Check Point NGFW Reviews

We use this product for providing perimeter security, as well as advanced threat protection capabilities to critical infrastructure. The solution is expected to deliver high-performance throughput for voluminous traffic continuously. 

We are using these gateways for multiple functionalities such as:

• Perimeter Gateways
• Anti - APT (Advanced Persistent Threat)
• Anti Malware / Anti Virus
• SSL Inspection
• Network Intrusion Prevention System
• Private Threat Cloud

All of our solutions are expected to run in high availability and have good resiliency. 

Check Point NGFW is the first perimeter security solution used in our environment and it is able to deliver the expected results. Specifically, it supports high-performance throughput for voluminous traffic.

The vendor has proven capability of identifying known threats, which can be seen while managing the firewall. The OEM has identified a roadmap in line with the emerging threat landscape and evolves the product to counter these threats. 

The central management console has helped with segregation, where planned interventions with management consoles do not have any impact on production or critical business traffic.

Next-Generation Threat Prevention capabilities provide security in a high-traffic load, ensuring detection and prevention of known threats by AME, AV, and Sandblast technologies. 

We are also using the system to create VPN gateways for our multiple partners and we haven't faced any issues with them.

 Check Point gateways are a stable product that can run without any issues until a major upgrade or vulnerability mitigation is required.

The support has been reasonable and they were able to minimize the impact during critical incidents.

There is a scope of improvement in detecting zero-day threats using the SandBlast technology, by introducing emulation of Linux-based operating systems. We have also observed issues while using the products with SSL decryption.

There is room for improvement in application-based filtering, as with other firewalls available in the market today. Check Point has improved its application filtering capabilities in the recent past and their latest version, R80, is more capable but still, creating an application-based filter policy is a little cumbersome. 

We have been using the Check Point NGFW for the past four years.

This solution is very much stable and does not require frequent changes in architecture. The patch frequency is limited, which reduces the downtime requirements.

This NGFW is very much scalable; however, I am not sure about other components such as PTC, etc.

Technical support is a mixed experience. Most of the time, issues are handled well in a timely manner but some issues have lingered for a very long time, causing multiple iterations.

We did not use another similar solution prior to this one.

As we use a lot of components from Check Point, the setup was a little complex in terms of deployment and traffic handling.

We had assistance from the vendor's professional services team to ensure smooth deployment. It was a green field project so the deployment was easy. The team deployed on implementation had expertise with the solution.

The ROI for security is the confidence that the solution is able to deliver the expected outcome. This includes stability, Threat Prevention capabilities, Granular policies, etc.

Licensing is pretty straightforward and is based on the blades available, such as NGFW, NGTP, and NGTX. Generally speaking, the pricing is in line with other players in the industry.

We evaluated products by Fortinet and Palo Alto.

In summary, this is a good solution that is stable, and I recommend it.

We have two clusters. We are using them as both perimeter firewalls and data center firewalls.

In the past few years, we encountered attempted attacks on our company and we succeeded in finding that we were those attacks, or that some user or workstation was communicating with malicious sites. Without the Check Point Next Generation Firewall, we wouldn't have had the tools to identify these things and to remediate the problems.

A firewall is a firewall. It's a Layer 4 machine that blocks or allows traffic for ports. That's the basics and we don't need a next-generation firewall for that. But the features that are important include:

• IPS
• sandbox
• SandBlast
• Anti-Bot
• URL filtering.

A basic firewall is a basic firewall. You don't need Check Point and you don't need Palo Alto or the other vendors to block ports from source to destination. But we need the advanced features of this product to give us the visibility into, and the security and protection from, scenarios that are not the usual source-to-destination attacks. The solution needs to understand what the connection is, what the behavior of the connection is, and what the reason for the connection is. It can't be a stupid machine. It needs to know that if you're allowing port 53 from source to destination, that it has to check and give us the information that this communication is legitimate, and not something that is malicious.

We just upgraded to the latest software version of Check Point so we have a lot of new stuff to learn. The older version had a little bit of a problem with identity awareness and with HTTPS inspection with the visibility of the logs, and the implementing of rules. But as far as I can see now, with the new version, most of the problems were fixed.

