We just raised a $30M Series A: Read our story
PI
IT Manager at a comms service provider with 51-200 employees
Real User
Top 20
Great mobile access with good security and excellent stability

Pros and Cons

  • "The AntiSpam/Mail blade was also one of the main reasons we went with this product since we hosted our email server locally. This was an extra layer of protection on top of the existing solution."
  • "It would be ideal to manage everything from one central place."

What is our primary use case?

It's our main firewall and the first line of protection from the outside! We use it to interconnect our remote locations (that use different vendors and equipment) and let the employees work remotely.

We're a small site with 300 users and this equipment is more than enough for us. We use almost all the blades and the equipment has run smoothly for years.

This NGFW monitors all the traffic outside of the main network, prevents malicious activities, and lets us easily manage network policies to shape our connections.

How has it helped my organization?

Stability and security are the best way to describe this solution. The attacks from the outside still exist, but now we're better protected. We can view everything that goes in and out of our network with all the information in one place. The drill-down is very helpful and easy to use. Currently, we can troubleshoot connection problems live and solve them in a couple of minutes. This is an improvement on the 1-2 hours with the old solution.

In 4 years we've only had one problem with the equipment (due to a malfunctioning UPS). That corrupted the boot of the equipment, but was easily solved with an fsck.

What is most valuable?

We basically use almost all the blades, since the IPS, Threat Emulation, Spam, etc., are essential for our work. However, currently, Mobile Access is the most valuable. The stability of the solution and the security it gives when working remotely is great. It lets our employees work from everywhere, anytime!

The AntiSpam/Mail blade was also one of the main reasons we went with this product since we hosted our email server locally. This was an extra layer of protection on top of the existing solution.

Threat and Application control are also very important to us.

What needs improvement?

I do prefer to manage everything from only one point of entry/one application. Some things can only be configured from the smart console and others from the smart dashboard. This is the only handicap in this solution. It would be ideal to manage everything from one central place.

Instead of using a windows application to manage the equipment, it would be better to use a web app to configure the solution from a browser.  I know that it's not as powerful (you can't do everything from there), but then we could manage the solution and troubleshoot from any device.

It's faster to see the event logs on a webpage than it is to see them in the smart console.

For how long have I used the solution?

I've used the solution for 4 years.

What do I think about the stability of the solution?

It's very stable. It's also the main reason I love the solution.

During this time i never had to manually restart the equipment because of connectivity problems or because of CPU/memory degradation performance. Sometimes these values get high, but i never lose Throughtput, the equipment continues to run smoothly. We used to restart our older firewall at least 2 times per month.

In the beginning, because we use the spam blade, the memory usage was always high, and the administration was a little bit slow. But Checkpoint provided us an extra memory upgrade and after that we never had administration problems. If we don't have internet connection it's allways the ISP, it was never because of the firewall.

What do I think about the scalability of the solution?

Although I only have one unit, I know that it scales perfectly.

How are customer service and technical support?

We only had one problem with this equipment. That was because it couldn't boot properly due to disk corruption (malfunction UPS), however, searching the technical Check Point forums it was easy to find a solution to the problem at hand.

We managed to solve the problem without contacting customer service at all.

Which solution did I use previously and why did I switch?

We used to have Zyxel products, but they were aging and couldn't let us connect at faster speeds.

How was the initial setup?

The setup was easy. It didn't take long to have it up and running.

The only concern for us was the remote sites - since it was different vendors. However, we had everything documented and prepared and due to that, it went flawlessly.

It was also easy to create access policies.

What about the implementation team?

The implementation was through a vendor, and the installation went really well. The consultant was Check Point certified and explained everything in detail.

Later on, we added new remote sites to the configuration (in-house) without any problem. We didn't need to check with the vendor.

What was our ROI?

It's not easy to calculate, however, given the stability and security of the solution, it's elevated. There are no bulletproof solutions. That said, now we can rest a bit more because our assets are more protected than they were a couple of years ago.

What's my experience with pricing, setup cost, and licensing?

The setup cost, pricing, and licensing can be a bit expensive, but, I promise, it's completely worth the cost.

Which other solutions did I evaluate?

I evaluated Fortinet and Check Point.

What other advice do I have?

