We just raised a $30M Series A: Read our story
Sreegith Sreedharan Nair
Senior Network Engineer at LTI - Larsen & Toubro Infotech
Real User
Centralized management, good VPN functionality, provides valuable insights into our traffic

Pros and Cons

  • "The SmartView monitor and SmartReporter help us to monitor and report on traffic."
  • "Integration with a third-party authentication mechanism is tricky and needs to be planned well."

What is our primary use case?

We have deployed Check Point firewalls for perimeter security and also for filtering East-West traffic. 

Check Point helps in improving perimeter security along with giving insights into different kinds of traffic and attacks.

Isolation between different tiers of APPs is critical for us and Check Point is utilized for handling high traffic volumes of East-West traffic.

We are leveraging the VPN module on the perimeter firewall for users to access the VPNs. VPN authentication is integrated with RSA for multi-factor authentication.

How has it helped my organization?

We have reduced the number of firewalls using the VSX cluster from Check Point. This reduced management overhead to a great extent. Also, the stability of clustered firewall helps us in meeting SLAs with clients.

Check Point firewalls can be tuned for one-off cases like allowing out-of-sync packets for a source-destination pair, which is a feature that helped us tackle application issues. 

We have deployed VPN firewalls in multiple data centers, which help with load sharing and redundancy for the VPN traffic.

Managing all of our user VPNs, customer VPNs, and Cloud VPN tunnels' endpoint encryption from a single management portal is helping us.

What is most valuable?

VSX helps to reduce the physical footprint on datacenter racks.

The SmartView monitor and SmartReporter help us to monitor and report on traffic.

Centralized management and management high availability give the ability to manage firewalls in a DR scenario. 

Features such as the ability to simultaneously edit the rule base by multiple admins and revert to a previous rule base revision are very useful.

Having a separate appliance for logging helps us in meeting the security audit requirements, without having an overhead on management.

What needs improvement?

Configurations can be complex in some situations and need experienced engineers for managing the solution.

Integration with a third-party authentication mechanism is tricky and needs to be planned well.

SmartView monitor can be enhanced to display granular details of gateways with a single click. Also, having the ability to generate alerts from the Smart Monitor would be a nice feature.

For how long have I used the solution?

We have been using Check Point firewalls for the last eight years.

How are customer service and technical support?

Support might take a long time to resolve issues in rare scenarios.

What other advice do I have?

My advice for anybody who is implementing this solution is to always keep an identical configuration, even interface statuses, in a VSX cluster before an upgrade to minimize upgrade failures.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
RF
Manager for Operations, Security and Management at REN - Rede Energeticas Nacionais, S.A.
Real User
Top 10
Identity awareness and application control features help secure our network

Pros and Cons

  • "The most valuable features for us are identity awareness, IDS and IPS, and application control."
  • "The speed of technical support is very slow and is something that should be improved."

What is our primary use case?

Our primary uses for the Check Point NGFW are network segmentation, identity awareness, and application control.

What is most valuable?

The most valuable features for us are identity awareness, IDS and IPS, and application control.

What needs improvement?

The speed of technical support is very slow and is something that should be improved.

For how long have I used the solution?

We have been using Check Point firewalls for about 20 years.

What do I think about the stability of the solution?

There were times in the past when it wasn't as stable as it is now. However, with the current version, we have been running for the past year without any issues.

What do I think about the scalability of the solution?

Our company has about 1,000 users that generate traffic that passes through the firewall. Beyond that, we haven't had much need to scale.

How are customer service and technical support?

The technical support is very slow.

Which solution did I use previously and why did I switch?

The two firewalls that we having implemented are Check Point and Fortinet.

I have also worked with Juniper but it does not have all of the advanced features that Check Point has, such as application control and identity awareness.

How was the initial setup?

The initial setup is pretty simple. The amount of time required for deployment depends on the number of rules that need to be configured. The initial setup can be done in one day, and the post-setup configuration depends on the rules to be applied.

What about the implementation team?

The initial setup was completed by a partner, who was a certified system integrator.

Our in-house team handles maintenance.

What's my experience with pricing, setup cost, and licensing?

This product is not cheap and there are additional costs that depend on what model or package that you buy. If you need more features then you may have to buy additional modules. In our case, we knew what we wanted in advance so there were no additional costs.

What other advice do I have?

