Check Point NGFW Reviews

Check Point is currently our perimeter firewall at various locations. We use their failover clustering with high availability option, which performs flawlessly. Upgrades are easy to perform and have always worked reliably for us. Technical support is always available to assist with these operations, which makes the process less stressful to the admins. 

We are also using their ISP Redundancy feature, which works as advertised - perfectly! It's easy to implement, especially with the awesome documentation from our engineer. We also use their Remote Access VPN offering and have really seen its value this past year, due to COVID-19. The VPN has been 100% rock solid, especially during the most critical times in our history.

As mentioned in the primary use case question, ISP Redundancy and VPN are the two primary use cases. When the pandemic hit, a sudden shift to a remote workforce was a major requirement for us, and we needed a reliable and stable firewall. Implementing ISP Redundancy helped ensure that, as well as having a tried and tested VPN solution. Upgrades have occurred during this time and manually planned failovers as well; every upgrade and test went smoothly and without issue. The last thing we could afford is an outage.

They offer very scalable solutions to extend compute resources if needed so initial sizing isn't too much of an issue as you can easily add more resources if needed. Reliability is a major factor in any hardware or software solution, and Check Point uses leading-edge hardware, and their software upgrade process is flexible for various deployment requirements. 

Policy configuration has been consistent over the years, so there is not much of a learning curve as upgrades are released. 

Their threat analysis reporting from their management console is very comprehensive and easy to use. Their web-based dashboard is well designed and offers many out-of-the-box reporting, and provides admins extensive customizations.

The pricing is on the high end, specifically with the software licensing, although they are flexible on some levels, and offer hardware buyback options when upgrading. 

The software licensing model is too complicated with all the various tiers of SKUs (i.e. per software blade). They need to simplify this for easier purchasing and renewing. 

Customer support is not always as responsive with solutions as you might need. They do provide on-the-spot assistance when upgrading, which is great. However, there are times when an issue is reported and it may take a week or two before a solution is provided.

We have been using Check Point firewalls for 20+ years. We originally used the Nokia hardware platform, which was not technically NGFW at the time, however, the OS and its configuration have maintained some similarities over the years. It keeps getting better every release.

Lately, stability is 100% reliable. Earlier generation firewalls were a bit unreliable, however, as Check Point acquired third-party hardware. For example, their Nokia acquired security appliances had a firmware that worked, until they started to modify the firmware (IPSO 6.0 was solid, but problems started with our upgrade to R75), then it became less stable; frequent crashes, settings not saving, high availability issues, frequent reboots required.  Eventually, we upgraded to their NGFW offerings.  Their newer hardware, and firmware R77.x was released, and we have been stable ever since.  Upgrades to R80.x have been flawless, HA works as expected, and we have had zero performance issues.

They are very scalable. If you need more computing resources, adding more hardware is easily done.

Customer support is not always as responsive to finding solutions as you might need. They do provide on-the-spot assistance when upgrading, which is great. However, there are times when an issue is reported and it may take a week or two before a solution is provided.

Positive

We have always used Check Point.

Setup was very straightforward and easy. We did have the assistance of our Check Point engineer, which is just awesome.

We implemented through Check Point directly.

I do not measure ROI financially, although personally speaking, we have definitely gotten back every dollar we've spent by having reliable and secure infrastructure.

The setup cost is not a challenge at all. Check Point engineers work directly with you throughout the whole process. The pricing is high, for the hardware and software, although discounts are negotiable. The software blade licensing is broken down into many flavors, depending on your needs. It is very a la carte and provides various product offerings, including endpoint management, VPN, disk encryption, etc.

We did review a few competitors during a possible migration plan. The proof of concept did not yield better results, so we stayed with Check Point. We reviewed Cisco, Palo Alto, and SonicWall.

If you don't need/use their a la carte software blades (FDE, Ransomware, etc.) you can always add on later. They are very accommodating with trial licensing to test in a proof of concept way. If you already have other third-party products that perform those functions, you can bundle Check Point's and save a bit of money consolidating them.

We needed to replace our external firewall solution as we were having issues with the HTTPS inspection on our previous solution and the level of support being provided was terrible, leaving us with an issue that could not be fixed for over six months. 

