Check Point Quantum firewalls and Security Gateways provide prime-level security at the perimeter level with Multiple blades and features like VPN, Content Filter, Application filter, etc. All this is managed by a smart console, and we can add firewalls in HA. With Distribution deployment, we can add firewalls at different locations or at a single location.
Pros
Provides prime level security at perimeter with 99% Accuracy.
NGTP blade can provide features with maximum benefit.
Check Point all in one evaluation blade provide access to evaluate the features.
Cons
In the smart console, all options should be visible as new, so that Check Point can find the option very easily.
Likelihood to Recommend
Check Point Quantum firewalls provide 99% accuracy while protecting the environment, which is convenient and well-proven. The Hyperscale solution offers a high level of performance compared to traditional security gateways. Also, the Maestro firewall provides seamless traffic flow during production time. We can create multiple SGs on the Smart console.
Our clients wanted something superior beyond NGFW, NGX Firewalls. We tried to pitch in CheckPoint's product of Quantum Security NGF, and the client asked for a quick demo. The Demo / PoC that we demonstrated was enough to have their buy-in. We went through the deal and the client was happy. FSI clients are generally a tad difficult to deal with, and we are now tasked to manage their INFRA.
Client is having huge Data Centers and was very impressed by this as compared to other CSPs/ on prem solutions like AWS and GCP. They wanted their data to reside mostly on-prem Data Centers. We even found after-sales support much competitive Vs products like F5 and Cisco.
Pros
Stopping and detecting Day 0 attacks
Easy troubleshooting/ GUI
Scalability and speed
After sales support, NGFW capabilities
Cons
Modular capabilities
Integration with VMware and NSX products per client requirement
3rd Party support product
Likelihood to Recommend
1) For huge DC environments and complex networks
2) Where clients were consistent up-time like FSI and healthcare
3) Application-aware client req. and preventing day 0 cyber attacks.
The Check Point Next Generation Firewall provides us with holistic perimeter and endpoint security protection throughout the enterprise. The robust and secure VPN functionality also provides enough confidence to enable a 'work from home' / 'road warrior' culture within the organization. In-depth application control, URL filtering and SSL inspection features also mitigate a significant amount of risk for internal users browsing the internet and hosted services that face the internet. Data loss prevention, compliance, threat emulation, and other blades overall make this a robustly unified platform for the implementation and management of security controls.
Pros
SSL inspection provides more effective mitigation of threat and data leakage with the ability to inspect and analyze encrypted traffic.
Threat emulation and extraction provides protection against zero-day threats without compromising the data of infected files.
'Office mode' VPN provides a seamless connected experience for remotely connected individuals.
Application control features provide granular restrictions to the type of application traffic than can pass through the network.
Cons
Pricing is not as competitive as the alternatives.
Perimeter antivirus is not as effective as its competitors
Steep learning curve and expensive certification paths may impair training paths
Likelihood to Recommend
Check Point Next Generation Firewall is a great solution for larger companies that have the ability to dedicate a large budget towards information security controls. In order to get the best return on investment, however, the company should have a highly functioning information security maturity level and the ability to invest in dedicated training so that all features are utilized effectively. The SmartEvent dashboards are able to provide ongoing data that can track this effectively.
VU
Verified User
Manager in Information Technology (1001-5000 employees)
Our Check Point Firewall is being used across the organization for all of our internet traffic. All network traffic is backhauled to our corporate location, filtered by the firewall, then out to the internet, and vice versa. The business problem it addresses is to allow certain traffic while blocking others. This is done through both an IDS/IPS, and logging.
Pros
Logging -- Logs are clearly displayed with all information about the packet
Canned reports -- The reports "out of the box" are pretty nice and give you a lot of detail
Rule Configuration -- Defining (basic) rules is easy to do, and understandable
Cons
HTTPS Inspection -- The firewall has troubles re-packaging the packet in a way that some websites are able to interpret correctly
Support -- Even getting support directly from Check Point isn't the easiest of experiences. They are more concerned about how fast they can close a ticket out, rather than fixing the problem.
Custom reports -- Custom reporting is extremely limited
Likelihood to Recommend
Well suited -- Small businesses that need a simple firewall appliance that doesn't have anything fancy. They need something that gets automatically updated, blocks bad things, and allows good things.
Less Appropriate -- Very large enterprises with granular reporting needs. HTTPS inspection is also an issue, as some packets cannot be correctly viewed. Something like an F5 would be needed to address this problem.
VU
Verified User
Analyst in Information Technology (201-500 employees)
We use Check Point Firewall Software Blade for outside facing protection for our hardware in multiple locations throughout the organization. Check Point serves as our primary firewall and our VPN software solution for the company. It is very easy to set up and use Check Point as a solution for VPN access instead of Microsoft VPN. The firewall itself proves to be very effective in managing traffic.
Pros
The management console is very easy to use. There is a lot of information on it which can seem overwhelming, but everything is right there in one page.
You have the ability to manage certain websites or IP addresses based on web content that is predefined or track individual end users.
The support for Check Point is excellent. If you are having trouble with the appliance, help is not far away. Techs will stay with you for hours if need be, to resolve any issues.
Cons
Check Point has a complex range of reporting tools, some of which can take time to learn and be comfortable with.
The firewall is solid and needs to have someone with training to manage it which means any little mistake can bring down the network and have you on the phone with Check Point support.
They are pricey for some of the hardware and reporting tools.
Likelihood to Recommend
I believe Check Point Firewall Software Blade is well suited for medium to large organizations with 500 employees or less. Anything more than that, I would choose a more enterprise level firewall like Dell SonicWALL. Check Point does not provide mobile device control or Wi-Fi network control without purchasing a different Check Point appliance.
