We just raised a $30M Series A: Read our story

Check Point NGFW Valuable Features

PS
Principal Network and Security Consultant at a comms service provider with 10,001+ employees

Among the valuable features are antivirus, URL inspection, and anti-malware protection. These are all advanced features.

One of the great advantages of having Check Point as a firewall is that all of these are software blades, so you can buy a license or subscription and enable them and get the security up and running. With other firewalls, it's a completely different agenda, meaning some of them require hardware modules, and some of them have a complex way of adding the licensing, etc. Check Point definitely has a great architecture, where you can just enable the software blades and deploy a secure service. Overall, it provides ease of deployment and ease of use.

View full review »
Senior Engineer Security at a computer software company with 201-500 employees

The feature I like the most is their central management, the Smart controller which you can use to manage all the firewalls from one location. You can get practically all information — but not all the information, because not everything has been migrated from the previous SmartDashboard version into the SmartConsole. Being able to access almost everything in one location — manage all your gateways and get all your logs — for me, is the best feature to work with. 

As for the security features, that depends a bit on what you're doing with it, and what your goal is. But they're all very good for application URL filtering. Threat Prevention and Threat Extraction are also great, especially the Threat Extraction. It's very nice because your end-user doesn't have to wait for the file that he's downloading to see if it's infected, if it's malware or not. It gives him a plain text version without active content, and he can start working. And if he needs the actual version, it will be available a few minutes later to download, if it isn't infected. That's a great feature. 

Anti-Bot also is also very nice because if a PC from an end-user gets infected, it stops it from communicating with its command and control, and you get notification that there is an infected computer.

It's difficult to distinguish which feature is best, because they're all good. It just depends on what your goals are. As a partner, we are implementing all of them, and which ones we prioritize depends on the client's needs and which is the best for them. For me, they're all very good.

View full review »
BF
Senior IT Manager at a mining and metals company with 501-1,000 employees

Packet inspections have been a strong point. Our Identity Collectors have also been helpful. In many ways, Check Point has been a step up from our SonicWalls that we had in-house before that. There's a lot of additional flexibility that we didn't have before.

We saw a noticeable performance hit using SonicWalls. Whether it's because we've provisioned the Check Point gateways correctly from a hardware standpoint or whether it's the software that is much more efficient (or both), we do packet inspection with very little impact to hardware resources and throughput speeds are much improved.

With SonicWall, after it would calculate inspection overhead, we might see throughput at, and often below, 15%. My network administrator gave me data showing Check Point hovering at 50%, and so we were actually seeing Check Point fulfill its claims better than SonicWall.

View full review »
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: December 2021.
554,529 professionals have used our research since 2012.
AU
Network and Security Specialist at a tech services company with 51-200 employees

The most valuable feature is definitely the logs. The way you can search the logs and have the granularity from the filter. It's just very nice. 

I love the interface of R.80.30. The R.80 interface is very nicely thought out with everything in one place, which makes Check Point easier to use. When I started in 2014, I was just confused with how many interfaces I had to go on to find things. While there are quite a few interfaces still in the older smart dashboard versions, most things are consolidated now.

View full review »
Network security engineer at Fidelity Bank
  • The most valuable feature for us is the VSX, the virtualization.
  • The GUI is also better than what we had previously.
  • The third feature is basic IP rules, which are more straightforward.
  • And let's not forget the VPN.

The way we use the VPN is usually for partners to connect with. We want a secure connection between our bank and other enterprises so we use the VPN for them. Also, when we want to secure a connection to our staff workstations, when employees want to work from home, we use a VPN. That has been a very crucial feature because of COVID-19. A lot of our people needed to work remotely.

View full review »
Technical Support Engineer at AlgoSec

I like that it first checks the SAM database. If there is any suspicious traffic, then you can block that critical traffic in the SAM database instead of creating a rule on the firewall, then pushing that out, which takes time. 

The Anti-Spoofing has the ability to monitor the interfaces. Suppose any spoofed IP addresses are coming from an external interface, it won't allow them. It will drop that traffic. You have two options with the Anti-Spoofing: prevent or detect. If any kind of spoof traffic is coming through the external interface, we can prevent that. 

I like the Check Point SandBlast, which is also the new technology that I like, because it mitigates the zero-day attacks. I haven't worked on SandBlast, but I did have a chance to do the certification two years back, so I have sound knowledge on SandBlast. We can deploy it as a SandBlast appliance or use it along with the Check Point Firewall to forward the traffic to the SandBlast Cloud.

View full review »
JM
Network Security Engineer/Architect at a tech services company with 1,001-5,000 employees

The most valuable features are the

  • security blades 
  • ease of managing the policies, searching log for events, and correlating them.
View full review »
Network & Systems Administrator I at DMH

The simplicity of the access control is the most valuable feature for us. It gives us the ability to easily identify traffic that is either being allowed or denied to our network. The ease of use is important to us. The more difficult something is to use, the more likely it is that you'll experience some type of service failure. When we do have issues, with the Check Point SmartConsole being as simple as it is to navigate, it makes it easy for us to identify problems and fix them, to minimize our downtime.

View full review »
KK
Network Associate at a wireless company with 1,001-5,000 employees

I like the antivirus, attack prevention, three-layer architecture, and data center management features.

The antivirus updates are quite frequent, which is something that I like.

Central management is a key feature. We have between five and ten firewalls on-premises, and if we want to configure or push the same configuration to all of the firewalls, then the centralized management system is very helpful. It means that we only have to push the configuration once and it gets published on all of the firewalls.

View full review »
IK
Security Expert at a aerospace/defense firm with 10,001+ employees

The basic most valuable feature is the firewall itself.

The management platform, dashboard, graphical user interface, are one of the best, if not the best, in the business. It's the most intuitive and it's really user-friendly in day-to-day operations.

The VPN means you can communicate in an encrypted manner between sites. 

The application control and URL filtering are also very beneficial. They enable you to tighten security and decide which applications or websites you want to grant access to. In our company, we don't allow anyone to freely access the internet to surf all websites. Some sites may be sensitive and some of them may be inappropriate. It allows us to control the traffic.

View full review »
GG
Security and Platforms Engineer at a educational organization with 201-500 employees

The most valuable features about Check Point are the API and automation process.

Using the GUI, you can add comments from your PC or the client server. If I want to check the firewall rules, I can send one line of command to determine if it is configured or not. 

Its implementation and integration with the rest of the network are better than its competitors.

View full review »
AP
IT Infrastructure & Cyber Security Manager at a retailer with 501-1,000 employees

A firewall is a firewall. It's a Layer 4 machine that blocks or allows traffic for ports. That's the basics and we don't need a next-generation firewall for that. But the features that are important include:

  • IPS
  • sandbox
  • SandBlast
  • Anti-Bot
  • URL filtering.

A basic firewall is a basic firewall. You don't need Check Point and you don't need Palo Alto or the other vendors to block ports from source to destination. But we need the advanced features of this product to give us the visibility into, and the security and protection from, scenarios that are not the usual source-to-destination attacks. The solution needs to understand what the connection is, what the behavior of the connection is, and what the reason for the connection is. It can't be a stupid machine. It needs to know that if you're allowing port 53 from source to destination, that it has to check and give us the information that this communication is legitimate, and not something that is malicious.

View full review »
User

Logging has been excellent. Being able to see all logs from all the various firewalls at different sites in one window has made fault finding much easier. We can see how the traffic is moving through the sites and on which firewall. 

It has also been easy to see machines that may have had infections as we can report easily on devices trying to talk out to sites and services that are known to be dangerous. We have these set up as an HA pair on our main site and we have a lot of audio and video services that go out over the web. 

