Check Point NGFW Reviews

We use Check Point NGFW as our data center and branch location firewalls.

The solution is robust and can handle heavy workloads and user traffic well. The product is good. 

The tool's support is lacking. We find almost all its features useful, except for some challenges with VPN.

I have been working with the product for ten years. 

I rate the product's stability an eight out of ten. 

I rate the tool's scalability an eight out of ten. My company has 5000 users. 

The initial setup can be complex, especially for BGP configurations. I'd rate it a five out of ten for ease of setup. It's neither too hard nor too easy - it depends on your requirements. We deployed it on-premises. The initial deployment of our enterprise-grade device took about three months. We need about two people for maintenance, mainly for operational changes when needed.

We mostly did the deployment ourselves, with some professional services support from Check Point. Three to four people were involved in the deployment, including one from Check Point to validate our work.

The Harmony bundle is interesting, with many new features, but we're not evaluating it much as we're moving to FortiGate. We're not planning to increase the usage of Check Point NGFW. We're looking into SD-WAN and moving towards FortiGate.

I rate the overall solution an eight out of ten. 

My company is an IT service provider. We suggest customers choose the Check Point next-generation firewall along with other OEMs for their environment. Once they choose (and confirm the product with model capabilities), we migrate the existing firewall to the new firewall. 

I have deployed multiple Check Point products. Based on my experience and its effective features, I do suggest customers go with Check Point NGFW. I love its security profiles which effectively secure the organization's LAN, DC, and DMZ network.

The solution has improved organizations via:

1. Ease of deployment: We can easily implement and deploy the check Point NGFW.

2. Deep Inspection: It inspects traffic beyond just port number and IP address.

3. Threat Prevention: It has multiple security features and we can enable and integrate these features like IPS(Intrusion Prevention System), Anti-Bot Protection, and SandBoxing.

4. Organizations can enable Multi-Factor Authentication (MFA) in their network environment to verify their identity before they access the network. this feature keeps the integrity of the LAN network.

My favorite feature of Check Point NGFW is its "deep traffic inspection capability" due to the fact that:

1. It provides deep-level control over the network activity, allowing you to prioritize critical traffic first based on organization requirements.

2. It analyzes application behavior to detect suspicious activity.

3. We integrate with Sandbox technology to safely detonate and analyze zero-day threats. 

4. It also blocks the application and prevents them from accessing the organization's LAN network.

5. It gets a regular zero-day signature update.

During my initial level implementation of check Point NGFW, I faced issues troubleshooting. The problem was with its command line. 

Check Point runs on Linux and its command line is Linux-based. However, at the time, I was not familiar with Linux commands, and I invested lots of time in finding the Linux command and understanding the meaning, then went for troubleshooting.

It would be very helpful if the OEM provided all the Linux commands in a way that we could easily understand and follow the steps to configure or troubleshoot the issue using the command line.

For the last year, I have been implementing and deploying Check Point NGFW in multiple client environments. 

Its NAT automation and routing intelligence are excellent. We are not required to configure NAT rules separately; we can enable them while creating an object. We are also not required to configure reverse routing for LAN subnets.

At this time, Check Point NGFW is more stable than other options.

The scalability is wonderful.

Customer service and support are good. However, they can be enhanced.

Positive

We do not choose the solution. Rather, we provide multiple solutions to the customer.

The solution is easy to implement.

We are from the vendor side. We can help implement the solution. 

As of now, everything is good as per the market scenario.

We did not evaluate other options. 

My company had the need to replace the existing firewall cluster of our data center, due to the end of support and end of life of the model. The choice of our next firewall depended on the following:

1) Ease of use

2) Ease of deployment

3)Centralized Management

4) Remote Access VPN Support

5) Strong Forums and Community

6) Strong Technical Support in case of any failure

7) Training of administrators via vendor certifications

8) Reporting capabilities for capacity planning

We have many site-to-site VPNs with our partners; they access our platform via site-to-site VPNs, remote access VPNs, and the internet.

