Check Point NGFW Reviews

The user interface is very good.

The level of security is excellent. It protects our organization well.

It's a good overall product and we have a high level of satisfaction with the features on offer. 

Technical support could be improved. It's hit or miss in terms of the level of service and getting the answers you need.

I've been using the solution for ten years. 

We have hundreds of users that use the solution currently within our company.

We aren't 100% satisfied with technical support. Sometimes you get the help you need and sometimes you don't. Sometimes it's absolutely amazing. Sometimes they're great. However, you can't rely on them being like that all the time. We'd like the service level to be more reliable.

I can't speak to the installation process, as it was handled by an outside firm.

We had an integrator that assisted us with the implementation. 

I'm a customer and an end-user.

I would recommend the solution to other organizations especially if the company is looking for a certain level of security.

I'd rate the solution at an eight out of ten.

We use Check Point NGFW for perimeter protection of our network from the internet. We also use it for threat protection at the network level and the endpoint level.

We provide implementation, installation, and support services. We know about all types of firewalls, and we work with all types of installations. We usually use appliances, but in test environments, we use virtual appliances.

It is easy to use, and its management is the best. Check Point has a great unified management solution for firewalls and security products. 

Their technical support can be better. In addition, when we need to use it in a government environment, we face a lot of legal issues related to different types of certifications. It would be better to improve it for these issues.

Check Point doesn't have a SOAR system. They work with Siemplify, but it is an integration with another vendor. It would be great if Check Point has an integrated SOAR system.

We have been dealing with Check Point firewalls in our company for more than 20 years.

It is quite stable, but it can vary based on the version.

It is scalable. We can use the Maestro solution from Check Point for scalability. We can add new appliances as the company grows. If we need more performance and throughput, we can add additional appliances and have more performance. Check Point Maestro is the best solution for scalability.

Their technical support can be better.

Its initial setup is easy for me. The deployment duration varies. A simple deployment takes two or three days. A complex deployment that involves a cluster configuration or appliance replacement can take up to five days.

Its price is reasonable. If we compare its TCO for three years, it is more reasonable than some of the other vendors such as Fortinet, Palo Alto, etc.

I would recommend this solution. It is a great solution for endpoint protection and threat prevention. I have been working with Check Point products for a very long time. Check Point is one of our best vendors, and they make great products. 

I would advise others to learn about firewalls and other Check Point solutions. They have a lot of different solutions. If you choose their firewall, it would be useful to know more about other solutions. It would be one of the ways to improve the protection of your network with Check Point.

I would rate Check Point NGFW a ten out of ten. 

Check Point protects our environment from external threats. In particular, we use:

• Application Control for Internet access
• HTTPS Inspection for outgoing connections into the internet
• Separate the OT network from the normal data LANs
• SSL VPN for End Users - Check Point Mobile VPN Client is used on the end-user clients
• Site-to-Site VPN for connecting other companies to our environment

We are using two Check Point boxes in a ClusterXL Setup so that one appliance can die and the environment is not affected. We also use a cloud gateway for internet security on users, which are only connected to the internet (outside the office).

Check Point has improved our organization in the following ways:

• Provides for central management over all of the Check Point gateways
• Maintains a changelog that shows which users have made changes
• Version control allows us to roll back a ruleset after, for example, a misconfiguration
• Offers very granular application control
• Allows for various internet permissions for various users
• Gives us very good logging, which is nice for troubleshooting because you can instantly which rule is affected for each action
• The cloud gateway (Check Point Capsule Cloud) ensures that users are getting the same internet permissions as they would if inside the company, no matter which internet connection they are using

The most valuable feature is the centralized management, which gives us control over all of the Check Point gateways. This means that you do not need to connect to each gateway and make the necessary changes.

Cluster functionality, "ClusterXL", works like a charm. A rollover to the standby gateway does work with no noticeable delay in the network.

You can buy a Check Point appliance or install the Check Point NGFW as a VM on your own hardware.

The extremely wide function horizon covers almost every possible scenario.

The Performance on a policy install takes too long for my taste. This might be because, at each policy install, the management pushes the whole policy on the affected gateways.

Without any training, it is very hard to administrate the whole Check Point NGFW.

In our case, the main Check Point gateways are in a cluster configuration. Sadly, the management always shows the standby box as failed. This may be because it is set to STANDBY and not ACTIVE. It would be better to show the standby box as good.

I have been using Check Point NGFW for about five years.

Support is very customer-oriented and you are always in good hands.(customer wishes are often implemented in the next hotfix)

Most Support engineers are located in Israel. (Very good spoken english)

Very fast response from R&D Team

We were using SonicWall and switched because of EOL.

The pricing for Check Point depends on your environment.

Before choosing Check Point we evaluated Fortinet and a newer version of SonicWall.

It's simply a firewall.

