We just raised a $30M Series A: Read our story
NO
System Engineer at Infosys
Vendor
User-friendly with a great Smart Console and easy management capabilities

Pros and Cons

  • "Everything is easily managed through their Smart Console dashboard. It's a very easy-to-understand dashboard that provides a detailed view."
  • "While not being cheap, their pricing models are competitive. In the pricing structure, however, they need improvement."

What is our primary use case?

The Check Point firewall is a reliable perimeter security product. Check Point gives me access to explore various security features in a single box (loaded with all features that an organization needs most). 

I can say I have been using it for one year and getting a grip on it and I will always try to implement it wherever it is required. 

When it comes to Check Point, there are great security features and a marvelous inbuilt design that caters to handling all threats, including zero-day attacks and perimeter security. I really like the user-friendly interface of the Smart Console dashboard and the maximum security is integrated.

How has it helped my organization?

The intruder blocking real-time is a great feature that does not even require policy installation or committing to something. This feature enables real-time attack mitigation along with full security access which helps our organization to improve its security factors. 

IPS detection is a big plus for me since it deeply scans the packet. 

URL fileting along with application control gives me the access to manage the least privilege to maximum rights on a single click.

What is most valuable?

The product provides multiple security layers that build upon each other, from the traditional security policy that is IP and port-based to application security, intrusion prevention, and their latest sandblast cloud-based malware detection. 

Everything is easily managed through their Smart Console dashboard. It's a very easy-to-understand dashboard that provides a detailed view. Check Point helps to resolve a lot of problems, such as showing our organization all known threats. 

It is easy to deploy and manage. 

The product offers a simple Web User Interface.

What needs improvement?

While not being cheap, their pricing models are competitive. In the pricing structure, however, they need improvement. 

I would love to see an SSL offloading feature that is not there right now. I am following many forums related to Check Point and it seems like they are going to launch it very soon. SSL Offloading will be very helpful for NBFC and for financial institutes.'

The Check Point NGFW OS is a historically grown OS. It has been on the market for a long time and has many releases. It is a very complex system. All features are done in software - no extra hardware chips are installed.

For how long have I used the solution?

I have been using this solution for almost a year.

What do I think about the stability of the solution?

This solution is one of the best solutions in terms of stability.

What do I think about the scalability of the solution?

It is highly scalable.

Which solution did I use previously and why did I switch?

I have been using this solution from the start as it was recommended by my organization.

What's my experience with pricing, setup cost, and licensing?

The pricing is a little bit high, although I have no issue with the licensing or setup. It is easy to use.

Which other solutions did I evaluate?

I have stuck to this solution as I read reviews before and it was all positive in regards to Check Point NGFW. I did not use a different solution.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Ümit Güler
Consultant at KoçSistem
Real User
Top 5
Good support, improves performance, stable, and scales well

Pros and Cons

  • "One of the most valuable features is performance improvement, wherewith ClusterXL and CoreXL, you can improve performance."
  • "Check Point should include additional management choices; for example, Check Point does not offer full management support via browser."

What is our primary use case?

I'm a consultant at a Check Point partner. I have deployed a lot of Check Point firewalls and support Check Point firewalls for our customers. Our customer environments are different. I have deployed standalone, cluster, and two-layered firewalls.

How has it helped my organization?

Check Point firewall products include a lot of modules including Application Control, IPS, Email security, Mobile access, Content Awareness, URL Filtering, Antivirus, Antibot, and DLP

Check Point meets our customers' requirements at the perimeter with an all-in-one solution. For example:

  • The IPS blade prevents attacks with updated signatures.
  • URL filtering policy control customers' users' internet activity.
  • Antivirus and antibot blade controls malicious activity and files.
  • Mobile access blades allow customers to access their sites from anywhere securely.

What is most valuable?

There are a lot of features that I have found valuable for our customers.

For example, active/active and active/standby high availability features are very useful. If you want to share traffic loads to both cluster members, you can use the active/active feature, whereas if you don't want to share traffic loads then you can prefer active standby. Your connections sync on both cluster members for either highly available choice, so your connections never lost.

One of the most valuable features is performance improvement, wherewith ClusterXL and CoreXL, you can improve performance.

What needs improvement?

Check Point should include additional management choices; for example, Check Point does not offer full management support via browser.

You should use Check Point Smart Console for management, although it is an EXE and is supported only on the MS Windows platform. If you are using Linux or Mac, you cannot manage Check Point. Instead, you need to use a virtual PC with the Windows OS installed, running inside Linux or Mac. Check Point states that this is a decision made for security reasons, but that certain management features can be done through the browser, although not fully.

