We changed our name from IT Central Station: Here's why
reviewer1692972
User at PROWERS COUNTY HOSPITAL DISTRICT
User
Extremely stable with many great features and a helpful web GUI
Pros and Cons
  • "We used Check Point for implementation, and they are top-notch. They know the hardware and software better than anyone."
  • "I have had some issues in the past with the desktop client being slow to come up for logging in, and then slow to respond to screen changes, however, overall, it really hasn't been too bad."

What is our primary use case?

We are a Critical Access hospital with close to 1,000 endpoints and hundreds of users. We currently have multiple ISPs coming into the hospital for internet redundancy. There are multiple buildings on our campus that are connected with copper and fiber. We have had clinics in multiple cities attached to our network at various times. 

We installed the Check Point NGFW in our environment to act as our main firewall and gateway. This allows us to keep several of the vendor devices (lab analyzers and other third-party equipment) segregated on different VLANs so they have no access to our production VLAN. This system is also our VPN concentrator for several site to site VPNs and remote software VPN connections.

How has it helped my organization?

In the past 15+ years that I have run these firewalls, we have been able to make huge strides in increasing our security posture. This has been evidenced by our annual Security Risk Assessments run by a third party. Check Point is always coming out with new features that help make it easer to manage our security posture. We have received multiple comments from other organizations praising us for the speed and accuracy of setting up new site-to-site VPNs with the proper access. This is all possible because of the intuitive Check Point software.

What is most valuable?

There are many great features, however, with our last upgrade, we now have a web GUI that allows us to pull up multiple facets of the firewall environment. This feature has been very handy. There have been times we have a connectivity issue, and both sides are blaming each other. If I'm away from my desk and don't have my laptop, I can quickly bring up the interface on my phone and search through the logs, rule base, and VPN communities to help quickly troubleshoot the problem. I can't say it enough - this has been invaluable.

What needs improvement?

Overall, this is a great system, and I'm struggling to come up with things that I think should be improved. 

I have had some issues in the past with the desktop client being slow to come up for logging in, and then slow to respond to screen changes, however, overall, it really hasn't been too bad. 

For additional features in the next release, I would like to see more change functions available in the new Web GUI version. This is still a new offering from the company, therefore, I can only assume it will get better as customers make suggestions/requests.

For how long have I used the solution?

I've used the solution for over 15 years.

What do I think about the stability of the solution?

This system has been rock solid in our environment. I have even run beta software to try out new features. I trust the company and their top-notch support staff to keep us running smoothly.

What do I think about the scalability of the solution?

This system has been very scalable. Check Point offers multiple security 'blades' that let you start out small, and increase as needed without having to drop a bunch of money on new hardware.

How are customer service and support?

I rarely have critical issues, however, when I do, I can call and get an engineer rather quickly. For most of my issues, I utilize the online support portal and/or knowledge base articles.

How would you rate customer service and support?

Positive

How was the initial setup?

We had engineers online with us to help us get everything setup. They have done this many times, and they were able to give us a lot of information to help prep the environment. This left us with minimal downtime.

What about the implementation team?

We used Check Point for implementation, and they are top-notch. They know the hardware and software better than anyone.

What was our ROI?

That is difficult to calculate. We have had hospitals and clinics drop like flies to ransomware, DDOS attacks, and other issues. The financial impact of something like that would be huge. You can't put a price on safety. 

We are trying to do the best we can in an ever-changing landscape of cyber dangers, and we feel that Check Point has been a great name to hang our safety on. In the 15+ years I've been working with Check Point, I have only changed out the hardware twice. We pay an annual fee to cover licenses and support. In general, this is a great investment.

What's my experience with pricing, setup cost, and licensing?

We purchased this through a VAR, so your mileage may vary when it comes to cost and initial service for setup. 

