Check Point Quantum Force (NGFW) Reviews

The Check Point firewalls are used to protect both the edge and datacenter firewall environment.

The firewalls have been deployed in a high availability design and are virtualized using Check Point VSX VSLS. This means we have multiple virtual firewalls protecting different parts of the data center (e.g., DB, Edge, WAN, pre-production.)

We have activated multiple software blades, including firewall, VPN, URL filtering, Application Control, compliance, reporting, and threat emulation, to name a few.

A similar design has been deployed at the DR with a similar set of firewalls.

The following has been improved:

1) The edge security posture has greatly improved. We are now able to detect and prevent threats coming from the public internet. The firewall is able to block know threats using the inbuild Intrusion Prevention blades.

2) We can connect with other organizations using site-to-site VPNs to enable inter-organization communication.

3) Check Point comes with a strong management solution that allows us to monitor and track threats that are detected and prevented. It also helps us be in compliance with industry standards.

The following features have been valuable:

1) IPS - The edge security posture has dramatically improved as we can now detect and prevent threats from the public internet. The firewall can block know threats using the inbuild Intrusion Prevention blades.

2) VPN - We can connect with other organizations using site-to-site VPNs for inter-organization communication.

3) Management Blades - Check Point comes with a strong management solution that allows us to monitor and track detected and prevented threats. It also helps us be in compliance with industry standards.

The following can be improved:

1) The management solution is currently using a desktop client for administration purposes. This should be improved by ensuring configuration on the firewalls can be done 100% using a web-based approach. This is currently a work in progress in R81.X, yet should be fast-tracked.

2) The Check Point TAC support has, in recent years, deteriorated. Getting support is usually a pain as the TAC engineers don't seem to understand our issues fast enough and are not readily available. This is in contrast to the amount of money paid for the support.

I've used the solution for five years.

A lot of improvement is required in how checkpoint TAC engineers handle their assigned cases. Tickets can be opened for very long without clear solutions.

We previously used Cisco ASA 5585 Firewall.

The setup was fairly easy as the team is well trained.

We worked with Check Point professional services.

This is a premium enterprise product, hence the price is very high.

We looked at FortiGate Firewalls.

Check Point should review their pricing models especially for the African market.

We are Check Point's Authorized partners, and Check Point NGFW is used for our Client's network security. These Next Generation Firewalls are excellent. All of our customers are happy. Check Point gateways provide superior security compared to any competitors in the Indian market. 

Our clients have networking solutions that range from 50 to 200 routers and hubs. Also, their endpoints range from 100 to 2,000 endpoints. Check Point's unique solution helps us to cater to all sizes of companies, from SMEs to large enterprises without compromising on any security vulnerabilities.

Check Point NGFW gateways provide superior security compared to any Indian market competitors. It delivers the highest-caliber threat prevention with excellent SandBlast Zero Day protection out of the box. 

Also, its on-demand hyper-scale threat prevention performance provides our customer with cloud-level expansion and resiliency on-premises. By integrating the most advanced threat prevention and consolidated management, Check Point's security gateway appliances are designed to prevent any cyber attack, reduce complexity, and lower our clients' costs.

The features which are most valuable include:

1] Uncompromising Security

2] Security at Hyperscale

3] Unified Security

4] Check Point's Quantum helps our clients in their overall cybersecurity practice

5] Protects network, data center, endpoints, and IoT

6] Ultra-scalable protection against Gen-V cyber attacks

7] Best Protection with SandBlast Threat Prevention

8] Maestro Hyper-scale Networking

9] Remote Access VPN protects your Remote Users

10] Highest level of security with Autonomous Threat Prevention

11] Modular Hardware and high-performance CPUs

We would like to see the following improvements:

1] Check Point can improve a little better in their technical services, especially in the Indian market. 

2] Check point can add features like log management which would be very useful to get compliant with CERTin standards. 

3] Check Point should look into SIEM solutions as today's Indian market is going towards SOC capability, and SIEM is the backbone of any SOC solution.

