Check Point NGFW Reviews

I work for a systems integrator and have designed and deployed solutions over many years with Check Point components. Problems solved with Check Point NGFWs have included securing the edge, data center segregation, SWG replacement, Remote Access, and many others.

I have designed and installed Check Point deployments from a single SMB appliance to multiple highly available chassis, running numerous virtual systems. Numerous different use cases include appliance form-factors, running modules, and licenses.

I have always found that Check Point's fully integrated management provides significant improvements to organisations where I have deployed them. As management has always been integral in the Check Point deployment, all functionality and visibility is natively baked into the management platform, which provides a single point to configure and monitor every function. Alternative vendors have added centralized management functionality as a secondary feature and therefore have never been able to compete on this front.

Management integration is holistic as centralized management has been core to the solution for decades. Where other vendors have bolted management on over time, Check Point has always made it central to everything that they do.  

I find that this is one of the most significant and valuable features of Check Point. In addition to that, many new features that eventually become the standard across the industry end up being first introduced by Check Point - sometimes years ahead (such as Threat Extraction which allows active content to be stripped from files being downloaded and a "clean" copy to be provided in near real-time, while sandbox inspection is being performed).

Product-wise, I have no real complaints. 

Potential improvements could be made around simplifying VPN functionality and configuration.  

The main area that the organization can improve is around the lack of local, in-state technical support. Competitor vendors have a strong presence in the Adelaide Market, however, Check Point has always been limited with its commitment to staffing local technical resources. If this focus is made, I could see Check Point returning to the strength that it once had in the Adelaide market.

I've used the solution for 17 years.

I do like that this solution is a very robust firewall.

It's very stable. 

The product is well supported. The solution is very scalable. 

Technical support has been quite good. 

The only thing I would like to improve is the updates. Sometimes when they bring on new upgrades, they affect something else. That happens sometimes. For example, something that was working well might have a new issue after an update. It's understandable as they do have like to add innovations. When you are innovative, you face some risks. 

They have already announced that they will be adding SD-WAN as a new feature.

I've been using the solution for 18 years.

The solution is very stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. That said, I would like the latest version to be more stable.

The product is very scalable. You have very good options. For example, if you start with a smaller firewall and you want to upgrade to have newer hardware, they have different options. For example, you can run a script that is going to tell you the new appliances that you need, according to your new requirements according to your network consumption. 

It did launch Maestro about two years ago. Maestro is something that allows you to stack firewalls. If your current firewalls handle the traffic anymore, you can add new firewalls to it. 

If you want to change the firewall you can do these trade-ins. You can return the old firewall and they will give you a special discount. 

Technical support has been very helpful and responsive. We've been happy with the level of support they offer. 

The product is easy to set up. I am seasoned on Check Point. For me, it's very easy. I wouldn't say it's hard. 

I'd rate the solution at a ten out of ten.

It's an on-prem deployment where we use it to protect our client and end-users who are working with the internet, and to protect their servers from external access. They have about 100 users and two servers.

When we did not have SSO, we had problems related to attacks compromising our firewall. That has been mitigated. We have the traffic going through the firewall to the server, so those types of things have really improved. We are seeing less traffic going to the server. When there was direct access to it, there was more and more traffic going to our server. So it has improved our server performance.

My favorite feature is the UTM piece and that was the main reason we bought it. It helps us to fine tune the network. We use it to block certain websites, to block access to particular locations, such as in Singapore or say Malaysia, where we have offices. We keep the previous device updated and, based on that, we also have static MAC address binding.

We also use the VPN services. The VPN features are mostly for our cloud connectivity and for our remote users to have local server access.

When I was creating the VPN on it and the client side through the portal, that feature was very annoying. I could not use it. It was much more usable after downloading it to the laptop. That was very good compared to using it directly from the browser.

I have been using Check Point NGFW for almost two-and-a-half years.

It's a stable solution. In the time I have been using this product, I have hardly seen anything break.

In terms of scalability, they have products that can fit into the environment. It's a very scalable solution. For our requirements, it fits very well. You can go with whatever kind of setup you want: Active-Passive, Active-Active. Check Point is very easy. Their solution is ready for our market; it's very well suited. Wherever we want to go, Check Point can provide a solution.

Currently, we are using somewhere around 50 to 60 percent of the box's capacity.

Sometimes, when I have gotten stuck, I have reached out to support and it's okay. They have helped me very quickly.

We did not have a previous solution. We went directly with Check Point. We liked the features provided by Check Point and we went for it.

The setup is not complex. It's easy to deploy. The documentation provided is very good. Deployment takes me two to three days. The hardware takes one-and-a-half days and then I get all the features up and running.

