Try our new research platform with insights from 80,000+ expert users
PeerSpot user
AGM Cyber Security CoE at Bata Group
Real User
Flexible, provides good visibility, and it's easy to manage with a centralized dashboard
Pros and Cons
  • "It creates granular security policies based on users or groups to identify, block or limit the usage of web applications."
  • "Although Check Point provides annual updates to the Gaia platform, integration with other OEMs is difficult."

What is our primary use case?

We use this solution for complete protection against advanced zero-day threats with Threat Emulation and Threat Extraction. We also use:

  • NSS Recommended IPS to proactively prevent intrusions
  • Antivirus to identify and block malware
  • Anti-bot to detect and prevent bot damage
  • Anti-Spam to protect an organization's messaging infrastructure
  • Application Control to prevent high-risk application use
  • URL Filtering to prevent access to websites hosting malware
  • Identity Awareness to define policies for user and groups
  • Unified Policy that covers all web, applications, users, and machines
  • Logging and Status for proactive data analysis

How has it helped my organization?

The solution has improved the organization with respect to the following:

  • Simple implementation and operation
  • Central dashboard for managing branch firewalls
  • Easy measurement of security effectiveness and value to the organization
  • Proactive protection with the help of many inbuilt blades
  • SandBlast Threat Emulation and Extraction provides us zero-day protection from known and unknown threats in real-time 
  • Great visibility on the number of threats being blocked at the dashboard
  • Helps to clean traffic, both egress and ingress
  • A simplified URL filtering option is available for users with detailed granularity to map user/departments with respect to specific access
  • It does deep packet inspection for checking HTTPS traffic. There is a shift towards more use of HTTPS, SSL, and TLS encryption to increase Internet security. At the same time, files delivered into the organization over SSL and TLS represent a stealthy attack vector that bypasses traditional security implementations. Check Point Threat Prevention looks inside encrypted SSL and TLS tunnels to detect threats, ensuring users remain in compliance with company policies while surfing the Internet and using corporate data
  • It helps in the identification of C&C via Anti-Bot
  • It provides geolocation restrictions that may be imposed via IPS
  • Excellent Application Control for the administrator to manage the access for users
  • Secure remote access is configured with mobile access connectivity for up to five users, using the Mobile Access Blade. This license provides secure remote access to corporate resources from a wide variety of devices including smartphones, tablets, PCs, Mac, and Linux

What is most valuable?

We are using the Check Point Next-Generation Firewall to maximize protection through unified management, monitoring, and reporting. It has the following features:-

  • Antivirus: This stops incoming malicious files at the gateway, before the user is affected, with real-time virus signatures and anomaly-based protections.
  • IPS: The IPS software blade further secures your network by inspecting packets. It offers full-featured IPS with geo-protections and is constantly updated with new defenses against emerging threats.
  • AntiBot: It detects bot-infected machines, prevents bot damage by blocking both cyber-criminals Command and Control center communications, and is continually updated.
  • Application Control: It creates granular security policies based on users or groups to identify, block or limit the usage of web applications.
  • URL Filtering: The network admin can block access to entire websites or just pages within, set enforcements by time allocation or bandwidth limitations, and maintain a list of accepted and unaccepted website URLs.
  • Identity Awareness: This feature provides granular visibility of users, groups, and machines, enabling unmatched application and access control through the creation of accurate, identity-based policies.

What needs improvement?

I would like to see the provision of an industry-wide and global benchmark scorecard on leading standards such as ISO 27001, SOX 404, etc., so as to provide assurance to the board, and confidence with the IT team, on where we are and how much to improve and strive for the best.

Although Check Point provides annual updates to the Gaia platform, integration with other OEMs is difficult. This integration would be helpful in providing a full security picture across the organization. I am looking forward to the go-ahead of R81 with MITRE framework adoption in the future.

Buyer's Guide
Check Point NGFW
March 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,672 professionals have used our research since 2012.

For how long have I used the solution?

We have been using the Check Point NGFW for the last four years.

What do I think about the stability of the solution?

This is a very stable product.

What do I think about the scalability of the solution?

It is highly scalable on cloud and does provide customers with lot of flexibility while performing the sizing of the appliance.

How are customer service and support?

Technical Support needs improvement, especially the L1 engineers.

Which solution did I use previously and why did I switch?

Prior to this solution, we were using GajShield. However, due to limited visibility and support, we opted for a technical refresh and upgrade of products.

How was the initial setup?

