Check Point NGFW Reviews

We use it to protect our network from the outside world and unsecured networks. We also use it to provide a safe, secure network to the internal users of our organization.

I am using various versions on the model, like R80.10 and R80.30.

• Antivirus
• Threat Prevention
• The central management

These are vital, advanced firewall features for the market. They protect the environment more than the usual firewalls. 

Check Point's study materials should be provided by the company directly and be of very good quality. This is not provided right now and something that the company can improve. 

A disadvantage about Check Point is people in the market are not too familiar about its usage and people lack training on it.

I have been using it for the last six years (since 2014).

Check Point Firewalls are very stable. Check Point is one of the oldest company in firewalls with a very stable product. They provide good, stable updates.

It scales well. Recently, during COVID-19, we did the scalability process, and it was easy.

Currently, this is used only for our inbound networks to provide security to our internal network. Around 6,000 people are taking advantage of this technology directly and indirectly in our organization.

We have certainly increased number of firewalls in our organization. In the future, if is required, then we will definitely use more.

I have used the technical support very frequently. I would give them around a nine out of 10. They have very good support. In critical scenarios, they provide us very quick solutions, are very well-trained, and have a good knowledge about the product. That is what we expect from them. I am deducting one mark to allow room for improvement. 

Previously, we were using the Cisco ASA Firewalls, which are one of the most demanded firewall in the market. We switched to Check Point because their firewall is more advanced than Cisco ASA. They are also providing us the extra benefit of features, like their central management system, Antivirus, and Threat Prevention, which were not provided by Cisco ASA. 

It was straightforward; it was not too complex. It was simple to install and use the features, as we were already trained. Our company used their trainers before installing it. Getting all the knowledge of the firewall's features beforehand worked very well for installing/deploying the solution in our environment.

We were using different firewalls that we had to replace. For that replacement, we required two years for the transition to Check Point to get it to work.

For our implementation strategy, we used three-tier architecture strategy in which we have a console, three-tier management Gateway, and the firewall.

We have around 20 people on the team, because it is a large company. So, I deployed it with the help of 19 members. The team of 20 people work on different shifts and we manage all the organization's firewalls. We are all network engineers, though some of us have different designations.

It has a good return in terms of usage and the security that it provides. We are very happy with the security capabilities that this firewall has.

Check Point Firewall costs more compared to the other firewalls in the markets, as pricing is little high. However, it is easy to take the license and use it in the firewall.

We did an evaluation between Cisco ASA and Check Point. We had options to extend Cisco ASA or switch to Check Point, but we switched to Check Point Firewall.

Be knowledgeable before implementing this firewall because it has many advanced features compared to the normal firewalls in the market. If you want to use it in a better way, then you need to be trained on it. 

There were a few members who joined our organization who were familiar with Check Point, but they do not know about every feature which could be used and taken advantage of to better secure our network. I recommend getting proper training before using it.

I would rate this solution a nine out of 10 because I am a very happy customer of Check Point. I have had a good experience with this firewall. I like is the way it is improving a lot with the times.

We use Check Point NGFW to provide more protection for our network from internal and external sources. I also work on creating checks, rules, troubleshooting, and generating daily reports.

Check Point NGFW makes it easier to handle and use the firewall efficiently. It helps protect our network from internal and external threats.

The firewall's default behavior of blocking all traffic, including a cleanup rule that blocks everything from external to internal sources, is highly valuable for protecting our network.

In the rule creation process, we need to decide on the source address, destination address, and services. There are improvements needed in this area.

I have used Check Point NGFW for one and a half years.

To maintain stability, I monitor high utilization and CPU usage, enabling and disabling connections as necessary.

Check Point NGFW is not scalable enough. However, it enhances performance with high availability, shifting to a secondary firewall if one fails.

When I can't resolve an issue technically, I consult with a senior engineer. I rate the technical support seven out of ten.

Neutral

I did not work with any other firewalls before Check Point. I am familiar with CCNA routing and switching.

The initial setup involves connecting cables, opening the IP address using a browser, and configuring the firewall. It takes about one hour.

Only one person is required for the deployment.

Check Point NGFW is very important because it is easier to handle and use.

I don't have information regarding the pricing, as it is considered an internal matter of the organization.

