Check Point NGFW Valuable Features

PS
Pushkin Sawhney
Principle Network and Security Consultant at a comms service provider with 10,001+ employees

Among the valuable features are antivirus, URL inspection, and anti-malware protection. These are all advanced features.

One of the great advantages of having Check Point as a firewall is that all of these are software blades, so you can buy a license or subscription and enable them and get the security up and running. With other firewalls, it's a completely different agenda, meaning some of them require hardware modules, and some of them have a complex way of adding the licensing, etc. Check Point definitely has a great architecture, where you can just enable the software blades and deploy a secure service. Overall, it provides ease of deployment and ease of use.

View full review »
Steve Vandegaer
Senior Engineer Security at a computer software company with 201-500 employees

The feature I like the most is their central management, the Smart controller which you can use to manage all the firewalls from one location. You can get practically all information — but not all the information, because not everything has been migrated from the previous SmartDashboard version into the SmartConsole. Being able to access almost everything in one location — manage all your gateways and get all your logs — for me, is the best feature to work with. 

As for the security features, that depends a bit on what you're doing with it, and what your goal is. But they're all very good for application URL filtering. Threat Prevention and Threat Extraction are also great, especially the Threat Extraction. It's very nice because your end-user doesn't have to wait for the file that he's downloading to see if it's infected, if it's malware or not. It gives him a plain text version without active content, and he can start working. And if he needs the actual version, it will be available a few minutes later to download, if it isn't infected. That's a great feature. 

Anti-Bot also is also very nice because if a PC from an end-user gets infected, it stops it from communicating with its command and control, and you get notification that there is an infected computer.

It's difficult to distinguish which feature is best, because they're all good. It just depends on what your goals are. As a partner, we are implementing all of them, and which ones we prioritize depends on the client's needs and which is the best for them. For me, they're all very good.

View full review »
BF
BrianFischer
Senior IT Manager at a mining and metals company with 501-1,000 employees

Packet inspections have been a strong point. Our Identity Collectors have also been helpful. In many ways, Check Point has been a step up from our SonicWalls that we had in-house before that. There's a lot of additional flexibility that we didn't have before.

We saw a noticeable performance hit using SonicWalls. Whether it's because we've provisioned the Check Point gateways correctly from a hardware standpoint or whether it's the software that is much more efficient (or both), we do packet inspection with very little impact to hardware resources and throughput speeds are much improved.

With SonicWall, after it would calculate inspection overhead, we might see throughput at, and often below, 15%. My network administrator gave me data showing Check Point hovering at 50%, and so we were actually seeing Check Point fulfill its claims better than SonicWall.

View full review »
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
509,820 professionals have used our research since 2012.
AU
reviewer1425090
Network and Security Specialist at a tech services company with 51-200 employees

The most valuable feature is definitely the logs. The way you can search the logs and have the granularity from the filter. It's just very nice. 

I love the interface of R.80.30. The R.80 interface is very nicely thought out with everything in one place, which makes Check Point easier to use. When I started in 2014, I was just confused with how many interfaces I had to go on to find things. While there are quite a few interfaces still in the older smart dashboard versions, most things are consolidated now.

View full review »
Ifeanyi Onyiaodike
Network security engineer at Fidelity Bank
  • The most valuable feature for us is the VSX, the virtualization.
  • The GUI is also better than what we had previously.
  • The third feature is basic IP rules, which are more straightforward.
  • And let's not forget the VPN.

The way we use the VPN is usually for partners to connect with. We want a secure connection between our bank and other enterprises so we use the VPN for them. Also, when we want to secure a connection to our staff workstations, when employees want to work from home, we use a VPN. That has been a very crucial feature because of COVID-19. A lot of our people needed to work remotely.

View full review »
AnkurSingh
Technical Support Engineer at AlgoSec

I like that it first checks the SAM database. If there is any suspicious traffic, then you can block that critical traffic in the SAM database instead of creating a rule on the firewall, then pushing that out, which takes time. 

The Anti-Spoofing has the ability to monitor the interfaces. Suppose any spoofed IP addresses are coming from an external interface, it won't allow them. It will drop that traffic. You have two options with the Anti-Spoofing: prevent or detect. If any kind of spoof traffic is coming through the external interface, we can prevent that. 

I like the Check Point SandBlast, which is also the new technology that I like, because it mitigates the zero-day attacks. I haven't worked on SandBlast, but I did have a chance to do the certification two years back, so I have sound knowledge on SandBlast. We can deploy it as a SandBlast appliance or use it along with the Check Point Firewall to forward the traffic to the SandBlast Cloud.