We had already deployed a new internal firewall solution but needed something that would protect that from external factors. We also needed a new solution to replace our client VPN solution. The Check Point solution gave us that as one whole solution instead of having to manage multiple services.

Our policy is to deny all outbound traffic unless we allow it, which can generate a lot of work to build a rule base that allows everything we need to get out. 

This solution has made managing connections out to the web much better due to the categorisation and app control that is available. Being able to say certain apps and services are allowed out, instead of finding all the relevant IPs, has massively reduced the workload. The ability to manage the Client VPN and relevant rules for that in the same location has also improved the way we work. Having links into AD for group membership recognition and having rules based around this has been very useful in improving the way remote users can access the network.

Logging has been excellent. Being able to see all logs from all the various firewalls at different sites in one window has made fault finding much easier. We can see how the traffic is moving through the sites and on which firewall. 

It has also been easy to see machines that may have had infections as we can report easily on devices trying to talk out to sites and services that are known to be dangerous. We have these set up as an HA pair on our main site and we have a lot of audio and video services that go out over the web. 

The failover from one device to the other has been seamless and we find that we do not lose ongoing SIP calls or Teams chats. 

The functionality of the S2S VPN service has been temperamental for us at times and is not always simple to manage or check the state of. 

We find the GUI to be wrong and the CLI doesn't always show all of the connections. 

From a general usability point of view, if you have not used Check Point before, the learning curve is steep. Perhaps managing and configuring the devices could be streamlined for people with less experience so that they can pick it up quicker. There needs to be extra wizards for the out-of-the-box builds.

I've used the solution for six months.

On the firewall side and content filtering side of the solution, it has been faultless. There has been no real downtime to note and the access to the web via relevant rules has always worked as expected.

We have a fairly small setup in the grand scheme of things, however, from what we have seen, the ability to add in new firewalls or increase the hardware spec seems very good and it would be easy to transition from older to newer hardware when the time comes.

Due to the support model we signed up for, we don't deal directly with Check Point support. We deal with the vendor first and they will deal with any 1st/2nd and even most 3rd priority issues. They would then go to Check Point if they need more assistance on our behalf. The level of support and responsiveness of their support has been excellent. We're always getting at least a response within a few hours, even on a P3/P4 issue.

Positive

We did have another solution, but due to an issue with the HTTPS inspection that the manufacturer was not able to properly rectify or fix for 6 months, we lost faith in their ability to provide adequate support going forward for any issues we might come across. 

The setup was complex due to the nature of the Check Point firewalls and us having to make some config setup in one portal and others on the CLI. We also had to arrange the rule base via the management console. There could be 3 different places you need to make various changes. We also used private microwave links as redundancy for VPN connections and that had caused significant issues in getting set up as the link selection did not cooperate at first.

We implemented via a vendor and I have to say their level of expertise was brilliant. Every question we threw at them, they were able to provide an answer to. 

It was not the cheapest solution to go for, but the amount of admin time that has been saved by the use of Check Point firewalls has definitely given us a great return, giving us more time to work on other aspects of our network. Also, being able to consolidate 2 solutions (Firewall and Client VPN) into one solution has saved more money and admin time. 

We found that Check Point was very flexible with its pricing. We were looking at a spec of hardware in other solutions. We found that Check Point did not have a direct competitor, but to help with the bid, they managed to reduce the costs of their higher-spec hardware to make it competitive with the other solutions we were looking at. It's not our fault they did not produce the hardware of a similar spec. It's up to them to try and provide a solution that would make it a competitive solution. 

We looked at several other solutions in including Palo Alto at the top of the market and Sophos XG further down.

I would say as good as the solution is, if you are looking to get the most out of it, you should look to get a company or consultant who knows the Check Point solution inside out to assist with the setup. We found a partner who specialized in Check Point and we would not have been able to get it to the stage we have without them.

We use this solution as a layer 3/4 firewall deploying access rules in our DMZ. We have more than six different centers with different service layers, a core of up to 500Gb per site, and other service centers providing security for all inbound and outbound connections.

