What is our primary use case?
We use this solution as a layer 3/4 firewall deploying access rules in our DMZ. We have more than six different centers with different service layers, a core of up to 500Gb per site, and other service centers providing security for all inbound and outbound connections.
VSX gives us the capacity to consolidate hardware in fewer devices, reducing the OPEX, and creating different VFWs to provide service to different environments or services.
Layer 7 features allow us to upgrade our security services. Activating the required features only requires upgrading the license.
How has it helped my organization?
This product has provided us the total control of our connections in our very bandwidth and session-intensive environment. It offers high capacity on NAT tables that, with other vendors, needed to use really huge devices to support.
We can control all of our international connections in a central point with a distributed cluster in a very easy way and with good performance.
The layer 7 features (AV, IPS, Web filtering, etc) and integrations with AWS provide us a clear point of management for future deployments on the cloud.
What is most valuable?
The packet inspection capabilities are great.
ARP protections based on interface works better than it does with other vendors.
There are new improvements related to the upgrade of the solution, making for the easiest upgrade/update procedures.
New features allow for concurrent use of the console in write mode between different users.
The exposed API allows us to automate a lot of actions in a very easy way.
The central console and log collector are basically the best central management consoles, and each day provides new useful features like counts, etc.
What needs improvement?
There are issues with stability in some specific versions.
The VPN is a little difficult to configure, and sometimes you need help from Check Point professional services.
There are some performance problems with the IPS when the FW is in a high load, but in general, it is working better than in previous versions.
The routing is configured on the gateway, so, you need to remember for migration purposes.
The virtual infrastructure of the central management requires a huge amount of resources to work properly and manage all the logs without problems.
For how long have I used the solution?
I have been using Check Point NGFW for more than 10 years.
What do I think about the stability of the solution?
In general, this is a very stable solution. We have had only one incident in the last few years that was with the size or the route tables in memory that finally it was discovered that was a bug in a specific version and was solved upgrading the devices to new firmware that solved the bug
What do I think about the scalability of the solution?
This product is very scalable. There are a lot of different virtual and physical devices to cover any requirement in terms of sessions, performance, etc.
How are customer service and technical support?
We are very happy with the support. They are very skilled engineers and always fast at analyzing and solving issues.
Which solution did I use previously and why did I switch?
We did you another solution, but we switched due to prices and solution stability.
How was the initial setup?
The initial setup is not more complex than other solutions.
What about the implementation team?
Was implemented using a third-party vendor.
What was our ROI?
Our ROI with this firewall is high.
What's my experience with pricing, setup cost, and licensing?
The vendor has a very flexible licensing approach.
Cost per Gb reduced and reduced OPEX compared with other vendors.
Which other solutions did I evaluate?
We evaluated Fortinet, Juniper, and Palo Alto.
What other advice do I have?
This is a complex solution and there are other vendors that are easier to manage, but it is perhaps the best solution regardless.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?