Check Point NGFW Reviews

We are using Check Point Next-Generation Firewalls to protect and prevent our corporate network and infrastructure from attackers.  We are using NGFWs to filter unwanted and malicious traffic from the internet. Check Point NGFWs provide Layer 7 or application layer monitoring and detection. 

It is a stateless firewall which examines packets deeply and detects any malware or malicious URLs. It greatly protects our infrastructure by acting as a perimeter for our organization. 

Moreover, it has log ingestion and deep packet analysis capabilities. 

Check Point Next-Generation Firewalls improved the security posture of our organization by detecting, analyzing, and blocking unwanted traffic. It blocks any malicious files, processes and URLs due to having deep packet inspection and monitoring. 

Check Point firewalls not only detects anything malicious against it's signatures rather it analyses and monitors all processes running on different machines to detect anything wrong and then block those processes or URLs. 

Log storage gives us insights when required. 

Deep packet inspection, Layer 7, and application layer monitoring and detection are the great features of Check Point Next-Generation Firewalls. They greatly improve and protect an organization, its staff, and its resources. 

Check Point's SmartConsole is a great tool for admins as all firewalls can be centrally managed and all policies can be pushed as and when required by using SmartConsole. Log ingestion and threat hunting are also great functions in Check Point firewalls that enhances and improves a security posture. 

The SmartConsole to manage Checkpoint Next Generation Firewalls takes a long time to load and gets stuck sometimes. It could be due to a lot of rules and policies defined on the firewalls. However, SmartConsole software needs to be improved by having some more functions to make an admin's life easier. 

Log queries are slow and take time to load. 

Query functions need to be improved and should be quick to give the required information. 

There should be filters having drop-down options to use and select during log analysis. 

I have been using Check Point firewalls for more than two years. 

We have proposed and deployed Check Point in a university environment that has multi-layer firewall protection for different zones, including DMZ, a server zone, Wi-Fi, a staff zone, a student hostel zone, guests, etc. Each zone is guarded by a firewall.

We need the NGFW to protect and secure the campus networks for more than 50,000 users. One of the key points is it is cost-effective and scalable to expand the throughput capacity. We expect the solution is possible to protect the networks for at least five to eight years without replacing the hardware investment. 

The solution provides better stability and some interesting features such as the ease of throughput expansion (or we can say the load sharing).

The scalability helps to offload the high traffic volume during school time. It also enhances redundancy. 

The load sharing capabilities using ClusterXL is possible to switch over the cluster mode to load sharing or Maestro. I also appreciate how easy it is to scale this product.

It is also great that the Check Point community (CheckMates portal) has a lot of helpful guidance. It helps us to work better and ease to find unfamiliar configurations on the new features, it is great for larger organizations as well as very small ones.

They offer very scalable solutions to extend computing resources if needed. We can expand the capacity in a very short time. 

The threat analysis reporting from their management console is very comprehensive and easy to use. 

Their web-based dashboard is well designed and offers much out-of-the-box reporting, and provides admins extensive customizations. 

In the operational GUI, Check Point provides rich customization methods to allow us to easily visualize/categorize objects in different colors. It makes operating the firewall much easier.

Under the same capacity requirements, Cheak Point is a bit higher than Fortinet yet much cheaper than Palo Alto. Although using Quantum Maestro to enhance scalability expansion is very helpful to cut down the total cost, it is still an issue for most of the company. Check Point is not a cheap solution and it's always painful to see exactly how much we need to spend on this. 

The upgrade process is not as easy as may be expected. If there is something that goes wrong, it causes the internet service to go down for the whole campus network. I am not happy with that situation since the upgrade process is a very common process. The outcome is not acceptable.

It is scalable and very easy to expand the throughput and resources.

Check Point firewall provide a very cool feature using Quantum Maestro Hyperscale Orchestrator, it provides on-demand cloud-like scaling of our on-premises security gateways. By using Maestro, we can aggregate multiple mid-level Check Point appliances to provide a high throughput volume. It is very useful to scale up to 52 appliances. If we use other firewall solutions, they can only aggregate up to TWO firewalls with same model in clustering or purchase a more high end model firewall. 