In terms of new features, maybe it would help if we could start to manage all the stuff in the cloud and not in the on-prem servers. The management side could also be faster when you install policies. But other than that, I'm satisfied.

I've used Check Point NGFW firewalls for more than eight years.

In all the time I've been using Check Point there have been no major issues or problems. It's a very stable environment and a very stable solution, in my experience.

We have around 600 to 700 endpoints, workstations, points of sale, and mobile devices. We also have about 200 servers, a WiFi environment, and a networking environment that is not small. We have implemented it 100 percent but, because of the Coronavirus, the company itself is not 100 percent capacity.

For now, we have implemented everything that we wanted and the firewalls are working 100 percent. There are no plans in the near future to grow. Of course, if everything goes back to normal, maybe we will grow.

There are no problems for us in terms of scalability because we're not working at full capacity. We designed the new solution to give us the resources that meet our needs for the moment and for the future. There is no problem with scalability and we can add new firewalls, or replace what we have with bigger firewalls. Everything is okay in terms of scalability from our side.

We continue using our partner for resolving problems and doing the changes that we need. That is the way that most vendors are working. First of all you need a partner and then the partner will open up a case with Check Point.

But one of the best things about working with Check Point, especially here in Israel, is that there is a direct line to the support, because we have such a good relationship with them, to speed things up.

The support is fast, professional, and thorough. Those are the most important things when you have a problem. If we need to call for support from either our partner or Check Point, we get a quick response and, usually, a fast resolution of the problem.

We migrated from Check Point to Check Point

It was really pretty straight forward because we upgraded from an older Check Point product. The installation and the assimilation of the new firewall was very quick with almost no downtime and almost no problems.

We deployed four firewalls in two clusters and, all in all, it took about one day of work; half a day for each side. That includes the installation, the configuration, and the exporting of the configuration from the old system and, of course, all the fixes and patches.

On our side there was one person involved in the initial setup, just to make sure that everything was going okay and, after the installation, to do all the checks and verify that everything was working fine and as needed.

We deployed it with the help of a partner, called Spider Solutions, here in Israel. Our experience with them was good. The technician that came here to install the firewalls was professional and thorough. Everything went according to plan, with no issues.

The whole initial setup was done by the partner and our role was more oversight to see that everything was okay and to give the information that was needed to proceed.

The pricing in this category is a jungle, but Check Point was very competitive. They were very forthcoming and agile for our budget needs.

I have checked a few other vendors and solutions but, in the end, Check Point is the best candidate for our organization. That's true technology-wise and because of the support. Because Check Point is an Israeli company, it's very easy to get help very fast. We speak the same language and that helps as well. Doing support in Hebrew is very helpful for us. 

Other vendors were either more expensive or, to get some of the features, we would have had to upgrade to a bigger, stronger, and more expensive machine. But with Check Point, that wasn't the case.

Check this solution and see how it fits with your organization. See how easily you can manage and control the environment. The visibility and the management provided by the product is one of the most important things, other than the security features that the product has. And check the sizing carefully. Check that the machines you're going to buy are sufficient for your current needs and the future needs of your organization.

Check Point is a very good solution. My primary use case is as a perimeter firewall. I never use Check Point's IPS. I always work with another IPS, in a different appliance. I always use the firewall modem as a firewall.

We have good support from Check Point. They always send us information about new products, new technologies, and new attacks worldwide. We are looking for endpoint protection and Check Point is one of the brands that could provide that technology to us.

The most valuable feature of Check Point is the management console. Another feature that is most valuable for me is that the configuration is easier than other firewalls.

I would like for them to develop the ability to manage a cloud firewall with the same console. That would be very helpful.

Another thing I would like to see improved is that when I start policies in Check Point's console, it takes a few minutes. It could be better and faster.

We never had an outage of the appliances or the consoles. Stability is very strong. I never had a problem related to stability.

Scalability is good. Since four years ago, we have been increasing the number of users and the traffic. The solution is working well and working with our progress.

I always work with a partner so the partner is in contact with Check Point. Their response is very fast. In all of the cases, it's very fast.

