We changed our name from IT Central Station: Here's why
User at a financial services firm with 10,001+ employees
User
Top 20
Stable with good virtualization and excellent perimeter security solutions
Pros and Cons
  • "The sales, pre-sales, professional services, and tech support are all very nice."
  • "I feel the only thing that I see as a possible improvement in Check Point software is the lack of ability to create "static discard routes" which makes it difficult for NAT ranges to be advertised via BGP to neighbors."

What is our primary use case?

I have been designing, deploying, implementing, and operating Check Point's Security solutions including NGFWs and EndPoint security as well as Remote Access VPNs, Intrusion Prevention systems, URL filtering, user identity, UTMs, et cetera, for around 12 years. 

I have also used VSX and MDS/MDLS solutions. In my organisation I am using over 150 virtual and physical appliances and also MDS for virtualized/contanerized central configuration management and also central log management MDLS/MLM. We are using this not just for NGFW but also for other Perimeter security solutions.

How has it helped my organization?

This solution has helped keep the security posture of my organization in the best possible shape. Check Point's solutions stay a cut above its competitors to make sure your IT infra Cyber is safe from both known as well as zero-day attacks and malware. 

From an operations point of view, Check Point solutions are the best in terms of providing central configuration management and also central log correlation and management. Additionally, Check Point's virtualization solutions around VSX are super-efficient and very stable.

What is most valuable?

I found Check Point's software ability to provide for all the perimeter security solutions including next-generation firewalls, intrusion prevention systems, identity and access management, and URL filtering. They are all excellent. Check Point's Central configuration management, central log correlation, and management solution are a cut above the other vendors and are the best in the industry. Check Point's virtualization solutions are also very efficient and can be scaled. They are highly stable solutions (MDS/Domain Managers & MDLS).

What needs improvement?

To be very very honest, I do not see any major gap or improvement area for any of Check Point Cybersecurity solutions, whether it's your enterprise be cloud-based only, on-prem (Private cloud or Legacy infrastructure), or hybrid infrastructure. Check Point's solutions are highly cost-efficient, have low OPEX costs, are very stable, are safe and secure, and helps maintain the enterprise's security posture. 

Check Point's security solutions are a cut above the other vendors, not just today but for the last 30 years. Without having to mention any gaps, Check Point's development team works hard to stay ahead of technology in the cybersecurity space.

I feel the only thing that I see as a possible improvement in Check Point software is the lack of ability to create "static discard routes" which makes it difficult for NAT ranges to be advertised via BGP to neighbors. Although Check Point has an alternative of creating a dummy interface to introduce "directly connected" routes for NAT ranges so that they could then be advertised up/downstream, having the ability to do so using "static discards" would be a great thing to have.

For how long have I used the solution?

I've worked with the solution for a little over 12 years.

What do I think about the stability of the solution?

The product is very stable.

What do I think about the scalability of the solution?

The solution is highly scalable.

How are customer service and technical support?

The sales, pre-sales, professional services, and tech support are all very nice.

Which solution did I use previously and why did I switch?

Yes, and we switched because Check Point proved to be more reliable.

How was the initial setup?

The initial setup is absolutely straightforward.

What about the implementation team?

We implemented it through an in-house team.

What was our ROI?

Every dollar spent is worth it.

Which other solutions did I evaluate?

Yes, we looked at Cisco, Juniper, and Palo Alto.

What other advice do I have?

Not at the moment.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Westpac Banking Corporation Sydney Australia
Flag as inappropriate
Service Manager at a construction company with 10,001+ employees
Real User
Top 10
Effective firewall performance, plenty of features, and scalable
Pros and Cons
  • "Check Point NGFW provides a bunch of different products or Blades, as they call it in Check Point. The firewall engine is what we use the most but we also use the IPS IDS and Anti-Bot features. The solution provides many features."
  • "The management of memory in the hardware needs to improve. They have had a lot of issues with memory leakage."

What is our primary use case?

We use Check Point NGFW mainly for a perimeter firewall for ingress and egress traffic control, firewalling, but we also use a lot of other functions within the NGFW capability.

What is most valuable?

Check Point NGFW provides a bunch of different products or Blades, as they call it in Check Point. The firewall engine is what we use the most but we also use the IPS IDS and Anti-Bot features. The solution provides many features.

What needs improvement?

The management of memory in the hardware needs to improve. They have had a lot of issues with memory leakage.

