Check Point NGFW Reviews

We are a Critical Access hospital with close to 1,000 endpoints and hundreds of users. We currently have multiple ISPs coming into the hospital for internet redundancy. There are multiple buildings on our campus that are connected with copper and fiber. We have had clinics in multiple cities attached to our network at various times. 

We installed the Check Point NGFW in our environment to act as our main firewall and gateway. This allows us to keep several of the vendor devices (lab analyzers and other third-party equipment) segregated on different VLANs so they have no access to our production VLAN. This system is also our VPN concentrator for several site to site VPNs and remote software VPN connections.

In the past 15+ years that I have run these firewalls, we have been able to make huge strides in increasing our security posture. This has been evidenced by our annual Security Risk Assessments run by a third party. Check Point is always coming out with new features that help make it easer to manage our security posture. We have received multiple comments from other organizations praising us for the speed and accuracy of setting up new site-to-site VPNs with the proper access. This is all possible because of the intuitive Check Point software.

There are many great features, however, with our last upgrade, we now have a web GUI that allows us to pull up multiple facets of the firewall environment. This feature has been very handy. There have been times we have a connectivity issue, and both sides are blaming each other. If I'm away from my desk and don't have my laptop, I can quickly bring up the interface on my phone and search through the logs, rule base, and VPN communities to help quickly troubleshoot the problem. I can't say it enough - this has been invaluable.

Overall, this is a great system, and I'm struggling to come up with things that I think should be improved. 

I have had some issues in the past with the desktop client being slow to come up for logging in, and then slow to respond to screen changes, however, overall, it really hasn't been too bad. 

For additional features in the next release, I would like to see more change functions available in the new Web GUI version. This is still a new offering from the company, therefore, I can only assume it will get better as customers make suggestions/requests.

I've used the solution for over 15 years.

This system has been rock solid in our environment. I have even run beta software to try out new features. I trust the company and their top-notch support staff to keep us running smoothly.

This system has been very scalable. Check Point offers multiple security 'blades' that let you start out small, and increase as needed without having to drop a bunch of money on new hardware.

I rarely have critical issues, however, when I do, I can call and get an engineer rather quickly. For most of my issues, I utilize the online support portal and/or knowledge base articles.

Positive

We had engineers online with us to help us get everything setup. They have done this many times, and they were able to give us a lot of information to help prep the environment. This left us with minimal downtime.

We used Check Point for implementation, and they are top-notch. They know the hardware and software better than anyone.

That is difficult to calculate. We have had hospitals and clinics drop like flies to ransomware, DDOS attacks, and other issues. The financial impact of something like that would be huge. You can't put a price on safety. 

We are trying to do the best we can in an ever-changing landscape of cyber dangers, and we feel that Check Point has been a great name to hang our safety on. In the 15+ years I've been working with Check Point, I have only changed out the hardware twice. We pay an annual fee to cover licenses and support. In general, this is a great investment.

We purchased this through a VAR, so your mileage may vary when it comes to cost and initial service for setup. 

The licensing can be a bit tricky when you have more than one appliance. That said, they are very open and explain how it all works. They give the ability to set up trials of all the different license 'blades' to let you try before you buy.

We use Check Point Next Generation Firewalls as a perimeter firewall for all sites, including the DMZ, disaster recovery center, and branch offices. We also use IPS, Anti-Bot, Antivirus, Identity Awareness, Application Control, and URL Filtering blades at all gateways. At our main site, these blades provide additional security controls to our existing security solutions. For our branch offices, Check Point Next Generation Firewalls work as unified security products and we do not need to implement additional security solutions.

In addition to legacy firewall features, by using Check Point Next Generation Firewalls blade technology, you can improve your security. 

By using the smart console, you can control tens of gateways from a single point. The smart console also allows you to control all the blades from the same GUI. These features decrease our manpower needs. 

The identity awareness feature makes it easier to implement and manage firewall rules. 

The ease of configuring VPNs can be very useful especially for companies with lots of remote locations.

