Try our new research platform with insights from 80,000+ expert users
reviewer1588164 - PeerSpot reviewer
Security Solution Architect at a computer software company with 11-50 employees
Real User
Top-notch when it comes to network security
Pros and Cons
  • "On the firewall side, the security efficacy is good."
  • "This solution requires management software that is sold separately; it's actually a different appliance altogether."

What is our primary use case?

We use this solution for perimeter security and data center security.

What is most valuable?

On the firewall side, the security efficacy is good. The interface for application filtering and application-based policies is also good. They have good roadmap on the cloud as well.

What needs improvement?

This solution requires management software that is sold separately; it's actually a different appliance altogether. For smaller customers or smaller environments, this becomes an added entity in the environment. Not to mention, they'll also have to invest a lot in the necessary management stations. If that came built-in, it would really benefit smaller businesses. 

The performance when you enable decryption could be improved. That's a CPU-intensive task. Many customers struggle if they try to implement decryption — it can really hamper the performance. It's probably something to do with the appliance or the hardware design. This needs to be examined further.

For how long have I used the solution?

I have been using Check Point NGFW for roughly five years. 

Buyer's Guide
Check Point NGFW
December 2024
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,875 professionals have used our research since 2012.

What do I think about the stability of the solution?

This solution is quite stable. Performance-wise, I have seen customers using this solution for years without issue. 

What do I think about the scalability of the solution?

There are different models available. Sizing can be done accordingly. They have a good range of versions available for small to large data centers. So, scalability is definitely there. 

How are customer service and support?

As I am not an end-user, I haven't really had any contact with support. Still, none of my customers have had any complaints regarding support.

How was the initial setup?

The initial setup was fairly easy. Still, compared to other vendors, the learning curve is a bit complex. 

What's my experience with pricing, setup cost, and licensing?

Compared with Palo Alto and Cisco, the price of this solution is quite fair. Compared to Fortinet and other vendors, it's probably a little bit on the higher side. Really, it all depends on what you get at the end of the day.

What other advice do I have?

Overall, on a scale from one to ten, I would give this solution a rating of eight. 

I would definitely recommend this solution. It's a good platform for perimeter security. In an enterprise, you need good security. There's endpoint security, network security, and cloud security. Check Point's strongest point is network security; they still need to catch up on endpoint and cloud security. If you're interested in integrating all of these tools, then there are better products available. However, as far as network security is concerned, Check Point is really good.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
Oswaldo Gimeno - PeerSpot reviewer
Network Engineer at Getronics
Real User
Very intuitive solution that is easy to configure, deploy, and maintain
Pros and Cons
  • "It provides a central station where it is very easy to deploy our firewall policy in one click to many firewalls. This is one of the leading perks. It saves time by having one central station because I can deploy the same kind of policy to many firewalls at once."
  • "The virtual environment is not stable at all. We have some customers who are using the virtual environment feature, and sometimes it crashes. We have many tickets open and the response is not as good as expected. We have to wait months for a resolution."

What is our primary use case?

The primary use of the firewall is to allow or block some traffic. Mainly, it is the perimeter firewall for the Internet. It filters the traffic from external to internal, e.g., to secure the traffic. 

Some of our customers have been demanding Check Point as their firewall product.

I do the installation, support, firewalls, etc.

How has it helped my organization?

It provides a central station where it is very easy to deploy our firewall policy in one click to many firewalls. This is one of the leading perks. It saves time by having one central station because I can deploy the same kind of policy to many firewalls at once. 

With the latest release, it's easy to configure firewall rules with the scripting. This is one of the features that we have been demanding for some time so we can script some actions for automation.

What is most valuable?

The best part is that it is very intuitive. It is easy to configure, deploy, and maintain. If it works, it works.

The troubleshooting: When you find something that is not working, it is very easy to check in the logs what is failing and fix it in a short time.

The login tool is really nice.

What needs improvement?

We can virtualize the physical firewall in a virtual environment. However, the virtual environment is not stable at all. We have some customers who are using the virtual environment feature, and sometimes it crashes. We have many tickets open and the response is not as good as expected. We have to wait months for a resolution.

If you use all the features available on the firewall, it's not working. If you keep it simple, then it works. When you try to do cool things, you start to have some problems because that kind of integration is not fully developed.

