What is our primary use case?
Our branch offices and customer sites require Internet access for the on-site staff and remote access capabilities for after-hours and remote support.
The Check Point firewalls allow us to provide site-to-site VPN, client VPN, web/app filtering, and IPS functionalities.
Client VPN is leveraged by site staff due to the majority of our sites requiring 24-hour support and also allows centralized teams to remotely assist with multiple sites globally.
We also use these at locations to provide security when our stand-alone network requires connectivity to the customer's network.
How has it helped my organization?
Check Point's solution is both affordable and easy to manage for the small business applications that we utilize them for. Due to the great pricing and support, we can afford to deploy the firewalls in a high-availability solution providing greater uptime and less worry.
The price point of their equipment also means that we can often purchase a more robust solution compared to some competitors and Check Point's inclusion of more advanced features, such as IPS, by default, is a great selling point.
What is most valuable?
We greatly appreciate the ease of configuring firewall policy ACL rules and how the seamless integration with VPN users and user groups provides the ability to granularly restrict access. The uncomplicated configuration ensures that mistakes are avoided and rules are easily audited.
Having the ability to set an expiration date for remote access VPN users simplifies the process and increases security by ensuring that stale accounts and not forgotten.
In general, we find that CheckPoint offers a great balance between ease of use and configurability.
What needs improvement?
The one thing I have been continually asking for is a more robust certification process including self-paced study material similar to Cisco's Security certification track. Not everyone can afford the time and money to attend the official in-person classes offered by Check Point. Even if someone was not interested in fully pursuing a certification, offering certification guides is often a method that IT professionals follow in order to learn about a specific topic and keep for reference.
An area that I sometimes find lacking is the information provided by the system when performing troubleshooting issues such as site-to-site VPN tunnels. The logs provide general information regarding what is happening but often, it leaves you wanting additional details. This also ties back into the lack of training and knowledge required to utilize the more advanced features of the command line.
For how long have I used the solution?
We have been using Check Point NGFW for more than five years.
What do I think about the stability of the solution?
We have never had a device or software failure in the more than five years that we have been using Check Point devices. To date, we are extremely happy with the performance.
How are customer service and technical support?
The few times that we required customer service, they have been extremely helpful and knowledgeable. I would rate them on par with the other top-tier companies.
Which solution did I use previously and why did I switch?
We previously utilized Cisco firewalls but the cost structure of the hardware, licensing, and support became prohibitive. Check Point offered a more robust solution at an affordable price point.
How was the initial setup?
The initial setup was extremely quick and easy, and the deployment time for a new site is often under a day.
What's my experience with pricing, setup cost, and licensing?
The price point and licensing was the main factor in moving away from Cisco and migrating all of our sites to Check Point. They offered more features for a lower cost than competitors, and the licensing model was easy to understand.
Which other solutions did I evaluate?
We evaluated NGFWs from Cisco, Palo Alto, and Fortinet in addition to the Check Point.
Which deployment model are you using for this solution?
Which version of this solution are you currently using?
700 and 1500 Series Firewalls