Check Point Next Generation Firewalls have numerous blade options such as Anti-bot, IPS, and URL filtering. In most cases, one box could be sufficient to use all these blades. You can manage all these blades from a single console. This feature lowers your administrative workload. 

If you have comparatively small branch offices, in addition to administrative workload, instead of spending money for security products such as proxy or IPS, Check Point Next Generation Firewalls could meet your requirements. 

If you have a long ruleset, you may experience performance issues on the GUI, and installing rule changes on gateways can take a comparatively long time. 

If you use Check Point firewalls for a long time, it is inevitable to have long rulesets over the years. The need for using different GUI applications for different versions can be confusing. A backward compatibility feature for smart console versions could be useful - especially if you are an enterprise customer, you probably need to use different versions at the same time. 

We have used the solution for 9+ years.

The primary use of the solution is as an enterprise perimeter firewall in our data centers. We also use software blades for IPS/IDS functions as well. We have a combination of enterprise-grade firewalls like the 15000 and16000 series as well as mid-size versions like the 5000 and 6000 series which are for specific segment isolation or other purposes. The software blades are running on HP servers. Management is done via 5150 appliances. 5000 and 6000 series appliances are primarily used for segment isolation while the larger appliances are used for perimeter security.

We have been using Check Point firewalls as our main security devices for many years and thus have a strong level of expertise within the organization on implementing various features. We love the reliability and strong feature set of the firewall appliances and software blades. Managing policies with v80 and above is also much more streamlined. Troubleshooting events via logs makes identifying issues straightforward. We have multiple engineers working on policies at the same time, so the newer versions help simplify this tasks for us.

I love the redesigned interface starting with R80 as well as the ability for multiple engineers to work on the policy simultaneously. Policy management is simplified and the virtualization options help us to plan for future deployments in a much easier way. While we haven't tried out all the features available - like Sandblast, AntiBot, URL filtering, etc. - the fact that these are available to use is definitely a plus. We were able to use the IPS features, negating the deployment of an expensive standalone IPS solution.

Check Point solutions have always been more complex to deploy than their competitors. There may be multiple scenarios where we may need to engage support, however, the customer support is very good. There are certain features that are only possible from the command line (e.g. packet captures) and it would be good to integrate everything into the GUI to reduce the learning curve for newer engineers. Finally, it can be a costlier solution - especially for the smaller firewalls as compared to the competition. It would be beneficial to have more training options or documentation as well.

I've been using the solution for over 15 years.

The solution is extremely stable. There have been a few software bugs that have caused some unwanted glitches but these were fixed with updates.

If the product is sized correctly in terms of appliances, then it is easy to scale. 

The support is excellent and knowledgeable. The service offered sets them apart from the competition.

We have used Juniper SSG firewalls in the past and moved to Check Point due to the learning curve on the new JunOS deployments with the SRX firewalls.

The setup required some planning and was slightly complex. The process requires good expertise on the product before deployment.

We had an in-house team for deployment with active support from Check Point.

I don't have much detail on this.

We evaluated Cisco ASA firewalls and Palo Alto devices as well as Juniper SRXs.

Setup can be complex and it is very helpful to first plan the deployment before rushing into it. Use the support available to find out the best options to use.

We would love to have more training materials and/or courses available so that I can onboard engineers in a faster way.

The biggest thing is the central management. It is quite good and allows us to manage the different firewalls from it. We can implement and configure many firewalls and push our policies to them as well.

One of the most valuable features is the antivirus. It's very good.

We also now support cascading objects. We didn't support this previously, but on Check Point we do.

The dashboard is quite good, you can explore a lot of features there and it's easy to understand.

It also gives us SSL inspection, which provides more effective mitigation of defects and data leakage.

The antivirus is not as effective as it could be because updates are not that frequent.

Another area for improvement is that certifications are quite expensive with Check Point.

I've been using the Check Point Next Generation Firewall for the last year.

My role includes working on Check Point and Cisco ASA firewalls to make changes on them, per customer requirements or as the organization needs. I also explore new features and do troubleshooting.

It's quite stable. Until now, we haven't faced any issues.