It simply works like a charm. The stability and trust in the vendor are also very important to us.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
MA
Sr. Network Engineer at a tech services company with 1,001-5,000 employees
Real User
Top 5
Provides us with more security features than our previous solution and everything is managed from a central device

Pros and Cons

  • "There are also additional features, compared to a Layer 4 or Layer 3 firewall, such as AV signatures and devices, which are very helpful for securing the company's network."
  • "The only thing which I think should be improved is that training should be increased. In my position I also interview potential employees and I haven't found many people in the market, nowadays, who are familiar with the Check Point firewall. They are more familiar with Palo Alto and Cisco ASA and they are more comfortable with them."

What is our primary use case?

We use Check Point firewalls to secure our internal network from the outside world and to provide a good, comfortable, and secure environment for our employees.

We have various models from the R80 series, such as the R80.10 and the R80.30.

How has it helped my organization?

Before, we were using firewalls from Palo Alto. The benefit of the Check Point firewall is that it has more security features. It has antivirus signatures and additional features for which we should require additional hardware devices in the firewall. It also gives us a central management system, which was not present in the Cisco ASA.

What is most valuable?

Check Point's Next Generation Firewall has many good features. It has a central management system, and that means we do not have to go to each and every firewall to configure it. We can manage them with the central device. 

There are also additional features, compared to a Layer 4 or Layer 3 firewall, such as AV signatures and devices, which are very helpful for securing the company's network.

What needs improvement?

The only thing which I think should be improved is that training should be increased. In my position I also interview potential employees and I haven't found many people in the market, nowadays, who are familiar with the Check Point firewall. They are more familiar with Palo Alto and Cisco ASA and they are more comfortable with them. Check Point is one of the good firewalls and training should be increased by the company so that more people are familiar with it and with their switches.

For how long have I used the solution?

I have been using Check Point's firewalls for the last three-and-a-half years.

What do I think about the stability of the solution?

The stability is very good. The updates we get for the antivirus and the URL filtering sites are also very nice and happen very often. That is a good thing because there are various new attacks coming out but we get their updates on time. 

What do I think about the scalability of the solution?

In terms of the scalability, it is very easy to extend the utilization of Check Point firewalls. We did so in the past. We extended our environment in our organization and it was very easy to extend it.

We have around 4,000 to 5,000 people who are using the Check Point firewalls directly or indirectly. They are passing their traffic through it. Expansion of our usage completely depends on the organization. If they want to do so they will tell us and, if that happens, we will definitely go for Check Point firewalls.

How are customer service and technical support?

We have used Check Point TAC to resolve our issues. We have had good support. They have good engineers there.

Which solution did I use previously and why did I switch?

We were using Palo Alto and Cisco before and we replaced them with Check Points.

We used Palo Alto in a  few of our sites, but we found Palo Alto was more expensive and its updates and services were also more expensive compared to the Check Point firewall.

Cisco is a very basic firewall in the market, and it has a limited set of features, compared to Palo Alto and Check Point. Palo Alto has rich features, but it is one of the more expensive firewalls in the market. The Check Point firewall is not too expensive, but it is also a third-generation firewall.

The drawback of the Check Point firewall is the lack of training materials. That should be increased.

How was the initial setup?

We have a team of seven to eight people who have all installed and configured environments so the initial setup, for us, was a very straightforward process. And these are the people who handle maintenance of the firewall and manage it, during different shifts. They are all network engineers.

It took us between nine and 12 months to do the implementation. We have Check Point hardware so we followed the recommended, three-level architecture, in which there is a SmartConsole, the hardware security gateway firewall, and the central management device.

What's my experience with pricing, setup cost, and licensing?

The pricing is good. It is less than Palo Alto's firewalls. Check Point has the same features as Palo Alto, but the licensing and cost of these firewalls are not too expensive. It is one of the best firewalls in the market in this range.

What other advice do I have?

Check Point firewalls have many features. Before configuring it in an environment, you should know each and every feature of the firewall. You should also follow the three-level hierarchy which is recommended by Check Point.

There are a few add-on features for Check Point firewalls. I only learned that by using the firewalls. I'm very happy with the way Check Point is progressing. They continue to work on their firewalls even after making their name. That is something we should follow in our lives as well: Once we have made our name, we should not stop there. We should further build the reputation of the company and product.

