Try our new research platform with insights from 80,000+ expert users
Lead Solution Advisor at a consultancy with 10,001+ employees
Real User
Fix holes in endpoint security management infrastructure, which might be letting things through like ransomware
Pros and Cons
  • "The application authentication feature of Check Point is the most valuable as it helps us keep users secure."
  • "Check Point should quickly update and expand its application database to have what Palo Alto has."

What is our primary use case?

We recommend to clients who are installing applications that they can work with Check Point Next Generation Firewalls. Our role is to support our customers in terms of their migration, firewall room cleanups, and implementing all the security features that the firewall has.

Our clients have branch offices in Mexico and Bermuda. Check Point is one of the top names in these areas.

How has it helped my organization?

Our clients come to us to fix holes in their endpoint security management infrastructure, which might be letting things through like ransomware. We recommend Check Point Firewalls and some other endpoint security management solutions to mitigate these risk factors. We use this solutions to help build a perimeter for the company, as it helps filter threats from affecting our clients' infrastructure.

What is most valuable?

The application authentication feature of Check Point is the most valuable as it helps us keep users secure. 

It works smoothly when managing clients' on-premise and cloud firewalls.

What needs improvement?

Permissions from the client regarding troubleshooting and how well we can packet capture have not been smooth.

Check Point should quickly update and expand its application database to have what Palo Alto has. 

There have been some issues with third-party integrations.

Buyer's Guide
Check Point NGFW
January 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
831,071 professionals have used our research since 2012.

For how long have I used the solution?

I've been using Check Point Firewalls since 2012. This was right from the beginning when it was hardware from Nokia and the R65 and R66 models. So far, that has gone well.

What do I think about the stability of the solution?

They are stable. There are no standalone Check Point boxes. If a module goes down, it doesn't affect the base as a whole. Check Point Firewalls have nice redundancy.

What do I think about the scalability of the solution?

Scalability is a good feature that this solution has. It is easy scale out and do site-to-site implementations. Sometimes, you have to clean the OS or RAM to free up availability. However, if you do this, then there are generally no issues with scaling it.

How are customer service and support?

The documentation is really good. 

Their support guys response is really quick. Though, sometimes it takes them more than four to five to get back to us via email and acknowledge an issue. If you have the diamond support, it is definitely fast. However, if you don't have that sort of expensive after-sale support, then it is a problem to engage a Check Point technician at a very fast pace.

We actively participate in the community group.

Which solution did I use previously and why did I switch?

Our clients are migrating over to Check Point NGFW from Cisco, Juniper, and Fortinet because they want the Check Point Application Intelligence feature. 

How was the initial setup?

We set up the management tool for the clients to manage all their infrastructure.

The migration is generally seamless and takes one shift or day (about nine hours).

We migrate clients to Check Point from other solutions. We also have situations where it's a clean install for deployment, which is the most common scenario.

What about the implementation team?

We are working with Check Point Firewalls to provide installation, migration, updates, setup, etc. 

In the beginning, we needed help from the vendor with the setup. The support was good.

What was our ROI?

Our clients have seen ROI.

What's my experience with pricing, setup cost, and licensing?

Cisco pushes clients to purchase their hardware, and this is not the case with Check Point. This helps to easily manage costs.

Which other solutions did I evaluate?

There are now more competitors in the market, like Palo Alto and VMware. 

Palo Alto is a bit more smooth and cost-efficient than Check Point. Palo Alto has Unified Threat Management (UTM) coupled with a dake lake database that is huge. Also, its migration is more smooth than Check Point's. 

What other advice do I have?

Look for a software with licenses that support the features you want. I would recommend doing an RFP before purchasing. Get in touch with Check Point's sales team and compare it with other solutions.

Check Point features are always evolving. They try to stay abreast of the market. I would recommend not using older, obsolete models of Check Point because of this. 

I would rate this solution as an eight out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Network Security Administrator at a computer software company with 201-500 employees
Real User
User-friendly with IPS already configured in the box, and the dashboard is good and easy to use
Pros and Cons
  • "Check Point has a lot of features. The ones I love are the antivirus, intrusion prevention, and data loss prevention. Apart from that, there is central management through which we can integrate all the firewalls and support them. It makes it easy to manage all the firewalls."
  • "The antivirus is less effective than its competitors' antivirus. The antivirus is good, but in other firewalls, such as Palo Alto, it's quite effective. Check Point should provide more output. Sometimes it provides comprehensive information and sometimes it doesn't."

