Try our new research platform with insights from 80,000+ expert users
reviewer1420545 - PeerSpot reviewer
IT-Infrastruktur at Synthesa Chemie Ges.m.b.H
Real User
Provides centralized management, good logging capabilities, and granular application control
Pros and Cons
  • "The most valuable feature is the centralized management, which gives us control over all of the Check Point gateways."
  • "Without any training, it is very hard to administrate the whole Check Point NGFW."

What is our primary use case?

Check Point protects our environment from external threats. In particular, we use:

  • Application Control for Internet access
  • HTTPS Inspection for outgoing connections into the internet
  • Separate the OT network from the normal data LANs
  • SSL VPN for End Users - Check Point Mobile VPN Client is used on the end-user clients
  • Site-to-Site VPN for connecting other companies to our environment

We are using two Check Point boxes in a ClusterXL Setup so that one appliance can die and the environment is not affected. We also use a cloud gateway for internet security on users, which are only connected to the internet (outside the office).

How has it helped my organization?

Check Point has improved our organization in the following ways:

  • Provides for central management over all of the Check Point gateways
  • Maintains a changelog that shows which users have made changes
  • Version control allows us to roll back a ruleset after, for example, a misconfiguration
  • Offers very granular application control
  • Allows for various internet permissions for various users
  • Gives us very good logging, which is nice for troubleshooting because you can instantly which rule is affected for each action
  • The cloud gateway (Check Point Capsule Cloud) ensures that users are getting the same internet permissions as they would if inside the company, no matter which internet connection they are using

What is most valuable?

The most valuable feature is the centralized management, which gives us control over all of the Check Point gateways. This means that you do not need to connect to each gateway and make the necessary changes.

Cluster functionality, "ClusterXL", works like a charm. A rollover to the standby gateway does work with no noticeable delay in the network.

You can buy a Check Point appliance or install the Check Point NGFW as a VM on your own hardware.

The extremely wide function horizon covers almost every possible scenario.

What needs improvement?

The Performance on a policy install takes too long for my taste. This might be because, at each policy install, the management pushes the whole policy on the affected gateways.

Without any training, it is very hard to administrate the whole Check Point NGFW.

In our case, the main Check Point gateways are in a cluster configuration. Sadly, the management always shows the standby box as failed. This may be because it is set to STANDBY and not ACTIVE. It would be better to show the standby box as good.

Buyer's Guide
Check Point NGFW
March 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.

For how long have I used the solution?

I have been using Check Point NGFW for about five years.

How are customer service and support?

Support is very customer-oriented and you are always in good hands.(customer wishes are often implemented in the next hotfix)

Most Support engineers are located in Israel. (Very good spoken english)

Very fast response from R&D Team

Which solution did I use previously and why did I switch?

We were using SonicWall and switched because of EOL.

What's my experience with pricing, setup cost, and licensing?

The pricing for Check Point depends on your environment.

Which other solutions did I evaluate?

Before choosing Check Point we evaluated Fortinet and a newer version of SonicWall.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Network Administrator at Türkiye İş Bankası
Real User
Easy to use, configure, and manage and offers good security
Pros and Cons
  • "SmartCenter and SmartLog are the best platforms to manage firewall rules. SandBlast Zero-Day is very useful when encountering any security leaks."
  • "Check Point needs to work on hardware problems also."

I have been working with Check Point for almost three years in my career and 8+ years on my company.

We are using Check Point as a perimeter firewall in our data center and we are using all NGFW specs on our firewalls like IPS, identity awareness, Anti-Bot, application firewall antivirus and SandBlast solutions in our environment.

It is generally easy to configure and manage using SmartCenter. Also, SmartLog really helps troubleshoot any problems that we encounter. SandBlast Zero-Day security helps our organization become safer. SmartConsole is the best GUI when compared to other companies. It is very easy to use and it is much more secure when compared to a web GUI.

SmartCenter and SmartLog are the best platforms to manage firewall rules. SandBlast Zero-Day is very useful when encountering any security leaks.

Maestro looks very sophisticated and it is the most important feature. We have to see how it works and if it's stable or not. 

Check Point needs to work on hardware problems also. There are some hardware problems on NIC cards and hard disks. Lately, we have encountered some problems with it. There needs to be an RMA on some devices. Also, management and data plane separation need to be done as soon as possible because if you encounter a problem with gateways, you can't reach the management which will create more problematic situations.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Check Point NGFW
March 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,767 professionals have used our research since 2012.
Senior Network and Security Analyst at a pharma/biotech company with 11-50 employees
Real User
Enables us to meet compliance requirements and maintains our security posture
Pros and Cons
  • "It filters unwanted traffic."
  • "There are some issues compared to other products. Ease of use is one."

