We use Check Point NGFW as our data center and branch location firewalls.
Security Analyst at Cognizant
A robust solution that can handle heavy workloads and user traffic well
Pros and Cons
- "The solution is robust and can handle heavy workloads and user traffic well. The product is good."
- "The tool's support is lacking. We find almost all its features useful, except for some challenges with VPN."
What is our primary use case?
What is most valuable?
The solution is robust and can handle heavy workloads and user traffic well. The product is good.
What needs improvement?
The tool's support is lacking. We find almost all its features useful, except for some challenges with VPN.
For how long have I used the solution?
I have been working with the product for ten years.
Buyer's Guide
Check Point NGFW
March 2025

Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,672 professionals have used our research since 2012.
What do I think about the stability of the solution?
I rate the product's stability an eight out of ten.
What do I think about the scalability of the solution?
I rate the tool's scalability an eight out of ten. My company has 5000 users.
How was the initial setup?
The initial setup can be complex, especially for BGP configurations. I'd rate it a five out of ten for ease of setup. It's neither too hard nor too easy - it depends on your requirements. We deployed it on-premises. The initial deployment of our enterprise-grade device took about three months. We need about two people for maintenance, mainly for operational changes when needed.
What about the implementation team?
We mostly did the deployment ourselves, with some professional services support from Check Point. Three to four people were involved in the deployment, including one from Check Point to validate our work.
What other advice do I have?
The Harmony bundle is interesting, with many new features, but we're not evaluating it much as we're moving to FortiGate. We're not planning to increase the usage of Check Point NGFW. We're looking into SD-WAN and moving towards FortiGate.
I rate the overall solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Aug 16, 2024
Flag as inappropriate
Works at Pevans EA Ltd
Great IPS and VPN with useful management blades
Pros and Cons
- "The edge security posture has dramatically improved as we can now detect and prevent threats from the public internet."
- "The Check Point TAC support has, in recent years, deteriorated."
What is our primary use case?
The Check Point firewalls are used to protect both the edge and datacenter firewall environment.
The firewalls have been deployed in a high availability design and are virtualized using Check Point VSX VSLS. This means we have multiple virtual firewalls protecting different parts of the data center (e.g., DB, Edge, WAN, pre-production.)
We have activated multiple software blades, including firewall, VPN, URL filtering, Application Control, compliance, reporting, and threat emulation, to name a few.
A similar design has been deployed at the DR with a similar set of firewalls.
How has it helped my organization?
The following has been improved:
1) The edge security posture has greatly improved. We are now able to detect and prevent threats coming from the public internet. The firewall is able to block know threats using the inbuild Intrusion Prevention blades.
2) We can connect with other organizations using site-to-site VPNs to enable inter-organization communication.
3) Check Point comes with a strong management solution that allows us to monitor and track threats that are detected and prevented. It also helps us be in compliance with industry standards.
What is most valuable?
The following features have been valuable:
1) IPS - The edge security posture has dramatically improved as we can now detect and prevent threats from the public internet. The firewall can block know threats using the inbuild Intrusion Prevention blades.
2) VPN - We can connect with other organizations using site-to-site VPNs for inter-organization communication.
3) Management Blades - Check Point comes with a strong management solution that allows us to monitor and track detected and prevented threats. It also helps us be in compliance with industry standards.
What needs improvement?
The following can be improved:
1) The management solution is currently using a desktop client for administration purposes. This should be improved by ensuring configuration on the firewalls can be done 100% using a web-based approach. This is currently a work in progress in R81.X, yet should be fast-tracked.
2) The Check Point TAC support has, in recent years, deteriorated. Getting support is usually a pain as the TAC engineers don't seem to understand our issues fast enough and are not readily available. This is in contrast to the amount of money paid for the support.
For how long have I used the solution?
I've used the solution for five years.
How are customer service and support?
A lot of improvement is required in how checkpoint TAC engineers handle their assigned cases. Tickets can be opened for very long without clear solutions.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We previously used Cisco ASA 5585 Firewall.
How was the initial setup?
The setup was fairly easy as the team is well trained.
What about the implementation team?
We worked with Check Point professional services.
What's my experience with pricing, setup cost, and licensing?
This is a premium enterprise product, hence the price is very high.
Which other solutions did I evaluate?
What other advice do I have?
Check Point should review their pricing models especially for the African market.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Check Point NGFW
March 2025

Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,672 professionals have used our research since 2012.
