Check Point NGFW Reviews

Generally speaking, it's like any other NGFW. It's quite a versatile solution for many aspects. It's not like a separate solution for firewalling, but a separate solution for web access. It's just very convenient to have everything in one box. On the other hand, when you need something, like a very top-rank solution for very specific things, like network intrusion prevention or network intrusion detection as a component of NGFW, I would say it looks weaker compared to the well-designed solution for its purpose. It has the same issue as many other versatile or unified solutions, so it's really convenient.

From our point of view, including me and my colleagues, I would say it's really good that they have a lot of integrations with third-party companies. Integrations with third-party companies are really convenient. API offers many convenient ways to integrate with open-source solutions. It's very, very good when you have everything in one package and one bundle.

If you check each and every point from this part, you will find some flow in an area, or you will discover another flow in another area. It's unfortunate, and not a usual situation and it is not just for NGFW but for any other tool, making it a disadvantage where improvements are required.

For the next release, I would prefer the tool to be more flexible in terms of general deployments because some additional companies must be deployed as a basic one. For those who have been working with their solutions for a relatively short amount of time, it would be better for the tool to offer an adequate knowledge base, not just very superficial information, or maybe not too much in that spot, something like average stuff. The tool should be more flexible in terms of deployment, and a more adequate knowledge base should be available.

About the UI, it is hard to comment because it has been more or less the same for many years. Professionals have already been using the tool's interface for many years. From a contemporary angle, the tool's interface looks a bit outdated from a UI point of view. The UI has been more or less static in terms of changes for the last couple of years. People can get to the UI and work with it in a couple of months, but compared to any other solutions on the market, which are more flexible and more rapidly evolving, I would say that UI should be considered for improvement.

I have been using Check Point NGFW for two to two and a half years. My company is a partner and reseller of the solution.

For stability in high-load networks, I rate the solution a six to seven out of ten.

Scalability-wise, I rate the tool an eight to nine out of ten.

There could be some performance issues under the heavy deployments and heavy load, but generally, if you are talking about the general scalability, it is quite good.

The tool is suitable for large and very large enterprise businesses. From our company's practice, I would say it is meant for banks and financial institutions. It is also quite popular in heavy industries. I would say it has a more or less wide list. It is more or less very popular in banking.

The tool can be scaled up, but even despite high scalability, it requires a lot of extra companies to bear a high-load environment and high-load networks, making it a bit unfair, especially when comparing some of the numbers with the real-world statistics it likes too far from reality.

The solution's technical support is fine. I rate the technical support a nine to ten out of ten.

Positive

If ten means easy, I rate the product's initial setup phase a six to seven out of ten. It is not a plug-and-play solution. It requires much more skill and effort for the specialist to set it up properly. Even if there are any PoCs, you can easily discover the difference between the easy setup process and the more difficult setup phases, and I would say that Check Point falls under the latter category as it takes much more time and effort. Sometimes, it could be buggy, and you just need to fix some other firmware or software update.

The solution is deployed on an on-premises model for large and very large enterprises.

The time to deploy the solution depends on the stage because you can talk about the initial deployment or you can talk about the deployment, including the integrations. I would say that the integrations would be really time-consuming. For the initial deployment, I would say it is a couple of days if it is not really a large installation and a couple of weeks are needed for the initial deployment.

ROI is like an artificial point in connection to a solution like Check Point NGFW, and its numbers are quite questionable.

Suppose the company has too many different solutions from different vendors. In that case, it becomes a greater burden in terms of support and everything, especially in terms of management of these solutions. I would say that Check Point would be a good choice if they are planning to migrate. If it is something like a choice between one NGFW from a vendor and you want to move into the Check Point NGFW, it becomes a bit more tricky. It becomes really hard to say about the ROI because it is just like a different approach. If you are moving between a lot of different solutions from different companies, then ROI will be really good and attractive.