What is our primary use case?

It's simply a firewall.

How has it helped my organization?

  1. Enables us to meet compliance requirements.
  2. It maintains our security posture.

What is most valuable?

Filtering. It filters unwanted traffic.

What do I think about the stability of the solution?

Their products are pretty robust but, at the same time, we deployed ours in HA mode so we don't really worry about downtime, we have redundancy. We've never had any problems.

What do I think about the scalability of the solution?

We have the right appliance for our specifications. If we wanted to get a bigger box then we will just get a bigger box based on our requirements.

How is customer service and technical support?

We tend to go to our reseller for technical support.

How was the initial setup?

The setup wasn't complex. I went to training and after training it pretty much all made sense. I was prepared for it.

What other advice do I have?

Do your homework and make sure it fits. You have to know exactly what you want, what your requirements are. Make sure that whatever product you are actually going for meets your requirements, suits your infrastructure and how your IT operates.

What I look at when selecting a vendor is how long the vendor has been around, the level of focus on technology, how good they are. And one of the most important things we do is check industry ratings. That's one of the first things we look at, to see which vendors to consider.

I would rate Checkpoint eight out of 10. To get to a 10, there are some issues compared to other products. Ease of use is one. Also, I can never give any product a 10 out of 10. It's just impossible. There's always something definitely missing.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
SystemAdaacb - PeerSpot reviewer
System Administrator at a tech services company
Real User
I faced stability issues, both reboots and tunnels needing to be bounced, frequently
Pros and Cons
    • "Stability issues. I built out this firewall in a cluster, and I had stability issues day one. Needs to be rebooted frequently. Tunnels need to be bounced frequently. Their hardware compatibility guide, when I built out the servers to host them on, was not accurate."

    What is our primary use case?

    We leverage it as a next gen firewall, it does all of our IPS, URL filtering. We use it for our remote users, for VPN access. We use it to build VPN tunnels out to remote sites. It handles quite a bit.

    How has it helped my organization?

    It allows us to be a little bit more diverse in our hiring. We can hire people out in remote areas, that otherwise we wouldn't be able to because they'd have to come into the office without it.

    What is most valuable?

    The VPN side of it. Obviously without the VPN, we'd have tons of end users that wouldn't be able to connect to our environment.

    What needs improvement?

    Stability issues. I built out this firewall in a cluster, and I had stability issues day one. Needs to be rebooted frequently. Tunnels need to be bounced frequently. Their hardware compatibility guide, when I built out the servers to host them on, was not accurate. And there are compatibility issues and stability issues.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    We would lose our remote sites, they would just dump. Say we had our site in California, all of a sudden we're not connected to them anymore. Or we have site in AWS, then we can't connect there anymore. So I'd have to go in and reset the IPSec VPN tunnels, in order to regain connectivity, more frequently than I should have to. Obviously that can happen from time to time, but it was pretty frequent with Check Point, to the point where we're going to rip it out the next two weeks, and install Cisco everything.

    What do I think about the scalability of the solution?

    As far as scalability goes, I don't feel we really had to push it. We're not a huge company. It was literally always resolved with a license upgrade. If there were too many users connected, we would just upgrade a license and then have more users connected concurrently. So scalability, not an issue. But we sized it pretty appropriately when we installed.

    How are customer service and technical support?

    We had third-party tech support through our contract, and it was okay. I pretty much ended up having to figure everything out if there was a problem. As far as Check Point goes, I haven't really dealt directly with their tech support.

    Which solution did I use previously and why did I switch?

    When I started at the company, this solution had been in place, and it was failing, the cluster was failing. So I was tasked with rebuilding the entire solution, to make it a little bit more stable. I bought two brand new servers, and spun up a cluster for Check Point. And it improved a little bit, but for what we paid for that solution, it was not really worth it. Because of stability. 

    We have migrated some stuff over to Cisco ASA Firewalls. And those seems to be more stable. A lot easier to use, more stable, faster to get going.

    How was the initial setup?

    I thought it was pretty straightforward, myself. The issue that I ran into, on their website, when you go to install a solution they have something called the hardware compatibility list. That assures you that if you install their product, you also have the right servers to do it, you have the right NICs card, etc. So I actually bought brand new servers with brand new NIC cards that matched all the specs for the hardware compatibility list. I started getting everything setup, and it turns out the hardware compatibility list was wrong. It was wrought with issues. And I ended up having to pull some old NIC cards to throw in the servers to even get the thing to work.

