Check Point NGFW Reviews

For Check Point, the main cases are just perimeter security, network security, basically detecting threats on the network, antivirus, application control, visibility, login, and data threat prevention.

I like the GUI. In terms of functionality, it used to be the detection capability. Check Point has good security intelligence, which helps detect threats. They have the historical background to do that. But now, Fortinet is a bit better. 

A lot of things need to be improved in Check Point NGFW. One, their support team isn't very efficient and useful. 

The solution itself isn't easy to learn, making it hard for support to provide solutions. The design makes it so pockets (specific teams) have to work together when there's an issue, which creates a mess.

Also, Check Point lacks competitive capabilities like SD-WAN and CGM app integration. And visibility needs improvement. For example, Fortinet shows all connected devices with IP addresses, MAC addresses, and sometimes usernames. More granular detail is crucial for security.

So support efficiency, visibility, and adding competitive capabilities are key areas for improvement.

I have been with Check Point for a very long time. So, it has been almost six years.

I would rate the stability a six out of ten. There is room for improvement here. 

I would rate the scalability a seven out of ten. My customers are mostly medium-sized businesses, but my clientele also includes enterprises.

There is room for improvement in the customer service and support. 

Neutral

I'm heavily biased towards Fortinet. Check Point is a direct competitor, so from my experience, it's a decent firewall. There are strong points and weak points, but Fortinet is superior for various reasons.

The initial setup is really straightforward. The GUI is very good. However, the issue I have is with the stability. In terms of simplicity, I don't consider Check Point to be a straightforward solution. Another point to mention is my experience in planning within customer environments. The outcomes are not always as expected. 

For instance, when setting up Check Point firewall and flat policies, the policies didn't take effect immediately. There was a situation where the policies took effect after about two hours. Such instances were mind-boggling. Regarding VPN issues, when implementing IP protection between Check Point and other vendors, remote access can be challenging.

In Nigeria, it's predominantly on-premises. Many organizations are moving towards cloud, but many others use a hybrid approach, both on-premises and in the cloud. 

A few are using Check Point in the cloud, but most test with Fortinet due to easier integration with public cloud providers like Microsoft. Public cloud vendors also have their own firewalls, like Microsoft and AWS. In terms of adoption, Check Point is behind in cloud adoption in Nigeria.

Overall, the process is very fast and depends on the type of deployment. For example, replacing a Cisco firewall with Check Point requires converting policies, which can take quite a while, depending on the size of the policy base. In my personal experience, setting up Check Point was very quick.

It's reasonably priced, but competitors offer much cheaper options. It's market-related, so the pricing makes sense for what Check Point offers.

My recommendation is to consider Fortinet as an alternative. Overall, I'd rate it a seven out of ten. There's room for improvement, especially since Check Point doesn't seem too focused on our region. 

In Nigeria, procuring the firewall and bundled services like technical account management and professional services can be challenging. The service delivery is not as efficient as one would expect, which wouldn't be the case for a European customer.

We use the solution to configure sandboxing features for enterprises. We also use it for policy-level configurations and VPNs.

Sandboxing is the most valuable feature. A majority of the configurations are very accurate. We can find what an organization's user is downloading from the internet.

The support team should be faster.

I have been using the solution since 2016.

All products have some bugs. However, we had a minimum bug experience with Check Point. I rate the tool’s stability an eight out of ten.

The product is scalable. Everyone in our company uses the product. We are 100 users. We have an on-premise firewall. We use it every day.

I have contacted the support team. I have had good conversations with the engineers. Sometimes, it takes a little bit of time to solve some issues. If it's a complex issue, we need to start from scratch and escalate to a bigger tier of support.

Positive

The initial setup is very easy.

The product is not that expensive for what it is offering, but it could be cheaper. Nowadays, all the vendors are increasing their prices. Suggesting the product to the customers will be easier if it is a little cheaper. The tool offers good attributes.

Palo Alto is also a good vendor. We chose to go with Check Point as well for our enterprise solution as distributors, and we suggest it to our customers.

I was an engineer for AT&T. I helped customers with configurations. The vendor is taking care of the user side of security with Check Point Harmony. It is a very good product. Check Point Harmony must provide administrators the ability to manage external programs remotely. Some customers want such features, and other vendors provide them. I would recommend the solution to others. The vendor has been investing a lot of money and effort to prevent zero-day attacks. Overall, I rate the tool a nine out of ten.