View full review »
JM
reviewer1098015
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees

The most valuable features are the

  • security blades 
  • ease of managing the policies, searching log for events, and correlating them.
View full review »
Matt Millen
Network & Systems Administrator I at DMH

The simplicity of the access control is the most valuable feature for us. It gives us the ability to easily identify traffic that is either being allowed or denied to our network. The ease of use is important to us. The more difficult something is to use, the more likely it is that you'll experience some type of service failure. When we do have issues, with the Check Point SmartConsole being as simple as it is to navigate, it makes it easy for us to identify problems and fix them, to minimize our downtime.

View full review »
KK
Kamal Khurrana
Network Associate at a wireless company with 1,001-5,000 employees

I like the antivirus, attack prevention, three-layer architecture, and data center management features.

The antivirus updates are quite frequent, which is something that I like.

Central management is a key feature. We have between five and ten firewalls on-premises, and if we want to configure or push the same configuration to all of the firewalls, then the centralized management system is very helpful. It means that we only have to push the configuration once and it gets published on all of the firewalls.

View full review »
IK
reviewer1404666
Security team leader at a aerospace/defense firm with 10,001+ employees

The basic most valuable feature is the firewall itself.

The management platform, dashboard, graphical user interface, are one of the best, if not the best, in the business. It's the most intuitive and it's really user-friendly in day-to-day operations.

The VPN means you can communicate in an encrypted manner between sites. 

The application control and URL filtering are also very beneficial. They enable you to tighten security and decide which applications or websites you want to grant access to. In our company, we don't allow anyone to freely access the internet to surf all websites. Some sites may be sensitive and some of them may be inappropriate. It allows us to control the traffic.

View full review »
GG
reviewer1402668
Security and Platforms Engineer at a educational organization with 201-500 employees

The most valuable features about Check Point are the API and automation process.

Using the GUI, you can add comments from your PC or the client server. If I want to check the firewall rules, I can send one line of command to determine if it is configured or not. 

Its implementation and integration with the rest of the network are better than its competitors.

View full review »
AP
reviewer1454139
IT Infrastructure & Cyber Security Manager at a retailer with 501-1,000 employees

A firewall is a firewall. It's a Layer 4 machine that blocks or allows traffic for ports. That's the basics and we don't need a next-generation firewall for that. But the features that are important include:

  • IPS
  • sandbox
  • SandBlast
  • Anti-Bot
  • URL filtering.

A basic firewall is a basic firewall. You don't need Check Point and you don't need Palo Alto or the other vendors to block ports from source to destination. But we need the advanced features of this product to give us the visibility into, and the security and protection from, scenarios that are not the usual source-to-destination attacks. The solution needs to understand what the connection is, what the behavior of the connection is, and what the reason for the connection is. It can't be a stupid machine. It needs to know that if you're allowing port 53 from source to destination, that it has to check and give us the information that this communication is legitimate, and not something that is malicious.

View full review »
MP
Mahendra Pal
Network Security Engineer at a tech services company with 10,001+ employees

There are many useful features including the Office VPN, which provides us with a seamless connection for users who are working remotely. This is helpful for our employees that are working from home, as they get the same office environment as if they were on-premises. It is also helpful for us as an organization because we have good control and visibility over their data, including network traffic packets.

View full review »
CL
reviewer1419591
System Engineer at a insurance company with 1,001-5,000 employees

We use the basic firewall functionality, plus the VPN functionality, a lot.

We have about 100 remote sites, which is where we use the VPN functionality. For private lines, we prefer to do further private encryption on the line. It is very convenient to do it with Check Point, if you have Check Point on both sides. It is convenient and easy to monitor.

The firewall feature and DDoS Protector, when turned on, keep away attacks from the outside. They also prevent users from accessing things on the Internet that they are not supposed to access.

View full review »
Basil Dange
Senior Manager at a financial services firm with 10,001+ employees

It provides the flexibility to use any module with the NGTP and SNBT license. Depending upon the requirements, the blades/module can be enabled on the firewall security gateway and it can be deployed easily.

In case SSL decryption or IPS need to be enabled on any security gateway, it is simple to do. We can go ahead and enable the module/blade and then create a policy, deploy it, and it will start to work.

It has a default five-user license for Mobile/SSL VPN, so the organization can check the solution any time or can even provide access to critical users on an as-needed basis, without getting the OEM involved, all on the same box.