    So they don't have accurate documentation, I guess you could chalk it up to that. Or they didn't test it very thoroughly before they put it on the website. So that caused us a lot of heartache. This was a business-impacting setup. I had to do late-night maintenance windows, so when things don't work, it affects us at a pretty big level.

    What's my experience with pricing, setup cost, and licensing?

    I don't think the product's pricing is a good value. I feel it's very overpriced. 

    I feel a lot of the features for a next gen firewall are there. But I feel it's overpriced, because of the stability issues. As far as support goes, I really can't speak to direct Check Point support, but the third-party was pretty terrible. 

    I feel you'd get a lot more out of it with Cisco. With Cisco you'd pay about the same. I feel the licensing is a lot more straightforward. It's easier to understand. 

    That's another thing about Check Point, I think their licensing model is very confusing. As far as the licensing goes, it's pretty complex. If anybody was to purchase the Check Point product, definitely make sure they have an account rep come on site, and explain it line by line, what each thing is. It's not straightforward. It's very convoluted. There's no way you could just figure it out by looking at it.

    Which other solutions did I evaluate?

    We're halfway there right now, with the Cisco Firewalls we're switching to. They're very capable, they work like you'd expect, simple licensing, simple upgrades. It's been a breeze with those so far. 

    What other advice do I have?

    I would say avoid it. There are definitely better solutions out there. For the amount of headache that you get with this product, it's not like you're saving yourself any money. It's just as much, if not more, than other solutions.

    When it works, it works well. But, like I said, I've never really had a stretch of time where it just worked really well for everyone. It's been a constant pain point for our organization.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Dan Huang - PeerSpot reviewer
    Dan HuangSenior Network Engineer at a retailer with 5,001-10,000 employees
    Real User

    I know how you feel, we have about 500 of CP FWs. Endless issues and endless pain. Their support is the worse ever, might as well fix the issue or apply work around yourself.
    We have many nick names for CheckPoint, such as CheckBug, CheckFail, ChockPoint, CheckLeak and so on... Our pain is almost over, because our 5 years license is coming to an end!

    reviewer1854897 - PeerSpot reviewer
    Solutions Architect, Cyber Security & Networking team at Expert Systems Ltd
    MSP
    Well designed web-based dashboard good GUI and great load sharing
    Pros and Cons
    • "The solution provides better stability and some interesting features such as the ease of throughput expansion."
    • "Check Point is not a cheap solution and it's always painful to see exactly how much we need to spend on this."

    What is our primary use case?

    We have proposed and deployed Check Point in a university environment that has multi-layer firewall protection for different zones, including DMZ, a server zone, Wi-Fi, a staff zone, a student hostel zone, guests, etc. Each zone is guarded by a firewall.

    We need the NGFW to protect and secure the campus networks for more than 50,000 users. One of the key points is it is cost-effective and scalable to expand the throughput capacity. We expect the solution is possible to protect the networks for at least five to eight years without replacing the hardware investment. 

    How has it helped my organization?

    The solution provides better stability and some interesting features such as the ease of throughput expansion (or we can say the load sharing).

    The scalability helps to offload the high traffic volume during school time. It also enhances redundancy. 

    The load sharing capabilities using ClusterXL is possible to switch over the cluster mode to load sharing or Maestro. I also appreciate how easy it is to scale this product.

    It is also great that the Check Point community (CheckMates portal) has a lot of helpful guidance. It helps us to work better and ease to find unfamiliar configurations on the new features, it is great for larger organizations as well as very small ones.

    What is most valuable?

    They offer very scalable solutions to extend computing resources if needed. We can expand the capacity in a very short time. 

    The threat analysis reporting from their management console is very comprehensive and easy to use. 

    Their web-based dashboard is well designed and offers much out-of-the-box reporting, and provides admins extensive customizations. 

    In the operational GUI, Check Point provides rich customization methods to allow us to easily visualize/categorize objects in different colors. It makes operating the firewall much easier.

    What needs improvement?

    Under the same capacity requirements, Cheak Point is a bit higher than Fortinet yet much cheaper than Palo Alto. Although using Quantum Maestro to enhance scalability expansion is very helpful to cut down the total cost, it is still an issue for most of the company. Check Point is not a cheap solution and it's always painful to see exactly how much we need to spend on this. 

    The upgrade process is not as easy as may be expected. If there is something that goes wrong, it causes the internet service to go down for the whole campus network. I am not happy with that situation since the upgrade process is a very common process. The outcome is not acceptable.

