Check Point NGFW Reviews

We use this solution for the VPN, from site-to-site and remote.

We also use it for advanced IPS, IDS, malware protection, and the sandbox. The sandboxing functionality is one of the best features.

All of the features are very valuable, but the most valuable features are the sandboxing and the advanced IPS/IDS.

The web filtering and CLI commands need to be improved. 

The CLI command is very difficult to deploy. 

If you are an engineer and considering configuring through the command line, you can't. The command line is very difficult to use, which is one of the biggest drawbacks of this solution.

The initial setup could be simplified.

Technical support is another big drawback and needs to be improved.

In the next release, there should be improvements made to the sandboxing functionality.

It's a very reliable solution. There are no issues with the stability of it.

Currently, Check Point NGFW is the most scalable firewall on the market.

We have more than 500 users in our organization.

We will continue to use this solution and we plan to increase the sandboxing feature, which is the best feature of Check Point.

The technical support is not good, which is the biggest drawback to Check Point. They will never compare to Cisco. Cisco's technical support is the best.

I have also used Cisco, which is more expensive but the support is better.

The initial setup was very complex.

It can take 20 to 30 days to deploy to the network.

It is less expensive than Palo Alto.

Licensing is on a yearly basis and I am happy with the pricing.

I also considered the Palo Alto Next-Generation Firewall. I evaluated this solution and compared the price.

We chose Check Point because the price for Palo Alto is very high.

If you are looking for deep security and have a good budget for security and firewalling then I would recommend Check Point, as it will meet the requirements.

Every product has its drawbacks and advantages, but I am very happy with this solution. In my opinion, this is the best firewall in the market at the current time.

I would rate this solution a ten out of ten.

We're using Check Point Next Generation Firewalls to secure the internal LAN network from unwanted threats and for protecting the environment for business use.

The most valuable feature is the central management system through the Security Management Server. Apart from that, the graphical user interface helps us to do things easily.

The frequency of the antivirus updates which we get for Check Point firewalls should increase. They should be of good quality compared to the competitive firewalls on the market. They should give us stable antivirus signatures. That is an area in which they can improve.

I have been using Check Point's Next Generation Firewalls for the last three-and-a-half years.

These firewalls are very stable and, apart from the antivirus issue which I mentioned, everything is stable in them. The best thing is that they are the most advanced firewall on the market.

Per my experience, it is very easy to scale these firewalls, because they are combined with the central management point. It is very easy to push the same configuration to different firewalls at the same time. It does not take much time to extend usage.

We use them throughout our organization. Currently we have used them for around 50 percent of our needs and there is definitely a room to grow. In the future we will definitely try to increase usage, if it is required.

We have had a good experience with the Check Point support guys. The solutions they provide are very straightforward and are provided quickly.

I used Palo Alto firewalls. Compared to Palo Alto we are happier with the Check Point Firewall features. Key differences are the ease of operating Check Point firewalls and the use of Linux, as we are all trained in Linux. It is easier for us to work on the ELA of Check Point firewalls. And Check Point's support is good.

Check Point is the best firewall we have found for our organization so we went with it.

In our company we do setup of Check Point firewalls very frequently because we are a growing company and we are required to do them on a fresh basis for our new branches.

The initial setup for these firewalls is straightforward. There's nothing complex about Check Point firewalls. They are easy to install and configure. We have cloud-based VM firewalls. We configure them in our environment. It is easy to access them and it is also easy to implement the changes on them.

Deployment time depends on the condition and the space of the organization. In our case, it requires three to six months for the setup phase. We have the same implementation strategy for all our branches, which is very simple. It is a three-level hierarchy which is recommended by Check Point. We use the SmartConsole, we use the Security Gateway, and we use the Security Management Server.

In my organization there are six people who have the access to the Check Point firewalls. Two of them are network administrators and four are managers.

We are happy with the return on investment from the Check Point firewalls. We are happy with the features and with the protection they provide us.