For how long have I used the solution?

I have worked with Check Point since 2007.

What do I think about the stability of the solution?

When it is failing, it is a nightmare. The stability has room for improvement. Sometimes, it is not working at all.

What do I think about the scalability of the solution?

The scalability is good. I haven't had any scalability issues. If the firewall gets stressed, we buy a new firewall.

There are many options, such as, virtualization. They have also release a new product, Quantum, that makes it possible to scale up and have more firewalls. 

As an integrator, we have very big companies (like banks) to small companies, who have only 200 users or less. 

How are customer service and technical support?

I would rate the technical support as a six out of 10. I have customers with no tickets open with Check Point and other customers who have many tickets open.

Solving some issues with them is a nightmare. They don't reply in time. They always ask the same questions. I expect better feedback from them, but that usually never happens.

Which solution did I use previously and why did I switch?

Before Check Point, I used Cisco and Fortinet FortiGate.

The big differences is really the full integration firewall, e.g., Cisco doesn't provide this. Also, the Check Point central console is so much better because it provides that one central station, which is a plus.

The con for Check Point is the stability. The hardware for Check Point fails more often than other vendors. Usually, other firewalls are more stable than Check Point so I don't have to open as many cases with other vendors, like I do with Check Point.

How was the initial setup?

There are two parts:

  1. In the physical, you deploy with a wizard, which makes it very easy. It is a standard wizard where you click "Next, Next," then you see the GUI and everything is done there.
  2. It is possible to do it in automatic way with the scripting. In the cases that you have some experience on it, it's very easy to deploy some scripts and the firewalls. For example, in the cloud, I created my own firewall with the same setup every day using the auto-integration since it's possible to integrate Azure with Check Point, which is very easy. One of the best features of the Check Point is its integration with the cloud, because not all vendors have that kind of integration.

The deployment time depends. If I do any scripting, it takes 30 minutes. If I do it manually, the deployment takes two hours. It also depends on the size and scope of the deploy, e.g., if I create a basic firewall rule or do a full automatic migration. However, It does take less time than other firewalls.

The implementation strategy depends on the customer.

What was our ROI?

I can deploy one firewall in an easy way. I can do it quickly by equiping firewall rules in text mode or in the API. However, when I have a problem, it's totally the opposite. I lose a lot of time.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing are the worst part of Check Point. I usually don't know what I really am buying. When I have to do an inventory of the license, I don't know what it is being used for. Sometimes I feel I am being cheated, and the others times, I feel it is a bargain. Nobody knows! Even the Check Point representatives, they aren't clear on somethings, such as, what is the right license for what I need.

There is a possibility to have diamond support. You can have a technical engineer who is there just for you. When you have that type of feature, it's more expensive.

Which other solutions did I evaluate?

Cisco NGFWv

What other advice do I have?

  • Check the price first. 
  • For migrations between different vendors, it's a nightmare. You need to do some tasks manually, otherwise it doesn't work when you migrate it. 
  • Check the performance if it is working as expected. 
  • Try to keep it simple.

It is a good product. I would rate the solution as an eight out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partners.
PeerSpot user
Buyer's Guide
Check Point NGFW
December 2024
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
823,875 professionals have used our research since 2012.
PeerSpot user
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
Real User
Top 5Leaderboard
SmartLog gives our team a very intuitive way of searching logs and seeing events
Pros and Cons
  • "The most valuable features are the security blades and the ease of managing the policies, searching log for events, and correlating them."
  • "Debugging is very complex when compared to Fortinet, for example. That's the worst thing about Check Point. The deployment of the solution is harder than it is with the competitors. But after you've deployed it, the operation is easy."

What is our primary use case?

The primary use is to segregate the environment internally to create a lab environment and a production environment, for example. We also use them to protect the company from the internet and when going to the internet; to protect the perimeter of the company. We use them to create a VPN with customers and clients, and with the other companies that belong to the group.

We work with 1200s, 1500s, 4000s, and 5000s.

How has it helped my organization?

With this firewall on the perimeter, we detect a lot of attacks with the IPS and the antivirus blades. With the SmartLog for our team that operates the solution, we have a very intuitive way of searching the logs and seeing events, when compared to other vendors that we also have. This is the biggest advantage of the Check Point compared to competitors.