What is our primary use case?

We use it to provide security in our organization. Check Point Next Generation Firewalls are designed to support large networks, like a telco environment.

What is most valuable?

Check Point has a lot of features. The ones I love are the 

  • antivirus
  • intrusion prevention 
  • data loss prevention. 

Apart from that, there is central management through which we can integrate all the firewalls and support them. It makes it easy to manage all the firewalls.

It's also user-friendly and not very complex. Anyone can use it and the dashboard is quite good.

What needs improvement?

Check Point has notably fewer tutorials on Google. If I'm facing any kind of issue and I Google it, less stuff is available. 

Apart from that, the antivirus is less effective than its competitors' antivirus. The antivirus is good, but in other firewalls, such as Palo Alto, it's quite effective. Check Point should provide more output. Sometimes it provides comprehensive information and sometimes it doesn't.

For how long have I used the solution?

I have been using this firewall for more than one year.

What do I think about the stability of the solution?

The stability is good. We've never seen any kind of issue with the Check Point firewalls. In very rare cases we go to their TAC, but we normally try to resolve the situation from our side.

What do I think about the scalability of the solution?

They are quite scalable. They are designed to extend in large data centers and tech environments. They are designed to support the needs of large networks, and offer reliability and performance.

How are customer service and technical support?

Check Point's technical support is quite good. It's quite helpful. We have never faced any kind of issue with them. Whenever we have an issue with the firewalls, we just raise it with them and they are quite supportive and quite technical as well. They provide a resolution on time and effectively.

Which solution did I use previously and why did I switch?

Previously, I worked on Cisco ASA firewalls and they have a lot of disadvantages. They have a lot fewer features compared to the Check Point firewalls. We just started using Check Point as a firewall in our organization and they give us new features which are better than the Cisco ASA. With Check Point, the IPS is already configured in the box, unlike the Cisco ASA, and there are a lot of features which help us to provide more security for our customers. In our case, the customers are all employees of our organization.

All of these are reasons we switched to Check Point.

How was the initial setup?

The setup is straightforward.

Deployment depends on the customer's architecture or network.

In terms of a deployment plan, we have different teams in our organization that support different business cases. After an implementation ticket is raised by the requester it goes to the planning stage, then it goes to the implementation stage and then it goes to the validation stage. The planning stage is done by the network security admins. The approval stage that is done by our managers and the validation stage is done by us, the network security admins. This is the process that we follow in our organization. Everything is documented.

What about the implementation team?

We do the deployment ourselves, but if we face any kind of issue, we just raise an issue with their TAC.

What's my experience with pricing, setup cost, and licensing?

The pricing is good. It's not so expensive. You can deploy it and it will do a lot of jobs in one package. It's a good choice compared to the other firewalls.

Which other solutions did I evaluate?

We looked at Palo Alto and the Cisco FTD Next-Generation Firewall.

What other advice do I have?

Check Point Next Generation firewalls are very good. They have a lot of features in one box and they're not that expensive. They support a lot of features, including antivirus, data loss prevention, and the central management is very good. We can configure all the firewalls through the central management. They have many things in a small package. I would recommend them.

The biggest lesson I have learned from the solution is that it has a lot of features that I was not aware of. The dashboard is quite simple and it's not complex to use.

We make changes on this Checkpoint Firewall as per customer demand. If they want to add a rule on the firewall we do that, and if they want to remove something we remove it for them. If they want to change the position of some rules or to allow or deny any kind of traffic, we do that for them.

In our organization we have a team of 20 - 25 network security admins. Sometimes the network team will also implement changes and they are about 25 people. Sometimes we get  the help of our managers to approve the changes or validate whether the change has been implemented correctly or not. If I sum it up, it's a team of about 100 people who directly use the solution, and they also take care of deployment and maintenance.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Check Point NGFW
January 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
831,071 professionals have used our research since 2012.
reviewer1392339 - PeerSpot reviewer
Network Engineer at a legal firm with 1,001-5,000 employees
Real User
It has a good IPS features, we haven't seen any security breaches
Pros and Cons
  • "The interface and the IPS intrusion prevention are the most valuable features of this solution."
  • "With the version we're on, it's a bit time-consuming if you have multiple IP addresses to add. But in the later versions, which we're moving to, it makes it a lot easier to add IP addresses with dynamic objects, as they call it."