The licensing can be a bit tricky when you have more than one appliance. That said, they are very open and explain how it all works. They give the ability to set up trials of all the different license 'blades' to let you try before you buy.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Amit Kuhar
Network Security Consultant at Atos Syntel
Reseller
Top 5
Easy to manage, deploy, and upgrade
Pros and Cons
  • "It is easy to deploy or upgrade. There is no need to do this manually with commands. This solution can be set up online."
  • "In a VPN setup, we have Internet connection via Check Point. The connectivity is not turnkey like competing devices. We have not yet terminated our site-to-site VPN because things are fluctuating right now and Check Point needs to be upgraded. Also, their troubleshooting needs to be improved for this."

What is our primary use case?

We have around 500 firewalls all around the world with a global team to manage them. We are using Check Point NGFW for Internet traffic, IPS, and UTM devices.

Atos provides this solution, including network design and advice.

What is most valuable?

  • Antivirus
  • IPS
  • They got the logs into one site, which is wonderful.
  • There is a secure action line code that you can announce your products in.
  • If you have a number of sites, like a hundred sites around the world, you can deploy multiple VSX testing. 
  • All over the world, you can have DMZs in data centers, e.g., in the USA, Dubai, and London. 
  • It is easy to deploy and upgrade. 
  • Easy to manage, e.g., if there is a new engineer onsite, they can easily manage it.

What needs improvement?

In a VPN setup, we have Internet connection via Check Point. The connectivity is not turnkey like competing devices. We have not yet terminated our site-to-site VPN because things are fluctuating right now and Check Point needs to be upgraded. Also, their troubleshooting needs to be improved for this. 

For how long have I used the solution?

I have been using it for five years.

What do I think about the stability of the solution?

I haven't seen any stability issues, though I have seen some issues with the management of the gateway. Stability-wise, it is good (a nine out of 10).

What do I think about the scalability of the solution?

We have 74 locations. We can have 10,000 users maximum via an Internet gateway. We have four data center across the world: two in USA, one in London, and one in Dubai. Passing through Check Point per location: in the USA - 5000 users, in London - 2000 users, and in Dubai - 10,000 users.

There are 12 network security engineers/consultants managing Check Point and the legacy firewall, SonicWall.

How are customer service and technical support?

Right now, we cannot go directly to Check Point because of vendor dependency. We have to first initiate with our vendor.

Which solution did I use previously and why did I switch?

We migrated SonicWall to Check Point about two years back. That took one year to set up in our organization. 

We switched away from SonicWall because it is a legacy firewall at end of life. SonicWall was missing features that Check Point has, like UTM, IDS, IPS, antivirus, etc. Check Point is better for protection and performance-wise.

How was the initial setup?

It is easy to deploy or upgrade. There is no need to do this manually with commands. This solution can be set up online.

We have two devices. Right now, we are deploying and upgrading a new setup, where you can do management, management plus gateway on the device, or virtually you can install your management device on VMware or Hyper-V. With the Hyper-V and the Management Server, you can access all the gateways. For the Management Server and gateways, we have an activation key.

What about the implementation team?

We are an IBM OEM company who received installation support from that vendor. They provided all the network connectivity.

For our implementation, we:

  1. Started with an initial diagram of the configurations and what we want to see after the installation.
  2. Segregated the SonicWall and Check Point tools for the migration since we used automation.
  3. Checked the mode of installation. We went with transparent mode.
  4. Collected the IPs for the firewall. It required multiple IPs because with we have cluster nodes.
  5. Assessed the feasibility of Check Point in our environment.

For our strategy, we looked at:

  • How many users are in all our offices? For example, is it a small office, mid-size office, or data center?
  • Using high-end versus lower-end devices, e.g., lower-end devices means a smaller price tag.

A smaller office of less than 500 people would get a 4000 Series. Whereas, a larger office would get a 5600 or 7000 Series. We have to be focused on the natural topology.

What's my experience with pricing, setup cost, and licensing?

We have had some vulnerabilities when we upgraded the R80.30 Management Server. We have some gateways right now in our R77.30 version, and this means if we go without license in R80.30, then it will prompt a bad connection and terminate. We have had some license difficulties with the connection going from R70 to R80. However, these don't largely impact performance.