We are very happy with the Check Point firewalls. The only thing missing, as I mentioned earlier, is that training should be increased for the firewall by the organization. Otherwise, we are very happy with investment in this solution.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,029 professionals have used our research since 2012.
AA
Sr. Security Engineer at a financial services firm with 10,001+ employees
Real User
Top 5
Everything can be managed from a single dashboard

Pros and Cons

  • "Everything can be managed from a single dashboard nowadays."
  • "The main thing for a normal operations guy who is creating tools and firewalls, it is quite difficult to manage. It requires an expert level of knowledge in Check Point products to manage these scalable platform appliances and the virtual firewall that comes with it. We have to educate our guys and give them training on a regular basis to work on these products."

What is our primary use case?

It is a typical firewall that has been implemented in most of our regions. We use it for normal firewall policies and VPNs.

We are mainly using Check Point firewalls. We also have a few Check Point cloud security programs.

How has it helped my organization?

Everything can be managed from a single dashboard nowadays.

Since we upgraded to R.80 from our previous R.77 version, the activity of my team has improved a lot. We don't have to open multiple consoles or go to multiple nodes. Even though we are managing multiple solutions of Check Point, they feel similar to us now.

What is most valuable?

The most valuable feature is the Check Point Management Server, especially version R.80 onward. We can manage everything. We have endpoint security, cloud security, and email security. Everything can be managed from a single management server, making this a very unique and easy solution to use in the market now.

From a technical perspective, it is an easy solution to use. Everything seems perfect. We are not using all of its features, like sandboxing. 

What needs improvement?

The main thing for a normal operations guy who is creating tools and firewalls, it is quite difficult to manage. It requires an expert level of knowledge in Check Point products to manage these scalable platform appliances and the virtual firewall that comes with it. We have to educate our guys and give them training on a regular basis to work on these products. Otherwise, it's fine.

For how long have I used the solution?

About five years.

What do I think about the stability of the solution?

It is pretty stable. It hasn't caused many issues over the years, unlike normal network issues. They do release bug fixes at least once a month. We keep very good track of that and update the patches regularly, but we haven't run into bigger issues so far. So, I'd say it is quite stable. 

The firewall is very easy to use and hasn't caused much trouble for us over the years.

What do I think about the scalability of the solution?

From a scalability perspective, they have a solutions like Check Point Maestro. Therefore, it is easy to upscale nowadays.

We have over 200,000 end users.

How are customer service and technical support?

They should improve the support a bit. Though they have expert engineers in tech, sometimes the amount of time to get back a solution for an issue is more than what is acceptable, even though it is a high priority.

During a scheduled activity or an implementation, they find their highest level of support. During an implementation, I never faced an issue with the support. I would rate them a nine out of ten for this.

Which solution did I use previously and why did I switch?

The company has been using Check Point firewalls for the past 10 years. Before that, they used Cisco ASA.

How was the initial setup?

Mostly, I have worked on Check Point products. Therefore, the initial setup was straightforward. It was not that complicated. 

I can spin up a firewall and put it in production within an hour. If it's a migration from a different solution or upgrading an existing management solution, it might take some time because of the planning. There are a lot of things that have to be a part of the implementation or migration activities.

What about the implementation team?

We do it ourselves most of the time. We only take help when it comes to scalable platforms, like big chassis firewalls, which are little complicated. Then, we get outside help.

I manage the operations team and have also been involved as a consultant.

We have some best practices in place that we follow.

There are four security engineers who deploy and maintain this solution.

What's my experience with pricing, setup cost, and licensing?

Comparatively, Check Point pricing is a little high. However, if you have that budget, I would recommend anybody to go with Check Point.

Which other solutions did I evaluate?

For cloud security purposes, we looked at FortiGate. In the end, we decided to go with Check Point. Primarily, we went with Check Point because of the fee. We also already had expertise on Check Point and the team is comfortable around it. We like that Check Point has a single dashboard. Feedback from peers suggests that the support in India for NGFWs is not as good with other vendors as it is at Check Point.

What other advice do I have?

Get a team who has expertise on this product and educate your team. Give them training. If Check Point is using a new version, make sure your team is aware of that. If there are any changes, let them know and make them comfortable working around this product because we have had some issues due to lack of expertise.

