Next-Gen Firewall

Palo Alto Next Generation Firewalls

Protect Against Sophisticated Cyber Attacks with Check Point’s Next-Generation Firewall

The cybersecurity landscape is evolving. As internet traffic and corporate networks grow each year, cyber attacks are becoming more sophisticated and harder to detect. Next-Generation Firewalls (NGFW) are an integral part of an organization’s security solution that can combat these devastating attacks.

7 essential functionalities

Palo Alto Icon - Next-Generation Firewall


Check Point security management has always played a fundamental role in our architectures and drives operationally viable policy management, incident response, and compliance. At the highest level, the management architecture supports:

  • A single policy construct across all enforcement points in the Infinity architecture
  • Combined threat prevention and segmentation policies in a unified policy table across appliances, virtual and cloud
  • Compliance control validation, with template support for common compliance regulations
  • Consolidated event management and export via SmartEvent
  • Group-based delegation of administrative authority, with full workflow support
  • Orchestration integration for virtual and cloud environments, including automated services insertion
  • Open APIs for ecosystem integrations
Palo Alto Icon - Next-Generation Firewall

Threat prevention

A key Check Point differentiator, when compared to other firewalls, is the integration of best-in-class threat prevention across the architecture. While others concede attackers will get in and are pivoting to detection and response, our focus remains on stopping attacks before they succeed. This includes tackling the latest large-scale, multi-vector GenV attacks, in addition to more conventional attacks that are still widely used.

PA Icon Content-ID

Application inspection and control

Check Point’s Application Control capability supports security policies to identify, allow, block or limit the usage of thousands of applications, including Web and social networking, regardless of port, protocol, or evasive technique used to traverse the network. It currently understands over 8,100 Web 2.0 applications with more being added continuously. Advanced user interaction features allow security administrators to alert employees in real-time about application access limitations, and query them as to whether application use is for business or personal use. This enables IT administrators to gain a better understanding of Web usage patterns, adapt policies, and regulate personal usage without interrupting the flow of business.

PA Icon User-ID

Identity-based inspection and control

Check Point pioneered the development of user and group-based policies. Our firewalls and management integrate with Microsoft AD, LDAP, RADIUS, Cisco pxGrid, Terminal Servers, and with 3rd parties via a Web API. And because the management console supports these policies across our portfolio, you can limit the integration with the identity store to this one interface, and still get broad security coverage based on a single set of identity-policies. This support extends to security monitoring via the SmartEvent console. The combination of identity and application awareness is mandatory for building scalable security policies that protect the business without compromising user experience.

PA Icon DNS Security

Hybrid cloud support

Check Point firewalls support both virtual and cloud deployments, in addition to a complete portfolio of appliances that span remote office to data center requirements. Virtual systems support allows a single software security gateway to be segmented into multiple zones with independent resources and management. In addition to traditional vSphere, we support both NSX and Cisco ACI software-defined networking environments. For IaaS public cloud, all major vendors are supported including AWS, Azure, GCP, Oracle and Alibaba Clouds. Integration with cloud automation provides instantiation of both virtual gateways and template-based security policies without manual intervention. This enables new workloads to be secured as they are deployed, without implementation delays caused by manual security configuration.

PA Icon Threat Prevention

Scalable performance with advanced security functions

Check Point’s portfolio offers powerful scaling options for both hardware and software-based firewalls. The Maestro Hyperscale solution brings the scale, agility and elasticity of the cloud on-premise with efficient N+1 hardware clustering based on Check Point HyperSync technology. Up to 52 gateways/firewalls can be clustered to deliver up to 1,000Gbps of throughput, while still being managed as a single entity. Start with what you need today, knowing that you can easily scale when needed without risky and complex upgrades or network re-designs.

For cloud deployments, Check Point offers CloudGuard, available in both Pay-as-you-go (PAYG) and Bring-your-own-license (BYOL) pricing models. CloudGuard supports the same services as our physical firewalls, with transparent policy management across on-premises, virtual, and cloud gateways.

PA Icon URL Filtering

Encrypted traffic inspection

Check Point enterprise firewall software includes SSL/TLS decryption and inspection, so that security policies can be applied to encrypted traffic. The software leverages crypto hardware acceleration built into Intel processors. Furthermore, our SecureXL technology supports crypto acceleration using Check Point hardware models available on many of the security gateways. This acceleration is critical in situations requiring high-scale inspection and policy enforcement upon HTTPS encrypted traffic. Finally, enterprise firewalls must securely categorize HTTPS traffic using the Server Name Indication (SNI) extension, inspect all of the latest cipher suites and curves such as TLS 1.2 and have plans for securing TLS 1.3 traffic.


Integrating the most advanced threat prevention and a consolidated management, our security gateway appliances are designed to prevent any cyber attack, reduce complexity and lower your costs.

Hyperscale Network Security

Maestro Orchestrator for your next generation data center. Scalability has never been so easy, sale up existing Check Point security gateways on demand.

learn more

Data Center and High-End Enterprise
26000/28000 Series

Quantum Security Gateways are the most comprehensive protections with data center-grade hardware to maximize uptime and performance.

learn more

Large Enterprise
15000/16000 Series

Quantum Security Gateways provide comprehensive security protections in a scalable, easy to mange configuration, preferred for large enterprises.

learn more

Midsize Enterprise
6000 Series

Quantum Security Gateways include the power of Gen V in a single security gateway engineered to meet all your business needs today and in the future.

learn more

Branch Office
1600/1800/3000 Series

Quantum Security Gateways provide enterprise-grade security in a small form factor, ideal for branch and small office.

learn more

Small Business
1500/1600/1800 Series

Quantum Spark provides the most comprehensive, enterprise grade security for your small and medium business with intuitive and simple management & reporting using WebUI.

learn more

Remote Access VPN

Quantum VPN provides businesses of all sizes the ability to ensure best-in-class connectivity and security, allowing your workforce to remain as productive as possible.

learn more

High Performance and Scalable Platforms
44000/46000 Series

Quantum Scalable Chassis provides multi-bladed, chassis-based security systems that scale to support the needs of growing networks while offering reliability and performance.

learn more

Industrial Appliances
1570R Wired, Wireless models

Quantum Rugged delivers top-rated threat prevention, customized to protect the Industrial Control Systems for manufacturing, energy, utilities, and transportation.

learn more