For smaller organizations with the correct sizing of the appliance, they can use the full security solution on a single box. It will provide financial benefits along with reducing the cost of purchasing additional solutions or appliances. 

For example:

  • URL Filtering Module: It can replace the proxy solution for on-premises users with integration of application control and the Identity module. Active Directory access can be provided based on the User ID and the website or application.
  • SSL VPN or SSL decryptor, and more. 
  • Core assignment for each interface, which can be done using the CLI. If the administrator determines that a particular interface requires more compute, he can manually assign additional cores accordingly. This is done by enabling hyperthreading on the firewall. 
  • The policy can be copied from any security gateway and pasted onto another one.
View full review »
Oswaldo Gimeno
Network Engineer at Getronics

The best part is that it is very intuitive. It is easy to configure, deploy, and maintain. If it works, it works.

The troubleshooting: When you find something that is not working, it is very easy to check in the logs what is failing and fix it in a short time.

The login tool is really nice.

View full review »
DD
Dheeraj Dexit
Sr. Network Engineer at a tech services company with 1,001-5,000 employees

What I like about this firewall is it has a central management system. We can configure or monitor a number of firewalls at a time from the central management system. 

They have a logging system where we can have our logs visible. The logs are easy to view and understand. 

View full review »
RM
Rachit Malhotra
Senior Network Engineer at a tech services company with 1,001-5,000 employees

The most valuable feature would be the central management system of Check Point because we can manage multiple firewalls through it at the same time. It doesn't matter the location.

I also like the advanced Antivirus feature of Check Point.

The Threat Management feature makes it very easy to detect the vulnerabilities and other factors. We can make new policy according to it. Policy creation is very simple in Check Point. Because the logs are very good in Check Point Firewall, this reduces our work with the reports that we are getting from the Threat Management. It is very convenient for us to use the reports to make new policies for security and other things.

It is very user-friendly.

View full review »
Sunil Redekar
Security Engineer at Hitachi Systems

What I like most about Check Point Firewall is that it is easy to use. 

The most valuable feature is the IPS. For our bank project, we are using it as an external firewall. All the traffic is going through the Check Point Firewall. Then, using the IPS, we can easily identify if there is any malicious activity or anything else. We also have to update signatures on a regular basis.

View full review »
Gonzalez
Network Administrator at Secretaría de Finanzas de Aguascalientes

Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution.

The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters. It is well organized.

Some other of the services that have worked well for us are antivirus, anti-bot, and URL filtering. Together, these have allowed us to maintain control and organization amongst the users.

Another one of the pluses that have helped us a lot has been the IPsec VPN, especially in these times of pandemic.

View full review »
Charanjit Bhatia
AGM Cyber Security CoE at Bata Group

We are using the Check Point Next-Generation Firewall to maximize protection through unified management, monitoring, and reporting. It has the following features:-

  • Antivirus: This stops incoming malicious files at the gateway, before the user is affected, with real-time virus signatures and anomaly-based protections.
  • IPS: The IPS software blade further secures your network by inspecting packets. It offers full-featured IPS with geo-protections and is constantly updated with new defenses against emerging threats.
  • AntiBot: It detects bot-infected machines, prevents bot damage by blocking both cyber-criminals Command and Control center communications, and is continually updated.
  • Application Control: It creates granular security policies based on users or groups to identify, block or limit the usage of web applications.
  • URL Filtering: The network admin can block access to entire websites or just pages within, set enforcements by time allocation or bandwidth limitations, and maintain a list of accepted and unaccepted website URLs.
  • Identity Awareness: This feature provides granular visibility of users, groups, and machines, enabling unmatched application and access control through the creation of accurate, identity-based policies.
View full review »
Ifeanyi Onyiaodike
Network security engineer at Fidelity Bank

The management of services, including forming access lists with the services we have, connecting servers to servers, permissions between servers and users — this is all great. In addition, Check Point has a really cool GUI.

View full review »
MA
Manjit Aggarwal
Sr. Network Engineer at a tech services company with 1,001-5,000 employees

Check Point's Next Generation Firewall has many good features. It has a central management system, and that means we do not have to go to each and every firewall to configure it. We can manage them with the central device. 

There are also additional features, compared to a Layer 4 or Layer 3 firewall, such as AV signatures and devices, which are very helpful for securing the company's network.

