We changed our name from IT Central Station: Here's why
Snr Information Security Analyst at The Toronto Star
User
Great compliance with good application control and a robust IPS blade
Pros and Cons
  • "We can easily check firewall configurations against any compliance standard."
  • "Support for customers really needs to improve."

What is our primary use case?

Check Point firewall is used as edge protection.

Traffic to the internet and from the internet does go through the firewall where IPS, URL, and app policies are applied.

Check Point was also used as an internal firewall to segment traffic between the data center and the user network. Basically, all traffic from any user will have to be inspected by an internal Check Point firewall before any server is accessed.

Check Point is also used for PCI-DSS credit card checks within any email sent or received. This is effective in detecting credit card numbers within any email sent by a user in error and blocks that from being exposed. 

How has it helped my organization?

The product has improved visibility into the traffic going through our network.

For all traffic leaving the network, Check Point provides the capability to inspect and permit traffic using not just ports but application IDs, which is more secure than simply permitting TCP/UDP.

Check Point has a robust IPS Blade which has added an additional layer of security on connections to the data center.

Check Point's compliance blade also helps in checking how Check Point's appliance configuration is in compliance with any requirement that we need to provide evidence for.

What is most valuable?

Check Point application control is very useful. This blade detects traffic and provides the ability to grant access based on the application and not the port as TCP/UDP can easily grant access for more than what's required.

The Check Point compliance model is also great. We can easily check firewall configurations against any compliance standard. It has made it easy to provide evidence and reports.

Check Point integrates with third-party user directories such as Microsoft Active Directory. The dynamic, identity-based policy provides granular visibility and control of users, groups, and machines and is easier to manage than static, IP-based policy.

What needs improvement?

Support for customers really needs to improve.

Check Point also needs to create a study license that will enable the customer to install a firewall (maybe with reduced connectivity) for a bit longer so that one can simulate scenarios without having to re-install it every 15 days.

We had a lot of problems with the VPN blade on the solution. We sometimes have trouble with the performance of the solution. Maybe some performance tuning options could be added in a future release.

Check Point needs to create a certification program that involves practical applications. 

For how long have I used the solution?

I've used the Check Point firewall for three years.

How are customer service and support?

Customer service really needs to improve.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used Cisco ASA for Internet-facing Web applications, however, Check Point was used at the EDGE ( all user traffic to the internet), internal firewall ( all user traffic to datacenter), all internet traffic to PCI-DSS applications instead.

What about the implementation team?

Implementation was done with the help of Check Point's professional services.

What's my experience with pricing, setup cost, and licensing?

If you have the budget, it's a good idea to go for the Check Point Firewall.

Which other solutions did I evaluate?

We also evaluated Palo Alto.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Security Administrator at R Systems
Real User
Top 20
Central management allows us to push policies to multiple firewalls
Pros and Cons
  • "The biggest thing is the central management. It is quite good and allows us to manage the different firewalls from it. We can implement and configure many firewalls and push our policies to them as well."
  • "The antivirus is not as effective as it could be because updates are not that frequent."

How has it helped my organization?

The biggest thing is the central management. It is quite good and allows us to manage the different firewalls from it. We can implement and configure many firewalls and push our policies to them as well.

What is most valuable?

One of the most valuable features is the antivirus. It's very good.

We also now support cascading objects. We didn't support this previously, but on Check Point we do.

The dashboard is quite good, you can explore a lot of features there and it's easy to understand.

It also gives us SSL inspection, which provides more effective mitigation of defects and data leakage.

What needs improvement?

The antivirus is not as effective as it could be because updates are not that frequent.

Another area for improvement is that certifications are quite expensive with Check Point.

For how long have I used the solution?

I've been using the Check Point Next Generation Firewall for the last year.

My role includes working on Check Point and Cisco ASA firewalls to make changes on them, per customer requirements or as the organization needs. I also explore new features and do troubleshooting.

What do I think about the stability of the solution?

It's quite stable. Until now, we haven't faced any issues.

What do I think about the scalability of the solution?

The Check Point 44000 and 64000 Next Generation Firewalls are designed to be quite scalable. 

How are customer service and technical support?

If we do face an issue which is not our support boundaries, we involve the Check Point TAC. They're quite technical, so they help us to resolve things. They are always helpful. They're knowledgeable and their response time is very fast.

Which solution did I use previously and why did I switch?

Previously we were working on Cisco ASA firewall which didn't support the cascading objects. Also, Cisco supports two gateways, whereas the Check Point supports up to five gateways.