What is our primary use case?

We use it for standard firewalls.

What is most valuable?

The interface and the IPS intrusion prevention are the most valuable features of this solution.

It's pretty straightforward to use once you get your head around it. It's fairly straightforward to use. 

What needs improvement?

With the version we're on, it's a bit time-consuming if you have multiple IP addresses to add. But in the later versions, which we're moving to, it makes it a lot easier to add IP addresses with dynamic objects, as they call it.

In the next release, I would like to have the ability to automatically add rules from the tracking log. I've used that in other firewall software whereby you can trace the logs, and from the log, you can add a new rule automatically. That would be a nice feature.

For how long have I used the solution?

I have been using Check Point NGFW for around a year. 

We're on R77 and soon to go to R80. They're virtual machines.

What do I think about the stability of the solution?

It is very stable. We had one issue recently where Check Point had made a change, and it took a lot of our connectivity down. But that was really a one-off, so that was a mistake on Check Point's side with their policy testing/QC control that affected lots of their customers. 

What do I think about the scalability of the solution?

I've not had to deal with scaling them but from what I understand, they scale to huge organizations.

We have around five IT engineers who use this solution in my company and five who work on deployment and maintenance.

It's used throughout the business, with around 1,500 users, so for all the traffic. We do not have plans to increase usage. 

How are customer service and technical support?

 I've used the technical support. They're very responsive, we usually get a response the same day. The advice they've given has been very good and the knowledge base articles that they send are also very good.

Which solution did I use previously and why did I switch?

In other companies I've worked at, I also used all sorts of firewall solutions including FortiGate, Cisco, and pfSense. Check Point is easier than Cisco but more complex than pfSense or FortiGate in terms of its features and management.

Check Point's push to make deploy policy changes is slow when you've made a change to then push it out to the firewall. It does take 10 minutes or so to push that change out, so it's not as instant as some of the other firewalls I've used.

What was our ROI?

I have seen ROI. There have been no complaints. We haven't had any security breaches, so it's been good.

What other advice do I have?

It's a good product. My advice would be to get some training or watch some videos on using it. You do need a bit of training on it. Initially, there is quite a steep learning curve.

My comfort level with it is on and off. I've been at my company for a year and I'm starting to get comfortable, but it's such a big product that unless you're using it all day, every day, you wouldn't master it. If that was all you were doing every day, then it would probably take you three or four months to get the hang of it.

I would rate Check Point NGFW an eight out of ten. It's not as easy as the other firewalls I've used but that's probably due to the large feature set.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Security Manager at FPT
Reseller
A next generation firewall solution with a useful SmartEvent feature
Pros and Cons
  • "I like the SmartEvent feature. When we see a threat, SmartEvent can create a rule for that. SmartEvent works with the SmartCenter to block a threat attack with a block monitor. The SmartCenter has the management for all the firewalls and data centers in a single dashboard."
  • "It could be more stable and scalable. Check Point price and support could be better."

What is our primary use case?

I use CheckPoint in our data center to control the internet and to enable threat prevention. I then integrate it into my center and to my events.

What is most valuable?

I like the SmartEvent feature. When we see a threat, SmartEvent can create a rule for that. SmartEvent works with the SmartCenter to block a threat attack with a block monitor. The SmartCenter has the management for all the firewalls and data centers in a single dashboard.

What needs improvement?

It could be more stable and scalable. Check Point price and support could be better.

For how long have I used the solution?

I have ten years of experience using Check Point NGFW.

What do I think about the stability of the solution?

Check Point NGFW could be more stable. I think the problem is that the kernel sometimes won't play ball and isn't stable. Sometimes, they have a block, and we have to spend a lot of time fixing it. In contrast, I think Palo Alto and Fortinet are more stable.

What do I think about the scalability of the solution?

Check Point NGFW could be more scalable. I think Palo Alto has more plugins and features, and Check Point needs more features. However, Check Point integration is very complex.

