We just raised a $30M Series A: Read our story
ChandanSingh
Senior Technical Consultant at Ivalue Infosolution
Consultant
Top 10
Feature-rich, easy to deploy, security oriented, and offers scalability and great throughput

Pros and Cons

  • "The most valuable feature is the Stateful Inspection, which was developed by Check Point."
  • "No product is perfect and there is always room for improvement."

What is our primary use case?

I am a Check Point distributor and the Next-Generation Firewall is one of the products that I am dealing with. My customers use this as part of their security solution that covers mobile devices, computers, their network, cloud, SD-WAN, IoT devices, IP phones, IP cameras, and others.

How has it helped my organization?

Checkpoint has provided Security to the entire data center. 

What is most valuable?

This is a feature-rich product and all of them are useful.

The most valuable feature is the Stateful Inspection, which was developed by Check Point.

The throughput is very good with Check Point. Checkpoint ThreatCloud is the largest threat intelligence database. 

Checkpoint management is a single pane of glass from where you can manage all the CP solutions from a single point be it on-prem or cloud or hybrid.

What needs improvement?

There is always room for improvement and CP Dev team is on right path.

For how long have I used the solution?

I have been working with Check Point firewalls for more than five years.

What do I think about the stability of the solution?

This is a stable firewall. It is very good.

What do I think about the scalability of the solution?

Scalability and throughput are very high. They have also launched a solution called Check Point Maestro, which provides cloud-level scalability on-premises. This makes it very scalable.

Which solution did I use previously and why did I switch?

My customers use firewall products from several vendors, including Sophos. Sometimes they replace their existing firewalls, and at other times, they run Check Point in parallel.

How was the initial setup?

The initial setup is very simple. This solution can be installed on-premises or on the cloud.

It takes between 30 and 45 minutes to deploy.

What about the implementation team?

Our in-house team does the installation for our clients. We also handle support, depending on what level of support the client has. Sometimes, they go directly to the OEM.

What other advice do I have?

Until earlier this year, the consolidated management was application-based and required installation. As of recently, they have launched web-based management, as well as cloud-based management. This is an upgrade that I had been waiting for because we no longer have to go to the dashboard. Instead, we just enter the IP into chrome and you get the dashboard on the web page, without having to install anything.

This is a very good product, although there is always room for improvement.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PRAPHULLA  DESHPANDE
Associate Consult at Atos
Real User
Top 5Leaderboard
The vulnerability assistance via report management detects host and network vulnerability

Pros and Cons

  • "Apart from it having very good features, I personally like the vulnerability assistance via report management which detects host and network vulnerability."
  • "Heavy load causes a higher CPU to peek which causes us to need to reboot the device. Malicious activity database corrupts the directory or path and restoring it takes a lot of time."

What is our primary use case?

Check Point leading industry provides a complete solution that is required to perimeter security along with deep packet inspection for network traffic.

Check Point not only acts as a traditional firewall but it provides you with complete security for users who work from home. Work from home users observed that Check Point gives 100 % functionality without any trouble.

It offers centralized management to customers where they have an IT member so there Check Point management can work properly. It is available in a smaller range to higher. Customers can get it at an affordable price. 

How has it helped my organization?

As we vendor, we deployed the Check Point firewall in many organizations and they are renewing its license as they trust the product and support.

Whatever feature they want is possible with Check Point and 80.20 later versions are coming in, that feature set was previously not available. Customers are satisfied. 

What is most valuable?

No other firewall provides a feature set in log monitoring and threat detection blades.

Apart from it having very good features, I personally like the vulnerability assistance via report management which detects host and network vulnerability.

Most customers need reports which define how many users are infected, how many viruses and malware there is, botnet traffic firewall deteted all this type of information. Check Point is in a very easy and understandable format based on logs history.

What needs improvement?

Sometimes the stability related application, URL filtering, and troubleshooting issues take longer than expected. I observed some feature set that is very easy to add from the deployment team but Check Point needs a longer procedure so customers relating those features with Check Point firewall and Palo Alto.

Heavy load causes a higher CPU peek which causes us to need to reboot the device. Malicious activity database corrupts the directory or path and restoring it take a lot of time .

We receive performance but sometimes there are stability-caused issues. 

For how long have I used the solution?

I have been using Check Point for three years. 

What do I think about the stability of the solution?

Check Point can defend Palo Alto if they work on stability.

How are customer service and technical support?

Tech support is very helpful and provides the right solution.

Which solution did I use previously and why did I switch?

We went from Sophos to Check Point.

How was the initial setup?

The initial setup was simple.

What about the implementation team?

We are only vendors.