    What do I think about the scalability of the solution?

    It is scalable and very easy to expand the throughput and resources.

    Check Point firewall provide a very cool feature using Quantum Maestro Hyperscale Orchestrator, it provides on-demand cloud-like scaling of our on-premises security gateways. By using Maestro, we can aggregate multiple mid-level Check Point appliances to provide a high throughput volume. It is very useful to scale up to 52 appliances. If we use other firewall solutions, they can only aggregate up to TWO firewalls with same model in clustering or purchase a more high end model firewall. 

    For a long term planning, we can expand the throughput by reusing the existing Check Point hardware investment and adding new appliances to.


    How was the initial setup?

    The deployment is straightforward, however, the ongoing upgrades are not satisfactory.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: One of the Solutions Integrators offering Check Point, Palo Alto, and Fortinet solutions
    PeerSpot user
    reviewer947427 - PeerSpot reviewer
    Technical Architect at a computer software company with 10,001+ employees
    MSP
    It's easier to manage and has better support than competing solutions
    Pros and Cons
    • "Check Point is more expensive but easier to manage, and their presales and after-sale support are way better than Fortinet's."
    • "I would like to see Check Point add more cloud management features and better integration with LAN software-defined networking."

    What needs improvement?

    I would like to see Check Point add more cloud management features and better integration with LAN software-defined networking. 

    What do I think about the stability of the solution?

    I rate Check Point eight out of 10 for stability. 

    What do I think about the scalability of the solution?

    Check Point is definitely scalable.

    Which solution did I use previously and why did I switch?

    It really depends on the customer's deployment and environment, but we often mix and match firewalls. Check Point is more expensive but easier to manage, and their presales and after-sale support are way better than Fortinet's.

    How was the initial setup?

    Check Point is more complicated to deploy than Fortinet.

    What's my experience with pricing, setup cost, and licensing?

    Check Point needs to lower its price drastically, and the licensing model is very complex.

    What other advice do I have?

    I rate Check Point NGFW nine out of 10. I would only recommend it for medium to large enterprises.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: partner
    PeerSpot user
    reviewer1582053 - PeerSpot reviewer
    Security Engineer at Gosoft (Thailand)
    User
    Easy-to-use console, good logging, effective traffic and access control features, responsive support
    Pros and Cons
    • "From the logs, you can trace back to the rule with a click, which makes it easy to investigate cases."
    • "They have few predefined reports and it would be nice to increase them since the logs are excellent."

    What is our primary use case?

    I use Check Point NGFW for controlling traffic and controlling access to the production server. It is a HA (high availability) environment. It is easy to use failover solutions.

    We use it on our disaster recovery (DR Site) and it runs smoothly.

    How has it helped my organization?

    In the office, Check Point Infinity is the only fully consolidated cybersecurity architecture that protects your business and IT infrastructure.

    Integrating the most advanced threat prevention and consolidated management, the security gateway appliance is designed to prevent any cyber attack, reduce complexity, and lower costs.

    Check Point gateways provide superior security beyond any Next-Generation Firewall (NGFW).

    Best designed for network protection, these gateways are the best at preventing the fifth generation of cyber attacks.

    Overall, for us, it improves the private cloud security and helps to prevent the spread of threats while consolidating visibility and management across our physical and virtual networks.

    What is most valuable?

    The most valuable feature is the next-generation firewall (NGFW) protection.

    Check Point has long been a leader in the firewall market. It offers Quantum Security Gateways for a wide range of use cases and CloudGuard FWaaS and cloud security products too. NSS Labs scored Check Point just behind Palo Alto in security effectiveness and ahead of Palo Alto in TCO. Check Point’s management features are among the best in the business, but SD-WAN capabilities are lagging.

    A firewall rule is the same on all systems, and I am very happy with the correlation and the display of the rules.

    From the logs, you can trace back to the rule with a click, which makes it easy to investigate cases. It is also easy to search the log.

    What needs improvement?

    They have few predefined reports and it would be nice to increase them since the logs are excellent.

    They should be quicker to release fixes for known vulnerabilities, including those related to Microsoft products.

    If you make a mistake when creating rules, it is time-consuming to fix them. However, there is no problem with traffic processing. 

    Sometimes you are forced to interact on several different levels. On the one hand, you put the rules in, and on the other, you put in the route. 

    For how long have I used the solution?

    I have been using Check Point NGFW for between five and six years.

    How are customer service and technical support?

    They have a good support team that is fast to respond. However, there are open cases that should be resolved in a more timely fashion.

