Real Users Weigh in on the Characteristics of a Good Next-Generation Firewall (NGFW)

By, Amit Sharon, Head of Customer Community

What makes for a good Next-Generation Firewall (NGFW)? The technology is evolving rapidly, and network managers and security teams have a wealth of choices. According to real users of the Check Point NGFW on IT Central Station, the right NGFW is characterized by:

  • Real-time prevention
  • Ease of setup and use
  • Rich visualization and reporting capabilities
  • Effective filtering and rules-setting

IT Central Station

IT Central Station is an exclusive, trusted site in which all reviews are written by real users. A triple-authentication process using LinkedIn profiles, community policing, and human oversight ensures 100% authentic reviews. The tech buying process has changed dramatically in 2020, with technology buyers now researching products over the web much more, and creating a vendor short list before they even start talking to vendors.

IT Central Station enables cybersecurity, DevOps and IT vendors to get involved in – and influence – this new social buying process early on in the game!

Learn more about IT Central Station at https://www.itcentralstation.com/about.

Benefits of a Good Next Gen Firewall

Today’s firewalls are multi-purpose network devices and key to any network; large or small, enterprise or small business, on-premises or virtual. In a properly segmented network, firewalls enforce zero trust least privileged access for users, groups, applications, systems and IoT devices.

Perhaps most important of these capabilities is threat prevention. Next Generation Firewalls focus on blocking malware and application-layer attacks. Integrated IPS (intrusion prevention system) in Next Generation Firewalls quickly and seamlessly enables companies to virtually patch vulnerable systems, sometimes before a security update is developed. Bottom line, they can better defend your network and carry out quick assessments to detect invasive or suspicious activity, like malware, and shut it down.

Selecting an NGFW Vendor

Next Generation Firewalls are critical for network operations and security that their selection typically involves a careful analysis by a team of professionals. For example, Ashish R., a Firewall Administrator at a tech services company with over 1,000 employees, compared Check Point vs Palo Alto: “I used Palo Alto firewalls. Compared to Palo Alto we are happier with the Check Point Firewall features. Key differences are the ease of operating Check Point firewalls and the use of Linux, as we are all trained in Linux. It is easier for us to work on the ELA of Check Point firewalls. And Check Point’s support is good.”

For Sandun F., a Network Administrator at University of Kelaniya, which has over 10,000 employees, the key selection factor was strong gateway level security with attributes like antivirus, anti-spam, IPS, web content filtering, application control and secure wireless access points. His team previously used the Cisco ASA 5510 as its perimeter firewall, but they felt they needed to switch because, as he put it, when comparing Cisco ASA vs Check Point NGFW “[Cisco] only had firewall features.”

A Network, Systems and Security Engineer at SOLTEL Group, highlights the importance of Real-time prevention capabilities: “I think that the most valuable feature is the prevention of known and zero-day threats because they are constantly trying to access your company and compromise its data.”

Reporting and Visualization

Firewall admins need to know what’s happening all the time, especially with the complex environments overseen by NGFWs. A Network and Security Specialist at a small tech services company spoke to this issue, saying, “I’ve seen the application and URL filtering on Palo Alto, and it is a pain to get those details from it and create a report for users. Whereas, the user report is very easy to get with Check Point.” Swapnil T., a Technology Consultant at a tech services company with more than 200 employees, echoed that sentiment, saying, “Logging and reporting is one more important aspect when we talk about firewalls and Check Point did a great job in that.”

“The management platform and the dashboard, the graphical user interface, is one of the best, if not the best, in the business. It’s the most intuitive and it’s really user-friendly in day-to-day operations,” said a Security Team Leader at an aerospace/defense firm with over 10,000 employees. A System Engineer at an insurance company with over 1,000 employees put it this way: “It gives you comprehensive reporting when the attacks start and when they’ve stopped, so you can see the complete, end-to-end picture: where the point of attack is, at what time, and what host. They can track all of that.”

Security Effectiveness

Filtering and rules capabilities stood out for NGFW users. Sandun F related that “the most valuable feature is the IPsec VPN. The application and content filtering is perfect for our university.” Gerry M., a Head Of Technical Operations at Boylesports, a company with over 1,000 employees, similarly noted, “URL filtering and anti-virus and other services are easy to deploy but assist in getting your company a good name.”

Speeding up the process of filtering through rules and finding similar ones to add additional objects was what mattered to an ICT-System-Specialist at an insurance company with more than 5,000 employees. For the aerospace Security Team Leader, the value from the NGFW came from its application control and URL filtering. He said, “They enable you to tighten security and decide which applications or websites you want to grant access to. In our company, we don’t allow anyone to freely access the internet to surf all websites. Some sites may be sensitive and some of them may be inappropriate. It allows us to control the traffic.”

Simple Setup and Ease of Use

IT Central Station members also value simple setup and ease of use in a NGFW. As Sandun F put it, “The Smart Dashboard and other user interfaces are very easy to use and can be handled without any significant IT skills. It allows for easy policy management.” Dan H., a Senior Network Engineer at a retailer with more than 5,000 employees, concurred, noting, “If you just want a simple set-up, with not a lot of features, then it’s easy. You can set one up very quickly, within a day.”

Other notable comments about the importance of simplicity and ease of setup include:

  • “It’s also user-friendly and not very complex. Anyone can use it and the dashboard is quite good.” – Shivani J., a Network Security Administrator at a computer software company with more than 200 employees.
  • “The initial setup is very simple. This solution can be installed on-premises or on the cloud.” – Chandan S., a Senior Technical Consultant at Ivalue Infosolution, a small tech services company.
  • “It is easy to use because it supports Linux language in the CLI. This is good for someone who already knows Linux language.” – Nikhil D., an Associate Consultant at a tech services company with over 10,000 employees.

Ease of use can be a factor in competitive selection, as well. For instance, a Network Engineer at a legal firm with over 1,000 employees shared that he had previously used firewall solutions from FortiGate, Cisco and pfSense. He remarked, “Check Point is easier than Cisco.”

To learn more about the Check Point NGFW, visit IT Central Station.

Learn more about what makes a good Next Generation Firewall, read a NGFW Buyer’s Guide.