Check Point NGFW Reviews

I use the NGFW as a Firewalling device, for VPN tunneling, and for virtual patching. My environment is a two-tier network environment. I also use the Check Point NGFW as an IPS.

It really has improved my organization in terms of protecting my network against intrusion and zero days. I have been able to explicitly configure the blocking of certain attack vectors using Check Point NGFW.

The firewalling feature and the VPN functionality are excellent. With the firewalling functionality, I have been able to ward off intrusion from outside the network. With the VPN functionality, I have been able to allow secure remote connections from external customers and staff. 

CheckPoint would do good to add new features such as UEBA(User and Entity Behavior Analytics). 

They should also improve on the effectiveness of their antivirus. It should be more effective than competitors.                                                                                                                                                                                                                                                                                                                                                                                                                                                       

I have been using Check Point NGFW for five years.

The product is very stable with no crashing or configuration corruption.

The solution is highly scalable and responsive.

The vendor is very professional and has the know-how.

Positive

I used to use the Cisco ASA 5500 series firewalling device.

The initial setup was straightforward.

The product was implemented through a third-party vendor.

We saw an ROI within one year.

It is very competitive relative to others on the market.

I was shown the POC and I fell in love with the fact that the Check Point NGFW has a GUI that allows for easy configuration. It also does firewalls very well. Therefore, I did not look at other options.

It is an awesome product!

The environment in which it was deployed is a financial institution that requires high availability, confidentiality, and integrity of information within the supporting infrastructure. The NGFW is used specifically for the VPN, firewalling and it also serves as virtual patching in the event of zero-day vulnerabilities that are very common within some well know client desktop computers and servers.

Initially, I was using the Cisco ASA5500 series firewall. I never believed there could be better firewall devices in terms of ease of setup and management. The NGFW from Check Point has increased my confidence in terms of performance and ease of configuration with its intuitive interface. It supports the VPN configuration without any unnecessary latency and packet dropping.                                                                                                                              

It blocks over 97% of threats!                                          

VPN, firewalling, and virtual patching are the most valuable aspects for me. The NGFW is so effective that I can go to sleep and vacation. Check Point products rarely have vulnerabilities that put the whole organization at risk, unlike some other firewall products.

The VPN tunnels are very effective in terms of stability and quick connection.

Virtual patching is useful as a workaround for zero-day vulnerabilities.                           

It offers excellent filtering of URLs.

The interface can be more user-friendly in terms of the design and location of critical and commonly used icons.

They could add a web user Interface.

I have been using the Check Point NGFW since 2018 when it was deployed in my company.

The stability is awesome and it puts me in a no-worries mood!

The scalability is awesome.

Technical support is friendly and awesome.

Positive

I did use Cisco ASA. The administration was grueling coupled with some nefarious vulnerabilities and the cost of ownership.

The initial deployment was demanding due to my network architecture, not because of the product.

The implementation was done through a vendor.

We've seen ROI at 6 months to 1 year.

However, the ROI was realized within weeks of deployment.

The solution is reasonably priced relative to some other brands.

We did not evaluate other options.

It is the best amongst the rest.

Check Point's Next Generation Firewall has definitely improved our organization as we previously used a Linux firewall and we have had to manually configure internet control measures. When it comes to configuring firewall policies it was time-consuming. This has been taken care of by Check Point's Next Generation firewall. Even the integration to the Active Directory has been made to be seamless and requires a minimum effort from our security and network administrators. The technologies that are in place are amazing. For example, the Threat Extraction and Threat Emulation technologies. The Sandbox technology, or Threat Cloud, is world-class.

The remote access blade functionality is really valuable as we now need to just install the client on the user's machines and the client can be preconfigured with the site details. This makes our lives very simple. The logging of the firewall is also phenomenal as it is very granular and very easy to filter. 

The Application control blade is another valuable feature as we now only need to create a rule to be applied and to specify the applicable application which is categorized. The ability to configure dynamic objects, for example, Microsoft Office 365, is also a valuable feature.

The reports are very detailed and the variety is amazing. It caters to everything and is even more that what we had bargained for. They are also customizable, which makes them extremely valuable to us. 

Another great feature is the ability to publish corporate applications in a secure web environment.

