Try our new research platform with insights from 80,000+ expert users
JayPrajapati - PeerSpot reviewer
Senior Network Security Engineer at a tech services company with 11-50 employees
Real User
Top 5
Easy to identify the logs and well managed because of the threat cloud architecture
Pros and Cons
  • "Another thing I like is that whenever we make changes on the firewall, we first need to publish them and then install the policies. This allows us to double-check the policies before they are implemented, which is helpful."
  • "We faced many challenges. For example, an issue with the managed view that Check Point has."

What is our primary use case?

Check Point is mainly used for internal communication. Our clients have multiple platforms, and customers use it for internal communications and protection, from the DMZ to the LAN to the DMZ, and also for MPLS connectivity with multiple branches. 

As I've seen, the customers also use it as a gateway for publishing their website. This is only for the perimeter, however.

What is most valuable?

It is very easy to identify the logs. It is also very well managed because of the threat cloud architecture. 

Another thing is that whenever we make changes on the firewall, we first need to publish them and then install the policies. This allows us to double-check the policies before they are implemented, which is helpful.

What needs improvement?

We faced many challenges. For example, an issue with the managed view that Check Point has. When clicking on a rule, we are supposed to have a full view of that rule and its log portion. This should show what's passing through the rule, what's coming to the rule, and all of that on a single pane of glass. Currently, the log isn't showing when we click on a particular rule. This might be an issue with an upgrade or something. Because of this, we can't implement anything on the live system; we only have a maintenance window every weekend, and it's hard to troubleshoot within an hour.

Another problem is that when we created around two lakhs of Check Point objects on the firewall, it became very slow.

For how long have I used the solution?

I have been using it for two months. 

Buyer's Guide
Check Point NGFW
April 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.

What do I think about the stability of the solution?

It is not slow. But, we implemented two lakhs of objects on the firewall, and that caused the slowness. It can happen with all firewalls, not only Check Point.

What do I think about the scalability of the solution?

Currently, I work with enterprise customers.

How are customer service and support?

It was good. No issues with that.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I can recommend Check Point, Fortinet, and even SonicWall. 

I come from a system integrator background, we first understand the customer's requirements before suggesting a firewall. Sometimes we aggressively push SonicWall because the user's requirements are more aligned with SonicWall. That's how we propose solutions.

How was the initial setup?

It is very easy to install, not that complicated.

The complexity and time depend on the customer's requirements.

No maintenance: In the past two months, we haven't faced anything that required replacements on the firewall.

What's my experience with pricing, setup cost, and licensing?

Pricing is good. The price is very reasonable for enterprise customers.

It offers average pricing. Previously, I worked as a system integrator, and we faced some cross-product environments where Check Point was quite costly compared to the product we were working with.

What other advice do I have?

Overall, I would rate it an eight out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Director at a tech services company with 11-50 employees
Reseller
Reporting is quite easy and good, and you can see traffic in real-time but complex rule management
Pros and Cons
  • "The firewall scanning, like antivirus scanning and malware scanning, are very good. Blocking the user is also very easy."
  • "If you want to make a rule for a specific connection, like assigning some users to one ISP and other users to another ISP, you have to use another device, like a third-party firewall intervention."

What is our primary use case?

Mostly enterprise customers use it for their system security as their main firewall. For example, some customers have multiple backup connections, including fiber connections, for redundancy. 

They use Check Point as the main firewall, and others use it for email scanning and file scanning to detect any vulnerabilities.

What is most valuable?

The firewall scanning, like antivirus scanning and malware scanning, are very good. Blocking the user is also very easy. If you want to block a user, we can just do it within the solution.

The reporting is quite easy and good, and you can see traffic in real-time. But compared to Sophos, Sophos is still better. There are still areas in Check Point that need to be improved.

What needs improvement?

It's actually quite good, but the only problem we faced was during COVID when people wanted to work from home. 

We had to use third-party software to give users access because the Check Point option didn't work as expected. So we used Check Point in the front, but we used third-party software for the virtualization of the applications and everything.

When using redundant connections, sometimes there are issues like one connection going down and switching to another connection. Also, breaking rules can be complicated. 

For example, if you want to make a rule for a specific connection, like assigning some users to one ISP and other users to another ISP, you have to use another device, like a third-party firewall intervention and routing, to get the desired results. Other than that, it's good performance-wise.