The Check Point 44000 and 64000 Next Generation Firewalls are designed to be quite scalable. 

If we do face an issue which is not our support boundaries, we involve the Check Point TAC. They're quite technical, so they help us to resolve things. They are always helpful. They're knowledgeable and their response time is very fast.

Previously we were working on Cisco ASA firewall which didn't support the cascading objects. Also, Cisco supports two gateways, whereas the Check Point supports up to five gateways.

We also decided to bring on Check Point because there are a lot of switches that are not supported in Cisco ASA. Also, with Cisco, IPS does not come with the firewall and we have to configure it separately. The Check Point IPS comes with it.

There are a lot of features which are not supported in the Cisco ASA Firewalls.

The initial setup of the firewall is straightforward. I didn't find any difficulties in moving from Cisco ASA to Check Point. The dashboard is quite friendly, so it didn't take much time to learn.

Deployment took about three days.

We have different stages in our implementation process like planning, approving, implementing, checking and validating, and the last one is matching. Job roles in our organization go according to these stages the approvals. I do the planning part and my approval request goes to my team leader.

We have about 400 to 500 users. They are semi-technical or non-technical people, such as network and security engineers, who are tracking and monitoring the firewalls. If we're talking about troubleshooting we have from different levels, like L1, L2, L3.

It's saving us a notable amount of time. 

Check Point is good. It has a lot of features which will support a lot of things in your organization, and the dashboard is quite good. There are a lot of features, such as data protection and data inspection, at a good price.

The solution is easy to use. I like the monitoring the most.

All the advanced features of automation, especially the first installation of tunnels, need improvement. Also, in terms of configuration, in terms of tuning, and fine-tuning the system, I think they do make it a bit hard for users. Right now, we need to teach admins, the network and security admins about system fine-tuning in terms of load balancing between CPUs, assignment of processes. I don't think a network admin or a system admin should deal with it in terms of when we are speaking about the firewall or networking device. It should be automatic.

It's a stable solution. There are about 15,000 users installed behind the firewall.

It's a scalable solution. It's very good.

It's easy to install Check Point, but not in the case of a large environment and multiple clusters. This is an ongoing project I can't tell you how long deployment takes. It's a huge network that I have. I have three people maintaining the solution.

I have a basic network firewall and not the advanced feature, full feature security system. I think they are the best. Still, for instance, when installing a tunnel in Check Point vs installing a tunnel in Cisco, the difference is that in Check Point nothing makes sense, and in Cisco you have the duration capability, the hierarchy of the configuration.

I would rate this solution as 8 out of 10. Mostly because of configuration problems - problems with configuring VPNs, and panels, etc.

Currently, we have a need for security when it comes to protecting the company's infrastructure on a perimeter basis. We need to cover many branches that must be protected and require a solution that provides us with technological security solutions that allow us to establish and configure in a simple and centralized way for each of the branches.

As a result, we have searched for solutions that meet these requirements, in addition, we are seeking out solutions with technological innovation capabilities constantly.

Check Point has given us the ability to comply with regulations and with capacities in a way that we never could before. Not only have we managed to secure our network, our infrastructure, and our equipment - we have also managed to gain analysis and additional configurations in each of the complex procedures that are carried out daily.

The Next Generation firewalls are quite flexible in many of their characteristics. These devices have blades or sections or small spaces where they have additional features that we can use. That way, we are not only protecting our organization and other branches that belong to our company - we also have other features if the need arises. These are the features that will always help us to put safety first in our organization.

In the future, some of the features that I would like to see would be the ability to integrate environmental solutions such as the metaverse or blockchain so that we can see them also in applications directly and on mobile devices or natively. 

I've used the solution for three years.

We are using these Next Generations Firewalls to segregate and protect our data center and business-critical data from the user LAN. 

We have some of the resources behind these firewalls which should be allowed to a certain set of users only. This is done using the authentication against the Active Directory groups and only the designated users are allowed to access the contents based on the firewall rules. 

Along with this, we use IPS and Antivirus features to protect our most critical network.

The solution is great and simple to implement. It has improved the security posture and overall management of this segregated network.