Which other solutions did I evaluate?

We looked at Fortinet and Palo Alto. We did not feel FortiGate was capable of what we required. Palo Alto is somehow not as good as Check Point, budget-wise and performance-wise. Palo Alto is more costly than Check Point.

If you need a good support or something that is good budget-wise, then I recommend going with Check Point compared to Cisco or Palo Alto.

What other advice do I have?

It is a good firewall. It has returned good performance. We are happy with the product. I would rate the product as a nine out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Reseller.
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
563,780 professionals have used our research since 2012.
Integration engineer at S21sec
User
Top 20
Great technical support, adapts well to any environment, and works well with Linux
Pros and Cons
  • "The technical services always replied in a very fast and effective way."
  • "One thing to improve is the VSX gateway. It is quite complex to work with VSX and they are quite easy to break if you aren't familiar with them."

What is our primary use case?

We use the product to secure our network, using all Check Point has to offer, including multi-domain servers, centralized log servers, gateways on-premise, and VSX. It has improved a lot with the last versions making day-to-day operations very user-friendly. 

I have used almost all the blades Check Point has and it's incredible what a Next-Generation firewall is capable of, including VPN, IPS, monitoring, mobile access, compliance, and more. The reports of the Smart Event console are also very useful. It's good to have a view of what's going on in our network. 

Since Check Point has Linux working on them, it gives us plenty of tools to adapt to any specific need we have.

How has it helped my organization?

In actuality, Firewalls are a must in any organization. Check Point's ability to adapt to any environment is their strength. The interface is very easy to understand, and the Smart Console can be configured to fit almost anything you need to.

When an issue appears, the logs are very easy to read, and that helps to identify the reason for the problem and solves it faster. The issues are not so annoying. 

What is most valuable?

The support Check Point gives is key. As the Firewall vendor, I recommend them. It's always great to work with them. For this reason, I am very satisfied with Check Point. Every doubt I had they were pleased to help with and we ab;e to provide a resolution. The technical services always replied in a very fast and effective way. The live chat is great as well. There is always someone willing to help. This makes working with Check Point a good experience.

Check Point expert mode is basically Linux, so working with that allows us to implement a variety of scripts.

What needs improvement?

In earlier versions, it was a bit hard to do migrations of Multi-Domain Servers/CMAs, nowadays, with +R80.30 it has gotten much easier. I cannot really think of many things to improve. 

One thing that could be useful is to have a website to analyze CP Infos. This way, it would be much faster to debug problems or check configurations. 

Another thing not very annoying but enough to comment on is when preparing a bootable UBS with the ISOMorphic (Check Point's bootable USB tool), it gives the option to attach a Hotfix. However, this usually causes corrupted ISO installations.

One thing to improve is the VSX gateway. It is quite complex to work with VSX and they are quite easy to break if you aren't familiar with them.

For how long have I used the solution?

I've used the solution for three years.

What do I think about the stability of the solution?

With other products, I have used quite a lot of RMAs, usually for not the most important component, however, enough to need an RMA, such as FANs or PSUs.

With Check Point it's quite easy, if it's needed, to replace. You just install the correct version and hotfix and load a backup from the old device. After that, the new device is ready to go.

What do I think about the scalability of the solution?

The scalability of Check Point is great. With the usage of Multi-Domain Servers, you can integrate all the devices into one console. You also always have the chance to expand creating new domains. Also, this distribution helps to have a very structured and organized management. It is always a very good thing when things don't go as expected and you need to solve any problem. Finding where the issue is in your organization is key.

How are customer service and support?

The technical cases are replied to in a very fast and effective way. The live chat means there is always someone willing to help. This makes working with Check Point a good experience.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

The most I have used are Forcepoint, Cisco, F5, FortiGate, and Palo Alto.

How was the initial setup?

The initial setup is very straightforward and very guided. 