If you don't have an expert in-house team for implementation, I would strongly recommend getting help of the Check Point professional services team. There are a few third-party operational services, but I would go with Check Point professional services.

We are planning to increase our usage of the solution. Every project that we take on has Check Point security products as part of the solution.

I would give this solution an eight out of 10 because of the support. They take too much time when they should give you a result.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
SJ
Network Security Administrator at a computer software company with 201-500 employees
Real User
Top 5
User-friendly with IPS already configured in the box, and the dashboard is good and easy to use

Pros and Cons

  • "Check Point has a lot of features. The ones I love are the antivirus, intrusion prevention, and data loss prevention. Apart from that, there is central management through which we can integrate all the firewalls and support them. It makes it easy to manage all the firewalls."
  • "The antivirus is less effective than its competitors' antivirus. The antivirus is good, but in other firewalls, such as Palo Alto, it's quite effective. Check Point should provide more output. Sometimes it provides comprehensive information and sometimes it doesn't."

What is our primary use case?

We use it to provide security in our organization. Check Point Next Generation Firewalls are designed to support large networks, like a telco environment.

What is most valuable?

Check Point has a lot of features. The ones I love are the 

  • antivirus
  • intrusion prevention 
  • data loss prevention. 

Apart from that, there is central management through which we can integrate all the firewalls and support them. It makes it easy to manage all the firewalls.

It's also user-friendly and not very complex. Anyone can use it and the dashboard is quite good.

What needs improvement?

Check Point has notably fewer tutorials on Google. If I'm facing any kind of issue and I Google it, less stuff is available. 

Apart from that, the antivirus is less effective than its competitors' antivirus. The antivirus is good, but in other firewalls, such as Palo Alto, it's quite effective. Check Point should provide more output. Sometimes it provides comprehensive information and sometimes it doesn't.

For how long have I used the solution?

I have been using this firewall for more than one year.

What do I think about the stability of the solution?

The stability is good. We've never seen any kind of issue with the Check Point firewalls. In very rare cases we go to their TAC, but we normally try to resolve the situation from our side.

What do I think about the scalability of the solution?

They are quite scalable. They are designed to extend in large data centers and tech environments. They are designed to support the needs of large networks, and offer reliability and performance.

How are customer service and technical support?

Check Point's technical support is quite good. It's quite helpful. We have never faced any kind of issue with them. Whenever we have an issue with the firewalls, we just raise it with them and they are quite supportive and quite technical as well. They provide a resolution on time and effectively.

Which solution did I use previously and why did I switch?

Previously, I worked on Cisco ASA firewalls and they have a lot of disadvantages. They have a lot fewer features compared to the Check Point firewalls. We just started using Check Point as a firewall in our organization and they give us new features which are better than the Cisco ASA. With Check Point, the IPS is already configured in the box, unlike the Cisco ASA, and there are a lot of features which help us to provide more security for our customers. In our case, the customers are all employees of our organization.

All of these are reasons we switched to Check Point.

How was the initial setup?

The setup is straightforward.

Deployment depends on the customer's architecture or network.

In terms of a deployment plan, we have different teams in our organization that support different business cases. After an implementation ticket is raised by the requester it goes to the planning stage, then it goes to the implementation stage and then it goes to the validation stage. The planning stage is done by the network security admins. The approval stage that is done by our managers and the validation stage is done by us, the network security admins. This is the process that we follow in our organization. Everything is documented.

What about the implementation team?

We do the deployment ourselves, but if we face any kind of issue, we just raise an issue with their TAC.

What's my experience with pricing, setup cost, and licensing?

The pricing is good. It's not so expensive. You can deploy it and it will do a lot of jobs in one package. It's a good choice compared to the other firewalls.

Which other solutions did I evaluate?

We looked at Palo Alto and the Cisco FTD Next-Generation Firewall.

What other advice do I have?

Check Point Next Generation firewalls are very good. They have a lot of features in one box and they're not that expensive. They support a lot of features, including antivirus, data loss prevention, and the central management is very good. We can configure all the firewalls through the central management. They have many things in a small package. I would recommend them.