For how long have I used the solution?

I have been using Check Point NGFW for approximately 10 years.

What do I think about the stability of the solution?

The solution is mostly stable. However, we have these memory issues from time to time, that cripple the performance occasionally, but other than that, they are very stable.

What do I think about the scalability of the solution?

The solution is scalable and it is easy to do.

How are customer service and support?

Overall the technical support is very good. If we have an operational issue, they can sometimes be a bit slow in responding. Other than this, I have nothing to complain about.

How was the initial setup?

I was not around when the implementation was completed but using my experience in these global scenarios, there's always complexity, there probably was some complexity involved.

What about the implementation team?

Check Point NGFW requires security and OS patching, and life cycle management. Every three to five years you need to replace the hardware. We have a dedicated team that does the maintenance of the solution.

It's hard to say exactly how many people are involved in implementing and maintaining the solution because some of the work is outsourced, but I would say it's a team of approximately between 10 and 20 people.

What's my experience with pricing, setup cost, and licensing?

When comparing the price of Check Point NGFW to other solutions it's difficult to compare because even though everything is included in the Fortinet price, there are large differences between the models. You need to go to a quite expensive Fortinet firewall to receive the same throughput and functionality as in a Check Point firewall. In the end, they are quite similar in price, Fortinet might be a bit cheaper.

Which other solutions did I evaluate?

I have used other solutions, such as Fortinet and Palo Alto.

I'm not sure that there are many differences between Check Point NGFW, Fortinet, and Palo Alto. I haven't used any Fortinet solutions myself, I'm not sure exactly how they work, but I would say that, from a management perspective, both of them are quite similar. Operational-wise, Check Point NGFW is a bit more stable and has a more mature operating system, at least the model that we are using. 

The only difference in functions is how they have branded the firewalls because, in Fortinet, you receive all the functionality for the same price as the firewall itself. Everything is included. However, with Check Point, you buy the hardware separately, and then you buy the different plates that you need and the different licenses for the functions that you need. It's a bit more complex license-wise with Check Point.

What other advice do I have?

When you implement anything in an environment you need to have a good design to begin with, you do not want to have to rebuild it after you have implemented it. It is important to
be thorough in preparations and planning.

I would recommend this solution to others.

I rate Check Point NGFW an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
563,327 professionals have used our research since 2012.
Leandro Oliveira
Infrastructure Manager at trt18
Real User
Top 10
Very good security especially where high bandwidth is needed
Pros and Cons
  • "I use it as well as a VM. We use it a lot because we have all fiber optic connections, so we could use almost all of that. The federation is beautiful because I can transfer all traffic to my main site where I can use just one link to the internet, and I can use it as a proxy as well. It is good to keep control and security."
  • "In terms of what could be improved, we have a cluster with two nodes and usually we have some problems when process gets really high and it has to choose which services it keeps going. I would like to have a better solution here, like if instead of just one we could use both at the same time. It would be good if it could work together. Then when one has a failure or something like that, the other one is there to transfer, to take all the services and keep working."

What is our primary use case?

I use the solution for VPN mostly, for the IDS and prevention and detection. I use it for security exploits, like HTTPS exploits.

I also use Check Point NGFW as a federation. I use it to connect to my other sites. We have five of them, mostly in cities where we need a high bandwidth.

What is most valuable?

I use it as well as a VM. We use it a lot because we have all fiber optic connections, so we could use almost all of that. The federation is beautiful because I can transfer all traffic to my main site where I can use just one link to the internet, and I can use it as a proxy as well. It is good to keep control and security.

What needs improvement?

In terms of what could be improved, we have a cluster with two nodes and usually we have some problems when process gets really high and it has to choose which services it keeps going. I would like to have a better solution here, like if instead of just one we could use both at the same time. It would be good if it could work together. Then when one has a failure or something like that, the other one is there to transfer, to take all the services and keep working. They have an integration between the nodes but I would like to use both of them working together. In the solution they could both be active, instead of active and passive. I would like them to add backup features to Check Point Firewall.

Many companies are going to the cloud. In future releases, it would be nice to have a cloud integration so we could work in a hybrid form for some years, like some services in the cloud and others on-premises. So it would be nice to have some features in this sense.

For how long have I used the solution?