IT System Operations Manager at Hamamatsu Photonics KK
Has a well-designed dashboard with great threat analysis reporting and good scalability
Pros and Cons
- "Policy configuration has been consistent over the years, so there is not much of a learning curve as upgrades are released."
- "The software licensing model is too complicated with all the various tiers of SKUs (i.e. per software blade). They need to simplify this for easier purchasing and renewing."
What is our primary use case?
Check Point is currently our perimeter firewall at various locations. We use their failover clustering with high availability option, which performs flawlessly. Upgrades are easy to perform and have always worked reliably for us. Technical support is always available to assist with these operations, which makes the process less stressful to the admins.
We are also using their ISP Redundancy feature, which works as advertised - perfectly! It's easy to implement, especially with the awesome documentation from our engineer. We also use their Remote Access VPN offering and have really seen its value this past year, due to COVID-19. The VPN has been 100% rock solid, especially during the most critical times in our history.
How has it helped my organization?
As mentioned in the primary use case question, ISP Redundancy and VPN are the two primary use cases. When the pandemic hit, a sudden shift to a remote workforce was a major requirement for us, and we needed a reliable and stable firewall. Implementing ISP Redundancy helped ensure that, as well as having a tried and tested VPN solution. Upgrades have occurred during this time and manually planned failovers as well; every upgrade and test went smoothly and without issue. The last thing we could afford is an outage.
What is most valuable?
They offer very scalable solutions to extend compute resources if needed so initial sizing isn't too much of an issue as you can easily add more resources if needed. Reliability is a major factor in any hardware or software solution, and Check Point uses leading-edge hardware, and their software upgrade process is flexible for various deployment requirements.
Policy configuration has been consistent over the years, so there is not much of a learning curve as upgrades are released.
Their threat analysis reporting from their management console is very comprehensive and easy to use. Their web-based dashboard is well designed and offers many out-of-the-box reporting, and provides admins extensive customizations.
What needs improvement?
The pricing is on the high end, specifically with the software licensing, although they are flexible on some levels, and offer hardware buyback options when upgrading.
The software licensing model is too complicated with all the various tiers of SKUs (i.e. per software blade). They need to simplify this for easier purchasing and renewing.
Customer support is not always as responsive with solutions as you might need. They do provide on-the-spot assistance when upgrading, which is great. However, there are times when an issue is reported and it may take a week or two before a solution is provided.
For how long have I used the solution?
We have been using Check Point firewalls for 20+ years. We originally used the Nokia hardware platform, which was not technically NGFW at the time, however, the OS and its configuration have maintained some similarities over the years. It keeps getting better every release.
What do I think about the stability of the solution?
Lately, stability is 100% reliable. Earlier generation firewalls were a bit unreliable, however, as Check Point acquired third-party hardware. For example, their Nokia acquired security appliances had a firmware that worked, until they started to modify the firmware (IPSO 6.0 was solid, but problems started with our upgrade to R75), then it became less stable; frequent crashes, settings not saving, high availability issues, frequent reboots required. Eventually, we upgraded to their NGFW offerings. Their newer hardware, and firmware R77.x was released, and we have been stable ever since. Upgrades to R80.x have been flawless, HA works as expected, and we have had zero performance issues.
What do I think about the scalability of the solution?
They are very scalable. If you need more computing resources, adding more hardware is easily done.
How are customer service and support?
Customer support is not always as responsive to finding solutions as you might need. They do provide on-the-spot assistance when upgrading, which is great. However, there are times when an issue is reported and it may take a week or two before a solution is provided.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We have always used Check Point.
How was the initial setup?
Setup was very straightforward and easy. We did have the assistance of our Check Point engineer, which is just awesome.
What about the implementation team?
We implemented through Check Point directly.
What was our ROI?
I do not measure ROI financially, although personally speaking, we have definitely gotten back every dollar we've spent by having reliable and secure infrastructure.
What's my experience with pricing, setup cost, and licensing?
The setup cost is not a challenge at all. Check Point engineers work directly with you throughout the whole process. The pricing is high, for the hardware and software, although discounts are negotiable. The software blade licensing is broken down into many flavors, depending on your needs. It is very a la carte and provides various product offerings, including endpoint management, VPN, disk encryption, etc.
Which other solutions did I evaluate?
We did review a few competitors during a possible migration plan. The proof of concept did not yield better results, so we stayed with Check Point. We reviewed Cisco, Palo Alto, and SonicWall.
