For VendorsBlog
Check Point Next Generation Firewall (NGFW)

Add to comparison

Check Point Next Generation Firewall (NGFW)

Check Point Next Generation Firewall identifies and controls applications by user and scans content to stop threats.

Features of product

Проблемы Pain points
  • Malware infection via Internet, email, storage devices
  • No control over data access
  • No IT security guidelines
  • Non-compliant with IT security requirements
  • Risk of data loss or damage
  • Risk of lost access to data and IT systems
  • Unauthorized access to corporate IT systems and data
Ценности Business Values
  • Ensure Security and Business Continuity
Матрица сравнения с конкурентами Matrix of comparison with competitors

About Product


Detects and controls application usage

  • Identify, allow, block or limit usage of applications, and features within them
  • Enable safe Internet use while protecting against threats and malware
  • Leverage the world's largest application library with more than 6,600 web 2.0 applications

Supports advanced identity awareness for stress-free policy enforcement

  • Create granular policy definitions per user and group
  • Integrate seamlessly with Active Directory
  • Protect environments with social media and Internet applications

Provides proven gateway security in a single, dedicated appliance

  • Rely on 24/7 advanced protection
  • Reap the benefits of application control and intrusion protection (IPS), as well as extensibility support for additional security capabilities
  • Get greater understanding into security events with integrated, easy-to-use centralized management
  • Join more than 170,000 customers, including 100 percent of Fortune 100 companies


Identity awareness

Great security involves limiting and tracking access to sensitive data and resources. With the Next Generation Firewall, your administrators get detailed visibility into the users, groups, applications, machines and connection types on your network so they can assign permissions to the right users and devices. The firewall makes it easy and cost-effective to enforce security policy, giving granular permission control over these entities; this results in superior protection across the entire security gateway. Seamless and agent-less integration with Active Directory provides complete user identification, enabling simple, application-based policy definition per user or group directly from the firewall. Users’ identification may be acquired in one of three simple methods:

  • Querying the Active Directory
  • Through a captive portal
  • Installing a one-time, thin client-side agent

Application control

Employees are using more apps than ever, and you’re on the hook to protect them regardless of what they use. Check Point Next Generation Firewall has the industry’s largest application coverage, with more than 6,600 applications and 260,000 social network widgets included. You can create granular security policies based on users or groups to identify, block or limit usage of web applications and widgets like instant messaging, social networking, video streaming, VoIP, games and more.

Logging and status

To help you make sense out of your security event data, we included SmartLog, an advanced log analyzer that delivers split-second search results providing real-time visibility into billions of log records over multiple time periods and domains.

Integrated security management

Our unified security management simplifies the monumental task of managing your security environment. You’ll see and control threats, devices and users with a highly intuitive graphical interface providing views, details and reports on your security health. Manage all your Check Point gateways and software blades from one comprehensive, centralized security dashboard.

Intrusion prevention

Next Generation Firewall includes the Check Point IPS Software Blade, which secures your network by inspecting packets traversing through the gateway. It is a full-featured IPS, providing geo-protections and frequent, automated threat definition updates. Because the IPS is part of the integrated Software Blade Architecture, you’ll get all the deployment and management advantages of a unified and extensible solution.



Antivirus and antispyware functions
IDS/IPS availability

SSL VPN remote access;Application control;IPv4/IPv6 protocols;Hiding adresses with NAT;DHCP;IPSec Site to Site VPN tunnels;Stateful TCP/IP stack;URL filtering;Configuring static and dynamic routing

Bot protection
DDOS protection N/A
Data Leak Prevention
Network behavior analysis support
Sandboxing support
Context-aware policy
Application level attacks protection (Application Intelligence)

Features of users

Признаки применимости Company requirements
  • Internet access is available for employees