We use the solution for full-scale integration and end-to-end management at the organization. The Check Point NGFW implementation took place quite smoothly.

Check Point NGFW is the best in terms of comprehensive protection against network threats and security against malware and phishing attacks. It smoothly restricts these via anti-phishing algorithms.

Check Point NGFW source package covers all the bases - application control, NAT, DLP, routing, content awareness, VPN, desktop security, and much more.

It is scalable, provides end-to-end resolution and customized productive services like providing a complete solution for perimeter protection that
blocks the traffic based on an IP address or on applications
and content. This makes Check Point NGFW highly promising and makes it a complete solution.

Check Point NGFW is the best in terms of comprehensive protection against network threats, malware, and phishing and smoothly restricts these via anti-phishing algorithms.

The source package covers all the bases - application control, NAT, DLP, routing, content awareness, VPN, desktop security, et cetera.

It provides end-to-end resolution. It is a customized productive service and a complete solution for perimeter protection that blocks traffic based on IPs, applications, and content.

The most valuable services it provides are end-to-end resolution and perimeter protection; It blocks traffic based on IP address, applications, and content.

Check Point NGFW is best in terms of comprehensive protection against network threats, malware, and phishing. It has great anti-phishing algorithms.

They could improve by lowering prices. The source package is a bit more expensive than its competitors. 

We've had some downtime issues.

It could be more generalized and user-friendly in terms of its support portal for raising tickets. Ads management should all just be on a single click.

Overall Check Point NGFW is highly scalable and provides end-to-end resolution and a wide range of customized productive services with a huge community and team behind it.

I've used the solution for about 1.5 years or so.

I hadn't gone through any such solution earlier. I just tried in-built system solutions.

Check Point NGFW integration is quite smooth in terms of licensing. They are a bit more expensive, yet they are overall a strong product and a must-have for professionals.

No, I did not go through software review websites for recommendations and software services outlooks.

Check Point NGFW is highly scalable. It has a wide range of customized productive services with a huge community and team behind its technology.

We have deployed this software to provide comprehensive security beyond the Next Generation Firewall (NGFW). 

This software provides advanced analytics on any security measures that can have a great impact on our applications. 

It blocks malware attacks that can destroy data and leak confidential information to unauthorized parties. Check Point NGFW has helped the company to set up security policies that enhance the effective transfer of files and secure browsing strategies. There is improved prevention of external threats to data and increased production across the networking infrastructure.

Check Point NGFW has helped the company in the prevention of cyber attacks that could affect operations and slow down production. 

The intelligence reports from the real-time insights have helped members to avoid risks and plan efficiently for the future. 

Security threats that we used to experience before we deployed this product have been reduced, and the networking channels are ever safe. 

Sharing documents under secure infrastructure has increased the confidence of employees and enhanced faster implementation of tasks and projects.

The software provision of uncompromising security models across all the company applications has stimulated increased production. 

It has given the IT team full control and setup authority to scale down and deploy security to the most demanding platforms. 

The solution is safeguarding our financial databases and always has prevented fraud while giving employees peace of mind. 

The software has enabled us to come up with a unified dashboard that can monitor all accounting operations and investigate when there are security loopholes that can lead to data mismanagement.

The current features have a full set of security models that can protect any organization's information from ransomware attacks. 

When installed on Windows, the system with low storage space slows down. It is not compatible with all mobile devices and this may be unfair to some users. The next release can be more compatible with Windows and mobile devices for increased efficiency. 

I have experienced the best environment while working with this platform. All the data across the transactional records is ever secure under Check Point NGFW and I am proud of that great step ahead.

I've used the solution for nine months.

This platform is stable in the prevention of ransomware attacks.

I have been impressed by the performance of this software since we deployed it.

The customer support team has been always been responsive and interactive with our members.

Positive

I have not used a similar solution.

The setup was straightforward.

The deployment was done through the vendor team.

The current ROI is 35%.

The setup cost is good and the solution is affordable.

I evaluated other options. However, the company settled on Check Point NGFW due to its performance.

This is a great solution for many organizations that require stable data security.

We are using Firewall Intrusion Prevention and URL Filtering, and we just purchased the Endpoint Protection package for our workstations.