What was our ROI?

With the few replacements we need to do, there is very little downtime. It is worth the investment. The great support team behind Check Point is also worth the cost.

What's my experience with pricing, setup cost, and licensing?

Check Point is not the cheapest manufacturer, however, it's worth the price.

Which other solutions did I evaluate?

I have been always on the side of Check Point, however, Palo Alto was another option we considered.

What other advice do I have?

Having the option to use a UNIX-based shell instead of being forced to use GAIA, in this case, is great. It makes Check Point very customizable.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Sathish Babu
Solutions Consultant at a computer software company with 10,001+ employees
Real User
Top 20
Tools for searching firewall rules make it easier for newcomers to manage devices
Pros and Cons
  • "The most valuable feature of the firewall is the packet inspection. That is an amazing feature from Check Point."
  • "It would be great if the access management, the user management features, were improved in terms of the number of users that can be connected, and how users can access the various resources with the help of firewall authentication."

What is our primary use case?

We provide solutions for various customers where we apply Check Point Firewalls, either for a VPN gateway or for securing their networks. We have provided them to a couple of financial customers to protect their mobile banking as well.

How has it helped my organization?

It has good features for searching the firewall rules and it has drastically changed daily operations. It's very easy, even for novice users or newcomers, to operate and manage this device. It has improved our operations that way.

What is most valuable?

The most valuable feature of the firewall is the packet inspection. That is an amazing feature from Check Point. Apart from that, we do have identity solutions which we use on a regular basis. Both are very good.

What needs improvement?

It would be great if the access management, the user management features, were improved in terms of the number of users that can be connected, and how users can access the various resources with the help of firewall authentication.

Also, one of the challenges I hear about from customers or engineers who work with and operate Check Point firewalls is not about the technical capabilities of the product but about understanding the product. There should be whitepapers available on the Check Point portal so that people can understand them more easily.

For how long have I used the solution?

I have been using Check Point's firewalls for almost 12 years. I started with the IP390.

What do I think about the stability of the solution?

Stability has improved a lot from Check Point's very early days over the last 12 years. Back then we had to reboot the firewall after every two to four days.

What do I think about the scalability of the solution?

The firewalls are scalable with our workload. We are at about 20 to 30 percent utilization so even if we doubled of our existing network resources and load on the firewalls, they would still have the space to scale. They're enough for the networks that we have implemented.

We recently finished a deployment and it's still in the user acceptance test phase. As of now, I cannot say anything in terms of increased usage. But for the customers that we have deployed it for within India and the APAC region, so far the results have been pretty good.

How are customer service and technical support?

I have used technical support a couple of times, when it was required, for hardware replacements. Of course, once or twice I contacted them for active devices when we had some glitches. But that turned out to have nothing to do with Check Point.

Overall, technical support has been good. They understand the situation and what part needs to be replaced or what needs troubleshooting through remote support tools.

Which solution did I use previously and why did I switch?

Before Check Point we used Cisco. And we use Cisco for a couple of customers because it's already pre-deployed, so it's not in our hands. We manage operations, so we are still managing Cisco devices. We don't have Juniper right now, but we have Palo Alto for one of our customers.

How was the initial setup?

The initial setup is very straightforward. When we boot the firewall we have instructions which say how to connect to the QR, and from that portal you go to your gateway and configure all the required network interfaces. Once you have installed your Smart controller, you need not log into the firewall every time. Instead, you can log in through your Smart controller. That's a pretty good method which no other firewall provides.

For the very basic features, it does not take more than two days. But, for a full-fledged implementation, it can take around two months.

Our implementation strategy is to replace existing firewalls in the network. We try to keep the business downtime as short as possible, especially for business-critical applications.

For deployment and maintenance of these firewalls we have a team, worldwide in different regions: APAC, Europe, America, and the Middle East, although in the Middle East we don't use Check Point.

What was our ROI?

We have definitely achieved ROI with Check Point firewalls.

