Check Point NGFW Reviews

We implement Check Point in the front end to protect internet platforms and security platforms. 

Check Point provides very good performance with many solution options and many kinds of modules.

I'd like to see more integration with other solutions. 

I've been using this solution for a couple of months. 

This solution is stable and scalable.

We've rarely used support but they've been helpful when we needed them. 

We migrated from Cisco to Check Point. Check Point is easier for the administration console.

Before migrating to Check Point, we tested it in several environments. We used a consultant for deployment and we now have 800 users in the company and six engineers responsible for maintenance. 

We pay an annual license fee. 

I recommend this solution and rate it a 10 out of 10. 

We provide solutions for various customers where we apply Check Point Firewalls, either for a VPN gateway or for securing their networks. We have provided them to a couple of financial customers to protect their mobile banking as well.

It has good features for searching the firewall rules and it has drastically changed daily operations. It's very easy, even for novice users or newcomers, to operate and manage this device. It has improved our operations that way.

The most valuable feature of the firewall is the packet inspection. That is an amazing feature from Check Point. Apart from that, we do have identity solutions which we use on a regular basis. Both are very good.

It would be great if the access management, the user management features, were improved in terms of the number of users that can be connected, and how users can access the various resources with the help of firewall authentication.

Also, one of the challenges I hear about from customers or engineers who work with and operate Check Point firewalls is not about the technical capabilities of the product but about understanding the product. There should be whitepapers available on the Check Point portal so that people can understand them more easily.

I have been using Check Point's firewalls for almost 12 years. I started with the IP390.

Stability has improved a lot from Check Point's very early days over the last 12 years. Back then we had to reboot the firewall after every two to four days.

The firewalls are scalable with our workload. We are at about 20 to 30 percent utilization so even if we doubled of our existing network resources and load on the firewalls, they would still have the space to scale. They're enough for the networks that we have implemented.

We recently finished a deployment and it's still in the user acceptance test phase. As of now, I cannot say anything in terms of increased usage. But for the customers that we have deployed it for within India and the APAC region, so far the results have been pretty good.

I have used technical support a couple of times, when it was required, for hardware replacements. Of course, once or twice I contacted them for active devices when we had some glitches. But that turned out to have nothing to do with Check Point.

Overall, technical support has been good. They understand the situation and what part needs to be replaced or what needs troubleshooting through remote support tools.

Before Check Point we used Cisco. And we use Cisco for a couple of customers because it's already pre-deployed, so it's not in our hands. We manage operations, so we are still managing Cisco devices. We don't have Juniper right now, but we have Palo Alto for one of our customers.

The initial setup is very straightforward. When we boot the firewall we have instructions which say how to connect to the QR, and from that portal you go to your gateway and configure all the required network interfaces. Once you have installed your Smart controller, you need not log into the firewall every time. Instead, you can log in through your Smart controller. That's a pretty good method which no other firewall provides.

For the very basic features, it does not take more than two days. But, for a full-fledged implementation, it can take around two months.

Our implementation strategy is to replace existing firewalls in the network. We try to keep the business downtime as short as possible, especially for business-critical applications.

For deployment and maintenance of these firewalls we have a team, worldwide in different regions: APAC, Europe, America, and the Middle East, although in the Middle East we don't use Check Point.

We have definitely achieved ROI with Check Point firewalls.

We definitely evaluate other options based on the customer's budget, and the stability and technical specs of the firewall. We generally choose Check Point as our preferred product vendor.

The biggest lesson I have learned from using Check Point's firewalls is that they are not complex.

I'm expecting a lot of solutions from Check Point and if there are more solutions from them, that would be great. I would like to see more product development.

Overall, I would rate it at 10 out of 10. It's the best firewall in the market.

We leverage it as a next gen firewall, it does all of our IPS, URL filtering. We use it for our remote users, for VPN access. We use it to build VPN tunnels out to remote sites. It handles quite a bit.

It allows us to be a little bit more diverse in our hiring. We can hire people out in remote areas, that otherwise we wouldn't be able to because they'd have to come into the office without it.

The VPN side of it. Obviously without the VPN, we'd have tons of end users that wouldn't be able to connect to our environment.

Stability issues. I built out this firewall in a cluster, and I had stability issues day one. Needs to be rebooted frequently. Tunnels need to be bounced frequently. Their hardware compatibility guide, when I built out the servers to host them on, was not accurate. And there are compatibility issues and stability issues.