For a long term planning, we can expand the throughput by reusing the existing Check Point hardware investment and adding new appliances to.

The deployment is straightforward, however, the ongoing upgrades are not satisfactory.

We use the solution for network security, perimeter security, DMZ, antibot, antivirus, endpoint protection, email security, sandblast, and DLP. The environment is a multi-environment and consists of multiple networks, segmented and managed by a management server. These firewalls protect the network, external and internal. 

We are also protecting several customers and it allows remote access connection from anywhere in a secure way.

There are also site-to-site VPNs with different customers, vendors, and cloud providers, using the highest security encryption algorithms.

The organization is more secure. These firewalls work as expected. We have a perimeter and network segmentation well defined and firewall features and blades like IPS, Identity awareness, antibot, antivirus, threat prevention, endpoint security, and DLP, all allow the organization to have most of the security components centralized which allows for easier maintenance and monitoring. 

In relation to the monitoring, Check Point has tools that allow the administrator to track the traffic, and identify threats, attacks, and also check the forensics to understand what happened in case of a breach and ensure it won't happen again.

The most valuable elements include:

Smart View Tracker: To check the traffic logs easily. This is the best logging tool for me so far. You can identify almost everything from the logs, using a smart view tracker.

Smart Dashboard: allows for rule creation and administration and management and is user-friendly. The administration allows you to copy and paste rules, move the order, and create objects, pretty easily. It is very handy.

CPUSE: A Smart way to upgrade firewall software versions. You can easily verify if you can upgrade to the desired version, download the right package and upgrade, and also check the status of the upgrade. It's a great tool.

Error logs can be more specific. Sometimes the error shows only a general error and the solution could be hard to find or difficult to apply. 

Documentation can be improved. It has been improved, however, when you search for errors, in relation to documentation and how to solve it, sometimes it is not that simple to find the right solution. Troubleshooting errors could be sometimes difficult and some tools are only available for the Check Point support team. 

The price is also a factor to take into account. Other competitors offer low prices in relation to Check Point and the executive team may opt for the cheapest vendor (if you have to compare to another good one yet note a cheaper price).

I've used the solution for ten years.

The solution offers good scalability.

The solution offers good customer service and good support.

Positive

I have been using Check Point since the beginning.

The initial setup is straightforward.

We handled the setup in-house.

The solution is super stable.

The pricing could be better, however, the vendor is excellent and I strongly recommend it.

I did not evaluate other options.

I'm a consultant and Check Point partner. I have deployed a lot of Check Point firewalls and support Check Point firewalls for our customers. Our customer environments are different. I deployed standalone, cluster, and two-layer firewalls. 

One of our customers has over 200 branch offices which were protected by Check Point SMB appliances. All these appliances are managed by CheckPoint SmartProvisioning. 

This customer has one cluster Check Point which secures server segments and one cluster Check Point which secures client segments.

Check Point firewall products include a lot of modules. Application Control, IPS, email security, mobile access, content awareness, URL filtering, antivirus, antibot, and DLP. Check Point meets our customer requirements at the perimeter with an all-in-one solution. 

For example, the IPS blade prevents attacks with updated signatures. URL filtering policy control customers users' internet activity. Antivirus and antibot blade controls malicious activity and files. Mobile access blades give customers to access their sites from anywhere securely.

There are a lot of features that I found valuable for our customers. 

For example, active-active and active-standby high availability features are very useful. 

If you want to share traffic loads to both cluster members you can use the active-active feature, if you don't want to share traffic loads you can prefer active standby. Your connections sync on both cluster members at both high availability choices. That way, your connections are never lost. 

Another valuable feature is performance improvement ability. With ClusterXL and CoreXL you can improve performance.

Check Point should add additional management choices. For example, Check Point doesn't fully have management support via browser. You need to use Check Point's SmartConsole for management. SmartConsole is .exe and it is supported only on the MS Windows platform. If you are using Linux or a Mac you can not manage Check Point. You should be able to use a virtual PC whose OS is Windows inside the Linux or MAC. Check Point states that this is a decision made for security reasons, however, certain management features can be done through the browser, yet not fully.

I have been using the Check Point firewall for about 20 years.

Check Point support center is very professional.

Positive

We did not use a different solution previously.