For how long have I used the solution?

I've been working with Check Point for the past six or seven years. We always work with the latest version.

What do I think about the stability of the solution?

It's very stable. No issues there.

What do I think about the scalability of the solution?

It's scalable.

How are customer service and support?

Our clients have raised questions to technical support. They all have accounts, so we give them the login details. They send an email to support and get a support request. But normally, we try to handle everything on our own. 

If there's something we can't handle, like a firmware-level issue, only then do we get support from Check Point.

Which solution did I use previously and why did I switch?

It depends on the client requirements also. Some government agencies need Check Point, and some clients need others like Cisco or Sophos. After Cisco, a lot of clients have changed to Sophos. So, we provide solutions depending on the client's requirements.

How was the initial setup?

The initial setup is straightforward, just like any other normal firewall. 

  • Deployment strategy: 

The deployment process depends on the client. For example, if it's an existing customer with an existing firewall, we first see what their current requirements are from the existing firewall, what they need to implement but cannot, or what challenges they are having. 

Then we compare the features of the existing firewall and Check Point firewall, and we tell them what the rules will be, like incoming and outbound rules. We try to see what is the fastest way, without any downtime, how we can point or configure the checkpoint. 

Then, after that, we do the testing, because almost all of the offices need that. So, normally, once we set it up, we give them one month for testing. Normally, for a better line or something, we just use a certain IT department or a sub-department for testing. After that, if it's okay, we hand it over.

In a nutshell:

Requirement Analysis →  Feature Comparison  → Rule Definition → Testing and Validation → Phased Rollout → Client Acceptance

  • Deployment time: 

Normally, for a site, more or less, less than one month. It depends on the number of users. If there are a very large number of users, like 600,000, then it will take around one month or more.

  • Deployment resources: 

Normally, we have two technicians working. One is from the Philippines, trained in Sophos and Check Point. We don't need many more staff for the implementation.

  • Maintenance: 

It's very easy. Only the licensing. Every year, we have to pay, but sometimes clients talk about the cost. Also, very recently, there was a ransomware issue. The only issue is, for example, if it's ransomware, and it doesn't get detected by Check Point and gets infected from another source, we have to prove that it's not from the outside but from the inside. Because there are a lot of case scenarios like this, those are the things mostly.

  • Integration capabilities: 

Integration is a little bit challenging. It's much easier for integration with other applications and domains. When integrating with a domain, there are still some small issues. For example, when applying a group from the domain controller, we sometimes need to test a firewall and do some reporting. There are small issues like that for the integration of LDAP. Other than that, it's good. It can pull up the users and groups, but there are some minor issues when we apply them.

What was our ROI?

It's effective and good.

What's my experience with pricing, setup cost, and licensing?

Compared to Sophos and others, Check Point pricing is good for the current market.

Which other solutions did I evaluate?

In terms of features, Check Point and other firewalls are almost the same. There are no special or advanced features.

What other advice do I have?

I can recommend it to other people. Overall, I would rate it a seven out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
Buyer's Guide
Check Point NGFW
April 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: April 2025.
848,716 professionals have used our research since 2012.
PeerSpot user
Network Administrator at University of Kelaniya
Real User
Top 20
Gives me peace of mind as we can now block BitTorrent and other high bandwidth downloads.
Pros and Cons
  • "The most valuable feature is the IPsec VPN."
  • "The Smart Dashboard and other user interfaces are very easy to use and can be handled without any significant IT skills."
  • "After introducing this NGFW, we have improved our security posture, and now, have peace of mind."
  • "Check Point Smart Dashboard does not support my Apple MacBook Air. It only supports Windows versions."

What is our primary use case?

We are a large University with more than 1000 employees across seven faculties and growing. Student population is more than 15,000 in-house and 30,000 external. The University of Kelaniya Sri Lanka primarily uses the Check Point 4800 device to protect users and servers. The product also enables the VPN with advanced security policies inside our network. This gives us a better security posture. Valuable features include a good VPN, IPsec, and SSL. We use Check Point 4800 as a perimeter firewall and our internet bandwidth expanded to 1Gbps.

How has it helped my organization?

We use it mainly for security and content control. Earlier, we could not block BitTorrent and other high bandwidth downloads from our firewall. After introducing this NGFW, we have improved our security posture, and now, have peace of mind. 