The tool's price is reasonable in case you are not using it in a high-load environment. If you are not expecting significant increases or peak increases in loading, it should be fine. If it is a really highly loaded VLE environment, and if you try to rely on the tool's official numbers, I would say you can put your environment and network in jeopardy because it becomes really unstable. For the last couple of years, the situation has changed, and it has become really tricky to understand why the tool's official numbers aren't aligned with real-world numbers, which is a big problem for the VLE customers because when they are just trying to consider their official stats and official scalability numbers, it might be tricky. VLE customers should have, like, a 20 to 30 percent extra, or else, at this point, it becomes much more expensive.

The tool's prices don't make any sense because we are not talking about MSRP prices for VLE. We are talking about the discounted prices, which could be a really, really huge gap between the MSRP and the discounted price. I don't think these numbers will highlight any beneficial aspect of the price for you.

There needs to be accuracy in terms of scalability. It should be well-designed, and if the customer does not have enough resources or their own resources, it is better to involve an adequate number of SIs. The system integrator will do the trick, and if a person is experienced, then everything can be really good in terms of the certifications, the statistics, and everything else. The system integrator should do everything properly, but it will be quite expensive, especially if we are talking about large and very large enterprises. For mid-sized businesses, it should be fine because it is less tricky, and even the normal specialized person on the customer side should be fine with using it, as it can be quite easy. In any case, scalability is a bottleneck here.

I rate the tool a seven out of ten.

Primarily, it's used for customers who want to add their network security.

The IPS protection is the most useful feature that I found from Check Point. It has a feature called WatchTower, which helps you manage the device using a mobile. That's the most used feature. 

Other than that, it's quite simple. All the other features are what you find in all other firewalls. So the best feature that I find from Check Point is WatchTower.

The setup is a little complex compared to its competitors. That's what makes it stand out. Other than that, it could always be done by another product, but they have a lot of IoT products. This is definitely something like a Check Point Quantum device.

I have been using it for two years. The version I use is R8x series. I'm not exactly sure, but it's the latest version.

It is a stable product. 

It is a very scalable solution. 

The customer service and support have been good.

Positive

I used Sophos XG. We (my company) still use Sophos, Check Point, and FortiGate. We use all three firewalls in our environment.

Check Point has a really good feature where they give us a subscription for IoT device protection, which other vendors don't have. Sophos, I don't think they have it. 

Fortinet charges for it separately, so that's an additional cost, but with Check Point, the feature is built in. It's not an additional license.

Moreover, Check Point has started promoting a lot. It's well known here in our region.

The initial setup is complex. It's pretty easy to maintain.

We deployed it for customers. So maybe if we do a big deployment, it could be difficult.

The pricing is reasonable compared to the features that you get.

I highly recommend it to users who have a lot of IoT devices.

It all comes down to one simple thing:

"If you have IoT devices, I highly recommend Check Point NGFW. If you don't, it's a bit complex compared to Fortinet and Sophos."

But once you get the hang of it, you can quite easily configure the device.

Moreover, Check Point has a certification program if you want, and you can learn with that. They also have a separate certification program that you can take, a paid certification program.

I am satisfied with the documentation by Check Point. 

Overall, I would rate the solution a nine out of ten. 

Our customers have been using it for the network security.

Unlike Fortinet, where the log loading process can take up to a month, Check Point stands out for its efficiency. While other solutions may only provide logs for a short period, such as one or two months, Check Point impressively retains logs for up to six months on some machines and at least three months on others. This extended log retention period is a significant advantage for our customers, providing them with valuable insights and enhancing their overall security posture.

One of the most advantageous features of Check Point firewall is its multi-interface capability. While traditional firewalls typically have a single interface, Check Point stands out by offering tools with multiple interfaces. This capability, now known as SmartConsole, allows users to manage policies, security objects, and routing points all from one dashboard. This contrasts with other firewalls where users often have to log in separately to access different functionalities. The hierarchical structure of communication and management in Check Point firewalls adds complexity, making it more challenging for attackers to exploit vulnerabilities. Additionally, Check Point introduced SD-WAN functionality in December 2013, further enhancing its capabilities and staying ahead of the curve in network security.

There's a significant area for improvement when it comes to pricing. While frequent updates and patches are released, which is commendable and adds significant value, the loading time for SD-WAN updates can be excessively long.

