We changed our name from IT Central Station: Here's why
reviewer1284540
ICT-System-Specialist at a insurance company with 5,001-10,000 employees
Real User
Top 20
Central logging and management makes us faster and more efficient, but technical support needs improvement
Pros and Cons
  • "With the new SmartTask offered in R80.40, we will be happy to configure some automatic control-functions."
  • "The Check Point support needs a lot of improvement."

What is our primary use case?

We use Checkpoint Firewalls to protect Datacenter VLANs against each other. In addition, we use them to protect our perimeter systems from the internet, and our internal network from the perimeter.

We have virtualized the systems on a VSX-Cluster using VSLS, but the basics are still the same compared to a traditional cluster. VSX gives us a bit more flexibility in the case of load-sharing. Therefore, it’s quite easy to react in the case of heavily used hardware distributing the load by failover or prioritizing VSs onto different nodes.

How has it helped my organization?

The biggest improvement is the central logging and management of all firewalls. Other IT-departments can get log-access and search for their own if there are missing rules or other issues.

Since we use Identity Awareness the solution becomes more flexible, as users no longer need static IPs. Especially for IT-users, who always need more rights, it was a big improvement.

Implementing Wi-Fi makes it nearly impossible to work without Identity Awareness. Unfortunately, we fought with some bugs in the IA-module, but we got them solved.

What is most valuable?

R80 management has improved and made the product more comfortable for IT people to use.

Filtering through rules and finding similar ones to add additional objects becomes much faster.

With an additional hotfix starting from R80.10, we are able to use the management with Ansible. From R80 on, we started creating objects via script or adding them to groups. That makes some parts “automatic”, or at least much faster.

With the new SmartTask offered in R80.40, we will be happy to configure some automatic control-functions.

What needs improvement?

The Check Point support needs a lot of improvement. We spend a lot of time troubleshooting issues ourselves, create good ticket descriptions, and try to explain in detail what has already been tested. Even so, it takes at least three ticket-updates before support really understands the issue. If you manage to reach the third-level support, you are still forced to be really critical of what kind of suggestions Check Point support is offering you. Running debugs on a test environment is quite different than running them in a heavily used production environment.

For how long have I used the solution?

We have been using Check Point firewalls for 16 years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head of Technology at African Alliance Plc.
User
Top 20
Highly scalable and responsive with great VPN functionality
Pros and Cons
  • "The firewalling feature and the VPN functionality are excellent."
  • "The quality of the console should be improved in terms of aesthetics."

What is our primary use case?

I use the NGFW as a Firewalling device, for VPN tunneling, and for virtual patching. My environment is a two-tier network environment. I also use the Check Point NGFW as an IPS.

How has it helped my organization?

It really has improved my organization in terms of protecting my network against intrusion and zero days. I have been able to explicitly configure the blocking of certain attack vectors using Check Point NGFW.

What is most valuable?

The firewalling feature and the VPN functionality are excellent. With the firewalling functionality, I have been able to ward off intrusion from outside the network. With the VPN functionality, I have been able to allow secure remote connections from external customers and staff. 

What needs improvement?

CheckPoint would do good to add new features such as UEBA(User and Entity Behavior Analytics). 

They should also improve on the effectiveness of their antivirus. It should be more effective than competitors.                                                                                                                                                                                                                                                                                                                                                                                                                                                       

For how long have I used the solution?

I have been using Check Point NGFW for five years.

What do I think about the stability of the solution?

The product is very stable with no crashing or configuration corruption.

What do I think about the scalability of the solution?

The solution is highly scalable and responsive.

How are customer service and support?

The vendor is very professional and has the know-how.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I used to use the Cisco ASA 5500 series firewalling device.

How was the initial setup?

The initial setup was straightforward.

What about the implementation team?

The product was implemented through a third-party vendor.

What was our ROI?

We saw an ROI within one year.

What's my experience with pricing, setup cost, and licensing?

It is very competitive relative to others on the market.