We have a lot of Check Point firewalls and a lot of Fortinet firewalls. The biggest advantage of the Check Point for us is that daily operations are much easier. That includes working with policies, checking and searching logs, dragging objects on the policies and searching where objects are used. All of that is easier in the SmartConsole than doing it on a browser, as the competitors do.

What is most valuable?

The most valuable features are the

  • security blades 
  • ease of managing the policies, searching log for events, and correlating them.

What needs improvement?

Upgrades and debugging of the operating system, as well as the backups and restores of configuration, need improvement. 

Debugging is very complex when compared to Fortinet, for example. That's the worst thing about Check Point. The deployment of the solution is harder than it is with the competitors. But after you've deployed it, the operation is easy.

For how long have I used the solution?

I have been using Check Point firewalls for about eight years.

What do I think about the stability of the solution?

They are very stable. We usually deploy them in clusters, in front of the node. We always have the other one functioning and we have never had an occasion in which one failed and the other also failed. We also have support for the hardware. But regarding their functioning, we are very satisfied. We have never had a big outage because the two members of a cluster went down. They are very good in terms of stability.

What do I think about the scalability of the solution?

We have some firewalls with the VSX functionality which allows us to add more virtual firewalls to the same physical cluster. That allows for scalability. But when compared to Fortinet, the way to have more than one virtual firewall on the same cluster is much harder.

It's very scalable if we have the VSX license for Check Point, which we have in some places. But it's much more complex than adding to the FortiGate. So it's scalable, but it's not easy to work with VSX, especially compared to the competitor.

Our usage should be increasing weekly because our company is buying other companies constantly and we need to deploy firewalls on the companies we buy. It shouldn't increase a lot, though, just a bit.

We have about 1,000 users crossing the firewalls and 10 network admins.

How are customer service and technical support?

The technical support is good in general, but it's better if you call and you are answered by the headquarters back in Israel. We notice a difference if we call at different times and we go through Canada or some other country. It's not bad, but we notice a bit of a difference in the way they handle the tickets and the knowledge they have.

We usually try to open tickets when we know that the office in Israel is open and they are taking the tickets. But there are some times that we can't do that. The others are not bad, but for some stuff we need quicker support and we feel we are being handled better on the Israeli side.

How was the initial setup?

The initial setup is complex and when you have issues, it's more complex. 

To create a cluster or to add a new firewall to the Manager, or when, for example, you want to add a license for IPS or for antivirus, there are often problems with that because it doesn't recognize the license. We end up having to call support. With Fortinet, that kind of initial setup of the firewall is always straightforward.

Now that we have a lot of experience it takes us two days, at the most, to deploy a Check Point firewall, if we don't run into problems with the license.

We are not at the data center, so we need to ask the data center guys to mount the firewall where we need it and to patch it. Then we access it via a console cable, remotely. We have equipment that allows us to do that. We do the initial config via the GUI, and then we add the firewall to the Manager and we start deploying the policies.

What about the implementation team?

We implement the firewalls ourselves.

What was our ROI?

The return on our investment with Check Point firewalls is that we are secure and that we haven't had any attacks that have had a big impact or that were successful. If we had been paying a lot and were being targeted to the same extent, I would say no, that we have not had a return on investment, but at this stage it's a "yes."

What's my experience with pricing, setup cost, and licensing?

In the past, when Fortinet was a young company, the price point of Fortinet was very low compared to Check Point. But at this stage, our experience is that the pricing is almost the same. The pricing of Check Point is fair when compared to others.

The only additional cost we have with Check Point is when we need to do a big migration. Sometimes we need a third-party company, but this is not usual. It's only for big migrations that we sometimes have support from an external company. The last time we needed something like that was two years ago.

Which other solutions did I evaluate?

Half of our environment is with Check Point and the other half is with Fortinet. We don't have a strategy of giving everything to one vendor; we like to have both.

What other advice do I have?