Which other solutions did I evaluate?

We definitely evaluate other options based on the customer's budget, and the stability and technical specs of the firewall. We generally choose Check Point as our preferred product vendor.

What other advice do I have?

The biggest lesson I have learned from using Check Point's firewalls is that they are not complex.

I'm expecting a lot of solutions from Check Point and if there are more solutions from them, that would be great. I would like to see more product development.

Overall, I would rate it at 10 out of 10. It's the best firewall in the market.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
reviewer1531134
Cybersecurity Engineer at Insurance Company
Real User
Top 20
Good support and knowledge base, centrally managed, and flexible
Pros and Cons
  • "The easy and standardized management interface, now with a complete and functional API mechanism, provides the administrator several ways of managing the solution."
  • "Several of the security modules including IPS, URL Filtering, and Anti-Virus, are based on HTTPS inspection, losing relevant security capabilities if you don't implement it in your network."

What is our primary use case?

We were looking for an easy, centrally-managed firewall infrastructure as we were using a standalone solution that was difficult to operate and maintain because it was composed of several different systems.

We needed a solution that had support for virtual systems, and we needed such flexibility without increasing the cost by too much.

On the other hand, comparing within the sector, Check Point NGFW has a good stack of security mechanisms (modules, aka blades in CKP terminology) that are easy to implement and use.

How has it helped my organization?

The virtual systems solution (VSX under Check Point terminology) has provided the company the ability to improve performance and adapt to the network and security needs in a flexible way, as the network has been possible to be redesigned at any time and put an additional firewall where there wasn't before without more hardware. At the same time, the costs of the solution are known and limited, as you pay for a bundle of firewall licenses and your hardware purchased.

The NGFW security solution scales well and easily when needed as long as your hardware (performance) admits it. And having a central management system that allows us to share the same object database and different configurations have allowed us to improve the platform operating time. Due to this, we can implement the security needs of more proyects than we used to.

What is most valuable?

This product, being a Next-Generation Firewall (say, for this example, Unified Threat Management as well) provides up-to-date security options through different modules and scalability to match almost any firewall security needs.

The easy and standardized management interface, now with a complete and functional API mechanism, provides the administrator several ways of managing the solution. At the same time, the interface is common and unified through the different security modules.

They not only have a great support team but the knowledge base is another good point to consider.

What needs improvement?

Several of the security modules including IPS, URL Filtering, and Anti-Virus, are based on HTTPS inspection, losing relevant security capabilities if you don't implement it in your network. 

This means that to being able to take advantage of the full security stack, you're going to have to inspect traffic, break the tunnel, and manage different SSL certificates.

Although this is not a limitation of the product itself but the technology, where other vendors are impacted the same way, it is useful to take this into consideration as you can adjust the capacity of the systems adequately.

For how long have I used the solution?

We have been using Check Point NGFW for about 10 years.

What do I think about the stability of the solution?

The core system is very stable. You can find some bugs in non-core modules.

What do I think about the scalability of the solution?

Although the scalability is easy, you have to consider the costs and your license bundle.

How are customer service and support?

Technical support is one of the more important points to consider when choosing a solution. Their response is fast and accurate, and additionally, you have a complete, updated, and useful knowledge base that you can check if you like.

Which solution did I use previously and why did I switch?

We used a different solution prior to this but we needed to improve our operating and management time for the platform, as well as have the option of using a complete set of security modules.

How was the initial setup?

The initial setup is rather simple. The solution is easy to set up and operate. The difficulty is more dependent on your network and maintenance window slots, as opposed to the firewall itself.

What about the implementation team?

We implemented the solution with the advice received from the vendor and made the change with the help of a third-party reseller that had a good level of expertise in Check Point

What's my experience with pricing, setup cost, and licensing?

Scaling requires the purchase of additional licenses.

Which other solutions did I evaluate?

We evaluated the UTM solutions of the following vendors: Cisco, Palo Alto, and Check Point.