What other advice do I have?
If you don't need/use their a la carte software blades (FDE, Ransomware, etc.) you can always add on later. They are very accommodating with trial licensing to test in a proof of concept way. If you already have other third-party products that perform those functions, you can bundle Check Point's and save a bit of money consolidating them.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior IT Manager at a mining and metals company with 501-1,000 employees
Offers a lot of flexibility and packet inspections have been a strong point
Pros and Cons
- "The packet inspections have been a strong point. Our identity collectors have also been helpful. In many ways, Check Point has been a step up from our SonicWalls that we had in-house before that. There's a lot of additional flexibility that we didn't have before."
- "The VPN setup could be simplified. We had to engage professional services for that. That's not a problem, but compared to other products we've used, it was a little more complex."
What is our primary use case?
Our primary use cases for Check Point NGFW are for perimeter security and content filtering for browsing behavior.
How has it helped my organization?
We have a lot of flexibility now and a leg up identifying zero day threats. We have multiple ways of doing policies now that we didn't have before. The options are more robust over previous products and I would say that we're pleased with the product. The reports I'm getting are that we're satisfied, even impressed, with the options Check Point offers.
What is most valuable?
Packet inspections have been a strong point. Our Identity Collectors have also been helpful. In many ways, Check Point has been a step up from our SonicWalls that we had in-house before that. There's a lot of additional flexibility that we didn't have before.
We saw a noticeable performance hit using SonicWalls. Whether it's because we've provisioned the Check Point gateways correctly from a hardware standpoint or whether it's the software that is much more efficient (or both), we do packet inspection with very little impact to hardware resources and throughput speeds are much improved.
With SonicWall, after it would calculate inspection overhead, we might see throughput at, and often below, 15%. My network administrator gave me data showing Check Point hovering at 50%, and so we were actually seeing Check Point fulfill its claims better than SonicWall.
What needs improvement?
Because there's quite a bit of flexibility in Check Point, improved best practices would be helpful. There might be six ways to do something and we're looking for one recommended way, one best practice, or maybe even a couple of best practices. A lot of times we're trying to figure out what we should do and how we should handle a particular problem or scenario. Having a better roadmap would help us as we navigate the options.
The VPN setup could be simplified. We had to engage professional services for that. That's not a problem, but compared to other products we've used, it was a little more complex.
For how long have I used the solution?
We started putting Check Point NGFW into production late first quarter this year, right before the pandemic hit. We put in two gateways and one management server.
What do I think about the stability of the solution?
Stability is there especially compared to previous security products. Certain things had quirky behaviors. For instance, once we upgraded to 80.40, a couple items inexplicably acted up (not uncommon for any software upgrade). Certain policies would drop and then show up again (remained in force, just briefly disappeared from management console). I would have to get some specifics from my network administrator, but I do recall some strange behaviors. One of them was fixed by a patch and another one still has a backup issue that's pending right now about how to best back up the device before we upgrade.
What do I think about the scalability of the solution?
I haven't had to test scalability yet because we purchased it for our existing needs and as a company, our performance and our needs are pretty flat. We don't really have need to scale yet.
We are adequately equipped for what we need and we have room to grow and to add all of our users and possibly add additional products down the road and still have plenty of room to do so on how these gateways are powered.
We have a total of about 620 employees that use Check Point NGFW. I would say we are 80% there. There are still some users that have to be migrated to it once we test their accounts, their kiosks, that kind of stuff.
There is one primary employee who is dedicated to maintenance and there are another two who back him up but our network administrator is primarily responsible.
How are customer service and technical support?
Mixed experience, mostly satisfactory. Some support engineers are quite helpful and efficient, others required more patience working through support incidents. ATAM support has been high quality, and as previously mentioned, local support has been key to resolving some cases much more quickly. If we were giving their support a letter grade, it would be in the B range.
Which solution did I use previously and why did I switch?
We were previously using SonicWall. We switched because we were struggling with performance, support, and strategy. There were things that were broken that did not have coherent or reliable fixes. At the time we did not consider it to be next-generation technology. There were problems with GeoIP enforcement. There were also quite a few performance problems, especially with inspecting traffic. It would literally bring the device to its knees once we turned on all the inspections that we really felt that we needed. It was under-provisioned, under-specced, and coupled with all the support problems we had, we started shopping for a new solution.
How was the initial setup?
