Check Point NGFW Reviews

I've been dealing with the Check Point environment for over eight years, ever since SPLAT, the R75 versions, and mainly with a multi-domain management (former Provider1) set-up. I also use the Smart Management Server, with a standalone/distributed deployment.

I'm currently engaged in the design, implementation, and maintenance of a large-scale Check Point firewall environment (~100 GWs).

Presently, the customer is using Check Point for perimeter security, IPS, threat prevention, encrypted traffic, as well as access to the internet, and multi-domain server architecture.

The Check Point solution has improved the way the customer organization functions.

People are working within the organization all over the world, across NALA, APAC, and EMEA regions. Having Check Point as a security vendor made it easy to assure people they could access the resources everywhere, from offices, homes, and across the globe, especially during the pandemic, safely.

One of the last implemented projects was replacing an obsolete Client Auth solution with Identity Awareness, including integration to AVD.

The solution plays an important role in preventing security incidents from happening and preventing malicious attempts to infiltrate into the organization while quickly adapting and reacting to any attempts. For example, it protected us against Log4J vulnerability a few months ago.

It is easy to administrate and maintain.

The product is very granular in the Logs & Monitor section and also intuitive to use.

It offers good control and visibility over users' identities and actions.

It provides central policy management, which is easy to manage and maintain.

The product offers great performance tuning features like SecureXL, CoreXL, HyperThreading, and Multi-Queue.

The study material and training need to be improved and become more accessible to security engineers working with Check Point.

Needs serious skills for advanced troubleshooting. The configuration might get a little bit too complex for regular engineers, compared with easy administration.

We've encountered a few limitations when trying to accomplish simple tasks required by customers. For example, changing a domain name inside an MDS environment or missing a function in the database which removes the domain object completely from the database.

There are plenty of bugs that are not documented, or with too generic error messages.

I've used the solution for eight years.

Our customers primarily use it to safeguard their organization's network against malicious activities and closely monitor user internet usage. The key objectives include implementing controls on web and application usage to restrict unwanted activities among users.

The primary advantage stems from the precision of the application engines. Customers can rest assured that unwanted infiltrations into their organizations are unlikely due to the advanced nature of the IAV engines. The algorithms employed are notably stringent, and while they may not be publicly disclosed, they play a crucial role in thoroughly scanning all incoming network traffic. Leveraging this technology, customers can swiftly and effectively protect their LAN network with Check Point.

Its most significant strength lies in its superior threat detection engines.

I would highlight the need for enhancements in technical support services.

I have been working with it for four months.

I found it to be reliable and stable.

It provides good scalability. In total, we are responsible for around three hundred and fifty endpoints.

Our experience with their customer support is not very satisfactory. We've encountered an incident at one of our customer sites, and despite reaching out for support and raising the issue with them, we haven't received a satisfactory solution from the support team in the past three months. I would rate it three out of ten.

Negative

Compared to other vendors such as FortiGate and Kaspersky, Check Point's protection engines stand out for their intuitiveness. However, the drawback lies in the pricing.

In our deployment process, there are two methods available: standard and distributed. The predominant choice in our country is the standard deployment, utilized by approximately ninety-two to ninety-five percent of our customers. In the standard deployment approach, a separate server is configured with three ports, situated between the firewall and the switch. Configurations are not directly applied to the firewall; instead, they are made on the server. After completing the configurations on the server, the changes, such as creating new firewall rules, are not immediately connected to the firewall. Instead, they go through the server, where calculations are performed, and the configured rules are loaded. If a misconfiguration is detected, the server notifies us, highlighting any inaccuracies in the rules or policies. This preventive measure helps avoid applying flawed configurations directly to the firewall. Regarding the ISMP modules, I believe a single individual is sufficient. Given some time for research, this person should be able to deploy it efficiently for me. The deployment time varies depending on the configurations. Maintenance primarily involves updating the firmware; aside from that, there are no additional requirements.

The greatest value is evident when an immediate threat targets your organization. Check Point firewalls excel in preventing such attacks, thanks to their highly advanced protection engines.

It is a notably expensive product in our country compared to FortiGate and other servers. The support services, licenses, and the additional requirement for another license to avail 24/7 support from Check Point contribute to its overall higher cost.

My recommendation is to allocate time for thorough research when working with it. Relying solely on their support may not be sufficient. Overall, I would rate it nine out of ten.

Check Point NGFW needs to run marketing events. They have also to set up a support center in India. 

I have been working with the product for 12 years. 

I rate the tool's stability a ten out of ten. 

I rate the tool's scalability a ten out of ten. 

I rate the tool's initial deployment a nine out of ten. 

Check Point NGFW is expensive. 