I've been using Check Point NGFW since 2018. For two years now.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

I couldn't tell you about the scalability. I don't know. I know that we can use a federation, but I think it is scalable because we can buy additional licenses. As I mentioned, right now we have five working together, but we can buy until 50 or a 100, so I guess that it is scalable because you can keep increasing.

How was the initial setup?

The initial setup is hard. We came from another Cisco solution and even then it is hard, especially talking about the traffic. So we had to inspect the traffic and sometimes we had to do a lot of configurations. It would be nice if it was easier.

It took about three months to deploy.

It would be nice if it was easier to set up and to maintain.

What's my experience with pricing, setup cost, and licensing?

Right now we keep a contract with a company in Brazil, so we hardly talk to Check Point itself and we don't like it very much. In most cases we have to search and look into the database to really find the solution, so it could be better.

What other advice do I have?

I'd say that Check Point NGFW is a good product but it's hard to set up and keep it going, so we had to invest in some training and we have to keep at least two employees just to keep it working.

On a scale of one to ten, I would give Check Point NGFW an eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Networking engineer at Hewlett Packard Enterprise
Vendor
Great Identity-Based Inspection Control with pleasant technical support and good scalability
Pros and Cons
  • "The Identity-Based Inspection Control gives us the ability to leverage the organization’s Microsoft AD, LDAP, RADIUS, and Cisco pxGrid."
  • "With the increase of volume of traffic, the required resource/hardware to properly run goes up. Therefore, the hardware engineering to architecture flow has to be more efficient."

What is our primary use case?

Working in an MSP environment, there are more than a hundred firewalls and we use Check Point NGFW firewall which is mainly implemented as perimeter security and internal segmentation firewall. 

Due to our requirements, we implement site-to-site VPN between clients and cloud providers (AWS/Goggle/Azure). The centralized managed infrastructure makes it simple for the IT staff to operate and monitor the firewalls. 

The Smart Console provides a single pane of glass that allows the IT staff to easily manage the environment and troubleshoot issues.

How has it helped my organization?

The Smart Console provides a single pane of glass that allows the IT staff to easily manage the environment and troubleshoot issues. 

The UI decreases the hours required to complete a task. It also incorporates compliance and audit control validation into the system. 

IT staff can construct a single policy across all enforcement points in the Infinity architecture. 

There's a unified policy table that combines threat prevention and segmentation policies. 

SmartEvent allows consolidated event management and export.

What is most valuable?

The Identity-Based Inspection Control gives us the ability to leverage the organization’s Microsoft AD, LDAP, RADIUS, and Cisco pxGrid. 

The Terminal Servers group membership allows policies to automate typical processes (user moves/add/changes) and decrease configuration changes required on the firewall, which is tremendously beneficial. This limits the integration with the identity store to just one interface, and we still get broad security coverage based on a single set of identity policies. 

We leverage the combination of identity and application awareness, which is mandatory in order to build scalable security policies that protect the business without compromising user experience. This feature is extended to the SmartEvent console.

What needs improvement?

The SmartEvent blade has a huge number of security events/logs. We are trying to find correlation with the help of the SmartEvent blade, however, it may impact the performance of our Check Point management server. It requires additional licenses for Check Point management servers. It should be inbuilt within the management server.

With the increase of volume of traffic, the required resource/hardware to properly run goes up. Therefore, the hardware engineering to architecture flow has to be more efficient.

For how long have I used the solution?

I've used the solution actively since 2008.

What do I think about the stability of the solution?

There were moments of where it did struggle when the rules were not properly maintained meaning that rules clean up exercise has to be performed annually to prune out rules no longer being use to allow the firewall to function more efficiently.

What do I think about the scalability of the solution?

Overall, the product handles a production workload like a champ.

How are customer service and support?

Customer service was pleasant.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Working in an MSP, we have multiple vendors/principals of NGFWs.

How was the initial setup?

You have to work with a sales account manager to get the best price.

What about the implementation team?

You need to work with a vendor that is overall quite knowledgeable. 

What's my experience with pricing, setup cost, and licensing?

The solution should be evaluated and a trial run should be done in the lab as Check Point provides VM instances that can be installed on an open server box. Make sure to check with sales about the features and if they require additional licenses before purchasing.

Which other solutions did I evaluate?