For how long have I used the solution?

I have been using the Check Point firewall for more than 20 years.

What do I think about the stability of the solution?

This solution is very stable for all of our customers.

What do I think about the scalability of the solution?

One of our customers has more than 200 branch offices, which are protected by Check Point SMB appliances. All of these appliances are managed by Check Point SmartProvisioning. This customer has one Check Point cluster that secures server segments and another Check Point cluster to secure the client segment.

The latest product, Maestro is very good and scales well.

How are customer service and technical support?

Check Point support is very good and we are very satisfied.

Which solution did I use previously and why did I switch?

My company is working with different firewall products but I am a Check Point expert and only support their products.

How was the initial setup?

The initial setup is straightforward.

What about the implementation team?

All implementation is handled by our team.

What was our ROI?

There are different ROIs for each customer but our customers' ROIs are high, as expected.

What's my experience with pricing, setup cost, and licensing?

The pricing is high compared to competitors.

Which other solutions did I evaluate?

Our customers evaluate other products but a lot of them prefer Check Point.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: KocSistem A.S.
Flag as inappropriate
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,407 professionals have used our research since 2012.
reviewer1582053
Security Engineer at Gosoft (Thailand)
User
Top 20
Easy-to-use console, good logging, effective traffic and access control features, responsive support

Pros and Cons

  • "From the logs, you can trace back to the rule with a click, which makes it easy to investigate cases."
  • "They have few predefined reports and it would be nice to increase them since the logs are excellent."

What is our primary use case?

I use Check Point NGFW for controlling traffic and controlling access to the production server. It is a HA (high availability) environment. It is easy to use failover solutions.

We use it on our disaster recovery (DR Site) and it runs smoothly.

How has it helped my organization?

In the office, Check Point Infinity is the only fully consolidated cybersecurity architecture that protects your business and IT infrastructure.

Integrating the most advanced threat prevention and consolidated management, the security gateway appliance is designed to prevent any cyber attack, reduce complexity, and lower costs.

Check Point gateways provide superior security beyond any Next-Generation Firewall (NGFW).

Best designed for network protection, these gateways are the best at preventing the fifth generation of cyber attacks.

Overall, for us, it improves the private cloud security and helps to prevent the spread of threats while consolidating visibility and management across our physical and virtual networks.

What is most valuable?

The most valuable feature is the next-generation firewall (NGFW) protection.

Check Point has long been a leader in the firewall market. It offers Quantum Security Gateways for a wide range of use cases and CloudGuard FWaaS and cloud security products too. NSS Labs scored Check Point just behind Palo Alto in security effectiveness and ahead of Palo Alto in TCO. Check Point’s management features are among the best in the business, but SD-WAN capabilities are lagging.

A firewall rule is the same on all systems, and I am very happy with the correlation and the display of the rules.

From the logs, you can trace back to the rule with a click, which makes it easy to investigate cases. It is also easy to search the log.

What needs improvement?

They have few predefined reports and it would be nice to increase them since the logs are excellent.

They should be quicker to release fixes for known vulnerabilities, including those related to Microsoft products.

If you make a mistake when creating rules, it is time-consuming to fix them. However, there is no problem with traffic processing. 

Sometimes you are forced to interact on several different levels. On the one hand, you put the rules in, and on the other, you put in the route. 

For how long have I used the solution?

I have been using Check Point NGFW for between five and six years.

How are customer service and technical support?

They have a good support team that is fast to respond. However, there are open cases that should be resolved in a more timely fashion.

Which solution did I use previously and why did I switch?

We used another solution prior to this one, but the updates were too slow and it was harder to monitor the log.

How was the initial setup?

The initial setup is very hard.

What about the implementation team?

The vendor implemented this product for us.

What was our ROI?

This product is a good investment and I expect a full return in approximately three years.

What's my experience with pricing, setup cost, and licensing?

The price of the appliance should be decreased.

Which other solutions did I evaluate?

 I evaluated several other solutions and compared them before choosing Check Point.

What other advice do I have?

This is a product that I recommend.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
MR
Security Engineer at Netpoleons
User
Good packet filtering and proxy firewalls with an excellent intrusion prevention system

Pros and Cons

  • "One of the solution's best features include a packet-filtering firewall that examines packets in isolation."
  • "One of the main features that need improvement is the rule filter export."

What is our primary use case?