Yes initial setup was complex as migration of policies from one OEM to another is a challenge. however we meticulously planned and completed the implementation in phases.

What about the implementation team?

Yes we took help of the Certified Vendor. Vendor support was good.

What was our ROI?

We did not calculate our ROI; however, it provides good visibility to us.

What's my experience with pricing, setup cost, and licensing?

Check Point is competitively priced; however, there is an additional charge for the Annual Maintenance Contract (AMC) and it is easy to understand.

My advice is to negotiate upfront with a support contract of between three and five years.

Which other solutions did I evaluate?

We evaluated Palo Alto, Barracuda, and Fortinet.

What other advice do I have?

In summary, this is an excellent product and featured consistently in Gartner for the last 10 years. They have good R&D and support services across the globe. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1419591 - PeerSpot reviewer
System Architekt at a insurance company with 1,001-5,000 employees
Real User
Prevents users from accessing things on the Internet that they are not supposed to access
Pros and Cons
  • "The firewall feature and DDoS Protector, when turned on, keep away attacks from the outside. They also prevent users from accessing things on the Internet that they are not supposed to access."
  • "It depends whether the problem is known to Check Point. If they are aware there is a problem, quite often it will then depend on which tech you finally land on if it's easier or harder to get to the root cause. The last issue was in India so that was pretty bad. It's easier if you get directly through to Tel Aviv or Ottawa, but you can't choose. Once they know what the issue is, it's pretty good. It pretty much depends on the engineer that you get. There are pretty good engineers and there are many engineers who are at just the starter level at Check Point who are not really into the stuff. Sometimes it's hard, sometimes it's easy, depending on the problem and the tech engineer you get."

What is our primary use case?

We use it as a normal firewall for perimeter security, using some of the Next Generation features, like Anti-Bot and Antivirus. 

We have two ISPs. We have a different firewall system in front of the Check Point Firewall. We also have normal Cisco switches combined with the Check Point solution. Then, our internal network is with Cisco, which is about 300 servers and 1,500 clients.

How has it helped my organization?

Since we are an insurance company, the solution is a necessity.

Two-thirds of our employees are working at home at the moment, so we use the VPN feature more than we used to. Of those two-thirds, only 100 or 200 are using the remote client from Check Point. The other employees are using other technologies, like NetScaler from Citrix. 

What is most valuable?

We use the basic firewall functionality, plus the VPN functionality, a lot.

We have about 100 remote sites, which is where we use the VPN functionality. For private lines, we prefer to do further private encryption on the line. It is very convenient to do it with Check Point, if you have Check Point on both sides. It is convenient and easy to monitor.

The firewall feature and DDoS Protector, when turned on, keep away attacks from the outside. They also prevent users from accessing things on the Internet that they are not supposed to access.

What needs improvement?

The Threat Emulation definitely needs improvement. A couple of years ago, we did a comparison with other companies, e.g., Lastline, offering threat emulation and threat detection functionalities, and Check Point was lacking. 

For how long have I used the solution?

I have been using Check Point for 22 to 23 years. I have been using Check Point NGFW for 15 years, since 2005.

What do I think about the stability of the solution?

We used to have more problems. For the past five years, unless we have had a bug, which happens like once a year, it has been pretty stable. We did have a bug for the last three months, which has just been fixed. Before that we had another two or three major bugs. However, when there is a bug and it's not known to Check Point, they need quite a while to get it fixed. If they have a fix already, then there is a pretty quick turnaround to get it fixed.

There are three people working on firewalls, but not at 100 percent. We have the equivalent of one person doing firewalls 100 percent of the time using three people.

What do I think about the scalability of the solution?

For our requirements, it's scalable enough. We have a 1 gig uplink to the Internet, which is easily doable with open servers. 

We used to have some problems with the performance, then we upgraded the license and the scalability has worked well since.

There are 1,200 to 1,500 users.

How are customer service and technical support?

It depends whether the problem is known to Check Point. If they are aware there is a problem, quite often it will then depend on which tech you finally land on if it's easier or harder to get to the root cause. The last issue was in India so that was pretty bad. It's easier if you get directly through to Tel Aviv or Ottawa, but you can't choose. Once they know what the issue is, it's pretty good. It pretty much depends on the engineer that you get. There are pretty good engineers and there are many engineers who are at just the starter level at Check Point who are not really into the stuff. Sometimes it's hard, sometimes it's easy, depending on the problem and the tech engineer you get.

To the next manager, it's pretty easy to escalate an issue, if needed. Though, it depends on the manager. 