The failover from one device to the other has been seamless and we find that we do not lose ongoing SIP calls or Teams chats. 

View full review »
MP
Network Security Engineer at a tech services company with 10,001+ employees

There are many useful features including the Office VPN, which provides us with a seamless connection for users who are working remotely. This is helpful for our employees that are working from home, as they get the same office environment as if they were on-premises. It is also helpful for us as an organization because we have good control and visibility over their data, including network traffic packets.

View full review »
CL
System Architekt at a financial services firm with 1-10 employees

We use the basic firewall functionality, plus the VPN functionality, a lot.

We have about 100 remote sites, which is where we use the VPN functionality. For private lines, we prefer to do further private encryption on the line. It is very convenient to do it with Check Point, if you have Check Point on both sides. It is convenient and easy to monitor.

The firewall feature and DDoS Protector, when turned on, keep away attacks from the outside. They also prevent users from accessing things on the Internet that they are not supposed to access.

View full review »
Senior Manager at a financial services firm with 10,001+ employees

It provides the flexibility to use any module with the NGTP and SNBT license. Depending upon the requirements, the blades/module can be enabled on the firewall security gateway and it can be deployed easily.

In case SSL decryption or IPS need to be enabled on any security gateway, it is simple to do. We can go ahead and enable the module/blade and then create a policy, deploy it, and it will start to work.

It has a default five-user license for Mobile/SSL VPN, so the organization can check the solution any time or can even provide access to critical users on an as-needed basis, without getting the OEM involved, all on the same box.

For smaller organizations with the correct sizing of the appliance, they can use the full security solution on a single box. It will provide financial benefits along with reducing the cost of purchasing additional solutions or appliances. 

For example:

  • URL Filtering Module: It can replace the proxy solution for on-premises users with integration of application control and the Identity module. Active Directory access can be provided based on the User ID and the website or application.
  • SSL VPN or SSL decryptor, and more. 
  • Core assignment for each interface, which can be done using the CLI. If the administrator determines that a particular interface requires more compute, he can manually assign additional cores accordingly. This is done by enabling hyperthreading on the firewall. 
  • The policy can be copied from any security gateway and pasted onto another one.
View full review »
Network Engineer at Getronics

The best part is that it is very intuitive. It is easy to configure, deploy, and maintain. If it works, it works.

The troubleshooting: When you find something that is not working, it is very easy to check in the logs what is failing and fix it in a short time.

The login tool is really nice.

View full review »
DD
Sr. Network Engineer at a tech services company with 1,001-5,000 employees

What I like about this firewall is it has a central management system. We can configure or monitor a number of firewalls at a time from the central management system. 

They have a logging system where we can have our logs visible. The logs are easy to view and understand. 

View full review »
RM
Senior Network Engineer at a tech services company with 1,001-5,000 employees

The most valuable feature would be the central management system of Check Point because we can manage multiple firewalls through it at the same time. It doesn't matter the location.

I also like the advanced Antivirus feature of Check Point.

The Threat Management feature makes it very easy to detect the vulnerabilities and other factors. We can make new policy according to it. Policy creation is very simple in Check Point. Because the logs are very good in Check Point Firewall, this reduces our work with the reports that we are getting from the Threat Management. It is very convenient for us to use the reports to make new policies for security and other things.

It is very user-friendly.

View full review »
BZ
IT System Operations Manager at Hamamatsu Photonics KK

They offer very scalable solutions to extend compute resources if needed so initial sizing isn't too much of an issue as you can easily add more resources if needed. Reliability is a major factor in any hardware or software solution, and Check Point uses leading-edge hardware, and their software upgrade process is flexible for various deployment requirements. 

Policy configuration has been consistent over the years, so there is not much of a learning curve as upgrades are released. 

Their threat analysis reporting from their management console is very comprehensive and easy to use. Their web-based dashboard is well designed and offers many out-of-the-box reporting, and provides admins extensive customizations.

View full review »
Security Engineer at Hitachi Systems

What I like most about Check Point Firewall is that it is easy to use. 

The most valuable feature is the IPS. For our bank project, we are using it as an external firewall. All the traffic is going through the Check Point Firewall. Then, using the IPS, we can easily identify if there is any malicious activity or anything else. We also have to update signatures on a regular basis.

View full review »
NT
TitleNetwork Manager at Destinology

Check Point offers a secure VPN client. We distribute to our agents via group policy. Our agents can then connect to our network when working from home - which was a game-changer due to the recent pandemic situation. 

Check Point also offers a mobile app capsule connect which, as a system administrator, has proven very useful when a high-priority issue occurs. I am able to connect to my internal network via a phone or tablet - which has proven useful in some scenarios. 

As a system administrator my favourite part of Check Point is the smart view tracker. This alone is a must-have tool for tracking all traffic traversing the Check Point appliance. It makes troubleshooting much easier. This software alone sets Check Point out in front of the competition.

View full review »
Network Administrator at Secretaría de Finanzas de Aguascalientes

Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution.

The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters. It is well organized.

Some other of the services that have worked well for us are antivirus, anti-bot, and URL filtering. Together, these have allowed us to maintain control and organization amongst the users.

Another one of the pluses that have helped us a lot has been the IPsec VPN, especially in these times of pandemic.

View full review »
AGM Cyber Security CoE at Bata Group

We are using the Check Point Next-Generation Firewall to maximize protection through unified management, monitoring, and reporting. It has the following features:-

  • Antivirus: This stops incoming malicious files at the gateway, before the user is affected, with real-time virus signatures and anomaly-based protections.
  • IPS: The IPS software blade further secures your network by inspecting packets. It offers full-featured IPS with geo-protections and is constantly updated with new defenses against emerging threats.
  • AntiBot: It detects bot-infected machines, prevents bot damage by blocking both cyber-criminals Command and Control center communications, and is continually updated.
  • Application Control: It creates granular security policies based on users or groups to identify, block or limit the usage of web applications.
  • URL Filtering: The network admin can block access to entire websites or just pages within, set enforcements by time allocation or bandwidth limitations, and maintain a list of accepted and unaccepted website URLs.
  • Identity Awareness: This feature provides granular visibility of users, groups, and machines, enabling unmatched application and access control through the creation of accurate, identity-based policies.
View full review »
Network security engineer at Fidelity Bank

The management of services, including forming access lists with the services we have, connecting servers to servers, permissions between servers and users — this is all great. In addition, Check Point has a really cool GUI.

View full review »
PI
IT Manager at a comms service provider with 51-200 employees

We basically use almost all the blades, since the IPS, Threat Emulation, Spam, etc., are essential for our work. However, currently, Mobile Access is the most valuable. The stability of the solution and the security it gives when working remotely is great. It lets our employees work from everywhere, anytime!

The AntiSpam/Mail blade was also one of the main reasons we went with this product since we hosted our email server locally. This was an extra layer of protection on top of the existing solution.

Threat and Application control are also very important to us.

View full review »
MA
Sr. Network Engineer at a tech services company with 1,001-5,000 employees

Check Point's Next Generation Firewall has many good features. It has a central management system, and that means we do not have to go to each and every firewall to configure it. We can manage them with the central device. 

There are also additional features, compared to a Layer 4 or Layer 3 firewall, such as AV signatures and devices, which are very helpful for securing the company's network.

View full review »
AA
Sr. Security Engineer at a financial services firm with 10,001+ employees

The most valuable feature is the Check Point Management Server, especially version R.80 onward. We can manage everything. We have endpoint security, cloud security, and email security. Everything can be managed from a single management server, making this a very unique and easy solution to use in the market now.

From a technical perspective, it is an easy solution to use. Everything seems perfect. We are not using all of its features, like sandboxing. 