The feature we're eager to see enhanced in Check Point is reporting, particularly in terms of highlighting past reports. Currently, if we create a rule for a report in the morning, we expect to receive an email highlighting it. While we can set this up, the issue lies in segregating the project into separate reports.

I have been working with it for five years.

Occasionally, we face certain issues and downtimes. Downtime varies depending on the type of changes or updates being made. For instance, a version upgrade typically requires only fifteen minutes for reboots. However, for patch updates or version updates, downtime can extend to at least one hour. In some cases, especially in custom environments, downtime may exceed two to three hours.

It provides good scalability. Despite having only three customers, I've implemented the firewall for over a thousand users. These users are situated in factory environments, meaning there are thousands of endpoints, including those connected via VPN.

I am relatively satisfied with the level of technical support provided. We primarily work with Indian support teams, and while some technical engineers are exceptionally intelligent and quick to resolve issues within ten to fifteen minutes, others may take longer. However, the crucial aspect is that they eventually provide an answer or escalate the issue if needed. When I contact support, I first inquire about the assigned person, and if I am familiar with them, I proceed with the interaction. Otherwise, I prefer to escalate the query to another region to avoid wasting time. I would rate it eight out of ten.

Positive

We have experience working with Fortigate and Palo Alto in the past. In Sri Lanka, Check Point has a strong marketing presence, which influences customer decisions.

The initial setup can be complex and may pose a challenge, especially for those without prior experience. Setting it up for the first time requires careful attention and a level of expertise to navigate effectively.

The deployment process begins with configuring the firewall's IP and other settings. Once this initial configuration is complete, we proceed to the AI portal. In the AI portal, the first step is to configure the interfaces. After configuring the interfaces, we proceed to install the created interface. Next, we move on to the SmartConsole. To access the SmartConsole, we download it from the app portal. Once the SmartConsole is installed, we can easily create rules for logging purposes, manage objects, configure networking, and VPN, and other technical tasks from the SmartConsole. Routing and related tasks are typically handled in the data portal. One individual is enough for the deployment. The duration of the setup process varies depending on factors such as the complexity of the customer's environment and the site architecture. For instance, in a relatively simple scenario with just two VLANs and a couple of VPNs, the configuration could be completed within a few working days. Maintenance is essential, with upgrades and patch updates being mandatory at least once every six months. This ensures the system remains up-to-date and secure.

Our customers are pleased with the return on investment. The occasional bugs and updates, common to all firewalls including Check Point, are being addressed promptly. The platform is regularly updated to ensure optimal performance.

The price is on the higher side.

While the cost may be a consideration, the level of security provided by Check Point is exceptional. In my experience, I have not encountered any cyber attacks. The only negative experience was not related to the firewall but rather to customer issues with the router. It's important to remember that compromising security for cost savings can ultimately lead to vulnerabilities. Therefore, investing in high-security solutions like Check Point is worthwhile. Overall, I would rate it eight out of ten.

The solution is our main firewall. It protects our perimeter.

The tool has solid firmware with very few vulnerabilities. We don't need to upgrade it for vulnerabilities. It is rare when compared to the competitors. The product’s performance is good. My organization chose the product because it is stable and provides a very good Software Blade.

The tool must improve its support. The support provided by partners gets expensive.

I have been using the solution for around six years.

The product is stable.

The solution protects the entire perimeter. Every user passes through the firewall. It is used daily. We have around eight administrators. The solution requires very little maintenance.

The initial setup was easy.

The solution is expensive. A medium data center would cost around $17,000 per year for a medium enterprise.

Except for Palo Alto, Check Point is good compared to its competitors. Cisco ASA lacks features.

It is a good product. There are other competitors. Check Point NGFW is easy to deploy, manage, implement, and troubleshoot. The operation is pretty simple. Even a few operations people can run it very well. It is pretty much stable. We need to safeguard the data of our organization very well. Check Point NGFW is a leading solution provider. Security products must not have many vulnerabilities. Overall, I rate the product a nine out of ten.