If the person implementing it doesn't have much experience in how the solution works, with the Manager and connecting the firewall to it, and using the SmartConsole, they should try to go through the CCSA materials for Check Point certification. Check Point is easy to work with on a daily basis. Sometimes we get new people working here and they can add rules straight away on the policies and push policies. But if they need to deploy a firewall and they are not used to Check Point and how it works and the components, it's not that straightforward. With competitors like Fortinet, you just have to access the HTTPS of the FortiGate and it's like configuring a router, which is much easier. With Check Point, you need to read some manuals before you start deploying the firewall.

The biggest lesson I have learned from using Check Point firewalls is that if you lose the Manager you lose the ability to manage the firewall policies, which is, in my opinion, the biggest difference when compared to other vendors. Because, for example, if the Manager stops working and the server where you have the Manager gets stuck, you have no way of managing the policies directly on the firewall.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer1284540 - PeerSpot reviewer
ICT-System-Specialist at a insurance company with 5,001-10,000 employees
Real User
Central logging and management makes us faster and more efficient, but technical support needs improvement
Pros and Cons
  • "With the new SmartTask offered in R80.40, we will be happy to configure some automatic control-functions."
  • "The Check Point support needs a lot of improvement."

What is our primary use case?

We use Checkpoint Firewalls to protect Datacenter VLANs against each other. In addition, we use them to protect our perimeter systems from the internet, and our internal network from the perimeter.

We have virtualized the systems on a VSX-Cluster using VSLS, but the basics are still the same compared to a traditional cluster. VSX gives us a bit more flexibility in the case of load-sharing. Therefore, it’s quite easy to react in the case of heavily used hardware distributing the load by failover or prioritizing VSs onto different nodes.

How has it helped my organization?

The biggest improvement is the central logging and management of all firewalls. Other IT-departments can get log-access and search for their own if there are missing rules or other issues.

Since we use Identity Awareness the solution becomes more flexible, as users no longer need static IPs. Especially for IT-users, who always need more rights, it was a big improvement.

Implementing Wi-Fi makes it nearly impossible to work without Identity Awareness. Unfortunately, we fought with some bugs in the IA-module, but we got them solved.

What is most valuable?

R80 management has improved and made the product more comfortable for IT people to use.

Filtering through rules and finding similar ones to add additional objects becomes much faster.

With an additional hotfix starting from R80.10, we are able to use the management with Ansible. From R80 on, we started creating objects via script or adding them to groups. That makes some parts “automatic”, or at least much faster.

With the new SmartTask offered in R80.40, we will be happy to configure some automatic control-functions.

What needs improvement?

The Check Point support needs a lot of improvement. We spend a lot of time troubleshooting issues ourselves, create good ticket descriptions, and try to explain in detail what has already been tested. Even so, it takes at least three ticket-updates before support really understands the issue. If you manage to reach the third-level support, you are still forced to be really critical of what kind of suggestions Check Point support is offering you. Running debugs on a test environment is quite different than running them in a heavily used production environment.

For how long have I used the solution?

We have been using Check Point firewalls for 16 years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Network and Security Analyst at a pharma/biotech company with 11-50 employees
Real User
Enables us to meet compliance requirements and maintains our security posture
Pros and Cons
  • "It filters unwanted traffic."
  • "There are some issues compared to other products. Ease of use is one."

What is our primary use case?

It's simply a firewall.

How has it helped my organization?

  1. Enables us to meet compliance requirements.
  2. It maintains our security posture.

What is most valuable?

Filtering. It filters unwanted traffic.

What do I think about the stability of the solution?

Their products are pretty robust but, at the same time, we deployed ours in HA mode so we don't really worry about downtime, we have redundancy. We've never had any problems.

What do I think about the scalability of the solution?

We have the right appliance for our specifications. If we wanted to get a bigger box then we will just get a bigger box based on our requirements.

How is customer service and technical support?

We tend to go to our reseller for technical support.

How was the initial setup?

The setup wasn't complex. I went to training and after training it pretty much all made sense. I was prepared for it.

What other advice do I have?

Do your homework and make sure it fits. You have to know exactly what you want, what your requirements are. Make sure that whatever product you are actually going for meets your requirements, suits your infrastructure and how your IT operates.

What I look at when selecting a vendor is how long the vendor has been around, the level of focus on technology, how good they are. And one of the most important things we do is check industry ratings. That's one of the first things we look at, to see which vendors to consider.

