Check Point NGFW Overview
What is Check Point NGFW?
Offered via the Check Point Infinity architecture, Check Point’s NGFW includes 23 Firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance. Learn More about Next Generation Firewall and What is Firewall?
Check Point NGFW is also known as Check Point NG Firewall, Check Point Next Generation Firewall.
Check Point NGFW Buyer's Guide
Download the Check Point NGFW Buyer's Guide including reviews and more. Updated: January 2021
Check Point NGFW Customers
Control Southern, Optimal Media
Check Point NGFW Video
What users are saying about Check Point NGFW pricing:
- "It can be expensive, but it's value for money. What you pay for is what you get."
- "You get licensing bundles, so depending on which features you want to activate, your license is going to be more expensive. Some things, like Threat Extraction and Threat Emulation, require subscriptions."
- "There are three types of licensing: Threat Prevention, NGTP, and Next Generation Threat Extraction. Before, it used to be you would just enable the license of whatever blade you wanted to buy. Nowadays, Threat Prevention would be sufficient for most clients, so I would think people would go for the NGTP, license which includes all the blades."
- "We had to get separate licenses for the different blades. It would be nice to have a feature where we can get the multiple licenses all-in-one instead."
- "The pricing of Check Point is fair when compared to others."
- "One of the main reasons that we went with Check Point is that they provide a good solution for a firewall but at an affordable price. As a state agency, we can't afford a Cisco FirePOWER. It's just out of our budget to be able to pay for something where licensing and hardware are so expensive. Check Point has really met our needs for a budget-friendly solution."
Check Point NGFW Reviews
- Highest Rating
- Lowest Rating
- Review Length
Showingreviews based on the current filters.
Principle Network and Security Consultant at a comms service provider with 10,001+ employees
Sep 17, 2020
Central architecture means we can see an end-to-end picture of attacks
What is our primary use case?I support multiple clients within the UK, the EMEA region, the US, and now in Asia Pacific as well. I specialize in Check Point firewalls. I design and secure their data centers, their on-premises solutions, or their businesses security. The firewalls are mostly on-premise because most of our clients are financial organizations and they have strict compliance requirements. They feel more secure and have more control when things are on-premise in the data center. However, there are use cases where I have helped them to deploy Check Point solutions in the cloud: AWS, Azure, and in Google as… more »
Pros and Cons
- "Check Point definitely has a great architecture, where you can just enable the software blades and deploy a secure service. Overall, it provides ease of deployment and ease of use."
- "The area it needs improvement is the SandBlast Agent. It receives a file, or if it detects a Zero-day attack, it takes the file and analyzes it, either on-premise or in the Check Point Cloud, and then it reports back whether the file is secure or non-secure, or is unknown. That particular area definitely needs a bit more improvement, because there is a delay... where it needs improvement is where [SandBlast is] an appliance-based solution rather than a software or cloud-based solution."
What other advice do I have?If you're looking to implement Check Point as a security solution, definitely do your homework. Do some research, not just in terms of firewalls, but overall security architecture. Which ones are the leaders in the field? Which ones are there to deliver what they promise? And overall, how does the architecture work? Is it secure or not? And does it come from a team that understands how to support the solution itself? Are they consistent? Look at their track record for the past 10 or 15 years, or are they a new player? If they are, you don't know whether they're going to stay in the game or…
Senior Engineer Security at a computer software company with 201-500 employees
Sep 8, 2020
Gives users more confidence online because the gateway is going to help them out where needed
What is our primary use case?For the SMB appliances, the use case is tricky because I don't actually like them too much. If you have a very small branch office, you could use one of them, but in that case I would just go for the lowest version of the full GAiA models. But for small locations that are not that important, it is possible to use one of the SMB appliances, the 1400 or 1500 series. The full GAiA models, starting with the 3200 and up to the chassis, are the ones we work with the most, and you can use them in almost every environment that you want to secure, from Layer 4 to Layer 7. The only reason to go higher… more »
Pros and Cons
- "The feature I like the most is their central management, the Smart controller which you can use to manage all the firewalls from one location... Being able to access almost everything in one location — manage all your gateways and get all your logs — for me, is the best feature to work with."