What's my experience with pricing, setup cost, and licensing?

The pricing is really negotiable based on other competitor solutions.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: December 2021.
555,139 professionals have used our research since 2012.
Jagdeep Bhardwaj
Founder Director at digisec
Real User
Well-established product with great flexibility and user-interface

Pros and Cons

  • "The features that I have found most valuable are its flexibility and user interface. This is already a well-established product in the market for quite a long time, more than 20 years. They've got a huge customer base."
  • "In terms of what could be improved, I would say the application control and the visibility. I'd like granularity where you can have all the levels of policies that are defined, including the intel threat. It depends on what kind of intel threat the company has."

What is our primary use case?

Our customers primarily buy the solution to protect the network from malware at the perimeter of the Network. The next-gen firewalls help the customer to have an application-level control of the traffic.

What is most valuable?

The features that I have found most valuable are its flexibility and user interface. This is already a well-established product in the market for quite a long time, more than 20 years. They've got a huge customer base.

What needs improvement?

In terms of what could be improved, I'd like granularity where you can have all the levels of policies that are defined. 

In additional feature that could be added to this solution in the future is micro-segmentation, like Palo Alto has on the firewall itself.

For how long have I used the solution?

I began using Check Point Next Generation Firewall very recently, about four or five months ago.

What do I think about the stability of the solution?

We have an internal team for maintenance.

What do I think about the scalability of the solution?

In terms of scalability, what we have seen is that it has a big deployment right now. So it all depends on what kind of environment the customer has. If he's already a Check Point user, it is easy for them, but if it is migrating from one platform to another, it is a little complex. One more thing is that the skillset availability required for Check Point is, in terms of implementation, a little less compared to others. The resources and the technical stuff are there for implementation. You find fewer people on Check Point compared to Sophos or Fortinet or any other platform.

How was the initial setup?

The installation process, if it is a greenfield opportunity, is easy. If it is a migration from one platform to another, you need to have expertise on both the technologies. Let's say for example you're migrating from Fortinet to Check Point, or from Sophos to Check Point or Check Point to any other, you need to have expertise on the platform, even though you should have good experience in terms of migrating and technologies.

What other advice do I have?

In my experience, Check Point provides both in-depth experience and cost-effectiveness compared to Palo Alto. So, Check Point is good for customers already using Check Point and Palo Alto is for anybody who wants to have the latest and most advanced features and has a good budget.

On a scale of one to ten, I would rate Check Point NGFW an 8.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
YK
Network Security Engineer at R Systems
Real User
Top 20
Supports dynamic objects and provides effective antivirus

Pros and Cons

  • "The Next Generation Firewalls, the 64000 and 44000 series, provide us with support for large data centers and telco environments. They're quite reliable and provide great performance."
  • "The area where Check Point can improve is the antivirus, as it only provides a small number of updates for it. Updates should be more frequent."

What is our primary use case?

The Next Generation Firewalls, the 64000 and 44000 series, provide us with support for large data centers and telco environments. They're quite reliable and provide great performance.

How has it helped my organization?

There are a lot of features which help us in providing a more secure environment for our organization, such as when we have Active-Active.

What is most valuable?

The most valuable feature is that the scalable 64000 Next Generation Firewalls are designed to excel in large data centers and the telco environment as well. We have a lot of these types of customers, and these Check Point firewalls support them.

In addition 

  • it supports dynamic objects, which we use for security purposes
  • the antivirus is quite effective
  • the logging and tracking are quite easy
  • overall, it is easy to use.

What needs improvement?

The area where Check Point can improve is the antivirus, as it only provides a small number of updates for it. Updates should be more frequent.

In addition, the certification process is quite expensive. It should be a little cheaper so that everyone can be trained and certified and have better knowledge of Check Point's products.

For how long have I used the solution?

I have been using Check Point's firewalls for more than a year. My responsibilities include implementing changes on the firewalls and troubleshooting.

What do I think about the stability of the solution?

They're quite stable and quite good. Management is simple because we can implement a lot of changes on the firewalls through the central manager.

What do I think about the scalability of the solution?

They're quite scalable because they support large data centers, while offering reliability and performances as well.

How was the initial setup?

The initial setup is quite easy. You don't need much training for it. Deployment takes around one week.

We have different stages in the setup process and we follow all the stages. We have to give structure to the plan, outline what we need to do. That goes to our manager, our senior experts, for approval. Then we implement the changes after their approval. Once the changes are implemented, we have our team leaders who validate whether everything is good and as expected or not. Then we close it. This is the basic strategy we follow in our organization.