Many problems have been solved with these firewalls and we've largely been very satisfied. Thanks to this infrastructure that we have managed, in this pandemic time, to quickly and effectively offer the potential to remotely work for everyone has been good. 

Also important is the separate management interface that has made it possible to carry out even the most operations while comfortably seated at the desk. It provides multiple profiles that you can apply depending on the scenario that presents itself.

It takes a while to install the rules so that if you make a mistake you can only fix it after a few minutes. There's no problem with traffic processing. 

Sometimes you are forced to interact on several levels: on the one hand, you put in the rules, and on the other, you put in the route. The predefined reports are few and it would be nice to increase them since the logs are excellent.

In my work experience, I have been able to use multiple firewall platforms. There are only two valid ones for me and one of them is definitely Check Point. The others charge less but there is a reason for that. It is a good idea to think carefully before rather than after you suffer from a serious attack.

We have been using the solution for three years now.

For me, the solution has been stable. Perhaps running it on a small scale helps.

I like the fact that it's so simple to scale.

I find the support to be very prompt. They go the extra mile to assist and are thorough in their troubleshooting.

I did not use a different solution, however, I came to know about this product while I was working for a company called Syrex.

It was set up for us by a company I used to work for.

It was through a vendor, and they were very good and did it on time as they promised.

A stable and fully functioning solution has enabled us to focus on other aspects of growing the business.

I looked at Fortigate, and it was not as clearly defined, and easy to follow as Check Point is.

Check Point does cost a lot, but for me, it's worth the money I paid.

Some of the products are easier to deploy. For example, the Harmony products are simpler as they have a per user/per device pricing model.

We use Check Point Gateways for securing our data centers including DMZ networks as well as gateways for our branch offices around the world. They are connected via MPLS, internet, or site-to-site VPNs depending on the branch connectivity.

A minimum standard for the whole environment is the NGFW. Firewall rules according to our security policy. VPN for site-to-site tunnels to our own gateways or to partners and customers. IPS is set primarily to prevent, and for some signatures to detect. 

Application Control is still in the early stages.

Firewalling is one of Check Point's core business attributes, and it just works.

Creating site-to-site VPNs between Check Point Gateways that are within the same management is unbelievably easy. If you create VPNs for 3rd parties and there are mismatches or issues, you will see logs that help pinpoint issues or misconfiguration.

Application control help with identifying applications and therefore makes firewall rules easier since changing ports don't have to be adapted every time an application changes or updates.

Generally speaking, all features are well documented and the two platforms help with configuration. Documentation and knowledgebase articles in the user center as well as user recommendation within the forums are great. The Admin Guides are really well documented, but it's a lot to read.

Check Point helps a lot with automatization which definitely reduces the effort to maintain the environment. The best example would be the CDT tool which helps with decreasing the amount of time for upgrading whole environments.

The policy installation length is still too long. It was promised that the time would be severely reduced in newer versions, but it is still too long. R81 promises at least parallel policy installations, which help in larger environments.

Check Point's advantage (to be able to configure everything) is also a disadvantage. The environment is quite complex. Troubleshooting is not always easy as there are a lot of possible debugs that can be taken, and the support will not always send the right or necessary debugs. Some debugs also can cause a heavy load, so you have to keep an eye on what you troubleshoot.

Our company has used Check Point for well over 10 years.

If it's running, it's stable. New setups have to be tested though.

The solution can be scaled from very small branch offices to huge data centers or even cloud data centers.

Support depends on how well you describe the issue and send information. Sometimes escalation is necessary.

The more features (blades) are turned on, the more complex the environment becomes. If something goes wrong, you have to rule out several issues (hardware, blades, et cetera).

I use CheckPoint in our data center to control the internet and to enable threat prevention. I then integrate it into my center and to my events.

I like the SmartEvent feature. When we see a threat, SmartEvent can create a rule for that. SmartEvent works with the SmartCenter to block a threat attack with a block monitor. The SmartCenter has the management for all the firewalls and data centers in a single dashboard.

It could be more stable and scalable. Check Point price and support could be better.

I have ten years of experience using Check Point NGFW.

Check Point NGFW could be more stable. I think the problem is that the kernel sometimes won't play ball and isn't stable. Sometimes, they have a block, and we have to spend a lot of time fixing it. In contrast, I think Palo Alto and Fortinet are more stable.

