Check Point firewalls -- Bright pink firewall protection for your organization
January 17, 2019

Check Point firewalls -- Bright pink firewall protection for your organization

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Overall Satisfaction with Check Point Next Generation Firewall

Our Check Point Firewall is being used across the organization for all of our internet traffic. All network traffic is backhauled to our corporate location, filtered by the firewall, then out to the internet, and vice versa. The business problem it addresses is to allow certain traffic while blocking others. This is done through both an IDS/IPS, and logging.
  • Logging -- Logs are clearly displayed with all information about the packet
  • Canned reports -- The reports "out of the box" are pretty nice and give you a lot of detail
  • Rule Configuration -- Defining (basic) rules is easy to do, and understandable
  • HTTPS Inspection -- The firewall has troubles re-packaging the packet in a way that some websites are able to interpret correctly
  • Support -- Even getting support directly from Check Point isn't the easiest of experiences. They are more concerned about how fast they can close a ticket out, rather than fixing the problem.
  • Custom reports -- Custom reporting is extremely limited
  • Since it is Layer 7 we are able to get down to the application level and block certain applications from even running.
  • Since it has an IPS in place we are able to see possible attacks that have been prevented by the firewall
  • This helps justify the security department and their metrics since we are able to see things that are prevented.
At the time when we were evaluating Fortinet, it was not a layer 7, while Check Point did offer this. It appears that since then they have created next-gen firewalls as well. The interface of Check Point is a little easier to use (although the interface tends to use a lot of bright pink colors)
Well suited -- Small businesses that need a simple firewall appliance that doesn't have anything fancy. They need something that gets automatically updated, blocks bad things, and allows good things.

Less Appropriate -- Very large enterprises with granular reporting needs. HTTPS inspection is also an issue, as some packets cannot be correctly viewed. Something like an F5 would be needed to address this problem.

Using Check Point Next Generation Firewall

4 - I represent the Security side of things, as well as my boss. The other 2 people that work with the firewall are network administrators who ensure that packets go through successfully and securely. While they configure a lot of the connectivity, we ensure what types of things should be allowed or blocked.