Working in MSP, we have looked at various NGFWs. Check Point is one of them.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
IT Specialist at a tech services company with 10,001+ employees
Real User
Top 10
Protects our environment with security checks against vulnerabilities
Pros and Cons
  • "We like the centralized management for configuring multiple firewalls. It also gives us the Antivirus, threat prevention, and vulnerability tests. These four features protect the environment with security checks. Vulnerability tests allow us to configure changes that can protect the environment."
  • "The Antivirus feature is something that could be improved. We don't get much from the Antivirus update in comparison to their competitor's firewalls. It needs to be more advanced because Check Point is nowadays sent all over the world. Therefore, the Antivirus feature should be of very good quality and cover all virus checks. I would also like the Antivirus updates to be more frequent."

What is our primary use case?

We use it to provide security to our environment from the outside world. We are using it to provide security against vulnerabilities using threat prevention, Antivirus, and IPS.

How has it helped my organization?

In advance, we get security vulnerabilities. So, we can configure new security policies, update our antivirus, or check the configuration to protect the environment.

What is most valuable?

We like the centralized management for configuring multiple firewalls. It also gives us the Antivirus, threat prevention, and vulnerability tests. These four features protect the environment with security checks. Vulnerability tests allow us to configure changes that can protect the environment.

What needs improvement?

The Antivirus feature is something that could be improved. We don't get much from the Antivirus update in comparison to their competitor's firewalls. It needs to be more advanced because Check Point is nowadays sent all over the world. Therefore, the Antivirus feature should be of very good quality and cover all virus checks. I would also like the Antivirus updates to be more frequent.

For how long have I used the solution?

I have been working with it for the last seven years.

What do I think about the stability of the solution?

It is a very stable firewall. The updates that we get from this Check Point Firewall are also very stable. 

What do I think about the scalability of the solution?

The scalability is good.

There are more than 10,000 users. The Check Point Firewall is deployed through the company.

How are customer service and technical support?

All their technical people are very solid in their knowledge.

Which solution did I use previously and why did I switch?

I have used Cisco ASA and FTD. We switched from Cisco ASA to Check Point because there were no antivirus, vulnerabilities, or security prevention features. Check Point has more advance features, which are easier to use, than Cisco.

We also had to install IPS devices with Cisco.

How was the initial setup?

The initial setup was straightforward. It was not too difficult to deploy the Check Point firewall. Deployment takes between 12 to 15 months.

We have done a cloud-based deployment throughout our network.

What about the implementation team?

We did the deployment ourselves. We have onsite specialists who have done many deployments.

20 people take care of the deployment and troubleshooting of this firewall.

What was our ROI?

There is a money saving because we no longer require other devices, like an IPS, a separate antivirus, or vulnerability tests. We get all the devices within a single tool. Before, we would have different teams taking care of different devices. Now, we take care of only one device, which is another source of savings. We have saved a lot of money with this solution.

What's my experience with pricing, setup cost, and licensing?

The prices are good for its features. The benefit of its license is we get timely security prevention updates. The price is good for the technology that we get.

What other advice do I have?

This is a good solution. I would recommend to take advantage of as many features as you can. It has many features, and to protect security, you should use all the best features that you can.

As soon as the company will grow, we will definitely increase our usage of the firewall. We have already increased our usage due to employees working from home.

The biggest lesson that I learned is we can use the features of a firewall security to protect our environment. Also, rather than deploying multiple firewalls, we can configure a centralized management system, and this saves time.

I would rate this solution an eight out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Senior Network Security Engineer at a tech services company with 1,001-5,000 employees
Real User
Top 10
Great for content filtering and enabling anti-bots and IPS enabled security
Pros and Cons
  • "The security posture assessment with two-factor authentication has saved more time and commercial costs by avoiding deploying having to deploy another solution."
  • "Initially, we faced a few challenges with firmware. Later this was addressed with jumbo hotfixes."

What is our primary use case?

We wanted to deploy a specialized Next-Generation Firewall in our perimeter security.

The solution addresses the Security requirements at Perimeter Layer including:

  1. Network IPS
  2. Application Control
  3. IPSEC VPN
  4. SSL VPN.
  5. Proxy

It was required to enable IPSEC VPN between our vendors across the world

We got positive responses on Check Point Firewalls from our vendors as well.

Our team addresses the regular audits with a Next-Generation Firewall, starting from configuration and application vulnerabilities to customized reporting.

How has it helped my organization?

We have planned to achieve many business use cases including IPS, Network AV, Content Awareness - Data Leakage Prevention, IPSEC VPNs between our peers, SSL VPN with Posture Assessment, and Web Proxy as well.