4] Automation is the crux of today's digital transformation era, and Check Point should include automation in its products.

5] Incident forensics like UBA or CASB is the next challenge in the security domain, and these features should be included if possible.

Its been three years since I strated using the product.

The solution is highly stable.

This solution is highly scalable.

The technical support is nice.

Positive

We are currently working with Sophos, however, we started recommending Check Point to our clients due to the excellent capabilities that they carry.

The setup is straightforward.

The setup, pricing or licensing cost of other products is on-par or a little higher than Check Point.

We have evaluated Sophos and Palo Alto.

At the organizational level, we needed to protect the security of our organization. This is where a much broader need arises. We must protect each of the branches that our company has - in some cases larger than other branches. We took on the task of implementing a next-generation firewall from Check Point which allows us to have valuable equipment that adjusts to the needs of each of the branches according to their size and organizational demand by the number of users. This equipment is designed for infinity architecture. 

The designs, including Check Point next-generation firewall equipment, have allowed us to have all branches interconnected with the same brand and the same site-to-site communication service. We can encrypt the traffic through these VPNs and ensure communication in all directions, solving transactions and access to applications and services within our organization and outside of it. Additionally, we have a content filtering robot that ensures that users and applications are reached solely and exclusively by our networks and users. 

The most outstanding feature of Check Point is the possibility of having more than 60 indicating services within it. Among the most outstanding in keeping safe is its rule management, VPN configuration, SSL, and, above all, HTTPS Inspection, which is a solution that allows us to see what users do. We can decipher the activity of each connection and see what is inside it. In this way, we ensure that the data is not violated or violated by third parties outside our organization and we validate the internal and timely security. 

The Next Generation Firewall (NGFW) Configuration Guides in XL cluster are very complex and other guides should be reviewed to validate configuration references. They should be updated for new versions.

Something worth mentioning is the need for Spanish support and better representation for teams in the Latin American area. There is a growing demand for these IT services and new technologies.

Its guides are identical to the existing ones. It would be more pleasing that these guides be updated and improve their design.

Give it a try, and it will help you more in these times when users are more remote than local.

I've used the solution for two years.

It is quite scalable. That said, it is complex to integrate cluster services from the same equipment.

I was testing WatchGuard and Fortinet. In the end, it was easier for me to integrate Check Point.

The cost is quite high. That said, it must be understood that it is not only a firewall, it is a solution that integrates more solutions within it.

The product is basically for completing a firewall task. On top of that, the aim is to find a comprehensive solution with the innovations from next-gen. We made an isolated zone in a small part of the company. Here, we aimed to provide basic security features with few security devices. In this context, we ran the Check Point appliance by opening almost all the blades on it. The Check Point software architecture was able to provide quite good results because it ran on its own OS. It's pretty good as a VM. At a point where we wanted to isolate VM devices, we provided a solution with a VM series of Check Point.

It has similar features to other competitors in standard sizes, so it's not a subject where it differs much. It provides us with a layer of security as a firewall. With the new blades that are opened as an extra, it can provide solutions that are needed today, such as IPS and URL filtering. 

You can do app and URL filtering through a separate policy layer. The fact that these can be separated and made in different layers provides excellent convenience for the administrators who regulate the rules. In object searches, object explorer is very easy and fast.

In my company, there have between ten and 15 firewalls on-premises, and if I want to configure or push the same configuration to all of the firewalls, then the centralized management system is easy and very helpful. 

It is difficult to convey the end-user experience. However, in general, administrators can get used to the interface and start working quickly. Especially after Revision 81.10, I can say that everything became more stable and faster in terms of management. It should be said that it does quite well on the DDOS side.

There are parts that are still on the SmartDashboard screen and that condemn you to use it, which should be removed and moved to the SamartConsole interface, which is the main screen. 