What is most valuable?

The most valuable feature is the IPsec VPN. The application and content filtering is perfect for our university. This device gives us alerts and reports on a daily and weekly basis. It gives us the opportunity to know what is going on. The Smart Dashboard and other user interfaces are very easy to use and can be handled without any significant IT skills. It allows for easy policy management.

The Check Point Capsule VPN is a great feature. It connects to our university in a few seconds.

It's easy to handle and manage. No need for significant IT skills to manage this solution.

What needs improvement?

Check Point Smart Dashboard does not support my Apple MacBook Air. It only supports Windows versions. Checkpoint does not support captive portal in IPv6. We had a big issue. Not solved yet by Checkpoint experts.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

Check Point is a stable product.

What do I think about the scalability of the solution?

No issues with scalability. 

Which solution did I use previously and why did I switch?

We used Cisco ASA 5510 as our perimeter firewall before purchasing this NGFW. It only had firewall features. We switched because we were looking for a strong gateway level security with attributes like antivirus, anti-spam, IPS, web content filtering, application control, and secure wireless access points.

How was the initial setup?

The initial setup was straightforward.

What about the implementation team?

A vendor team implemented this. They gave us in-house training for our staff. They are experts in Check Point and taught us well.

What was our ROI?

It has a great ROI. 

What's my experience with pricing, setup cost, and licensing?

Pricing is negotiable and competitive.

Which other solutions did I evaluate?

We selected the following brands and models by going through different reviews:

We requested that the vendors do a PoC. Check Point, SonicWall, Sophos and Fortinet agreed to run one. Finally, we chose Check Point.

What other advice do I have?

We are in the higher education sector in Sri Lanka. We produce graduates to our country and other countries.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sandun Fernando - PeerSpot reviewer
Sandun FernandoNetwork Administrator at University of Kelaniya
Top 20Real User

Check Point is the best suitable NextGen firewall for our University which has a large number of students. Smart dashboard and other blades are user friendly and it has no need for a high level of IT skill to manage these.

reviewer2516739 - PeerSpot reviewer
Systems Engineer at a tech services company with 11-50 employees
Real User
Top 5
Management is handy, easy to implement and good oversight of our rule set
Pros and Cons
  • "The management is very handy and intuitive, and it has a lot of features."
  • "Check Point could offer a cloud-managed approach similar to that of Cisco Meraki."

What is our primary use case?

It's just enterprise firewalls, firewall clusters for redundancy to secure the company network from the internet, and as well as a data center firewall, for example, if you want to split up subnets to control traffic between them.

What is most valuable?

The management is very handy and intuitive, and it has a lot of features. I think it's one of the products in this market which has the most possibilities.

I saw some other firewall vendors or firewall solutions from other vendors. And maybe I like it because I'm very familiar with Check Point and the management of the Check Point gateways. So, probably, I'm just not aware of how other solutions work and how to use them. 

We also see or have a lot of customers with Palo Alto. That's also a solution we see a lot, but we have been a Check Point partner for more than seven or eight years since the beginning of our company. We have done a lot of research on firewall solutions. 

In our opinion, it's one of the best because the management is very handy. So it's easy to implement every possible configuration, and you have a good oversight of your rule set. 

If I compare it with Cisco Meraki, for example, if the rules grow, then it's very hard to get oversight or to have oversight over the whole rule set. So then it becomes hard to manage.

With Check Point, it's easy because even when you have 200 or more rules, it's still very user-friendly, and you can still quickly manage your whole rule set.

What needs improvement?

What I like about Meraki is the whole cloud-managed feature, where it can configure gateways in the cloud and preconfigure it as well. So I don't need to have access to the device or create a configuration in the cloud. 

And as soon as the firewall comes online connected to the internet, then it downloads its configuration from the cloud. I think Check Point does also have such a solution, but I'm not aware that it's as easy as Cisco Meraki. Sometimes it would be nice if they would have the same possibilities.

For how long have I used the solution?

I have been using it for about five years now. 

What do I think about the stability of the solution?

I have not yet faced any challenges with performance or stability. Sometimes when we implement core firewalls, there are applications that have longer session timeouts than the Check Point firewalls in the default settings. 

Windows has a default session timeout for about two hours, I think, and Check Point's is one hour. So, it's not a performance issue, but the application will not run as well as before the security gateway analyzes and blocks traffic. So, it depends.