We switched because it is a good product and because of the cloud support. We are moving to the cloud step by step and the cloud support is important. If another company has better cloud support it may be a factor that would influence my company to switch to another solution. 

Important criteria that we look at when choosing a solution is the local experience and the local support. That it is very important. 

I wasn't there for the initial setup but from what I heard, it was straightforward. 

We looked at Cisco vs Fortinet. We chose Check Point because of the cost benefit that this product offers.

I would rate this solution an eight. It's a good solution. The management is easy. The console is very practical but in order to be a ten, it should be faster.

I would advise someone considering this or a similar solution to prove the solution before choosing the final vendor. Prove that it will be very helpful for you.

We use this solution for the VPN, from site-to-site and remote.

We also use it for advanced IPS, IDS, malware protection, and the sandbox. The sandboxing functionality is one of the best features.

All of the features are very valuable, but the most valuable features are the sandboxing and the advanced IPS/IDS.

The web filtering and CLI commands need to be improved. 

The CLI command is very difficult to deploy. 

If you are an engineer and considering configuring through the command line, you can't. The command line is very difficult to use, which is one of the biggest drawbacks of this solution.

The initial setup could be simplified.

Technical support is another big drawback and needs to be improved.

In the next release, there should be improvements made to the sandboxing functionality.

It's a very reliable solution. There are no issues with the stability of it.

Currently, Check Point NGFW is the most scalable firewall on the market.

We have more than 500 users in our organization.

We will continue to use this solution and we plan to increase the sandboxing feature, which is the best feature of Check Point.

The technical support is not good, which is the biggest drawback to Check Point. They will never compare to Cisco. Cisco's technical support is the best.

I have also used Cisco, which is more expensive but the support is better.

The initial setup was very complex.

It can take 20 to 30 days to deploy to the network.

It is less expensive than Palo Alto.

Licensing is on a yearly basis and I am happy with the pricing.

I also considered the Palo Alto Next-Generation Firewall. I evaluated this solution and compared the price.

We chose Check Point because the price for Palo Alto is very high.

If you are looking for deep security and have a good budget for security and firewalling then I would recommend Check Point, as it will meet the requirements.

Every product has its drawbacks and advantages, but I am very happy with this solution. In my opinion, this is the best firewall in the market at the current time.

I would rate this solution a ten out of ten.

In my company, we use the Check Point NG Firewall solution to secure the perimeter and user network. We use IPS/IDS, deep packet inspection, and VPN. We have implemented routing rules based on the destination of the traffic, and the performance of the global solution is satisfactory.

We use the solution, too, as the firewall in a core node, which is very important to the business. It secures the network equipment and service integrity.

We are delighted with the powerful management console and diagnostic tools.

The Check Point Next Generation Firewall has improved the performance of our network, bringing the IT administrator a lot of information and data to make decisions about security, vulnerability, strengths, and weaknesses in our deployed projects.

It provides a lot of information to help better understand our users. Now we feel more confident with our network and know what happens on it, as well as what kind of traffic we have.

In addition, we have many reports that include data to help with decision-making and information about how the solution reduces cost and risk.

The most valuable feature in my opinion is the powerful deep packet inspection engine. This engine provides me with a great capacity to control the traffic generated by my users and provides our company with a very real vision of the use that users make of the network.

The reporting capability is very important as we are able to show the company management the benefits and the return on investment, in terms of securing our network.

The number of physical network ports on the device should be increased to allow for greater capacity.

Another point of improvement would be to continue improving the integration line with our current NAC solution in order to exchange more attributes and increase the granularity of the implemented policies.

We have been using the Check Point NGFW for three years.

Compared to other similar solutions on the market, this product is quite complete.

In my opinion, this solution is already quite complete with respect to our requirements.

I'm a consultant and Check Point partner. I have deployed a lot of Check Point firewalls and support Check Point firewalls for our customers. Our customer environments are different. I deployed standalone, cluster, and two-layer firewalls. 

One of our customers has over 200 branch offices which were protected by Check Point SMB appliances. All these appliances are managed by CheckPoint SmartProvisioning. 

This customer has one cluster Check Point which secures server segments and one cluster Check Point which secures client segments.