Which other solutions did I evaluate?

I was shown the POC and I fell in love with the fact that the Check Point NGFW has a GUI that allows for easy configuration. It also does firewalls very well. Therefore, I did not look at other options.

What other advice do I have?

It is an awesome product!

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,322 professionals have used our research since 2012.
ITCS user
Project Manager at SANDETEL
Real User
Top 10
Improved network performance, good management console and diagnostic tools, insightful reports
Pros and Cons
  • "We are delighted with the powerful management console and diagnostic tools."
  • "The number of physical network ports on the device should be increased to allow for greater capacity."

What is our primary use case?

In my company, we use the Check Point NG Firewall solution to secure the perimeter and user network. We use IPS/IDS, deep packet inspection, and VPN. We have implemented routing rules based on the destination of the traffic, and the performance of the global solution is satisfactory.

We use the solution, too, as the firewall in a core node, which is very important to the business. It secures the network equipment and service integrity.

We are delighted with the powerful management console and diagnostic tools.

How has it helped my organization?

The Check Point Next Generation Firewall has improved the performance of our network, bringing the IT administrator a lot of information and data to make decisions about security, vulnerability, strengths, and weaknesses in our deployed projects.

It provides a lot of information to help better understand our users. Now we feel more confident with our network and know what happens on it, as well as what kind of traffic we have.

In addition, we have many reports that include data to help with decision-making and information about how the solution reduces cost and risk.

What is most valuable?

The most valuable feature in my opinion is the powerful deep packet inspection engine. This engine provides me with a great capacity to control the traffic generated by my users and provides our company with a very real vision of the use that users make of the network.

The reporting capability is very important as we are able to show the company management the benefits and the return on investment, in terms of securing our network.

What needs improvement?

The number of physical network ports on the device should be increased to allow for greater capacity.

Another point of improvement would be to continue improving the integration line with our current NAC solution in order to exchange more attributes and increase the granularity of the implemented policies.

For how long have I used the solution?

We have been using the Check Point NGFW for three years.

Which other solutions did I evaluate?

Compared to other similar solutions on the market, this product is quite complete.

What other advice do I have?

In my opinion, this solution is already quite complete with respect to our requirements.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Chester at Iocane
User
Great centralized management with good threat extraction and excellent commitment to innovation
Pros and Cons
  • "Management integration is holistic as centralized management has been core to the solution for decades."
  • "Potential improvements could be made around simplifying VPN functionality and configuration."

What is our primary use case?

I work for a systems integrator and have designed and deployed solutions over many years with Check Point components. Problems solved with Check Point NGFWs have included securing the edge, data center segregation, SWG replacement, Remote Access, and many others.

I have designed and installed Check Point deployments from a single SMB appliance to multiple highly available chassis, running numerous virtual systems. Numerous different use cases include appliance form-factors, running modules, and licenses.

How has it helped my organization?

I have always found that Check Point's fully integrated management provides significant improvements to organisations where I have deployed them. As management has always been integral in the Check Point deployment, all functionality and visibility is natively baked into the management platform, which provides a single point to configure and monitor every function. Alternative vendors have added centralized management functionality as a secondary feature and therefore have never been able to compete on this front.

What is most valuable?

Management integration is holistic as centralized management has been core to the solution for decades. Where other vendors have bolted management on over time, Check Point has always made it central to everything that they do.  

I find that this is one of the most significant and valuable features of Check Point. In addition to that, many new features that eventually become the standard across the industry end up being first introduced by Check Point - sometimes years ahead (such as Threat Extraction which allows active content to be stripped from files being downloaded and a "clean" copy to be provided in near real-time, while sandbox inspection is being performed).

What needs improvement?

Product-wise, I have no real complaints. 

Potential improvements could be made around simplifying VPN functionality and configuration.  

The main area that the organization can improve is around the lack of local, in-state technical support. Competitor vendors have a strong presence in the Adelaide Market, however, Check Point has always been limited with its commitment to staffing local technical resources. If this focus is made, I could see Check Point returning to the strength that it once had in the Adelaide market.