In addition, when you want to open the gateway by double-clicking on the interface, sometimes it can cause silly problems such as freezing. To fix these problems, Check Point needs to get rid of the SmartDashboard screen completely. Also, there is a need for performance improvements in the interface so that when the data and rulesets are large, there is a need for performance improvements in the next versions.

I've used the solution for about six years.

The primary use case for these firewalls is to protect our perimeter from unwanted traffic in and out of our network as well as to control the flow of data to comply with our company security policies. 

It also plays an integral part in restricting or granting access at a granular level for certain users or vendors allowing us to monitor and protect end-customer data as well as protecting our users and network from malware, bots, ransomware and other bad actors that could disrupt our business operations.

Check Point NGFW products have improved the operation of our organization by allowing us to secure our perimeter from attacks, probes, malware, DDoS, bots and general bad actors. It also allows us to secure outbound traffic from our users. 

It allows us to fine tune how we allow users to access resources both in our DMZ and externally. This helps us to secure customer and user data in order to prevent privacy issues, prevent loss of operations or downtime which we cannot accept. 

Being able to use the products in redundant pairs has also allowed us to provide a more stable network.

There are several useful features that we utilize that are now valuable assets in terms of protecting the network. These would include user identification (ID Collector), IPS, antibot, antivirus, application, and URL filtering as well as the standard firewall security rules. They all work together to provide layers of security to protect both inbound and outbound traffic in order to minimize loss of private data as well as to ensure our network is free of bad actors attempting to use malware or ransomware against us.

Check Point could improve its products by working on stability. Overall, it is a stable platform, however, at times we have issues with 'quirks' and bugs that cause issues for our end users and typically are not straightforward to fix. 

Another issue that presents itself is upgrading. Small hot fixes are not problematic. That said, updating to a new version of the OS has been an absolute nightmare and caused significant downtime and a number of issues - not to mention wasted engineering time. Simplify the upgrade process and they may regain confidence in this area!

I'd like to see more use of applications and URLs in security policies moving forwards.

I've worked with the solution for seven years across two different companies.

The stability is good, yet it could use some improvement.

The scalability is very good.

It has always been slow and difficult to use technical support. It depends on a case-by-case basis, however, you have to chase and manage the case yourself or it will go nowhere. This likely comes down to a lack of experienced agents.

Neutral

We previously used Cisco ASA. We switched due to the fact that Cisco's product was very hard to manage and lacked any real intelligence.

The initial setup is complex. A very large and multifaceted environment will always be complex to configure.

We used vendor support and account teams and in-house technical engineering.

It's expensive, however, compared to the cost of not protecting the network properly, it's worth the cost.

We looked at Palo Alto, Fortinet, and Cisco.

Carefully consider the vendor before making a leap. It's very difficult and costly to change vendors at a later date.

My main use case for Check Point NGFW is that my organization is using it as a firewall and using it in emails also.

I can walk you through a situation where Check Point NGFW made a difference for my organization by helping in getting or stopping the emails which are unwanted and can be harmful for my organization.

The best features Check Point NGFW offers in my experience are the real-time prevention and the virtualization and reporting capabilities.

These features impact my day-to-day operations by helping in improving the security postures in day-to-day activities.

Monitoring graphs for Check Point NGFW can be made better, and that is something I wish worked better.

I have been using Check Point NGFW for around half a year.

The main use case for Check Point NGFW involves securing organizational network parameters from a wide range of cyber threats, such as those associated with malware, unauthorized access, and data exfiltration.

Check Point NGFW has positively impacted my organization because, as a security provider, we have business from multiple nations worldwide, but certain nations where we do not have any business relevancy require traffic blocking.

Check Point NGFW helps us significantly by preventing sophisticated cyber attacks, controlling user access to application websites based on policy and user identity, segmenting the internal network, and providing centralized firewall management. These features have helped us manage and strengthen our security posture.

We have observed improved network visibility and control with detailed reporting and logging after implementing Check Point NGFW, along with a stronger compliance posture and reduction in incidents.