1. Enables us to meet compliance requirements.
2. It maintains our security posture.

Filtering. It filters unwanted traffic.

Their products are pretty robust but, at the same time, we deployed ours in HA mode so we don't really worry about downtime, we have redundancy. We've never had any problems.

We have the right appliance for our specifications. If we wanted to get a bigger box then we will just get a bigger box based on our requirements.

We tend to go to our reseller for technical support.

The setup wasn't complex. I went to training and after training it pretty much all made sense. I was prepared for it.

Do your homework and make sure it fits. You have to know exactly what you want, what your requirements are. Make sure that whatever product you are actually going for meets your requirements, suits your infrastructure and how your IT operates.

What I look at when selecting a vendor is how long the vendor has been around, the level of focus on technology, how good they are. And one of the most important things we do is check industry ratings. That's one of the first things we look at, to see which vendors to consider.

I would rate Checkpoint eight out of 10. To get to a 10, there are some issues compared to other products. Ease of use is one. Also, I can never give any product a 10 out of 10. It's just impossible. There's always something definitely missing.

We leverage it as a next gen firewall, it does all of our IPS, URL filtering. We use it for our remote users, for VPN access. We use it to build VPN tunnels out to remote sites. It handles quite a bit.

It allows us to be a little bit more diverse in our hiring. We can hire people out in remote areas, that otherwise we wouldn't be able to because they'd have to come into the office without it.

The VPN side of it. Obviously without the VPN, we'd have tons of end users that wouldn't be able to connect to our environment.

Stability issues. I built out this firewall in a cluster, and I had stability issues day one. Needs to be rebooted frequently. Tunnels need to be bounced frequently. Their hardware compatibility guide, when I built out the servers to host them on, was not accurate. And there are compatibility issues and stability issues.

We would lose our remote sites, they would just dump. Say we had our site in California, all of a sudden we're not connected to them anymore. Or we have site in AWS, then we can't connect there anymore. So I'd have to go in and reset the IPSec VPN tunnels, in order to regain connectivity, more frequently than I should have to. Obviously that can happen from time to time, but it was pretty frequent with Check Point, to the point where we're going to rip it out the next two weeks, and install Cisco everything.

As far as scalability goes, I don't feel we really had to push it. We're not a huge company. It was literally always resolved with a license upgrade. If there were too many users connected, we would just upgrade a license and then have more users connected concurrently. So scalability, not an issue. But we sized it pretty appropriately when we installed.

We had third-party tech support through our contract, and it was okay. I pretty much ended up having to figure everything out if there was a problem. As far as Check Point goes, I haven't really dealt directly with their tech support.

When I started at the company, this solution had been in place, and it was failing, the cluster was failing. So I was tasked with rebuilding the entire solution, to make it a little bit more stable. I bought two brand new servers, and spun up a cluster for Check Point. And it improved a little bit, but for what we paid for that solution, it was not really worth it. Because of stability. 

We have migrated some stuff over to Cisco ASA Firewalls. And those seems to be more stable. A lot easier to use, more stable, faster to get going.

I thought it was pretty straightforward, myself. The issue that I ran into, on their website, when you go to install a solution they have something called the hardware compatibility list. That assures you that if you install their product, you also have the right servers to do it, you have the right NICs card, etc. So I actually bought brand new servers with brand new NIC cards that matched all the specs for the hardware compatibility list. I started getting everything setup, and it turns out the hardware compatibility list was wrong. It was wrought with issues. And I ended up having to pull some old NIC cards to throw in the servers to even get the thing to work.

So they don't have accurate documentation, I guess you could chalk it up to that. Or they didn't test it very thoroughly before they put it on the website. So that caused us a lot of heartache. This was a business-impacting setup. I had to do late-night maintenance windows, so when things don't work, it affects us at a pretty big level.

I don't think the product's pricing is a good value. I feel it's very overpriced. 

I feel a lot of the features for a next gen firewall are there. But I feel it's overpriced, because of the stability issues. As far as support goes, I really can't speak to direct Check Point support, but the third-party was pretty terrible. 

I feel you'd get a lot more out of it with Cisco. With Cisco you'd pay about the same. I feel the licensing is a lot more straightforward. It's easier to understand. 

That's another thing about Check Point, I think their licensing model is very confusing. As far as the licensing goes, it's pretty complex. If anybody was to purchase the Check Point product, definitely make sure they have an account rep come on site, and explain it line by line, what each thing is. It's not straightforward. It's very convoluted. There's no way you could just figure it out by looking at it.

We're halfway there right now, with the Cisco Firewalls we're switching to. They're very capable, they work like you'd expect, simple licensing, simple upgrades. It's been a breeze with those so far. 

I would say avoid it. There are definitely better solutions out there. For the amount of headache that you get with this product, it's not like you're saving yourself any money. It's just as much, if not more, than other solutions.