We would lose our remote sites, they would just dump. Say we had our site in California, all of a sudden we're not connected to them anymore. Or we have site in AWS, then we can't connect there anymore. So I'd have to go in and reset the IPSec VPN tunnels, in order to regain connectivity, more frequently than I should have to. Obviously that can happen from time to time, but it was pretty frequent with Check Point, to the point where we're going to rip it out the next two weeks, and install Cisco everything.

As far as scalability goes, I don't feel we really had to push it. We're not a huge company. It was literally always resolved with a license upgrade. If there were too many users connected, we would just upgrade a license and then have more users connected concurrently. So scalability, not an issue. But we sized it pretty appropriately when we installed.

We had third-party tech support through our contract, and it was okay. I pretty much ended up having to figure everything out if there was a problem. As far as Check Point goes, I haven't really dealt directly with their tech support.

When I started at the company, this solution had been in place, and it was failing, the cluster was failing. So I was tasked with rebuilding the entire solution, to make it a little bit more stable. I bought two brand new servers, and spun up a cluster for Check Point. And it improved a little bit, but for what we paid for that solution, it was not really worth it. Because of stability. 

We have migrated some stuff over to Cisco ASA Firewalls. And those seems to be more stable. A lot easier to use, more stable, faster to get going.

I thought it was pretty straightforward, myself. The issue that I ran into, on their website, when you go to install a solution they have something called the hardware compatibility list. That assures you that if you install their product, you also have the right servers to do it, you have the right NICs card, etc. So I actually bought brand new servers with brand new NIC cards that matched all the specs for the hardware compatibility list. I started getting everything setup, and it turns out the hardware compatibility list was wrong. It was wrought with issues. And I ended up having to pull some old NIC cards to throw in the servers to even get the thing to work.

So they don't have accurate documentation, I guess you could chalk it up to that. Or they didn't test it very thoroughly before they put it on the website. So that caused us a lot of heartache. This was a business-impacting setup. I had to do late-night maintenance windows, so when things don't work, it affects us at a pretty big level.

I don't think the product's pricing is a good value. I feel it's very overpriced. 

I feel a lot of the features for a next gen firewall are there. But I feel it's overpriced, because of the stability issues. As far as support goes, I really can't speak to direct Check Point support, but the third-party was pretty terrible. 

I feel you'd get a lot more out of it with Cisco. With Cisco you'd pay about the same. I feel the licensing is a lot more straightforward. It's easier to understand. 

That's another thing about Check Point, I think their licensing model is very confusing. As far as the licensing goes, it's pretty complex. If anybody was to purchase the Check Point product, definitely make sure they have an account rep come on site, and explain it line by line, what each thing is. It's not straightforward. It's very convoluted. There's no way you could just figure it out by looking at it.

We're halfway there right now, with the Cisco Firewalls we're switching to. They're very capable, they work like you'd expect, simple licensing, simple upgrades. It's been a breeze with those so far. 

I would say avoid it. There are definitely better solutions out there. For the amount of headache that you get with this product, it's not like you're saving yourself any money. It's just as much, if not more, than other solutions.

When it works, it works well. But, like I said, I've never really had a stretch of time where it just worked really well for everyone. It's been a constant pain point for our organization.

We have a very robust implementation of firewalls for a central site, a contingency site, and five agencies, all connected by MPLS. In each perimeter firewall, we apply the security features of FW, IPS, AV, and AB. Additionally, we have a VPN concentrator for VPN S2S and C2S.

Over time, Check Point's solutions have had fewer security breaches than their competitors, which is why they remain in high categories and quadrants, as they are a very robust technology. As pioneers in information security, Check Point has been innovating year after year in information security.

Since we implemented this architecture in our client, we have not had any security breach exploited and the organization maintains communication with its different sites through MPLS and VPN to secure and encrypt the traffic that passes through said connection.

In addition to the different security features that Check Point security solutions have, their integration with other technologies makes the security environment a complete security type.

Apart from the technological and innovative solution, a point in favor of Check Point is the support provided by the manufacturer, since over time, we have not had any case that is not resolved, they have a good escalation process and highly qualified staff. 

The process of opening a case has different options that are convenient.

Check Point could do better to include acceleration technologies like SD-WAN in an integrated or embedded way to provide these new features that Check Point never had and is of great importance in the market.

Its competitors have this SD-WAN technology, if it were not for the fact that Check Point has been more stable historically, this value would weigh negatively for Check Point when choosing a solution.

If Check Point includes this feature, they will be able to cover those architectures where traffic between sites must be protected and accelerated.

I have been using Check Point for ten years. It is a very mature and robust technology. R81 is a very stable version and always has great security features.

I consider that they have good support engineers at each level of escalation, according to the criticality of the issue.