How are customer service and technical support?

Check Point support could be better. I think Palo Alto has a very clear pricing model. When we have an issue, we create a ticket and receive fast service from Palo Alto. It's good.

How was the initial setup?

The initial setup, in my experience, isn't simple as Fortinet and Palo Alto. It would be better if the person doing it has experience. 

What about the implementation team?

I implemented this solution by myself.

What's my experience with pricing, setup cost, and licensing?

The price could be better. I think Palo Alto pricing is high, and Check Point isn't much better. FortiGate is cheaper. I think when I implemented this solution, I recommended buying a yearly subscription.

Which other solutions did I evaluate?

When I choose a solution for a customer, I must verify the features, current specifications and make recommendations. When we use an all-in-one firewall solution, we usually recommend using a Palo Alto external firewall. This is because Fortinet has an SD-WAN solution and firewalls, and Palo Alto is the same. But I don't think Check Point has one. When a customer doesn't want to implement many solutions, we recommend using Fortinet or Palo Alto.

What other advice do I have?

On a scale from one to ten, I would give Check Point NGFW an eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Supervisor of Network and Datacentre Operations at Manitoba eHealth
Real User
Consolidated many of our DMZ services into one appliance

What is our primary use case?

  • Perimeter and datacentre firewalls
  • URL filtering
  • Anti-bot
  • Anti-malware
  • Application awareness.

How has it helped my organization?

Consolidated many of our DMZ services into one appliance, and it's easy to add IPS functionality on firewalls.

What is most valuable?

All of the above mentioned.

What needs improvement?

Simplify licensing.

For how long have I used the solution?

Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Network Engineer at a retailer with 5,001-10,000 employees
Real User
Completely useless support, too many bugs, can't get anything to work, and too expensive for what you get

What is our primary use case?

Our primary use case of this solution is to use it as a security gateway. 

What is most valuable?

The visibility and the logging are the most valuable features. Also, their interface is second to none. The best thing about it is the interface but it crashes too often. If it can stop crashing that would be great. 

What needs improvement?

Their support is completely useless. They need to improve that and the stability. The main reason we are moving on from Checkpoint is because of their stability and their support. There are way too many bugs. You just can't get things to work properly.

They don't need to bring any more features. They need to focus on stability. They should stop trying to be funky and stop trying to develop new things to catch people's attention. Just focus on what they already have and make it work. It would be a good product. Just make sure it works. 

For how long have I used the solution?

More than five years.

What do I think about the scalability of the solution?

When it works, scalability is perfect. 

Which solution did I use previously and why did I switch?

Six years ago we were using a Fortinet solution. The reason we switched to Checkpoint was because of the central management. It can manage up to hundreds of devices without failing but in reality, it doesn't actually do that. Central management was better than Fortinet back then. That was several years ago. I don't know Fortinet now. The reason we chose Checkpoint was the central management. We needed to manage up to about 700 or 800 devices.

How was the initial setup?

The initial setup depends on how many features you want to turn on. If you just want a simple set-up, with not a lot of features, then it's easy. You can set one up very quickly, within a day. If you want to have a lot of features turned on and your environment is slightly more complex than standard, it can take up to a few months because you will always run into bugs. It's going to stop you from proceeding and you will be battling with it for a long, long time. Contacting support won't always help. You could potentially waste months of your time and not get any value from it. 

What about the implementation team?

We had Checkpoint support engineers for the implementation. The people are helpful. They support their product. The problem is that there were too many problems. Even their support can't fix it. They try their best to help but when the product isn't great, there's not much you can do.

What's my experience with pricing, setup cost, and licensing?

This solution is way too expensive for what it is worth, especially when it doesn't work. It's just pointless. It's time wasted.

What other advice do I have?

I would rate this solution a three out of ten. The reason I give it a three and not zero is because the visibility and the interface are great. Other than that, they're too much of a headache. We've had painful experiences that we never want to go back to. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Consultant at KoçSistem
Real User
Good support, improves performance, stable, and scales well
Pros and Cons
  • "One of the most valuable features is performance improvement, wherewith ClusterXL and CoreXL, you can improve performance."
  • "Check Point should include additional management choices; for example, Check Point does not offer full management support via browser."

What is our primary use case?