For how long have I used the solution?

I've used the solution for 17 years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Oscar Daniel Garcia
IT Director at Facultad de Ciencias Actuariales, Universidad Anáhuac México
Real User
The best enterprise solution for cybersecurity protection
Pros and Cons
  • "A stable solution with multiple interfaces"
  • "Complex and not very easy to use."

What is our primary use case?

I'm at a university in Queretaro, Mexico and it's used to protect our infrastructure: wireless, LAN, PCs.  Since the solution prevents attacks, we have the checkpoint in all our equipment, from the critical infrastructure to the directors' and employees' cell phones.

How has it helped my organization?

This is the best enterprise solution. Almost every university in Mexico has Fortinet or VXN, but our mission is to have the best cybersecurity protection for our information and our users. We're a private university and our clients and information are the priority. This is the reason why I chose Check Point NGFW.   

What is most valuable?

The solution interface is good. It has three different ones: the NGFW, the Endpoint, and Harmony Mobile.

For how long have I used the solution?

I've been using this solution for five years.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

The scalability of this solution is good.

How are customer service and support?

Because my employees work in other departments, we used the deployment consultant. The service was very good.

How was the initial setup?

The setup was simple because we had the checkpoint expert support. The time it took was standard and once the installation was complete, there was no problem at all.

What's my experience with pricing, setup cost, and licensing?

The setup was simple because we had our partner and checkpoint expert support.  The time it took was standard and once the installation was complete, there was no problem at all.

What other advice do I have?

I would rate this solution a nine out of ten. This is a very good solution. It's complex because it's not too easy to use, but the brand and our partner help us with NG Firewall configuration issues or other solutions like Harmony.

The university is growing every year and with that, I purchase more endpoint licenses and Harmony Endpoint because the firewall works well on the dimension and capacity. Next year, we plan to integrate Harmony Email and Office. The solution also prevents threats to Office 365.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
IT Security Manager at a retailer with 10,001+ employees
Real User
Top 5Leaderboard
Enables us to deploy complex changes from a single management interface and get better visibility
Pros and Cons
  • "Check Point is able to satisfy almost any security tool for enterprise clients. This allows us to deploy complex changes from a single management interface, get better visibility, and significantly reduce operational complexity."
  • "I would like to see an improvement of built-in monitoring capabilities such as throughput. Practically visualization of CPview outputs into beautiful pink GUI will do it."

What is our primary use case?

*Perimeter Firewalls - to protect regional hubs and local offices from public space and provide L3-L7 filtering

*Internal Segmentation Firewalls - to secure company's internal network from movement of malicious actors and reduce traffic flows only to authorised ones

*Public and Private Cloud - to secure hybrid environment either onprem or in the cloud while achieving micro segmentation per host

*Cloud Compliance - to get a visibility into cloud environment and and related vulnerabilities 

*Data Center

*SaaS

How has it helped my organization?

Check Point is able to satisfy almost any security tool for enterprise clients. This allows us to deploy complex changes from a single management interface, get better visibility, and significantly reduce operational complexity.

I have to emphasize the value of Diamond support here where most senior engineers can provide great support with any challenges. Thinking out of the box, sense of responsibility, professionalism and much more - such an attitude helps to provide resolution to any crisis in the shortest term

What is most valuable?

With the new capabilities embedded into R80.XX flavor it is possible to achieve great flexibility while defining your security policy. It is possible to utilize a variety of objects to define static or dynamic criteria for inspection and reduce general rule base size and complexity, while not giving up on security

The security research team is doing a great job staying on top of ongoing threats and releasing fixes for ongoing attacks within days or sometimes hours.

Check Point always actively listens to its customers trying to identify emerging needs and satisfy them pro-actively

What needs improvement?

I would like to see an improvement of built-in monitoring capabilities such as throughput. Practically visualization of CPview outputs into beautiful pink GUI will do it. 