I did not evaluate any other options. I chose Check Point firewall based on my knowledge of CCNA routing and switching.

Check Point NGFW is easy to use, create rules, and take backups. It simplifies backing up and managing processes with click-and-go options.

I'd rate the solution seven out of ten.

We use the solution for threat prevention, antivirus, VPN, endpoint, and email security. Harmony Email Security and Harmony Endpoint are now under Check Point.

The most valuable features of the solution are threat prevention, anti-bot, anti-malware, sandboxing, threat emulation, threat extraction, and DLP. Check Point NGFW has a three-way architecture, which makes it the best. It is very simple to manage and use when integrated with the management server.

We face some challenges while guiding new customers regarding the solution's configuration. Since it has a three-way architecture, new customers find it very difficult to understand how to configure or manage the solution.

I have been using Check Point NGFW for three to four years.

An appliance called Maestro is available to scale the solution. We provide the solution for small, medium, and enterprise customers.

The solution's technical support is supportive and satisfactory. We just need to log the case, and the support team will reply before 24 hours.

I rate the solution’s technical support eight and a half out of ten.

Positive

I also work with Palo Alto.

The solution’s initial setup is very easy.

The solution's deployment time depends on your organizational architecture. The deployment does not take more than three to four days and can be done in one to two days. It takes one or two engineers to deploy the solution.

We have seen a return on investment with Check Point NGFW.

The solution's pricing totally depends on the customers' requirements and is more complex than that of other products.

It is very easy to maintain the solution. Check Point NGFW can be easily managed by one administrator who knows the tool. I am satisfied with the AI and ML features available in Check Point NGFW.

Overall, I rate the solution ten out of ten.

The solution is used to provide firewall security to cloud integrations.  

The spoofing prevention feature is the most valuable feature.

The solution provider needs to upgrade the IPSec VPN port because VPN branch-to-branch configuration can be easily implemented at our company, but several difficulties arise in a cloud environment like AWS or Azure cloud. The aforementioned cloud providers often need to create VPN interfaces, but in a few cases, these teams don't have the knowledge for configuration or IP points; their knowledge remains limited to the architecture of the clouds on a networking level. 

In future releases of the solution, a remote access VPN feature should be added. Our organization expects the aforementioned feature because we have a secure validated configuration in our remote access VPN, and the feature would allow easy configuration.

For instance, if a customer wants to connect a VPN to a particular domain laptop, our company can integrate the domains with our network's remote access VPN, but the user is unable to connect with other personal laptops.

I have been using Check Point NGFW for five years. 

I would rate the stability of the solution as seven out of ten. The tech support is not operational sometimes, and in a few cases, the tech team of the vendor is unable to provide support with a proper explanation or resolution. Check Point NGFW fails to provide workarounds for certain issues and thus leads to huge time consumption for a single task. The support team of Check Point NGFW on a few occasions takes five to ten hours to resolve an urgent VPN issue which impacts the stability. 

At our company, if we raise an RMA for Check Point NGFW, it takes immense time, which is around 15 to 30 days, to obtain the box, whereas other vendors offer it within five to seven business days. Due to the aforementioned issue, our organization needs to implement a test device on the environment and purchase temporary licenses for that device so that the customers in a stand-alone environment can access the internet. 

In Check Point NGFW, sometimes the logs consume excess storage, and even the storing or indexing process is not implemented correctly. 

I would rate the scalability a seven out of ten. 

Support is available for Check Point NGFW, but the support team, in most cases, is unable to provide an effective and on-time solution after collecting logs. I would rate tech support a seven out of ten. 

Neutral

I worked with Palo Alto previously before transferring to Check Point NGFW. I wanted to learn about Check Point NGFW in-depth as it's considered a difficult solution compared to others, so I ventured into it. 

In our company, we have the option for both cloud-based and on-prem deployment of the solution. The management server integration is different for the aforementioned options. If the traditional management server is present locally, in that case, at our company, we are using the solution for integration, but if a cloud is involved, some keys need to be integrated with the cloud management to let the firewall have internet access. 

Almost every time when the management server reaches or expands to another country in our organization, we face difficulty with integrations. The deployment time of Check Point NGFW depends upon customer requirements, but it takes approximately 15 to 30 days. More feature integrations demand the involvement of more teams in the deployment process. In my area of business, about 50 to 70 customers are using Check Point NGFW. 