With the outstanding capabilities of Check Point, we managed to have stable site-to-site VPNs with all our partners and with every other vendor's devices. The remote access capabilities and features are considered very strong, since the settings are excessive, and focused on each customer's need. 

The IPS engine and all threat prevention features are considered stable. Central management of every firewall spread all over the world is achieved by setting up an SMS server, which makes our lives easier.

SMS server is considered very valuable, as Central management of every firewall spread all over the world is achieved by setting it up.

Remote Access VPN is used by our company for work-from-home purposes of our employees and for partners that need to access our resources.

Reporting of network interface traffic is very valuable since capacity planning for the next quarter or year takes place, and provides us with valid data.

Firewall access rules contain the negative choice.

IPS engine protects our infrastructure from malicious events.

NAT counters, ACL Counters.

Monitoring of the site-to-site VPNs and administration of the site-to-site VPNs (bring tunnel down, bring tunnel up) should be improved, as this will make the troubleshooting process easier, if something goes wrong, in order to understand which side has the issue.

As a company, we have the need to pass traffic from one site to site VPN to another, and this is not achieved directly via ACL policies; we need to create another VS environment in order to achieve it.

SmartEvent Settings and Policy GUI, and the rest of external apps should be improved.

I've used the solution for three years.

We use the Check Point Next Generation Firewall for whitelisting and blacklisting of addresses. It's part of our identity management solution and is utilized for inbound and outbound traffic services. 

Additionally, it is integrated with our DMZ, managing traffic from an IP addressing scheme. We also use it for monitoring different types of classified and nonclassified applications.

Check Point has improved our organization's ability to manage both classified and nonclassified applications securely, ensuring they pass through multiple layers of security within our firewall infrastructure.

One of the most valuable features is the ability to whitelist and blacklist sources to control access to our ecosystem, ensuring secured SaaS application access. It provides robust security across classified and nonclassified applications and integrates well with our existing infrastructure.

The graphical user interface (GUI) could benefit from some updates, although it is generally satisfactory in its current form.

The solution is stable, and I have the utmost confidence in its software stability.

The application is very scalable, allowing us to manage security across different network layers and support various applications and activities.

Customer support quality depends on the person you interact with. However, the support team we engaged was knowledgeable and well-versed with the application, allowing us to resolve any potential issues effectively.

Positive

We switched to Check Point due to cost and maintenance benefits. The previous solutions required significant resources to handle network and communication alignment during upgrades.

The initial setup is straightforward, with no significant issues arising from the box configuration.

Our implementation team comprised about thirty individuals, including supervisors for each stage, to manage testing, validation, staging, and production.

We conducted a detailed analysis and determined a high return on investment. Maintenance and stability were key factors contributing to a favorable ROI.

We found the pricing reasonable, ensuring the product was not overpriced. However, I am not familiar with the exact cost details.

I would absolutely recommend this solution to others for its robust security and scalability.

I'd rate the solution ten out of ten.

We use Check Point Next Generation Firewall both as a perimeter firewall and as an internal firewall. 

For customers, we recommend using the open platform, which is the software installed on your own server. We usually find that you get a lot more performance out of the software that way. Also, a lot of energy companies use it as well.

Check Point Next Generation Firewall helps us with routing failover, setting up a web dashboard for better management of the platform, and ensuring the stability and availability of our firewalls with its backup features.

The price point is good. You get a lot more features for the cost. How it's bundled and packaged is very simple to order. All the features are bundled with the product, and it's just a matter of checking a box to turn it on or off. 

Performance is usually better on OpenServers, where we provide the server on the Check Point platform.

The operating system and platform could be more tightly integrated. Some features are better done on the OS side of the platform. Integrating all features into one dashboard should avoid switching between the new and old dashboards.

Check Point Next Generation Firewall is quite stable. For features like backup and data, I would rate it highly.

Check Point Next Generation Firewall offers excellent scalability. With OpenServer, it's just a matter of purchasing licenses that enable more CPUs to be used. We can increase the RAM on the box and allow for more network traffic and customers onto our platform.