What do I think about the scalability of the solution?

Scalability  is a very good point of Check Point's solution. They can scale very well and very large.

How are customer service and support?

The technical support is also very well and specific. It's very useful to have technical support from Check Point.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have experience with Nutanix Flow. It's also possible to enable training in Nutanix Flow where you can redirect the traffic to Check Point gateways. I think that's a very useful feature if you need layer seven traffic analysis and blocks. But I don't have any customers, or we don't have any customers, who use chaining. We also don't have any customers who use a micro-segmentation solution from Check Point. So, I'm not aware if they have a comparable solution like Flow.

How was the initial setup?

For the initial setup, you need a good knowledge of the operating system, Gaia OS. It needs some knowledge to get started, but if you've done it once, then it's easygoing.

Normally, we check the customer's requirements. Then we start to deploy the gateway and start with a basic rule set so the customer is able to refine it for their needs. If we are in charge of creating a complete rule set, we will bring all the requirements into a concept and then create a rule set in a more suitable way.

Some customers have very basic requirements. If it's just to deploy the gateways, then it's very easy and quick. You just need maybe a few days and a maintenance window outside of business hours. But there are also customers who have a lot more requirements, like scanning or analyzing the traffic for subnets inside of the network. 

For example, a core firewall can be very time-consuming. You need to do a lot more research and concepts or write concepts on how to achieve that. That can take a few months.

For maintenance, you need to know what you do. It can be difficult if you don't know what you want to achieve. If you are not aware of network security, then probably it's not that easy, and you may run into configuration errors or mistakes. It's easy to manage, but you have to know what you do.

What's my experience with pricing, setup cost, and licensing?

Check Point is not the cheapest vendor in the market, but it has everything you need compared to other solutions. So that's probably the main reason for the cost or the prices. I think it's probably on the same level as Palo Alto.

What other advice do I have?

I would recommend Check Point to other users who are looking into implementing it.

I would advise others to compare or write down their requirements and have a look to see if Check Point is able to fulfill all the requirements.

Overall, I would rate it a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
reviewer98265120 - PeerSpot reviewer
Senior Technical Consultant at CDW
MSP
Top 20
Improves environments, has helpful support, and offer great compute power
Pros and Cons
  • "The Check Point appliances are considered NGFW devices and can process both the ASA and FTD requirements on a single instance, removing the requirement for an expansion SSD module and/or additional hardware."
  • "We'd like an option that can convert other vendors' NGFW configurations to supported Check Point NGFW config for ease of migration."

What is our primary use case?

The customer purchased Check Point 6200 Firewalls to replace their aging Cisco ASA firewalls on the perimeter of their sites. The Cisco Firewalls must be replaced due to insufficient capacity.

It is envisioned that the initial migration will be a direct replica of the ASA configuration, with the client expanding the solution post-migration, with Check Point NGFW features.

This project consisted of the following deliverables:
• Rule base is migrated like for like, in which ASA Firewall zone-based rules will be converted to Check Point Parent/Child layered rules.
• Firewall zones to be imported and reviewed post migration by client.
• NAT rules will be migrated “as-is”.
• Geo-location rules from FTD will be honored and mapped into Check Point.
• Client-based blacklisting will be migrated into the solution, using external feeds via URL.
• A single IPS profile consisting of a clone of the vendor's “out-of-box” balanced profile (optimized).
• 1X site-to-site VPN.
• Integration into Client’s Cisco ISE solution for RADIUS-based admin authentication.
• NGFW licensing and blades to be installed on firewall devices, to allow features to be enabled in the future and expand the solution.

How has it helped my organization?

The Client wishes for the ASA firewalls to be replaced with a Check Point systems solution, which consists of 6200 Plus Appliances. 

The initial requirement was to migrate the configuration in an “as-is” state, with the necessary licensing purchased and installed to enable expansion of the solution with next-generation feature sets in the future.

The solution was able to meet and exceed the client's requirements thereby improving the client's environment.

The management server is software-based.

Firewalls and licensing include:
• FW
• IPS

The solution provides a single pane of glass management of rules/logging.

The solution supports IPsec tunnels FOR 1X IPsec VPNs.

The solution integrates with the client’s Cisco ISE RADIUS solution for administrative access.

