Check Point NGFW Reviews

We use Check Point NGFW as a perimeter NAT Gateway with the security features, it helps us to prevent hackers. We implement Check Point-based infrastructures for our customers. In most cases, this is the same perimeter gateway and internal segmentation firewalls. Many of our customers also using the VPN feature to organize remote access to the company's assets for employees, especially in the COVID period, and to connect their branch offices to the base infrastructure. Environments are differing from one out customer to another, but these are primary use cases. 

We catch much more malware and spam with incoming traffic, and now we are more protected with our environment. For our customers, this is always a surprise, when we are running a pilot project - how mush malware and attacks we catch during the two weeks period. Check Point has a great report called "Security Check Up", that show these results on informative charts. In our region, our customers use primarily local solutions, that has no good security features inside. Check Point has a certification there, which allows them to work in our region and make the world safer. 

AV, IPS, AntiSpam, Sandbox. That's gentlemen set for any basic security, and it was implemented very well. In our reports, the most exciting results belong to AV and IPS. It can be explained by using ThreatCloud - a global knowledge base, which accumulates signatures for all existing and new coming malware, and all the Check Point solutions are always up to date with potential threats. When we using sandbox with Sandblast agent, often there are not real-world exciting results, but when we show a solution in work with existing samples, it also shows good results. 

I hope for product simplification. It would be better to use one security console, instead of many of them (for licensing and monitoring). The solution is hard for newcomers and takes much time to deep in. Also, I want a historical graph for throughput and system resources usage. Maybe it will be great to make easy step-by-step installation and configuration cookbooks as Fortinet did, and integrate the documentation within the solution. In most cases, the solution works great and I recommend it for our customers.

3 years.

Everyone falls sometimes. I recommend using high availability or at least two power blocks. 

Nice, easy to connect and implement high availability.

Support is great, we solved cases with solution integrations easily.

We are using many solutions at the same time. Just to be closer to our customers. 

Initial is very easy. Further - harder.

In-house

12 months.

NGTP is easy and strong. If you need the best security - use SanbBlast in addition.

We always check security options before implementing them to customers.

Good solution - I recommend it. 

We primarily use this solution for routing and the protection of our internal corporate network.

The most valuable feature is the management using the Single Pane of Glass.

The user interface for management could be improved.

In the future, I would like to see support for SD-WAN capabilities.

I have been working with the Check Point Next-Generation firewall for four years.

I would like to see better stability in newly-released versions.

The scalability is very good.

Dealing with the support team in Israel can be a struggle because of the difference in working hours, holidays, and priorities.

I would with firewall solutions from several vendors including Palo Alto, Fortinet, and Meraki.

My advice for anybody who is implementing this solution is to ensure that they have good support from local experts. The biggest lesson that I have learned from using this product has to do with the capabilities of the smallest models. Care should be taken to select the appropriate one for your environment.

I would rate this solution an eight out of ten.

We are a system integrator and the Check Point Next-Generation Firewall is one of the solutions that we implement for our clients. It is primarily used for data protection, VPNs, and sandboxing. We also use it in our own data center.

The most valuable features are application control, regulation, and threat prevention.

Compliance and centralized management can be improved.

I have been using the Check Point NGFW for perhaps ten years.

This firewall runs 24 hours a day and it is stable.

It scales okay because they are SCADA compliant and follow the industry standards. It is best suited to enterprise-level organizations.

Technical support is located in Prague, Israel, and America. The support is good and they are quick.

We have also worked with Fortinet a little bit. We switched to Check Point because our team is a perfect fit for it. We know the solution well.

The length of time required for deployment depends on the size of the environment. Our largest solution took us between 10 and 20 days.

We have a contract with the vendor to implement and deploy this solution for customers. There are three engineers on the staff who are responsible for maintenance and support, including dealing with tickets.

In total, working with this solution, we have four engineers and two junior administrators.

It is quite an expensive product, although security is a top priority. For people who want security, the price is not a problem, and everything is included in the price of the license.

This is the number one, best firewall on the market. My biggest complaint is that the centralized management has to be improved.

I would rate this solution a ten out of ten.

I am a Check Point distributor and the Next-Generation Firewall is one of the products that I am dealing with. My customers use this as part of their security solution that covers mobile devices, computers, their network, cloud, SD-WAN, IoT devices, IP phones, IP cameras, and others.

Checkpoint has provided Security to the entire data center. 

This is a feature-rich product and all of them are useful.

The most valuable feature is the Stateful Inspection, which was developed by Check Point.

The throughput is very good with Check Point. Checkpoint ThreatCloud is the largest threat intelligence database. 

Checkpoint management is a single pane of glass from where you can manage all the CP solutions from a single point be it on-prem or cloud or hybrid.

There is always room for improvement and CP Dev team is on right path.

I have been working with Check Point firewalls for more than five years.

This is a stable firewall. It is very good.

Scalability and throughput are very high. They have also launched a solution called Check Point Maestro, which provides cloud-level scalability on-premises. This makes it very scalable.

My customers use firewall products from several vendors, including Sophos. Sometimes they replace their existing firewalls, and at other times, they run Check Point in parallel.

The initial setup is very simple. This solution can be installed on-premises or on the cloud.