Overall, I am pretty happy with Check Point firewalls. My advice for anybody who is implementing this product is to get somebody with experience to help choose the correct, stable version, and assist with the configuration. All of the new features take time to implement properly, but if the correct steps are followed then they won't run into problems when the system goes into production. 

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
552,407 professionals have used our research since 2012.
ITCS user
Network Security Administrator at a financial services firm with 10,001+ employees
Real User
Great protection, very stable, and offers excellent management

Pros and Cons

  • "The firewall rule writing and object creation are the best and simplest I've seen on a firewall."
  • "When we hit a bug, the support team recommends some hotfix, and if we upgrade to that, we have to uninstall it before we apply some newer jumbo hotfix."

What is our primary use case?

We are a financial institution and we use Check Point as a firewall that is positioned for external connections, like the Internet, leased lines, and site-to-site VPNs for other companies. Check Point protects our mobile applications connected to the internet, as well as the main company website. Some firewalls are positioned on some of our HQs.

We're on version R80.40 (some minor firewalls are on R80.30) and we use 13000, 23000, and 26000 series appliances. We use Application Control, Identity Awareness, IPS, URL Filtering, Anti-bot, Antivirus, Threat extraction, and Threat emulation blades.

How has it helped my organization?

I've been in the same company for 11 years, and Check Point has been running in a stable manner for our company's main internet connection (and 7 years before that).

It has protected our main applications successfully without any performance drops, and with its flawless logging capabilities, we were able to pinpoint any issues every time.

The management is also the best among any other firewall, with the convenience to create the objects and rules on the same page. This has helped us save time on operations. We can use APIs to create objects and rules to easily finish some projects.

What is most valuable?

The best features are the stability and the performance of the firewall and its software blades, simplicity to write the firewall rules on its GUI, and its logging capabilities.

The firewalls are working stably, without any interruptions. As we planned our capacity well, we've never had any performance issues.

The firewall rule writing and object creation are the best and simplest I've seen on a firewall (I've looked at 6 different vendors). I often wonder why the other vendors don't do it Check Point's way.

To see the logs, we can search like a search engine, and we can combine different search strings to pinpoint the interesting traffic.

What needs improvement?

The product can be improved with fewer hotfixes, and if more generally available jumbo hotfixes were used.

We don't often hit bugs. It's perfectly normal for an NGFW device as other vendors are always fixing bugs too. However, when we hit a bug, the support team recommends some hotfix, and if we upgrade to that, we have to uninstall it before we apply some newer jumbo hotfix. If those fixes were included in a fast manner in the jumbo hotfix (as jumbo hotfixes are tested thoroughly for general availability), it would be ideal.

For how long have I used the solution?

I've used the solution for 11 years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Gerry Moore
Head Of Technical Operations at Boylesports
Real User
Top 5
Easy to manage, eliminates having to remove old hardware, and has multiple capabilities in a single box

Pros and Cons

  • "The best feature is the ability to increase the capacity of the solution by exactly what you add, not losing anything for High Availability."
  • "One of the biggest disappointments is the GUI."

What is our primary use case?

This is a complex high availability solution growing by over 100% per year. The complexity of the business environment made the ability to increase capacity without having to remove previous hardware much easier.

We have a large online presence with users needing realtor access to our environment. 

How has it helped my organization?

The improvements to our business are easy to explain. It is faster, easy to use, and there are multiple capabilities all in one box. The best examples are the endpoint and anti-virus options.

The ability to add more firewalls and increase the capabilities, rather than remove the hardware, is an exceptional step forward. No competitor was able to compete with this. Not having to continually replace hardware year after year was a massive driver in the decision-making process. The throughput going up by 100% with each added device is exceptional.

What is most valuable?

There are many features we have found good.

The best feature is the ability to increase the capacity of the solution by exactly what you add, not losing anything for High Availability. This feature alone will save us as we increase the number of devices in the stack.

Having so many top-end products in one box also assists in managing this device. URL filtering and anti-virus and other services are easy to deploy but assist in getting your company a good name.

The Infinity product seems amazing but we have a long way to go before saying it is successful.

What needs improvement?

One of the biggest disappointments is the GUI. I felt it was a little bit more clunky than some competitors. The screens don't flow as easily as they should. Improving user experience will further elevate this product.

The way the management console operates is not user-friendly, either. It needs to become less intrusive. The user experience is not as high as it should be due to the problems with the user interface. The newer products in the range seem to address my concerns, which I have had for even the older products.