- "The biggest improvement they could make is having one software to install on all three levels of their products, so that the SMBs, the normal models, and the chassis would all run the same software. Now, while there is central management, everything that has to be configured on the gateway itself works differently on the three kinds of devices."
What other advice do I have?Make sure you have a good partner doing Check Point work for you because, as a direct client, it's very hard to get the necessary skills in-house, unless you're a very big company. Contact Check Point and ask them which partner they recommend and go that route. Don't try to do it yourself. The firewall is too complex to set up and maintain yourself, without the assistance of people who do it every day. Learn and get experience with it. Don't be overwhelmed. When you start with it all the features and all the tips and tricks that you need to know to maintain it, it can be overwhelming. Like I…
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
456,495 professionals have used our research since 2012.
Senior IT Manager at a mining and metals company with 501-1,000 employees
Oct 9, 2020
Offers a lot of flexibility and packet inspections have been a strong point
What is our primary use case?Our primary use cases for Check Point NGFW are for perimeter security and content filtering for browsing behavior.
Pros and Cons
- "The packet inspections have been a strong point. Our identity collectors have also been helpful. In many ways, Check Point has been a step up from our SonicWalls that we had in-house before that. There's a lot of additional flexibility that we didn't have before."
- "The VPN setup could be simplified. We had to engage professional services for that. That's not a problem, but compared to other products we've used, it was a little more complex."
What other advice do I have?My advice would be to look hard at premium support options. Know what your tolerances are, and if you expect fairly quick turnaround on support incidents, go ahead and invest that money in support. Definitely take advantages of pro services, buy a block of hours, whether that's 10 hours or 20 hours, and use that to fill in the knowledge gaps, especially during deployment. If you rely on standard support during setup, depending on how complex your environment is, you may be frustrated. We did well doing what I recommended here. We bought two rounds of pro services (20 hours). I don't want to…
Network and Security Specialist at a tech services company with 51-200 employees
Oct 4, 2020
Very cost-effective solution that helps companies get through audits
What is our primary use case?In my previous company, one of the clients was a big chocolate company. They had this payment card infrastructure (PCI), where they needed to have auditors from PCI check the firewalls to see if everything was okay. So, they had web-based authentication. I'm working with the 5800, 5600, and 5200 models. I work with the UTMs as well. These are physical appliances as well as open servers.
Pros and Cons
- "I love the interface of R.80.30. The R.80 interface is very nicely thought out with everything in one place, which makes Check Point easier to use."
- "The naming in the inline layers and ordered layers needs improvement. It makes things very complicated. I've seen quite a lot of people saying that. For audit policies, it is okay since it's very simple to see. However, this area is for very large organizations, which have too many policies, and they need to share all these policies. For small to medium-sized businesses, they don't need it. Even if somebody has 500 rules, if they try to use it, it can be very confusing."
What other advice do I have?This is not day-to-day firewall work, where maybe a node can do it. If you get into a trouble, you can't actually involve Check Point support all the time, especially when you won't get a response. You need to employ people who are certified. Check Point has a lot to sink in, and it's not an easy thing. You might just expose your environment, even after spending a lot of money. It is future-proof. I would rate this solution as a nine out of 10.
Network Administrator at a financial services firm with 5,001-10,000 employees
Real UserTop 20
Sep 9, 2020
Enabled us to virtualize multiple firewalls on one machine
What is our primary use case?We use it for VSX virtualization and we use it for normal firewall functions as well as NAT. And we use it for VPN. We don't use a mobile client, we just use the VPN for mobile users.
Pros and Cons
- "The most valuable feature for us is the VSX, the virtualization."
- "The VPN part was actually one of the most complex parts for us. It was not easy for us to switch from Cisco, because of one particular part of the integration: connecting the Check Point device to an Entrust server. Entrust is a solution that provides two-factor authentication. We got around it by using another server, a solution called RADIUS."
What other advice do I have?I would recommend going into Check Point solutions. Although Check Point has the option of implementing your firewall on a server, I would advise implementing it on a perimeter device because servers have latency. So deploy it on a dedicated device. Carry out a survey to find out if the device can handle the kind of workload you need to put through it. Also, make it a redundant solution, apart from the Management Server, which can be just one device. Although I should note that up until now, we have not had anything like that.