We have a standard implementation strategy. We have a checklist. We plan it out. Then we go into the field for the deployment. We have one dedicated engineer for deployment, and I also check it on a regular basis. The two of us are also the ones who manage the solution.

We have to consider things, cost-wise, when we are expanding into other locations. We don't have the budget to use it in other platforms. We have some servers that we deploy in AWS and other locations. But instead of going with Check Point, we go with other vendors to fit into the budget.

Check Point is really costly. When it comes to the Indian market, where we are located, we always consider budget solutions. So this is an area where Check Point could use some improvement.

In addition to the standard fees, support is an added expense.

The biggest lesson learned from using this solution is in terms of security. It is a really good product. I don't think there is anything missing from the Check Point firewalls. The features provided by the company are very good and provide what we need.

It's a very good security product, as long as you have the budget. It provides modern security and the architecture Check Point provides is good. And the application side will really help any size of business to deal with traffic based on the application.

Check Point protects our environment from external threats. In particular, we use:

• Application Control for Internet access
• HTTPS Inspection for outgoing connections into the internet
• Separate the OT network from the normal data LANs
• SSL VPN for End Users - Check Point Mobile VPN Client is used on the end-user clients
• Site-to-Site VPN for connecting other companies to our environment

We are using two Check Point boxes in a ClusterXL Setup so that one appliance can die and the environment is not affected. We also use a cloud gateway for internet security on users, which are only connected to the internet (outside the office).

Check Point has improved our organization in the following ways:

• Provides for central management over all of the Check Point gateways
• Maintains a changelog that shows which users have made changes
• Version control allows us to roll back a ruleset after, for example, a misconfiguration
• Offers very granular application control
• Allows for various internet permissions for various users
• Gives us very good logging, which is nice for troubleshooting because you can instantly which rule is affected for each action
• The cloud gateway (Check Point Capsule Cloud) ensures that users are getting the same internet permissions as they would if inside the company, no matter which internet connection they are using

The most valuable feature is the centralized management, which gives us control over all of the Check Point gateways. This means that you do not need to connect to each gateway and make the necessary changes.

Cluster functionality, "ClusterXL", works like a charm. A rollover to the standby gateway does work with no noticeable delay in the network.

You can buy a Check Point appliance or install the Check Point NGFW as a VM on your own hardware.

The extremely wide function horizon covers almost every possible scenario.

The Performance on a policy install takes too long for my taste. This might be because, at each policy install, the management pushes the whole policy on the affected gateways.

Without any training, it is very hard to administrate the whole Check Point NGFW.

In our case, the main Check Point gateways are in a cluster configuration. Sadly, the management always shows the standby box as failed. This may be because it is set to STANDBY and not ACTIVE. It would be better to show the standby box as good.

I have been using Check Point NGFW for about five years.

Support is very customer-oriented and you are always in good hands.(customer wishes are often implemented in the next hotfix)

Most Support engineers are located in Israel. (Very good spoken english)

Very fast response from R&D Team

We were using SonicWall and switched because of EOL.

The pricing for Check Point depends on your environment.

Before choosing Check Point we evaluated Fortinet and a newer version of SonicWall.

We work with these firewalls for overall security, including content filtering.

High-capacity and high-capability devices help us to integrate with the cloud infrastructure as well as internet applications.

The most valuable feature is the URL filtering. 

It also gives us a single console for everything. Rather than having one device for URL filtering and a different device as a firewall, this gives us everything in one place.

It would help if they were easier to deploy, without needing more technical people. It would be nice if we could just give basic information, how to connect, and that would be all, while the rest of the setup could be done remotely.

I have been using Check Point NGFWs for six years.

They're pretty stable. I don't see any issues there.

Scalability means upgrading to newer, better hardware.

From an end-user perspective, everyone in our organization is using it, as it's a perimeter device. If they have to access the internet, they use this firewall to allow that access. We have about 4,000 end-users and about 200,000 concurrent connections.

Check Point's technical support is a seven out of 10. Sometimes it takes a lot of time to get the right people on TAC issues. And to buy time, they just use generic questions, which is really time-consuming and doesn't relate to the problem at all.

For the infrastructure in question, we have always used Check Point firewalls.

I have worked with Cisco ASA. Cisco is more CLI oriented, whereas Check Point is more GUI oriented. With the GUI, it's easier to manage and administrate it. If the configuration becomes bigger and bigger, it is really easy to see things in the GUI versus a CLI.

The advantage of the CLI is that you can create scripts and execute them. But the disadvantage is that they become so lengthy that it becomes very difficult to manage.

