Check Point NGFW Reviews

We use the solution for securing all of our servers facing the public network, site-to-site VPN, and SSL VPN like the webserver, e-services, and many other such applications. I have been using the below-mentioned modules:

• Application Control
• SSL Inspection
• URL Filter
• IPS/IDS
• Virus Scanner
• ATP
• DNS Sinkhole
• File Content Scan (Archived Content)
• Link Protection
• Safe Search
• VPN
• Anti Bot/Anti-Spam
• Threat Emulation/Extraction

I can say each and every module has benefited my organization and I would highly recommend others to deploy Check Point solutions.

We have good peace of mind now, after deploying this solution. We could easily defend against zero-day attacks and day-to-day vulnerabilities.

Since the time we deployed the solution, we are 100% safe and secure.

At present, the newly deployed solution is being used for reverse proxy, the site-to-site VPN, and SSL VPN along with the proxy for a few of the machines.

Their threat emulations and Bot Services are a must-try. 

You can just deploy it, sit back, and relax without any issues.

The most valuable features include:

• Application Control
• SSL Inspection
• URL Filter
• IPS/IDS
• Virus Scanner
• ATP
• DNS Sinkhole
• File Content Scan (Archived Content)
• Link Protection
• Safe Search
• VPN
• Anti Bot/Anti-Spam
• Threat Emulation/Extraction

Each and every module provides 100% accuracy. 

Their threat emulations and Bot Services are excellent.

Additionally, they have an excellent support team working around the clock. The engineers have excellent knowledge and provide us with a resolution in a very timely manner.

I have been using Check Point technology since 2011 and recently I have deployed new NGFW, the upgraded version, in a cluster along with the management box.

Check Point updates and upgrades are in a timely manner. There is nothing more that I need in terms of improvement.

Additionally, they have an excellent support team working around the clock. Check Point engineers have excellent knowledge and have provided us with the resolution in a timely manner.

I have been using Check Point technology since 2011 and recently I have deployed the new NGFW. It's the upgraded version and we have it in a cluster along with the management box.

I've used the solution for the last ten years.

The solution is highly stable.

The solution is highly scalable.

Customer service is excellent.

Positive

We did use a different solution originally. We changed to Check Point for achieving high levels of security.

The initial setup is straightforward.

We implemented through a vendor team and I would rate them at a 10 out of 10.

It's excellent and the management is very satisfactory.

It's a very economical option.

We evaluated Palo Alto and Cisco.

It's an excellent solution and offers the best support.

The primary use case is as a perimeter firewall separating different security zones from each other. We separate several zones, such as Internet Of Things (ie. cameras and several sensors), Internet-facing DMZ, internal networks, and guest networks from each other. 

Also, we use the VPN feature to create Site to Site tunnels between branch offices and the headquarters. Threat Prevention features including IPS, Anti-Bot, Threat Emulation, and Threat Extraction and are used to secure our users from being victims of several threats. 

It is hard to say how a product like a firewall is improving our organization. The firewall does what it should. Primarily, the management makes this product great. There is no other product on the market that is nearly as perfect a tool for managing firewall rule bases and I know many of them. Check Point has much fewer vulnerabilities in their products and also is very quick to react to vulnerabilities.

The Threat Extraction software blade feature is the most valuable feature as it extracts any potential harmful content from several kinds of documents, which our users receive via e-mail or download from the Internet. We know, that our users tend to click on everything they get without thinking too much about the consequences. 

The second feature to mention is Threat Emulation, which is basically a sandbox, which runs executables received via email or downloaded from the Internet and creates a verdict if this executable is harmful or not in regards how it behaves on a specific operating system and application.

Unfortunately, the API is not fully complete and also it is not an API which I would refer to as a RESTful API as there are different endpoints for the same entity. For me, a restful API would use one endpoint to handle, for example, host objects and use different HTTP methods to distinguish between different operations. 

I would expect to use the PATCH method to update an object and the PUT method to create one. Currently, there are separate endpoints for these operations and all of them use the POST method. The most important issue with the API is, that there are some endpoints we are missing (for example for managing VPN users).

We have been using this product and its predecessors for about 20 years.

The stability is very good. Sometimes there are issues, however, most of the time, they have no big impact. SecureXL was sometimes a bit of a problem. That said, this has improved in the last few versions.

