What is our primary use case?
The role NGFW plays is to protect the organization against Layer 7 network attacks.
The solution has helped us to guard our perimeter security on a wider level. This is not like plain vanilla firewall. We have got a wider visibility with the help of this next-generation firewall; it shows us the traffic flowing across the network and based upon that, we have made the modifications required to restrict access.
Also, the active cluster module has helped us to balance the load during peak hours. Since moving to the active-active module, we have got the much-needed breathing space.
How has it helped my organization?
It has helped us to inspect traffic, not only with a limited protocol base but on the application/service level inspection too.
The service base access policy has provided us with a next-level restriction, which wasn't there on old school firewalls.
The integrated threat & anti-bot blade gives us protection from zero-day attacks and these can be blocked using analysis & signature matching.
The integrated intrusion prevention blade not only gives an additional level of security but also cuts down the load to manage an extra device.
What is most valuable?
The threat emulation blade and user identity awareness feature has helped us a lot in terms of perimeter security and have given us granular visibility of user access.
The integration with third-party vendors is quite easy and well defined, which really helps you with the automation.
The integration of gateways with a centralized managed server gives you full control in a single place.
The setup and implementation are quite easy and the logs and reports are elaborative and effective for securing the network.
What needs improvement?
The one area that I would like to see a change in is policy installation. Right now, with a larger user database and a high number of rules, it takes a bit of time for policy installation. There is definitely some improvement in the R80 version; however, I believe that it should not take more than one minute to refresh the database. Also, there is a significant spike in gateway resource utilization during policy installation.
The additional blades have an impact on resource utilization, hence scope of improvement is needed here too.
For how long have I used the solution?
I am using Check Point NGFW for the past five to six years for perimeter & internal security.
What do I think about the stability of the solution?
The solution is quite stable, however some issues also observed in new version release & same is fixed through hotfix/portfix once it is highlighted to the TAC
What do I think about the scalability of the solution?
The new hyperscale module gives you the much-needed breathing space, which the industry was looking at for quite a long time.
How are customer service and technical support?
When it comes to technical support, Check Point is on another level. The support engineers are very well versed with the solution they are managing.
How was the initial setup?
The initial setup & integration was quite easy, and the support during migration was outstanding.
What about the implementation team?
It was a collaborative effort of our in-house and vendor teams. The support was good & quite appreciable.
What was our ROI?
It's good & the same as expected.
Which deployment model are you using for this solution?