What other advice do I have?

My advice for anybody who is implementing this solution is to take into consideration the throughput, security modules, and storage (logs) needs, so you can choose the appliance that best fits your organization.

Additionaly, using VSX has some limitations in comparison with the physical counterparts, it is highly recommended to check the limitations at the vendor knowlegde base (sk79700) before your purchase and check such features are not critical for your business. For example, SAM rules can't be used currently at virtual systems.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Solutions Lead at a tech services company with 1,001-5,000 employees
Reseller
Top 5
We are seeing less traffic going to the server, improving server performance
Pros and Cons
  • "My favorite feature is the UTM piece and that was the main reason we bought it. It helps us to fine tune the network."
  • "When I was creating the VPN on it and the client side through the portal, that feature was very annoying. I could not use it. It was much more usable after downloading it to the laptop. That was very good compared to using it directly from the browser."

What is our primary use case?

It's an on-prem deployment where we use it to protect our client and end-users who are working with the internet, and to protect their servers from external access. They have about 100 users and two servers.

How has it helped my organization?

When we did not have SSO, we had problems related to attacks compromising our firewall. That has been mitigated. We have the traffic going through the firewall to the server, so those types of things have really improved. We are seeing less traffic going to the server. When there was direct access to it, there was more and more traffic going to our server. So it has improved our server performance.

What is most valuable?

My favorite feature is the UTM piece and that was the main reason we bought it. It helps us to fine tune the network. We use it to block certain websites, to block access to particular locations, such as in Singapore or say Malaysia, where we have offices. We keep the previous device updated and, based on that, we also have static MAC address binding.

We also use the VPN services. The VPN features are mostly for our cloud connectivity and for our remote users to have local server access.

What needs improvement?

When I was creating the VPN on it and the client side through the portal, that feature was very annoying. I could not use it. It was much more usable after downloading it to the laptop. That was very good compared to using it directly from the browser.

For how long have I used the solution?

I have been using Check Point NGFW for almost two-and-a-half years.

What do I think about the stability of the solution?

It's a stable solution. In the time I have been using this product, I have hardly seen anything break.

What do I think about the scalability of the solution?

In terms of scalability, they have products that can fit into the environment. It's a very scalable solution. For our requirements, it fits very well. You can go with whatever kind of setup you want: Active-Passive, Active-Active. Check Point is very easy. Their solution is ready for our market; it's very well suited. Wherever we want to go, Check Point can provide a solution.

Currently, we are using somewhere around 50 to 60 percent of the box's capacity.

How are customer service and technical support?

Sometimes, when I have gotten stuck, I have reached out to support and it's okay. They have helped me very quickly.

Which solution did I use previously and why did I switch?

We did not have a previous solution. We went directly with Check Point. We liked the features provided by Check Point and we went for it.

How was the initial setup?

The setup is not complex. It's easy to deploy. The documentation provided is very good. Deployment takes me two to three days. The hardware takes one-and-a-half days and then I get all the features up and running.

We have a standard implementation strategy. We have a checklist. We plan it out. Then we go into the field for the deployment. We have one dedicated engineer for deployment, and I also check it on a regular basis. The two of us are also the ones who manage the solution.

What's my experience with pricing, setup cost, and licensing?

We have to consider things, cost-wise, when we are expanding into other locations. We don't have the budget to use it in other platforms. We have some servers that we deploy in AWS and other locations. But instead of going with Check Point, we go with other vendors to fit into the budget.

Check Point is really costly. When it comes to the Indian market, where we are located, we always consider budget solutions. So this is an area where Check Point could use some improvement.

In addition to the standard fees, support is an added expense.

What other advice do I have?

The biggest lesson learned from using this solution is in terms of security. It is a really good product. I don't think there is anything missing from the Check Point firewalls. The features provided by the company are very good and provide what we need.