View full review »
SJ
Network Security Administrator at a computer software company with 201-500 employees

Check Point has a lot of features. The ones I love are the 

  • antivirus
  • intrusion prevention 
  • data loss prevention. 

Apart from that, there is central management through which we can integrate all the firewalls and support them. It makes it easy to manage all the firewalls.

It's also user-friendly and not very complex. Anyone can use it and the dashboard is quite good.

View full review »
WB
Senior System Administrator at Seminole Electric Cooperative, Inc.

We've found threat emulation, application control (with identity awareness), and HTTPS inspection to be the most valuable aspects. It allows managers the flexibility to grant access to high-risk sites based on groups/roles and yet still be protected with threat emulation and HTTPS inspection. We've seen the rate of detection on our endpoints plummet. 

I've found that, over the last 4 years, they have constantly improved the user interface (SmartConsole) as they have moved away from four Control panels for different functions and are constantly adding new features with no impact on our availability during upgrades.

View full review »
RS
IT Manager at a transportation company with 501-1,000 employees

It's a NGFW with all of the capabilities required to protect for next-generation attacks at the perimeter level. The module or Security features that are provided as part of the base license with Check Point include (VPN, IPS, Application Control, and Content Awareness) which itself is strong enough to protect the organization.

The packet inspections have been a strong point. Our identity collectors have also been helpful. In many ways, Check Point has been a step up from the SonicWall that we had in-house before that. There's a lot of additional flexibility that we didn't have before.

View full review »
BW
Consultant at work@lim.it Systemhaus

Since the log files of all services are collected on the management server there is an easy and good view of all actual connections, attacks, or security risks.

In addition, when using the SmartEvent software blade, you get the possibility to have an easy to configure event correlation system, which will automatically fire mail alerts or can even block IP addresses if there are network or security anomalies detected on the firewall system.

This is also possible if the services are allowed - for example, if there are flooding attacks on server systems.

For example, this has prevented our Citrix Netscaler from being taken down during attacks.

View full review »
User at PROWERS COUNTY HOSPITAL DISTRICT

There are many great features, however, with our last upgrade, we now have a web GUI that allows us to pull up multiple facets of the firewall environment. This feature has been very handy. There have been times we have a connectivity issue, and both sides are blaming each other. If I'm away from my desk and don't have my laptop, I can quickly bring up the interface on my phone and search through the logs, rule base, and VPN communities to help quickly troubleshoot the problem. I can't say it enough - this has been invaluable.

View full review »
Network Security Consultant at Atos Syntel
  • Antivirus
  • IPS
  • They got the logs into one site, which is wonderful.
  • There is a secure action line code that you can announce your products in.
  • If you have a number of sites, like a hundred sites around the world, you can deploy multiple VSX testing. 
  • All over the world, you can have DMZs in data centers, e.g., in the USA, Dubai, and London. 
  • It is easy to deploy and upgrade. 
  • Easy to manage, e.g., if there is a new engineer onsite, they can easily manage it.
View full review »
CA
Integration engineer at S21sec

The support Check Point gives is key. As the Firewall vendor, I recommend them. It's always great to work with them. For this reason, I am very satisfied with Check Point. Every doubt I had they were pleased to help with and we ab;e to provide a resolution. The technical services always replied in a very fast and effective way. The live chat is great as well. There is always someone willing to help. This makes working with Check Point a good experience.

Check Point expert mode is basically Linux, so working with that allows us to implement a variety of scripts.

View full review »
Solutions Consultant at a computer software company with 10,001+ employees

The most valuable feature of the firewall is the packet inspection. That is an amazing feature from Check Point. Apart from that, we do have identity solutions which we use on a regular basis. Both are very good.

View full review »
Cybersecurity Engineer at Insurance Company

This product, being a Next-Generation Firewall (say, for this example, Unified Threat Management as well) provides up-to-date security options through different modules and scalability to match almost any firewall security needs.

The easy and standardized management interface, now with a complete and functional API mechanism, provides the administrator several ways of managing the solution. At the same time, the interface is common and unified through the different security modules.

They not only have a great support team but the knowledge base is another good point to consider.

View full review »
Associate Consultant at a tech services company with 10,001+ employees

It gives us centralized management for multiple firewalls. For example, if I want to push the same configuration to 10 firewalls, I can push it all at once with the help of the centralized management system.

It is easy to use because it supports Linux language in the CLI. This is a good for someone who already knows Linux language.

View full review »
RG
Solutions Lead at a tech services company with 1,001-5,000 employees

My favorite feature is the UTM piece and that was the main reason we bought it. It helps us to fine tune the network. We use it to block certain websites, to block access to particular locations, such as in Singapore or say Malaysia, where we have offices. We keep the previous device updated and, based on that, we also have static MAC address binding.

We also use the VPN services. The VPN features are mostly for our cloud connectivity and for our remote users to have local server access.

View full review »
Sr. Network Engineer at a consultancy with 51-200 employees
  • Antivirus
  • Threat Prevention
  • The central management

These are vital, advanced firewall features for the market. They protect the environment more than the usual firewalls. 

View full review »
RG
Network Security Engineer at a tech services company with 10,001+ employees

The most valuable feature is the set of encryption options that are available.

Viewing the logs in the interface is easy to do, which is one of the things that I like.

This is a UI-based firewall that is easy to use.

View full review »
Lead Solution Advisor at a consultancy with 10,001+ employees

The application authentication feature of Check Point is the most valuable as it helps us keep users secure. 

It works smoothly when managing clients' on-premise and cloud firewalls.

View full review »
ED
Senior Linux Administrator at Cartrack

Many problems have been solved with these firewalls and we've largely been very satisfied. Thanks to this infrastructure that we have managed, in this pandemic time, to quickly and effectively offer the potential to remotely work for everyone has been good. 

Also important is the separate management interface that has made it possible to carry out even the most operations while comfortably seated at the desk. It provides multiple profiles that you can apply depending on the scenario that presents itself.

View full review »
JK
Senior Infrastructure Technical Lead at a financial services firm with 10,001+ employees

The VSX has been great. The ability to split single hardware into multiple virtuals along with support for dynamic routing using BGP is very useful for our environment.

We like the management console. The Check Point smart dashboard has made things easier for administration and we've been able to manage all the Check Point devices from one place which is very useful.

The operations support is great. There is a smart log system that is very good for troubleshooting and reporting. We also use the CLI for troubleshooting purposes (for the likes of FWMonitor and tcpdump) while the FW rules are managed via the smart console which does wonders for operations support.

View full review »
AR
Firewall Administrator at a tech services company with 1,001-5,000 employees

The most valuable feature is the central management system through the Security Management Server. Apart from that, the graphical user interface helps us to do things easily.

View full review »
JJ
Network and Security Engineer at BIMBA & LOLA, S.L.

The centrally managed firewalls are great. We can save a lot of configuration time in configuration tasks. We have deployed about 200 devices in record time due to the fact that we use a unique policy for almost all of them.

Logs, Views and Reports are the most detailed compared to other vendors (FortiGate, etc.) We can see a lot of detail in the logs and also we can configure any report we need without any problem and in two clicks.

We can see that, for IPS signatures, we have updates every day, sometimes twice a day, so we see a lot of effort from the vendor. They really try to protect our environment from known attacks and vulnerabilities.

View full review »
User

Remote access with a secure workspace provides a clear separation between the client and corporate network. 

Threat Emulation (sandboxing) is great for zero-day malware and it is easy to configure. 

Logging and administration are best-of-breed. You can quickly trace back on all sorts of logs in no time. 

IPS and AV rules are granular and specific for the rules that you need. 

The geolocation feature is good for dropping irrelevant traffic. 

Configuration through SMS is quick and easy. It eliminates administration errors while checking consistency before applying a policy.