Technical Support Engineer at AlgoSec
Sep 9, 2020
The Anti-Spoofing feature won't allow any spoofed IP addresses coming from an external interface
What is our primary use case?I had 3200 appliances deployed in my company where we had two CMSs. We had multiple VSXs on those appliances due to the main firewall that we had on the VLAN. We also had an external firewall on the VLAN, which were used to monitor and allow the traffic within the network. That is how we were using it. They have a new R81 in place. Currently, they also have R75 deployed in the environment, but they are planning to upgrade to R80.20 because that particular firewall has very high CPU utilization and there is no more support for R75.
Pros and Cons
- "The Anti-Spoofing has the ability to monitor the interfaces. Suppose any spoofed IP addresses are coming from an external interface, it won't allow them. It will drop that traffic. You have two options with the Anti-Spoofing: prevent or detect. If any kind of spoof traffic is coming through the external interface, we can prevent that."
- "For the user or anyone else who is using Check Point, they are more into the GUI stuff. Check Point has its SmartConsole. On the console, you have to log into the MDS or CMS. Then, from there, you have to go onto that particular firewall and put in the changes. If the management console could be integrated onto the GUI itself, that would be one thing that I would recommend."
What other advice do I have?Anyone who is new to Check Point Firewalls should have the basic understanding and training so it becomes easy to deploy and implement. You can go onto YouTube and find various training videos regarding Check Point, where you can get a basic understanding of the Check Point Firewall. I would rate this solution as an eight out of 10.
SmartLog gives our team a very intuitive way of searching logs and seeing events
What is our primary use case?The primary use is to segregate the environment internally to create a lab environment and a production environment, for example. We also use them to protect the company from the internet and when going to the internet; to protect the perimeter of the company. We use them to create a VPN with customers and clients, and with the other companies that belong to the group. We work with 1200s, 1500s, 4000s, and 5000s.
Pros and Cons
- "The most valuable features are the security blades and the ease of managing the policies, searching log for events, and correlating them."
- "Debugging is very complex when compared to Fortinet, for example. That's the worst thing about Check Point. The deployment of the solution is harder than it is with the competitors. But after you've deployed it, the operation is easy."
What other advice do I have?If the person implementing it doesn't have much experience in how the solution works, with the Manager and connecting the firewall to it, and using the SmartConsole, they should try to go through the CCSA materials for Check Point certification. Check Point is easy to work with on a daily basis. Sometimes we get new people working here and they can add rules straight away on the policies and push policies. But if they need to deploy a firewall and they are not used to Check Point and how it works and the components, it's not that straightforward. With competitors like Fortinet, you just have…
Network & Systems Administrator I at DMH
Real UserTop 20
Sep 6, 2020
Simple to navigate, making it easy to identify and fix issues and minimize downtime
What is our primary use case?We use several of the blades. We use it for regular access control, but we also use the application control. We use HTTPS inspection and threat prevention. We use the Mobile Access blades as well IPS. We have a Smart-1 205 as our management server and for the gateway we've got 3200s.
Pros and Cons
- "The simplicity of the access control is the most valuable feature for us. It gives us the ability to easily identify traffic that is either being allowed or denied to our network."
- "I would like there to be a way to run packet captures more easily in the GUI environment. Right now, if we want to read packet captures, we have to do so from the command line."
What other advice do I have?Do your research and look into cloud solutions. Check Point offers many cloud services, and that's where everything's moving, towards the future. Research the different appliances and solutions that Check Point offers and find out what works best for your particular situation. The biggest lesson I have learned from using Check Point's firewalls is not to be afraid to call for help. There are times where I may be trying to figure something out myself, when in all reality, all I need to do is call Check Point customer support. They'll explain to me why something is configured a certain way, or…
See 51 more Check Point NGFW Reviews
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.
- Which is the best network firewall for a small retailer?
- When evaluating Firewalls, what aspect do you think is the most important to look for?
- If you could go back, would you change your decision to buy that firewall and why?
- What is the best way to prevent DoppelPaymer Ransomware?
- Can you recommend a solution to replace Cyberoam 200ing Firewall?
- Best firewall models for 750 to 1000 users
- Which lesser known firewall product has the best chance at unseating the market leaders?
- What are the threats associated with using ‘bogus’ cybersecurity tools?
- Comparing network security vendors and devices
- What's the difference between Firewall and NAT Traversals?