We also decided to bring on Check Point because there are a lot of switches that are not supported in Cisco ASA. Also, with Cisco, IPS does not come with the firewall and we have to configure it separately. The Check Point IPS comes with it.

There are a lot of features which are not supported in the Cisco ASA Firewalls.

How was the initial setup?

The initial setup of the firewall is straightforward. I didn't find any difficulties in moving from Cisco ASA to Check Point. The dashboard is quite friendly, so it didn't take much time to learn.

Deployment took about three days.

We have different stages in our implementation process like planning, approving, implementing, checking and validating, and the last one is matching. Job roles in our organization go according to these stages the approvals. I do the planning part and my approval request goes to my team leader.

We have about 400 to 500 users. They are semi-technical or non-technical people, such as network and security engineers, who are tracking and monitoring the firewalls. If we're talking about troubleshooting we have from different levels, like L1, L2, L3.

What was our ROI?

It's saving us a notable amount of time. 

What other advice do I have?

Check Point is good. It has a lot of features which will support a lot of things in your organization, and the dashboard is quite good. There are a lot of features, such as data protection and data inspection, at a good price.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
563,327 professionals have used our research since 2012.
PLM Consultant
User
Great URL filtering, Application Control, and Intrusion Prevention
Pros and Cons
  • "Check Point NGFW generates very helpful reports based on the logs of the activated features."
  • "There have been a few requests/issues about the Identity Awareness feature."

What is our primary use case?

We first deployed Check Point for our clients. Our first client wanted to deploy the security appliances in a cluster solution for their network infrastructure solution. The NGTW chosen was the 5800 series and it was deployed as a software solution on clients' servers. Everything is going smoothly and the client seems happy with our proposal.

How has it helped my organization?

For our client, it is extremely important to protect the internal network infrastructure from any malicious attempt to break into their critical data. The NFGW cluster has been a step towards greater visibility in regards to their internal operations. The logs give a very detailed panorama of risks.

What is most valuable?

URL filtering, Application Control, and the Intrusion Prevention System are the features that almost every client wants to be guaranteed by their security appliances. 

Check Point NGFW also generates very helpful reports based on the logs of the activated features, including the features mentioned (URL filtering, Application Control, and the Intrusion Prevention System, as well as anti-bot and anti-spam). 

Sandblast is also a great feature, soon to be added to this solution through endpoints.

What needs improvement?

The appliances are quite intuitive and easy to be used. The hotfixes are useful and often released with notifications sent to the client.

There have been a few requests/issues about the Identity Awareness feature. The connection to AD, which was a request from the user, required the TAC team's support. 

For how long have I used the solution?

I've been using the solution for more than 3 years.

What do I think about the stability of the solution?

This solution is stable and its replacement will not be needed for some time. Security is a need, and as such, it should be a permanent investment.

What do I think about the scalability of the solution?

It seems pretty scalable. Scalability is one of the features that make Check Point different from other vendors. Most of the Quantum series are usable with the Maestro solution, where the client can practically add up other appliances on top of the previous one, without replacing it.

How are customer service and support?

Cases don't always get a resolution immediately, however, the TAC team is supportive and through continuous interactions and suggestions, all cases have been resolved (within 1-2 weeks when they are not urgent).

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

For our own infrastructure, Check Point was the first vendor chosen.

How was the initial setup?

The implementation is straightforward. The setup is clear and simple, much like any other software nowadays.

What about the implementation team?

We did an in-house implementation.

What was our ROI?

The biggest investment is the initial one when you purchase the solution. It needs very little maintenance, and the automation it offers makes it easy to maintain.

What's my experience with pricing, setup cost, and licensing?

The setup is easy and intuitive, and licensing has good coverage to meet the needs for most of the clients. Price is the least favorite element regarding Check Point. Its products aren't the cheapest ones in the market, however, the ratio of value to money is fair.

Which other solutions did I evaluate?

Fortinet was considered as an option as well.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer: We are users of Checkpoint for our own infrastructure, as well as Checkpoint Resellers
Flag as inappropriate
CTO at a computer software company with 11-50 employees
Real User
Top 5
Easy to configure, provides automatic isolation and notification of problem systems
Pros and Cons
  • "The way in which a computer is immediately isolated if it starts behaving badly and I get a notification of an infected computer is also extremely nice and a great feature."
  • "It would be nice to add more features to the WatchTower app to be able to perform certain administrative functions without the need for local access."