View full review »
Associate Consult at Atos

Check Point has the best technical support, which I feel if we consider other firewall vendors in the market, is an important distinguishing point.

Stateful inspection is one of the strongest points in this product, which is applicable while creating policies for application and URL filtering.

Check Point provides dedicated blades to monitor network traffic, which helps while troubleshooting network and packet-related issues.

It is easy to filter traffic based on source-destination services, time, etc, which is an enhancement over other firewalls in the market.

View full review »
MB
IT Security Engineer at PricewaterhouseCoopers

Identity Awareness has been an absolute gamechanger in how we've been able to create rules within the company. It allows us to give access to certain resources in very specific ways that were not possible before.

The SmartConsole is a very powerful interface compared to many other competiting products, which allows us to seamlessly go from watching logs, to modifying the rule base and easily find what objects are used where or even check which logs are linked to a specific rule

Logs are very well parsed when sent to Splunk.

View full review »
JR
Systems Architect at PHARMPIX CORP

The Remote Access VPN has been crucial to us, especially during this pandemic. We had to be on lockdown for a couple of months and being able to deploy a remote workforce with Check Point VPN was a crucial part of our business continuity strategy.

The logs and reporting are very easy to use and manage. Also, the IPS and IDS are critical components to keeping our network secure. They are very easy to configure and there are multiple templates that can be used out of the box that provides maximum protection to our network.

The support offers the best services I have experienced. It's better than any other IT vendor.

View full review »
MH
Senior Network Engineer at Arvest Bank Group

The only area that Check Point still seems to excel in is their logging. Reviewing logs on Check Point is a snappy and intuitive process that allows the end-user to filter down traffic to specifically what they're looking for very easily and even with little knowledge of Check Point. 

The ability to create filters on the fly in the GUI with simple clicks to various areas of the log is fantastic and allows one to find exactly what they're looking for with very little effort. Note that this is probably the only thing Check Point still has going for it.

View full review »
GA
President at NGA Consulting, Inc.

The reporting feature has been helpful to get a quick understanding of network traffic and threats identified. Even if a false positive is identified, it's been helpful to perform more of a deep dive into what triggered the detection and to certify that there is a problem or that there isn't a problem.

Anti-virus and anti-malware on the NGFW device have been pretty solid and have caught many threats before they entered the network.

The event logs are relatively informative and can provide information on why traffic was accepted or rejected.

View full review »
Senior Network and Security Engineer at a computer software company with 201-500 employees

1. Advanced logging capabilities - our support team on duty constantly monitors the security logs in the SmartConsole, and notifies the security team in case of major alerts.

2. Advanced networking and routing features - we use Proxy ARP to announced virtual IPs to ISP and bing domain names to it; BGP for dynamic routing over IPSec VPN tunnels to other environments, and Policy-Based Routing for connecting to two ISPs.

3. The new Policy Layers feature for building up the Access Control policy - the rules are now more understandable and efficient.

View full review »
BF
Network Engineer II at Baptist Health

There are several useful features that we utilize that are now valuable assets in terms of protecting the network. These would include user identification (ID Collector), IPS, antibot, antivirus, application, and URL filtering as well as the standard firewall security rules. They all work together to provide layers of security to protect both inbound and outbound traffic in order to minimize loss of private data as well as to ensure our network is free of bad actors attempting to use malware or ransomware against us.

View full review »
AK
Sr. Network Engineer at a insurance company with 5,001-10,000 employees

The most valuable features are its 

  • antivirus
  • threat detection
  • central management system. 

The central management makes it easier, and is a time-saver, when implementing changes. We can do all the changes within Check Point and not use any third-party device.

View full review »
AVP - IT Security at a tech services company with 51-200 employees

Next-Generation Threat Prevention capabilities provide security in a high-traffic load, ensuring detection and prevention of known threats by AME, AV, and Sandblast technologies. 

We are also using the system to create VPN gateways for our multiple partners and we haven't faced any issues with them.

 Check Point gateways are a stable product that can run without any issues until a major upgrade or vulnerability mitigation is required.

The support has been reasonable and they were able to minimize the impact during critical incidents.

View full review »
TM
Senior Information Security Specialist at a tech vendor with 10,001+ employees

The Threat Extraction software blade feature is the most valuable feature as it extracts any potential harmful content from several kinds of documents, which our users receive via e-mail or download from the Internet. We know, that our users tend to click on everything they get without thinking too much about the consequences. 

The second feature to mention is Threat Emulation, which is basically a sandbox, which runs executables received via email or downloaded from the Internet and creates a verdict if this executable is harmful or not in regards how it behaves on a specific operating system and application.

View full review »
IP LAN and Integrity Specialist at Chevron

The packet inspection capabilities are great.

ARP protections based on interface works better than it does with other vendors.

There are new improvements related to the upgrade of the solution, making for the easiest upgrade/update procedures.

New features allow for concurrent use of the console in write mode between different users.

The exposed API allows us to automate a lot of actions in a very easy way.

The central console and log collector are basically the best central management consoles, and each day provides new useful features like counts, etc.

View full review »
BI
Technology Architect at BearingPoint

The most valuable features are the identity-based access and high-quality intrusion prevention functionalities. 

One of the most valuable aspects is the central management, which includes a large wide range of API calls. With the central management, we can define a reasonable security policy for many sites and not only for network segments but for user and AD groups. This gives us a bit more "Zero Trust" in our network.

It's enabled us to move away from basic LAN to LAN segmentation to a more powerful user separation approach.

View full review »
IY
System Administrator at Grant Thornton

The solution offers very good central management, which saves time and is hassle-free.

One of the most useful new feature is dynamic definitions. For example, if you need to allow all of the Microsoft Azure IP addresses, you can insert them dynamically and Check Point will update them for you. Without it, to find all IP addresses would be almost impossible.

You can create additional layers for the firewall rules. This allows better organization and performance of the product by skipping to the rules that are responsible for this group of protected devices.

View full review »
User at Johnson Controls, Inc.

We greatly appreciate the ease of configuring firewall policy ACL rules and how the seamless integration with VPN users and user groups provides the ability to granularly restrict access. The uncomplicated configuration ensures that mistakes are avoided and rules are easily audited.

Having the ability to set an expiration date for remote access VPN users simplifies the process and increases security by ensuring that stale accounts and not forgotten.

In general, we find that CheckPoint offers a great balance between ease of use and configurability.

View full review »
GC
Senior Infrastructure Service Specialist at a financial services firm with 10,001+ employees

Even though Check Point NGFW provides a set of security features that enforce protection on the network, the most valuable aspect is also the most used feature: the plain and simple firewall component. This is the core of the product and works to a great extent without the need for all other available bells and whistles. 

What may sound obvious is actually an important point to be weighed, since several platforms in the market promise miracles but fail to deliver the basics. Check Point NGFW most definitely delivers a great, stable platform in that regard.

View full review »
Senior IT Security Manager at a manufacturing company with 201-500 employees

VPN and mobile VPN are extremely valuable to us. The policies are simple to deploy to the new branches. 

All policies can be deployed and managed in a very simple way. 

AD single sign-on with VPN mobile is very helpful and simple to manage and deploy. 

Log management is also a good place to make troubleshooting and through console manage events. 

Management of the object is also a valuable feature. At every point in the console you can manage object properties and look to each policy where it is used and simply change or find where the object is involved.

View full review »
Deputy Manager (Systems) at State Bank of India

Advanced logging capabilities: Check Point generates extensive logs which may be very useful to figure out the issues. Its logs also contain too much information which can be used to modify the policy as per user need and organizational security environment. The same can be used to figure out probable attack surface or necessary steps for mitigation. 