VSX gives us the capacity to consolidate hardware in fewer devices, reducing the OPEX, and creating different VFWs to provide service to different environments or services.

Layer 7 features allow us to upgrade our security services. Activating the required features only requires upgrading the license.

This product has provided us the total control of our connections in our very bandwidth and session-intensive environment. It offers high capacity on NAT tables that, with other vendors, needed to use really huge devices to support.

We can control all of our international connections in a central point with a distributed cluster in a very easy way and with good performance.

The layer 7 features (AV, IPS, Web filtering, etc) and integrations with AWS provide us a clear point of management for future deployments on the cloud.

The packet inspection capabilities are great.

ARP protections based on interface works better than it does with other vendors.

There are new improvements related to the upgrade of the solution, making for the easiest upgrade/update procedures.

New features allow for concurrent use of the console in write mode between different users.

The exposed API allows us to automate a lot of actions in a very easy way.

The central console and log collector are basically the best central management consoles, and each day provides new useful features like counts, etc.

There are issues with stability in some specific versions.

The VPN is a little difficult to configure, and sometimes you need help from Check Point professional services.

There are some performance problems with the IPS when the FW is in a high load, but in general, it is working better than in previous versions.

The routing is configured on the gateway, so, you need to remember for migration purposes.

The virtual infrastructure of the central management requires a huge amount of resources to work properly and manage all the logs without problems.

I have been using Check Point NGFW for more than 10 years.

In general, this is a very stable solution. We have had only one incident in the last few years that was with the size or the route tables in memory that finally it was discovered that was a bug in a specific version and was solved upgrading the devices to new firmware that solved the bug

This product is very scalable. There are a lot of different virtual and physical devices to cover any requirement in terms of sessions, performance, etc.

We are very happy with the support. They are very skilled engineers and always fast at analyzing and solving issues.

We did you another solution, but we switched due to prices and solution stability.

The initial setup is not more complex than other solutions.

Was implemented using a third-party vendor.

Our ROI with this firewall is high.

The vendor has a very flexible licensing approach.

Cost per Gb reduced and reduced OPEX compared with other vendors.

We evaluated Fortinet, Juniper, and Palo Alto.

This is a complex solution and there are other vendors that are easier to manage, but it is perhaps the best solution regardless.

I have been using this solution since the GAIA OS R77 was there. I am using it for my day to day access such as policy creation, policy modification, and also regularly policy disabling and deletion. I have 17K+ users in my organization, 100 + client to site VPN and I have a number of S2S as well. My daily job is health checkup, security log monitoring and incident management, daily IPS checks, threat presentation reports and to analyze the risk and take necessary action on that as well.

It secures my organization. With the application blade, I can make security as application based and the custom application is also very useful. With identity awareness blades we get insights on our local users who are accessing/passing through the respective rule as users.  We also use the DLP, IPS, and VPN features. We have multiple site to sites with our clients and it is very easy to configure and manage.

IPS helps with security against upcoming and unknown threats and activities. We regularly check the report and as per daily report we will check the risk and prevent each alert that is critical based on our business requirement and make it secure.

IPSec VPN is also our key feature as our organization having widely customer across globe so it is very good feature to us to connect and run our business with them very smoothly and softly. 

The unknown category has been a pain point. We cannot understand this category and the Check Point engineers are also stuck with it. If we enable HTTPS inspection then without this category my URL will stop working. This has a huge impact on my business. We are still running without HTTPS inspection even in a monitoring mode.

Our SAM rule is also not working to block the IP address which we don't allow in our organization so we have to create a traditional rule base block which is a time-consuming job for me and my team.

I am using this solution for four years.

This is widely scalable solution.

I would say not much exp and not lower, average technical support. We are struggling in most of the cases.

Very easy.

In-house team and technical support team.

I would say it's complete ROI for us.

Setup is easy, in my short tenure I have done multiple migrations and have set up our new organization. For cost and pricing, I don't have an idea.

This is a very good and best solution as a perimeter device for NGFW.