View full review »
AA
reviewer1392342
Sr. Security Engineer at a financial services firm with 10,001+ employees

The most valuable feature is the Check Point Management Server, especially version R.80 onward. We can manage everything. We have endpoint security, cloud security, and email security. Everything can be managed from a single management server, making this a very unique and easy solution to use in the market now.

From a technical perspective, it is an easy solution to use. Everything seems perfect. We are not using all of its features, like sandboxing. 

View full review »
SJ
Shivani Jethy
Network Security Administrator at a computer software company with 201-500 employees

Check Point has a lot of features. The ones I love are the 

  • antivirus
  • intrusion prevention 
  • data loss prevention. 

Apart from that, there is central management through which we can integrate all the firewalls and support them. It makes it easy to manage all the firewalls.

It's also user-friendly and not very complex. Anyone can use it and the dashboard is quite good.

View full review »
Amit Kuhar
Network Security Consultant at Atos Syntel
  • Antivirus
  • IPS
  • They got the logs into one site, which is wonderful.
  • There is a secure action line code that you can announce your products in.
  • If you have a number of sites, like a hundred sites around the world, you can deploy multiple VSX testing. 
  • All over the world, you can have DMZs in data centers, e.g., in the USA, Dubai, and London. 
  • It is easy to deploy and upgrade. 
  • Easy to manage, e.g., if there is a new engineer onsite, they can easily manage it.
View full review »
Sathish Babu
Solutions Consultant at a computer software company with 10,001+ employees

The most valuable feature of the firewall is the packet inspection. That is an amazing feature from Check Point. Apart from that, we do have identity solutions which we use on a regular basis. Both are very good.

View full review »
Nikhil Dhawan
Associate Consultant at a tech services company with 10,001+ employees

It gives us centralized management for multiple firewalls. For example, if I want to push the same configuration to 10 firewalls, I can push it all at once with the help of the centralized management system.

It is easy to use because it supports Linux language in the CLI. This is a good for someone who already knows Linux language.

View full review »
RG
Rakesh Gupta
Solutions Lead at a tech services company with 1,001-5,000 employees

My favorite feature is the UTM piece and that was the main reason we bought it. It helps us to fine tune the network. We use it to block certain websites, to block access to particular locations, such as in Singapore or say Malaysia, where we have offices. We keep the previous device updated and, based on that, we also have static MAC address binding.

We also use the VPN services. The VPN features are mostly for our cloud connectivity and for our remote users to have local server access.

View full review »
Rohit Gambhir
Sr. Network Engineer at a consultancy with 51-200 employees
  • Antivirus
  • Threat Prevention
  • The central management

These are vital, advanced firewall features for the market. They protect the environment more than the usual firewalls. 

View full review »
RG
Rahul Gombhir
Network Security Engineer at a tech services company with 10,001+ employees

The most valuable feature is the set of encryption options that are available.

Viewing the logs in the interface is easy to do, which is one of the things that I like.

This is a UI-based firewall that is easy to use.

View full review »
Vighnesh Rege
Lead Solution Advisor at a consultancy with 10,001+ employees

The application authentication feature of Check Point is the most valuable as it helps us keep users secure. 

It works smoothly when managing clients' on-premise and cloud firewalls.

View full review »
reviewer1531134
Cybersecurity Engineer at Insurance Company

This product, being a Next-Generation Firewall (say, for this example, Unified Threat Management as well) provides up-to-date security options through different modules and scalability to match almost any firewall security needs.

The easy and standardized management interface, now with a complete and functional API mechanism, provides the administrator several ways of managing the solution. At the same time, the interface is common and unified through the different security modules.

They not only have a great support team but the knowledge base is another good point to consider.

View full review »
AR
AshishRawat
Firewall Administrator at a tech services company with 1,001-5,000 employees

The most valuable feature is the central management system through the Security Management Server. Apart from that, the graphical user interface helps us to do things easily.

View full review »
Anthony Hassiotis
User

Remote access with a secure workspace provides a clear separation between the client and corporate network. 

Threat Emulation (sandboxing) is great for zero-day malware and it is easy to configure. 

Logging and administration are best-of-breed. You can quickly trace back on all sorts of logs in no time. 

IPS and AV rules are granular and specific for the rules that you need. 

The geolocation feature is good for dropping irrelevant traffic. 

Configuration through SMS is quick and easy. It eliminates administration errors while checking consistency before applying a policy.

View full review »
PRAPHULLA DESHPANDE
Senior Security Analyst at Atos

Check Point has the best technical support, which I feel if we consider other firewall vendors in the market, is an important distinguishing point.

