We just raised a $30M Series A: Read our story
reviewer1626546
Network Head at SUKARNE
User
Top 10
Easy to set up, scalable, and offers great security

Pros and Cons

  • "What gives me the most value is undoubtedly the security that the anti-bot and anti-virus blades provide."
  • "Of the areas of improvement that I want to see in this product, without a doubt, one is the technical support. In this time of globalization, with so many cyberattacks and risks, the Check Point support staff take a long time to attend to incidents due to the high demand."

What is our primary use case?

My solution is based on an on-site architecture. I currently manage a Check Point Next-Generation Firewall for my more than 400 sites such as perimeter and DMZ. For the sites with a perimeter to the internet, I have them in a high availability scheme with balancing internet services. In the case of DMZ, they allow me to control incoming and outgoing traffic through policies based on Identity awareness. I use the application control blade to allow RDP access to the specific servers needed by administrators.

How has it helped my organization?

In the beginning, my organization did not have a security scheme, which caused a latent security risk. My internet services were never enough due to the high traffic used towards social networks and entertainment sites. With my Next-Generation Firewall, I have managed to reduce the cost of my links since now we use them appropriately in the resources and tasks that are necessary. 

For the lateral movements, previously all of my users had access to server networks and communication could cause lateral movement of viruses and ransomware. Now, I have the perimeter towards the internet protected and I am protected against unauthorized access.

What is most valuable?

What gives me the most value is undoubtedly the security that the anti-bot and anti-virus blades provide. With the automatic updates of signatures, I am always protected against new threats. The identity awareness blade helps me to have better control and organization over unauthorized access of my users onto exclusion sites such as social networks. In the DMZ it allows me to control administrators with access to highly important networks such as servers, developments, etc.

What needs improvement?

Of the areas of improvement that I want to see in this product, without a doubt, one is the technical support. In this time of globalization, with so many cyberattacks and risks, the Check Point support staff take a long time to attend to incidents due to the high demand. 

Another change that I would like to see is the ability to be able to test the policies before launching a change. It is somewhat annoying to apply a change and then notice that, after a while, the message appears that the installation of policies has failed, either due to some duplicate rule, some duplicate port, duplicate service or IP, et cetera.

For how long have I used the solution?

I've been using the solution for 5 years.

What do I think about the stability of the solution?

It really is a very stable and reliable brand.

What do I think about the scalability of the solution?


it is better when using an open server solution since some teams are limited to growth.

How are customer service and technical support?

The support service can improve the attention to clients as well as the escalation times.

Which solution did I use previously and why did I switch?

I did not previously use a different solution. I've just used Check Point.

How was the initial setup?

The installation is really simple and easy to manage.

Which other solutions did I evaluate?

We also previously looked at Meraki, Fortigate, and Palo Alto as options. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
VS
Lead System Engineer at a comms service provider with 201-500 employees
Real User
Top 5
Scalable, easy to install, and quick to deploy

Pros and Cons

  • "It's quite a stable solution."
  • "The pricing could always be more competitive."

What is our primary use case?

As a next-generation firewall, this product is capable of handling all kinds of threats that might try to attack the network, including events such as DDoS attacks. 

How has it helped my organization?

The compliance part of the product has been very useful to our organization. There are many useful reports from this firewall device. For example, it can tell us how much of our network has compliance with the guidelines that are in place.

What is most valuable?

The product is very easy to use.

It's quite a stable solution.

The scalability is very good.

The solution is easy to install and deploy.

What needs improvement?

The product could always be even more stable and secure, as it would improve protection.

As we aren't using the very latest iteration, it's hard to say which features are lacking, as some might have been added in the latest releases we haven't yet migrated over to.

The pricing could always be more competitive.

Technical support needs to be more helpful.

For how long have I used the solution?

I've been using the solution for the last six months or so. It's been less than a year, and therefore, it hasn't been that long. 

What do I think about the stability of the solution?

The stability is good. There are no bugs and glitches. It doesn't crash or freeze. It's reliable. 

What do I think about the scalability of the solution?

The solution offers good scalability. If a company needs to expand it, it can do so. It's not hard.

We have 50 users on the solution right now.

How are customer service and technical support?