What is our primary use case?

We have a pretty small office and therefore, a small network environment, and the SMB appliances from Check Point were a perfect fit and exactly what we were looking for in order to improve our overall security posture in the office.

It was critical for us to be able to secure our network, including intrusion detection and prevention along with threat emulation and extraction for zero-day threat help, and Check Point fit perfectly.

After implementing the solution, we were able to get through a third-party penetration test of our network without issue.

How has it helped my organization?

Check Point NGFW has improved our organization by making our corporate network much more secure. Once our SMB appliance was installed, configured, and up and running, we could rest a little easier knowing that unauthorized access to our network just became much more difficult.

By turning on the various software blades, intrusion detection and prevention were in place, we had threat emulation and extraction in place, etc. It was a one-stop-shop for us and gave users on our network a certain peace of mind knowing that there was something in place to help keep them safe from malicious actors.

What is most valuable?

There are many aspects of Check Point NGFW that are valuable and important to our organization, but I'd say the top three are intrusion detection and prevention, threat emulation, and threat extraction. These three features have set a good baseline of security on top of the normal application URL filtering and other services of the firewall.

The way in which a computer is immediately isolated if it starts behaving badly and I get a notification of an infected computer is also extremely nice and a great feature.

What needs improvement?

When first looking into the Check Point offerings, it was fairly confusing trying to determine the differences between the different offerings. Specifically, SMBs versus other models, and which one would work best within my environment for my use case. I think we ended up in a good spot after speaking with a reseller in the area, but it would have been nice to be able to get there independently.

The WatchTower app that can be used to access the SMB appliance remotely is a nice touch, but it doesn't allow for many actions to be taken and therefore is relegated to mostly notifications. At that point, it requires me to gain local access to go further. It would be nice to add more features to the WatchTower app to be able to perform certain administrative functions without the need for local access. 

For how long have I used the solution?

We have been using Check Point NGFW for two years.

What do I think about the stability of the solution?

This product is stable and we have had no issues.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

How was the initial setup?

Easy setup and configuration by a non-network/security person.

What's my experience with pricing, setup cost, and licensing?

Check Point brings good value for the money and is competitive in the market.

Which other solutions did I evaluate?

We evaluated Fortinet FortiGate but Check Point seemed like a better fit for us in terms of features and value.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Principal Associate at Eurofins
User
Stable with great technical support and time-saving central management capabilities
Pros and Cons
  • "The logging and central policy management are the most valuable aspects for us as we were not having success earlier with the ASA in terms of upgrading/managing."
  • "The smart consoles could be improved."

What is our primary use case?

We primarily use the solution on all branch sites and now in DCs as well. We have more than 500 sites using Check Point NGFW in our organization. 

Earlier, we were using Cisco ASA and now it looks much better in many aspects, including upgrading/managing. I had only experience with Cisco ASA before, but after implementing this in my branch location it became quite easy to manage the firewalls remotely.

A few of our engineers use APIs to upgrade or push global changes for all regional locations which was tough to do. Now, with Check Point on board, it has eased our job as network engineers. 

How has it helped my organization?

Central management saves so much time. We were spending so much time with ASAs. I only had experience with Cisco ASA before, however, after implementing this in branch location it became quite easy to manage the firewalls remotely. 

As mentioned, a few of our engineers use APIs to upgrade or push global changes for all regional locations which were tough to manage. Now, it has eased our job as network engineers. It was a good decision by our organization.

What is most valuable?

The logging and central policy management are the most valuable aspects for us as we were not having success earlier with the ASA in terms of upgrading/managing. We are still exploring more features like IPS and IDS. We hope that these aspects will be a great experience for us as well. 

What needs improvement?

The smart consoles could be improved. Many times we have seen that smart console lags or has issues during the change. It also closes sometimes. Otherwise, the overall experience was great until now. 

As we are still exploring more features, we need more time to provide more reviews in the future. I would like to explore more with Check Point and would like to provide improvement review as we go into using the MDMS. It will be in our organization here by year-end. 

For how long have I used the solution?

I've been using the solution for three years.

What do I think about the stability of the solution?

It looks very stable as compared to others.

What do I think about the scalability of the solution?

The scalability looks great.

How are customer service and support?

A few times I reached out to support help and in no time I was able to get experts who helped me through any issue I was having. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used Cisco ASA, however, we wanted a product that was more stable with central management. 

How was the initial setup?