This solution addressed most of our needs but required multiple license subscriptions.

Below are the few Business use cases we achieved through Check Point NGFW:

  1. SSL VPN with Security Posture Assessment
  2. SSL VPN with In-build Multi-Factor Authentication Option (Certificate + User Credentials)
  3. Content Filtering (Identity Awareness and DLP)
  4. Forward Proxy with Web and Application Control
  5. Enabling Anti-Bots and IPS

What is most valuable?

The SSL VPN with posture assessment helped us to remove the dedicated Standalone SSL VPN solution which was benefited both commercially and technically.

Anti-Bots and IPS enabled security on the network traffic.

Along with VPN and Proxy (Web and application control), we removed another standalone proxy for internal use and extended the content filtering to roaming users as well.

The security posture assessment with two-factor authentication has saved more time and commercial costs by avoiding deploying having to deploy another solution.

What needs improvement?

It took so many weeks to migrate our old firewall to Check Point after we did internal and external assessments on earlier setups and enabled multiple security features.

We had difficulty configuring the NAT. For example, instead of following A-B-C, we need to do A-C-B

Initially, we faced a few challenges with firmware. Later this was addressed with jumbo hotfixes.

We tried to create a single management software to manage the policies, view the logs, have a mobile access VPN, and do reporting.

Please concentrate on local services enablement for faster resolutions.

For how long have I used the solution?

We have been using this solution since July 2020.

What do I think about the stability of the solution?

Initially, we faced a few challenges with the firmware. We later addressed this with help of jumbo and custom hotfixes. Later, it performed well.

What do I think about the scalability of the solution?

The solution is scalable in terms of enabling the features and deploying management servers.

How are customer service and support?

We would recommend they have regular feedback sessions with customers.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We used another firewall that enables basic security features with lot of limitations.

How was the initial setup?

We found the setup difficult in the earlier stages as our team used to work with another CLI-based solution.

What about the implementation team?

Our In-house team handled the implementation. 

What's my experience with pricing, setup cost, and licensing?

I'd advise users to validate the licensing model during the pre-evaluation period itself. It took a few days for us to understand DLP and Mobile Access Blades that had to be procured separately along with the NGTP bundle to address our requirements.

Which other solutions did I evaluate?

We evaluated Palo Alto and FortiGate.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
DmitryPavlukhin
Security Analyst at HOST
Real User
Top 5
Enables us to catch much more malware and spam with incoming traffic, and we now are more protected with our environment
Pros and Cons
  • "AV, IPS, AntiSpam, Sandbox. That's gentlemen set for any basic security, and it was implemented very well. In our reports, the most exciting results belong to AV and IPS. It can be explained by using ThreatCloud - a global knowledge base, which accumulates signatures for all existing and new coming malware, and all the Check Point solutions are always up to date with potential threats."
  • "I hope for product simplification. It would be better to use one security console, instead of many of them (for licensing and monitoring). The solution is hard for newcomers and takes much time to deep in. Also, I want a historical graph for throughput and system resources usage. Maybe it will be great to make easy step-by-step installation and configuration cookbooks as Fortinet did, and integrate the documentation within the solution."

What is our primary use case?

We use Check Point NGFW as a perimeter NAT Gateway with the security features, it helps us to prevent hackers. We implement Check Point-based infrastructures for our customers. In most cases, this is the same perimeter gateway and internal segmentation firewalls. Many of our customers also using the VPN feature to organize remote access to the company's assets for employees, especially in the COVID period, and to connect their branch offices to the base infrastructure. Environments are differing from one out customer to another, but these are primary use cases. 

How has it helped my organization?

We catch much more malware and spam with incoming traffic, and now we are more protected with our environment. For our customers, this is always a surprise, when we are running a pilot project - how mush malware and attacks we catch during the two weeks period. Check Point has a great report called "Security Check Up", that show these results on informative charts. In our region, our customers use primarily local solutions, that has no good security features inside. Check Point has a certification there, which allows them to work in our region and make the world safer. 

What is most valuable?

AV, IPS, AntiSpam, Sandbox. That's gentlemen set for any basic security, and it was implemented very well. In our reports, the most exciting results belong to AV and IPS. It can be explained by using ThreatCloud - a global knowledge base, which accumulates signatures for all existing and new coming malware, and all the Check Point solutions are always up to date with potential threats. When we using sandbox with Sandblast agent, often there are not real-world exciting results, but when we show a solution in work with existing samples, it also shows good results. 