Check Point offers several possibilities to scale (load sharing, Maestro, and scalable platforms such as 44K or 64K appliances), however, in our case, we just replaced the appliance after a few years. If one needs real scalability, they should take a look at Maestro which is the scaling solution from Check Point.

Technical support can be good or bad. It depends. Sometimes they are really great, and sometimes very annoying. Most of the time we have a good experience.

Positive

We did not previously use a different solution.

It's really simple to set up. You simply install from an ISO with a few questions (ie. mgmt IP address and gateway) and restart with a graphical installation wizard with a few more questions (such as is this a management box or a gateway or a cluster member ASO).

We handled the setup in-house. We have enough knowledge to do that. Our expertise is CCSM level.

We evaluated several competitors such as Cisco, Palo Alto, and Baracuda

We use Check Point firewalls to prevent attacks against the data center servers by adding more layers of security, such as IPS, Data Leak Prevention. We have also used Check Point to implement security policies in layer 7 and applications as well as to configure the VPN for internal users of the organization.

Check Point's firewall security solution is a complete solution that allows you to prevent attacks against your data center servers and avoid the transmission of viruses to end-users via ransomware, phishing, or forgery of URLs.

Check Point has a centralized console that makes it possible to manage all the deployed equipment. It also has a built-in VPN service that lets users connect through VPN to our organization, which facilitates teleworking while cutting off unauthorized access to the organization's internal network.

The predefined reports are limited and should provide more information. Check Point should provide a greater number of defined reports and produce reports for each division of the organization. Also, historical statistics cannot be obtained from the central console, the data or logs must be exported to another machine and processed from there to obtain this historical information. The number of available physical ports could be increased and Check Point could add support for higher speeds.

We have been using Check Point firewalls for more than 10 years.

Check Point is a company that has been producing firewalls for many years. It is a leader in today's market, and its products are very stable. They are always updating and improving their products to stay at the top of the market. 

Check Point NGFW allows easy and fast scalability.

Our experience with Check Point technical support was very positive. They always resolved questions or incidents quickly and professionally.

We have always had Check Point solutions.

The initial configuration was simple. The previous team was also using Check Point, we only had to export and update the rules. Only a couple of things had to be corrected and changed.

It was implemented through a CheckPoint partner who demonstrated great experience in migration.

When implementing, I would suggest you define in a real way what you want to allow —applications, content, destinations, etc. — and drop the rest of the traffic. It is important to review the groups, objects, and networks created to efficiently define the security policies that you finally want to implement.

Before making the last purchase, we evaluated other solutions, such as Palo Alto or Fortinet.

I would rate Check Point NGFW 10 out of 10.

My solution is based on an on-site architecture. I currently manage a Check Point Next-Generation Firewall for my more than 400 sites such as perimeter and DMZ. For the sites with a perimeter to the internet, I have them in a high availability scheme with balancing internet services. In the case of DMZ, they allow me to control incoming and outgoing traffic through policies based on Identity awareness. I use the application control blade to allow RDP access to the specific servers needed by administrators.

In the beginning, my organization did not have a security scheme, which caused a latent security risk. My internet services were never enough due to the high traffic used towards social networks and entertainment sites. With my Next-Generation Firewall, I have managed to reduce the cost of my links since now we use them appropriately in the resources and tasks that are necessary. 

For the lateral movements, previously all of my users had access to server networks and communication could cause lateral movement of viruses and ransomware. Now, I have the perimeter towards the internet protected and I am protected against unauthorized access.

What gives me the most value is undoubtedly the security that the anti-bot and anti-virus blades provide. With the automatic updates of signatures, I am always protected against new threats. The identity awareness blade helps me to have better control and organization over unauthorized access of my users onto exclusion sites such as social networks. In the DMZ it allows me to control administrators with access to highly important networks such as servers, developments, etc.

Of the areas of improvement that I want to see in this product, without a doubt, one is the technical support. In this time of globalization, with so many cyberattacks and risks, the Check Point support staff take a long time to attend to incidents due to the high demand. 

Another change that I would like to see is the ability to be able to test the policies before launching a change. It is somewhat annoying to apply a change and then notice that, after a while, the message appears that the installation of policies has failed, either due to some duplicate rule, some duplicate port, duplicate service or IP, et cetera.

I've been using the solution for 5 years.

It really is a very stable and reliable brand.

it is better when using an open server solution since some teams are limited to growth.

The support service can improve the attention to clients as well as the escalation times.