The biggest lesson I have learned from the solution is that it has a lot of features that I was not aware of. The dashboard is quite simple and it's not complex to use.

We make changes on this Checkpoint Firewall as per customer demand. If they want to add a rule on the firewall we do that, and if they want to remove something we remove it for them. If they want to change the position of some rules or to allow or deny any kind of traffic, we do that for them.

In our organization we have a team of 20 - 25 network security admins. Sometimes the network team will also implement changes and they are about 25 people. Sometimes we get  the help of our managers to approve the changes or validate whether the change has been implemented correctly or not. If I sum it up, it's a team of about 100 people who directly use the solution, and they also take care of deployment and maintenance.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
RS
IT Manager at a transportation company with 501-1,000 employees
User
Easy to set up, stable, and offers excellent technical support

Pros and Cons

  • "The packet inspections have been a strong point."
  • "I would like there to be a way to run packets that capture more easily in the GUI environment. Right now, if we want to read packet captures, we have to do so from the command line."

What is our primary use case?

It's our main firewall and the first line of protection from outside attacks. We use it to interconnect our remote locations (that use different vendors and equipment) and let the employees work remotely. We're a small site with 300 users and this equipment is more than enough for us. We use almost all the blades and the equipment has run smoothly for years. This NGFW monitors all the traffic outside of the main network, prevents malicious activities, and lets us easily manage network policies to shape our connections.

How has it helped my organization?

We have a lot of flexibility now, and a leg up identifying zero-day threats. We have multiple ways of doing policies now that we didn't have before. The options are more robust than previous products and I would say that we're pleased with the product. The reports I'm getting are that we're satisfied, even impressed, with the options Check Point offers.

There is a scope of improvement in detecting zero-day threats using the SandBlast technology, by introducing emulation of Linux-based operating systems. We have also observed issues while using the products with SSL decryption. There is room for improvement in application-based filtering, as with other firewalls available in the market today. Check Point has improved its application filtering capabilities in the recent past and their latest version, R80, is more capable but still, creating an application-based filter policy is a little cumbersome.

What is most valuable?

It's a NGFW with all of the capabilities required to protect for next-generation attacks at the perimeter level. The module or Security features that are provided as part of the base license with Check Point include (VPN, IPS, Application Control, and Content Awareness) which itself is strong enough to protect the organization.

The packet inspections have been a strong point. Our identity collectors have also been helpful. In many ways, Check Point has been a step up from the SonicWall that we had in-house before that. There's a lot of additional flexibility that we didn't have before.

What needs improvement?

I would like there to be a way to run packets that capture more easily in the GUI environment. Right now, if we want to read packet captures, we have to do so from the command line.

The biggest improvement they could make is having one software to install on all three levels of their products, so that the SMBs, the normal models, and the chassis would all run the same software. Now, while there is central management, everything that has to be configured on the gateway itself works differently on the three kinds of devices.

For how long have I used the solution?

I started using the solution 3 months ago.

What do I think about the stability of the solution?

The web interface was easy for me. The configuration is logical, so it's easy to use and easy to understand how to protect, how to open a port, how to manage, and how to route a device. That's why I prefer Check Point. It's robust and I never have issues with the hardware.

What do I think about the scalability of the solution?

The scalability is quite good. You can scale well across locations for not too much cost. If a company needs to expand, it can do so relatively easily.

Also, cost-wise, it's very affordable to scale up. It's not expensive to add hardware and licenses as needed. They make upgrading very cheap.

We have 200 people on the solution. That said, they are using it with an IPsec tunnel. They don't use all of the capabilities of the hardware. They are using it just to encrypt tunneling between the sites.

How are customer service and technical support?

Technical support has been excellent

Which solution did I use previously and why did I switch?

Yes, we were previously using SonicWall but security is less robust in comparison to Check Point.

How was the initial setup?

The initial setup is very easy.

What about the implementation team?

We implemented it through a vendor called S G Informatics India Pvt Ltd.

The level of expertise I would rate at 10 out of 10.

What's my experience with pricing, setup cost, and licensing?

I would recommend going into Check Point solutions. Although Check Point has the option of implementing your firewall on a server, I would advise implementing it on a perimeter device because servers have latency. It's best to deploy it on a dedicated device. Carry out a survey to find out if the device can handle the kind of workload you need to put through it. Also, make it a redundant solution, apart from the Management Server, which can be just one device. Although I should note that, up until now, we have not had anything like that ourselves.