I would rate Checkpoint eight out of 10. To get to a 10, there are some issues compared to other products. Ease of use is one. Also, I can never give any product a 10 out of 10. It's just impossible. There's always something definitely missing.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
SeniorNe6c94 - PeerSpot reviewer
Security Engineer at Tenece Professional services
Reseller
Enables us to complete the network compliance rules and has a great GUI
Pros and Cons
  • "We use Check Point to complete the network compliance rules."
  • "This product has room for improvement in technical support for Africa."

What is our primary use case?

The management of our company requires a firewall implementation. We use Check Point to complete the network compliance rules.

How has it helped my organization?

We use Check Point NGFW for compliance. The initial request leads to secondary requests. By the time you have recognition, there is recollection. For the main service, it's collection.

What is most valuable?

The feature we have found to be the most valuable is the management firewall. 

What needs improvement?

This product has room for improvement in technical support for Africa. There are some problems with African countries. We also need to provide excellent services. 

The additional feature I would most like to see included in the next release of this solution is removal management.

What do I think about the stability of the solution?

The stability of the solution is quite good. It has a great GUI and it's comfortable. I love the content. Of course, you also have great support.

What do I think about the scalability of the solution?

The new version is highly scalable. Now all of our users depend on the firewall. We have about 150 users. We require two staff for deployment and management.

Which solution did I use previously and why did I switch?

We previously used Sophos. We switched for more security. 

How was the initial setup?

The initial setup was straightforward. Our deployment took two or three weeks. Deploying the first one was two weeks, but the other ones were around one week.

What about the implementation team?

For the first setup, I used a consultant. For the second one, I didn't. We didn't need one.

What's my experience with pricing, setup cost, and licensing?

Licensing costs for this solution are on a yearly basis.

What other advice do I have?

On a scale from one to 10, I would rate this product a nine. Nobody's perfect.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Network Administrator at a financial services firm with 1,001-5,000 employees
Real User
Beneficial management features and scalable
Pros and Cons
  • "The separate management feature of Check Point NGFW is very convenient."
  • "The technical support is really poor. We have to wait for approximately 48 hours sometimes for a simple solution."

What is our primary use case?

We are using Check Point NGFW as a firewall for our organization. All the internet traffic goes through it.

What is most valuable?

The separate management feature of Check Point NGFW is very convenient.

For how long have I used the solution?

I have been Check Point NGFW for approximately five years.

What do I think about the stability of the solution?

The solution is stable when it is running incapacity, if it goes beyond it can be not stable. There could be more stability by having more ports or CPU power.

What do I think about the scalability of the solution?

The solution is scalable.

How are customer service and support?

The technical support is really poor. We have to wait for approximately 48 hours sometimes for a simple solution.

How was the initial setup?

The installation is not straightforward.

What about the implementation team?

We needed help from the Check Point expert experts because we deployed it in the HA. It's a bit different from the other firewall vendors. You need a Check Point expert to deploy it initially.

We have a five-person technical team for the maintenance of the solution. We use managers, admins, engineers, and developers.

What other advice do I have?

I rate Check Point NGFW an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Engineer at CENACE
Real User
Easy to set up, stable and scalable
Pros and Cons
  • "Configuration and deploying are easy."
  • "The price of this product could be improved."

What is our primary use case?

My primary use case of this solution is for the data center in the perimeter security. We configure all of our security features like anti-boot, antivirus, and filtering.

What is most valuable?

I think the most valuable feature is that the application and configuration were easy for us. When we need to do some work with the networks, configuration and deploying are easy - if I want to search for information, it is easy in the Check Point platform.

What needs improvement?

I think the price of this product could be improved - other solutions are cheaper in comparison. In the next release, I would like to be able to perform sandboxing to check email attachments and information sent through the cloud for viruses.

What do I think about the stability of the solution?

I think this solution is stable.

What do I think about the scalability of the solution?

My impression is that the solution is scalable.

What about the implementation team?

I implemented using a vendor team, whose performance was good.

Which other solutions did I evaluate?

I considered using Cisco before deciding on Check Point.

What other advice do I have?

Check Point is easy for the configuration user. I would rate this solution as eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.