For how long have I used the solution?

I have been using Check Point NGFW for six months.

Which other solutions did I evaluate?

Having leading-class firewalls with massive growth possibilities made the purchasing decision much easier. Having carried out a few PoCs, the obvious decision was the Check Point solution of Maestro and 6500s in a high availability environment.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
VP
Senior Manager, Information Technology at a financial services firm with 10,001+ employees
Real User
Top 20
We can add application signature in the same rule base & don't have to create a different policy for that

Pros and Cons

  • "Now we can add application signature in the same rule base & don't have to create a different policy for that."
  • "They should integrate all blades to use a single policy rather than multiple."

What is our primary use case?

The firewall is the primary use case of this solution & IPS is secondary use case of the solutions.

We are looking forward to Sandblast solutions.

We also use it for cloud expansions 

The Check Point NGFWs brought up the security level with the help of the advanced software blades - we use Application Control, URL Filtering, IPS, Anti-Bot, and Antivirus. The setup was simple, and the performance is great - we have significant resources to expand the environment in the future without disabling any blades and thus maintaining the security on the same, high level.

How has it helped my organization?

It has improved the security posture of the organization by implementing this solution.

Now we can add application signature in the same rule base & don't have to create a different policy for that.

Advanced networking and routing features - we use Proxy ARP to announced virtual IPs to ISP and bing domain names to it; BGP for dynamic routing over IPSec VPN tunnels to other environments, and Policy-Based Routing for connecting to two ISPs.

What is most valuable?

  • Easiness while working on all blade of firewalls 
  • Flexibility in NAT rules 
  • The new Policy Layers feature for building up the Access Control policy - the rules are now more understandable and efficient.
  • Also, even so, the new SmartConsole is declared to be unified starting from version R80.10, there are still some features that have to be configured in the old SmartDashboard (e.g. Mobile Access policy and Antivirus), or on the Gaia OS level (all the routing features).

What needs improvement?

  • Offline Sandblast solution, which should send malicious sources to other security solutions.
  • TAC Support level to be enhanced 
  • More details to be included while VPN troubleshooting, using GUI representation 
  • Integrate all blades to use a single policy rather than multiple.

For how long have I used the solution?

I have been using Check Point for more than 14 years.

Which solution did I use previously and why did I switch?

We are using Palo Alto and Check together.

What's my experience with pricing, setup cost, and licensing?

Cost is negotiable always & matches the expectations and licences are flexible and are added advantage. 

Which other solutions did I evaluate?

We evaluated other solutions.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IA
Solutions Architect Infrastructure and Security at a retailer with 1,001-5,000 employees
Real User
Stable and secure, but not user-friendly in terms of implementation

Pros and Cons

  • "Check Point is awesome from a security standpoint. Based on our experience and also the experience of the other customers, it is a very stable appliance."
  • "It should be user-friendly from an implementation point of view. Its setup is a little bit difficult."

What is our primary use case?

We use a remote access VPN, and this is a perimeter firewall for our data center to secure our servers and internal applications. We are using model G-6600.

What is most valuable?

Check Point is awesome from a security standpoint. Based on our experience and also the experience of the other customers, it is a very stable appliance.

What needs improvement?

It should be user-friendly from an implementation point of view. Its setup is a little bit difficult.

For how long have I used the solution?

I have been using this solution for four years.

What do I think about the stability of the solution?

From a security standpoint, it is very stable, and I would rate it a nine out of 10. I don't have any issues with it.

What do I think about the scalability of the solution?

At present, we have 30 for our distribution. So, it is pretty scalable.

How are customer service and technical support?

Their support is good. Their L1 and L2 support across the globe is great. L3 support is with the Israel team, and they have the right competency to troubleshoot it. Sometimes, when something needs to be done in the software in detail, we need to wait for people to come online from Israel. I would rate their L3 support a six out of 10 because we need to wait for the team from Israel to come online.

How was the initial setup?

It is a little difficult to set up. We need a really skillful engineer to manage it. After we have onboarded it correctly, it is very easy to manage, and it is very secure. Initially, we had some challenges and issues, and when we got the right resource and support from the vendor, they all got resolved. It took four or five days.

It should be user-friendly from an implementation point of view. I would rate it a six out of 10 in terms of implementation.

What other advice do I have?