    Which solution did I use previously and why did I switch?

    We used another solution prior to this one, but the updates were too slow and it was harder to monitor the log.

    How was the initial setup?

    The initial setup is very hard.

    What about the implementation team?

    The vendor implemented this product for us.

    What was our ROI?

    This product is a good investment and I expect a full return in approximately three years.

    What's my experience with pricing, setup cost, and licensing?

    The price of the appliance should be decreased.

    Which other solutions did I evaluate?

     I evaluated several other solutions and compared them before choosing Check Point.

    What other advice do I have?

    This is a product that I recommend.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Lead Solution Advisor at a consultancy with 10,001+ employees
    Real User
    Fix holes in endpoint security management infrastructure, which might be letting things through like ransomware
    Pros and Cons
    • "The application authentication feature of Check Point is the most valuable as it helps us keep users secure."
    • "Check Point should quickly update and expand its application database to have what Palo Alto has."

    What is our primary use case?

    We recommend to clients who are installing applications that they can work with Check Point Next Generation Firewalls. Our role is to support our customers in terms of their migration, firewall room cleanups, and implementing all the security features that the firewall has.

    Our clients have branch offices in Mexico and Bermuda. Check Point is one of the top names in these areas.

    How has it helped my organization?

    Our clients come to us to fix holes in their endpoint security management infrastructure, which might be letting things through like ransomware. We recommend Check Point Firewalls and some other endpoint security management solutions to mitigate these risk factors. We use this solutions to help build a perimeter for the company, as it helps filter threats from affecting our clients' infrastructure.

    What is most valuable?

    The application authentication feature of Check Point is the most valuable as it helps us keep users secure. 

    It works smoothly when managing clients' on-premise and cloud firewalls.

    What needs improvement?

    Permissions from the client regarding troubleshooting and how well we can packet capture have not been smooth.

    Check Point should quickly update and expand its application database to have what Palo Alto has. 

    There have been some issues with third-party integrations.

    For how long have I used the solution?

    I've been using Check Point Firewalls since 2012. This was right from the beginning when it was hardware from Nokia and the R65 and R66 models. So far, that has gone well.

    What do I think about the stability of the solution?

    They are stable. There are no standalone Check Point boxes. If a module goes down, it doesn't affect the base as a whole. Check Point Firewalls have nice redundancy.

    What do I think about the scalability of the solution?

    Scalability is a good feature that this solution has. It is easy scale out and do site-to-site implementations. Sometimes, you have to clean the OS or RAM to free up availability. However, if you do this, then there are generally no issues with scaling it.

    How are customer service and technical support?

    The documentation is really good. 

    Their support guys response is really quick. Though, sometimes it takes them more than four to five to get back to us via email and acknowledge an issue. If you have the diamond support, it is definitely fast. However, if you don't have that sort of expensive after-sale support, then it is a problem to engage a Check Point technician at a very fast pace.

    We actively participate in the community group.

    Which solution did I use previously and why did I switch?

    Our clients are migrating over to Check Point NGFW from Cisco, Juniper, and Fortinet because they want the Check Point Application Intelligence feature. 

    How was the initial setup?

    We set up the management tool for the clients to manage all their infrastructure.

    The migration is generally seamless and takes one shift or day (about nine hours).

    We migrate clients to Check Point from other solutions. We also have situations where it's a clean install for deployment, which is the most common scenario.

    What about the implementation team?

    We are working with Check Point Firewalls to provide installation, migration, updates, setup, etc. 

    In the beginning, we needed help from the vendor with the setup. The support was good.

    What was our ROI?

    Our clients have seen ROI.

    What's my experience with pricing, setup cost, and licensing?

    Cisco pushes clients to purchase their hardware, and this is not the case with Check Point. This helps to easily manage costs.

    Which other solutions did I evaluate?

    There are now more competitors in the market, like Palo Alto and VMware. 

    Palo Alto is a bit more smooth and cost-efficient than Check Point. Palo Alto has Unified Threat Management (UTM) coupled with a dake lake database that is huge. Also, its migration is more smooth than Check Point's. 

    What other advice do I have?

    Look for a software with licenses that support the features you want. I would recommend doing an RFP before purchasing. Get in touch with Check Point's sales team and compare it with other solutions.

    Check Point features are always evolving. They try to stay abreast of the market. I would recommend not using older, obsolete models of Check Point because of this. 

    I would rate this solution as an eight out of 10.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Buyer's Guide
    Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
    Updated: March 2025
    Buyer's Guide
    Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.