The monitoring of scalable solutions is quite tricky, but it could be relevant for all vendors who possess the same technology.

IPS fine-tuning may require some time to understand the interrelation between IPS protections, core Protections and other IPS profile elements. But in general, Check Point is on the way of great simplification of TP management

For how long have I used the solution?

Check Point products are being in use for the last 6 years.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sales Engineer at Unistar
Real User
Top 10
Good technical support, reliable, and offers effective threat prevention
Pros and Cons
  • "The most valuable features are application control, regulation, and threat prevention."
  • "Compliance and centralized management can be improved."

What is our primary use case?

We are a system integrator and the Check Point Next-Generation Firewall is one of the solutions that we implement for our clients. It is primarily used for data protection, VPNs, and sandboxing. We also use it in our own data center.

What is most valuable?

The most valuable features are application control, regulation, and threat prevention.

What needs improvement?

Compliance and centralized management can be improved.

For how long have I used the solution?

I have been using the Check Point NGFW for perhaps ten years.

What do I think about the stability of the solution?

This firewall runs 24 hours a day and it is stable.

What do I think about the scalability of the solution?

It scales okay because they are SCADA compliant and follow the industry standards. It is best suited to enterprise-level organizations.

How are customer service and technical support?

Technical support is located in Prague, Israel, and America. The support is good and they are quick.

Which solution did I use previously and why did I switch?

We have also worked with Fortinet a little bit. We switched to Check Point because our team is a perfect fit for it. We know the solution well.

How was the initial setup?

The length of time required for deployment depends on the size of the environment. Our largest solution took us between 10 and 20 days.

What about the implementation team?

We have a contract with the vendor to implement and deploy this solution for customers. There are three engineers on the staff who are responsible for maintenance and support, including dealing with tickets.

In total, working with this solution, we have four engineers and two junior administrators.

What's my experience with pricing, setup cost, and licensing?

It is quite an expensive product, although security is a top priority. For people who want security, the price is not a problem, and everything is included in the price of the license.

What other advice do I have?

This is the number one, best firewall on the market. My biggest complaint is that the centralized management has to be improved.

I would rate this solution a ten out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
System Analyst at a comms service provider with 51-200 employees
Real User
Good security and transparency but requires a better UI
Pros and Cons
  • "Newer versions are much more stable."
  • "It's my understanding that the initial setup is a bit complex. There's a bit of a learning curve if you're trying to set it up for the first time and you aren't familiar with the product."

What is our primary use case?

Primarily, we implement the solution at a couple of sites around the world and have created five site VPNs across it. We are running a pretty decent policy to make sure internally our infrastructure is secure.

What is most valuable?

The product offers excellent security. How open they are with new risks and new vulnerabilities is very helpful in the task of keeping our company safe from malicious attacks.

Newer versions are much more stable.

What needs improvement?

The UI could use some improvement. It's not as clean or seamless as it could be. 

It's my understanding that the initial setup is a bit complex. There's a bit of a learning curve if you're trying to set it up for the first time and you aren't familiar with the product.

Older versions were a bit unstable. 

For how long have I used the solution?

We've been using the solution for six or seven years so far. It's been a while. 

What do I think about the stability of the solution?

While this version seems to be quite stable, Check Point, in previous versions, had a lot of issues when we used to do firmware updates.

What do I think about the scalability of the solution?

We have 200 people on the solution currently. 

Which solution did I use previously and why did I switch?

I also have experience with Fortinet. I don't have too much, however. It's still very new to me, and therefore it's hard to compare the two solutions. 

How was the initial setup?

While I didn't directly participate in the implementation, from the people that participated, I've heard that it's complicated if you don't know the product very well.

What about the implementation team?

We hired a company to do the implementation. I don't remember the dynamics of the team. The last time it was set up, there were two people on the implementation team. 

What other advice do I have?

While we don't have a direct relationship with the company, we do have business relationships with both Fortinet and Checkpoint partners.

I'd rate the solution at a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.