What is our primary use case?
The purpose of using the firewall is to protect the users from the external network, internet. Apart from that, we have set up IPsec tunnels between two different sites, and for internal usage, between two different zones, we use these firewalls as well.
Our environment consists of a 3-tier architecture, which is recommended by Check Point. We use the central management system to manage our 3-tier architecture, and we use the Smart Console as well.
How has it helped my organization?
This solution has improved the way our organization functions in multiple ways. For example, during the pandemic situation, things completely shifted. People who are working from the office are now working from home, and it is our responsibility, as network security engineers, to monitor the home users. We do not want them to access any blacklisted sites and we want to make sure that they are protected from threats and risks from the internet.
With the Office Mode VPN, it would not be possible to manage work from home because the security would not be in place. We have more granular security options with this firewall.
What is most valuable?
There are many useful features including the Office VPN, which provides us with a seamless connection for users who are working remotely. This is helpful for our employees that are working from home, as they get the same office environment as if they were on-premises. It is also helpful for us as an organization because we have good control and visibility over their data, including network traffic packets.
What needs improvement?
There are two major areas that need to be improved.
The study material for Check Point needs to be improved, as well as the cost for certification. One of my friends recently completed the certification and it was costlier than other firewall security certificates.
The reports are generally good but there is not much control. We would like to have more filters. Essentially, we want more granular reporting.
For how long have I used the solution?
I have been using Check Point NGFW since 2018.
What do I think about the stability of the solution?
There are no issues with stability that we have found. It is a good brand, and it is one of the oldest and finest firewalls on the market right now.
What do I think about the scalability of the solution?
Scalability is not a problem. It has both UI and CLI-based options to configure it, and it is not difficult to extend or scale. We have between four and six deployments and we plan to continue using it in the future. As we are growing, we will continue to expand its usage.
We have about 12 people working directly with Check Point NGFW. There are approximately 4,000 users who are indirectly using it, as their traffic passes through the firewall. It is used by the entire organization.
How are customer service and technical support?
We have support available from the Check Point TAC team. Our experience with them has been pretty good. We haven't had any issues or problems communicating with them or getting a solution from them.
Which solution did I use previously and why did I switch?
Prior to Check Point, we were using Cisco ASA.
The problem with Cisco ASA is that it is a purely CLl-based firewall. Check Point is not only UI and CLI-based, but it is also a next-generation firewall. It has many different and more advanced features, compared to Cisco ASA.
For example, in Cisco ASA, we can use only two gateways in active-active mode, but with this product, we can use five gateways at a time. Another difference is that the Cisco ASA policy configuration options are not as granular as Check Point.
How was the initial setup?
The initial setup process was very straightforward.
Our deployment took between seven and eight months, which included replacing our Cisco ASA firewall. It began with the planning, then implementation, followed by validation, and then we replaced the existing firewall. It would have been a little complex for us, but we did it all in a very straightforward manner.
What about the implementation team?
We have a very good in-house engineering team that does the setup and configuration. We did not require any third-party assistance because we have had full training on it.
Our deployment included seven or eight people who were working in different shifts. Similarly, we have three to four network security engineers working in shifts who maintain it. This includes things like dealing with tickets for updating policies.
What was our ROI?
We are happy with the return that we are getting from this firewall.
Rather than money, this product is saving the security of our organization. This is the first thing that we were looking for, before deploying this firewall in our organization. We know that ASA is cheaper than Check Point, but our concentration was making the environment more secure.
Cost-wise, it is more expensive than Cisco ASA, but the returns include better security and more granular options. We are happy with that. We were not looking to save money but rather, providing a safer environment for our users.
What's my experience with pricing, setup cost, and licensing?
The price of this product is not too costly and you do not need to pay for all of the features. It is more expensive than Cisco ASA, yet cheaper than a similar product by Palo Alto. The cost varies, depending on the service. For example, we have opted for Geo Protection, which is something that costs extra, but we wanted that feature.
Which other solutions did I evaluate?
We did not evaluate other options. We only compared the differences between our existing Cisco ASA implementation and Check Point.
What other advice do I have?
The biggest lesson that I have learned from using this product is that the TAC team is very knowledgeable and supportive. If I want to understand something or if I have doubts, then usually clear it up and make sure that I understand the logic. I have learned a lot from them.
This is a product that is rich in features and my advice for anybody who is deploying it for the first time is to learn about them in advance. It is a little bit different than a CLI-based firewall and I recommend learning about all of the features before deploying it.
At this point, we are happy with the results that we are getting from Check Point, and are not looking to replace it. It works as we were expecting before it was deployed.
I would rate this solution a ten out of ten.
Which deployment model are you using for this solution?
Which version of this solution are you currently using?