What is most valuable?

The compute power of the appliance is great. The Check Point appliances are considered NGFW devices and can process both the ASA and FTD requirements on a single instance, removing the requirement for an expansion SSD module and/or additional hardware.

What needs improvement?

We'd like an option that can convert other vendors' NGFW configurations to supported Check Point NGFW config for ease of migration.

Check Point configuration options can be very enormous and overwhelming.
Check Point comes with a very lean learning curve even though they offer a robust knowledge base. 

A lot of configuration cannot be accomplished via the web interface or the smart dashboard software and must be done manually via the command line interface.

I'd like to see some built-in automation for the firewall alerts/events to trigger an automated response or recovery.

For how long have I used the solution?

I've used the solution for three years.

What do I think about the stability of the solution?

The solution is stable with frequent version and management updates.

What do I think about the scalability of the solution?

The solution is highly scalable and expandable.

How are customer service and support?

The solution offers great customer support.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used a different solution and needed more processing power and functionality which this had compared to industry competitors.

How was the initial setup?

The setup was straightforward yet third-party device migration contained a lot of manual configuration conversions.

What about the implementation team?

I implemented this myself.

What's my experience with pricing, setup cost, and licensing?

Pricing can be relatively more expensive when compared to industry peers, however, the functionality makes up for the price difference.

Which other solutions did I evaluate?

We also evaluated:

What other advice do I have?

This is a great overall solution.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Check point Partner
PeerSpot user
Network and Security Administrator at CNR-ISTP - Consorzio RFX in Padua at Politecnico di Milano
Real User
Top 20
Good interoperability and log analysis but could improve VPN clients
Pros and Cons
  • "I like the dashboard, redundancy, log analysis, threat prevention and ISP, and VPN."
  • "IoT should be considered in future development."

What is our primary use case?

We're an international research laboratory, focused on thermonuclear energy experiments. Due to strong remote collaboration, and to control network communication, we choose the Check Point NG Firewall solution.

Most of the personnel are researchers. We also have a strong collaboration with a University and take care of a European Ph.D. on thermonuclear fusion, as the future clean energy.

How has it helped my organization?

We aim to constantly improve firewall technology, which is a key strategy nowadays. We've chosen Check Point in 2007 and step-by-step upgrade and expand cyber security deployment using their solution. 

We appreciate the support and escalation when issues are in place. We really appreciate the solidity of the solution, the redundancy, we own a couple of appliances in failover. 

We use Check Point to grant VPN access both for clients and also in specific site-to-site IPSec remote connections.

What is most valuable?

I like the dashboard, redundancy, log analysis, threat prevention and ISP, and VPN.

The dashboard has clean and focused menus and tabs, that offer immediate access to important information and configuration. 

Log analysis is really powerful considering the enormous amount of logged data. 

We use a specific function to control bandwidth occupation based on protocols and IP subnetworks.

Fundamental is the interoperability with RSA SecurID, Windows AD/Azure.

We're in the process of moving to the MS O365 cloud, and Check Point helps us with this.

What needs improvement?

Maybe the VPN clients could be improved, however, only from a cosmetic point of view. They use a very old GUI and should help remote assistance in case of problems to make it more accessible in terms of getting log/debug information. On this, I suggest an approach like ZOOM US, where is clearly defined the application life cycle, and users warned over time.

We're in the process of moving to a cloud hybrid solution based on MS Azure, and on that field, quite common nowadays, it seems that more has to be done, moving from on-premise historical deployment. 

IoT should be considered in future development.

For how long have I used the solution?

I've used the solution since 2007.

What do I think about the stability of the solution?

It is an absolutely stable solution. It is easy to put maintenance on an appliance without losing any connectivity.

What do I think about the scalability of the solution?

The last release, R81, is impressive, at least in these first months, having recently upgraded from R80.

How are customer service and support?

My experience is good, both on technical issues, and commercial support during renewal.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We previously used a Cisco PIX firewall.

How was the initial setup?

The setup is somewhat complex, however, technical documents are clear, and the most common solutions are well described.

What about the implementation team?

We implemented it with a third party and in-house. The support company that helped in Italy is fantastic.

What was our ROI?

We may need more time to measure ROI.

What's my experience with pricing, setup cost, and licensing?

Check Point is not a cheap solution, however, on cyber security, we prefer to stay with a key player.