Positive

I do use other technologies, however, Check Point is historically more stable for me, as they have had fewer exploitable security breaches.

Check Point has a good cost-benefit ratio.

We also evaluated Fortinet, Palo Alto, and Watchguard.

I would like to see Check Point add more cloud management features and better integration with LAN software-defined networking. 

I rate Check Point eight out of 10 for stability. 

Check Point is definitely scalable.

It really depends on the customer's deployment and environment, but we often mix and match firewalls. Check Point is more expensive but easier to manage, and their presales and after-sale support are way better than Fortinet's.

Check Point is more complicated to deploy than Fortinet.

Check Point needs to lower its price drastically, and the licensing model is very complex.

I rate Check Point NGFW nine out of 10. I would only recommend it for medium to large enterprises.

I support multiple environments in Brazil, including banks, schools, government, and the military, mostly with on-premise equipment. Some of these environments had more than 30 Check Point NGFW clusters and some of these have 4 on-premise appliances on each cluster, using the full capabilities of the Check Point Blades.

Using the firewall blades, and the threat prevention blades, we can provide big security for our customers. In the lo4j case, Check Point acts fast and all of the systems are already protected from the threat.

My organization already used Check Point before I arrived, however, compared with open-source firewalls, is in another tier. The usability and maintenance are so much better.

The management in Check Point is exceptional. The Smartconsole feature centralizes the management features, reports, log visualizing, rules, objects, et cetera.

The Check Point could use more time to upgrade the VPN configurations console. At the moment it is not easy to configure some VPN S2S in Check Point. You need to keep opening several groups, objects, and options to configure one simple VPN.

I've used the solution for one year.

The stability is very good!

The scalability is very good.

The initial levels of support are not that good. 

Positive

We used pfSense and suggest just to go for the corporative product.

I don't have insights about the pricing for Check Point.

We did not evaluate other options. 

The need to get faster bug resolving issues. For example, the R80.40 has so many bugs at the moment. 

I use Check Point NGFW for controlling traffic and controlling access to the production server. It is a HA (high availability) environment. It is easy to use failover solutions.

We use it on our disaster recovery (DR Site) and it runs smoothly.

In the office, Check Point Infinity is the only fully consolidated cybersecurity architecture that protects your business and IT infrastructure.

Integrating the most advanced threat prevention and consolidated management, the security gateway appliance is designed to prevent any cyber attack, reduce complexity, and lower costs.

Check Point gateways provide superior security beyond any Next-Generation Firewall (NGFW).

Best designed for network protection, these gateways are the best at preventing the fifth generation of cyber attacks.

Overall, for us, it improves the private cloud security and helps to prevent the spread of threats while consolidating visibility and management across our physical and virtual networks.

The most valuable feature is the next-generation firewall (NGFW) protection.

Check Point has long been a leader in the firewall market. It offers Quantum Security Gateways for a wide range of use cases and CloudGuard FWaaS and cloud security products too. NSS Labs scored Check Point just behind Palo Alto in security effectiveness and ahead of Palo Alto in TCO. Check Point’s management features are among the best in the business, but SD-WAN capabilities are lagging.

A firewall rule is the same on all systems, and I am very happy with the correlation and the display of the rules.

From the logs, you can trace back to the rule with a click, which makes it easy to investigate cases. It is also easy to search the log.

They have few predefined reports and it would be nice to increase them since the logs are excellent.

They should be quicker to release fixes for known vulnerabilities, including those related to Microsoft products.

If you make a mistake when creating rules, it is time-consuming to fix them. However, there is no problem with traffic processing. 

Sometimes you are forced to interact on several different levels. On the one hand, you put the rules in, and on the other, you put in the route. 

I have been using Check Point NGFW for between five and six years.

They have a good support team that is fast to respond. However, there are open cases that should be resolved in a more timely fashion.

We used another solution prior to this one, but the updates were too slow and it was harder to monitor the log.

The initial setup is very hard.

The vendor implemented this product for us.

This product is a good investment and I expect a full return in approximately three years.

The price of the appliance should be decreased.

 I evaluated several other solutions and compared them before choosing Check Point.

This is a product that I recommend.

The primary use is to segregate the environment internally to create a lab environment and a production environment, for example. We also use them to protect the company from the internet and when going to the internet; to protect the perimeter of the company. We use them to create a VPN with customers and clients, and with the other companies that belong to the group.

We work with 1200s, 1500s, 4000s, and 5000s.