The support is great. I usually get it online and it meets our needs effectively.

Positive

Setup is easy. I would give it an eight out of ten.

The pricing is fair and more competitive than many competitors. On a scale of one to ten, with ten being the most expensive, I would rate it around a three in its category.

Cisco does not support SSL inspection, and its detection capabilities are limited. I would say Check Point is comparable with Palo Alto in terms of features and detection capabilities.

I would recommend Check Point Next Generation Firewall because of its detection capabilities, which ensure protection by identifying malicious files and suspicious activities. The price point is also lower compared to Palo Alto for the same features.

I'd rate the solution nine out of ten.

We use the solution for threat prevention, antivirus, VPN, endpoint, and email security. Harmony Email Security and Harmony Endpoint are now under Check Point.

The most valuable features of the solution are threat prevention, anti-bot, anti-malware, sandboxing, threat emulation, threat extraction, and DLP. Check Point NGFW has a three-way architecture, which makes it the best. It is very simple to manage and use when integrated with the management server.

We face some challenges while guiding new customers regarding the solution's configuration. Since it has a three-way architecture, new customers find it very difficult to understand how to configure or manage the solution.

I have been using Check Point NGFW for three to four years.

An appliance called Maestro is available to scale the solution. We provide the solution for small, medium, and enterprise customers.

The solution's technical support is supportive and satisfactory. We just need to log the case, and the support team will reply before 24 hours.

I rate the solution’s technical support eight and a half out of ten.

Positive

I also work with Palo Alto.

The solution’s initial setup is very easy.

The solution's deployment time depends on your organizational architecture. The deployment does not take more than three to four days and can be done in one to two days. It takes one or two engineers to deploy the solution.

We have seen a return on investment with Check Point NGFW.

The solution's pricing totally depends on the customers' requirements and is more complex than that of other products.

It is very easy to maintain the solution. Check Point NGFW can be easily managed by one administrator who knows the tool. I am satisfied with the AI and ML features available in Check Point NGFW.

Overall, I rate the solution ten out of ten.

Our customers have been using it for the network security.

Unlike Fortinet, where the log loading process can take up to a month, Check Point stands out for its efficiency. While other solutions may only provide logs for a short period, such as one or two months, Check Point impressively retains logs for up to six months on some machines and at least three months on others. This extended log retention period is a significant advantage for our customers, providing them with valuable insights and enhancing their overall security posture.

One of the most advantageous features of Check Point firewall is its multi-interface capability. While traditional firewalls typically have a single interface, Check Point stands out by offering tools with multiple interfaces. This capability, now known as SmartConsole, allows users to manage policies, security objects, and routing points all from one dashboard. This contrasts with other firewalls where users often have to log in separately to access different functionalities. The hierarchical structure of communication and management in Check Point firewalls adds complexity, making it more challenging for attackers to exploit vulnerabilities. Additionally, Check Point introduced SD-WAN functionality in December 2013, further enhancing its capabilities and staying ahead of the curve in network security.

There's a significant area for improvement when it comes to pricing. While frequent updates and patches are released, which is commendable and adds significant value, the loading time for SD-WAN updates can be excessively long.

The feature we're eager to see enhanced in Check Point is reporting, particularly in terms of highlighting past reports. Currently, if we create a rule for a report in the morning, we expect to receive an email highlighting it. While we can set this up, the issue lies in segregating the project into separate reports.

I have been working with it for five years.

Occasionally, we face certain issues and downtimes. Downtime varies depending on the type of changes or updates being made. For instance, a version upgrade typically requires only fifteen minutes for reboots. However, for patch updates or version updates, downtime can extend to at least one hour. In some cases, especially in custom environments, downtime may exceed two to three hours.

It provides good scalability. Despite having only three customers, I've implemented the firewall for over a thousand users. These users are situated in factory environments, meaning there are thousands of endpoints, including those connected via VPN.