Checkpoint Firewall provides advanced security for the organization and its connection to the members/participants. The Check Point FW controls access and traffic to and from the internal and external networks. The Check Point Firewall rule base defines the access control and network performance to help our organization achieve the below security goals:

• Only allows authorized connections and prevents vulnerabilities in a network
• Gives authorized users access to the correct internal networks
• Optimizes network performance and efficiently inspects connections

Check Point Firewall provides advanced security for the organization. The FW controls access and traffic to/from the internal and external networks. The Firewall rule base defines the access control and network performance to help our organization achieve the below security advantages:

• Only allows authorized connections and prevents vulnerabilities in a network
• Gives authorized users access to the correct internal networks
• Optimizes network performance and efficiently inspects connections
• Protection of all assets from internal and external threats

The following features are most valuable: 

• Threat prevention
• Malware prevention
• IPS
• IDS
  

Check Point should improve services related to the cloud-based solution. Due to these challenging times, most organizations seek to move to cloud-based implementation to minimize the cost and for easy deployment, access, and remote support. 

The Next-Generation Firewall should also be focused on zero-day threats as attacks have improved the past few years. They need to ensure that all connections and nodes are being protected. 

Sandblast technology is also a good tool as it offers enterprise solutions on malware detection and prevention.

I've used the solution for five years.

The solution is stable and can support all OS deployments. It's easy to manage.

We recommend the product as it is excellent and very scalable.

There have been no issues regarding the support from Check Point and the local vendor.

Positive

We previously used Fortinet.

The initial setup was straightforward. 

We did the deployment in-house and with a vendor team. The level of expertise was a 10/10.

The solution is easy to deploy. The pricing is lower than other solutions. We've had no issue with licensing.

We looked into Watchguard, Palo Alto, and Sophos.

We need more information on the ability to collaborate enterprise support.

Our branch offices and customer sites require Internet access for the on-site staff and remote access capabilities for after-hours and remote support.

The Check Point firewalls allow us to provide site-to-site VPN, client VPN, web/app filtering, and IPS functionalities.

Client VPN is leveraged by site staff due to the majority of our sites requiring 24-hour support and also allows centralized teams to remotely assist with multiple sites globally.

We also use these at locations to provide security when our stand-alone network requires connectivity to the customer's network.

Check Point's solution is both affordable and easy to manage for the small business applications that we utilize them for. Due to the great pricing and support, we can afford to deploy the firewalls in a high-availability solution providing greater uptime and less worry. 

The price point of their equipment also means that we can often purchase a more robust solution compared to some competitors and Check Point's inclusion of more advanced features, such as IPS, by default, is a great selling point.

We greatly appreciate the ease of configuring firewall policy ACL rules and how the seamless integration with VPN users and user groups provides the ability to granularly restrict access. The uncomplicated configuration ensures that mistakes are avoided and rules are easily audited.

Having the ability to set an expiration date for remote access VPN users simplifies the process and increases security by ensuring that stale accounts and not forgotten.

In general, we find that CheckPoint offers a great balance between ease of use and configurability.

The one thing I have been continually asking for is a more robust certification process including self-paced study material similar to Cisco's Security certification track. Not everyone can afford the time and money to attend the official in-person classes offered by Check Point. Even if someone was not interested in fully pursuing a certification, offering certification guides is often a method that IT professionals follow in order to learn about a specific topic and keep for reference.

An area that I sometimes find lacking is the information provided by the system when performing troubleshooting issues such as site-to-site VPN tunnels. The logs provide general information regarding what is happening but often, it leaves you wanting additional details. This also ties back into the lack of training and knowledge required to utilize the more advanced features of the command line.

We have been using Check Point NGFW for more than five years.

We have never had a device or software failure in the more than five years that we have been using Check Point devices. To date, we are extremely happy with the performance.

The few times that we required customer service, they have been extremely helpful and knowledgeable. I would rate them on par with the other top-tier companies.

We previously utilized Cisco firewalls but the cost structure of the hardware, licensing, and support became prohibitive. Check Point offered a more robust solution at an affordable price point.

The initial setup was extremely quick and easy, and the deployment time for a new site is often under a day.  