Check Point NGFW could be more scalable. I think Palo Alto has more plugins and features, and Check Point needs more features. However, Check Point integration is very complex.

Check Point support could be better. I think Palo Alto has a very clear pricing model. When we have an issue, we create a ticket and receive fast service from Palo Alto. It's good.

The initial setup, in my experience, isn't simple as Fortinet and Palo Alto. It would be better if the person doing it has experience. 

I implemented this solution by myself.

The price could be better. I think Palo Alto pricing is high, and Check Point isn't much better. FortiGate is cheaper. I think when I implemented this solution, I recommended buying a yearly subscription.

When I choose a solution for a customer, I must verify the features, current specifications and make recommendations. When we use an all-in-one firewall solution, we usually recommend using a Palo Alto external firewall. This is because Fortinet has an SD-WAN solution and firewalls, and Palo Alto is the same. But I don't think Check Point has one. When a customer doesn't want to implement many solutions, we recommend using Fortinet or Palo Alto.

On a scale from one to ten, I would give Check Point NGFW an eight.

The user interface is very good.

The level of security is excellent. It protects our organization well.

It's a good overall product and we have a high level of satisfaction with the features on offer. 

Technical support could be improved. It's hit or miss in terms of the level of service and getting the answers you need.

I've been using the solution for ten years. 

We have hundreds of users that use the solution currently within our company.

We aren't 100% satisfied with technical support. Sometimes you get the help you need and sometimes you don't. Sometimes it's absolutely amazing. Sometimes they're great. However, you can't rely on them being like that all the time. We'd like the service level to be more reliable.

I can't speak to the installation process, as it was handled by an outside firm.

We had an integrator that assisted us with the implementation. 

I'm a customer and an end-user.

I would recommend the solution to other organizations especially if the company is looking for a certain level of security.

I'd rate the solution at an eight out of ten.

We implement Check Point in the front end to protect internet platforms and security platforms. 

Check Point provides very good performance with many solution options and many kinds of modules.

I'd like to see more integration with other solutions. 

I've been using this solution for a couple of months. 

This solution is stable and scalable.

We've rarely used support but they've been helpful when we needed them. 

We migrated from Cisco to Check Point. Check Point is easier for the administration console.

Before migrating to Check Point, we tested it in several environments. We used a consultant for deployment and we now have 800 users in the company and six engineers responsible for maintenance. 

We pay an annual license fee. 

I recommend this solution and rate it a 10 out of 10. 

We use Check Point for VPN access for all employees, as a rule. We also used it as a filter, a firewall, and it's the front line of our access to the Internet.

It has VPN access for our employees and it controls access, barring intrusion for non-authorized access.

The URL filter is activated to filter access to our employees. We use filtering for VPN access.

The configuration is one of the best features of this product.

When this product was purchased approximately 12 years ago it was the top of the line.

The product has been working very well.

I don't have any issues with the software of this solution. It works as is expected.

I would like to see more integration with other infrastructures. We are considering Cisco because it is more integrated, and the network limits of the solution are better.

Recently, we experience a problem with the hardware because it was too old, it was blocked. The hardware failed, but the software did not. With older hardware, it is a problem because our network is growing every year. The solution is not at maximum performance. 

It does not have the performance that we require. The network is not the same as it was 12 years ago. There are several logs.

We are looking for a cheaper product that is more integrated than our Cisco Network appliance.

It may also need to support other types of architecture.

The only reasons we are looking at other solutions are price and integration.

Check Point was installed in the company approximately 12 years ago.

The stability is good.

We are a company with 1,200 employees, and approximately 700 are using this solution.

We have five HP Servers, and we have a cluster in different geographic locations. 

Check Point has been installed in an HP-certified server. It is not an appliance, it is an HP Server.

We have one or two professionals who work on the platform.

It is not a cheap solution, which is why we are looking for another one.

We are currently evaluating new firewall solutions because the Check Point that we have was installed approximately 12 years ago, and wanted to change to a next-generation firewall.

The HP Server works fine without any maintenance, but it needs to be taken care of. We did not, which caused a disk to fail. We have one or maybe two that are working. I don't have any complaints about the HP Server. It was sized for that network load at that time.

I would rate Check Point a ten out of ten. It works as expected.