The setup was both straightforward and complex. There were some complexities in there that required us to get help. We have some local representatives that are very helpful and so we frequently contacted them for guidance.
We're still migrating people behind Check Point, especially in our main facility, but the heavy lifting was done by early summer. It took around three to four months.
Our strategy was to set it up in parallel with the existing firewalls and begin setting up policies and testing the policies against individual services in-house. Then, as we were successful, we would grab pilot users and migrate them to Check Point and have them start trying to break things or browse to certain sites and see what behaviors they were getting.
It was a slow migration with a handful of people at first. We tweaked their experiences and just kept adding people. It was gradual. We tested, fixed, and then migrated a few more incrementally.
What about the implementation team?
We had two different ways of getting help. We have local representatives who are in the same metropolitan area and they were very responsive. Then when we would have to contact standard support. We were satisfied about 80% of the time. Sometimes follow-up was not there. Sometimes there would be delays and occasionally there would be rehashing of information that didn't seem like it was efficient. Eventually, we would get the answers we would need.
That's why we rely heavily on the local people because they could sometimes light a fire and get things moving a little bit quicker.
What was our ROI?
Primarily it's offered stability and caught behaviors and given users (and administrators) a level of confidence as they are doing their daily jobs. The inspection that Check Point does, even when we download a document or a PDF, offers a bit more peace of mind in those types of transactions. GeoIP is working like we had hoped compared to SonicWall.
We have a lot of granularity in our policies. We can accommodate some really interesting scenarios on our operations floors, certain groups needing certain types of access versus other groups. We're accommodating them fairly seamlessly from migrating from SonicWall to Check Point. We might have struggled to try to make stuff happen in SonicWall, and Check Point just seems to ingest it and run with it. Having access to Check Point's AI ThreatCloud cloud has given us a lot of peace of mind. ThreatCloud is 25+ years worth of exploit research that informs and feeds CP technologies and gateways.
Another feature that's been helpful is the sandbox feature. A lot of companies offer this type of thing now, but CP has been offering it for quite a while. If end users are browsing websites, and they download a payload-infected document from a website, SandBlast will detect it and take it offline. It will sandbox it, detonate it there safely, pull out the content that we're actually looking for, then re-present that cleaned content back to the user.
What's my experience with pricing, setup cost, and licensing?
Strongly consider augmenting standard support with Check Point's premium option or by purchasing ATAM/professional services time blocks, especially during deployment.
Standard support is decent, though occasionally frustrating from a turnaround perspective. While we sometimes wait a while for resolution on some cases, the information we receive is usually quality; that's been our experience.
Which other solutions did I evaluate?
We looked at Palo Alto, Fortinet, and Sophos. I brought some of that experience to bear on our decision but our shortlist was Palo Alto, Fortinet, and Check Point.
The reason I selected Check Point was partly its pedigree, knowing that Palo Alto formed out of Check Point. Both companies are built from the same DNA and each has a history and a culture I respect and trust. Check Point Research is regularly in the news it seems for finding exploits and vulnerabilities in popular cloud platforms.
Check Point offered quality local support, including our technical sales representative and a support manager that live in the area. A couple of executives also live in the area. If we needed to escalate, we had the people here locally that could help us with that.
My former company used Palo Alto and, while I didn't interface with the products on a regular basis (we relied on the network team for analysis), I'd overhear frustrations with support. Palo Alto is also a great product and it wasn't an easy decision choosing between CP and PA from a technical perspective. I had never used Check Point prior to this position, but it outpaced its competitors in a few key areas, especially the pre-sales phase, POC engagements, local support options, and the maturity of Check Point's ThreatCloud technology.
What other advice do I have?
My advice would be to look hard at premium support options. Know what your tolerances are, and if you expect fairly quick turnaround on support incidents, go ahead and invest that money in support. Definitely take advantages of pro services, buy a block of hours, whether that's 10 hours or 20 hours, and use that to fill in the knowledge gaps, especially during deployment. If you rely on standard support during setup, depending on how complex your environment is, you may be frustrated.
We did well doing what I recommended here. We bought two rounds of pro services (20 hours). I don't want to pile on standard support - it's not bad - it's just that if we were to rely only on standard support, I think our migration would have taken longer, and there might have been more frustrations. Because we had local support and because we bought pro services, it accelerated our timeline and it got us into production much quicker.