The price point and licensing was the main factor in moving away from Cisco and migrating all of our sites to Check Point. They offered more features for a lower cost than competitors, and the licensing model was easy to understand.

We evaluated NGFWs from Cisco, Palo Alto, and Fortinet in addition to the Check Point.

I work as an internal network team member. We protect the company environment from outside threats, outside viruses, and ransomware attacks. It is kind of an IT administrator job.

They are protecting internal security as well as giving us security from the outside world or public environment. 

It protects the environment. It gives advanced features to our company, like Antivirus, more granular security policies, and more control over the traffic, e.g., what we want to allow or deny to our environment. 

What I like about this firewall is it has a central management system. We can configure or monitor a number of firewalls at a time from the central management system. 

They have a logging system where we can have our logs visible. The logs are easy to view and understand. 

While the logs are very good and easy to understand, when you want to download these customized logs, they don't have as many features compared to competitive firewalls. 

Check Point has a very good Antivirus feature. However, compared to the competition in the market, it is lacking somewhere. In my last organization, I worked with Palo Alto Networks as well. I found that while they both have an antivirus feature, the Palo Alto antivirus feature is much better. Check Point should improve this feature. It is a good feature, but compared to Palo Alto, it lacks.

I have been using it for the last three years, since 2017.

Check Point is already a very big name in the market. Our software updates, even the Antivirus updates, are very stable in the market. There are no problems with its stability.

Performing maintenance for a solution takes around 12 people. Maintenance is something that our team is capable of. Internally, we have had many training sessions on Check Point Firewall. Our seniors have managed that for us so we are capable of doing it. Most of our BAU is done by us.

Scalability is very easy. I haven't found anything that is the issue with the scalability of this firewall. If you have complete knowledge of it, the scalability is not tough.

I used their assistance many times. The experience with them is sometimes very good. They give the best solution in a short amount of time. Two out of 10 times, I feel that they are only looking to close their tickets. They are keen to do that. My personal experience with the support is an eight out of 10.

We currently use Check Point and Cisco ASA. The purpose for the company is to increase the security. They were only using Cisco ASA Firewall, which is kind of a degrading firewall right now because it lacks many features, which are advanced in Check Point Firewall. With Cisco ASA, we need to purchase additional IPS hardware. But, for Check Point, we do not require that. Also, if we want the same configuration for multiple firewalls at a time, then Cisco ASA does not support that. We have to create the same policy in each firewall.

We have our own on-premises firewalls, not cloud-based. The production time took around nine to 12 months' time. The setup was completed during this time.

We follow the three-tier architecture for this firewall, which is also recommended by Check Point. We have the central management device as well as the web console and firewall.

For the deployment process, there were only four senior network engineers involved from our company.

It is easy to control from the central management system. For example, if we have 10 firewalls, and we want to push that same configuration among them, we can use this solution's central management system to do that simultaneously. So, there is time saving in that way. The time savings does depend on the situation. For example, if I am running half an hour of work on each firewall, that will take around 300 minutes. However, if I do this work from the central management system, then it will only take 30 minutes to push the same configuration to those same 10 devices.

They sell it in one box. In that one box, they sell Antivirus and Threat Prevention. They have everything, so we are not required to purchase additional IPS hardware for it.

The cost of the pricing and licensing are okay. They are giving me a good product as far as I know. It is more expensive than Cisco, but cheaper than Palo Alto, which is fine. It has many good features, so it deserves a good price as well.

I have experience with Palo Alto Networks Firewalls and Cisco ASA Firewall. Compared to these solutions, Check Point has a very good, understandable log viewer. It is easy to view and understand the logs, which helps a lot while doing troubleshooting or making new security policies for the organization. Also, it is very easy to create new security policy rules.

The Check Point Antivirus feature lacks in comparison to Palo Alto Networks. Also, compared to other competitive solutions, the training for Check Point available right now is very expensive as well as the certification is little expensive.

Get properly trained. When I entered this organization, I struggled with this firewall. There are very few good quality training programs available in the market. Or, if it is available, then it is very expensive. So, I advise new people to get properly trained because it has many feature sets, and if they do not use them with the proper knowledge, then it could worsen their situation.