It was not easy to set up initially, however, we got some support from external vendors. 

What about the implementation team?

We had help through a vendor and the experience was great. 

What was our ROI?

The stability makes it all worthwhile. 

What's my experience with pricing, setup cost, and licensing?

It looks great the cost-wise for our organization. I've also suggested this product to other ex-colleagues for their companies. 

Which other solutions did I evaluate?

We did check out FortiGate and Palo Alto as well. 

What other advice do I have?

We have had a great experience so far. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Gulrez
Manager at Kotak Mahindra Bank
Real User
Top 5
Good traffic visibility, integrates well with third-party solutions, and it's easy to implement
Pros and Cons
  • "The threat emulation blade and user identity awareness feature has helped us a lot in terms of perimeter security and have given us granular visibility of user access."
  • "Right now, with a larger user database and a high number of rules, it takes a bit of time for policy installation."

What is our primary use case?

The role NGFW plays is to protect the organization against Layer 7 network attacks.

The solution has helped us to guard our perimeter security on a wider level. This is not like plain vanilla firewall. We have got a wider visibility with the help of this next-generation firewall; it shows us the traffic flowing across the network and based upon that, we have made the modifications required to restrict access.

Also, the active cluster module has helped us to balance the load during peak hours. Since moving to the active-active module, we have got the much-needed breathing space.

How has it helped my organization?

It has helped us to inspect traffic, not only with a limited protocol base but on the application/service level inspection too.

The service base access policy has provided us with a next-level restriction, which wasn't there on old school firewalls.

The integrated threat & anti-bot blade gives us protection from zero-day attacks and these can be blocked using analysis & signature matching.

The integrated intrusion prevention blade not only gives an additional level of security but also cuts down the load to manage an extra device.

What is most valuable?

The threat emulation blade and user identity awareness feature has helped us a lot in terms of perimeter security and have given us granular visibility of user access.

The integration with third-party vendors is quite easy and well defined, which really helps you with the automation.

The integration of gateways with a centralized managed server gives you full control in a single place.

The setup and implementation are quite easy and the logs and reports are elaborative and effective for securing the network.

What needs improvement?

The one area that I would like to see a change in is policy installation. Right now, with a larger user database and a high number of rules, it takes a bit of time for policy installation. There is definitely some improvement in the R80 version; however, I believe that it should not take more than one minute to refresh the database. Also, there is a significant spike in gateway resource utilization during policy installation. 

The additional blades have an impact on resource utilization, hence scope of improvement is needed here too.

For how long have I used the solution?

I am using Check Point NGFW for the past five to six years for perimeter & internal security.

What do I think about the stability of the solution?

The solution is quite stable, however some issues also observed in new version release & same is fixed through hotfix/portfix once it is highlighted to the TAC 

What do I think about the scalability of the solution?

The new hyperscale module gives you the much-needed breathing space, which the industry was looking at for quite a long time.

How are customer service and technical support?

When it comes to technical support, Check Point is on another level. The support engineers are very well versed with the solution they are managing.

How was the initial setup?

The initial setup & integration was quite easy, and the support during migration was outstanding.

What about the implementation team?

It was a collaborative effort of our in-house and vendor teams. The support was good & quite appreciable.

What was our ROI?

It's good & the same as expected.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
System Engineer at Infosys
Vendor
User-friendly with a great Smart Console and easy management capabilities
Pros and Cons
  • "Everything is easily managed through their Smart Console dashboard. It's a very easy-to-understand dashboard that provides a detailed view."
  • "While not being cheap, their pricing models are competitive. In the pricing structure, however, they need improvement."

What is our primary use case?

The Check Point firewall is a reliable perimeter security product. Check Point gives me access to explore various security features in a single box (loaded with all features that an organization needs most). 

I can say I have been using it for one year and getting a grip on it and I will always try to implement it wherever it is required. 

When it comes to Check Point, there are great security features and a marvelous inbuilt design that caters to handling all threats, including zero-day attacks and perimeter security. I really like the user-friendly interface of the Smart Console dashboard and the maximum security is integrated.

How has it helped my organization?

The intruder blocking real-time is a great feature that does not even require policy installation or committing to something. This feature enables real-time attack mitigation along with full security access which helps our organization to improve its security factors. 

IPS detection is a big plus for me since it deeply scans the packet. 

URL fileting along with application control gives me the access to manage the least privilege to maximum rights on a single click.

What is most valuable?