I would recommend this solution. From a security standpoint, Check Point is the best product, but a customer should have the right skillsets to onboard and manage this.

I've been working with multiple customers in India, and I don't see any specific features that they need. It has covered pretty much everything.

Overall, I would rate it a seven out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
reviewer1284540
ICT-System-Specialist at a insurance company with 5,001-10,000 employees
Real User
Top 20
Central logging and management makes us faster and more efficient, but technical support needs improvement

Pros and Cons

  • "With the new SmartTask offered in R80.40, we will be happy to configure some automatic control-functions."
  • "The Check Point support needs a lot of improvement."

What is our primary use case?

We use Checkpoint Firewalls to protect Datacenter VLANs against each other. In addition, we use them to protect our perimeter systems from the internet, and our internal network from the perimeter.

We have virtualized the systems on a VSX-Cluster using VSLS, but the basics are still the same compared to a traditional cluster. VSX gives us a bit more flexibility in the case of load-sharing. Therefore, it’s quite easy to react in the case of heavily used hardware distributing the load by failover or prioritizing VSs onto different nodes.

How has it helped my organization?

The biggest improvement is the central logging and management of all firewalls. Other IT-departments can get log-access and search for their own if there are missing rules or other issues.

Since we use Identity Awareness the solution becomes more flexible, as users no longer need static IPs. Especially for IT-users, who always need more rights, it was a big improvement.

Implementing Wi-Fi makes it nearly impossible to work without Identity Awareness. Unfortunately, we fought with some bugs in the IA-module, but we got them solved.

What is most valuable?

R80 management has improved and made the product more comfortable for IT people to use.

Filtering through rules and finding similar ones to add additional objects becomes much faster.

With an additional hotfix starting from R80.10, we are able to use the management with Ansible. From R80 on, we started creating objects via script or adding them to groups. That makes some parts “automatic”, or at least much faster.

With the new SmartTask offered in R80.40, we will be happy to configure some automatic control-functions.

What needs improvement?

The Check Point support needs a lot of improvement. We spend a lot of time troubleshooting issues ourselves, create good ticket descriptions, and try to explain in detail what has already been tested. Even so, it takes at least three ticket-updates before support really understands the issue. If you manage to reach the third-level support, you are still forced to be really critical of what kind of suggestions Check Point support is offering you. Running debugs on a test environment is quite different than running them in a heavily used production environment.

For how long have I used the solution?

We have been using Check Point firewalls for 16 years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
AO
Head of Technology at African Alliance Plc.
User
Top 20
Highly scalable and responsive with great VPN functionality

Pros and Cons

  • "The firewalling feature and the VPN functionality are excellent."
  • "The quality of the console should be improved in terms of aesthetics."

What is our primary use case?

I use the NGFW as a Firewalling device, for VPN tunneling, and for virtual patching. My environment is a two-tier network environment. I also use the Check Point NGFW as an IPS.

How has it helped my organization?

It really has improved my organization in terms of protecting my network against intrusion and zero days. I have been able to explicitly configure the blocking of certain attack vectors using Check Point NGFW.

What is most valuable?

The firewalling feature and the VPN functionality are excellent. With the firewalling functionality, I have been able to ward off intrusion from outside the network. With the VPN functionality, I have been able to allow secure remote connections from external customers and staff. 

What needs improvement?

CheckPoint would do good to add new features such as UEBA(User and Entity Behavior Analytics). 

They should also improve on the effectiveness of their antivirus. It should be more effective than competitors.                                                                                                                                                                                                                                                                                                                                                                                                                                                       

For how long have I used the solution?

I have been using Check Point NGFW for five years.

What do I think about the stability of the solution?

The product is very stable with no crashing or configuration corruption.

What do I think about the scalability of the solution?

The solution is highly scalable and responsive.

How are customer service and support?

The vendor is very professional and has the know-how.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I used to use the Cisco ASA 5500 series firewalling device.

How was the initial setup?

The initial setup was straightforward.

What about the implementation team?

The product was implemented through a third-party vendor.

What was our ROI?

We saw an ROI within one year.

What's my experience with pricing, setup cost, and licensing?

It is very competitive relative to others on the market.

Which other solutions did I evaluate?

I was shown the POC and I fell in love with the fact that the Check Point NGFW has a GUI that allows for easy configuration. It also does firewalls very well. Therefore, I did not look at other options.

What other advice do I have?

It is an awesome product!

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.