We have customers from medium and corporate enterprises. I rate the solution a ten out of ten. 

Our customer has been the best in stock trading; they observed that in peak hours or business hours buying and selling the stocks was time-consuming.

When they reached out to the firewall team, we checked the disk space, memory, and HDD we didn't notice much difference.

However, we monitored the interface utilization, and 1 GB was choking up and being consumed. The cpstat status on the interface level monitor and bundling the multiple interfaces fixed the issue.

We have been fixing the performance and also found that the solution offers:
1. A user-friendly dashboard with all the information available in front view and we view according to our requirements in graphical, statistically, etc.
2. Check Point firewall can combine all locations in one Check Point management console so that we can monitor everything with alert configuration.
3. We have multiple options for SIC resetting.
4. We can monitor the complete organization (for RAM, Memory, Disk, and CPU) and alert handle monitoring. We can now easily handle failovers.

The Check Point firewall features for Next Generation Firewalls are excellent. Through scripts, we can easily push firewall rules, extract, and import as per availability. Scripting is the best way to support the firewall functionality and it's been supported by all major versions. We can monitor all types of logs (traffic logs, management logs, and active logs). 

The firewall is EDR-supported; we can block or allow the URLs as per phishing or detection. 

Firewall flow and logs analysis is awesome.  

Bug Fixes and enhancement requests should be remediated earlier, as we have multiple dependencies and auditors are forced to have the latest possible environments.

Check Point's major version should have an extended time than the default time mentioned in the end-of-life policy document with additional prices.

As for deployment, we follow best practices for long-term support services. Tools must be introduced and supportive in analyzing the data, flow, and threats. We have to introduce the scripting part to work seamlessly.

I've been using the solution for more than ten years.

The stability offers high performance.

The scalability offers high performance.

The support is the best in the marketplace.

Positive

We did not use a different solution. It's the best in the marketplace and stronger than any other firewall. We can trust it 100%.

The initial setup was complex.

We handled the setup in-house.

Definitely, every sector [banks, finance, corporate, etc] should have a Check Point Firewall for strengthening/securing the environment.

We did not evaluate other options.

We use the solution for full-scale integration and end-to-end management at the organization. The Check Point NGFW implementation took place quite smoothly.

Check Point NGFW is the best in terms of comprehensive protection against network threats and security against malware and phishing attacks. It smoothly restricts these via anti-phishing algorithms.

Check Point NGFW source package covers all the bases - application control, NAT, DLP, routing, content awareness, VPN, desktop security, and much more.

It is scalable, provides end-to-end resolution and customized productive services like providing a complete solution for perimeter protection that
blocks the traffic based on an IP address or on applications
and content. This makes Check Point NGFW highly promising and makes it a complete solution.

Check Point NGFW is the best in terms of comprehensive protection against network threats, malware, and phishing and smoothly restricts these via anti-phishing algorithms.

The source package covers all the bases - application control, NAT, DLP, routing, content awareness, VPN, desktop security, et cetera.

It provides end-to-end resolution. It is a customized productive service and a complete solution for perimeter protection that blocks traffic based on IPs, applications, and content.

The most valuable services it provides are end-to-end resolution and perimeter protection; It blocks traffic based on IP address, applications, and content.

Check Point NGFW is best in terms of comprehensive protection against network threats, malware, and phishing. It has great anti-phishing algorithms.

They could improve by lowering prices. The source package is a bit more expensive than its competitors. 

We've had some downtime issues.

It could be more generalized and user-friendly in terms of its support portal for raising tickets. Ads management should all just be on a single click.

Overall Check Point NGFW is highly scalable and provides end-to-end resolution and a wide range of customized productive services with a huge community and team behind it.

I've used the solution for about 1.5 years or so.

I hadn't gone through any such solution earlier. I just tried in-built system solutions.

Check Point NGFW integration is quite smooth in terms of licensing. They are a bit more expensive, yet they are overall a strong product and a must-have for professionals.

No, I did not go through software review websites for recommendations and software services outlooks.

Check Point NGFW is highly scalable. It has a wide range of customized productive services with a huge community and team behind its technology.

This is a very good application to be able to provide security to our infrastructure in Microsoft Azure. The provisioning through the Azure templates was very good. It is exactly the same security application of Check Point gateways as the one on-premises.

Now we can use the tool to provide granular security between subnets or generate VPNs against other offices, all with the great security that the manufacturer provides us.

The application control provided by the gateways is also very good for our objectives, which were to block some general access applications or categories that are prohibited by the business.

This security tool helps us a lot in the public cloud environment. We can provide perimeter security in the environment now.

We have been able to implement server policies, DMZ subnets, and updates, among others, that are not available for all VNETs, subnets, or servers, and with this, we have greater control.