I am happy with the organization's progress, as they work hard on their product. It is a good lesson from a personal level: We should work hard and improve ourselves. 

I would rate this solution as a nine out of 10.

We use the solution to protect our organization and workers from the outside Internet or any untrusted network.

We have the three-tier architecture of Check Point. We use its consoles, central management system, and firewall device for managing it. This three-tier architecture is recommended by the Check Point Community.

We protect our internal customers using Check Point Firewalls by providing them security as well as detecting vulnerabilities. 

The most valuable feature would be the central management system of Check Point because we can manage multiple firewalls through it at the same time. It doesn't matter the location.

I also like the advanced Antivirus feature of Check Point.

The Threat Management feature makes it very easy to detect the vulnerabilities and other factors. We can make new policy according to it. Policy creation is very simple in Check Point. Because the logs are very good in Check Point Firewall, this reduces our work with the reports that we are getting from the Threat Management. It is very convenient for us to use the reports to make new policies for security and other things.

It is very user-friendly.

The training for Check Point Firewall should increase, including the number of Training Centers. For most new people in our organization, we have to provide them training from our end, as they are not trained in Check Point Firewalls. So, we have to do the training, from our point of view, to make our engineers able to use Check Point Firewalls. However, with other firewalls, they are already trained, so we are not require to provide them training. This could be improved by the Check Point Community.

I have been using it for the past six years.

The Check Point Firewall is stable. 

The updates that we get are also very stable. We haven't found any stability issues in the updates at all. Features, like the Antivirus, are updated with almost every release and done on a frequent basis.

The scalability is very good for Check Point Firewall. It is very easy to increase. For example, during the COVID-19 period, we increased our deployment on an emergency basis, and it was very easy.

My organization has around 4,000 people. 

For Check Point, we have a team of around eight people who manage it. We are basically a team of senior network engineers.

The tech support is very good for Check Point. We get straightforward solutions for it every time, and they do not take a lot of time since we have to resolve the cases quickly in a live environment. So, they are very helpful and capable.

We are also using Cisco ASA, and we have been thinking that we need to go with Cisco or Check Point. At last, we have decided to go with Check Point because of its advanced features.

The initial setup was very straightforward. We didn't have many problems.

The deployment part took around nine to 10 months. We completely planned the deployment before doing it. Since we already installed Check Point Firewall in multiple branches earlier, we used those same plans to configure it.

We didn't require any external help for the deployment. Our R&D and tech were capable of doing it. Our deployment team consisted of six to eight people, working in different shifts, to configure it.

Overall, it is a good cost saving product. We do not have to purchase additional hardware for it, which is a good. This saves us 10 percent in costs compared to Cisco.

The solution saves us about 20 percent in our time, which is substantial.

The price could be decreased, because the competitors of Check Point Firewall are giving lower prices in comparison.

The licensing part is something that is very easy to do in Check Point Firewall. We just need to purchase the license, then we have to write the keys in while installing it. The good thing is that it is an easy process to update the license.

We are also using Cisco ASA and FTD. The problem with Cisco ASA is the GUI is missing, while the GUI is good for Check Point Firewall. Apart from that, in Check Point, there are advanced features, like Antivirus and Threat Management, for which we do not require other hardware, where it is required for Cisco ASA Firewall. So, Check Point provides us a cost savings in that way.

The central management system of Check Point is missing in Cisco ASA. This is a good feature because it saves time. We can use it to manage multiple firewalls through one central management device. It is also easy to use.

We are slowly eliminating Cisco ASA and using more Check Point Firewalls, bringing more Check Point Firewalls into our environment.

I have also used Palo Alto, but the organization is using Check Point because they have more confidence in things like Check Point's stability factor. However, more people are trained to use Palo Alto.

Get good training on Check Point, which is very rare to obtain at this point of time. Before implementing or deploy the product, you should be trained properly so you know all the features. It has heavy features in terms of quantity. You should know about each feature before using or deploying it.

I would rate the solution as an eight out of 10.