It takes between 30 and 45 minutes to deploy.

Our in-house team does the installation for our clients. We also handle support, depending on what level of support the client has. Sometimes, they go directly to the OEM.

Until earlier this year, the consolidated management was application-based and required installation. As of recently, they have launched web-based management, as well as cloud-based management. This is an upgrade that I had been waiting for because we no longer have to go to the dashboard. Instead, we just enter the IP into chrome and you get the dashboard on the web page, without having to install anything.

This is a very good product, although there is always room for improvement.

I would rate this solution a nine out of ten.

We use Checkpoint Firewalls to protect Datacenter VLANs against each other. In addition, we use them to protect our perimeter systems from the internet, and our internal network from the perimeter.

We have virtualized the systems on a VSX-Cluster using VSLS, but the basics are still the same compared to a traditional cluster. VSX gives us a bit more flexibility in the case of load-sharing. Therefore, it’s quite easy to react in the case of heavily used hardware distributing the load by failover or prioritizing VSs onto different nodes.

The biggest improvement is the central logging and management of all firewalls. Other IT-departments can get log-access and search for their own if there are missing rules or other issues.

Since we use Identity Awareness the solution becomes more flexible, as users no longer need static IPs. Especially for IT-users, who always need more rights, it was a big improvement.

Implementing Wi-Fi makes it nearly impossible to work without Identity Awareness. Unfortunately, we fought with some bugs in the IA-module, but we got them solved.

R80 management has improved and made the product more comfortable for IT people to use.

Filtering through rules and finding similar ones to add additional objects becomes much faster.

With an additional hotfix starting from R80.10, we are able to use the management with Ansible. From R80 on, we started creating objects via script or adding them to groups. That makes some parts “automatic”, or at least much faster.

With the new SmartTask offered in R80.40, we will be happy to configure some automatic control-functions.

The Check Point support needs a lot of improvement. We spend a lot of time troubleshooting issues ourselves, create good ticket descriptions, and try to explain in detail what has already been tested. Even so, it takes at least three ticket-updates before support really understands the issue. If you manage to reach the third-level support, you are still forced to be really critical of what kind of suggestions Check Point support is offering you. Running debugs on a test environment is quite different than running them in a heavily used production environment.

We have been using Check Point firewalls for 16 years.

The Check Point NGFW is the best product that I have ever used. It has pluses and minuses, as do others, but the usability, simplicity, and the configuration abilities are very user-friendly. After a while, other vendors just don’t come close to it.

The second thing is that is just works and it does it with ease. The upgrades and bug fixes are frequent and well documented. Also, the patches just work ;-)

There are some negatives but as I already said, they aren’t many and from my point of view, we can see past them.

It has made our lives and working in the company a lot easier. We have a better overview of the logs and what happens with the traffic in our company. Which means that the search for the certain logs is easy, quick and smooth. The overview of the logs is also very good as it is very detailed. The installation is allot quicker as it was before what also helps us with the implementation of the firewall rules. The rule consolidation is also very important as we have more than 60 fw rule change requests per day.

The rules are very easy to deploy and can be optimized pretty quickly. The R80 has a great feature on how the rules are processed, which costs less in terms of CPU and threads than it did before.

The features that are integrated into the firewall are very useful for our everyday use. Examples of these are the log manager, the firewall monitor commands, and the Linux commands. These are all very useful and helpful.

The VPN tunnels are easy to set up once you understand how they have to be configured.

One of the main features that need improvement is the rule filter export. All of the other vendors can export the filtered IPS as a PDF or CSV file, but with the smart dashboard, it’s just not possible. One can only export the whole rule base and then search for the IPS, which is super time-consuming as you can’t send the whole rule base to a customer. You would get weird questions about certain rules, why they are deployed or configured as they are, and maybe even get unwanted tips on how to change them.

We have been using Check Point NGFW for eight years.

In terms of stability, this solution is very good.

The scalability is high.

The technical support is very good.

We did not use another solution prior to this one.

The initial setup is very easy.

I implemented and deployed Check Point NGFW alone.

Maybe the pricing is a bit high but you get the durability and the duration.

We evaluated Palo Alto and Cisco ASA.

The management of our company requires a firewall implementation. We use Check Point to complete the network compliance rules.

We use Check Point NGFW for compliance. The initial request leads to secondary requests. By the time you have recognition, there is recollection. For the main service, it's collection.

The feature we have found to be the most valuable is the management firewall. 

This product has room for improvement in technical support for Africa. There are some problems with African countries. We also need to provide excellent services. 

The additional feature I would most like to see included in the next release of this solution is removal management.

The stability of the solution is quite good. It has a great GUI and it's comfortable. I love the content. Of course, you also have great support.

The new version is highly scalable. Now all of our users depend on the firewall. We have about 150 users. We require two staff for deployment and management.

We previously used Sophos. We switched for more security. 

The initial setup was straightforward. Our deployment took two or three weeks. Deploying the first one was two weeks, but the other ones were around one week.

For the first setup, I used a consultant. For the second one, I didn't. We didn't need one.

Licensing costs for this solution are on a yearly basis.

On a scale from one to 10, I would rate this product a nine. Nobody's perfect.