Our current sales staff isn't too good. Though, the one before was pretty good. So, you can escalate on that process well. As an escalation path, it works most of the time.

How was the initial setup?

Once you do it for over 20 years, it is straightforward. If you have done it a couple of times, then you know what to do. However, even if you are a beginner, Check Point is more straightforward than Palo Alto or something like that. Once you get the idea of how a firewall works, Check Point does it that way.

There is a central location where we deploy upgrades, which normally take one business day since we have several clusters there. 

When deploying the solution to remote locations, we have several models to choose from.

What about the implementation team?

When we tried Threat Emulation, we have received professional services from Check Point. However, for the normal setup, we don't involve any professional services.

What was our ROI?

It is like insurance for us.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing are pretty steep. They know that they are good, so they are pricey.

Which other solutions did I evaluate?

We are also using Forcepoint, which is a little bit different on the OS and focused more on IPS/IDS. It is a good practice to combine two different firewall vendors in case one of them gets hacked.

We also evaluated Palo Alto, like five years ago, but that doesn't make much sense for us. 

What other advice do I have?

Since we are trying to get our customers to do more self-service, we should see more inbound traffic. So, the usage will increase in the next two years.

We get more attacks from the outside these days, so it has become more important to use systems like Check Point. When I started with security 25 years ago, it was still something not everybody was aware they needed. Today, it's common sense that everybody needs to protect their perimeter.

Plan first, implement last. You should first be aware of what assets you want to protect and what are your traffic patterns. You should plan your policy and network topology ahead of time, then start to implement a firewall. If you just place it there without any plan of what it's supposed to do, it doesn't make too much sense. I think planning is 80 percent of the implementation.

I would rate this solution as an eight out of 10. It would be better if the support was quicker in the cases we had. Apart from that, we are happy with the functionality.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Check Point NGFW
March 2025
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,672 professionals have used our research since 2012.
Independent Information Technology and Services Professional at a non-profit with 1-10 employees
Real User
Top 5
Enhanced firewall management with cost-effective feature integration and competitive pricing
Pros and Cons
  • "The price point is good."
  • "The operating system and platform could be more tightly integrated."

What is our primary use case?

We use Check Point Next Generation Firewall both as a perimeter firewall and as an internal firewall. 

For customers, we recommend using the open platform, which is the software installed on your own server. We usually find that you get a lot more performance out of the software that way. Also, a lot of energy companies use it as well.

How has it helped my organization?

Check Point Next Generation Firewall helps us with routing failover, setting up a web dashboard for better management of the platform, and ensuring the stability and availability of our firewalls with its backup features.

What is most valuable?

The price point is good. You get a lot more features for the cost. How it's bundled and packaged is very simple to order. All the features are bundled with the product, and it's just a matter of checking a box to turn it on or off. 

Performance is usually better on OpenServers, where we provide the server on the Check Point platform.

What needs improvement?

The operating system and platform could be more tightly integrated. Some features are better done on the OS side of the platform. Integrating all features into one dashboard should avoid switching between the new and old dashboards.

What do I think about the stability of the solution?

Check Point Next Generation Firewall is quite stable. For features like backup and data, I would rate it highly.

What do I think about the scalability of the solution?

Check Point Next Generation Firewall offers excellent scalability. With OpenServer, it's just a matter of purchasing licenses that enable more CPUs to be used. We can increase the RAM on the box and allow for more network traffic and customers onto our platform.

How are customer service and support?

The support is great. I usually get it online and it meets our needs effectively.

How would you rate customer service and support?

Positive

How was the initial setup?

Setup is easy. I would give it an eight out of ten.

What's my experience with pricing, setup cost, and licensing?

The pricing is fair and more competitive than many competitors. On a scale of one to ten, with ten being the most expensive, I would rate it around a three in its category.

Which other solutions did I evaluate?

Cisco does not support SSL inspection, and its detection capabilities are limited. I would say Check Point is comparable with Palo Alto in terms of features and detection capabilities.

What other advice do I have?

I would recommend Check Point Next Generation Firewall because of its detection capabilities, which ensure protection by identifying malicious files and suspicious activities. The price point is also lower compared to Palo Alto for the same features.

I'd rate the solution nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Senior Implementation Security Engineer at Orange España
Real User
Serves as a perimeter firewall at a cheaper rate but doesn't have a friendly GUI
Pros and Cons
  • "Google has a premium partnership with Check Point, involving extensive verification processes for major customers. This strong partnership indicates a significant level of collaboration between the two companies."
  • "The GUI is not very user-friendly, and configuring it can be challenging."