Stateful inspection is one of the strongest points in this product, which is applicable while creating policies for application and URL filtering.

Check Point provides dedicated blades to monitor network traffic, which helps while troubleshooting network and packet-related issues.

It is easy to filter traffic based on source-destination services, time, etc, which is an enhancement over other firewalls in the market.

View full review »
Oleg P.
Senior Network and Security Engineer at a computer software company with 201-500 employees

1. Advanced logging capabilities - our support team on duty constantly monitors the security logs in the SmartConsole, and notifies the security team in case of major alerts.

2. Advanced networking and routing features - we use Proxy ARP to announced virtual IPs to ISP and bing domain names to it; BGP for dynamic routing over IPSec VPN tunnels to other environments, and Policy-Based Routing for connecting to two ISPs.

3. The new Policy Layers feature for building up the Access Control policy - the rules are now more understandable and efficient.

View full review »
AK
AjayKumar3
Sr. Network Engineer at a insurance company with 5,001-10,000 employees

The most valuable features are its 

  • antivirus
  • threat detection
  • central management system. 

The central management makes it easier, and is a time-saver, when implementing changes. We can do all the changes within Check Point and not use any third-party device.

View full review »
Rajan Arora
AVP - IT Security at a tech services company with 51-200 employees

Next-Generation Threat Prevention capabilities provide security in a high-traffic load, ensuring detection and prevention of known threats by AME, AV, and Sandblast technologies. 

We are also using the system to create VPN gateways for our multiple partners and we haven't faced any issues with them.

 Check Point gateways are a stable product that can run without any issues until a major upgrade or vulnerability mitigation is required.

The support has been reasonable and they were able to minimize the impact during critical incidents.

View full review »
reviewer1523535
IP LAN and Integrity Specialist at Chevron

The packet inspection capabilities are great.

ARP protections based on interface works better than it does with other vendors.

There are new improvements related to the upgrade of the solution, making for the easiest upgrade/update procedures.

New features allow for concurrent use of the console in write mode between different users.

The exposed API allows us to automate a lot of actions in a very easy way.

The central console and log collector are basically the best central management consoles, and each day provides new useful features like counts, etc.

View full review »
reviewer1543578
User at Johnson Controls, Inc.

We greatly appreciate the ease of configuring firewall policy ACL rules and how the seamless integration with VPN users and user groups provides the ability to granularly restrict access. The uncomplicated configuration ensures that mistakes are avoided and rules are easily audited.

Having the ability to set an expiration date for remote access VPN users simplifies the process and increases security by ensuring that stale accounts and not forgotten.

In general, we find that CheckPoint offers a great balance between ease of use and configurability.

View full review »
reviewer1396851
Deputy Manager (Systems) at State Bank of India

Advanced logging capabilities: Check Point generates extensive logs which may be very useful to figure out the issues. Its logs also contain too much information which can be used to modify the policy as per user need and organizational security environment. The same can be used to figure out probable attack surface or necessary steps for mitigation. 

Anti-spoofing security feature: Check Point has inbuilt by default enabled feature of anti-spoofing which reduces the attack surface from the spoofed IP addresses. 

IPS: Check Point IPS is one of the best products in the market.  

View full review »
TH
reviewer1392339
Network Engineer at a legal firm with 1,001-5,000 employees

The interface and the IPS intrusion prevention are the most valuable features of this solution.

It's pretty straightforward to use once you get your head around it. It's fairly straightforward to use. 

View full review »
AJ
Arun Jethy
Sr. Network Engineer at a tech services company with 51-200 employees

The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them. 

It has various features, like Threat Prevention and Antivirus. It is easier to use and have knowledge of a single device rather than multiple devices/technologies when doing an installation. It is also easy to use because of having Antivirus and Threat Prevention features within the same firewall.

View full review »
SamirShah
Network Security Consultant at a energy/utilities company with 5,001-10,000 employees

The most valuable feature is the URL filtering. 

It also gives us a single console for everything. Rather than having one device for URL filtering and a different device as a firewall, this gives us everything in one place.

View full review »
Swapnil Talegaonkar
Technology consultant at a tech services company with 501-1,000 employees

The most valuable thing in Check Point is the firewall itself. It has a stateful and high throughput firewall capacity.

NGFW features include Signature Based as well as zero-day. They work well.

Another good part of Check Point NGFW is the featured reach dashboard where granular control over all features is provided. Each and every option is made to make life easier. Smart Monitor can monitor the firewalls, logging & reporting provide the best way to analyze traffic.