What can you do about threats that get past simple packet inspection by a regular firewall? You could have a layer 3 firewall inspect the protocol and block known threats from certain URLs, however, what if it comes from a URL that has not been reported and is a socially engineered exploit designed to hijack your data? This is where a Layer 7 firewall will be able to inspect the application, known as payload inspection.

While this is possible to do with a Layer 3 firewall, it can be difficult due to the number of protocol messages in Layer 7. You would need to create a signature for each application you wanted to protect; however, network signatures tend to block legitimate data and increase your MTTR (mean time to resolve an issue).

Plus, having these signatures makes it hard to manage and keep up with by the IT staff. Relying on the power of AI and the cloud in order to leverage the Layer 7 firewall is key. The advantage of Layer 7 is its protocol awareness, which allows it to differentiate between different network traffic (application knowledge) and not just packets or flows that identify ports and IPs (Layer 3).

How has it helped my organization?

Let's say most of the traffic nowadays goes through HTTP, your web browser.

When you browse the web, what do you suspect happens? Your browser sends HTTP requests to servers around the world, and in return, you receive a response. Big data packets originate from business applications as well, such as file transfer protocols (FTP) or web services such as MapReduce or Twitters API. Oftentimes, a breach happens through these protocols, whereby a Layer 3 firewall could potentially let the threat in (such as SQL injection by default) without explicitly denying these requests.

What is most valuable?

The solution's best features include:

  • A packet-filtering firewall that examines packets in isolation and does not know the packet's context.
  • A stateful inspection firewall that examines network traffic to determine whether one packet is related to another packet.
  • A proxy firewall (aka application-level gateway) that inspects packets at the application layer of the Open Systems Interconnection (OSI) reference model.
  • A Next-Generation Firewall (NGFW) that uses a multilayered approach to integrate enterprise firewall capabilities with an intrusion prevention system (IPS) and application control.

What needs improvement?

One of the main features that need improvement is the rule filter export. All of the other vendors can export the filtered IPS as a PDF or CSV file, however, with the smart dashboard, it’s just not possible. One can only export the whole rule base and then search for the IPS, which is super time-consuming as you can’t send the whole rule base to a customer. You would get weird questions about certain rules such as why they are deployed or configured as they are, and maybe even get unwanted tips on how to change them.

For how long have I used the solution?

I've used the solution for four years.

Which solution did I use previously and why did I switch?

We did not previously use a different solution.

What's my experience with pricing, setup cost, and licensing?

The costs involved depend on your needs and budget.

Which other solutions did I evaluate?

We did not evaluate other options.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
reviewer1281831
Security and Network Engineer at a tech services company with 501-1,000 employees
Real User
Top 10
User-friendly configuration, good support, and trouble-free upgrades have made our jobs easier

Pros and Cons

  • "The rules are very easy to deploy and can be optimized pretty quickly."
  • "One of the main features that need improvement is the rule filter export."

What is our primary use case?

The Check Point NGFW is the best product that I have ever used. It has pluses and minuses, as do others, but the usability, simplicity, and the configuration abilities are very user-friendly. After a while, other vendors just don’t come close to it.

The second thing is that is just works and it does it with ease. The upgrades and bug fixes are frequent and well documented. Also, the patches just work ;-)

There are some negatives but as I already said, they aren’t many and from my point of view, we can see past them.

How has it helped my organization?

It has made our lives and working in the company a lot easier. We have a better overview of the logs and what happens with the traffic in our company. Which means that the search for the certain logs is easy, quick and smooth. The overview of the logs is also very good as it is very detailed. The installation is allot quicker as it was before what also helps us with the implementation of the firewall rules. The rule consolidation is also very important as we have more than 60 fw rule change requests per day.

What is most valuable?

The rules are very easy to deploy and can be optimized pretty quickly. The R80 has a great feature on how the rules are processed, which costs less in terms of CPU and threads than it did before.

The features that are integrated into the firewall are very useful for our everyday use. Examples of these are the log manager, the firewall monitor commands, and the Linux commands. These are all very useful and helpful.

The VPN tunnels are easy to set up once you understand how they have to be configured.

What needs improvement?

One of the main features that need improvement is the rule filter export. All of the other vendors can export the filtered IPS as a PDF or CSV file, but with the smart dashboard, it’s just not possible. One can only export the whole rule base and then search for the IPS, which is super time-consuming as you can’t send the whole rule base to a customer. You would get weird questions about certain rules, why they are deployed or configured as they are, and maybe even get unwanted tips on how to change them.

For how long have I used the solution?

We have been using Check Point NGFW for eight years.