What is our primary use case?

I used Check Point NGFW to secure the data centers of medium to large enterprise companies. In many cases, it serves as a perimeter firewall, though its use can vary based on specific needs. Primarily, it functions as a defensive firewall.

What is most valuable?


What needs improvement?

The GUI is not very user-friendly, and configuring it can be challenging. The management console often has issues, sometimes requiring high CPU usage on your FTP or Windows system to open or manage sessions. It can be resource-intensive. Additionally, when viewing or monitoring logs, they sometimes do not appear immediately and may be outdated or missing.

For how long have I used the solution?

I have been using Check Point NGFW for two years.

What do I think about the stability of the solution?

It is a stable device.

What do I think about the scalability of the solution?

They support a range of enterprises, from small to large. Their solutions can accommodate environments with as few as 50 users to those with thousands or more. So, handling a large number of users is not an issue.

How are customer service and support?

Support is very good.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup is not straightforward and can be more complex than that of other devices like Palo Alto or Fortinet firewalls. The setup for the CMA and management center requires careful implementation. Additionally, integrating components such as MDM and other security devices, including sandboxes, can be challenging to achieve a cohesive and secure environment.

The time required for deployment depends on the amount of configuration needed. Typically, it might take a full day, but with sufficient time, a basic configuration can often be completed in about eight to ten hours.

I have worked with both on-premises and VM versions. The CMA is typically deployed as a VM on a server, while the firewall is a physical device. 

What about the implementation team?

I have already deployed many times by myself, so there is no need for many people.

What's my experience with pricing, setup cost, and licensing?

It is a cheaper device than what other vendors offe.

What other advice do I have?

For security features, I typically use the templates or standards provided by the vendor. Based on my experience over the past three years, I haven’t encountered any significant complaints from customers about attacks or major issues while using the firewall to protect their data centers.

Google has a premium partnership with Check Point, involving extensive verification processes for major customers. This strong partnership indicates a significant level of collaboration between the two companies.

I haven’t handled any maintenance, but the support center has been very helpful. They provided excellent support and demonstrated strong knowledge whenever I reached out for assistance. They are proficient in various languages and have a good grasp of Linux, which is essential for effective support.

They provide good step-by-step implementation guides, similar to what is available for Fortinet's FortiGate. However, I find the implementation process for other vendors to be easier. Pricing varies among the three vendors, so there are differences in cost. Palo Alto offers the best options for sizing, though I haven’t worked operationally.

I recommend it, but you should know Linux and its commands to work effectively with this device.

Overall, I rate the solution a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
reviewer1531134 - PeerSpot reviewer
Cybersecurity Engineer at Insurance Company
Real User
Good support with easy central management and a nice visibility
Pros and Cons
  • "The management interface is easy to operate and is a standardized way of managing different firewall modules in the same client application."
  • "Several security modules are based on HTTPS inspection, losing a relevant security capability if you don't implement it in your network."

What is our primary use case?

We are using Check Point Next Generation Firewall both as an edge border gateway and as an internal gateway protecting users and servers networks. Using the Virtual System solution we create different network environments and virtual system firewalls in which we have different modules (additional license could be needed) activated depending on the topology of the network where the firewall is protecting the traffic. We are also implementing IPS on several internal firewalls that are inspecting such flows.

How has it helped my organization?

Mainly the easy central management with support for virtual systems has helped in the operating and analyzing time of the security department. We know that with other security solutions that don't scale well and don't have a central management system, you lose precious time operating the platform.

Under the same interface, we are using a stack of different security modules, so the learning curve is easier than the need to learn new interfaces for each specific appliance. At the same time, you can check the logs in a homogeneous way.

What is most valuable?

The management interface is easy to operate and is a standardized way of managing different firewall modules in the same client application. Additionally, it provides up-to-date security options through different license bundles and scalability to match almost any firewall security needs as you can easily add more systems to implement several cluster firewalls, running as a load-sharing whole system or active-standby members. The log explorer is also straightforward to use, and the results are easily exportable.

What needs improvement?

To provide visibility of the requirements you have to accomplish to perform some of the traffic security mechanisms. Several security modules are based on HTTPS inspection, losing a relevant security capability if you don't implement it in your network. So the product should point out this need clearly so you can fit your expectations in a real-world environment. That said, this is not a limitation of the product itself.

You need to read the requirements to take into consideration both throughput, security modules and storage (logs) needs so you can choose the appliance that best fits your organization.