The initial setup is straightforward because it's a GUI interface. Even when it was upgraded, things didn't change in terms of the look and feel. It was still the same. There was no need to learn new things. It's easy for any administrator to learn new features.

On average, deployment takes one to two hours, including mounting and everything, from the physical work to moving the traffic there.

The issue is that we still need people to be onsite to do this because some tasks have to be done on the day. That means a technical person is required to do that work. We can't give it to any other person to do this because, until those particular steps are completed, things can't go any further.

We have six people, network admins, for deployment and maintenance because we have about 30 of firewalls.

We do it ourselves.

When we first started using them, we were just using them for basic functionality. Then we started using more features and introducing other components. For example, we had a different proxy server which we depended on. Once we got the Check Point, we could use the same device for multiple roles, which reduced the cost a lot. I would estimate our costs have been reduced by 30 percent.

If you use the features then it's cost-effective. Otherwise, it's expensive.

We use Check Point's firewall to provide network security to our organization as well as to other, third-party vendors.

The Check Point firewall is providing advanced-level security. Compared to before, our company is more secure now. It is not only securing the users working within the LAN environment, but also to the end-users or remote users in the company.

The most valuable features are its 

• antivirus
• threat detection
• central management system. 

The central management makes it easier, and is a time-saver, when implementing changes. We can do all the changes within Check Point and not use any third-party device.

The antivirus Check Point offers could be better when compared to competitors' firewalls. Updates should be more frequent. With other firewalls, updates are very frequent, but with Check Point updates are not so frequent. That needs to be improved.

Also, the certification as well as learning about this Check Point is much costlier when compared to the other firewalls. I have recently done certifications in various firewalls and Check Point's certification was more costly.

I have been using Check Point's NGFW for the last six years.

The Check Point firewall is very stable. It is one of the oldest firewalls in the market. It has all the advanced features, according to the security features we have. It's quite a stable firewall.

It is very good and scalable. We have recently expanded the usage of Check Point and it was not a very tough process to scale this firewall.

Right now it's protecting around 3,000-plus employees.

It has been a very good experience every time we call Check Point. We usually get them on a phone call and they are very informative people. They always provide us the solution.

We had another solution. We switched because Check Point gave us more advanced features and there was market demand for network security.

The initial setup was a little complex. The training from Check Point should be increased. It was a little complex, but with the help of their TAC and the help of other engineers, we installed it.

The deployment has taken about eight months. We have deployed it in a three-way architecture. We have installed a security gateway, an SMS (security management system) and we have installed the console.

We have a team of four people, all network engineers, for deployment and maintenance of the solution. We take care of all the firewalls for the organization, including Check Point's.

We had help from a Check Point integrator. It was a good experience. They were very helpful.

We are happy with our investment in Check Point's firewall. Per our standards, and for our environment, it is a very good firewall. It is protecting us well.

Pricing is a little high compared to competitive firewalls, but it is easy to go through the licensing steps.

We evaluated other options, including Cisco ASA. The difference was that Check Point provides advanced features, such as threat prevention and antivirus. Apart from those, it also provides us with IPS. Also, for Cisco ASA, we had to take extra services to install it, so we went for Check Point.

Make sure you get good training on Check Point's firewall, and it would be good if you have working experience on the device.

Using Check Point, I have learned that we need to serve our remote users as well, and Check Point is a firewall which is capable of doing that.

We use this solution for our perimeter firewall to protect our web applications, systems, and network. We are running our complete business with Check Point.

The complete traffic is managed by Check Point. The Check Point threat emulation blade is enabled to protect zero-day attacks and it will detect and prevent attachments and other payloads from this type of attack.

We have been running Check Point for the last ten years and it protected our network, systems, and applications against the latest attack. Our organization is running 500 applications that are being protected.

The next-generation firewall will manage all of the traffic and prevent the latest & advanced threats from attackers. The latest operating systems R 80.20 is wonderfully designed and allows customers to manage everything with a single console.

The most valuable feature is that we are protected against zero-day threats.

Everything can be managed from a single console.

We would like to see the following improvements:

1. Multiple ISP redundancy.
2. CPU utilization.
3. VPN traffic.
4. HA concept, where if we apply the policy in the primary appliance that should be applied to HA appliance automatically.
5. The number of bugs has to be reduced.
6. The number of false positives should be reduced. 
7. Threat emulation has to be improved.
   
8. Reporting has to be improved.

I have been using Check Point Next Generation Firewall for ten years.

We are happy with Check Point technology and support.

Both IN and OUT traffic is managed by Check Point. We are happy with Check Point technology including the protection, management, and the ability to secure the enterprise network against advanced threats.