Which other solutions did I evaluate?

We have looked into Sophos.

What other advice do I have?

The most valuable features are the security blades and the ease of managing the policies, searching logs for events, and correlating them.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
reviewer1692972
User at PROWERS COUNTY HOSPITAL DISTRICT
User
Extremely stable with many great features and a helpful web GUI

Pros and Cons

  • "We used Check Point for implementation, and they are top-notch. They know the hardware and software better than anyone."
  • "I have had some issues in the past with the desktop client being slow to come up for logging in, and then slow to respond to screen changes, however, overall, it really hasn't been too bad."

What is our primary use case?

We are a Critical Access hospital with close to 1,000 endpoints and hundreds of users. We currently have multiple ISPs coming into the hospital for internet redundancy. There are multiple buildings on our campus that are connected with copper and fiber. We have had clinics in multiple cities attached to our network at various times. 

We installed the Check Point NGFW in our environment to act as our main firewall and gateway. This allows us to keep several of the vendor devices (lab analyzers and other third-party equipment) segregated on different VLANs so they have no access to our production VLAN. This system is also our VPN concentrator for several site to site VPNs and remote software VPN connections.

How has it helped my organization?

In the past 15+ years that I have run these firewalls, we have been able to make huge strides in increasing our security posture. This has been evidenced by our annual Security Risk Assessments run by a third party. Check Point is always coming out with new features that help make it easer to manage our security posture. We have received multiple comments from other organizations praising us for the speed and accuracy of setting up new site-to-site VPNs with the proper access. This is all possible because of the intuitive Check Point software.

What is most valuable?

There are many great features, however, with our last upgrade, we now have a web GUI that allows us to pull up multiple facets of the firewall environment. This feature has been very handy. There have been times we have a connectivity issue, and both sides are blaming each other. If I'm away from my desk and don't have my laptop, I can quickly bring up the interface on my phone and search through the logs, rule base, and VPN communities to help quickly troubleshoot the problem. I can't say it enough - this has been invaluable.

What needs improvement?

Overall, this is a great system, and I'm struggling to come up with things that I think should be improved. 

I have had some issues in the past with the desktop client being slow to come up for logging in, and then slow to respond to screen changes, however, overall, it really hasn't been too bad. 

For additional features in the next release, I would like to see more change functions available in the new Web GUI version. This is still a new offering from the company, therefore, I can only assume it will get better as customers make suggestions/requests.

For how long have I used the solution?

I've used the solution for over 15 years.

What do I think about the stability of the solution?

This system has been rock solid in our environment. I have even run beta software to try out new features. I trust the company and their top-notch support staff to keep us running smoothly.

What do I think about the scalability of the solution?

This system has been very scalable. Check Point offers multiple security 'blades' that let you start out small, and increase as needed without having to drop a bunch of money on new hardware.

How are customer service and support?

I rarely have critical issues, however, when I do, I can call and get an engineer rather quickly. For most of my issues, I utilize the online support portal and/or knowledge base articles.

How would you rate customer service and support?

Positive

How was the initial setup?

We had engineers online with us to help us get everything setup. They have done this many times, and they were able to give us a lot of information to help prep the environment. This left us with minimal downtime.

What about the implementation team?

We used Check Point for implementation, and they are top-notch. They know the hardware and software better than anyone.

What was our ROI?

That is difficult to calculate. We have had hospitals and clinics drop like flies to ransomware, DDOS attacks, and other issues. The financial impact of something like that would be huge. You can't put a price on safety. 

We are trying to do the best we can in an ever-changing landscape of cyber dangers, and we feel that Check Point has been a great name to hang our safety on. In the 15+ years I've been working with Check Point, I have only changed out the hardware twice. We pay an annual fee to cover licenses and support. In general, this is a great investment.

What's my experience with pricing, setup cost, and licensing?

We purchased this through a VAR, so your mileage may vary when it comes to cost and initial service for setup. 