We have this deployed globally across multiple sites and it's very easy to manage compared to other vendors. 

We have been using this solution now for a few years and never came across any issues. 

The documentation is simple to understand and is easily available. 

The support is also observed to be good and we never had to escalate the cases due to support issues.

We have been using Check Point NGFW to protect the business-critical data from the other networks and provide secured access to the users best on the authentication, integrated with the Active Directory. 

We have been using packet filtering, stateful inspection, and VPN awareness along with user authentication and have not observed any performance issues in the last several years. If you are looking for a solid solution that is very stable in nature, this is the best choice.

We have been using CheckPoint NGFW for quite some time now, and the only thing that could be improved is the upgrade procedure and the frequency of the hotfixes we get. 

We have this deployed in multiple sites globally and managed via the central management server. The upgrade is something we would like to be improved in the future as the frequency of hotfixes is too much, and by the time we finish the one round, we already have the new version released and are required to upgrade. We would like to see some improvement in this area.

I've used the solution for 15 years.

The stability is rock solid.

The solution is easily scalable.

It's been a long time since we started using this. When we decided to expand several years before and we decided to go ahead with Check Point and continued with Check Point. We reviewed a lot of other products from different vendors, however, his was chosen as the best by our engineering team and we decided to stick with this.

The set up is very simple and more straightforward than we thought.

The setup cost is pretty much the same as compared to the other vendors. The initial pricing could be slightly better, however, the licensing and maintenance cost is much better compared to the other similar products in the market.

Cisco and PaloAlto were the other options evaluated.

We use Check Point on a daily basis. It is our primary gateway to the internet, with an extensive rule base that's used to block unwanted connections and protect our internal networks. 

Multiple gateways are used in a VPN community to build a secure homogenous company network over the Internet. 

We also use the two-factor authentication with RSA-Tokens to authenticate users that are away at conferences or in the home office to the firewall. 

RSA is also used on a portal (called mobile access) on the gateway, where users can easily check their e-mails and access company resources. 

Check Point NGFW has proven to be a reliable firewall. We have been using it for over 15 years now. 

It's offering great security while also being rather easy to manage. 

We evaluated a couple of other firewall solutions over the years, yet always came back for Check Point for a couple of reasons. First, they are the market leader and there are just very many resources online for installing, configuring, debugging, and so on. Second, other firewall solutions may initially be cheaper (especially for basic firewalling), but when you need more features Check Point has a surprisingly good price point. 

I personally like the SmartDashboard client best, which is the rule base management solution. You have a nice overview of the existing rules, and new rules are easily implemented. You can filter by IP, application, rule number, port, or hostname, so you easily find what you are looking for. Rules can be grouped by topic (internal, external, Internet, DMZ, etc.). It all can be well arranged to suit your needs. 

It also offers a dashboard to see recent threats, errors, or other issues with your gateways, as well as Logs for debugging.

Unfortunately, as is the case with many big companies, new features seem to always be more important than fixing the last little bugs that affect only a minor customer base. 

The command line, for instance, is still needed regularly if you want to dive deeper into debugging certain issues. 

While it certainly has improved over the years, it still doesn't feel like a polished product. Some features (e.g. super netting VPN connections) need to be enabled by editing a configuration file, which is sometimes lost upon upgrading to a new version. I'd really like to see more easily manageable debugging solutions. 

I've used the solution for 15 years.

We did have stability issues by using a not officially supported Check Point setup, running it in a virtualization environment, so the Firewall gateway was running on a Xen cluster. In the beginning this was running fine, buter after a couple of months the Checkpoint services kept freezing and needed to be restarted manually. As this started to occur more regularly (a couple of times per week) we migrated the firewall to dedicated hardware.

So I'd recommend always using supported setups.

The biggest enterprises in the world use Check Point products. Scalability is not an issue.

We used Microsoft ISA Server, which is a discontinued product before Check Point. 

Check Point has a pretty competitive price point if you use the features it has to offer. If you need only basic firewalling other solutions may be better suited to your needs. 

We evaluated Palo Alto, Fortinet, and Barracuda.