In my experience, Check Point NGFW offers excellent region-wise blocking capabilities, which proved particularly valuable during recent tension between India and Pakistan border crossing issues.

The IPS, anti-bot, threat emulation, and URL filtering features are working exceptionally well from a prevention perspective.

Check Point NGFW deployment in our organization showed that the initial setup and policy design can be complex, especially for teams unfamiliar with Check Point's architecture. Licensing can be confusing and expensive, so segregating it into a simple format would be helpful.

Software updates and hot fixes require compatibility checks to avoid disrupting the production environment.

I have been using Check Point NGFW for almost a year and a half.

My experience with pricing, setup costs, and licensing for Check Point NGFW has been straightforward, as everything is better and convenient to use.

I work in Secure System Private Limited as a security analyst for the last six years. I can share specific outcomes and metrics I have seen since using Check Point NGFW.

The primary use case for the Quantum Spark Security Appliance 1570 in our organization is unified threat management, firewall protection, intrusion prevention, anti-virus, and anti-malware defenses to secure our network against external threats. We use its remote access solution, to secure remote access through VPN capabilities and mobile device support, ensuring our employees can connect safely from anywhere. Additionally, the appliance features content filtering, application control, and bandwidth management to optimize network performance and enforce usage policies. 

It enhanced our organization's security posture compared to our previous solution. It offers superior protection with advanced threat management capabilities, including robust firewall defenses, intrusion prevention, and real-time anti-virus and anti-malware protection. 

This has markedly reduced our vulnerability to cyber threats. Additionally, the appliance's content filtering and application control features have enabled us to manage bandwidth more efficiently, prioritizing critical business applications and preventing unnecessary traffic. This optimization has not only improved network performance but also reduced operational costs by eliminating bandwidth wastage. 

The WatchTower feature is particularly valuable, providing real-time monitoring of incidents, which enhances our ability to promptly address and mitigate security threats, ultimately leading to reduced overheads and improved overall efficiency. 

The WatchTower app is accessible from mobile devices, providing administrators with the flexibility to monitor and manage security on the go. This mobility ensures that security management is not confined to the office, allowing for rapid response even when off-site.

They should improve integration with third-party security tools and software for a more unified security ecosystem. 

They should enhance compatibility with various network environments and cloud platforms can be valuable. Offer more comprehensive support options, including extended hours and more accessible resources.

They should provide more extensive training materials and documentation to help users maximize the appliance's capabilities. Integrate user awareness and training modules within the appliance to educate employees on security best practices.

We have been using it for more than two years. 

Stability is exceptionally positive. Since its implementation, the appliance has demonstrated remarkable reliability and uptime, consistently maintaining our network's security without disruptions

It provides a robust and scalable solution that meets both our current requirements and future growth plans.

Customer service is overall good, but we would like it to be more enchnaced. 

Positive

We previously used a different security solution but we switched it because of a phishing attack. Though we had a solution, it had not done its job perfectly. 

The setup is straightforward.

We implemented it through a vendor. I would rate it an eight out of ten.

It helped us reduce operational costs associated with network security. By optimizing bandwidth management, preventing security breaches, and streamlining administration tasks, we've minimized wastage and improved resource utilization. 

Setup cost is not much, hence pricing and licensing need to be considered. If pricing gets lower that would be great. 

We previously used a different security solution but switched to the Quantum Spark Security Appliance 1570 due to several issues with the old system. Our previous solution lacked advanced threat management features like real-time anti-virus and anti-malware protection, and had ineffective bandwidth management leading to network performance bottlenecks. 

This is a best solution for us so far and we recommend this to anyone. 

It can function as either a standalone appliance or as part of a clustered solution, offering flexibility to suit the needs of various customers, ranging from small businesses to large enterprises. We have experience working with a diverse clientele across different industries, leveraging Check Point's solutions to provide comprehensive network security tailored to each organization's requirements.

Extracting data from the logs and utilizing the log analyzer tool provides valuable insights and enhances the product's overall effectiveness.