It's a very good security product, as long as you have the budget. It provides modern security and the architecture Check Point provides is good. And the application side will really help any size of business to deal with traffic based on the application.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer:
Nikhil Dhawan
Associate Consultant at a tech services company with 10,001+ employees
MSP
Top 10
Gives us centralized management for multiple firewalls and can protect our environment from outside threats using advanced features
Pros and Cons
  • "It gives us centralized management for multiple firewalls. For example, if I want to push the same configuration in 10 firewalls, I can push it all at once with the help of the centralized management system."
  • "I would like the graphic user interface to be easier to use. For example, the NAT policy should be easier to use. Check Point's NAT policy is somewhat confused compared to other competitors."

What is our primary use case?

My role is to do implementation and troubleshooting on the Check Point Firewall. We use this firewall for our organization's security by adding restrictions and security from viruses and other tech from the external Internet.

It is used in our internal company-wide network. It protects our company throughout the LAN network.

How has it helped my organization?

We have needed to install many third-party devices to provide major security to our organization. Because of Check Point and its many features, we do not require other third-party devices. We only require Check Point to provide the security.

What is most valuable?

It gives us centralized management for multiple firewalls. For example, if I want to push the same configuration to 10 firewalls, I can push it all at once with the help of the centralized management system.

It is easy to use because it supports Linux language in the CLI. This is a good for someone who already knows Linux language.

What needs improvement?

The company should increase the learning platform free of charge. For example, Palo Alto and Cisco ASA have very good platforms that are completely free. Almost everyone in this field has good product knowledge. Therefore, I would like more training and expertise to be available for Check Point NGFWs.

I would like the graphic user interface to be easier to use. For example, the NAT policy should be easier to use. Check Point's NAT policy is somewhat confused compared to other competitors.

For how long have I used the solution?

I have been using it four years and four months.

What do I think about the stability of the solution?

It is a stable firewall that has new updates. The new updates are very impressive. There is also a good antivirus update which comes out very frequently and is completely stable.

What do I think about the scalability of the solution?

The solution's scalability is good.

With our increasing business, we have given a proposal to increase the number of firewalls.

In my organization, there were five associate consultants included in the deployment process, including me.

How are customer service and technical support?

The solution has very good, timely support. Most of the time, when we opened a case with their tech support, we have been in a panic situation because of the case's priority. However, the solution that we get is very straightforward and in very short amount of time.

My issues were resolved by the Check Point team or available on the Internet. So, all my problems were resolved.

Which solution did I use previously and why did I switch?

I have used Palo Alto and Cisco ASA. When I used Check Point, I got to know that the CLI is based on Linux. I already know Linux, so it was very comfortable for me. Apart from that, it was the company's decision. They wanted to use this firewall.

How was the initial setup?

The initial setup was straightforward because I have done training on Check Point. I didn't face any issue while implementing or while configuring it. I only faced a few issues, and they were resolved by the Check Point team.

It takes around nine to 12 months for the complete deployment of this solution. My deployment plan was a three-tier architecture, which is one of Check Point's features.

What about the implementation team?

I deployed it myself with the help of one or two of my colleagues.

What was our ROI?

I am happy with the investment that we made on Check Point. The reason behind this: It has advanced features for protecting the environment.

Which other solutions did I evaluate?

I also evaluated Palo Alto and Cisco ASA.

Check Point pros:

  • The CLI is very ease to use.
  • It provides advanced security threat prevention.

Check Point cons:

  • The graphical user interface should be easier to use.
  • More training should be provided by Check Point. 

What other advice do I have?

I would recommend this solution because it is a firewall that replaces many other devices. Money-wise, it is good. It also has many features. These can be utilized to protect your environment from outside threats.

You should have a couple of training and hands-on experiences before deploying the changes by yourself on the firewall. It has many features of which people are not knowledgeable so they usually utilize them.

With time, technology is getting better. Check Point is one of these examples. They have changed their products completely from the old R80 version, where their UI and CLI were much different. 