I'm a consultant at a Check Point partner. I have deployed a lot of Check Point firewalls and support Check Point firewalls for our customers. Our customer environments are different. I have deployed standalone, cluster, and two-layered firewalls.

How has it helped my organization?

Check Point firewall products include a lot of modules including Application Control, IPS, Email security, Mobile access, Content Awareness, URL Filtering, Antivirus, Antibot, and DLP

Check Point meets our customers' requirements at the perimeter with an all-in-one solution. For example:

  • The IPS blade prevents attacks with updated signatures.
  • URL filtering policy control customers' users' internet activity.
  • Antivirus and antibot blade controls malicious activity and files.
  • Mobile access blades allow customers to access their sites from anywhere securely.

What is most valuable?

There are a lot of features that I have found valuable for our customers.

For example, active/active and active/standby high availability features are very useful. If you want to share traffic loads to both cluster members, you can use the active/active feature, whereas if you don't want to share traffic loads then you can prefer active standby. Your connections sync on both cluster members for either highly available choice, so your connections never lost.

One of the most valuable features is performance improvement, wherewith ClusterXL and CoreXL, you can improve performance.

What needs improvement?

Check Point should include additional management choices; for example, Check Point does not offer full management support via browser.

You should use Check Point Smart Console for management, although it is an EXE and is supported only on the MS Windows platform. If you are using Linux or Mac, you cannot manage Check Point. Instead, you need to use a virtual PC with the Windows OS installed, running inside Linux or Mac. Check Point states that this is a decision made for security reasons, but that certain management features can be done through the browser, although not fully.

For how long have I used the solution?

I have been using the Check Point firewall for more than 20 years.

What do I think about the stability of the solution?

This solution is very stable for all of our customers.

What do I think about the scalability of the solution?

One of our customers has more than 200 branch offices, which are protected by Check Point SMB appliances. All of these appliances are managed by Check Point SmartProvisioning. This customer has one Check Point cluster that secures server segments and another Check Point cluster to secure the client segment.

The latest product, Maestro is very good and scales well.

How are customer service and technical support?

Check Point support is very good and we are very satisfied.

Which solution did I use previously and why did I switch?

My company is working with different firewall products but I am a Check Point expert and only support their products.

How was the initial setup?

The initial setup is straightforward.

What about the implementation team?

All implementation is handled by our team.

What was our ROI?

There are different ROIs for each customer but our customers' ROIs are high, as expected.

What's my experience with pricing, setup cost, and licensing?

The pricing is high compared to competitors.

Which other solutions did I evaluate?

Our customers evaluate other products but a lot of them prefer Check Point.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: KocSistem A.S.
PeerSpot user
PeerSpot user
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
Real User
Top 5Leaderboard
SmartLog gives our team a very intuitive way of searching logs and seeing events
Pros and Cons
  • "The most valuable features are the security blades and the ease of managing the policies, searching log for events, and correlating them."
  • "Debugging is very complex when compared to Fortinet, for example. That's the worst thing about Check Point. The deployment of the solution is harder than it is with the competitors. But after you've deployed it, the operation is easy."

What is our primary use case?

The primary use is to segregate the environment internally to create a lab environment and a production environment, for example. We also use them to protect the company from the internet and when going to the internet; to protect the perimeter of the company. We use them to create a VPN with customers and clients, and with the other companies that belong to the group.

We work with 1200s, 1500s, 4000s, and 5000s.

How has it helped my organization?

With this firewall on the perimeter, we detect a lot of attacks with the IPS and the antivirus blades. With the SmartLog for our team that operates the solution, we have a very intuitive way of searching the logs and seeing events, when compared to other vendors that we also have. This is the biggest advantage of the Check Point compared to competitors.

We have a lot of Check Point firewalls and a lot of Fortinet firewalls. The biggest advantage of the Check Point for us is that daily operations are much easier. That includes working with policies, checking and searching logs, dragging objects on the policies and searching where objects are used. All of that is easier in the SmartConsole than doing it on a browser, as the competitors do.

What is most valuable?

The most valuable features are the

  • security blades 
  • ease of managing the policies, searching log for events, and correlating them.

What needs improvement?

Upgrades and debugging of the operating system, as well as the backups and restores of configuration, need improvement. 