What do I think about the stability of the solution?

In terms of stability, this solution is very good.

What do I think about the scalability of the solution?

The scalability is high.

How are customer service and technical support?

The technical support is very good.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

How was the initial setup?

The initial setup is very easy.

What about the implementation team?

I implemented and deployed Check Point NGFW alone.

What's my experience with pricing, setup cost, and licensing?

Maybe the pricing is a bit high but you get the durability and the duration.

Which other solutions did I evaluate?

We evaluated Palo Alto and Cisco ASA.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
VJ
Senior infrastructure technical lead at Westpac Bank
User
Super technical support, scalable, and has very useful dashboards

Pros and Cons

  • "Objects search and tracker logs are useful."
  • "The pricing could be better."

What is our primary use case?

The solution is primarily used for firewall protection for an enterprise environment, The Check Point firewalls are implemented on the perimeter (DMZ) and Secure Access Domain (SAD) environments. 

We use physical VSLS clusters but have many virtual systems (Vsys) configured for different sub purposes. The Entire management domain is protected by Check Point firewall virtuals running on multiple physical boxes.

We have multiple virtual routers configured on the physical firewalls which connect L3 connectivity to other domains. The Perimeter DMZ firewall protects the boundary zone Environments 

How has it helped my organization?

Check Point firewalls have helped our organization to securely promote the traffic flow in a secure way that is fast and swift.

There's faster identification of customer traffic issues identifies via a smart view tracker and centralized management of rules. It has an ease of access policy and a human-readable format.

We have multiple virtual routers configured on the physical firewalls which connect with L3 connectivity to other domains. The Perimeter DMZ firewall protects the boundary zone environments.

What is most valuable?

Dashboards for rules management and trackers for firewall logs capture are useful.

Traffic flow in Check Point is very structured so that it is easy to understand the path it checks to understand which elements come first and which elements come later.

The smart log compiles from multiple CMAs is an important feature that is very attractive. 

The MDM dashboard is very organized compared to other vendors. The use of CLI tools like TCPDUMP and FW monitor are very useful in verifying the traffic logs.

Objects search and tracker logs are useful.  

What needs improvement?

To combine CLI routing and GUI application in a way that both interact together would be ideal.

The pricing could be better. In general, the Check Point solutions are not cheap, however, you could try to negotiate on the overall contract, especially if you are purchasing a lot of hardware.

In the CLI, while viewing configs, there is no easy way to snapshot configs. 

For how long have I used the solution?

I've used the solution for more than 15 years.

What do I think about the stability of the solution?

The product is very stable.

What do I think about the scalability of the solution?

The solution is scalable.

How are customer service and support?

Technical support is super.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We switched from Cisco to Check Point. Cisco was CLI-based and cumbersome with rulesets.

How was the initial setup?

The setup is straightforward as there are many videos available on the net to practice with.

What about the implementation team?

We had vendor involvement.

What was our ROI?

It serves the purpose and primarly gets the best output.

What's my experience with pricing, setup cost, and licensing?

The pricing is high. In general, the Check Point solutions are not cheap, however, you could try to negotiate on the overall contract, especially if you are purchasing a lot of hardware.

Which other solutions did I evaluate?

Yes, the vendor ran through the options and based their decision on the company security standards.

What other advice do I have?

We are satisfied with the product and support.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Checkpoint firewall has helped organisation to securely promote the traffic flow in secure way that is fast and swift.
Flag as inappropriate
PRAPHULLA DESHPANDE
Sr. Security Analyst at Atos
MSP
Top 5Leaderboard
Great GUI with a good centralized management console and helpful technical support

Pros and Cons

  • "The initial setup is very straightforward."
  • "They could make the licensing a bit easier to deal with, especially for enterprise-level options."

What is most valuable?

Check Point is very strong as compared to the other vendors in the market.

The solution offers a very good centralized management console. 

It works well even for small deployments. 

The perimeter security is excellent. 

It works well even for cloud environments and has been very useful during COVID when people weren't necessarily in the office. 

The creation of policies is simple. It's easy to configure them when we need to.

We have found the troubleshooting process to be very easy and helpful.

The GUI is simple and straightforward. 

The sandbox environment on offer has been great. 

The support has been super-helpful. They've always been great, even at a pre-sales level.

The initial setup is very straightforward. 

What needs improvement?

From a stability standpoint, sometimes when upgrading to a new version, there are some stability issues. The device occasionally may stop responding. 

It would be beneficial if they offered better load balancing. 