Lastly, the support team is available 24/7 for help in case of issues.

View full review »
KK
reviewer1412340
IT Specialist at a tech services company with 10,001+ employees

We like the centralized management for configuring multiple firewalls. It also gives us the Antivirus, threat prevention, and vulnerability tests. These four features protect the environment with security checks. Vulnerability tests allow us to configure changes that can protect the environment.

View full review »
DmitryPavlukhin
Security Analyst at HOST

AV, IPS, AntiSpam, Sandbox. That's gentlemen set for any basic security, and it was implemented very well. In our reports, the most exciting results belong to AV and IPS. It can be explained by using ThreatCloud - a global knowledge base, which accumulates signatures for all existing and new coming malware, and all the Check Point solutions are always up to date with potential threats. When we using sandbox with Sandblast agent, often there are not real-world exciting results, but when we show a solution in work with existing samples, it also shows good results. 

View full review »
Swapnil Talegaonkar
Technology consultant at a tech services company with 501-1,000 employees

Check Point's new Smart dashboard has an all-in-one configuration interface. They provide a very easy configuration for NAT and one tick for source & destination NAT is possible.

Policies can be configured in a more organized way using a section & layered approach.

Application control has all of the required application data to introduce it into policy and the URL filtering works great, although creating regular expressions is complicated.

The software upgrade procedure is very easy; it just needs few clicks & we are done.

View full review »
PJ
Pammi Jethy
Security Administrator at R Systems

One of the most valuable features is the antivirus. It's very good.

We also now support cascading objects. We didn't support this previously, but on Check Point we do.

The dashboard is quite good, you can explore a lot of features there and it's easy to understand.

It also gives us SSL inspection, which provides more effective mitigation of defects and data leakage.

View full review »
JC
reviewer1573887
CTO at a computer software company with 11-50 employees

There are many aspects of Check Point NGFW that are valuable and important to our organization, but I'd say the top three are intrusion detection and prevention, threat emulation, and threat extraction. These three features have set a good baseline of security on top of the normal application URL filtering and other services of the firewall.

The way in which a computer is immediately isolated if it starts behaving badly and I get a notification of an infected computer is also extremely nice and a great feature.

View full review »
Gulrez
Manager at Kotak Mahindra Bank

The threat emulation blade and user identity awareness feature has helped us a lot in terms of perimeter security and have given us granular visibility of user access.

The integration with third-party vendors is quite easy and well defined, which really helps you with the automation.

The integration of gateways with a centralized managed server gives you full control in a single place.

The setup and implementation are quite easy and the logs and reports are elaborative and effective for securing the network.

View full review »
Ümit Güler
Consultant at KoçSistem

There are a lot of features that I have found valuable for our customers.

For example, active/active and active/standby high availability features are very useful. If you want to share traffic loads to both cluster members, you can use the active/active feature, whereas if you don't want to share traffic loads then you can prefer active standby. Your connections sync on both cluster members for either highly available choice, so your connections never lost.

One of the most valuable features is performance improvement, wherewith ClusterXL and CoreXL, you can improve performance.

View full review »
reviewer1582053
Security Engineer at Gosoft (Thailand)

The most valuable feature is the next-generation firewall (NGFW) protection.

Check Point has long been a leader in the firewall market. It offers Quantum Security Gateways for a wide range of use cases and CloudGuard FWaaS and cloud security products too. NSS Labs scored Check Point just behind Palo Alto in security effectiveness and ahead of Palo Alto in TCO. Check Point’s management features are among the best in the business, but SD-WAN capabilities are lagging.

A firewall rule is the same on all systems, and I am very happy with the correlation and the display of the rules.

From the logs, you can trace back to the rule with a click, which makes it easy to investigate cases. It is also easy to search the log.

View full review »
reviewer1281831
Security and Network Engineer at a tech services company with 501-1,000 employees

The rules are very easy to deploy and can be optimized pretty quickly. The R80 has a great feature on how the rules are processed, which costs less in terms of CPU and threads than it did before.

The features that are integrated into the firewall are very useful for our everyday use. Examples of these are the log manager, the firewall monitor commands, and the Linux commands. These are all very useful and helpful.

The VPN tunnels are easy to set up once you understand how they have to be configured.

View full review »
IT cloud network engineer
Junior Network Specialist - Cloud Operations Engineer at a computer software company with 5,001-10,000 employees

One of the most valuable features is the data center object integration with Azure. We are using Azure a lot and there is very nice synchronization between the objects in Azure, and it's very easy to implement rules using this feature.