Anti-spoofing security feature: Check Point has inbuilt by default enabled feature of anti-spoofing which reduces the attack surface from the spoofed IP addresses. 

IPS: Check Point IPS is one of the best products in the market.  

View full review »
VN
TitleManager - Datacenter IT at a manufacturing company with 10,001+ employees

I love the redesigned interface starting with R80 as well as the ability for multiple engineers to work on the policy simultaneously. Policy management is simplified and the virtualization options help us to plan for future deployments in a much easier way. While we haven't tried out all the features available - like Sandblast, AntiBot, URL filtering, etc. - the fact that these are available to use is definitely a plus. We were able to use the IPS features, negating the deployment of an expensive standalone IPS solution.

View full review »
TH
Network Engineer at a legal firm with 1,001-5,000 employees

The interface and the IPS intrusion prevention are the most valuable features of this solution.

It's pretty straightforward to use once you get your head around it. It's fairly straightforward to use. 

View full review »
AJ
Sr. Network Engineer at a tech services company with 51-200 employees

The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them. 

It has various features, like Threat Prevention and Antivirus. It is easier to use and have knowledge of a single device rather than multiple devices/technologies when doing an installation. It is also easy to use because of having Antivirus and Threat Prevention features within the same firewall.

View full review »
Consultant - Site Reliability Engineering Manager (SRE) - Managed Services at Servian

The API is handy and we are now testing how we can add rules via code. Also, the GUI is easy to use.

The Terraform module for Check Point is complete and really useful for managing the firewall.

Mail filtering is a really good feature that we are implementing for scam protection. 

The graphic interface is really easy to use and easy to teach to other members of the team.

The online documentation is complete and easy to read and understand.

The 3-year warranty offered is nice to have with no extra costs needed from us.

View full review »
NM
Logical Security Deputy Manager - IT at a financial services firm with 1,001-5,000 employees

Check Point is a robust and reliable security solution, whose architecture and design allow centralized administration with a graphical interface that facilitates its management. 

The way in which it manages the nodes within a cluster architecture is excellent, offering fault tolerance which is, in my experience, practically imperceptible when one of the nodes fails. This is thanks to the fact that it maintains a table of shared connections between the nodes and the large number of variables that it takes into consideration to validate the health of the nodes.

View full review »
Network Security Consultant at a energy/utilities company with 5,001-10,000 employees

The most valuable feature is the URL filtering. 

It also gives us a single console for everything. Rather than having one device for URL filtering and a different device as a firewall, this gives us everything in one place.

View full review »
ES
Innovation Consultant at KPN

Trustworthiness and stability are the key aspects when looking at these products. 

The up to date-ness of the threat intelligence and the underlying network of devices adding value to it is good. 

With many of their own investigators adding their findings to the threat database, Check Point has become a leader in having their product in the higher ranks of the spectrum of efficiency. 

The different hardware models focus on a wide spectrum of the market, so any company can choose a model that makes sense for them from the range.

View full review »
AS
User at a financial services firm with 10,001+ employees

I found Check Point's software ability to provide for all the perimeter security solutions including next-generation firewalls, intrusion prevention systems, identity and access management, and URL filtering. They are all excellent. Check Point's Central configuration management, central log correlation, and management solution are a cut above the other vendors and are the best in the industry. Check Point's virtualization solutions are also very efficient and can be scaled. They are highly stable solutions (MDS/Domain Managers & MDLS).

View full review »
MA
Service Manager at a construction company with 10,001+ employees

Check Point NGFW provides a bunch of different products or Blades, as they call it in Check Point. The firewall engine is what we use the most but we also use the IPS IDS and Anti-Bot features. The solution provides many features.

View full review »
TL
Networking engineer at Hewlett Packard Enterprise

The Identity-Based Inspection Control gives us the ability to leverage the organization’s Microsoft AD, LDAP, RADIUS, and Cisco pxGrid. 

The Terminal Servers group membership allows policies to automate typical processes (user moves/add/changes) and decrease configuration changes required on the firewall, which is tremendously beneficial. This limits the integration with the identity store to just one interface, and we still get broad security coverage based on a single set of identity policies. 

We leverage the combination of identity and application awareness, which is mandatory in order to build scalable security policies that protect the business without compromising user experience. This feature is extended to the SmartEvent console.

View full review »
KK
IT Specialist at a tech services company with 10,001+ employees

We like the centralized management for configuring multiple firewalls. It also gives us the Antivirus, threat prevention, and vulnerability tests. These four features protect the environment with security checks. Vulnerability tests allow us to configure changes that can protect the environment.

View full review »
Security Analyst at HOST

AV, IPS, AntiSpam, Sandbox. That's gentlemen set for any basic security, and it was implemented very well. In our reports, the most exciting results belong to AV and IPS. It can be explained by using ThreatCloud - a global knowledge base, which accumulates signatures for all existing and new coming malware, and all the Check Point solutions are always up to date with potential threats. When we using sandbox with Sandblast agent, often there are not real-world exciting results, but when we show a solution in work with existing samples, it also shows good results. 

View full review »
Technology consultant at a tech services company with 501-1,000 employees

Check Point's new Smart dashboard has an all-in-one configuration interface. They provide a very easy configuration for NAT and one tick for source & destination NAT is possible.

Policies can be configured in a more organized way using a section & layered approach.

Application control has all of the required application data to introduce it into policy and the URL filtering works great, although creating regular expressions is complicated.

The software upgrade procedure is very easy; it just needs few clicks & we are done.

View full review »
NI
Snr Information Security Analyst at The Toronto Star

Check Point application control is very useful. This blade detects traffic and provides the ability to grant access based on the application and not the port as TCP/UDP can easily grant access for more than what's required.

The Check Point compliance model is also great. We can easily check firewall configurations against any compliance standard. It has made it easy to provide evidence and reports.

Check Point integrates with third-party user directories such as Microsoft Active Directory. The dynamic, identity-based policy provides granular visibility and control of users, groups, and machines and is easier to manage than static, IP-based policy.

View full review »
PJ
Security Administrator at R Systems

One of the most valuable features is the antivirus. It's very good.

We also now support cascading objects. We didn't support this previously, but on Check Point we do.

The dashboard is quite good, you can explore a lot of features there and it's easy to understand.

It also gives us SSL inspection, which provides more effective mitigation of defects and data leakage.

View full review »
VP
PLM Consultant

URL filtering, Application Control, and the Intrusion Prevention System are the features that almost every client wants to be guaranteed by their security appliances. 

Check Point NGFW also generates very helpful reports based on the logs of the activated features, including the features mentioned (URL filtering, Application Control, and the Intrusion Prevention System, as well as anti-bot and anti-spam). 

Sandblast is also a great feature, soon to be added to this solution through endpoints.

View full review »
JC
CTO at a computer software company with 11-50 employees

There are many aspects of Check Point NGFW that are valuable and important to our organization, but I'd say the top three are intrusion detection and prevention, threat emulation, and threat extraction. These three features have set a good baseline of security on top of the normal application URL filtering and other services of the firewall.

The way in which a computer is immediately isolated if it starts behaving badly and I get a notification of an infected computer is also extremely nice and a great feature.

View full review »
JV
Principal Associate at Eurofins

The logging and central policy management are the most valuable aspects for us as we were not having success earlier with the ASA in terms of upgrading/managing. We are still exploring more features like IPS and IDS. We hope that these aspects will be a great experience for us as well. 

View full review »
Manager at Kotak Mahindra Bank

The threat emulation blade and user identity awareness feature has helped us a lot in terms of perimeter security and have given us granular visibility of user access.

The integration with third-party vendors is quite easy and well defined, which really helps you with the automation.

The integration of gateways with a centralized managed server gives you full control in a single place.

