also check the forensics to understand what happened in case of a breach and ensure it won't happen again.

The most valuable elements include:

Smart View Tracker: To check the traffic logs easily. This is the best logging tool for me so far. You can identify almost everything from the logs, using a smart view tracker.

Smart Dashboard: allows for rule creation and administration and management and is user-friendly. The administration allows you to copy and paste rules, move the order, and create objects, pretty easily. It is very handy.

CPUSE: A Smart way to upgrade firewall software versions. You can easily verify if you can upgrade to the desired version, download the right package and upgrade, and also check the status of the upgrade. It's a great tool.

Error logs can be more specific. Sometimes the error shows only a general error and the solution could be hard to find or difficult to apply. 

Documentation can be improved. It has been improved, however, when you search for errors, in relation to documentation and how to solve it, sometimes it is not that simple to find the right solution. Troubleshooting errors could be sometimes difficult and some tools are only available for the Check Point support team. 

The price is also a factor to take into account. Other competitors offer low prices in relation to Check Point and the executive team may opt for the cheapest vendor (if you have to compare to another good one yet note a cheaper price).

I've used the solution for ten years.

The solution offers good scalability.

The solution offers good customer service and good support.

Positive

I have been using Check Point since the beginning.

The initial setup is straightforward.

We handled the setup in-house.

The solution is super stable.

The pricing could be better, however, the vendor is excellent and I strongly recommend it.

I did not evaluate other options.