About 500 to 600 employees work on Check Point firewalls in our organization and they have different roles. For example, I handle network and security admin. There are also security associates, consultants, and analysts.

What's my experience with pricing, setup cost, and licensing?

The pricing of Check Point's firewalls is good. It is not that expensive.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Sreegith Sreedharan Nair
Senior Network Engineer at LTI - Larsen & Toubro Infotech
Real User
Centralized management, good VPN functionality, provides valuable insights into our traffic

Pros and Cons

  • "The SmartView monitor and SmartReporter help us to monitor and report on traffic."
  • "Integration with a third-party authentication mechanism is tricky and needs to be planned well."

What is our primary use case?

We have deployed Check Point firewalls for perimeter security and also for filtering East-West traffic. 

Check Point helps in improving perimeter security along with giving insights into different kinds of traffic and attacks.

Isolation between different tiers of APPs is critical for us and Check Point is utilized for handling high traffic volumes of East-West traffic.

We are leveraging the VPN module on the perimeter firewall for users to access the VPNs. VPN authentication is integrated with RSA for multi-factor authentication.

How has it helped my organization?

We have reduced the number of firewalls using the VSX cluster from Check Point. This reduced management overhead to a great extent. Also, the stability of clustered firewall helps us in meeting SLAs with clients.

Check Point firewalls can be tuned for one-off cases like allowing out-of-sync packets for a source-destination pair, which is a feature that helped us tackle application issues. 

We have deployed VPN firewalls in multiple data centers, which help with load sharing and redundancy for the VPN traffic.

Managing all of our user VPNs, customer VPNs, and Cloud VPN tunnels' endpoint encryption from a single management portal is helping us.

What is most valuable?

VSX helps to reduce the physical footprint on datacenter racks.

The SmartView monitor and SmartReporter help us to monitor and report on traffic.

Centralized management and management high availability give the ability to manage firewalls in a DR scenario. 

Features such as the ability to simultaneously edit the rule base by multiple admins and revert to a previous rule base revision are very useful.

Having a separate appliance for logging helps us in meeting the security audit requirements, without having an overhead on management.

What needs improvement?

Configurations can be complex in some situations and need experienced engineers for managing the solution.

Integration with a third-party authentication mechanism is tricky and needs to be planned well.

SmartView monitor can be enhanced to display granular details of gateways with a single click. Also, having the ability to generate alerts from the Smart Monitor would be a nice feature.

For how long have I used the solution?

We have been using Check Point firewalls for the last eight years.

How are customer service and technical support?

Support might take a long time to resolve issues in rare scenarios.

What other advice do I have?

My advice for anybody who is implementing this solution is to always keep an identical configuration, even interface statuses, in a VSX cluster before an upgrade to minimize upgrade failures.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
RF
Manager for Operations, Security and Management at REN - Rede Energeticas Nacionais, S.A.
Real User
Top 10
Identity awareness and application control features help secure our network

Pros and Cons

  • "The most valuable features for us are identity awareness, IDS and IPS, and application control."
  • "The speed of technical support is very slow and is something that should be improved."

What is our primary use case?

Our primary uses for the Check Point NGFW are network segmentation, identity awareness, and application control.

What is most valuable?

The most valuable features for us are identity awareness, IDS and IPS, and application control.

What needs improvement?

The speed of technical support is very slow and is something that should be improved.

For how long have I used the solution?

We have been using Check Point firewalls for about 20 years.

What do I think about the stability of the solution?

There were times in the past when it wasn't as stable as it is now. However, with the current version, we have been running for the past year without any issues.

What do I think about the scalability of the solution?

Our company has about 1,000 users that generate traffic that passes through the firewall. Beyond that, we haven't had much need to scale.

How are customer service and technical support?

The technical support is very slow.

Which solution did I use previously and why did I switch?

The two firewalls that we having implemented are Check Point and Fortinet.

I have also worked with Juniper but it does not have all of the advanced features that Check Point has, such as application control and identity awareness.

How was the initial setup?

The initial setup is pretty simple. The amount of time required for deployment depends on the number of rules that need to be configured. The initial setup can be done in one day, and the post-setup configuration depends on the rules to be applied.

What about the implementation team?

The initial setup was completed by a partner, who was a certified system integrator.

Our in-house team handles maintenance.

What's my experience with pricing, setup cost, and licensing?

This product is not cheap and there are additional costs that depend on what model or package that you buy. If you need more features then you may have to buy additional modules. In our case, we knew what we wanted in advance so there were no additional costs.

What other advice do I have?