The licensing part is easy for Check Point firewalls. You just purchase the license and install it on the firewall. The pricing is a bit high, but obviously it gives you advanced features. If you want to buy the best thing on the market, you have to pay extra money.

When implementing the product, follow the recommendations which Check Point provides. Follow the backup for the firewall so that in case of an issue, you have a secondary firewall active.

The biggest lesson I have learned is that there is a scope of improvement. Companies that are improving and providing updates frequently are growing more. In addition, improving support is a very key part of things. Check Point rates well on all these points.

It's an on-prem deployment where we use it to protect our client and end-users who are working with the internet, and to protect their servers from external access. They have about 100 users and two servers.

When we did not have SSO, we had problems related to attacks compromising our firewall. That has been mitigated. We have the traffic going through the firewall to the server, so those types of things have really improved. We are seeing less traffic going to the server. When there was direct access to it, there was more and more traffic going to our server. So it has improved our server performance.

My favorite feature is the UTM piece and that was the main reason we bought it. It helps us to fine tune the network. We use it to block certain websites, to block access to particular locations, such as in Singapore or say Malaysia, where we have offices. We keep the previous device updated and, based on that, we also have static MAC address binding.

We also use the VPN services. The VPN features are mostly for our cloud connectivity and for our remote users to have local server access.

When I was creating the VPN on it and the client side through the portal, that feature was very annoying. I could not use it. It was much more usable after downloading it to the laptop. That was very good compared to using it directly from the browser.

I have been using Check Point NGFW for almost two-and-a-half years.

It's a stable solution. In the time I have been using this product, I have hardly seen anything break.

In terms of scalability, they have products that can fit into the environment. It's a very scalable solution. For our requirements, it fits very well. You can go with whatever kind of setup you want: Active-Passive, Active-Active. Check Point is very easy. Their solution is ready for our market; it's very well suited. Wherever we want to go, Check Point can provide a solution.

Currently, we are using somewhere around 50 to 60 percent of the box's capacity.

Sometimes, when I have gotten stuck, I have reached out to support and it's okay. They have helped me very quickly.

We did not have a previous solution. We went directly with Check Point. We liked the features provided by Check Point and we went for it.

The setup is not complex. It's easy to deploy. The documentation provided is very good. Deployment takes me two to three days. The hardware takes one-and-a-half days and then I get all the features up and running.

We have a standard implementation strategy. We have a checklist. We plan it out. Then we go into the field for the deployment. We have one dedicated engineer for deployment, and I also check it on a regular basis. The two of us are also the ones who manage the solution.

We have to consider things, cost-wise, when we are expanding into other locations. We don't have the budget to use it in other platforms. We have some servers that we deploy in AWS and other locations. But instead of going with Check Point, we go with other vendors to fit into the budget.

Check Point is really costly. When it comes to the Indian market, where we are located, we always consider budget solutions. So this is an area where Check Point could use some improvement.

In addition to the standard fees, support is an added expense.

The biggest lesson learned from using this solution is in terms of security. It is a really good product. I don't think there is anything missing from the Check Point firewalls. The features provided by the company are very good and provide what we need.

It's a very good security product, as long as you have the budget. It provides modern security and the architecture Check Point provides is good. And the application side will really help any size of business to deal with traffic based on the application.

We recommend to clients who are installing applications that they can work with Check Point Next Generation Firewalls. Our role is to support our customers in terms of their migration, firewall room cleanups, and implementing all the security features that the firewall has.

Our clients have branch offices in Mexico and Bermuda. Check Point is one of the top names in these areas.

Our clients come to us to fix holes in their endpoint security management infrastructure, which might be letting things through like ransomware. We recommend Check Point Firewalls and some other endpoint security management solutions to mitigate these risk factors. We use this solutions to help build a perimeter for the company, as it helps filter threats from affecting our clients' infrastructure.

The application authentication feature of Check Point is the most valuable as it helps us keep users secure. 

It works smoothly when managing clients' on-premise and cloud firewalls.