The licensing can be a bit tricky when you have more than one appliance. That said, they are very open and explain how it all works. They give the ability to set up trials of all the different license 'blades' to let you try before you buy.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Amit Kuhar
Network Security Consultant at Atos Syntel
Reseller
Top 5
Easy to manage, deploy, and upgrade

Pros and Cons

  • "It is easy to deploy or upgrade. There is no need to do this manually with commands. This solution can be set up online."
  • "In a VPN setup, we have Internet connection via Check Point. The connectivity is not turnkey like competing devices. We have not yet terminated our site-to-site VPN because things are fluctuating right now and Check Point needs to be upgraded. Also, their troubleshooting needs to be improved for this."

What is our primary use case?

We have around 500 firewalls all around the world with a global team to manage them. We are using Check Point NGFW for Internet traffic, IPS, and UTM devices.

Atos provides this solution, including network design and advice.

What is most valuable?

  • Antivirus
  • IPS
  • They got the logs into one site, which is wonderful.
  • There is a secure action line code that you can announce your products in.
  • If you have a number of sites, like a hundred sites around the world, you can deploy multiple VSX testing. 
  • All over the world, you can have DMZs in data centers, e.g., in the USA, Dubai, and London. 
  • It is easy to deploy and upgrade. 
  • Easy to manage, e.g., if there is a new engineer onsite, they can easily manage it.

What needs improvement?

In a VPN setup, we have Internet connection via Check Point. The connectivity is not turnkey like competing devices. We have not yet terminated our site-to-site VPN because things are fluctuating right now and Check Point needs to be upgraded. Also, their troubleshooting needs to be improved for this. 

For how long have I used the solution?

I have been using it for five years.

What do I think about the stability of the solution?

I haven't seen any stability issues, though I have seen some issues with the management of the gateway. Stability-wise, it is good (a nine out of 10).

What do I think about the scalability of the solution?

We have 74 locations. We can have 10,000 users maximum via an Internet gateway. We have four data center across the world: two in USA, one in London, and one in Dubai. Passing through Check Point per location: in the USA - 5000 users, in London - 2000 users, and in Dubai - 10,000 users.

There are 12 network security engineers/consultants managing Check Point and the legacy firewall, SonicWall.

How are customer service and technical support?

Right now, we cannot go directly to Check Point because of vendor dependency. We have to first initiate with our vendor.

Which solution did I use previously and why did I switch?

We migrated SonicWall to Check Point about two years back. That took one year to set up in our organization. 

We switched away from SonicWall because it is a legacy firewall at end of life. SonicWall was missing features that Check Point has, like UTM, IDS, IPS, antivirus, etc. Check Point is better for protection and performance-wise.

How was the initial setup?

It is easy to deploy or upgrade. There is no need to do this manually with commands. This solution can be set up online.

We have two devices. Right now, we are deploying and upgrading a new setup, where you can do management, management plus gateway on the device, or virtually you can install your management device on VMware or Hyper-V. With the Hyper-V and the Management Server, you can access all the gateways. For the Management Server and gateways, we have an activation key.

What about the implementation team?

We are an IBM OEM company who received installation support from that vendor. They provided all the network connectivity.

For our implementation, we:

  1. Started with an initial diagram of the configurations and what we want to see after the installation.
  2. Segregated the SonicWall and Check Point tools for the migration since we used automation.
  3. Checked the mode of installation. We went with transparent mode.
  4. Collected the IPs for the firewall. It required multiple IPs because with we have cluster nodes.
  5. Assessed the feasibility of Check Point in our environment.

For our strategy, we looked at:

  • How many users are in all our offices? For example, is it a small office, mid-size office, or data center?
  • Using high-end versus lower-end devices, e.g., lower-end devices means a smaller price tag.

A smaller office of less than 500 people would get a 4000 Series. Whereas, a larger office would get a 5600 or 7000 Series. We have to be focused on the natural topology.

What's my experience with pricing, setup cost, and licensing?

We have had some vulnerabilities when we upgraded the R80.30 Management Server. We have some gateways right now in our R77.30 version, and this means if we go without license in R80.30, then it will prompt a bad connection and terminate. We have had some license difficulties with the connection going from R70 to R80. However, these don't largely impact performance.

Which other solutions did I evaluate?