Overall, I am pretty happy with Check Point firewalls. My advice for anybody who is implementing this product is to get somebody with experience to help choose the correct, stable version, and assist with the configuration. All of the new features take time to implement properly, but if the correct steps are followed then they won't run into problems when the system goes into production. 

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Network Security Administrator at a financial services firm with 10,001+ employees
Real User
Great protection, very stable, and offers excellent management

Pros and Cons

  • "The firewall rule writing and object creation are the best and simplest I've seen on a firewall."
  • "When we hit a bug, the support team recommends some hotfix, and if we upgrade to that, we have to uninstall it before we apply some newer jumbo hotfix."

What is our primary use case?

We are a financial institution and we use Check Point as a firewall that is positioned for external connections, like the Internet, leased lines, and site-to-site VPNs for other companies. Check Point protects our mobile applications connected to the internet, as well as the main company website. Some firewalls are positioned on some of our HQs.

We're on version R80.40 (some minor firewalls are on R80.30) and we use 13000, 23000, and 26000 series appliances. We use Application Control, Identity Awareness, IPS, URL Filtering, Anti-bot, Antivirus, Threat extraction, and Threat emulation blades.

How has it helped my organization?

I've been in the same company for 11 years, and Check Point has been running in a stable manner for our company's main internet connection (and 7 years before that).

It has protected our main applications successfully without any performance drops, and with its flawless logging capabilities, we were able to pinpoint any issues every time.

The management is also the best among any other firewall, with the convenience to create the objects and rules on the same page. This has helped us save time on operations. We can use APIs to create objects and rules to easily finish some projects.

What is most valuable?

The best features are the stability and the performance of the firewall and its software blades, simplicity to write the firewall rules on its GUI, and its logging capabilities.

The firewalls are working stably, without any interruptions. As we planned our capacity well, we've never had any performance issues.

The firewall rule writing and object creation are the best and simplest I've seen on a firewall (I've looked at 6 different vendors). I often wonder why the other vendors don't do it Check Point's way.

To see the logs, we can search like a search engine, and we can combine different search strings to pinpoint the interesting traffic.

What needs improvement?

The product can be improved with fewer hotfixes, and if more generally available jumbo hotfixes were used.

We don't often hit bugs. It's perfectly normal for an NGFW device as other vendors are always fixing bugs too. However, when we hit a bug, the support team recommends some hotfix, and if we upgrade to that, we have to uninstall it before we apply some newer jumbo hotfix. If those fixes were included in a fast manner in the jumbo hotfix (as jumbo hotfixes are tested thoroughly for general availability), it would be ideal.

For how long have I used the solution?

I've used the solution for 11 years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Gerry Moore
Head Of Technical Operations at Boylesports
Real User
Top 5
Easy to manage, eliminates having to remove old hardware, and has multiple capabilities in a single box

Pros and Cons

  • "The best feature is the ability to increase the capacity of the solution by exactly what you add, not losing anything for High Availability."
  • "One of the biggest disappointments is the GUI."

What is our primary use case?

This is a complex high availability solution growing by over 100% per year. The complexity of the business environment made the ability to increase capacity without having to remove previous hardware much easier.

We have a large online presence with users needing realtor access to our environment. 

How has it helped my organization?

The improvements to our business are easy to explain. It is faster, easy to use, and there are multiple capabilities all in one box. The best examples are the endpoint and anti-virus options.

The ability to add more firewalls and increase the capabilities, rather than remove the hardware, is an exceptional step forward. No competitor was able to compete with this. Not having to continually replace hardware year after year was a massive driver in the decision-making process. The throughput going up by 100% with each added device is exceptional.

What is most valuable?

There are many features we have found good.

The best feature is the ability to increase the capacity of the solution by exactly what you add, not losing anything for High Availability. This feature alone will save us as we increase the number of devices in the stack.

Having so many top-end products in one box also assists in managing this device. URL filtering and anti-virus and other services are easy to deploy but assist in getting your company a good name.

The Infinity product seems amazing but we have a long way to go before saying it is successful.

What needs improvement?

One of the biggest disappointments is the GUI. I felt it was a little bit more clunky than some competitors. The screens don't flow as easily as they should. Improving user experience will further elevate this product.

The way the management console operates is not user-friendly, either. It needs to become less intrusive. The user experience is not as high as it should be due to the problems with the user interface. The newer products in the range seem to address my concerns, which I have had for even the older products.

For how long have I used the solution?

I have been using Check Point NGFW for six months.

Which other solutions did I evaluate?

Having leading-class firewalls with massive growth possibilities made the purchasing decision much easier. Having carried out a few PoCs, the obvious decision was the Check Point solution of Maestro and 6500s in a high availability environment.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.