I am currently working with Check Point Firewall because most of your customers have it deployed in their networks. Recently, we were involved in a significant firewall micro-implementation for one of our customers. We created configuration templates, specifically for routing and setting up bond interfaces within CheckPoint. These interfaces are similar to Cisco's port channels, where multiple physical interfaces are bound into one. 

I primarily work on the network side, so my expertise lies in configuring and working with firewalls. I have experience in firewall policies and know how to configure them within Check Point, including blocking URLs and specific website categories. However, I acknowledge that there's room for improvement, particularly in areas related to application-level control within the firewall. While I can't pinpoint a specific area for improvement, I am trying to enhance my skills and knowledge in various aspects of firewall management.

I have been using Check Point NGFW for the last 12 months.

During a project where I was working with a customer deploying Maestro in their network, we encountered an issue related to multicast traffic. Check Point's expert team suggested that we install a package called Jumbo Hotfix inside the Check Point, which resolved the problem. Overall, despite this issue, Check Point NGFW is a stable product with minimal encountered bugs.

Check Point is a stable product, but when compared to other vendors like Palo Alto and Fortinet, I'd recommend going with Palo Alto. Palo Alto is a more stable and robust firewall solution than Check Point.

The deployment of Check Point was straightforward. In the Azure cloud environment, it took approximately thirteen minutes to complete the deployment, while on-premises, the initial setup was relatively easy and not complicated. I have deployed Check Point both on-premises and in the Azure cloud. The deployment in Azure took place around four months ago for a customer's proof of concept (POC). The primary reason for this deployment was to address the customer's VPN subnet limitations with Azure VPN. I suggested that moving to a cloud-based CheckPoint solution would provide better VPN connections without IP subnet limitations. In the Azure deployment, I created a hub and VPN and deployed two CheckPoint instances, not just one. To manage these instances, I used a load balancer within the Azure network.

Regarding firewalls, my role primarily involves designing and deploying them, then handing over the management to the operations team. While I find the deployment process relatively easy, the issues the operations team faces later on can impact my perspective. I'd rate Check Point a 7 out of 10. The ease of deployment is a plus, but we've encountered some problems with Check Point, particularly related to documentation. Compared to vendors like Cisco and Juniper, the quality and comprehensiveness of the documentation could be improved.

The implementation of Check Point firewalls has been a transformative experience for our organization. It has significantly improved our cybersecurity posture, enabling us to detect and prevent threats more effectively, streamline management, and stay agile in the face of evolving security challenges. 

With Check Point, we are not just securing our data, we are also protecting our brand and reputation. The value they bring to our organization is immeasurable, making them an essential component of our overall cybersecurity strategy.

In today's ever-evolving digital landscape, cybersecurity is paramount for any organization. For our company, the implementation of Check Point firewalls has proven to be a pivotal moment in our ongoing quest to bolster our cybersecurity defenses. These firewalls have not only improved our security measures but have also positively impacted our overall business operations.

In our industry, adhering to stringent compliance regulations is paramount. Check Point firewalls help us ensure compliance with industry-specific regulations and standards, such as HIPAA, GDPR, or PCI DSS. This compliance assurance has eased the audit process and instilled trust among our clients.

Check Point firewalls have significantly improved our ability to detect and prevent threats. The robust threat intelligence capabilities, coupled with real-time monitoring, have allowed us to swiftly respond to potential security breaches. As a result, we have experienced a noticeable decrease in security incidents and data breaches, which ultimately translates into cost savings and a bolstered reputation.

As our organization grows, so does the volume of data we need to protect. Check Point firewalls have proved scalable and can handle increased traffic and the addition of new services without compromising performance. This scalability ensures that our security measures are always aligned with our business growth.

One of the standout features of Check Point firewalls is their user-friendly management interface. This intuitive platform has streamlined firewall management, making it accessible to both our in-house IT team and non-technical staff. This has resulted in a more efficient use of resources and time, allowing our IT personnel to focus on other critical tasks.

The product needs comprehensive reporting and analytics capabilities to help organizations gain insights into their security posture and demonstrate compliance to stakeholders.

It requires enhanced automation tools for regulatory compliance to ease the burden of compliance reporting and auditing.

The solution needs to tighten security by facilitating easy integration with MFA solutions to enhance user authentication.