With this firewall on the perimeter, we detect a lot of attacks with the IPS and the antivirus blades. With the SmartLog for our team that operates the solution, we have a very intuitive way of searching the logs and seeing events, when compared to other vendors that we also have. This is the biggest advantage of the Check Point compared to competitors.

We have a lot of Check Point firewalls and a lot of Fortinet firewalls. The biggest advantage of the Check Point for us is that daily operations are much easier. That includes working with policies, checking and searching logs, dragging objects on the policies and searching where objects are used. All of that is easier in the SmartConsole than doing it on a browser, as the competitors do.

The most valuable features are the

• security blades 
• ease of managing the policies, searching log for events, and correlating them.

Upgrades and debugging of the operating system, as well as the backups and restores of configuration, need improvement. 

Debugging is very complex when compared to Fortinet, for example. That's the worst thing about Check Point. The deployment of the solution is harder than it is with the competitors. But after you've deployed it, the operation is easy.

I have been using Check Point firewalls for about eight years.

They are very stable. We usually deploy them in clusters, in front of the node. We always have the other one functioning and we have never had an occasion in which one failed and the other also failed. We also have support for the hardware. But regarding their functioning, we are very satisfied. We have never had a big outage because the two members of a cluster went down. They are very good in terms of stability.

We have some firewalls with the VSX functionality which allows us to add more virtual firewalls to the same physical cluster. That allows for scalability. But when compared to Fortinet, the way to have more than one virtual firewall on the same cluster is much harder.

It's very scalable if we have the VSX license for Check Point, which we have in some places. But it's much more complex than adding to the FortiGate. So it's scalable, but it's not easy to work with VSX, especially compared to the competitor.

Our usage should be increasing weekly because our company is buying other companies constantly and we need to deploy firewalls on the companies we buy. It shouldn't increase a lot, though, just a bit.

We have about 1,000 users crossing the firewalls and 10 network admins.

The technical support is good in general, but it's better if you call and you are answered by the headquarters back in Israel. We notice a difference if we call at different times and we go through Canada or some other country. It's not bad, but we notice a bit of a difference in the way they handle the tickets and the knowledge they have.

We usually try to open tickets when we know that the office in Israel is open and they are taking the tickets. But there are some times that we can't do that. The others are not bad, but for some stuff we need quicker support and we feel we are being handled better on the Israeli side.

The initial setup is complex and when you have issues, it's more complex. 

To create a cluster or to add a new firewall to the Manager, or when, for example, you want to add a license for IPS or for antivirus, there are often problems with that because it doesn't recognize the license. We end up having to call support. With Fortinet, that kind of initial setup of the firewall is always straightforward.

Now that we have a lot of experience it takes us two days, at the most, to deploy a Check Point firewall, if we don't run into problems with the license.

We are not at the data center, so we need to ask the data center guys to mount the firewall where we need it and to patch it. Then we access it via a console cable, remotely. We have equipment that allows us to do that. We do the initial config via the GUI, and then we add the firewall to the Manager and we start deploying the policies.

We implement the firewalls ourselves.

The return on our investment with Check Point firewalls is that we are secure and that we haven't had any attacks that have had a big impact or that were successful. If we had been paying a lot and were being targeted to the same extent, I would say no, that we have not had a return on investment, but at this stage it's a "yes."

In the past, when Fortinet was a young company, the price point of Fortinet was very low compared to Check Point. But at this stage, our experience is that the pricing is almost the same. The pricing of Check Point is fair when compared to others.

The only additional cost we have with Check Point is when we need to do a big migration. Sometimes we need a third-party company, but this is not usual. It's only for big migrations that we sometimes have support from an external company. The last time we needed something like that was two years ago.

Half of our environment is with Check Point and the other half is with Fortinet. We don't have a strategy of giving everything to one vendor; we like to have both.

If the person implementing it doesn't have much experience in how the solution works, with the Manager and connecting the firewall to it, and using the SmartConsole, they should try to go through the CCSA materials for Check Point certification. Check Point is easy to work with on a daily basis. Sometimes we get new people working here and they can add rules straight away on the policies and push policies. But if they need to deploy a firewall and they are not used to Check Point and how it works and the components, it's not that straightforward. With competitors like Fortinet, you just have to access the HTTPS of the FortiGate and it's like configuring a router, which is much easier. With Check Point, you need to read some manuals before you start deploying the firewall.

The biggest lesson I have learned from using Check Point firewalls is that if you lose the Manager you lose the ability to manage the firewall policies, which is, in my opinion, the biggest difference when compared to other vendors. Because, for example, if the Manager stops working and the server where you have the Manager gets stuck, you have no way of managing the policies directly on the firewall.