When it works, it works well. But, like I said, I've never really had a stretch of time where it just worked really well for everyone. It's been a constant pain point for our organization.

We have proposed and deployed Check Point in a university environment that has multi-layer firewall protection for different zones, including DMZ, a server zone, Wi-Fi, a staff zone, a student hostel zone, guests, etc. Each zone is guarded by a firewall.

We need the NGFW to protect and secure the campus networks for more than 50,000 users. One of the key points is it is cost-effective and scalable to expand the throughput capacity. We expect the solution is possible to protect the networks for at least five to eight years without replacing the hardware investment. 

The solution provides better stability and some interesting features such as the ease of throughput expansion (or we can say the load sharing).

The scalability helps to offload the high traffic volume during school time. It also enhances redundancy. 

The load sharing capabilities using ClusterXL is possible to switch over the cluster mode to load sharing or Maestro. I also appreciate how easy it is to scale this product.

It is also great that the Check Point community (CheckMates portal) has a lot of helpful guidance. It helps us to work better and ease to find unfamiliar configurations on the new features, it is great for larger organizations as well as very small ones.

They offer very scalable solutions to extend computing resources if needed. We can expand the capacity in a very short time. 

The threat analysis reporting from their management console is very comprehensive and easy to use. 

Their web-based dashboard is well designed and offers much out-of-the-box reporting, and provides admins extensive customizations. 

In the operational GUI, Check Point provides rich customization methods to allow us to easily visualize/categorize objects in different colors. It makes operating the firewall much easier.

Under the same capacity requirements, Cheak Point is a bit higher than Fortinet yet much cheaper than Palo Alto. Although using Quantum Maestro to enhance scalability expansion is very helpful to cut down the total cost, it is still an issue for most of the company. Check Point is not a cheap solution and it's always painful to see exactly how much we need to spend on this. 

The upgrade process is not as easy as may be expected. If there is something that goes wrong, it causes the internet service to go down for the whole campus network. I am not happy with that situation since the upgrade process is a very common process. The outcome is not acceptable.

It is scalable and very easy to expand the throughput and resources.

Check Point firewall provide a very cool feature using Quantum Maestro Hyperscale Orchestrator, it provides on-demand cloud-like scaling of our on-premises security gateways. By using Maestro, we can aggregate multiple mid-level Check Point appliances to provide a high throughput volume. It is very useful to scale up to 52 appliances. If we use other firewall solutions, they can only aggregate up to TWO firewalls with same model in clustering or purchase a more high end model firewall. 

For a long term planning, we can expand the throughput by reusing the existing Check Point hardware investment and adding new appliances to.

The deployment is straightforward, however, the ongoing upgrades are not satisfactory.

I use Check Point NGFW for controlling traffic and controlling access to the production server. It is a HA (high availability) environment. It is easy to use failover solutions.

We use it on our disaster recovery (DR Site) and it runs smoothly.

In the office, Check Point Infinity is the only fully consolidated cybersecurity architecture that protects your business and IT infrastructure.

Integrating the most advanced threat prevention and consolidated management, the security gateway appliance is designed to prevent any cyber attack, reduce complexity, and lower costs.

Check Point gateways provide superior security beyond any Next-Generation Firewall (NGFW).

Best designed for network protection, these gateways are the best at preventing the fifth generation of cyber attacks.

Overall, for us, it improves the private cloud security and helps to prevent the spread of threats while consolidating visibility and management across our physical and virtual networks.

The most valuable feature is the next-generation firewall (NGFW) protection.

Check Point has long been a leader in the firewall market. It offers Quantum Security Gateways for a wide range of use cases and CloudGuard FWaaS and cloud security products too. NSS Labs scored Check Point just behind Palo Alto in security effectiveness and ahead of Palo Alto in TCO. Check Point’s management features are among the best in the business, but SD-WAN capabilities are lagging.

A firewall rule is the same on all systems, and I am very happy with the correlation and the display of the rules.

From the logs, you can trace back to the rule with a click, which makes it easy to investigate cases. It is also easy to search the log.

They have few predefined reports and it would be nice to increase them since the logs are excellent.

They should be quicker to release fixes for known vulnerabilities, including those related to Microsoft products.

If you make a mistake when creating rules, it is time-consuming to fix them. However, there is no problem with traffic processing. 

Sometimes you are forced to interact on several different levels. On the one hand, you put the rules in, and on the other, you put in the route. 

I have been using Check Point NGFW for between five and six years.

They have a good support team that is fast to respond. However, there are open cases that should be resolved in a more timely fashion.

We used another solution prior to this one, but the updates were too slow and it was harder to monitor the log.

The initial setup is very hard.

The vendor implemented this product for us.

This product is a good investment and I expect a full return in approximately three years.

The price of the appliance should be decreased.

 I evaluated several other solutions and compared them before choosing Check Point.

This is a product that I recommend.