If the solution is in a cluster environment, a maintenance window is not required and most of our customers are using the solution in a clustering or stand-alone mode. 

It's an expensive solution. 

Most of our organization's customers are using Check Point NGFW for networks, as enhancing the firewall's performance is not required; if the firewall goes inactive, total protection decreases. Our organization's customers don't want to depend on any particular product and are thus investing in multiple security products. 

On a few occasions, integrating a RADIUS configuration with Check Point NGFW has been difficult because some versions are not supported. I have also faced trouble regarding authentication when integrating Check Point NGFW with Azure EAD. 

Recently, Check Point NGFW has been integrated with zero-threat AI security features. In our organization, we are installing the solution on the Blade architecture, where the aforementioned features function well enough. I would recommend Check Point NGFW to others. I would rate Check Point NGFW overall a six out of ten. 

We use the solution for the DMZ firewall. It's very common and very easy to make configuration, Having IPsec for tunneling solutions with third-party routers and firewalls with other branch offices is very helpful. 

It offers support for segmentation networks. 

The geolocation feature makes it so that our company can easily allow or block a location of IP and can integrate with our SOC or our log management system. 

URL filtering is very powerful for blocking malicious connections. 

The user interface is very cool and easy to use. It has anti-DDOS protection which is very useful too.

The solution is very helpful. Using Check Point helps our security team with mitigation and prevention with an easy user interface and configuration. 

Anti-malware and URL filtering can mitigation many malicious activity and log for event easy for us to send to our security operation center team, for internet solutions we use load balancing method with a round-robin algorithm which is very very helpful for internal user solution for accessing the internet with redundant availability.

URL filtering and anti-malware protection at=re the most useful as those can mitigate many malicious events and make connections between users and the internet safe. It's faster with the load balancing method and supports a round-robin algorithm. This firewall in our environment has high availability or cluster system which makes our availability higher, especially for business continuation plans. Support for troubleshooting and maintenance cases is great. They are very helpful and fast at solving many problems.

The network automation and security automation could be better. We need integration with more third-party security solutions.

We need two-factor authentication solutions for the virtual private network solution. We need a firewall or NGAV/EDR with lightweight resources that is still powerful for blocking and preventing attacks and malicious activity. 

We need enhancement for our perimeter for our security zone, especially for network access control with portal authentication. 

I've been using the solution for five years.

We did use a different solution. We switched as we need more enhancements. 

We also looked into Fortinet.

We use this solution for complete protection against advanced zero-day threats with Threat Emulation and Threat Extraction. We also use:

• NSS Recommended IPS to proactively prevent intrusions
• Antivirus to identify and block malware
• Anti-bot to detect and prevent bot damage
• Anti-Spam to protect an organization's messaging infrastructure
• Application Control to prevent high-risk application use
• URL Filtering to prevent access to websites hosting malware
• Identity Awareness to define policies for user and groups
• Unified Policy that covers all web, applications, users, and machines
• Logging and Status for proactive data analysis

The solution has improved the organization with respect to the following:

• Simple implementation and operation
• Central dashboard for managing branch firewalls
• Easy measurement of security effectiveness and value to the organization
• Proactive protection with the help of many inbuilt blades
• SandBlast Threat Emulation and Extraction provides us zero-day protection from known and unknown threats in real-time 
• Great visibility on the number of threats being blocked at the dashboard
• Helps to clean traffic, both egress and ingress
• A simplified URL filtering option is available for users with detailed granularity to map user/departments with respect to specific access
• It does deep packet inspection for checking HTTPS traffic. There is a shift towards more use of HTTPS, SSL, and TLS encryption to increase Internet security. At the same time, files delivered into the organization over SSL and TLS represent a stealthy attack vector that bypasses traditional security implementations. Check Point Threat Prevention looks inside encrypted SSL and TLS tunnels to detect threats, ensuring users remain in compliance with company policies while surfing the Internet and using corporate data
• It helps in the identification of C&C via Anti-Bot
• It provides geolocation restrictions that may be imposed via IPS
  
• Excellent Application Control for the administrator to manage the access for users
• Secure remote access is configured with mobile access connectivity for up to five users, using the Mobile Access Blade. This license provides secure remote access to corporate resources from a wide variety of devices including smartphones, tablets, PCs, Mac, and Linux

We are using the Check Point Next-Generation Firewall to maximize protection through unified management, monitoring, and reporting. It has the following features:-

• Antivirus: This stops incoming malicious files at the gateway, before the user is affected, with real-time virus signatures and anomaly-based protections.

