Check Point Next Generation Firewall is a security gateway that includes application control and IPS protection, with integrated management of security events — all in one appliance. Check Point Next Generation Firewall is also available for public and private cloud on platforms like VMware, AWS and Microsoft Azure.

The Check Point Next Generation Firewall product line is integrated into Check Point’s Software Blade Architecture, with centralized management, logging and reporting via a single console. Primary enforcement is executed via software allowing for flexible deployment for traditional network and virtual network. Sometimes it called as 3 tier technology architecture as following:

GUI- A Smart Dashboard is a Smart Console GUI application that is used by system administrator to create and managed the security policies.

Management Server- The Security Management server used by the system administrator to manage the security policy. The organization’s databases and security policies and event logs are stored on security management.

Security Gateway (FW)- The security gateway enforces the organization’s security policy and acts as a security enforcement.

Check Point Next Generation Firewalls features include: unified threat management, non-disruptive in-line bump-in-the-wire configuration, NAT, SPI , VPN, integrated signature-based IPS engine, application awareness, full stack visibility and more. The firewalls also have SSL decryption capabilities to enable identifying undesirable encrypted applications.
Through the Check Point NGFW package, user and machine identity awareness provides integration with Active Directory and protects environments with social media and internet applications.

Platform coverage

Check Point’s NGFW architecture protects organizations of all sizes, from small businesses to larger enterprises.
For small business and branch offices:
• Check Point 600 Appliances (620, 620, 680): designed for offices of up to 100 employees;
• Check Point 1100 Appliances (1120, 1140, 1180): designed for small branch offices; and
• Check Point 2200 Appliance.
For medium-sized businesses:
• Check Point 4000 Appliances (4200, 4400, 4600, 4800): compact 1U form factor, delivers real-world firewall throughput up to 5.8 Gbps and real-world IPS throughput up to 1.1 Gbps.
For data centers and large enterprises:
• Check Point 12000 Appliances (12200, 12400, 12600);
• Check Point 13000 Appliances (13500, 13800); and
• Check Point 21000 Appliances (21400, 21600, 21700, 21800).
Carrier security:
• Check Point 41000 and 61000 Security Systems
Virtual/cloud security:
• Check Point Virtual Appliance for Amazon Web Services; and
• Check Point Virtual Gateway for Microsoft Azure.

Performance

In its most recent test of NGFW products, NSS Labs found the Check Point 13800 NGFW for enterprises blocked 100% of attacks against server applications and 99.7% attacks on client applications, while passing all stability and reliability tests. The NSS Labs report also states that the 13800 NGFW’s performance was rated at 6,889 Mbps, which is lower than what Check Point claimed, while the product boasted a maximum of 52,500 TCP connections per second and 94,000 HTTP connections per second, putting the 13800 in good company with other top performers in the NGFW category.

Manageability

Check Point Security Management (software) provides centralized network security management for Check Point gateways and Software Blades, via a single, unified console. This provides control and visibility over even the most complex security deployments.

Licensing

Check Point NGFW is a full product package, with all Software Blades included under one license. Check Point NGFW starts at $1,800 per year, but the price is scaled based on the type of hardware needed and the service contract.

Support

Check Point offers 24/7 customer service and support. The Check Point Support Center features knowledge base resources, user forums, live chat and remote access capabilities. Check Point Support programs and plans give customers immediate access to critical resources when they need them — by phone, online, in-person and via remote access.
Check Point’s Enterprise Support Life-cycle policies are offered as customized quotes and purchase supports. Check Point Extend Enterprise Premium and Elite Support includes a designated engineer, unique support number, in-depth resources and consulting. The cost of these support programs is typically a percentage of total sales.

Differentiators

There are a few key differentiation between Check Point NGFW and other competitive products:
• Check Point is the inventor of stateful inspection for firewalls;
• Check Point Integrated IPS has the highest block rate among its competitors;
• Has the largest application library, with over 5,000 applications. Its nearest competitor has approximately half that number;
• Offers integrated DLP, with over 600 file types;
• Check Point’s Active Directory integration and user awareness includes agent-less and agent-based options;
• Has in-house event analysis — all other competitors utilize third party products;
• Has change management — other competitors do not; and
• Check Point User Check involves end-user education and engagement.

Summary

Check Point was named as a market leader in Gartner’s 2015 Magic Quadrant report for the firewall market. The report noted that Check Point earned strong technical evaluation scores, with strong execution of its product road map and one of the largest existing enterprise client bases in the market. Check Point has established a firm position in the NGFW space with a broad portfolio of products, both on premises and virtual, for small and midsize businesses as well as larger enterprises and telecom carriers.