For how long have I used the solution?

I've used the solution for more than ten years.

What do I think about the stability of the solution?

In most environments, this solution is running pretty stable.

What do I think about the scalability of the solution?

It is easy to scale both with virtual systems or by adding additional physical appliances.

How are customer service and support?

Support has a good and fast response to new threats and is proactive with a big community.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We were using a Cisco firewall solution. It was outdated and the management interface was not unified.

Which other solutions did I evaluate?

We evaluated Palo Alto and Fortinet as well as Check Point

What other advice do I have?

For the technical administration teams. I advise them to take, at least, the basic training so they can manage the solution adequately.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network Administrator at Bodiva
Real User
A top-tier security solution that combines advanced protection features with user-friendliness providing comprehensive network security
Pros and Cons
  • "It is user-friendly and straightforward to manage, which simplifies our overall network security management."
  • "It could greatly improve our customer experience by centralizing management."

What is our primary use case?

It assists us in filtering files for our internal users, ensuring that our data remains secure and protected. During the pandemic, it has been invaluable in enabling remote connections through VPN for our employees who are working from home, facilitating our COVID-19 response efforts. We established point-to-point VPN connections with approximately thirty clients, which enhances our security, especially at the outermost layer of our network, safeguarding us from external threats.

What is most valuable?

It includes features like IPS, which keeps us informed about potential threats attempting to breach our infrastructure, adding a crucial layer of security. It is user-friendly and straightforward to manage, which simplifies our overall network security management.

What needs improvement?

It could greatly improve our customer experience by centralizing management. Currently, we face the issue of having different management interfaces, which require us to switch between them, causing some difficulties and inefficiencies in our workflow. There are instances where the software crashes and this necessitates frequent upgrades from one version to another.

For how long have I used the solution?

I have been using it for four years now.

What do I think about the stability of the solution?

I would rate it as highly stable, giving it a solid nine out of ten.

What do I think about the scalability of the solution?

In terms of scalability, we haven't needed to expand significantly as our current setup consists of firewall checkpoints at the main site and another set at the HQ. These devices can seamlessly communicate with one another. We use SmartConsole managing system, which serves as a centralized hub for collecting and managing logs from all our Check Point Firewalls. As far as I know, the limit for management servers is five firewalls, so beyond that, additional licensing may be required to accommodate more devices.

How are customer service and support?

We don't engage directly with its support team. Instead, we work through a reseller who handles our support needs. When we require assistance, we reach out to the reseller, and if necessary, they will liaise with Check Point on our behalf.

Which solution did I use previously and why did I switch?

We were previously using Cisco ASA, Cisco X-ray, and FortiGate. However, the technologies we had, particularly the Cisco ASA, were outdated, and there was a clear need to upgrade to a next-generation appliance. When considering our options, we received a proposal from a local vendor in Angola, and after reviewing it, we decided to move forward with Check Point as it is widely recognized as one of the top solutions in the market.

How was the initial setup?

The initial setup is straightforward. I would rate it nine out of ten.

What about the implementation team?

We've had positive experiences with the deployments, and we've recommended it in several instances. Currently, we have implemented four Check Point Firewalls. Our initial deployment at the primary site took approximately a week to set up. After fine-tuning and making necessary adjustments, the total time for implementation was roughly two weeks. The main office at our headquarters had a similar timeline, as the tuning process does require a significant amount of time and effort.

What's my experience with pricing, setup cost, and licensing?

The technology itself is impressive, but I find the pricing a bit on the higher side. This is partly due to the complexities we face with exchange rates in our country, as obtaining foreign currency can be challenging.

What other advice do I have?

Having worked with products from various providers, I've found the experience and functionality of Check Point to be quite impressive and I strongly recommend it, provided they invest in essential training, which is a critical component. Its user-friendly management interface simplifies the process, and it offers a wealth of features. I would rate it nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer2178546 - PeerSpot reviewer
Network security architect at a energy/utilities company with 10,001+ employees
Real User
Top 5
Good security with great reporting and integration with external solutions
Pros and Cons
  • "I like the Next-Generation Firewall."
  • "Check Point could improve the time for delivering requested features from customers."

What is our primary use case?

The primary use case is segmentation in many different areas of the company network. We had a few critical use cases: there was a need for an internal firewall, and also an edge firewall. Apart from having simple segmentation, we had a requirement for additional features like the possibility to decrypt traffic, the possibility to inspect URLs or the intrusion prevention system feature. 