Permissions from the client regarding troubleshooting and how well we can packet capture have not been smooth.

Check Point should quickly update and expand its application database to have what Palo Alto has. 

There have been some issues with third-party integrations.

I've been using Check Point Firewalls since 2012. This was right from the beginning when it was hardware from Nokia and the R65 and R66 models. So far, that has gone well.

They are stable. There are no standalone Check Point boxes. If a module goes down, it doesn't affect the base as a whole. Check Point Firewalls have nice redundancy.

Scalability is a good feature that this solution has. It is easy scale out and do site-to-site implementations. Sometimes, you have to clean the OS or RAM to free up availability. However, if you do this, then there are generally no issues with scaling it.

The documentation is really good. 

Their support guys response is really quick. Though, sometimes it takes them more than four to five to get back to us via email and acknowledge an issue. If you have the diamond support, it is definitely fast. However, if you don't have that sort of expensive after-sale support, then it is a problem to engage a Check Point technician at a very fast pace.

We actively participate in the community group.

Our clients are migrating over to Check Point NGFW from Cisco, Juniper, and Fortinet because they want the Check Point Application Intelligence feature. 

We set up the management tool for the clients to manage all their infrastructure.

The migration is generally seamless and takes one shift or day (about nine hours).

We migrate clients to Check Point from other solutions. We also have situations where it's a clean install for deployment, which is the most common scenario.

We are working with Check Point Firewalls to provide installation, migration, updates, setup, etc. 

In the beginning, we needed help from the vendor with the setup. The support was good.

Our clients have seen ROI.

Cisco pushes clients to purchase their hardware, and this is not the case with Check Point. This helps to easily manage costs.

There are now more competitors in the market, like Palo Alto and VMware. 

Palo Alto is a bit more smooth and cost-efficient than Check Point. Palo Alto has Unified Threat Management (UTM) coupled with a dake lake database that is huge. Also, its migration is more smooth than Check Point's. 

Look for a software with licenses that support the features you want. I would recommend doing an RFP before purchasing. Get in touch with Check Point's sales team and compare it with other solutions.

Check Point features are always evolving. They try to stay abreast of the market. I would recommend not using older, obsolete models of Check Point because of this. 

I would rate this solution as an eight out of 10.

We use it for standard firewalls.

The interface and the IPS intrusion prevention are the most valuable features of this solution.

It's pretty straightforward to use once you get your head around it. It's fairly straightforward to use. 

With the version we're on, it's a bit time-consuming if you have multiple IP addresses to add. But in the later versions, which we're moving to, it makes it a lot easier to add IP addresses with dynamic objects, as they call it.

In the next release, I would like to have the ability to automatically add rules from the tracking log. I've used that in other firewall software whereby you can trace the logs, and from the log, you can add a new rule automatically. That would be a nice feature.

I have been using Check Point NGFW for around a year. 

We're on R77 and soon to go to R80. They're virtual machines.

It is very stable. We had one issue recently where Check Point had made a change, and it took a lot of our connectivity down. But that was really a one-off, so that was a mistake on Check Point's side with their policy testing/QC control that affected lots of their customers. 

I've not had to deal with scaling them but from what I understand, they scale to huge organizations.

We have around five IT engineers who use this solution in my company and five who work on deployment and maintenance.

It's used throughout the business, with around 1,500 users, so for all the traffic. We do not have plans to increase usage. 

 I've used the technical support. They're very responsive, we usually get a response the same day. The advice they've given has been very good and the knowledge base articles that they send are also very good.

In other companies I've worked at, I also used all sorts of firewall solutions including FortiGate, Cisco, and pfSense. Check Point is easier than Cisco but more complex than pfSense or FortiGate in terms of its features and management.

Check Point's push to make deploy policy changes is slow when you've made a change to then push it out to the firewall. It does take 10 minutes or so to push that change out, so it's not as instant as some of the other firewalls I've used.

I have seen ROI. There have been no complaints. We haven't had any security breaches, so it's been good.