Managing a smaller number of firewalls is straightforward, but as the scale increases, especially with numerous firewall instances, the complexity grows significantly. Scalability should be improved.

I have been working with it for twenty years.

It offers good stability capabilities.

We've encountered challenges related to scalability, particularly with its performance slowing down as the volume of objects in the network grows.

While most engineers are typically responsive, there may be variations in their availability and response times. I would rate its customer service and support eight out of ten.

Positive

I also work with Fortinet, and I find it preferable because it offers a wider range of options. Additionally, its integrated package functions exceptionally well, with seamless coordination between services.

The initial setup process is typically straightforward for most customers. However, when comparing Check Point with other solutions like FortiGate, there's a notable difference in how policy rules are implemented. With Check Point, you need to install the entire policy each time you want to make changes, whereas FortiGate allows for more streamlined updates by simply accepting the modifications. This can sometimes add complexity to installing a new policy with Check Point.

The deployment time varies depending on the scale of the project. For small cases, it may only take a couple of minutes, while larger-scale deployments can span up to a month. Having a skilled engineer is crucial; one proficient engineer can handle the job effectively. Maintenance is relatively straightforward.

While it may be slightly more expensive, when compared with competition it is reasonable. Licenses are renewed annually.

Overall, I would rate it nine out of ten.

We brought all of our cloud platforms to Microsoft Azure. We needed a tool that would give us the security of regulating access control so that we could monitor our environment in case something was penetrating our internal network.

This was the primary movement for which the Check Point NGFW tool was acquired since we needed our collaborators to have secure access to the company's resources and applications since this tool provides us with the alerts and corrections that must be made when finding a security breach in our environment.

Check Point NGFW also provides a great capacity of features that help us apply them to the organization. It has web filtering limited to third parties, SSL encryption, and the application's administration is very simple and centralized since it helps us a lot in reporting and generating alerts.

The organization needed a tool that would provide various security functionalities in the organization, and so far, Check Point NGFW has helped us a lot. It has helped us by applying access control policies and limiting access to third parties and only those who must enter the organization to use resources and applications.

The application behaved very well with the Azure resources in the cloud; it helped us to prevent several security holes found with web filtering and internal DDoS attack.

Check Point NGFW can quickly identify where the attacks are coming from, provides detailed and complete information on the attacks, and provides zero-day attacks in real-time.

One of the valuable characteristics of Check Point NGFW is that it presents very centralized management. Due to this, it's improved our security throughout the organization and outside of it. Many collaborators work from their homes or different places and help us filter, limit of access to packet inspection with flexibility and speed that was not previously possible.

Other characteristics are the records that it shows us and generates depending on its configuration and they are very visible to be able to attack and correct in time, or when superiors ask us for administrative information in that part it provides great value.

As such, the tool provides what is expected in its security functionality. However, some points must be improved, such as the latency in the GUI entry. It takes a while to register and allow access to the administrative panel.

Another point where customer service should be improved, both in the administrative and technical fields. Support cases have been generated several times, and it takes time for the case to be resolved. In addition to that, the solutions need to attend to us. It takes a long time to coordinate a call since they do not handle a comprehensive schedule.

This solution has been used for approximately one year in the company.

The stability of the tool is good. We have not presented any problem even when an update is made.

The scalability presented by the tool is very good and flexible.

The experience has not been very good. That is one of the points that must be improved.

Positive

There was no type of tool that would supply these qualities.

The configuration of the tool is very simple and quick to install.

The installation was done jointly with an engineer provided by the supplier, and his capacity was good.

The prices are competitive. However, it is worth making an investment since, in the future, the profit will be seen against any environmental attack.

Check Point manages a good cost in its products and it is worth making the investment since this can prevent a collapse in the organization.

Check Point was always our first option. With this type of solution, many security teams are from Check Point.

The tool behaves well. The only improvement that I have seen that is necessary is to improve the latency when entering the application and they must improve the support.