It is deployed on-premises. We have two Check Point systems in place. We have one that's between our business network and the outside world, and we also have one that's between our business network and our internal SCADA system.

We haven't updated to version 81, so we're still at version 80.

It has provided us with great protection from threats. I've been here 30 years, and we've had two incidents, and none of them were within the time we've used Check Point.

The console or the single interface on the blades is most valuable.

The only thing that we've seen is instances where console and administrative interfaces get locked up or freeze, and we have to get the machine rebooted.

I have been using this solution for probably 10 years.

I would rate it a nine out of 10 in terms of stability.

Its scalability is very good. Our entire force is about 190 people, and most of them use it at some point just because they are going out to the internet and have that protection for the workstations. 

It is being used extensively. Everyone is using it, and we do have plans to increase the functionality on the device.

They provide really good support. I would rate them a five out of five. 

I can't remember the product, but what we had initially was an entry-level device. It was a single-purpose firewall. We went up to an enterprise solution that had additional features.

It was pretty simple to transfer the old firewall configuration to the new one. So, it was pretty straightforward and easy. I would rate it a four out of five in terms of effortlessness.

It took over a month. We ran two systems. We built a new system for a couple of weeks before switching over completely.

We used a consultant. Our experience with them was very good.

For deployment and maintenance, we have five people on our staff. We have to do some maintenance on it. It's pretty much scheduled to rotate between us so that we keep our skills fresh.

We've not done an initial study on any kind of ROI. We rarely do. In positives, we try to perform a yearly risk assessment of our systems, and we find very few vulnerabilities. So, it is doing what it's supposed to. It is keeping us safe.

Its cost is a little higher than other products.

We evaluated other options, but I don't remember their names. We basically went to the consultant we deal with for security-related things and said, "What's out there? What do you recommend?" He gave us three and recommended that the Check Point was probably the lead one.

I would advise comparing it to the other products.

I would rate it a nine out of 10. It has served us very well and given us very few headaches.

We use the product as our main and only Firewall/Gateway/VPN Gateway. we are in the finance sector, and we need a very reliable and robust system. 

We rely heavily on the VPN system, as most of our employees are working outside the office at this time. 

We also have two appliances to improve reliability, we have internet access through two ISPs configured to work simultaneously. 

Our internal LAN is with duplicated network nodes that are double connected to our Check Point cluster. That way, we have full High Availability.

Before our purchase of Check Point products, we used an open-source product that lacked good integration between products and setting up to work was very tricky.

We use the Check Point mobile VPN, which is very stable and easy to use. It allows our employees to change their internal domain password when it becomes old, even when they are outside of the office for a long time. The VPN client can connect to our internal network even before the user is logged into his laptop. This allows users to receive GPO policy updates. 

The solution offers very good central management, which saves time and is hassle-free.

One of the most useful new feature is dynamic definitions. For example, if you need to allow all of the Microsoft Azure IP addresses, you can insert them dynamically and Check Point will update them for you. Without it, to find all IP addresses would be almost impossible.

You can create additional layers for the firewall rules. This allows better organization and performance of the product by skipping to the rules that are responsible for this group of protected devices.

There are some GUI features in Check Point's SmartConsole that are still from the old versions and are in separate/duplicated interfaces; it would be most useful if it is integrated and not on different menus.

We would like to have a better search engine on the checkpoint.com site. Right now, it is difficult to find, for example, a newer version of the Check Point VPN Mobile client. The search engine shows most visited sites and the newer version won't be the most recently viewed site page. As it is right now, you have to find the general VPN page form, and from there you have to look at what version of the product you need and then go to the page of the latest version.

We have been using this product for five years.

Check Point is very stable.

We haven't needed to expand our throughput capacity.
However, based on the Check Point documentation, it is hyperscale ready  capable of up to 475 Gbps of Threat Prevention.

It is very good. Our local representatives are very helpful.

Positive

We moved from a previous solution to Check Point as it is more reliable and easy to manage, and our old solution wasn't able to provide the level of security we desired.

We have had some problems understanding how to set up HA, however, we managed to do it. This was mainly due to the fact that we didn't have experience with Check Point products in the past.

We did everything in-house.

New users should know that the first year of support is included in the equipment. After that, you have to buy it.

We choose between Palo Alto and Checkpoint.

We like it. It works well.