Other valuable features include: 

  • the VPN — it's quite easy to configure it and it provides us with an easy way to interconnect our sites.
  • the CLI, for automating things
  • it is very easy to manage, to make backups, and to configure
  • the support and the graphical user interface.
View full review »
reviewer1420545
IT-Infrastruktur at Synthesa Chemie Ges.m.b.H

The most valuable feature is the centralized management, which gives us control over all of the Check Point gateways. This means that you do not need to connect to each gateway and make the necessary changes.

Cluster functionality, "ClusterXL", works like a charm. A rollover to the standby gateway does work with no noticeable delay in the network.

You can buy a Check Point appliance or install the Check Point NGFW as a VM on your own hardware.

The extremely wide function horizon covers almost every possible scenario.

View full review »
Kirtikumar Patel
Network Engineer at LTTS

IPS helps with security against upcoming and unknown threats and activities. We regularly check the report and as per daily report we will check the risk and prevent each alert that is critical based on our business requirement and make it secure.

IPSec VPN is also our key feature as our organization having widely customer across globe so it is very good feature to us to connect and run our business with them very smoothly and softly. 

View full review »
LA
reviewer1536681
Network, Systems and Security Engineer at SOLTEL Group

I think that the most valuable feature is the prevention of known and zero-day threats because they are constantly trying to access your company and compromise its data. It is very important to have your solution always update for this.

I think that another important feature is that it is a cloud solution. More and more companies have all of their systems in the cloud and the threats are pointing here.

The features that a next-generation firewall includes are application and user control, integrated intrusion prevention, advanced malware detection such as sandboxing, and leverages threat intelligence feeds.

View full review »
DZ
Dmitry Zakharenko
Security product manager at RRC

It is easy to use, and its management is the best. Check Point has a great unified management solution for firewalls and security products. 

View full review »
SA
Sadiq Abdulwahab
Network Administrator at Nigerian Security Printing & Minting Plc

It gives me very detailed reports. The endpoint solution for clients is wonderful.

View full review »
mervemetin
Network Security Engineer at Türkiye İş Bankası

Firstly, inline layer technology is helpful because it will classify the traffic according to different security groups. This means that we can isolate them totally and it will also prevent human error because you are limiting source, destination, service, and application parameters at the top of the inline layer rule.

Check Point is very administrator-friendly and the SmartDashboard is easy to use.

The Blades and security features are also very innovative and up-to-date.

With the IPS blade, the administrator can write signature-based exceptions for specific users. This provides flexibility to except specific connections from specific signatures.

The cloning and copy/paste operations are very useful.

View full review »
AN
reviewer1588164
Security Solution Architect

On the firewall side, the security efficacy is good. The interface for application filtering and application-based policies is also good. They have good roadmap on the cloud as well.

View full review »
Pardeep Sharma
Network security engineer at a tech services company with 1,001-5,000 employees

All of the features are very valuable, but the most valuable features are the sandboxing and the advanced IPS/IDS.

View full review »
PRAPHULLA DESHPANDE
Senior Security Analyst at Atos

No other firewall provides a feature set in log monitoring and threat detection blades.

Apart from it having very good features, I personally like the vulnerability assistance via report management which detects host and network vulnerability.

Most customers need reports which define how many users are infected, how many viruses and malware there is, botnet traffic firewall deteted all this type of information. Check Point is in a very easy and understandable format based on logs history.

View full review »
ChandanSingh
Senior Technical Consultant at Ivalue Infosolution

This is a feature-rich product and all of them are useful.

The most valuable feature is the Stateful Inspection, which was developed by Check Point.

The throughput is very good with Check Point. Checkpoint ThreatCloud is the largest threat intelligence database. 

Checkpoint management is a single pane of glass from where you can manage all the CP solutions from a single point be it on-prem or cloud or hybrid.

View full review »
YK
Yamini Kapoor
Network Security Engineer at R Systems

The most valuable feature is that the scalable 64000 Next Generation Firewalls are designed to excel in large data centers and the telco environment as well. We have a lot of these types of customers, and these Check Point firewalls support them.

In addition 

  • it supports dynamic objects, which we use for security purposes
  • the antivirus is quite effective
  • the logging and tracking are quite easy
  • overall, it is easy to use.
View full review »
Sreegith Sreedharan Nair
Senior Network Engineer at LTI - Larsen & Toubro Infotech

VSX helps to reduce the physical footprint on datacenter racks.