I did not previously use a different solution. I've just used Check Point.

The installation is really simple and easy to manage.

We also previously looked at Meraki, Fortigate, and Palo Alto as options. 

The primary use case for the Quantum Spark Security Appliance 1570 in our organization is unified threat management, firewall protection, intrusion prevention, anti-virus, and anti-malware defenses to secure our network against external threats. We use its remote access solution, to secure remote access through VPN capabilities and mobile device support, ensuring our employees can connect safely from anywhere. Additionally, the appliance features content filtering, application control, and bandwidth management to optimize network performance and enforce usage policies. 

It enhanced our organization's security posture compared to our previous solution. It offers superior protection with advanced threat management capabilities, including robust firewall defenses, intrusion prevention, and real-time anti-virus and anti-malware protection. 

This has markedly reduced our vulnerability to cyber threats. Additionally, the appliance's content filtering and application control features have enabled us to manage bandwidth more efficiently, prioritizing critical business applications and preventing unnecessary traffic. This optimization has not only improved network performance but also reduced operational costs by eliminating bandwidth wastage. 

The WatchTower feature is particularly valuable, providing real-time monitoring of incidents, which enhances our ability to promptly address and mitigate security threats, ultimately leading to reduced overheads and improved overall efficiency. 

The WatchTower app is accessible from mobile devices, providing administrators with the flexibility to monitor and manage security on the go. This mobility ensures that security management is not confined to the office, allowing for rapid response even when off-site.

They should improve integration with third-party security tools and software for a more unified security ecosystem. 

They should enhance compatibility with various network environments and cloud platforms can be valuable. Offer more comprehensive support options, including extended hours and more accessible resources.

They should provide more extensive training materials and documentation to help users maximize the appliance's capabilities. Integrate user awareness and training modules within the appliance to educate employees on security best practices.

We have been using it for more than two years. 

Stability is exceptionally positive. Since its implementation, the appliance has demonstrated remarkable reliability and uptime, consistently maintaining our network's security without disruptions

It provides a robust and scalable solution that meets both our current requirements and future growth plans.

Customer service is overall good, but we would like it to be more enchnaced. 

Positive

We previously used a different security solution but we switched it because of a phishing attack. Though we had a solution, it had not done its job perfectly. 

The setup is straightforward.

We implemented it through a vendor. I would rate it an eight out of ten.

It helped us reduce operational costs associated with network security. By optimizing bandwidth management, preventing security breaches, and streamlining administration tasks, we've minimized wastage and improved resource utilization. 

Setup cost is not much, hence pricing and licensing need to be considered. If pricing gets lower that would be great. 

We previously used a different security solution but switched to the Quantum Spark Security Appliance 1570 due to several issues with the old system. Our previous solution lacked advanced threat management features like real-time anti-virus and anti-malware protection, and had ineffective bandwidth management leading to network performance bottlenecks. 

This is a best solution for us so far and we recommend this to anyone. 

We are using the product in a small office to secure our network to configure the firewall settings to control incoming and outgoing traffic. 

This includes setting up rules for allowing or blocking specific types of traffic.

We use intrusion prevention features to detect and prevent potential threats and attacks on your network.

It enables logging and monitoring features to keep track of network activity and identify potential security incidents.

With the solution, we can implement strong user authentication mechanisms to control access to your network resources.

The use of Check Point NGFW makes our business feel safer.

NGFWs typically include advanced threat prevention mechanisms, such as intrusion prevention systems (IPS), antivirus, anti-malware, and threat intelligence. These features help protect your network from a wide range of cyber threats.

NGFWs can integrate with user identity management systems, enabling more granular control over network access based on user identities. This is particularly important for enforcing security policies on a per-user basis.

The interface is user-friendly, and also they give you small training courses on the Coursera website to explain how to use the products.

The dashboard provides a quick overview of the security status, including key metrics, alerts, and recent events. This helps administrators get a snapshot of the network's security posture.

The ability to monitor network traffic and security events in real time is crucial. Check Point's interface often provides real-time visibility into network activity, making it easier to identify potential issues or threats.

Their products are pretty complete, and the explanations are very well done.

Check Point offers training and certification programs for administrators and security professionals. These programs help individuals develop the skills needed to effectively manage and secure networks using Check Point products.

Timely updates to security databases, firmware, and software are crucial for addressing new threats. Check Point's commitment to providing ongoing support ensures that organizations have access to assistance when needed.