Which other solutions did I evaluate?

We constantly verify other vendor solutions, such as Palo Alto, Fortinet, and Sophos.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1776732 - PeerSpot reviewer
Senior Solutions Architect at Maersk
Real User
Easy to manage with good hyperscaling and helpful technical support
Pros and Cons
  • "By far, it's the best security solution one can adopt for their organization."
  • "The perimeter antivirus can be improved. It's not as good as other leaders."

What is our primary use case?

The device is being used for perimeter security devices across multiple clients across sites. Check Point has not only improved our organization - it also has given us holistic perimeter and endpoint security protection throughout the enterprise.  

Our sites across the globe have Check Point perimeter protection.

Pros include:

  • Internal Network Protection from outside network
  • VPN connectivity for secure data transmission across multiple vendors
  • File download antivirus security
  • URL Filtering
  • Application filtering
  • Malicious domains blocking

How has it helped my organization?

The solution has helped out organization stay safe with its depth application filter, URL filtering, and SSL inspection. It's mitigated a significant amount of risk for corporate users as well as to host services at our terminal that need access from the internet. By far, it's the best security solution one can adopt for their organization. 

It's:

  • Reduced attacks on DMZ servers
  • Blocked access of malicious destinations hit by internal users
  • Complete visibility about what is going and what is coming via internet
  • Check Point is the industry’s unified cybersecurity architecture that protects businesses against sophisticated 5th generation cyber-attacks.
  • Having multiple checkpoint products under the same roof provides consolidated security.
  • Ultimately saving cost by having better centralized solution

What is most valuable?

The solution has a lot of valuable aspects, including:

  • IPS & IDS
  • Sandbox (Threat Emulation & Extraction)
  • Ease of management
  • Reports for analysis
  • Better technical support
  • Stateful inspection
  • Application-aware boxes
  • Threat detection capabilities
  • Hyperscaling

Data loss prevention, compliance, threat emulation, and other blades overall make this a robustly unified platform for the implementation and management of security controls.

Since it is Layer 7, we are able to get down to the application level and block certain applications from even running.

Since it has an IPS in place, we are able to see possible attacks that have been prevented by the firewall.

What needs improvement?

The perimeter antivirus can be improved. It's not as good as other leaders.

Additional features that could be good to have/improved include:

  • Modular capabilities 
  • Integration with VMware and NSX products per client requirement
  • 3rd Party support product is very limited 

The solution can integrate with other vendors to form IPsec connectivity with redundancy - which is only possible now between the CP to CP FW only.

The licensing part is a bit tricky. The product can simplify this further for ease of use.

They need to work on log size optimization.

Antivirus signatures should be updated in real-time.

For how long have I used the solution?

We've used the solution for the last eight years.

What do I think about the stability of the solution?

The stability is very good.

What do I think about the scalability of the solution?

The scalability is very good.

How are customer service and support?

Technical support has been great.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did not use a different solution previously.

How was the initial setup?

The initial setup is straightforward. 

What about the implementation team?

We had a vendor assist us.

What's my experience with pricing, setup cost, and licensing?

We haven't used other products.

Which other solutions did I evaluate?

We also looked at FortiGate and Palo Alto.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Security team leader at a aerospace/defense firm with 10,001+ employees
Real User
Management platform and GUI are intuitive and user-friendly, but QA on releases needs improvement
Pros and Cons
  • "The management platform and the dashboard, the graphical user interface, is one of the best, if not the best, in the business. It's the most intuitive and it's really user-friendly in day-to-day operations."
  • "One of my issues with Check Point is the stability. There have been too many bugs, over the years, when I compare them with other vendors. Their QA team should do better work before releasing their GA versions."

What is our primary use case?

The reason we have the Check Point Next Generation Firewall is that it's our main perimeter firewall in all our branches around the world. It secures the IT infrastructure in all of our environments and our subsidiaries. We also use it to set up tunnels between all our sites.

We have multiple versions from the legacy R77 to the latest R80.40.

How has it helped my organization?

In today's world, there are a lot of risks related to infrastructure security, malware and more. The Check Point has multiple blades in the same product, which improve security in IPS, application control, and URL filtering. You don't need to buy multiple, separate products to achieve the best security.

What is most valuable?

The basic most valuable feature is the firewall itself.