I would say that technical support could be better. We also use Cisco, and, in comparison, Cisco's support is way better in terms of how helpful and responsive they are. We aren't as satisfied with Check Point. They need to be faster, friendlier, and much more knowledgeable. 

Which solution did I use previously and why did I switch?

Right now I am using Check Point and Cisco ASA.

How was the initial setup?

The initial setup is not overly complex or difficult. It's pretty straightforward.

The deployment doesn't take long either. It's a fast process.

You only really need two people for deployment and maintenance for most setups.

What about the implementation team?

I handled the implementation myself. I did not need the assistance of an integrator or consultant. 

What's my experience with pricing, setup cost, and licensing?

The solution could work to make the pricing a bit lower. It's similar in cost to Palo Alto, however, if it was lower, it would make them more competitive. 

What other advice do I have?

We are a customer and an end-user. We don't have a business relationship with Check Point. 

We are not using the latest version of the solution, however, I cannot speak to the actual version number. We might be a version or two behind the latest update.

I'd rate the solution at an eight out of ten. We've largely been quite pleased with its capabilities.

I would recommend the solution to other users and companies. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,407 professionals have used our research since 2012.
SK
Project Manager at a financial services firm with 10,001+ employees
User
Good centralized management and VSX with great scalability potential

Pros and Cons

  • "There is a lot of legacy traffic from other vendors that has been migrated to Check Point which has resulted in a lot of stability in our environment."
  • "The product or services can be improved from the cost and the pricing perspective."

What is our primary use case?

The next-generation firewalls are used on the perimeter within a couple of data centers. There are lots of firewalls and we are trying to consolidate everything in the final solution. The MDS and VSX are real solutions that are easing the consolidation across different domains to make management easier. It also improves the overall solution from the operations perspective where BAU teams can leverage different Check Point product lines, like Smart Log, to support customers on a daily basis.

How has it helped my organization?

There is a lot of legacy traffic from other vendors that has been migrated to Check Point which has resulted in a lot of stability in our environment. Moreover, consolidation happening across different legacy environments is being enhanced by the usage of MDS and VSX solutions offered by Check Point. This is making things easier from both a migration and implementation perspective. It offers easy management architecture, and, with Smart Log, makes life easier for the operations engineers and different teams working with Check Point products.

What is most valuable?

The most valuable feature of Check Point is the Centralized Management (MDS) and Virtualization (VSX) for the firewalls. Using these features provides enhanced security with reduced cost across different domains and tenants with complete segregation from the policies database and a user traffic perspective. Using these features is proving to be scalable as things are virtualized and the resources can be increased or decreased as per the demand or usage from a project perspective.

What needs improvement?

The product or services can be improved from the cost and the pricing perspective. There are a lot of other competitors in the market providing similar solutions with more low-cost options. There is no doubt that the great three-tier architecture of Check Point is great, however, when the cost is considered, it proves to be a bit expensive as compared to other products in the market. Also, the licensing and maintenance costs are quite high. Maintaining these solutions proves to be a bit costly to organizations from a day-to-day perspective.

For how long have I used the solution?

I've used the solution for five years.

What do I think about the stability of the solution?

The stability is excellent.

What do I think about the scalability of the solution?

The scalability is really good.

How are customer service and technical support?

We are satisfied with the level of support.

Which solution did I use previously and why did I switch?

Yes, we have used a different solution previously and have switched because of the great performance that Check Point offers.

How was the initial setup?

The initial setup is pretty straightforward.

What about the implementation team?

Yes, and we had a good experience.

What was our ROI?

The ROI meets our expectations.

What's my experience with pricing, setup cost, and licensing?

The cost is quite high for Check Point products.

Which other solutions did I evaluate?

Yes, however, I prefer not to say which.

What other advice do I have?

Overall, the solution and product line are good but more competitive pricing can be offered.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
Flag as inappropriate
reviewer1420545
IT-Infrastruktur at Synthesa Chemie Ges.m.b.H
Real User
Top 20
Provides centralized management, good logging capabilities, and granular application control

Pros and Cons

  • "The most valuable feature is the centralized management, which gives us control over all of the Check Point gateways."
  • "Without any training, it is very hard to administrate the whole Check Point NGFW."

What is our primary use case?