• IPS: The IPS software blade further secures your network by inspecting packets. It offers full-featured IPS with geo-protections and is constantly updated with new defenses against emerging threats.

• AntiBot: It detects bot-infected machines, prevents bot damage by blocking both cyber-criminals Command and Control center communications, and is continually updated.

• Application Control: It creates granular security policies based on users or groups to identify, block or limit the usage of web applications.

• URL Filtering: The network admin can block access to entire websites or just pages within, set enforcements by time allocation or bandwidth limitations, and maintain a list of accepted and unaccepted website URLs.

• Identity Awareness: This feature provides granular visibility of users, groups, and machines, enabling unmatched application and access control through the creation of accurate, identity-based policies.

I would like to see the provision of an industry-wide and global benchmark scorecard on leading standards such as ISO 27001, SOX 404, etc., so as to provide assurance to the board, and confidence with the IT team, on where we are and how much to improve and strive for the best.

Although Check Point provides annual updates to the Gaia platform, integration with other OEMs is difficult. This integration would be helpful in providing a full security picture across the organization. I am looking forward to the go-ahead of R81 with MITRE framework adoption in the future.

We have been using the Check Point NGFW for the last four years.

This is a very stable product.

It is highly scalable on cloud and does provide customers with lot of flexibility while performing the sizing of the appliance.

Technical Support needs improvement, especially the L1 engineers.

Prior to this solution, we were using GajShield. However, due to limited visibility and support, we opted for a technical refresh and upgrade of products.

Yes initial setup was complex as migration of policies from one OEM to another is a challenge. however we meticulously planned and completed the implementation in phases.

Yes we took help of the Certified Vendor. Vendor support was good.

We did not calculate our ROI; however, it provides good visibility to us.

Check Point is competitively priced; however, there is an additional charge for the Annual Maintenance Contract (AMC) and it is easy to understand.

My advice is to negotiate upfront with a support contract of between three and five years.

We evaluated Palo Alto, Barracuda, and Fortinet.

In summary, this is an excellent product and featured consistently in Gartner for the last 10 years. They have good R&D and support services across the globe. 

We use it as a normal firewall for perimeter security, using some of the Next Generation features, like Anti-Bot and Antivirus. 

We have two ISPs. We have a different firewall system in front of the Check Point Firewall. We also have normal Cisco switches combined with the Check Point solution. Then, our internal network is with Cisco, which is about 300 servers and 1,500 clients.

Since we are an insurance company, the solution is a necessity.

Two-thirds of our employees are working at home at the moment, so we use the VPN feature more than we used to. Of those two-thirds, only 100 or 200 are using the remote client from Check Point. The other employees are using other technologies, like NetScaler from Citrix. 

We use the basic firewall functionality, plus the VPN functionality, a lot.

We have about 100 remote sites, which is where we use the VPN functionality. For private lines, we prefer to do further private encryption on the line. It is very convenient to do it with Check Point, if you have Check Point on both sides. It is convenient and easy to monitor.

The firewall feature and DDoS Protector, when turned on, keep away attacks from the outside. They also prevent users from accessing things on the Internet that they are not supposed to access.

The Threat Emulation definitely needs improvement. A couple of years ago, we did a comparison with other companies, e.g., Lastline, offering threat emulation and threat detection functionalities, and Check Point was lacking. 

I have been using Check Point for 22 to 23 years. I have been using Check Point NGFW for 15 years, since 2005.

We used to have more problems. For the past five years, unless we have had a bug, which happens like once a year, it has been pretty stable. We did have a bug for the last three months, which has just been fixed. Before that we had another two or three major bugs. However, when there is a bug and it's not known to Check Point, they need quite a while to get it fixed. If they have a fix already, then there is a pretty quick turnaround to get it fixed.

There are three people working on firewalls, but not at 100 percent. We have the equivalent of one person doing firewalls 100 percent of the time using three people.