From what I've seen and heard from my staff, I would rate Check Point NGFW technology a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Sr. Network Engineer at a consultancy with 51-200 employees
Protects our environment with advanced features, like Threat Protection and central management
Pros and Cons
- "They have very good support. In critical scenarios, they provide us very quick solutions, are very well-trained, and have a good knowledge about the product. That is what we expect from them."
- "Check Point's study materials should be provided by the company directly and be of very good quality. This is not provided right now and something that the company can improve."
What is our primary use case?
We use it to protect our network from the outside world and unsecured networks. We also use it to provide a safe, secure network to the internal users of our organization.
I am using various versions on the model, like R80.10 and R80.30.
What is most valuable?
- Antivirus
- Threat Prevention
- The central management
These are vital, advanced firewall features for the market. They protect the environment more than the usual firewalls.
What needs improvement?
Check Point's study materials should be provided by the company directly and be of very good quality. This is not provided right now and something that the company can improve.
A disadvantage about Check Point is people in the market are not too familiar about its usage and people lack training on it.
For how long have I used the solution?
I have been using it for the last six years (since 2014).
What do I think about the stability of the solution?
Check Point Firewalls are very stable. Check Point is one of the oldest company in firewalls with a very stable product. They provide good, stable updates.
What do I think about the scalability of the solution?
It scales well. Recently, during COVID-19, we did the scalability process, and it was easy.
Currently, this is used only for our inbound networks to provide security to our internal network. Around 6,000 people are taking advantage of this technology directly and indirectly in our organization.
We have certainly increased number of firewalls in our organization. In the future, if is required, then we will definitely use more.
How are customer service and technical support?
I have used the technical support very frequently. I would give them around a nine out of 10. They have very good support. In critical scenarios, they provide us very quick solutions, are very well-trained, and have a good knowledge about the product. That is what we expect from them. I am deducting one mark to allow room for improvement.
Which solution did I use previously and why did I switch?
Previously, we were using the Cisco ASA Firewalls, which are one of the most demanded firewall in the market. We switched to Check Point because their firewall is more advanced than Cisco ASA. They are also providing us the extra benefit of features, like their central management system, Antivirus, and Threat Prevention, which were not provided by Cisco ASA.
How was the initial setup?
It was straightforward; it was not too complex. It was simple to install and use the features, as we were already trained. Our company used their trainers before installing it. Getting all the knowledge of the firewall's features beforehand worked very well for installing/deploying the solution in our environment.
We were using different firewalls that we had to replace. For that replacement, we required two years for the transition to Check Point to get it to work.
For our implementation strategy, we used three-tier architecture strategy in which we have a console, three-tier management Gateway, and the firewall.
What about the implementation team?
We have around 20 people on the team, because it is a large company. So, I deployed it with the help of 19 members. The team of 20 people work on different shifts and we manage all the organization's firewalls. We are all network engineers, though some of us have different designations.
What was our ROI?
It has a good return in terms of usage and the security that it provides. We are very happy with the security capabilities that this firewall has.
What's my experience with pricing, setup cost, and licensing?
Check Point Firewall costs more compared to the other firewalls in the markets, as pricing is little high. However, it is easy to take the license and use it in the firewall.
Which other solutions did I evaluate?
We did an evaluation between Cisco ASA and Check Point. We had options to extend Cisco ASA or switch to Check Point, but we switched to Check Point Firewall.
What other advice do I have?
Be knowledgeable before implementing this firewall because it has many advanced features compared to the normal firewalls in the market. If you want to use it in a better way, then you need to be trained on it.
There were a few members who joined our organization who were familiar with Check Point, but they do not know about every feature which could be used and taken advantage of to better secure our network. I recommend getting proper training before using it.
I would rate this solution a nine out of 10 because I am a very happy customer of Check Point. I have had a good experience with this firewall. I like is the way it is improving a lot with the times.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Technical engineer (SOC Analyst) at Hitachi Systems, Ltd.
Efficient firewall management enhances network protection, though rule creation could be smoother
Pros and Cons
- "The firewall's default behavior of blocking all traffic, including a cleanup rule that blocks everything from external to internal sources, is highly valuable for protecting our network."
- "Check Point NGFW makes it easier to handle and use the firewall efficiently."
- "In the rule creation process, we need to decide on the source address, destination address, and services. There are improvements needed in this area."
- "Check Point NGFW is not scalable enough."
What is our primary use case?