Check Point protects our environment from external threats. In particular, we use:

  • Application Control for Internet access
  • HTTPS Inspection for outgoing connections into the internet
  • Separate the OT network from the normal data LANs
  • SSL VPN for End Users - Check Point Mobile VPN Client is used on the end-user clients
  • Site-to-Site VPN for connecting other companies to our environment

We are using two Check Point boxes in a ClusterXL Setup so that one appliance can die and the environment is not affected. We also use a cloud gateway for internet security on users, which are only connected to the internet (outside the office).

How has it helped my organization?

Check Point has improved our organization in the following ways:

  • Provides for central management over all of the Check Point gateways
  • Maintains a changelog that shows which users have made changes
  • Version control allows us to roll back a ruleset after, for example, a misconfiguration
  • Offers very granular application control
  • Allows for various internet permissions for various users
  • Gives us very good logging, which is nice for troubleshooting because you can instantly which rule is affected for each action
  • The cloud gateway (Check Point Capsule Cloud) ensures that users are getting the same internet permissions as they would if inside the company, no matter which internet connection they are using

What is most valuable?

The most valuable feature is the centralized management, which gives us control over all of the Check Point gateways. This means that you do not need to connect to each gateway and make the necessary changes.

Cluster functionality, "ClusterXL", works like a charm. A rollover to the standby gateway does work with no noticeable delay in the network.

You can buy a Check Point appliance or install the Check Point NGFW as a VM on your own hardware.

The extremely wide function horizon covers almost every possible scenario.

What needs improvement?

The Performance on a policy install takes too long for my taste. This might be because, at each policy install, the management pushes the whole policy on the affected gateways.

Without any training, it is very hard to administrate the whole Check Point NGFW.

In our case, the main Check Point gateways are in a cluster configuration. Sadly, the management always shows the standby box as failed. This may be because it is set to STANDBY and not ACTIVE. It would be better to show the standby box as good.

For how long have I used the solution?

I have been using Check Point NGFW for about five years.

How are customer service and technical support?

Support is very customer-oriented and you are always in good hands.(customer wishes are often implemented in the next hotfix)

Most Support engineers are located in Israel. (Very good spoken english)

Very fast response from R&D Team

Which solution did I use previously and why did I switch?

We were using SonicWall and switched because of EOL.

What's my experience with pricing, setup cost, and licensing?

The pricing for Check Point depends on your environment.

Which other solutions did I evaluate?

Before choosing Check Point we evaluated Fortinet and a newer version of SonicWall.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
RC
Senior Infrastructure Technical Analyst at https://www.linkedin.com/in/robchaykoski/
User
Excellent management interface and logging facility with good stability

Pros and Cons

  • "By deploying Check Point, it has made it easier to manage everything from a single interface. The management dashboard and policies are on its single pane of glass."
  • "I would like to see better Data Leakage protection options and easier-to-understand deployment models for this."

What is our primary use case?

I protect customers and other types of data by ensuring a secure environment. Check Point allows me to deploy quickly and securely, along with using more advanced detection and prevention. By securing multiple sites and various infrastructure elements, I have reduced my overall workload.

I'm using a lot of permanent tunnels and protecting them to ensure that monitoring customer infrastructure is not compromised in any way, shape, or form.

Various hardware has been deployed at proper sizing for customers and the equipment is stable without the need for a lot of custom configuration

How has it helped my organization?

By deploying Check Point, it has made it easier to manage everything from a single interface. The management dashboard and policies are on its single pane of glass. This has allowed for faster resolution of problems during deployment.

Being able to look at log events and sort quickly for information in regards to problems with connectivity or traffic makes it easier to troubleshoot and gain other insights into traffic-related problems.

Overall, the insights provided also allow for data to be presented to customers to give them an overall perspective of their security.

What is most valuable?

The management interface is well designed and easy to understand. It reduces the time for deployment, changes, and onboarding new customers.

The logging facility is amazing and gives great insights into traffic. Although Event Management is also amazing, it can be cost-prohibitive for other companies to onboard.

The ability to deploy VPN communities makes onboarding new sites easy. Multi-site configurations can be deployed with very little oversight and with minimal additional work after the initial deployment is successful.

What needs improvement?

I would like to see better Data Leakage protection options and easier-to-understand deployment models for this. I have been working with DLP for a while now and find that other vendors seem to be doing better at this. That said, having to deploy another solution adds other costs.