After buying the firewall, you can use Check Point for a lifetime, however, it is a subscription base for content security features.

We also evaluated Fortinet and Cisco.

If you are looking for a firewall appliance that has a lot of security features, easy installation, and configuration, Check Point firewall products are the best for you.

We are using the new version of Check Point NGFW. 

We use the solution for web page protection to provide the security service which is lacking in Bolivia, a poverty ridden country. 

I like the facility of the product configuration. The ease with which the solution can be put into production makes it easy for my employers and for me to provide client support. 

The interface could be better. There is much equipment that is involved in the monitoring of many clients in a single interface. 

With other platforms, such as WatchGuard, it is very simple to manage four, five or six of these. We are talking about a lot of clients. The platforms for doing monitoring should be addressed. 

The solution boasts good stability. 

The solution boasts good scalability. 

I have not had need to make use of technical support. 

The initial setup is easy. 

When it comes to the deployment and maintenance, there are two people involved, one for the deployment and the other for monitoring, consisting of an engineer and a technician. 

I feel that the clients are very satisfied with the product.

I don't have any particular advice when it comes to the deployment process. This will depend on the client's needs. 

I rate Check Point NGFW as an eight out of ten. 

We are using Check Point NGFW as a firewall for our organization. All the internet traffic goes through it.

The separate management feature of Check Point NGFW is very convenient.

I have been Check Point NGFW for approximately five years.

The solution is stable when it is running incapacity, if it goes beyond it can be not stable. There could be more stability by having more ports or CPU power.

The solution is scalable.

The technical support is really poor. We have to wait for approximately 48 hours sometimes for a simple solution.

The installation is not straightforward.

We needed help from the Check Point expert experts because we deployed it in the HA. It's a bit different from the other firewall vendors. You need a Check Point expert to deploy it initially.

We have a five-person technical team for the maintenance of the solution. We use managers, admins, engineers, and developers.

I rate Check Point NGFW an eight out of ten.

My primary use case of this solution is for the data center in the perimeter security. We configure all of our security features like anti-boot, antivirus, and filtering.

I think the most valuable feature is that the application and configuration were easy for us. When we need to do some work with the networks, configuration and deploying are easy - if I want to search for information, it is easy in the Check Point platform.

I think the price of this product could be improved - other solutions are cheaper in comparison. In the next release, I would like to be able to perform sandboxing to check email attachments and information sent through the cloud for viruses.

I think this solution is stable.

My impression is that the solution is scalable.

I implemented using a vendor team, whose performance was good.

I considered using Cisco before deciding on Check Point.

Check Point is easy for the configuration user. I would rate this solution as eight out of ten.

I work for a systems integrator and have designed and deployed solutions over many years with Check Point components. Problems solved with Check Point NGFWs have included securing the edge, data center segregation, SWG replacement, Remote Access, and many others.

I have designed and installed Check Point deployments from a single SMB appliance to multiple highly available chassis, running numerous virtual systems. Numerous different use cases include appliance form-factors, running modules, and licenses.

I have always found that Check Point's fully integrated management provides significant improvements to organisations where I have deployed them. As management has always been integral in the Check Point deployment, all functionality and visibility is natively baked into the management platform, which provides a single point to configure and monitor every function. Alternative vendors have added centralized management functionality as a secondary feature and therefore have never been able to compete on this front.

Management integration is holistic as centralized management has been core to the solution for decades. Where other vendors have bolted management on over time, Check Point has always made it central to everything that they do.  

I find that this is one of the most significant and valuable features of Check Point. In addition to that, many new features that eventually become the standard across the industry end up being first introduced by Check Point - sometimes years ahead (such as Threat Extraction which allows active content to be stripped from files being downloaded and a "clean" copy to be provided in near real-time, while sandbox inspection is being performed).

Product-wise, I have no real complaints. 

Potential improvements could be made around simplifying VPN functionality and configuration.  

The main area that the organization can improve is around the lack of local, in-state technical support. Competitor vendors have a strong presence in the Adelaide Market, however, Check Point has always been limited with its commitment to staffing local technical resources. If this focus is made, I could see Check Point returning to the strength that it once had in the Adelaide market.

I've used the solution for 17 years.