The setup and implementation are quite easy and the logs and reports are elaborative and effective for securing the network.

View full review »
NO
System Engineer at Infosys

The product provides multiple security layers that build upon each other, from the traditional security policy that is IP and port-based to application security, intrusion prevention, and their latest sandblast cloud-based malware detection. 

Everything is easily managed through their Smart Console dashboard. It's a very easy-to-understand dashboard that provides a detailed view. Check Point helps to resolve a lot of problems, such as showing our organization all known threats. 

It is easy to deploy and manage. 

The product offers a simple Web User Interface.

View full review »
Consultant at KoçSistem

There are a lot of features that I have found valuable for our customers.

For example, active/active and active/standby high availability features are very useful. If you want to share traffic loads to both cluster members, you can use the active/active feature, whereas if you don't want to share traffic loads then you can prefer active standby. Your connections sync on both cluster members for either highly available choice, so your connections never lost.

One of the most valuable features is performance improvement, wherewith ClusterXL and CoreXL, you can improve performance.

View full review »
Security Engineer at Gosoft (Thailand)

The most valuable feature is the next-generation firewall (NGFW) protection.

Check Point has long been a leader in the firewall market. It offers Quantum Security Gateways for a wide range of use cases and CloudGuard FWaaS and cloud security products too. NSS Labs scored Check Point just behind Palo Alto in security effectiveness and ahead of Palo Alto in TCO. Check Point’s management features are among the best in the business, but SD-WAN capabilities are lagging.

A firewall rule is the same on all systems, and I am very happy with the correlation and the display of the rules.

From the logs, you can trace back to the rule with a click, which makes it easy to investigate cases. It is also easy to search the log.

View full review »
MR
Security Engineer at Netpoleons

The solution's best features include:

  • A packet-filtering firewall that examines packets in isolation and does not know the packet's context.
  • A stateful inspection firewall that examines network traffic to determine whether one packet is related to another packet.
  • A proxy firewall (aka application-level gateway) that inspects packets at the application layer of the Open Systems Interconnection (OSI) reference model.
  • A Next-Generation Firewall (NGFW) that uses a multilayered approach to integrate enterprise firewall capabilities with an intrusion prevention system (IPS) and application control.
View full review »
Security and Network Engineer at a tech services company with 501-1,000 employees

The rules are very easy to deploy and can be optimized pretty quickly. The R80 has a great feature on how the rules are processed, which costs less in terms of CPU and threads than it did before.

The features that are integrated into the firewall are very useful for our everyday use. Examples of these are the log manager, the firewall monitor commands, and the Linux commands. These are all very useful and helpful.

The VPN tunnels are easy to set up once you understand how they have to be configured.

View full review »
VJ
Senior infrastructure technical lead at Westpac Bank

Dashboards for rules management and trackers for firewall logs capture are useful.

Traffic flow in Check Point is very structured so that it is easy to understand the path it checks to understand which elements come first and which elements come later.

The smart log compiles from multiple CMAs is an important feature that is very attractive. 

The MDM dashboard is very organized compared to other vendors. The use of CLI tools like TCPDUMP and FW monitor are very useful in verifying the traffic logs.

Objects search and tracker logs are useful.  

View full review »
Sr. Security Analyst at Atos

Check Point is very strong as compared to the other vendors in the market.

The solution offers a very good centralized management console. 

It works well even for small deployments. 

The perimeter security is excellent. 

It works well even for cloud environments and has been very useful during COVID when people weren't necessarily in the office. 

The creation of policies is simple. It's easy to configure them when we need to.

We have found the troubleshooting process to be very easy and helpful.

The GUI is simple and straightforward. 

The sandbox environment on offer has been great. 

The support has been super-helpful. They've always been great, even at a pre-sales level.

The initial setup is very straightforward. 

View full review »
Junior Network Specialist - Cloud Operations Engineer at a computer software company with 5,001-10,000 employees

One of the most valuable features is the data center object integration with Azure. We are using Azure a lot and there is very nice synchronization between the objects in Azure, and it's very easy to implement rules using this feature.

Other valuable features include: 

  • the VPN — it's quite easy to configure it and it provides us with an easy way to interconnect our sites.
  • the CLI, for automating things
  • it is very easy to manage, to make backups, and to configure
  • the support and the graphical user interface.
View full review »
Network Head at SUKARNE

What gives me the most value is undoubtedly the security that the anti-bot and anti-virus blades provide. With the automatic updates of signatures, I am always protected against new threats. The identity awareness blade helps me to have better control and organization over unauthorized access of my users onto exclusion sites such as social networks. In the DMZ it allows me to control administrators with access to highly important networks such as servers, developments, etc.

View full review »
VS
Lead System Engineer at a comms service provider with 201-500 employees

The product is very easy to use.

It's quite a stable solution.

The scalability is very good.

The solution is easy to install and deploy.

View full review »
SK
Project Manager at a financial services firm with 10,001+ employees

The most valuable feature of Check Point is the Centralized Management (MDS) and Virtualization (VSX) for the firewalls. Using these features provides enhanced security with reduced cost across different domains and tenants with complete segregation from the policies database and a user traffic perspective. Using these features is proving to be scalable as things are virtualized and the resources can be increased or decreased as per the demand or usage from a project perspective.

View full review »
IT-Infrastruktur at Synthesa Chemie Ges.m.b.H

The most valuable feature is the centralized management, which gives us control over all of the Check Point gateways. This means that you do not need to connect to each gateway and make the necessary changes.

Cluster functionality, "ClusterXL", works like a charm. A rollover to the standby gateway does work with no noticeable delay in the network.

You can buy a Check Point appliance or install the Check Point NGFW as a VM on your own hardware.

The extremely wide function horizon covers almost every possible scenario.

View full review »
RC
Senior Infrastructure Technical Analyst at https://www.linkedin.com/in/robchaykoski/

The management interface is well designed and easy to understand. It reduces the time for deployment, changes, and onboarding new customers.

The logging facility is amazing and gives great insights into traffic. Although Event Management is also amazing, it can be cost-prohibitive for other companies to onboard.

The ability to deploy VPN communities makes onboarding new sites easy. Multi-site configurations can be deployed with very little oversight and with minimal additional work after the initial deployment is successful.

View full review »
Project Manager at Junta de Andalucia

Check Point has a centralized console that makes it possible to manage all the deployed equipment. It also has a built-in VPN service that lets users connect through VPN to our organization, which facilitates teleworking while cutting off unauthorized access to the organization's internal network.

View full review »
Network Engineer at LTTS

IPS helps with security against upcoming and unknown threats and activities. We regularly check the report and as per daily report we will check the risk and prevent each alert that is critical based on our business requirement and make it secure.

IPSec VPN is also our key feature as our organization having widely customer across globe so it is very good feature to us to connect and run our business with them very smoothly and softly. 

View full review »
Subgerente de Tecnologías de la Información at ETAPA EP

The URL filter is activated to filter access to our employees. We use filtering for VPN access.

The configuration is one of the best features of this product.

When this product was purchased approximately 12 years ago it was the top of the line.

The product has been working very well.

I don't have any issues with the software of this solution. It works as is expected.

View full review »
VP
Network Consultant at NTT Security

Check Point Endpoint anti-malware benefits include:

  • Improves user productivity and frees up system resources
  • The industry’s fastest malware and anti-virus scan and boot time
  • The smallest memory and disk footprints
  • A single-console centralized management
  • Prevention of malware from accessing endpoints with a single scan
  • Malware identified using signatures, behavior blockers, heuristic analysis
  • Protection automatically updated with optional Program Advisor Service
  • A knowledge base of more than one million trusted or suspicious programs
  • Integrated into Check Point Software Blade Architecture
  • Flexible licensing options—annual or perpetual
  • Centrally managed and deployed
  • Activate anti-malware and application control on any Check Point security gateway
View full review »
PL
Firewall Engineer at a logistics company with 1,001-5,000 employees

Generally speaking, all features are well documented and the two platforms help with configuration. Documentation and knowledgebase articles in the user center as well as user recommendation within the forums are great. The Admin Guides are really well documented, but it's a lot to read.