I am relatively satisfied with the level of technical support provided. We primarily work with Indian support teams, and while some technical engineers are exceptionally intelligent and quick to resolve issues within ten to fifteen minutes, others may take longer. However, the crucial aspect is that they eventually provide an answer or escalate the issue if needed. When I contact support, I first inquire about the assigned person, and if I am familiar with them, I proceed with the interaction. Otherwise, I prefer to escalate the query to another region to avoid wasting time. I would rate it eight out of ten.

Positive

We have experience working with Fortigate and Palo Alto in the past. In Sri Lanka, Check Point has a strong marketing presence, which influences customer decisions.

The initial setup can be complex and may pose a challenge, especially for those without prior experience. Setting it up for the first time requires careful attention and a level of expertise to navigate effectively.

The deployment process begins with configuring the firewall's IP and other settings. Once this initial configuration is complete, we proceed to the AI portal. In the AI portal, the first step is to configure the interfaces. After configuring the interfaces, we proceed to install the created interface. Next, we move on to the SmartConsole. To access the SmartConsole, we download it from the app portal. Once the SmartConsole is installed, we can easily create rules for logging purposes, manage objects, configure networking, and VPN, and other technical tasks from the SmartConsole. Routing and related tasks are typically handled in the data portal. One individual is enough for the deployment. The duration of the setup process varies depending on factors such as the complexity of the customer's environment and the site architecture. For instance, in a relatively simple scenario with just two VLANs and a couple of VPNs, the configuration could be completed within a few working days. Maintenance is essential, with upgrades and patch updates being mandatory at least once every six months. This ensures the system remains up-to-date and secure.

Our customers are pleased with the return on investment. The occasional bugs and updates, common to all firewalls including Check Point, are being addressed promptly. The platform is regularly updated to ensure optimal performance.

The price is on the higher side.

While the cost may be a consideration, the level of security provided by Check Point is exceptional. In my experience, I have not encountered any cyber attacks. The only negative experience was not related to the firewall but rather to customer issues with the router. It's important to remember that compromising security for cost savings can ultimately lead to vulnerabilities. Therefore, investing in high-security solutions like Check Point is worthwhile. Overall, I would rate it eight out of ten.

We are using Check Point Next Generation Firewall both as an edge border gateway and as an internal gateway protecting users and servers networks. Using the Virtual System solution we create different network environments and virtual system firewalls in which we have different modules (additional license could be needed) activated depending on the topology of the network where the firewall is protecting the traffic. We are also implementing IPS on several internal firewalls that are inspecting such flows.

Mainly the easy central management with support for virtual systems has helped in the operating and analyzing time of the security department. We know that with other security solutions that don't scale well and don't have a central management system, you lose precious time operating the platform.

Under the same interface, we are using a stack of different security modules, so the learning curve is easier than the need to learn new interfaces for each specific appliance. At the same time, you can check the logs in a homogeneous way.

The management interface is easy to operate and is a standardized way of managing different firewall modules in the same client application. Additionally, it provides up-to-date security options through different license bundles and scalability to match almost any firewall security needs as you can easily add more systems to implement several cluster firewalls, running as a load-sharing whole system or active-standby members. The log explorer is also straightforward to use, and the results are easily exportable.

To provide visibility of the requirements you have to accomplish to perform some of the traffic security mechanisms. Several security modules are based on HTTPS inspection, losing a relevant security capability if you don't implement it in your network. So the product should point out this need clearly so you can fit your expectations in a real-world environment. That said, this is not a limitation of the product itself.

You need to read the requirements to take into consideration both throughput, security modules and storage (logs) needs so you can choose the appliance that best fits your organization.

I've used the solution for more than ten years.

In most environments, this solution is running pretty stable.

It is easy to scale both with virtual systems or by adding additional physical appliances.

Support has a good and fast response to new threats and is proactive with a big community.

Positive

We were using a Cisco firewall solution. It was outdated and the management interface was not unified.

We evaluated Palo Alto and Fortinet as well as Check Point

For the technical administration teams. I advise them to take, at least, the basic training so they can manage the solution adequately.