Check Point Next Generation Firewall: Product overview
Check Point Next Generation Firewall family combines firewalls with unified threat management technology, VPNs and more. Expert Mike O. Villegas takes a closer look.
Next-generation firewalls continue to be strong required protection measures. Check Point Next Generation Firewall is a security gateway that includes application control and IPS protection, with integrated management of security events -- all in one appliance. Check Point Next Generation Firewall is also available for public and private cloud on platforms like VMware, Amazon Web Services and Microsoft Azure.
The Check Point Next Generation Firewall product line is integrated into Check Point's Software Blade Architecture, with centralized management, logging and reporting via a single console. Primary enforcement is executed via software allowing for flexible deployment for traditional networks and virtual networks.
Feature set
Check Point Next Generation Firewalls features include: unified threat management, nondisruptive in-line bump-in-the-wire configuration, NAT, SPI , VPN, integrated signature-based IPS engine, application awareness, full stack visibility and more. The firewalls also have SSL decryption capabilities to enable identifying undesirable encrypted applications.
Through the Check Point NGFW package, user and machine identity awareness provides integration with Active Directory and protects environments with social media and internet applications.
Platform coverage
Check Point's NGFW architecture protects organizations of all sizes, from small businesses to larger enterprises.
For small business and branch offices:
- Check Point 600 Appliances (620, 620, 680): designed for offices of up to 100 employees;
- Check Point 1100 Appliances (1120, 1140, 1180): designed for small branch offices; and
- Check Point 2200 Appliance.
For medium-sized businesses:
- Check Point 4000 Appliances (4200, 4400, 4600, 4800): compact 1U form factor, delivers real-world firewall throughput up to 5.8 Gbps and real-world IPS throughput up to 1.1 Gbps.
For data centers and large enterprises:
- Check Point 12000 Appliances (12200, 12400, 12600);
- Check Point 13000 Appliances (13500, 13800); and
- Check Point 21000 Appliances (21400, 21600, 21700, 21800).
Carrier security:
- Check Point 41000 and 61000 Security Systems
Virtual/cloud security:
- Check Point Virtual Appliance for Amazon Web Services; and
- Check Point Virtual Gateway for Microsoft Azure.
Performance
In its most recent test of NGFW products, NSS Labs found the Check Point 13800 NGFW for enterprises blocked 100% of attacks against server applications and 99.7% attacks on client applications, while passing all stability and reliability tests. The NSS Labs report also states that the 13800 NGFW's performance was rated at 6,889 Mbps, which is lower than what Check Point claimed, while the product boasted a maximum of 52,500 TCP connections per second and 94,000 HTTP connections per second, putting the 13800 in good company with other top performers in the NGFW category.
Manageability
Check Point Security Management (software) provides centralized network security management for Check Point gateways and Software Blades, via a single, unified console. This provides control and visibility over even the most complex security deployments.
Pricing and licensing
Check Point NGFW is a full product package, with all Software Blades included under one license. Check Point NGFW starts at $1,800 per year, but the price is scaled based on the type of hardware needed and the service contract.
Support
Check Point offers 24/7 customer service and support. The Check Point Support Center features knowledge base resources, user forums, live chat and remote access capabilities. Check Point Support programs and plans give customers immediate access to critical resources when they need them -- by phone, online, in-person and via remote access.
Check Point's Enterprise Support Lifecycle policies are offered as customized quotes and purchase supports. Check Point Extend Enterprise Premium and Elite Support includes a designated engineer, unique support number, in-depth resources and consulting. The cost of these support programs is typically a percentage of total sales.
Differentiators
There are a few key differentiators between Check Point NGFW and other competitive products:
- Check Point is the inventor of stateful inspection for firewalls;
- Check Point Integrated IPS has the highest block rate amongst its competitors;
- Has the largest application library, with over 5,000 applications. Its nearest competitor has approximately half that number;
- Offers integrated DLP, with over 600 file types;
- Check Point's Active Directory integration and user awareness includes agentless and agent-based options;
- Has in-house event analysis -- all other competitors utilize third party products;
- Has change management -- other competitors do not; and
- Check Point User Check involves end-user education and engagement.
Summary
Check Point was named as a market leader in Gartner's 2015 Magic Quadrant report for the firewall market. The report noted that Check Point earned strong technical evaluation scores, with strong execution of its product roadmap and one of the largest existing enterprise client bases in the market. Check Point has established a firm position in the NGFW space with a broad portfolio of products, both on premises and virtual, for small and midsize businesses as well as larger enterprises and telecom carriers.