This is the perimeter firewall and manages all security facing towards the internet,

It's a distributed solution composed of a Security Gateway and a Security Manager. It controls all the traffic from the LAN to the Internet and the VPN tunnels for connections with external partners. We control the traffic to the internet with blades as URL filtering to manage the bandwidth, limit the use of this resource, and apply the security policies as well as protect the LAN network against advanced threats from the internet to the servers and PCs. 

This solution applies NGFW features to the inside and outside traffic of the networks. The other options did not have sandboxing, reports, and the same advantages as Check Point.

We have a small firewall from another vendor. The solution is working with limitations, as it was designed with Check Point as a security solution for the perimeter with more security features for covering our network requirements and specifications and preventing advanced threats from the internet to our servers and PCs. 

The sandbox feature is great.

The Sandblast blade is a very powerful solution that works against archives infected with ransomware.

The anti-malware is quite effective as many applications can be infected with any kind of malware with the goal of interrupting the productivity of our work equipment.

The reporting is great.

With this solution, we have had many kinds of logs and a very friendly way to view them. Now can we know what is happening within the network's traffic.

The performance has been very good. 

This security solution has grown more options and has expanded slots, including RAM slots, Optical Fiber slots, and various other features.

The anti-spam needs improvement.

A weakness with the Check Point solutions is the anti-spam, as they have a partnership with some solutions for anti-spam. They should have their own solution. We have email provided through Office 365 and they have their own way to fight spam and, due to this, we haven't bothered looking into anti-spam options. That said, Check Point is the most adapted to our necessities.

I consider the price of this solution high. It is very good, however, the prices are high - it's like buying a car.

I've been using the solution since 2018.

We changed from an older solution as it worked for five years and was old. It wasn't equipped for the new generation threats.

The price should be considered, however, it shouldn't be the only reason you choose the solution, or not.

We also evaluated WatchGuard, Palo Alto, and FortiGate.

We use Check Point NGFW mainly for a perimeter firewall for ingress and egress traffic control, firewalling, but we also use a lot of other functions within the NGFW capability.

Check Point NGFW provides a bunch of different products or Blades, as they call it in Check Point. The firewall engine is what we use the most but we also use the IPS IDS and Anti-Bot features. The solution provides many features.

The management of memory in the hardware needs to improve. They have had a lot of issues with memory leakage.

I have been using Check Point NGFW for approximately 10 years.

The solution is mostly stable. However, we have these memory issues from time to time, that cripple the performance occasionally, but other than that, they are very stable.

The solution is scalable and it is easy to do.

Overall the technical support is very good. If we have an operational issue, they can sometimes be a bit slow in responding. Other than this, I have nothing to complain about.

I was not around when the implementation was completed but using my experience in these global scenarios, there's always complexity, there probably was some complexity involved.

Check Point NGFW requires security and OS patching, and life cycle management. Every three to five years you need to replace the hardware. We have a dedicated team that does the maintenance of the solution.

It's hard to say exactly how many people are involved in implementing and maintaining the solution because some of the work is outsourced, but I would say it's a team of approximately between 10 and 20 people.

When comparing the price of Check Point NGFW to other solutions it's difficult to compare because even though everything is included in the Fortinet price, there are large differences between the models. You need to go to a quite expensive Fortinet firewall to receive the same throughput and functionality as in a Check Point firewall. In the end, they are quite similar in price, Fortinet might be a bit cheaper.

I have used other solutions, such as Fortinet and Palo Alto.

I'm not sure that there are many differences between Check Point NGFW, Fortinet, and Palo Alto. I haven't used any Fortinet solutions myself, I'm not sure exactly how they work, but I would say that, from a management perspective, both of them are quite similar. Operational-wise, Check Point NGFW is a bit more stable and has a more mature operating system, at least the model that we are using. 

The only difference in functions is how they have branded the firewalls because, in Fortinet, you receive all the functionality for the same price as the firewall itself. Everything is included. However, with Check Point, you buy the hardware separately, and then you buy the different plates that you need and the different licenses for the functions that you need. It's a bit more complex license-wise with Check Point.

When you implement anything in an environment you need to have a good design to begin with, you do not want to have to rebuild it after you have implemented it. It is important to
be thorough in preparations and planning.

I would recommend this solution to others.

I rate Check Point NGFW an eight out of ten.