Debugging is very complex when compared to Fortinet, for example. That's the worst thing about Check Point. The deployment of the solution is harder than it is with the competitors. But after you've deployed it, the operation is easy.

For how long have I used the solution?

I have been using Check Point firewalls for about eight years.

What do I think about the stability of the solution?

They are very stable. We usually deploy them in clusters, in front of the node. We always have the other one functioning and we have never had an occasion in which one failed and the other also failed. We also have support for the hardware. But regarding their functioning, we are very satisfied. We have never had a big outage because the two members of a cluster went down. They are very good in terms of stability.

What do I think about the scalability of the solution?

We have some firewalls with the VSX functionality which allows us to add more virtual firewalls to the same physical cluster. That allows for scalability. But when compared to Fortinet, the way to have more than one virtual firewall on the same cluster is much harder.

It's very scalable if we have the VSX license for Check Point, which we have in some places. But it's much more complex than adding to the FortiGate. So it's scalable, but it's not easy to work with VSX, especially compared to the competitor.

Our usage should be increasing weekly because our company is buying other companies constantly and we need to deploy firewalls on the companies we buy. It shouldn't increase a lot, though, just a bit.

We have about 1,000 users crossing the firewalls and 10 network admins.

How are customer service and technical support?

The technical support is good in general, but it's better if you call and you are answered by the headquarters back in Israel. We notice a difference if we call at different times and we go through Canada or some other country. It's not bad, but we notice a bit of a difference in the way they handle the tickets and the knowledge they have.

We usually try to open tickets when we know that the office in Israel is open and they are taking the tickets. But there are some times that we can't do that. The others are not bad, but for some stuff we need quicker support and we feel we are being handled better on the Israeli side.

How was the initial setup?

The initial setup is complex and when you have issues, it's more complex. 

To create a cluster or to add a new firewall to the Manager, or when, for example, you want to add a license for IPS or for antivirus, there are often problems with that because it doesn't recognize the license. We end up having to call support. With Fortinet, that kind of initial setup of the firewall is always straightforward.

Now that we have a lot of experience it takes us two days, at the most, to deploy a Check Point firewall, if we don't run into problems with the license.

We are not at the data center, so we need to ask the data center guys to mount the firewall where we need it and to patch it. Then we access it via a console cable, remotely. We have equipment that allows us to do that. We do the initial config via the GUI, and then we add the firewall to the Manager and we start deploying the policies.

What about the implementation team?

We implement the firewalls ourselves.

What was our ROI?

The return on our investment with Check Point firewalls is that we are secure and that we haven't had any attacks that have had a big impact or that were successful. If we had been paying a lot and were being targeted to the same extent, I would say no, that we have not had a return on investment, but at this stage it's a "yes."

What's my experience with pricing, setup cost, and licensing?

In the past, when Fortinet was a young company, the price point of Fortinet was very low compared to Check Point. But at this stage, our experience is that the pricing is almost the same. The pricing of Check Point is fair when compared to others.

The only additional cost we have with Check Point is when we need to do a big migration. Sometimes we need a third-party company, but this is not usual. It's only for big migrations that we sometimes have support from an external company. The last time we needed something like that was two years ago.

Which other solutions did I evaluate?

Half of our environment is with Check Point and the other half is with Fortinet. We don't have a strategy of giving everything to one vendor; we like to have both.

What other advice do I have?

If the person implementing it doesn't have much experience in how the solution works, with the Manager and connecting the firewall to it, and using the SmartConsole, they should try to go through the CCSA materials for Check Point certification. Check Point is easy to work with on a daily basis. Sometimes we get new people working here and they can add rules straight away on the policies and push policies. But if they need to deploy a firewall and they are not used to Check Point and how it works and the components, it's not that straightforward. With competitors like Fortinet, you just have to access the HTTPS of the FortiGate and it's like configuring a router, which is much easier. With Check Point, you need to read some manuals before you start deploying the firewall.

The biggest lesson I have learned from using Check Point firewalls is that if you lose the Manager you lose the ability to manage the firewall policies, which is, in my opinion, the biggest difference when compared to other vendors. Because, for example, if the Manager stops working and the server where you have the Manager gets stuck, you have no way of managing the policies directly on the firewall.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: January 2025
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.