Some error messages could be better and more specific. The days of generic error messages should be over by now to allow faster, better insights into fixes for any traffic-related problems.

Some of the sizings of firewalls for deployment seem not exact and require some tweaking based on real-world traffic and connectivity types (for example, PPPoE).

For how long have I used the solution?

I have been deploying Check Point firewalls for about 12 years and still work with them on many projects. I trust them to protect my infrastructure along with other tools.

I will continue to use Check Point as long as they keep pace with the innovation currently in place without sacrificing customer service.

What do I think about the stability of the solution?

The product is very stable once deployed.

What do I think about the scalability of the solution?

So far, no issues with scalability have been detected - other than hardware replacement on the growth of traffic

How was the initial setup?

The initial setup has some come complexities, however, that is the nature with multiple types of connectivity and different customer requirements.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: I am a partner with Check Point
Flag as inappropriate
José Javier Dominguez Reina
Project Manager at Junta de Andalucia
Real User
Top 5Leaderboard
A complete security solution that prevents attacks against data center servers and viruses

Pros and Cons

  • "Check Point has a centralized console that makes it possible to manage all the deployed equipment. It also has a built-in VPN service that lets users connect through VPN to our organization, which facilitates teleworking while cutting off unauthorized access to the organization's internal network."
  • "The predefined reports are limited and should provide more information. Check Point should provide a greater number of defined reports and produce reports for each division of the organization."

What is our primary use case?

We use Check Point firewalls to prevent attacks against the data center servers by adding more layers of security, such as IPS, Data Leak Prevention. We have also used Check Point to implement security policies in layer 7 and applications as well as to configure the VPN for internal users of the organization.

How has it helped my organization?

Check Point's firewall security solution is a complete solution that allows you to prevent attacks against your data center servers and avoid the transmission of viruses to end-users via ransomware, phishing, or forgery of URLs.

What is most valuable?

Check Point has a centralized console that makes it possible to manage all the deployed equipment. It also has a built-in VPN service that lets users connect through VPN to our organization, which facilitates teleworking while cutting off unauthorized access to the organization's internal network.

What needs improvement?

The predefined reports are limited and should provide more information. Check Point should provide a greater number of defined reports and produce reports for each division of the organization. Also, historical statistics cannot be obtained from the central console, the data or logs must be exported to another machine and processed from there to obtain this historical information. The number of available physical ports could be increased and Check Point could add support for higher speeds.

For how long have I used the solution?

We have been using Check Point firewalls for more than 10 years.

What do I think about the stability of the solution?

Check Point is a company that has been producing firewalls for many years. It is a leader in today's market, and its products are very stable. They are always updating and improving their products to stay at the top of the market. 

What do I think about the scalability of the solution?

Check Point NGFW allows easy and fast scalability.

How are customer service and technical support?

Our experience with Check Point technical support was very positive. They always resolved questions or incidents quickly and professionally.

Which solution did I use previously and why did I switch?

We have always had Check Point solutions.

How was the initial setup?

The initial configuration was simple. The previous team was also using Check Point, we only had to export and update the rules. Only a couple of things had to be corrected and changed.

What about the implementation team?

It was implemented through a CheckPoint partner who demonstrated great experience in migration.

What's my experience with pricing, setup cost, and licensing?

When implementing, I would suggest you define in a real way what you want to allow —applications, content, destinations, etc. — and drop the rest of the traffic. It is important to review the groups, objects, and networks created to efficiently define the security policies that you finally want to implement.

Which other solutions did I evaluate?

Before making the last purchase, we evaluated other solutions, such as Palo Alto or Fortinet.

What other advice do I have?

I would rate Check Point NGFW 10 out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Kirtikumar Patel
Network Engineer at LTTS
Real User
Top 5Leaderboard
Helps with security against upcoming and unknown threats and activities

Pros and Cons

  • "It secures my organization. With the application blade, I can make security as application based and the custom application is also very useful. With identity awareness blades we get insights on our local users who are accessing/passing through the respective rule as users. We also use the DLP, IPS, and VPN features."
  • "Our SAM rule is also not working to block the IP address which we don't allow in our organization so we have to create a traditional rule base block which is a time-consuming job for me and my team."

What is our primary use case?