Check Point helps a lot with automatization which definitely reduces the effort to maintain the environment. The best example would be the CDT tool which helps with decreasing the amount of time for upgrading whole environments.

View full review »
LA
Network, Systems and Security Engineer at SOLTEL Group

I think that the most valuable feature is the prevention of known and zero-day threats because they are constantly trying to access your company and compromise its data. It is very important to have your solution always update for this.

I think that another important feature is that it is a cloud solution. More and more companies have all of their systems in the cloud and the threats are pointing here.

The features that a next-generation firewall includes are application and user control, integrated intrusion prevention, advanced malware detection such as sandboxing, and leverages threat intelligence feeds.

View full review »
SW
Service Manager Datacenter LAN

QoS, Anti-Bot, IPS, and Application Control are the main features we're using.

The QoS blade is very good for controlling traffic such as Windows patches, mail traffic and other stuff. In the past, sometimes we had no control and couldn't help when too much traffic had occurred.

Anti-Bot is great at preventing our clients and corporate network from calling the central control.

IPS is good in protecting our systems in DMZ zones when patching of servers sometimes can't be done.

Application control for controlling Cloud Apps like MS Teams, M365 Apps, or others, is perfect. Previously, we had only IP Lists for stuff like this.

View full review »
EL
Network administrator at IHSS

The sandbox feature is great.

The Sandblast blade is a very powerful solution that works against archives infected with ransomware.

The anti-malware is quite effective as many applications can be infected with any kind of malware with the goal of interrupting the productivity of our work equipment.

The reporting is great.

With this solution, we have had many kinds of logs and a very friendly way to view them. Now can we know what is happening within the network's traffic.

The performance has been very good. 

This security solution has grown more options and has expanded slots, including RAM slots, Optical Fiber slots, and various other features.

View full review »
TK
IT Consultant/Engineer at a computer software company with 11-50 employees

We found a very successful implementation of the virtual private network client, since, for some time now, everyone has been working from home. With the firewall from Check Point, this function is implemented very conveniently and securely. 

A convenient new version of the firewall management console, which, starting with the R80 version, has become standard for many Check Point blades, however, unfortunately, not for all. You still need to use older consoles to manage some features.

View full review »
DZ
Security product manager at RRC

It is easy to use, and its management is the best. Check Point has a great unified management solution for firewalls and security products. 

View full review »
Network Security Engineer at Türkiye İş Bankası

Firstly, inline layer technology is helpful because it will classify the traffic according to different security groups. This means that we can isolate them totally and it will also prevent human error because you are limiting source, destination, service, and application parameters at the top of the inline layer rule.

Check Point is very administrator-friendly and the SmartDashboard is easy to use.

The Blades and security features are also very innovative and up-to-date.

With the IPS blade, the administrator can write signature-based exceptions for specific users. This provides flexibility to except specific connections from specific signatures.

The cloning and copy/paste operations are very useful.

View full review »
MP
System administrator at BINDER GmbH

If you have an HA Setup you will have zero downtime. Teams and VoIP traffic will also not get stuck; you would notice anything while switching to the backup module. 

The quality of the patches and hotfixes is great. We never had any issues during or after patching. All patches and hotfixes are well documented and if you have any issues the KB is very helpful. 

The log is very clear and can be filtered very easily. If you need to analyze not only the connection you can use the CLI to dump TCP packets. 

The activation of additional features is very easy and well documented.

View full review »
AN
Security Solution Architect

On the firewall side, the security efficacy is good. The interface for application filtering and application-based policies is also good. They have good roadmap on the cloud as well.

View full review »
BS
Security Manager at FPT

I like the SmartEvent feature. When we see a threat, SmartEvent can create a rule for that. SmartEvent works with the SmartCenter to block a threat attack with a block monitor. The SmartCenter has the management for all the firewalls and data centers in a single dashboard.

View full review »
User at a insurance company with 201-500 employees

VPN, firewalling, and virtual patching are the most valuable aspects for me. The NGFW is so effective that I can go to sleep and vacation. Check Point products rarely have vulnerabilities that put the whole organization at risk, unlike some other firewall products.

The VPN tunnels are very effective in terms of stability and quick connection.

Virtual patching is useful as a workaround for zero-day vulnerabilities.                           

It offers excellent filtering of URLs.

View full review »
Network security engineer at a tech services company with 1,001-5,000 employees

All of the features are very valuable, but the most valuable features are the sandboxing and the advanced IPS/IDS.

View full review »
Senior Technical Consultant at Ivalue Infosolution

This is a feature-rich product and all of them are useful.

The most valuable feature is the Stateful Inspection, which was developed by Check Point.

The throughput is very good with Check Point. Checkpoint ThreatCloud is the largest threat intelligence database. 

Checkpoint management is a single pane of glass from where you can manage all the CP solutions from a single point be it on-prem or cloud or hybrid.

View full review »
Associate Consult at Atos

No other firewall provides a feature set in log monitoring and threat detection blades.

Apart from it having very good features, I personally like the vulnerability assistance via report management which detects host and network vulnerability.

Most customers need reports which define how many users are infected, how many viruses and malware there is, botnet traffic firewall deteted all this type of information. Check Point is in a very easy and understandable format based on logs history.

View full review »
Founder Director at digisec

The features that I have found most valuable are its flexibility and user interface. This is already a well-established product in the market for quite a long time, more than 20 years. They've got a huge customer base.

View full review »
YK
Network Security Engineer at R Systems

The most valuable feature is that the scalable 64000 Next Generation Firewalls are designed to excel in large data centers and the telco environment as well. We have a lot of these types of customers, and these Check Point firewalls support them.

In addition 

  • it supports dynamic objects, which we use for security purposes
  • the antivirus is quite effective
  • the logging and tracking are quite easy
  • overall, it is easy to use.
View full review »
Senior Network Engineer at LTI - Larsen & Toubro Infotech

VSX helps to reduce the physical footprint on datacenter racks.

The SmartView monitor and SmartReporter help us to monitor and report on traffic.

Centralized management and management high availability give the ability to manage firewalls in a DR scenario. 

Features such as the ability to simultaneously edit the rule base by multiple admins and revert to a previous rule base revision are very useful.

Having a separate appliance for logging helps us in meeting the security audit requirements, without having an overhead on management.

View full review »
RF
Manager for Operations, Security and Management at REN - Rede Energeticas Nacionais, S.A.

The most valuable features for us are identity awareness, IDS and IPS, and application control.

View full review »
MB
Network Security Administrator at a financial services firm with 10,001+ employees

The best features are the stability and the performance of the firewall and its software blades, simplicity to write the firewall rules on its GUI, and its logging capabilities.

The firewalls are working stably, without any interruptions. As we planned our capacity well, we've never had any performance issues.

The firewall rule writing and object creation are the best and simplest I've seen on a firewall (I've looked at 6 different vendors). I often wonder why the other vendors don't do it Check Point's way.

To see the logs, we can search like a search engine, and we can combine different search strings to pinpoint the interesting traffic.

View full review »
Head Of Technical Operations at Boylesports

There are many features we have found good.

The best feature is the ability to increase the capacity of the solution by exactly what you add, not losing anything for High Availability. This feature alone will save us as we increase the number of devices in the stack.

Having so many top-end products in one box also assists in managing this device. URL filtering and anti-virus and other services are easy to deploy but assist in getting your company a good name.