The product provides multiple security layers that build upon each other, from the traditional security policy that is IP and port-based to application security, intrusion prevention, and their latest sandblast cloud-based malware detection. 

Everything is easily managed through their Smart Console dashboard. It's a very easy-to-understand dashboard that provides a detailed view. Check Point helps to resolve a lot of problems, such as showing our organization all known threats. 

It is easy to deploy and manage. 

The product offers a simple Web User Interface.

What needs improvement?

While not being cheap, their pricing models are competitive. In the pricing structure, however, they need improvement. 

I would love to see an SSL offloading feature that is not there right now. I am following many forums related to Check Point and it seems like they are going to launch it very soon. SSL Offloading will be very helpful for NBFC and for financial institutes.'

The Check Point NGFW OS is a historically grown OS. It has been on the market for a long time and has many releases. It is a very complex system. All features are done in software - no extra hardware chips are installed.

For how long have I used the solution?

I have been using this solution for almost a year.

What do I think about the stability of the solution?

This solution is one of the best solutions in terms of stability.

What do I think about the scalability of the solution?

It is highly scalable.

Which solution did I use previously and why did I switch?

I have been using this solution from the start as it was recommended by my organization.

What's my experience with pricing, setup cost, and licensing?

The pricing is a little bit high, although I have no issue with the licensing or setup. It is easy to use.

Which other solutions did I evaluate?

I have stuck to this solution as I read reviews before and it was all positive in regards to Check Point NGFW. I did not use a different solution.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Ümit Güler
Consultant at KoçSistem
Real User
Top 5
Good support, improves performance, stable, and scales well
Pros and Cons
  • "One of the most valuable features is performance improvement, wherewith ClusterXL and CoreXL, you can improve performance."
  • "Check Point should include additional management choices; for example, Check Point does not offer full management support via browser."

What is our primary use case?

I'm a consultant at a Check Point partner. I have deployed a lot of Check Point firewalls and support Check Point firewalls for our customers. Our customer environments are different. I have deployed standalone, cluster, and two-layered firewalls.

How has it helped my organization?

Check Point firewall products include a lot of modules including Application Control, IPS, Email security, Mobile access, Content Awareness, URL Filtering, Antivirus, Antibot, and DLP

Check Point meets our customers' requirements at the perimeter with an all-in-one solution. For example:

  • The IPS blade prevents attacks with updated signatures.
  • URL filtering policy control customers' users' internet activity.
  • Antivirus and antibot blade controls malicious activity and files.
  • Mobile access blades allow customers to access their sites from anywhere securely.

What is most valuable?

There are a lot of features that I have found valuable for our customers.

For example, active/active and active/standby high availability features are very useful. If you want to share traffic loads to both cluster members, you can use the active/active feature, whereas if you don't want to share traffic loads then you can prefer active standby. Your connections sync on both cluster members for either highly available choice, so your connections never lost.

One of the most valuable features is performance improvement, wherewith ClusterXL and CoreXL, you can improve performance.

What needs improvement?

Check Point should include additional management choices; for example, Check Point does not offer full management support via browser.

You should use Check Point Smart Console for management, although it is an EXE and is supported only on the MS Windows platform. If you are using Linux or Mac, you cannot manage Check Point. Instead, you need to use a virtual PC with the Windows OS installed, running inside Linux or Mac. Check Point states that this is a decision made for security reasons, but that certain management features can be done through the browser, although not fully.

For how long have I used the solution?

I have been using the Check Point firewall for more than 20 years.

What do I think about the stability of the solution?

This solution is very stable for all of our customers.

What do I think about the scalability of the solution?

One of our customers has more than 200 branch offices, which are protected by Check Point SMB appliances. All of these appliances are managed by Check Point SmartProvisioning. This customer has one Check Point cluster that secures server segments and another Check Point cluster to secure the client segment.

The latest product, Maestro is very good and scales well.

How are customer service and technical support?

Check Point support is very good and we are very satisfied.

Which solution did I use previously and why did I switch?

My company is working with different firewall products but I am a Check Point expert and only support their products.

How was the initial setup?

The initial setup is straightforward.

What about the implementation team?

All implementation is handled by our team.

What was our ROI?

There are different ROIs for each customer but our customers' ROIs are high, as expected.

What's my experience with pricing, setup cost, and licensing?

The pricing is high compared to competitors.

Which other solutions did I evaluate?

Our customers evaluate other products but a lot of them prefer Check Point.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: KocSistem A.S.
Flag as inappropriate
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.