What needs improvement?

I hope for product simplification. It would be better to use one security console, instead of many of them (for licensing and monitoring). The solution is hard for newcomers and takes much time to deep in. Also, I want a historical graph for throughput and system resources usage. Maybe it will be great to make easy step-by-step installation and configuration cookbooks as Fortinet did, and integrate the documentation within the solution. In most cases, the solution works great and I recommend it for our customers.

For how long have I used the solution?

3 years.

What do I think about the stability of the solution?

Everyone falls sometimes. I recommend using high availability or at least two power blocks. 

What do I think about the scalability of the solution?

Nice, easy to connect and implement high availability.

How are customer service and technical support?

Support is great, we solved cases with solution integrations easily.

Which solution did I use previously and why did I switch?

We are using many solutions at the same time. Just to be closer to our customers. 

How was the initial setup?

Initial is very easy. Further - harder.

What about the implementation team?

In-house

What was our ROI?

12 months.

What's my experience with pricing, setup cost, and licensing?

NGTP is easy and strong. If you need the best security - use SanbBlast in addition.

Which other solutions did I evaluate?

We always check security options before implementing them to customers.

What other advice do I have?

Good solution - I recommend it. 

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: Our company is a Security Integrator. We are Check Point Partner and Deploy their solutions for our customers.
Swapnil Talegaonkar
Technology consultant at a tech services company with 501-1,000 employees
Real User
Top 5Leaderboard
Easy to configure and upgrade, helpful support, and it performs well
Pros and Cons
  • "The software upgrade procedure is very easy; it just needs few clicks & we are done."
  • "One of the most complicated aspects is the VPN Configuration, which should be simplified in future releases."

What is our primary use case?

We deployed a Check Point firewall on the perimeter as well as on the internal network. Both are in HA & we have enabled all threat prevention blades. All devices are 5600 & 4200. We are managing our two firewalls with two different security management servers.

Currently, we are using the R80.20 firmware version and we have a pretty simple design.

Our primary uses are firewall security, VPN, web filtering & monitoring. We have also used the TE-100X appliance for private cloud sandboxing.

How has it helped my organization?

With Check Point, we achieved redundancy but the problem was three public IP addresses that were required to be configured as HA, with two physical IPs & one virtual IP.

Our previous firewall used a single public IP but now, with Check Point using three, it became very difficult for us to make available the same segment of public IP addresses from our ISP. After many support calls, however, we found a solution.

The other option which is helpful is that there are no limits for any objects used in the policy. Our previous firewall does support limited time objects & IP address objects.

What is most valuable?

Check Point's new Smart dashboard has an all-in-one configuration interface. They provide a very easy configuration for NAT and one tick for source & destination NAT is possible.

Policies can be configured in a more organized way using a section & layered approach.

Application control has all of the required application data to introduce it into policy and the URL filtering works great, although creating regular expressions is complicated.

The software upgrade procedure is very easy; it just needs few clicks & we are done.

What needs improvement?

Check Point has both GUI (Graphical Interface) & smart dashboard, but it will be better if it sticks to either one of them. 

A threat prevention policy needs to be created in a different tab but instead, if those policies could be related to access policy then it will be easier to apply the threat prevention to our relevant traffic.

One of the most complicated aspects is the VPN Configuration, which should be simplified in future releases. The monitor tab should have a VPN tab, where we can see the current tunnel status.

For how long have I used the solution?

I have been using Check Point NGFW for more than the last three years.

What do I think about the stability of the solution?

With respect to stability, we always have ongoing support calls. We have faced lots of issues that have led to upgrading with a Hotfix.

What do I think about the scalability of the solution?

When it comes to scalability, our current Check Point is far better than our previous firewall.

How are customer service and technical support?

Technical support is very helpful & always there to help us with issues. Also, the TAC response is quick.

Which solution did I use previously and why did I switch?

Previously, we had a Fortinet firewall, which was pretty slow when it came to operations.

How was the initial setup?

The initial setup was simple.

What about the implementation team?

We implemented the firewalls with our in-house team.

What's my experience with pricing, setup cost, and licensing?

Check Point should provide some basic license for mobile access VPN by default, for at least five to ten users.

Which other solutions did I evaluate?

The only other vendor that we have evaluated is Fortinet.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.