The Infinity product seems amazing but we have a long way to go before saying it is successful.

View full review »
VP
Senior Manager, Information Technology at a financial services firm with 10,001+ employees
  • Easiness while working on all blade of firewalls 
  • Flexibility in NAT rules 
  • The new Policy Layers feature for building up the Access Control policy - the rules are now more understandable and efficient.
  • Also, even so, the new SmartConsole is declared to be unified starting from version R80.10, there are still some features that have to be configured in the old SmartDashboard (e.g. Mobile Access policy and Antivirus), or on the Gaia OS level (all the routing features).
View full review »
IA
Solutions Architect Infrastructure and Security at a retailer with 1,001-5,000 employees

Check Point is awesome from a security standpoint. Based on our experience and also the experience of the other customers, it is a very stable appliance.

View full review »
ICT-System-Specialist at a insurance company with 5,001-10,000 employees

R80 management has improved and made the product more comfortable for IT people to use.

Filtering through rules and finding similar ones to add additional objects becomes much faster.

With an additional hotfix starting from R80.10, we are able to use the management with Ansible. From R80 on, we started creating objects via script or adding them to groups. That makes some parts “automatic”, or at least much faster.

With the new SmartTask offered in R80.40, we will be happy to configure some automatic control-functions.

View full review »
AO
Head of Technology at African Alliance Plc.

The firewalling feature and the VPN functionality are excellent. With the firewalling functionality, I have been able to ward off intrusion from outside the network. With the VPN functionality, I have been able to allow secure remote connections from external customers and staff. 

View full review »
PJ
Project Manager at SANDETEL

The most valuable feature in my opinion is the powerful deep packet inspection engine. This engine provides me with a great capacity to control the traffic generated by my users and provides our company with a very real vision of the use that users make of the network.

The reporting capability is very important as we are able to show the company management the benefits and the return on investment, in terms of securing our network.

View full review »
MC
Chester at Iocane

Management integration is holistic as centralized management has been core to the solution for decades. Where other vendors have bolted management on over time, Check Point has always made it central to everything that they do.  

I find that this is one of the most significant and valuable features of Check Point. In addition to that, many new features that eventually become the standard across the industry end up being first introduced by Check Point - sometimes years ahead (such as Threat Extraction which allows active content to be stripped from files being downloaded and a "clean" copy to be provided in near real-time, while sandbox inspection is being performed).

View full review »
MG
IT Security Manager at a retailer with 10,001+ employees

With the new capabilities embedded into R80.XX flavor it is possible to achieve great flexibility while defining your security policy. It is possible to utilize a variety of objects to define static or dynamic criteria for inspection and reduce general rule base size and complexity, while not giving up on security

The security research team is doing a great job staying on top of ongoing threats and releasing fixes for ongoing attacks within days or sometimes hours.

Check Point always actively listens to its customers trying to identify emerging needs and satisfy them pro-actively

View full review »
AJ
Sales Engineer at Unistar

The most valuable features are application control, regulation, and threat prevention.

View full review »
TR
System Analyst at a comms service provider with 51-200 employees

The product offers excellent security. How open they are with new risks and new vulnerabilities is very helpful in the task of keeping our company safe from malicious attacks.

Newer versions are much more stable.

View full review »
NZ
Engineer at a manufacturing company with 10,001+ employees

We are using the classic firewalling, the Intrusion Preventions System (IPS) and we also use Check Point Identity Awareness. The most useful feature is for sure the classic firewalling, however, we could get this feature also from other vendors. The most valuable feature is the highly integrated NGFW features such as the IPS or Check Point Identity Awareness, which makes Check Point the best choice on the market. They have been leading the market for 20 years. This is deserved, in our opinion.

View full review »
Support Manager at Sefisa

I do like that this solution is a very robust firewall.

It's very stable. 

The product is well supported. The solution is very scalable. 

Technical support has been quite good. 

View full review »
TD
Senior Cyber Security Consultant at Yapi Kredi

Check Point Next Generation Firewalls have numerous blade options such as Anti-bot, IPS, and URL filtering. In most cases, one box could be sufficient to use all these blades. You can manage all these blades from a single console. This feature lowers your administrative workload. 

If you have comparatively small branch offices, in addition to administrative workload, instead of spending money for security products such as proxy or IPS, Check Point Next Generation Firewalls could meet your requirements. 

View full review »
MG
IT Security Manager at a retailer with 10,001+ employees

Check Point NGFW is easy to use, flexible and provides good performance. The security of the product is excellent, we do not have to do a lot of patching or upgrades because of vulnerabilities.

View full review »
Deputy Manager - Cyber Security at a transportation company with 5,001-10,000 employees

The most valuable feature is that we are protected against zero-day threats.

Everything can be managed from a single console.

View full review »
Network Security Engineer at a consumer goods company with 201-500 employees

This product is more secure than other firewalls, such as FortiGate.

The information stored in the logs is very descriptive and includes a lot of details.

The dynamic port features are better when compared to other firewalls.

View full review »
BU
System Security Engineer at Ziraat Teknoloji

The most valuable features are IPS and Antivirus. 

The Blades work fine and the performance optimization is great.

View full review »
DF
Executive at a computer software company with 11-50 employees

The most valuable features for us are the solution's identity awareness and intrusion prevention.

The solution is very stable.

We have found the solution to be scalable. 

Technical support is very good.

View full review »
Security IT Manager at IFAT Group

The user interface is very good.

The level of security is excellent. It protects our organization well.

It's a good overall product and we have a high level of satisfaction with the features on offer. 

View full review »
BG
IT Operation Manager at a transportation company with 1,001-5,000 employees

The most valuable feature is the management using the Single Pane of Glass.

View full review »
Senior Network Administrator at a financial services firm with 1,001-5,000 employees

The separate management feature of Check Point NGFW is very convenient.

View full review »
Network Security Assurance Specialist at Visa Inc.

I think the VSX has been the most valuable feature for us. We use it for tunnel management, which is great. The configuration has been quite straightforward.

View full review »
MC
Executivo de Negócios de TiC at a comms service provider with 10,001+ employees

My customers cite performance and ease of configuration as two of the solution's most valuable features. 

View full review »
JV
Engineer at CENACE

I think the most valuable feature is that the application and configuration were easy for us. When we need to do some work with the networks, configuration and deploying are easy - if I want to search for information, it is easy in the Check Point platform.

View full review »
AS
Co-founder & CTO at a tech services company with 11-50 employees

The firewall and IPS are the most valuable features of the solution. 

View full review »
HM
Chief Information Security Officer and Founder at a insurance company with 201-500 employees

Check Point provides very good performance with many solution options and many kinds of modules.

View full review »
AP
Sales Specialist-Network Solutions at a tech vendor with 51-200 employees

Check Point has strong security features as well as some decent monitoring and management capabilities.

View full review »
DS
Senior Cluster Manager at Bajaj Finserv

The solution boasts a host of features that we like. 

View full review »
Project Manager at Junta de Andalucia

The most valuable feature is the powerful, deep packet inspection engine.

The management console and diagnostic tools are powerful and we are happy with them.

The reporting is detailed and helpful.

View full review »
Contracted IT Staff at Sağlık Bakanlığı-Turkish Ministry of Health

I have worked for several years with the Check Point platform (NGFW) and it is by far the most stable in hardware and software.

It is a very friendly platform and easy to configure. It is true that it is a bit expensive (according to the required blades), however, it is a platform that is worth having as security in a corporate environment. 

View full review »
Learn what your peers think about Check Point NGFW. Get advice and tips from experienced pros sharing their opinions. Updated: December 2021.
554,529 professionals have used our research since 2012.