Check Point NGFW Pros and Cons

Check Point NGFW Pros

Pushkin Sawhney
Principle Network and Security Consultant at a comms service provider with 10,001+ employees
Check Point definitely has a great architecture, where you can just enable the software blades and deploy a secure service. Overall, it provides ease of deployment and ease of use.
View full review »
Steve Vandegaer
Senior Engineer Security at a computer software company with 201-500 employees
The feature I like the most is their central management, the Smart controller which you can use to manage all the firewalls from one location... Being able to access almost everything in one location — manage all your gateways and get all your logs — for me, is the best feature to work with.
View full review »
BrianFischer
Senior IT Manager at a mining and metals company with 501-1,000 employees
The packet inspections have been a strong point. Our identity collectors have also been helpful. In many ways, Check Point has been a step up from our SonicWalls that we had in-house before that. There's a lot of additional flexibility that we didn't have before.
View full review »
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
442,517 professionals have used our research since 2012.
reviewer1425090
Network and Security Specialist at a tech services company with 51-200 employees
I love the interface of R.80.30. The R.80 interface is very nicely thought out with everything in one place, which makes Check Point easier to use.
View full review »
Ifeanyi Onyiaodike
Network Administrator at a financial services firm with 5,001-10,000 employees
The most valuable feature for us is the VSX, the virtualization.
View full review »
AnkurSingh
Technical Support Engineer at AlgoSec
The Anti-Spoofing has the ability to monitor the interfaces. Suppose any spoofed IP addresses are coming from an external interface, it won't allow them. It will drop that traffic. You have two options with the Anti-Spoofing: prevent or detect. If any kind of spoof traffic is coming through the external interface, we can prevent that.
View full review »
reviewer1098015
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
The most valuable features are the security blades and the ease of managing the policies, searching log for events, and correlating them.
View full review »
Matt Millen
Network & Systems Administrator I at DMH
The simplicity of the access control is the most valuable feature for us. It gives us the ability to easily identify traffic that is either being allowed or denied to our network.
View full review »
reviewer1404666
Security Team Leader at a aerospace/defense firm with 10,001+ employees
The management platform and the dashboard, the graphical user interface, is one of the best, if not the best, in the business. It's the most intuitive and it's really user-friendly in day-to-day operations.
View full review »
reviewer1402668
Security and Platforms Engineer at a K-12 educational company or school with 201-500 employees
The Check Point API let me make 100 net rules in just 10 minutes, which saved us time.
View full review »

Check Point NGFW Cons

Pushkin Sawhney
Principle Network and Security Consultant at a comms service provider with 10,001+ employees
The area it needs improvement is the SandBlast Agent. It receives a file, or if it detects a Zero-day attack, it takes the file and analyzes it, either on-premise or in the Check Point Cloud, and then it reports back whether the file is secure or non-secure, or is unknown. That particular area definitely needs a bit more improvement, because there is a delay... where it needs improvement is where [SandBlast is] an appliance-based solution rather than a software or cloud-based solution.
View full review »
Steve Vandegaer
Senior Engineer Security at a computer software company with 201-500 employees
The biggest improvement they could make is having one software to install on all three levels of their products, so that the SMBs, the normal models, and the chassis would all run the same software. Now, while there is central management, everything that has to be configured on the gateway itself works differently on the three kinds of devices.
View full review »
BrianFischer
Senior IT Manager at a mining and metals company with 501-1,000 employees
The VPN setup could be simplified. We had to engage professional services for that. That's not a problem, but compared to other products we've used, it was a little more complex.
View full review »
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
442,517 professionals have used our research since 2012.
reviewer1425090
Network and Security Specialist at a tech services company with 51-200 employees
The naming in the inline layers and ordered layers needs improvement. It makes things very complicated. I've seen quite a lot of people saying that. For audit policies, it is okay since it's very simple to see. However, this area is for very large organizations, which have too many policies, and they need to share all these policies. For small to medium-sized businesses, they don't need it. Even if somebody has 500 rules, if they try to use it, it can be very confusing.
View full review »
Ifeanyi Onyiaodike
Network Administrator at a financial services firm with 5,001-10,000 employees
The VPN part was actually one of the most complex parts for us. It was not easy for us to switch from Cisco, because of one particular part of the integration: connecting the Check Point device to an Entrust server. Entrust is a solution that provides two-factor authentication. We got around it by using another server, a solution called RADIUS.
View full review »
AnkurSingh
Technical Support Engineer at AlgoSec
For the user or anyone else who is using Check Point, they are more into the GUI stuff. Check Point has its SmartConsole. On the console, you have to log into the MDS or CMS. Then, from there, you have to go onto that particular firewall and put in the changes. If the management console could be integrated onto the GUI itself, that would be one thing that I would recommend.
View full review »
reviewer1098015
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees
Debugging is very complex when compared to Fortinet, for example. That's the worst thing about Check Point. The deployment of the solution is harder than it is with the competitors. But after you've deployed it, the operation is easy.
View full review »
Matt Millen
Network & Systems Administrator I at DMH
I would like there to be a way to run packet captures more easily in the GUI environment. Right now, if we want to read packet captures, we have to do so from the command line.
View full review »
reviewer1404666
Security Team Leader at a aerospace/defense firm with 10,001+ employees
One of my issues with Check Point is the stability. There have been too many bugs, over the years, when I compare them with other vendors. Their QA team should do better work before releasing their GA versions.
View full review »
reviewer1402668
Security and Platforms Engineer at a K-12 educational company or school with 201-500 employees
I would rate the technical support as a seven out of 10. Sometimes, it's difficult to get them to understand what the issue is. Sometimes, the issue is not resolved, then we solve it by ourselves with Check Point's documentation, which can be useful. When you open a case with Check Point, they can be a little slow. Sometimes, they don't solve things.
View full review »
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
442,517 professionals have used our research since 2012.