The management platform, dashboard, graphical user interface, are one of the best, if not the best, in the business. It's the most intuitive and it's really user-friendly in day-to-day operations.

The VPN means you can communicate in an encrypted manner between sites. 

The application control and URL filtering are also very beneficial. They enable you to tighten security and decide which applications or websites you want to grant access to. In our company, we don't allow anyone to freely access the internet to surf all websites. Some sites may be sensitive and some of them may be inappropriate. It allows us to control the traffic.

What needs improvement?

Their management features are the best, from one point of view, but they are too heavy. For example, if you are looking at a configuration file, you can't just browse through it and see all the configurations like you can with other vendors, like Cisco and Fortigate. With those solutions you can just go over the configuration file and read all the objects and the policies, etc. 

Because of the Check Point architecture, the data file itself is huge if you're comparing it to the data files of other vendors. The difference is something like 3 Mb to 1 Gb. It's not so straightforward. 

The data process is also not so simple. You don't just load a text file which has all the configuration. It's a more complex process to restore it from a backup, when it comes to Check Point.

For how long have I used the solution?

I have been using Check Point's NGFW for approximately 10 years.

What do I think about the stability of the solution?

One of my issues with Check Point is the stability. There have been too many bugs, over the years, when I compare them with other vendors. Their QA team should do better work before releasing their GA versions.

What do I think about the scalability of the solution?

If you're looking for scalability and you need to add more power and performance and to scale up, they have a new solution, but I haven't used it yet.

In terms of the extent of our use, it's our main firewall. Everything flows through it.

We currently have four direct users and all of them are security engineers. I'm doing most of the deployment and the others are responsible for the day-to-day operations. In the overall company there are more than 10,000 users, and the traffic throughput is around 10 Gb.

How are customer service and technical support?

They have a very extensive Knowledge Base on their website, which is very helpful. But if you contact their technical support, not all of them have all the skills. If you open a ticket it may take a while to be resolved. It can take more than a month until they finally escalate it several times internally and then, finally, find a solution. But the first tier is not too technical.

Which solution did I use previously and why did I switch?

The previous solution, Contivity, was before my time in this company and I don't think it even exists anymore. The Contivity was only a firewall and our company wanted more features and benefits. It didn't have next-generation firewall options, like URL filtering, user identity, and IPS. As risks evolved in the data security field, our company needed to adapt.

How was the initial setup?

The complexity of the setup depends on which branch we're setting it up for. If it's a new branch, we can spin up a new firewall in less than an hour or so, do all the configuration, and it's ready for production. But if we're replacing an existing solution, the migration process may take some time and the people involved need more extensive knowledge, compared to spinning up a new firewall.

If it's a complex environment and you're migrating from one solution to another one, or even from an older version to a new version within the Check Point platform, I would recommend not to do it by yourself. In those cases you should use a third-party partner or Check Point Professional Services.

What about the implementation team?

I did most of my deployments by myself, but in our headquarters, where there was an older version of a Check Point version, and they wanted to migrate to a new one, I used a partner. The partner I used was SafeWay, a company in Israel. They have quite extensive knowledge and they are very professional.

What was our ROI?

It's hard to measure ROI in financial terms, but our productivity has gone up with the new version of the R80 because we don't need to wait for one administrator to log out of the management system for another to be able to log in. Multiple administrators can now work simultaneously on the platform. That productivity increase can be seen as a form of ROI.

What's my experience with pricing, setup cost, and licensing?

Use the basic sizing tool to do the correct sizing so you don't waste too much money, because it's not a very cheap solution when compared to other vendors. There are other vendors that are more affordable.

There are no costs in addition to the standard licensing fees, except maintenance.

Which other solutions did I evaluate?

We have not evaluated any other options.

What other advice do I have?

My best advice would be, if you are not as skilled, that while you don't really need to use the Check Point Professional Services, you should use a partner that has good knowledge of the device. If it's just a straightforward deployment without all the features, it may look simple but there are too many options. Eventually, you may use 30 percent of them. I don't think you will use 100 percent of all the features that are available.

Overall, I'm a little bit disappointed because of the numerous bugs that there are.

I would rate it at seven out of ten because their management platform and the dashboard. It's the most intuitive and user-friendly in day-to-day operations, as long as you're not dealing with the bugs.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: April 2025
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.