For our requirements, it's scalable enough. We have a 1 gig uplink to the Internet, which is easily doable with open servers. 

We used to have some problems with the performance, then we upgraded the license and the scalability has worked well since.

There are 1,200 to 1,500 users.

It depends whether the problem is known to Check Point. If they are aware there is a problem, quite often it will then depend on which tech you finally land on if it's easier or harder to get to the root cause. The last issue was in India so that was pretty bad. It's easier if you get directly through to Tel Aviv or Ottawa, but you can't choose. Once they know what the issue is, it's pretty good. It pretty much depends on the engineer that you get. There are pretty good engineers and there are many engineers who are at just the starter level at Check Point who are not really into the stuff. Sometimes it's hard, sometimes it's easy, depending on the problem and the tech engineer you get.

To the next manager, it's pretty easy to escalate an issue, if needed. Though, it depends on the manager. 

Our current sales staff isn't too good. Though, the one before was pretty good. So, you can escalate on that process well. As an escalation path, it works most of the time.

Once you do it for over 20 years, it is straightforward. If you have done it a couple of times, then you know what to do. However, even if you are a beginner, Check Point is more straightforward than Palo Alto or something like that. Once you get the idea of how a firewall works, Check Point does it that way.

There is a central location where we deploy upgrades, which normally take one business day since we have several clusters there. 

When deploying the solution to remote locations, we have several models to choose from.

When we tried Threat Emulation, we have received professional services from Check Point. However, for the normal setup, we don't involve any professional services.

It is like insurance for us.

The pricing and licensing are pretty steep. They know that they are good, so they are pricey.

We are also using Forcepoint, which is a little bit different on the OS and focused more on IPS/IDS. It is a good practice to combine two different firewall vendors in case one of them gets hacked.

We also evaluated Palo Alto, like five years ago, but that doesn't make much sense for us. 

Since we are trying to get our customers to do more self-service, we should see more inbound traffic. So, the usage will increase in the next two years.

We get more attacks from the outside these days, so it has become more important to use systems like Check Point. When I started with security 25 years ago, it was still something not everybody was aware they needed. Today, it's common sense that everybody needs to protect their perimeter.

Plan first, implement last. You should first be aware of what assets you want to protect and what are your traffic patterns. You should plan your policy and network topology ahead of time, then start to implement a firewall. If you just place it there without any plan of what it's supposed to do, it doesn't make too much sense. I think planning is 80 percent of the implementation.

I would rate this solution as an eight out of 10. It would be better if the support was quicker in the cases we had. Apart from that, we are happy with the functionality.

We use Check Point Next Generation Firewall both as a perimeter firewall and as an internal firewall. 

For customers, we recommend using the open platform, which is the software installed on your own server. We usually find that you get a lot more performance out of the software that way. Also, a lot of energy companies use it as well.

Check Point Next Generation Firewall helps us with routing failover, setting up a web dashboard for better management of the platform, and ensuring the stability and availability of our firewalls with its backup features.

The price point is good. You get a lot more features for the cost. How it's bundled and packaged is very simple to order. All the features are bundled with the product, and it's just a matter of checking a box to turn it on or off. 

Performance is usually better on OpenServers, where we provide the server on the Check Point platform.

The operating system and platform could be more tightly integrated. Some features are better done on the OS side of the platform. Integrating all features into one dashboard should avoid switching between the new and old dashboards.

Check Point Next Generation Firewall is quite stable. For features like backup and data, I would rate it highly.

Check Point Next Generation Firewall offers excellent scalability. With OpenServer, it's just a matter of purchasing licenses that enable more CPUs to be used. We can increase the RAM on the box and allow for more network traffic and customers onto our platform.

The support is great. I usually get it online and it meets our needs effectively.

Positive

Setup is easy. I would give it an eight out of ten.

The pricing is fair and more competitive than many competitors. On a scale of one to ten, with ten being the most expensive, I would rate it around a three in its category.

Cisco does not support SSL inspection, and its detection capabilities are limited. I would say Check Point is comparable with Palo Alto in terms of features and detection capabilities.

I would recommend Check Point Next Generation Firewall because of its detection capabilities, which ensure protection by identifying malicious files and suspicious activities. The price point is also lower compared to Palo Alto for the same features.

I'd rate the solution nine out of ten.