It needs to integrate automation and orchestration capabilities to streamline incident response and automate routine security tasks, reducing the workload on security teams.

As containerization and microservices become more prevalent, it needs to provide security solutions that protect these modern application architectures effectively. Features like runtime protection and security scanning for containers can be beneficial.

I've used the solution for almost five years now.

Check Point firewalls are quite robust and resilient.

Check Point firewalls have proved scalable and can handle increased traffic and the addition of new services without compromising performance.

The technical support is recommended. I'd give them an A++++.

Positive

I did not previously use a different solution. 

The initial setup was straightforward.

We deployed the solution using Check Point's PS Support. Their team is highly experienced and professional.

It's worth the cost.

Initially, the cost of the investment might seem high compared to other vendors. However, in the long run, it might prove to be economical and cost-efficient.

I also evaluated Fortinet and Cisco ASA.

We use the solution as a perimeter firewall. We also use it for endpoint security and VPN.

The product is very user-friendly. The configuration can be managed and customized as required. We can customize the tool for each stakeholder.

It will be good if the product is rack-mounted. The product must be updated to protect users from the latest firewall threats.

I have been using the solution for almost six years.

The tool is very stable.

The tool is easily scalable. Almost 2000 people are using the product in my organization.

The support is good.

Positive

We also work with other vendors. Check Point is as good as its competitors, but its cost is a bit higher.

The initial setup is very easy. One firewall engineer can deploy the product within a few hours. It is very easy to maintain the tool. We need only one person to maintain it.

The tool is a bit expensive. The product’s operational cost is very high. We pay a yearly licensing fee. We also pay for support.

Check Point is the most user-friendly solution. It can be configured quickly. Overall, I rate the product an eight out of ten.

We have multiple customers that use this product.  Integrated logging is the best around.  

It's clear and does the job it's supposed to do.  

We typically install this as the network edges and encourage our customers to have one at each location. Some prefer to backhall the smaller sites to the main branch where it handles all the inspection and rules.  

We also set up multifactor SSL VPN solutions at the main location which allows visibility into remote worker traffic. Overall, it's used mostly by small to medium businesses.

We have been able to sell this product for a long time as it's highly rated and has a deep feature set. We have probably sold millions of dollars worth of Check Point products over the years.  

When the customer comes to us wanting the most protection we typically suggest Check Point first. Our engineers enjoy being able to quickly deploy a solution and have the familiarity with the product to be able to troubleshoot it quickly once it's deployed. For the most part, we train our customers to be able to manage it themselves.

Mostly the logging features of the Check Point NGFW are the most valuable.  Being able to search in clear text is simple for the customer and for troubleshooting an environment. 

I also like that you can get trial licenses for just about every product solution.  This allows us to suggest a feature, implement it, and then show the customer that it has value. We tend to retain the customer on that product for the long term once it has been deployed and they are able to see what it's doing to protect them.

The only thing holding it back is the price. It's too expensive for mid-market companies. There are other platforms that have emerged that have a similar feature set, however, are more difficult to deploy. This is really only a problem for the engineers as the customer doesn't care how many hours the engineer has to put in to make it work in their environment. If the Check Point product came in at a lower price point it would make it easier for the customer to see the value in cost, thus making it easier for us to sell.

I've used the solution for seven years.

It has been the most stable for a long time.  That track record is something that you can show the customer. 

The product is highly scalable especially if you integrate the orchestration solution. 

Support is hit or miss lately. They have lost too many good reps to other companies. 

Positive

We have used other solutions, however, we continue to use Check Point NGFW.

The initial setup is simple once you have the appropriate infrastructure setup.  Once Check Point gets away from the central management solution and allows for on-box management it will make small businesses happier. 

I am part of the vendor team. We do a good job implementing it, although sometimes it takes too much time to deploy a product. 

We tell the customer that the ROI is the protection they are receiving and the stability of the product.  

We tell customers truthfully it's the best product, however, it has the highest cost and you'll pay for each license.  

We are always evaluating other solutions for our customers. Palo Alto and Fortigate are the top two others at the moment.

They just need to get the pricing down or do a better job of bundling the licensing.