They could make the licensing a bit easier to deal with, especially for enterprise-level options. 

For how long have I used the solution?

We primarily use the solution for security, as a next-generation firewall that we use in our environments. It is very good at detection and prevention. However, we are still exploring use cases.

What do I think about the stability of the solution?

While the solution is mostly stable, we do find that we have stability issues moving to different versions. You run the risk of the device not responding in some cases. 

What do I think about the scalability of the solution?

The scalability is possible, however, it's based on requirements. When we get a new solution, we plan out for the next four or five years. It can scale so long as you design it properly at the outset. 

How are customer service and technical support?

Technical support is helpful and responsive. We're quite satisfied with the level of service we can expect. They are very good.

Which solution did I use previously and why did I switch?

I've also worked with Palo Alto and Cisco. 

How was the initial setup?

The initial setup is extremely straightforward. You don't even have to be overly technical to manage it. They make it very easy. It's not overly complex or difficult.

What's my experience with pricing, setup cost, and licensing?

The licensing is okay. Clients can go for a one, three, or five-year license. 

Sometimes it's complicated to put new licensing on existing devices. If we have issues, we can raise questions with the sales management team and they are always very helpful. Larger, enterprise-level devices, in particular, can be a bit complex to deal with. 

What other advice do I have?

We are integrated partners and we provide services to the customers.

I didn't get any chance to work on version 80.40, however, a lot of the customers are on versions 80.10, 80.20, and 80.40.

I would encourage users and companies to use Check Point. It's quite a good solution. I find it to be a better solution than, for example, Palo Alto.

I'd rate the solution at a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
IT cloud network engineer
Junior Network Specialist - Cloud Operations Engineer at a computer software company with 5,001-10,000 employees
Real User
Top 10
VPN is easy to configure while the CLI allows us to automate things

Pros and Cons

  • "One of the most valuable features is the data center object integration with Azure. We are using Azure a lot and there is very nice synchronization between the objects in Azure, and it's very easy to implement rules using this feature."
  • "The NAT services part needs improvement. It's not sophisticated. It needs functions like range assignment for NATing. The way you assign a list of IPs for NATing is too simple. It just allows you to use pools."

What is our primary use case?

We use them to protect our edge infrastructure and for interconnecting our sites using the VPN.

What is most valuable?

One of the most valuable features is the data center object integration with Azure. We are using Azure a lot and there is very nice synchronization between the objects in Azure, and it's very easy to implement rules using this feature.

Other valuable features include: 

  • the VPN — it's quite easy to configure it and it provides us with an easy way to interconnect our sites.
  • the CLI, for automating things
  • it is very easy to manage, to make backups, and to configure
  • the support and the graphical user interface.

What needs improvement?

The NAT services part needs improvement. It's not sophisticated. It needs functions like range assignment for NATing. The way you assign a list of IPs for NATing is too simple. It just allows you to use pools.

There could also be improvement to the automation. They should provide a tool for creating and maintaining rules.

For how long have I used the solution?

I have been using Check Point firewalls for more than five years.

What do I think about the stability of the solution?

The stability is an eight out of 10 because we have had some problems with URL filtering, with the domain filtering in particular. When the domain is under a CDN, it sometimes gives us problems because there is more than one IP for each domain.

We have also had problems with data center objects or Azure objects where we have created a rule and the rule stops working. We opened a case with Check Point and they answered us. We installed fixes and it looks like it's working now.

What do I think about the scalability of the solution?

The scalability is quite nice at the firewall level. It gives us the possibility of implementing clusters and high-availability.

We are also working on an Azure implementation and it looks good. We have not yet deployed to the Azure Check Point implementation, but it promises a lot.

We have about 200 employees and, on the administrative side, there are 12 to 15 people working with the Check Point solution. They are mostly networking infra engineers. We are using about 40 percent of the firewall capacity. We don't currently have plans to increase capacity.

How are customer service and technical support?

We are satisfied with the support. When we have a problem, it's very easy to contact the support center and they give a fast response. I would give their support a nine out of 10.

Which solution did I use previously and why did I switch?

I have worked with the Cisco ASA firewalls and with firewalls from manufacturers like MikroTik.

What was our ROI?

It's hard to measure ROI, but our sense of security, as a company, is good with Check Point.

What's my experience with pricing, setup cost, and licensing?

In terms of quality versus price, Check Point is very balanced.

What other advice do I have?

The biggest lesson I have learned from using Check Point firewalls is that if you know how to work with Linux, you will be able to manage almost all the features.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.