We use Check Point NGFW to provide more protection for our network from internal and external sources. I also work on creating checks, rules, troubleshooting, and generating daily reports.
How has it helped my organization?
Check Point NGFW makes it easier to handle and use the firewall efficiently. It helps protect our network from internal and external threats.
What is most valuable?
The firewall's default behavior of blocking all traffic, including a cleanup rule that blocks everything from external to internal sources, is highly valuable for protecting our network.
What needs improvement?
In the rule creation process, we need to decide on the source address, destination address, and services. There are improvements needed in this area.
For how long have I used the solution?
I have used Check Point NGFW for one and a half years.
What do I think about the stability of the solution?
To maintain stability, I monitor high utilization and CPU usage, enabling and disabling connections as necessary.
What do I think about the scalability of the solution?
Check Point NGFW is not scalable enough. However, it enhances performance with high availability, shifting to a secondary firewall if one fails.
How are customer service and support?
When I can't resolve an issue technically, I consult with a senior engineer. I rate the technical support seven out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I did not work with any other firewalls before Check Point. I am familiar with CCNA routing and switching.
How was the initial setup?
The initial setup involves connecting cables, opening the IP address using a browser, and configuring the firewall. It takes about one hour.
What about the implementation team?
Only one person is required for the deployment.
What was our ROI?
Check Point NGFW is very important because it is easier to handle and use.
What's my experience with pricing, setup cost, and licensing?
I don't have information regarding the pricing, as it is considered an internal matter of the organization.
Which other solutions did I evaluate?
I did not evaluate any other options. I chose Check Point firewall based on my knowledge of CCNA routing and switching.
What other advice do I have?
Check Point NGFW is easy to use, create rules, and take backups. It simplifies backing up and managing processes with click-and-go options.
I'd rate the solution seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Nov 13, 2024
Flag as inappropriateNetwork Security Engineer at a comms service provider with 51-200 employees
Offers a vital anti-spoofing feature but needs to upgrade the IPSec VPN port
Pros and Cons
- "The spoofing prevention feature is the most valuable feature."
- "Needs to upgrade the IPSec VPN port"
What is our primary use case?
The solution is used to provide firewall security to cloud integrations.
What is most valuable?
The spoofing prevention feature is the most valuable feature.
What needs improvement?
The solution provider needs to upgrade the IPSec VPN port because VPN branch-to-branch configuration can be easily implemented at our company, but several difficulties arise in a cloud environment like AWS or Azure cloud. The aforementioned cloud providers often need to create VPN interfaces, but in a few cases, these teams don't have the knowledge for configuration or IP points; their knowledge remains limited to the architecture of the clouds on a networking level.
In future releases of the solution, a remote access VPN feature should be added. Our organization expects the aforementioned feature because we have a secure validated configuration in our remote access VPN, and the feature would allow easy configuration.
For instance, if a customer wants to connect a VPN to a particular domain laptop, our company can integrate the domains with our network's remote access VPN, but the user is unable to connect with other personal laptops.
For how long have I used the solution?
I have been using Check Point NGFW for five years.
What do I think about the stability of the solution?
I would rate the stability of the solution as seven out of ten. The tech support is not operational sometimes, and in a few cases, the tech team of the vendor is unable to provide support with a proper explanation or resolution. Check Point NGFW fails to provide workarounds for certain issues and thus leads to huge time consumption for a single task. The support team of Check Point NGFW on a few occasions takes five to ten hours to resolve an urgent VPN issue which impacts the stability.
At our company, if we raise an RMA for Check Point NGFW, it takes immense time, which is around 15 to 30 days, to obtain the box, whereas other vendors offer it within five to seven business days. Due to the aforementioned issue, our organization needs to implement a test device on the environment and purchase temporary licenses for that device so that the customers in a stand-alone environment can access the internet.
In Check Point NGFW, sometimes the logs consume excess storage, and even the storing or indexing process is not implemented correctly.
What do I think about the scalability of the solution?
I would rate the scalability a seven out of ten.
How are customer service and support?
Support is available for Check Point NGFW, but the support team, in most cases, is unable to provide an effective and on-time solution after collecting logs. I would rate tech support a seven out of ten.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I worked with Palo Alto previously before transferring to Check Point NGFW. I wanted to learn about Check Point NGFW in-depth as it's considered a difficult solution compared to others, so I ventured into it.
How was the initial setup?