The SmartView monitor and SmartReporter help us to monitor and report on traffic.

Centralized management and management high availability give the ability to manage firewalls in a DR scenario. 

Features such as the ability to simultaneously edit the rule base by multiple admins and revert to a previous rule base revision are very useful.

Having a separate appliance for logging helps us in meeting the security audit requirements, without having an overhead on management.

View full review »
RF
Ricardo-Fernandes
Manager for Operations, Security and Management at REN - Rede Energeticas Nacionais, S.A.

The most valuable features for us are identity awareness, IDS and IPS, and application control.

View full review »
Gerry Moore
Head Of Technical Operations at Boylesports

There are many features we have found good.

The best feature is the ability to increase the capacity of the solution by exactly what you add, not losing anything for High Availability. This feature alone will save us as we increase the number of devices in the stack.

Having so many top-end products in one box also assists in managing this device. URL filtering and anti-virus and other services are easy to deploy but assist in getting your company a good name.

The Infinity product seems amazing but we have a long way to go before saying it is successful.

View full review »
VP
Viplav Patil
Senior Manager, Information Technology at a financial services firm with 10,001+ employees
  • Easiness while working on all blade of firewalls 
  • Flexibility in NAT rules 
  • The new Policy Layers feature for building up the Access Control policy - the rules are now more understandable and efficient.
  • Also, even so, the new SmartConsole is declared to be unified starting from version R80.10, there are still some features that have to be configured in the old SmartDashboard (e.g. Mobile Access policy and Antivirus), or on the Gaia OS level (all the routing features).
View full review »
reviewer1284540
ICT-System-Specialist at a insurance company with 5,001-10,000 employees

R80 management has improved and made the product more comfortable for IT people to use.

Filtering through rules and finding similar ones to add additional objects becomes much faster.

With an additional hotfix starting from R80.10, we are able to use the management with Ansible. From R80 on, we started creating objects via script or adding them to groups. That makes some parts “automatic”, or at least much faster.

With the new SmartTask offered in R80.40, we will be happy to configure some automatic control-functions.

View full review »
PJ
Pedro Justo
Project Manager at SANDETEL

The most valuable feature in my opinion is the powerful deep packet inspection engine. This engine provides me with a great capacity to control the traffic generated by my users and provides our company with a very real vision of the use that users make of the network.

The reporting capability is very important as we are able to show the company management the benefits and the return on investment, in terms of securing our network.

View full review »
MarkG
IT Security Manager at a sports company with 10,001+ employees

With the new capabilities embedded into R80.XX flavor it is possible to achieve great flexibility while defining your security policy. It is possible to utilize a variety of objects to define static or dynamic criteria for inspection and reduce general rule base size and complexity, while not giving up on security

The security research team is doing a great job staying on top of ongoing threats and releasing fixes for ongoing attacks within days or sometimes hours.

Check Point always actively listens to its customers trying to identify emerging needs and satisfy them pro-actively

View full review »
AJ
AlenJamsek
Sales Engineer at Unistar

The most valuable features are application control, regulation, and threat prevention.

View full review »
RA
SeniorNe6c94
Security Engineer at Tenece Professional Services

The feature we have found to be the most valuable is the management firewall. 

View full review »
reviewer1266306
Deputy Manager - Cyber Security at a transportation company with 5,001-10,000 employees

The most valuable feature is that we are protected against zero-day threats.

Everything can be managed from a single console.

View full review »
SaifKhan1
Network Security Engineer at a consumer goods company with 201-500 employees

This product is more secure than other firewalls, such as FortiGate.

The information stored in the logs is very descriptive and includes a lot of details.

The dynamic port features are better when compared to other firewalls.

View full review »
JG
Manegnet677
Network Manager at a retailer with 10,001+ employees

The solution is easy to use. I like the monitoring the most.

View full review »
BG
reviewer1369557
IT Operation Manager at a transportation company with 1,001-5,000 employees

The most valuable feature is the management using the Single Pane of Glass.

View full review »
reviewer1489602
Network Security Assurance Specialist at Visa Inc.

I think the VSX has been the most valuable feature for us. We use it for tunnel management, which is great. The configuration has been quite straightforward.

View full review »
Daphne
Project Manager at Junta de Andalucia

The most valuable feature is the powerful, deep packet inspection engine.

The management console and diagnostic tools are powerful and we are happy with them.

The reporting is detailed and helpful.

View full review »
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
509,820 professionals have used our research since 2012.