It's a good product. My advice would be to get some training or watch some videos on using it. You do need a bit of training on it. Initially, there is quite a steep learning curve.

My comfort level with it is on and off. I've been at my company for a year and I'm starting to get comfortable, but it's such a big product that unless you're using it all day, every day, you wouldn't master it. If that was all you were doing every day, then it would probably take you three or four months to get the hang of it.

I would rate Check Point NGFW an eight out of ten. It's not as easy as the other firewalls I've used but that's probably due to the large feature set.

Our primary use case of this solution is to use it as a security gateway. 

The visibility and the logging are the most valuable features. Also, their interface is second to none. The best thing about it is the interface but it crashes too often. If it can stop crashing that would be great. 

Their support is completely useless. They need to improve that and the stability. The main reason we are moving on from Checkpoint is because of their stability and their support. There are way too many bugs. You just can't get things to work properly.

They don't need to bring any more features. They need to focus on stability. They should stop trying to be funky and stop trying to develop new things to catch people's attention. Just focus on what they already have and make it work. It would be a good product. Just make sure it works. 

When it works, scalability is perfect. 

Six years ago we were using a Fortinet solution. The reason we switched to Checkpoint was because of the central management. It can manage up to hundreds of devices without failing but in reality, it doesn't actually do that. Central management was better than Fortinet back then. That was several years ago. I don't know Fortinet now. The reason we chose Checkpoint was the central management. We needed to manage up to about 700 or 800 devices.

The initial setup depends on how many features you want to turn on. If you just want a simple set-up, with not a lot of features, then it's easy. You can set one up very quickly, within a day. If you want to have a lot of features turned on and your environment is slightly more complex than standard, it can take up to a few months because you will always run into bugs. It's going to stop you from proceeding and you will be battling with it for a long, long time. Contacting support won't always help. You could potentially waste months of your time and not get any value from it. 

We had Checkpoint support engineers for the implementation. The people are helpful. They support their product. The problem is that there were too many problems. Even their support can't fix it. They try their best to help but when the product isn't great, there's not much you can do.

This solution is way too expensive for what it is worth, especially when it doesn't work. It's just pointless. It's time wasted.

I would rate this solution a three out of ten. The reason I give it a three and not zero is because the visibility and the interface are great. Other than that, they're too much of a headache. We've had painful experiences that we never want to go back to. 

We use Check Point as well as Cisco. The firewall is used in order to continue filtering with VMware VMotion on different data centers. 

We have several data centers that are stretched. Our Check Point firewalls are used to filter north/south traffic.

With BGP on Gaia, when one of the clusters is unreacheable, the traffic is rerouted to another cluster. 

We also use VSX which is really a very good product for macrosegmentation.

The management of the firewall and advanced routing is great. It's easy to use and troubleshoot.

We need east/west Check Point firewalls in order to do micro-segmentation. A good solution for us is a solution that can be installed on différent systems (Linux, Windows K8S, bare metal, etc.) and can have centralized management.

Troubleshooting is also a big feature that will be necessary in this use case. 

I've used the solution for many years.

We also looked at Ciscos ASA and Fortigate.

The user interface is very good.

The level of security is excellent. It protects our organization well.

It's a good overall product and we have a high level of satisfaction with the features on offer. 

Technical support could be improved. It's hit or miss in terms of the level of service and getting the answers you need.

I've been using the solution for ten years. 

We have hundreds of users that use the solution currently within our company.

We aren't 100% satisfied with technical support. Sometimes you get the help you need and sometimes you don't. Sometimes it's absolutely amazing. Sometimes they're great. However, you can't rely on them being like that all the time. We'd like the service level to be more reliable.

I can't speak to the installation process, as it was handled by an outside firm.

We had an integrator that assisted us with the implementation. 

I'm a customer and an end-user.

I would recommend the solution to other organizations especially if the company is looking for a certain level of security.

I'd rate the solution at an eight out of ten.