I have been using this solution since the GAIA OS R77 was there. I am using it for my day to day access such as policy creation, policy modification, and also regularly policy disabling and deletion. I have 17K+ users in my organization, 100 + client to site VPN and I have a number of S2S as well. My daily job is health checkup, security log monitoring and incident management, daily IPS checks, threat presentation reports and to analyze the risk and take necessary action on that as well.

How has it helped my organization?

It secures my organization. With the application blade, I can make security as application based and the custom application is also very useful. With identity awareness blades we get insights on our local users who are accessing/passing through the respective rule as users.  We also use the DLP, IPS, and VPN features. We have multiple site to sites with our clients and it is very easy to configure and manage.

What is most valuable?

IPS helps with security against upcoming and unknown threats and activities. We regularly check the report and as per daily report we will check the risk and prevent each alert that is critical based on our business requirement and make it secure.

IPSec VPN is also our key feature as our organization having widely customer across globe so it is very good feature to us to connect and run our business with them very smoothly and softly. 

What needs improvement?

The unknown category has been a pain point. We cannot understand this category and the Check Point engineers are also stuck with it. If we enable HTTPS inspection then without this category my URL will stop working. This has a huge impact on my business. We are still running without HTTPS inspection even in a monitoring mode.

Our SAM rule is also not working to block the IP address which we don't allow in our organization so we have to create a traditional rule base block which is a time-consuming job for me and my team.

For how long have I used the solution?

I am using this solution for four years.

What do I think about the scalability of the solution?

This is widely scalable solution.

How are customer service and technical support?

I would say not much exp and not lower, average technical support. We are struggling in most of the cases.

How was the initial setup?

Very easy.

What about the implementation team?

In-house team and technical support team.

What was our ROI?

I would say it's complete ROI for us.

What's my experience with pricing, setup cost, and licensing?

Setup is easy, in my short tenure I have done multiple migrations and have set up our new organization. For cost and pricing, I don't have an idea.

What other advice do I have?

This is a very good and best solution as a perimeter device for NGFW.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Xavier Espinoza
Subgerente de Tecnologías de la Información at ETAPA EP
Real User
Good VPN and access control features, and it's stable,

Pros and Cons

  • "The configuration is one of the best features of this product."
  • "The only reasons we are looking at other solutions are price and integration."

What is our primary use case?

We use Check Point for VPN access for all employees, as a rule. We also used it as a filter, a firewall, and it's the front line of our access to the Internet.

It has VPN access for our employees and it controls access, barring intrusion for non-authorized access.

What is most valuable?

The URL filter is activated to filter access to our employees. We use filtering for VPN access.

The configuration is one of the best features of this product.

When this product was purchased approximately 12 years ago it was the top of the line.

The product has been working very well.

I don't have any issues with the software of this solution. It works as is expected.

What needs improvement?

I would like to see more integration with other infrastructures. We are considering Cisco because it is more integrated, and the network limits of the solution are better.

Recently, we experience a problem with the hardware because it was too old, it was blocked. The hardware failed, but the software did not. With older hardware, it is a problem because our network is growing every year. The solution is not at maximum performance. 

It does not have the performance that we require. The network is not the same as it was 12 years ago. There are several logs.

We are looking for a cheaper product that is more integrated than our Cisco Network appliance.

It may also need to support other types of architecture.

The only reasons we are looking at other solutions are price and integration.

For how long have I used the solution?

Check Point was installed in the company approximately 12 years ago.

What do I think about the stability of the solution?

The stability is good.

What do I think about the scalability of the solution?

We are a company with 1,200 employees, and approximately 700 are using this solution.

How was the initial setup?

We have five HP Servers, and we have a cluster in different geographic locations. 

Check Point has been installed in an HP-certified server. It is not an appliance, it is an HP Server.

We have one or two professionals who work on the platform.

What's my experience with pricing, setup cost, and licensing?

It is not a cheap solution, which is why we are looking for another one.

Which other solutions did I evaluate?

We are currently evaluating new firewall solutions because the Check Point that we have was installed approximately 12 years ago, and wanted to change to a next-generation firewall.

What other advice do I have?

The HP Server works fine without any maintenance, but it needs to be taken care of. We did not, which caused a disk to fail. We have one or maybe two that are working. I don't have any complaints about the HP Server. It was sized for that network load at that time.

I would rate Check Point a ten out of ten. It works as expected.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.