Next Generation Firewall

Your network is under constant threat. To secure it, you need the most advanced firewall protection. Check Point Next Generation Firewall identifies and controls applications by user and scans content to stop threats.


Detects and controls application usage

  • Identify, allow, block or limit usage of applications, and features within them
  • Enable safe Internet use while protecting against threats and malware
  • Leverage the world's largest application library with more than 6,600 web 2.0 applications

Supports advanced identity awareness for stress-free policy enforcement

  • Create granular policy definitions per user and group
  • Integrate seamlessly with Active Directory
  • Protect environments with social media and Internet applications

Provides proven gateway security in a single, dedicated appliance

  • Rely on 24/7 advanced protection
  • Reap the benefits of application control and intrusion protection (IPS), as well as extensibility support for additional security capabilities
  • Get greater understanding into security events with integrated, easy-to-use centralized management
  • Join more than 170,000 customers, including 100 percent of Fortune 100 companies


Identity awareness

Great security involves limiting and tracking access to sensitive data and resources. With the Next Generation Firewall, your administrators get detailed visibility into the users, groups, applications, machines and connection types on your network so they can assign permissions to the right users and devices. The firewall makes it easy and cost-effective to enforce security policy, giving granular permission control over these entities; this results in superior protection across the entire security gateway.

Seamless and agent-less integration with Active Directory provides complete user identification, enabling simple, application-based policy definition per user or group directly from the firewall. Users’ identification may be acquired in one of three simple methods:

  • Querying the Active Directory
  • Through a captive portal
  • Installing a one-time, thin client-side agent

Application control

Employees are using more apps than ever, and you’re on the hook to protect them regardless of what they use. Check Point Next Generation Firewall has the industry’s largest application coverage, with more than 6,600 applications and 260,000 social network widgets included. You can create granular security policies based on users or groups to identify, block or limit usage of web applications and widgets like instant messaging, social networking, video streaming, VoIP, games and more.

Logging and status

To help you make sense out of your security event data, we included SmartLog, an advanced log analyzer that delivers split-second search results providing real-time visibility into billions of log records over multiple time periods and domains.

Integrated security management

Our unified security management simplifies the monumental task of managing your security environment. You’ll see and control threats, devices and users with a highly intuitive graphical interface providing views, details and reports on your security health. Manage all your Check Point gateways and software blades from one comprehensive, centralized security dashboard.

Intrusion prevention

Next Generation Firewall includes the Check Point IPS Software Blade, which secures your network by inspecting packets traversing through the gateway. It is a full-featured IPS, providing geo-protections and frequent, automated threat definition updates. Because the IPS is part of the integrated Software Blade Architecture, you’ll get all the deployment and management advantages of a unified and extensible solution.


Ease of expansion

As your security needs increase, you can easily add to your solution with additional features and blades, such as the Data Loss Prevention, Threat Emulation, Threat Extraction Software Blades and more.

Learn More


AppliancesEnclosureMax 1 GbEMax 10 GbEFONICSecurityPower
1120 NGFWDesktop10-No28
2200 NGFWDesktop6-No121
4200 NGFW1U8-Yes121
4400 NGFW1U12-Yes230
4600 NGFW1U12-Yes405
4800 NGFW1U162Yes673
12200 NGFW1U164Yes811
12400 NGFW2U2612Yes1185
12600 NGFW2U2612Yes2050
13500 NGFW2U2612Yes3200
13800 NGFW2U2612Yes3800
21400 NGFW2U3712No2175/2900 1
21600 NGFW2U3712No2788/3300 1
21700 NGFW2U3712No3300/3551 1
21800 NGFW2U3712No4100/4300 1
1  With Security Acceleration Module