A very important thing for us was also to have a very good quality of vendor support. Definitely, this is something we can get here. 

How has it helped my organization?

With Check Point we have achieved our primary goal - segmentation. We were able to limit North-South and East-West traffic which had a very impressive impact on improving security posture. 

We also have the possibility to control Internet traffic, we can use the URL filtering feature together with traffic decryption to be able to allow only safe communication. A very important thing for us is also having the possibility to use identity awareness and be able to implement policy based on user IDs (user ad groups).

What is most valuable?

I like the Next-Generation Firewall. This is the primary feature and use case for this solution. It's a very important thing for us to have a solution that provides ease of use and an intuitive interface.

We are also using other security blades that are included in the package like URL filtering, identity awareness, IPS, antibot, and threat detection.

The most valuable thing for us is to have the possibility to use all the security blades and all security products and have a consistent policy among different security features. Reporting and integration with external solutions are great.

What needs improvement?

Check Point could improve the time for delivering requested features from customers. It could be delivered much faster. Also, communication and status reporting for such requests have a lot of room for improvement. After the request, we do not get any information on the status or progress until it is implemented.

Looking at the trend in the market which aims for vendor consolidation, the strategy to deliver one vendor SASE could be beneficial for Check Point and its customers. 

For how long have I used the solution?

I've been familiar with the product since 2003. At my current company, CheckPoint appeared three years ago.

What do I think about the stability of the solution?

The stability is good.

What do I think about the scalability of the solution?

The range of platforms is huge. It can fit every traffic requirement.

How are customer service and support?

Overall I have had a positive experience with support. Sometimes it takes too long to resolve issues, however.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have been using Cisco ASA. The switch was done based on the intuitive management interface and ease of use of Check Point.

How was the initial setup?

The setup is straightforward, even if the policies are big and complex.

What about the implementation team?

We have used help from a third-party company.

What's my experience with pricing, setup cost, and licensing?

I'd advise users to prepare their requirements before choosing the product and model.

Which other solutions did I evaluate?

I also evaluated Palo Alto.

What other advice do I have?

It is a really good solution. You should be happy with it if you choose it.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Jonathan Ramos G. - PeerSpot reviewer
Cloud Engineer at ITQS
Real User
Great rule management, VPN configuration, and SSL features
Pros and Cons
  • "We can decipher the activity of each connection and see what is inside it."
  • "Something worth mentioning is the need for Spanish support and better representation for teams in the Latin American area."

What is our primary use case?

At the organizational level, we needed to protect the security of our organization. This is where a much broader need arises. We must protect each of the branches that our company has - in some cases larger than other branches. We took on the task of implementing a next-generation firewall from Check Point which allows us to have valuable equipment that adjusts to the needs of each of the branches according to their size and organizational demand by the number of users. This equipment is designed for infinity architecture. 

How has it helped my organization?

The designs, including Check Point next-generation firewall equipment, have allowed us to have all branches interconnected with the same brand and the same site-to-site communication service. We can encrypt the traffic through these VPNs and ensure communication in all directions, solving transactions and access to applications and services within our organization and outside of it. Additionally, we have a content filtering robot that ensures that users and applications are reached solely and exclusively by our networks and users. 

What is most valuable?

The most outstanding feature of Check Point is the possibility of having more than 60 indicating services within it. Among the most outstanding in keeping safe is its rule management, VPN configuration, SSL, and, above all, HTTPS Inspection, which is a solution that allows us to see what users do. We can decipher the activity of each connection and see what is inside it. In this way, we ensure that the data is not violated or violated by third parties outside our organization and we validate the internal and timely security. 

What needs improvement?

The Next Generation Firewall (NGFW) Configuration Guides in XL cluster are very complex and other guides should be reviewed to validate configuration references. They should be updated for new versions.

Something worth mentioning is the need for Spanish support and better representation for teams in the Latin American area. There is a growing demand for these IT services and new technologies.

Its guides are identical to the existing ones. It would be more pleasing that these guides be updated and improve their design.

Give it a try, and it will help you more in these times when users are more remote than local.

For how long have I used the solution?

I've used the solution for two years.

What do I think about the scalability of the solution?

It is quite scalable. That said, it is complex to integrate cluster services from the same equipment.

Which solution did I use previously and why did I switch?

I was testing WatchGuard and Fortinet. In the end, it was easier for me to integrate Check Point.

What's my experience with pricing, setup cost, and licensing?

The cost is quite high. That said, it must be understood that it is not only a firewall, it is a solution that integrates more solutions within it.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.