I would rate this solution as a nine out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Rohit Gambhir
Sr. Network Engineer at a consultancy with 51-200 employees
MSP
Top 10
Protects our environment with advanced features, like Threat Protection and central management
Pros and Cons
  • "They have very good support. In critical scenarios, they provide us very quick solutions, are very well-trained, and have a good knowledge about the product. That is what we expect from them."
  • "Check Point's study materials should be provided by the company directly and be of very good quality. This is not provided right now and something that the company can improve."

What is our primary use case?

We use it to protect our network from the outside world and unsecured networks. We also use it to provide a safe, secure network to the internal users of our organization.

I am using various versions on the model, like R80.10 and R80.30.

What is most valuable?

  • Antivirus
  • Threat Prevention
  • The central management

These are vital, advanced firewall features for the market. They protect the environment more than the usual firewalls. 

What needs improvement?

Check Point's study materials should be provided by the company directly and be of very good quality. This is not provided right now and something that the company can improve. 

A disadvantage about Check Point is people in the market are not too familiar about its usage and people lack training on it.

For how long have I used the solution?

I have been using it for the last six years (since 2014).

What do I think about the stability of the solution?

Check Point Firewalls are very stable. Check Point is one of the oldest company in firewalls with a very stable product. They provide good, stable updates.

What do I think about the scalability of the solution?

It scales well. Recently, during COVID-19, we did the scalability process, and it was easy.

Currently, this is used only for our inbound networks to provide security to our internal network. Around 6,000 people are taking advantage of this technology directly and indirectly in our organization.

We have certainly increased number of firewalls in our organization. In the future, if is required, then we will definitely use more.

How are customer service and technical support?

I have used the technical support very frequently. I would give them around a nine out of 10. They have very good support. In critical scenarios, they provide us very quick solutions, are very well-trained, and have a good knowledge about the product. That is what we expect from them. I am deducting one mark to allow room for improvement. 

Which solution did I use previously and why did I switch?

Previously, we were using the Cisco ASA Firewalls, which are one of the most demanded firewall in the market. We switched to Check Point because their firewall is more advanced than Cisco ASA. They are also providing us the extra benefit of features, like their central management system, Antivirus, and Threat Prevention, which were not provided by Cisco ASA. 

How was the initial setup?

It was straightforward; it was not too complex. It was simple to install and use the features, as we were already trained. Our company used their trainers before installing it. Getting all the knowledge of the firewall's features beforehand worked very well for installing/deploying the solution in our environment.

We were using different firewalls that we had to replace. For that replacement, we required two years for the transition to Check Point to get it to work.

For our implementation strategy, we used three-tier architecture strategy in which we have a console, three-tier management Gateway, and the firewall.

What about the implementation team?

We have around 20 people on the team, because it is a large company. So, I deployed it with the help of 19 members. The team of 20 people work on different shifts and we manage all the organization's firewalls. We are all network engineers, though some of us have different designations.

What was our ROI?

It has a good return in terms of usage and the security that it provides. We are very happy with the security capabilities that this firewall has.

What's my experience with pricing, setup cost, and licensing?

Check Point Firewall costs more compared to the other firewalls in the markets, as pricing is little high. However, it is easy to take the license and use it in the firewall.

Which other solutions did I evaluate?

We did an evaluation between Cisco ASA and Check Point. We had options to extend Cisco ASA or switch to Check Point, but we switched to Check Point Firewall.

What other advice do I have?

Be knowledgeable before implementing this firewall because it has many advanced features compared to the normal firewalls in the market. If you want to use it in a better way, then you need to be trained on it. 

There were a few members who joined our organization who were familiar with Check Point, but they do not know about every feature which could be used and taken advantage of to better secure our network. I recommend getting proper training before using it.

I would rate this solution a nine out of 10 because I am a very happy customer of Check Point. I have had a good experience with this firewall. I like is the way it is improving a lot with the times.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Product Categories
Firewalls
Buyer's Guide
Download our free Check Point NGFW Report and get advice and tips from experienced pros sharing their opinions.