Checkpoint 4000 series, still running like a champ!
Anonymous | TrustRadius Reviewer
December 27, 2018

Checkpoint 4000 series, still running like a champ!

Score 9 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Check Point 4000 Appliances

Check Point is our current corporate standard. Access to our parent company networks requires a heterogenous checkpoint to checkpoint VPN. This is being used by most of the satellite companies, as our company grows via many acquisitions per year. The product is fantastic for blocking incoming threats, managing online content access, and has done a great job at keeping our companies safe.
  • Management access is difficult to get to and requires a specific client, plus sourcing from a permitted IP address.
  • Anti-malware, anti-spyware, and anti-bot engines do a great job at protecting from malicious content.
  • Anti-spoofing makes certain exploits like the LAND attack vector as null and void.
  • Steep learning curve for admins
  • No packet tracer application like the ASA to test flows prior to putting in new rules, etc.
  • Policy packages are all or nothing. I cannot uninstall or turn off a piece of the overall policy, it's all or nothing.
  • We have not seen a zero-day exploit since implementing the anti-spyware, anti-malware, and URL filtering functionality
  • We have not seen a successful intrusion into our systems since the implementation of our checkpoint 4000
  • We have had this firewall for 5+ years, and it still has much life left in it.
WatchGuard was a little more like a Sonicwall, and we felt the Soho-type interface wasn't what we wanted out of a security product. The anti-malware and spyware products were not nearly as good or pronounced as the checkpoint products. Secondly, we have to have the checkpoint for access to our parent company's networks.
Well suited for small to medium business with less than 1000 users. Good edge device, NAT is easy to work with. The anti-malware, anti-spyware are worthwhile paid add-ons. Anti-spoofing is built in, and required to be put in. The split of management between Gaia and secure platform applications is painful, but nothing that can't be gotten around.