In our company, we have the option for both cloud-based and on-prem deployment of the solution. The management server integration is different for the aforementioned options. If the traditional management server is present locally, in that case, at our company, we are using the solution for integration, but if a cloud is involved, some keys need to be integrated with the cloud management to let the firewall have internet access.
Almost every time when the management server reaches or expands to another country in our organization, we face difficulty with integrations. The deployment time of Check Point NGFW depends upon customer requirements, but it takes approximately 15 to 30 days. More feature integrations demand the involvement of more teams in the deployment process. In my area of business, about 50 to 70 customers are using Check Point NGFW.
If the solution is in a cluster environment, a maintenance window is not required and most of our customers are using the solution in a clustering or stand-alone mode.
What's my experience with pricing, setup cost, and licensing?
It's an expensive solution.
What other advice do I have?
Most of our organization's customers are using Check Point NGFW for networks, as enhancing the firewall's performance is not required; if the firewall goes inactive, total protection decreases. Our organization's customers don't want to depend on any particular product and are thus investing in multiple security products.
On a few occasions, integrating a RADIUS configuration with Check Point NGFW has been difficult because some versions are not supported. I have also faced trouble regarding authentication when integrating Check Point NGFW with Azure EAD.
Recently, Check Point NGFW has been integrated with zero-threat AI security features. In our organization, we are installing the solution on the Blade architecture, where the aforementioned features function well enough. I would recommend Check Point NGFW to others. I would rate Check Point NGFW overall a six out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer:
Junior Security Engineer at PT Kereta Api Indonesia (Persero)
Great security features with helpful mitigation and prevention capabilities
Pros and Cons
- "The user interface is very cool and easy to use."
- "The network automation and security automation could be better."
What is our primary use case?
We use the solution for the DMZ firewall. It's very common and very easy to make configuration, Having IPsec for tunneling solutions with third-party routers and firewalls with other branch offices is very helpful.
It offers support for segmentation networks.
The geolocation feature makes it so that our company can easily allow or block a location of IP and can integrate with our SOC or our log management system.
URL filtering is very powerful for blocking malicious connections.
The user interface is very cool and easy to use. It has anti-DDOS protection which is very useful too.
How has it helped my organization?
The solution is very helpful. Using Check Point helps our security team with mitigation and prevention with an easy user interface and configuration.
Anti-malware and URL filtering can mitigation many malicious activity and log for event easy for us to send to our security operation center team, for internet solutions we use load balancing method with a round-robin algorithm which is very very helpful for internal user solution for accessing the internet with redundant availability.
What is most valuable?
URL filtering and anti-malware protection at=re the most useful as those can mitigate many malicious events and make connections between users and the internet safe. It's faster with the load balancing method and supports a round-robin algorithm. This firewall in our environment has high availability or cluster system which makes our availability higher, especially for business continuation plans. Support for troubleshooting and maintenance cases is great. They are very helpful and fast at solving many problems.
What needs improvement?
The network automation and security automation could be better. We need integration with more third-party security solutions.
We need two-factor authentication solutions for the virtual private network solution. We need a firewall or NGAV/EDR with lightweight resources that is still powerful for blocking and preventing attacks and malicious activity.
We need enhancement for our perimeter for our security zone, especially for network access control with portal authentication.
For how long have I used the solution?
I've been using the solution for five years.
Which solution did I use previously and why did I switch?
We did use a different solution. We switched as we need more enhancements.
Which other solutions did I evaluate?
We also looked into Fortinet.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Popular Comparisons
Fortinet FortiGate
Netgate pfSense
OPNsense
Sophos XG
Cisco Secure Firewall
Palo Alto Networks NG Firewalls
Azure Firewall
WatchGuard Firebox
SonicWall TZ
Juniper SRX Series Firewall
Fortinet FortiGate-VM
SonicWall NSa
Untangle NG Firewall
Sophos XGS
KerioControl
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How does Check Point NGFW compare with Fortinet Fortigate?
- Is Palo Alto Networks NG Firewalls better than Check Point NGFW?
- Which would you recommend - Azure Firewall or Check Point NGFW?
- Is Check Point's software compatible with other products?
- What do you recommend for a corporate firewall implementation?
- Comparison of Barracuda F800, SonicWall 5600 and Fortinet
- Sophos XG 210 vs Fortigate FG 100E
- Which is the best network firewall for a small retailer?
- When evaluating Firewalls, what aspect do you think is the most important to look for?
- Cyberoam or Fortinet?