Check Point firewall products include a lot of modules. Application Control, IPS, email security, mobile access, content awareness, URL filtering, antivirus, antibot, and DLP. Check Point meets our customer requirements at the perimeter with an all-in-one solution. 

For example, the IPS blade prevents attacks with updated signatures. URL filtering policy control customers users' internet activity. Antivirus and antibot blade controls malicious activity and files. Mobile access blades give customers to access their sites from anywhere securely.

There are a lot of features that I found valuable for our customers. 

For example, active-active and active-standby high availability features are very useful. 

If you want to share traffic loads to both cluster members you can use the active-active feature, if you don't want to share traffic loads you can prefer active standby. Your connections sync on both cluster members at both high availability choices. That way, your connections are never lost. 

Another valuable feature is performance improvement ability. With ClusterXL and CoreXL you can improve performance.

Check Point should add additional management choices. For example, Check Point doesn't fully have management support via browser. You need to use Check Point's SmartConsole for management. SmartConsole is .exe and it is supported only on the MS Windows platform. If you are using Linux or a Mac you can not manage Check Point. You should be able to use a virtual PC whose OS is Windows inside the Linux or MAC. Check Point states that this is a decision made for security reasons, however, certain management features can be done through the browser, yet not fully.

I have been using the Check Point firewall for about 20 years.

Check Point support center is very professional.

Positive

We did not use a different solution previously.

After buying the firewall, you can use Check Point for a lifetime, however, it is a subscription base for content security features.

We also evaluated Fortinet and Cisco.

If you are looking for a firewall appliance that has a lot of security features, easy installation, and configuration, Check Point firewall products are the best for you.

The environment in which it was deployed is a financial institution that requires high availability, confidentiality, and integrity of information within the supporting infrastructure. The NGFW is used specifically for the VPN, firewalling and it also serves as virtual patching in the event of zero-day vulnerabilities that are very common within some well know client desktop computers and servers.

Initially, I was using the Cisco ASA5500 series firewall. I never believed there could be better firewall devices in terms of ease of setup and management. The NGFW from Check Point has increased my confidence in terms of performance and ease of configuration with its intuitive interface. It supports the VPN configuration without any unnecessary latency and packet dropping.                                                                                                                              

It blocks over 97% of threats!                                          

VPN, firewalling, and virtual patching are the most valuable aspects for me. The NGFW is so effective that I can go to sleep and vacation. Check Point products rarely have vulnerabilities that put the whole organization at risk, unlike some other firewall products.

The VPN tunnels are very effective in terms of stability and quick connection.

Virtual patching is useful as a workaround for zero-day vulnerabilities.                           

It offers excellent filtering of URLs.

The interface can be more user-friendly in terms of the design and location of critical and commonly used icons.

They could add a web user Interface.

I have been using the Check Point NGFW since 2018 when it was deployed in my company.

The stability is awesome and it puts me in a no-worries mood!

The scalability is awesome.

Technical support is friendly and awesome.

Positive

I did use Cisco ASA. The administration was grueling coupled with some nefarious vulnerabilities and the cost of ownership.

The initial deployment was demanding due to my network architecture, not because of the product.

The implementation was done through a vendor.

We've seen ROI at 6 months to 1 year.

However, the ROI was realized within weeks of deployment.

The solution is reasonably priced relative to some other brands.

We did not evaluate other options.

It is the best amongst the rest.

The user interface is very good.

The level of security is excellent. It protects our organization well.

It's a good overall product and we have a high level of satisfaction with the features on offer. 

Technical support could be improved. It's hit or miss in terms of the level of service and getting the answers you need.

I've been using the solution for ten years. 

We have hundreds of users that use the solution currently within our company.

We aren't 100% satisfied with technical support. Sometimes you get the help you need and sometimes you don't. Sometimes it's absolutely amazing. Sometimes they're great. However, you can't rely on them being like that all the time. We'd like the service level to be more reliable.

I can't speak to the installation process, as it was handled by an outside firm.

We had an integrator that assisted us with the implementation. 

I'm a customer and an end-user.

I would recommend the solution to other organizations especially if the company is looking for a certain level of security.

I'd rate the solution at an eight out of ten.