Additionally, we have created new VPNs against some offices, which are monitored, encrypted traffic, and find it really easy to provide the required service.

Finally, we have created nets for public access to the infrastructure. It has really helped us a lot.

The most important features of this application are:

1- An easy implementation at the virtual level. This helps us to be able to have security in the cloud.

2- The monitor and records are shown from the security management environment, where we can validate many events that happen over time to improve security through the dashboard.

3- There is modern protection against current threats. All new Check Point protection features are included and ready to provide more protection.

4- The licensing includes management service.

The documentation could be better. Sometimes they do not update their manuals effectively. Not everything is the same, and it generates some problems in the implementations.

There's an issue with licensing provisioning within the Check Point NGFW Gateway. It is really difficult to place the licenses correctly, generating additional work or limiting the solution due to poor provisioning.

I would like them to improve the response speed of technical support.

We have used the Check Point Next Generation Firewalls for the last four years.

Four years ago, we had not used an NGFW in Azure. We used the basic security until we could meet and receive support from a Check Point partner.

The best option is to have a partner to support you with quotes, features, and other valuable details. They can guide you via details that Check Point currently does not provide publicly, to make good decisions.

We always evaluate the options. We take into account Check Point, Palo Alto, Cisco, and Fortinet.

The benefits provided by Check Point turned out better than what we requested, which is why this was our first choice.

This is a very good security application, both physically and as a virtual appliance.

Check Point NGFW proved to be highly scalable, secure, and stable, among other alternatives of multiple firewalls present in the market.

At an organizational level, the integration and implementation of Check Point NGFW took place on a priority basis due to data and system security concerns against malware and phishing attacks.

Check Point NGFW bifurcates, channels, and segregates the internal network and builds a secure VLAN, and separates it for every department.

Check Point NGFW is highly scalable and provides end-to-end resolution and customized productive service making Check Point NGFW more promising and user-friendly than its alternatives and services like navigation, control, and filtering ensure that all users stay connected to business applications and restrict traffic.

At the organizational level, the integration and implementation of Check Point NGFW took place on a priority basis based on our data and system security concerns about malware and phishing attacks.

Check Point NGFW bifurcates, channels, and segregates internal networks. It builds a secure VLAN and separates it for every department.

It's scalable and provides end-to-end resolution. It offers services like navigation, control, and filtering and ensures that all users stay connected to business applications while restricting traffic.

Check Point NGFW is great for data and system security management against malware and phishing attacks.

Check Point NGFW Firewall requires frequent updates to build more user-friendly dashboards. They need to begin the implementation of more active VPN support.

A few services of Check Point NGFW require immediate improvements, like the customer support portal and the ads management on the platform. These services need to be improved to help ensure mass adoption of Check Point NGFW.

Check Point NGFW Protects from all types of internal and external attacks, and it is easy to use. 

The integration of Check Point NGFW in my organization has taken about 1.5 years or so, and it's still going smoothly.

I haven't gone through any other platforms or solutions. However, these platforms have become a key part of our organization & work management.

Check Point NGFW is a highly scalable and secure solution that is user-friendly. It is up to the mark in terms of data and system security management. Potential users should just go for it. 

I haven't personally evaluated other solutions via reviews from some software review websites.

Go for Check Point NGFW. It's the best among market alternatives and is a must-have solution for professionals.

In the search to establish the best perimeter security while achieving standards, protection, reduced expenses, and additional benefits, we found this product. It allows us to see a low return on the investment that could be established. We like the Check Point brand, thanks to the characteristic benefits, evolution, and innovation that the brand has. It's allowed us to establish and meet the needs we have.

The state-of-the-art perimeter firewall we use today has great benefits and an outstanding number of available features put into place. The characteristics on offer have come to give an added value under a single investment, thus offering many advantages. We have achieved and a return on investment and the benefits are consistent with the expectations set in motion. We are managing to correct and protect not only one area, but we are putting into operation additional functions to achieve an appropriate level of security. 

We like that we can create different VPN services connected from site to site or remote desktop connections to establish connections from point to site or from site to site, thus giving us a really high capacity to establish and manage simultaneously. This has allowed us to be a little more flexible, giving each of the members of the organization the possibility of working from home and being able to interconnect with the different branches of our central service quickly, safely, and efficiently. 

The policy installation module should be improved. It needs to be faster and have a complete interface to manage and apply changes more quickly when creating a policy or wanting to modify an existing one. 

One of the features that has been getting better over time is the way you install and apply your policies. Before, they were very slow. Today, it has improved. That said, it could be a little faster and more efficient and thus achieve a fast, light, and efficient installation in the services that are being configured instantly when they are applied.

I've used the solution for one year.