Check Point NGFW
Check Point NGFW
Check Point NGFW inspects traffic using application awareness and user identity controls. It integrates with threat intelligence feeds to support policy enforcement and detection of emerging threats.
Check Point NGFW inspects traffic using application awareness and user identity controls. It integrates with threat intelligence feeds to support policy enforcement and detection of emerging threats.
Cost considerations
Cost considerations
Functionality
Functionality
Compatibility
Compatibility
User experience
User experience
Customer support
Customer support
Why these ratings?
Cyberse perspective
Cyberse perspective
Solution details
Deployment
On-premises
Cloud-hosted
Product features
Intrusion Detection and Prevention Systems (IDS/IPS)
Web Application Firewall (WAF)
DNS filtering
Services support
In-house services
Third party integrators
Managed services
Integrations
Security automation
Vulnerability management
Identity security
Cloud security
Governance Risk and Compliance
Data security
Key features
API access
Platform solution
Target industry
Technology
Public sector
Industrials
Healthcare
Retail
Manufacturing
Financial services
Pricing
Free trial available
Subcategory
Operational Technology Security
Web Application Firewall
DNS Security
Network Detection and Response
Virtual Private Networks
Intrusion Detection / Prevention Systems
Market segment
Small business
Enterprise
Midmarket
Cloud ecosystem partners
Amazon Web Services
Microsoft Azure Cloud
Google Cloud Platform
We use the following criteria to evaluate this product:
We use the following criteria to evaluate this product:
Cost considerations
Check Point NGFW hardware comes at a premium and core protections are sold as separate “blades,” so companies pay multiple licenses before achieving full coverage. Expensive annual renewals and added blade fees mean scaling to more throughput or sites drives a higher cost per gigabit than most rival firewalls, calling overall value into question
Cost considerations
Check Point NGFW hardware comes at a premium and core protections are sold as separate “blades,” so companies pay multiple licenses before achieving full coverage. Expensive annual renewals and added blade fees mean scaling to more throughput or sites drives a higher cost per gigabit than most rival firewalls, calling overall value into question
Functionality
Check Point NGFW unifies firewall, IPS, cloud sandboxing and AI-driven threat prevention with the ability to decrypt and inspect TLS 1.3 traffic. Integrated SD-WAN, zero-trust segmentation and automatic IoT device discovery broaden protection that many peers treat as add-ons. Because these advanced controls are baked into the gateway and run at line rate, the solution meets the rubric’s top-tier functionality requirements.
Functionality
Check Point NGFW unifies firewall, IPS, cloud sandboxing and AI-driven threat prevention with the ability to decrypt and inspect TLS 1.3 traffic. Integrated SD-WAN, zero-trust segmentation and automatic IoT device discovery broaden protection that many peers treat as add-ons. Because these advanced controls are baked into the gateway and run at line rate, the solution meets the rubric’s top-tier functionality requirements.
Compatibility
Check Point NGFW can run as a hardware gateway or a virtual image in data centers and is listed in cloud marketplaces such as AWS, giving enterprises consistent deployment options on-prem and in major clouds. Public-cloud templates are available but usually require some parameter tuning, and the REST API hooks into SIEM or SOAR tools with modest scripting effort. No mainstream containerized edition is offered, which prevents a top compatibility score.
Compatibility
Check Point NGFW can run as a hardware gateway or a virtual image in data centers and is listed in cloud marketplaces such as AWS, giving enterprises consistent deployment options on-prem and in major clouds. Public-cloud templates are available but usually require some parameter tuning, and the REST API hooks into SIEM or SOAR tools with modest scripting effort. No mainstream containerized edition is offered, which prevents a top compatibility score.
User experience
SmartConsole provides centralized policies and searchable logs, yet reviewers note the interface is crowded and initial configuration feels overwhelming. New admins often require formal training and still resort to the CLI for certain tasks, so the learning curve and documentation land in the mid-range compared with peer firewalls
User experience
SmartConsole provides centralized policies and searchable logs, yet reviewers note the interface is crowded and initial configuration feels overwhelming. New admins often require formal training and still resort to the CLI for certain tasks, so the learning curve and documentation land in the mid-range compared with peer firewalls
Customer support
Check Point provides 24×7 TAC coverage with a 30-minute first response on critical tickets. ThreatCloud pushes new IPS, Anti-Virus and Anti-Bot signatures about every two hours, giving multiple updates each day. Advance replacement hardware is shipped the same or next business day and customers can tap a large knowledge base, matching the rubric’s level-4 criteria.
Customer support
Check Point provides 24×7 TAC coverage with a 30-minute first response on critical tickets. ThreatCloud pushes new IPS, Anti-Virus and Anti-Bot signatures about every two hours, giving multiple updates each day. Advance replacement hardware is shipped the same or next business day and customers can tap a large knowledge base, matching the rubric’s level-4 criteria.