We looked at Fortinet and Palo Alto. We did not feel FortiGate was capable of what we required. Palo Alto is somehow not as good as Check Point, budget-wise and performance-wise. Palo Alto is more costly than Check Point.

If you need a good support or something that is good budget-wise, then I recommend going with Check Point compared to Cisco or Palo Alto.

What other advice do I have?

It is a good firewall. It has returned good performance. We are happy with the product. I would rate the product as a nine out of 10.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Reseller.
Sathish Babu
Solutions Consultant at a computer software company with 10,001+ employees
Real User
Top 10
Tools for searching firewall rules make it easier for newcomers to manage devices

Pros and Cons

  • "The most valuable feature of the firewall is the packet inspection. That is an amazing feature from Check Point."
  • "It would be great if the access management, the user management features, were improved in terms of the number of users that can be connected, and how users can access the various resources with the help of firewall authentication."

What is our primary use case?

We provide solutions for various customers where we apply Check Point Firewalls, either for a VPN gateway or for securing their networks. We have provided them to a couple of financial customers to protect their mobile banking as well.

How has it helped my organization?

It has good features for searching the firewall rules and it has drastically changed daily operations. It's very easy, even for novice users or newcomers, to operate and manage this device. It has improved our operations that way.

What is most valuable?

The most valuable feature of the firewall is the packet inspection. That is an amazing feature from Check Point. Apart from that, we do have identity solutions which we use on a regular basis. Both are very good.

What needs improvement?

It would be great if the access management, the user management features, were improved in terms of the number of users that can be connected, and how users can access the various resources with the help of firewall authentication.

Also, one of the challenges I hear about from customers or engineers who work with and operate Check Point firewalls is not about the technical capabilities of the product but about understanding the product. There should be whitepapers available on the Check Point portal so that people can understand them more easily.

For how long have I used the solution?

I have been using Check Point's firewalls for almost 12 years. I started with the IP390.

What do I think about the stability of the solution?

Stability has improved a lot from Check Point's very early days over the last 12 years. Back then we had to reboot the firewall after every two to four days.

What do I think about the scalability of the solution?

The firewalls are scalable with our workload. We are at about 20 to 30 percent utilization so even if we doubled of our existing network resources and load on the firewalls, they would still have the space to scale. They're enough for the networks that we have implemented.

We recently finished a deployment and it's still in the user acceptance test phase. As of now, I cannot say anything in terms of increased usage. But for the customers that we have deployed it for within India and the APAC region, so far the results have been pretty good.

How are customer service and technical support?

I have used technical support a couple of times, when it was required, for hardware replacements. Of course, once or twice I contacted them for active devices when we had some glitches. But that turned out to have nothing to do with Check Point.

Overall, technical support has been good. They understand the situation and what part needs to be replaced or what needs troubleshooting through remote support tools.

Which solution did I use previously and why did I switch?

Before Check Point we used Cisco. And we use Cisco for a couple of customers because it's already pre-deployed, so it's not in our hands. We manage operations, so we are still managing Cisco devices. We don't have Juniper right now, but we have Palo Alto for one of our customers.

How was the initial setup?

The initial setup is very straightforward. When we boot the firewall we have instructions which say how to connect to the QR, and from that portal you go to your gateway and configure all the required network interfaces. Once you have installed your Smart controller, you need not log into the firewall every time. Instead, you can log in through your Smart controller. That's a pretty good method which no other firewall provides.

For the very basic features, it does not take more than two days. But, for a full-fledged implementation, it can take around two months.

Our implementation strategy is to replace existing firewalls in the network. We try to keep the business downtime as short as possible, especially for business-critical applications.

For deployment and maintenance of these firewalls we have a team, worldwide in different regions: APAC, Europe, America, and the Middle East, although in the Middle East we don't use Check Point.

What was our ROI?

We have definitely achieved ROI with Check Point firewalls.

Which other solutions did I evaluate?

We definitely evaluate other options based on the customer's budget, and the stability and technical specs of the firewall. We generally choose Check Point as our preferred product vendor.

What other advice do I have?

The biggest lesson I have learned from using Check Point's firewalls is that they are not complex.

I'm expecting a lot of solutions from Check Point and if there are more solutions from them, that would be great. I would like to see more product development.

Overall, I would rate it at 10 out of 10. It's the best firewall in the market.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.