We have been using this solution for the last two years already.

The solution we use is pretty complete. For the moment, the stability is good enough for us.

CkeckPoint has solutions for different sizes of companies. Therefore, the solution is scalable. The client has to choose the right solution for their needs. If you call the contact center, they can advise you on your options.

We have not used technical support, up until now we haven't needed them.

Positive

We used a normal antivirus on the endpoints previously. However, after we took a cybersecurity course, we understood that a bigger security solution was needed.

The initial setup is easy. You just click through, next, next, next, and take some steps to make an account and do some basic setups. Everything basically works out of the box.

We implemented the solution through a vendor team; they had well-trained technicians.

To feel safer in the online environment is the most important thing these days. Everything is online now. A solution like that makes it easier and safer for you to work and do things online.

After researching what's available in the market, choose a product. Read reviews and watch demos to assess the user interface and learn what options the product offers.

We searched the market for months before we chose Check Point. There are many security solutions on the market, both for on-premises and on the cloud. We chose Check Point for the ease of use.

The solution is perfect for us. That said, for each client, the needs are different.

Our customer’s infrastructure is entirely based on Check Point. They are using around 2,000 firewalls worldwide. We resolve the problems in their product as a service provider.

Check Point is a great technology. It doesn't compromise the performance of the users. The tool provides great security. It was the first firewall that provided 3-way handshake. It was the first stateful firewall in the market.

The tool’s architecture could be improved a bit. It should provide Single-Pass Parallel Processing. Check Point’s interface is quite segregated.

I have been using the solution for seven to eight years.

The tool will be stable if the implementation team has done a good job.

The tool is scalable. If a user faces any constraints, we can upgrade the tool. The hardware is scalable. Our customers are enterprise-level businesses.

The technical support team is not excellent. It’s not easy to get people on call on urgent tickets. They join the call, but the support is not as smooth as other vendors like Cisco and Zscaler.

Positive

Palo Alto provides Single-Pass Parallel Processing. Palo Alto and Check Point are not very different.

The product is easy to install. It's an interesting product. Once we get the knowledge of Check Point, it's quite easy to work on. However, for new users, the solution is a bit difficult. For a single gateway, if we are ready with all the necessary software we need while installing, the deployment takes one to two hours.

A single-site deployment, where all gateways and management are taken care of, can be done by one or two people. However, a complete implementation team is required if some things are to be done on the cloud and some in the branch offices. One team will handle the policies, and the other will handle the basic installations. Once the solution is stabilized, maintenance will be easy.

Check Point is a good tool. I would recommend it to others. Overall, I rate the solution a nine out of ten.

The product is basically for completing a firewall task. On top of that, the aim is to find a comprehensive solution with the innovations from next-gen. We made an isolated zone in a small part of the company. Here, we aimed to provide basic security features with few security devices. In this context, we ran the Check Point appliance by opening almost all the blades on it. The Check Point software architecture was able to provide quite good results because it ran on its own OS. It's pretty good as a VM. At a point where we wanted to isolate VM devices, we provided a solution with a VM series of Check Point.

It has similar features to other competitors in standard sizes, so it's not a subject where it differs much. It provides us with a layer of security as a firewall. With the new blades that are opened as an extra, it can provide solutions that are needed today, such as IPS and URL filtering. 

You can do app and URL filtering through a separate policy layer. The fact that these can be separated and made in different layers provides excellent convenience for the administrators who regulate the rules. In object searches, object explorer is very easy and fast.

In my company, there have between ten and 15 firewalls on-premises, and if I want to configure or push the same configuration to all of the firewalls, then the centralized management system is easy and very helpful. 

It is difficult to convey the end-user experience. However, in general, administrators can get used to the interface and start working quickly. Especially after Revision 81.10, I can say that everything became more stable and faster in terms of management. It should be said that it does quite well on the DDOS side.

There are parts that are still on the SmartDashboard screen and that condemn you to use it, which should be removed and moved to the SamartConsole interface, which is the main screen. 

In addition, when you want to open the gateway by double-clicking on the interface, sometimes it can cause silly problems such as freezing. To fix these problems, Check Point needs to get rid of the SmartDashboard screen completely. Also, there is a need for performance improvements in the interface so that when the data and rulesets are large, there is a need for performance improvements in the next versions.

I've used the solution for about six years.