Check Point Quantum Force (NGFW) Reviews

My main use case for Check Point NGFW is that my organization is using it as a firewall and using it in emails also.

I can walk you through a situation where Check Point NGFW made a difference for my organization by helping in getting or stopping the emails which are unwanted and can be harmful for my organization.

The best features Check Point NGFW offers in my experience are the real-time prevention and the virtualization and reporting capabilities.

These features impact my day-to-day operations by helping in improving the security postures in day-to-day activities.

Monitoring graphs for Check Point NGFW can be made better, and that is something I wish worked better.

I have been using Check Point NGFW for around half a year.

The main use case for Check Point NGFW involves securing organizational network parameters from a wide range of cyber threats, such as those associated with malware, unauthorized access, and data exfiltration.

Check Point NGFW has positively impacted my organization because, as a security provider, we have business from multiple nations worldwide, but certain nations where we do not have any business relevancy require traffic blocking.

Check Point NGFW helps us significantly by preventing sophisticated cyber attacks, controlling user access to application websites based on policy and user identity, segmenting the internal network, and providing centralized firewall management. These features have helped us manage and strengthen our security posture.

We have observed improved network visibility and control with detailed reporting and logging after implementing Check Point NGFW, along with a stronger compliance posture and reduction in incidents.

In my experience, Check Point NGFW offers excellent region-wise blocking capabilities, which proved particularly valuable during recent tension between India and Pakistan border crossing issues.

The IPS, anti-bot, threat emulation, and URL filtering features are working exceptionally well from a prevention perspective.

Check Point NGFW deployment in our organization showed that the initial setup and policy design can be complex, especially for teams unfamiliar with Check Point's architecture. Licensing can be confusing and expensive, so segregating it into a simple format would be helpful.

Software updates and hot fixes require compatibility checks to avoid disrupting the production environment.

I have been using Check Point NGFW for almost a year and a half.

My experience with pricing, setup costs, and licensing for Check Point NGFW has been straightforward, as everything is better and convenient to use.

I work in Secure System Private Limited as a security analyst for the last six years. I can share specific outcomes and metrics I have seen since using Check Point NGFW.

We are using the solution for the perimeter. It's used as a core firewall, with almost all transactions passing through the firewall. For instance, in a cellular phone company, all transactional authorizations pass through the firewall, while in a bank, authorizations for branches and ATMs go through the firewall. The main customers are in the BFSI, telcos, industry manufacturing, and other large enterprise sectors.

Check Point's solutions allow organizations to operate securely with a reliable core firewall in place, ensuring that transactions proceed smoothly.

The Check Point firewall is used as a core firewall offering high reliability with at least two synchronized data centers, creating a fault-tolerant configuration. It is considered a very stable platform with minimal bugs.

Technically, there is no need for improvement. That said, they need to be more aggressive and protect more of the channels on the commercial side. Additionally, the user interface could be more user-friendly.

We have been using Check Point solutions for over twenty-five years, since the very beginning.

The firewall is highly stable, being described as one of the most reliable, with a stable platform and few bugs.

Using the Maestro technology, the firewall has good scalability. It allows for flexibility and growth by stacking clippings without needing to change the chassis.

Customer service is generally good. With Diamond or Diamond Plus service for banks, the support level meets customer expectations. The internal team of Check experts also ensures issues are resolved efficiently.

Positive

We are familiar with and have supported other solutions like Fortinet, Palo Alto, and Cisco yet primarily do business with Check Point.

Initial setup can be complex, especially in large or redundant deployments. Expertise is required to manage configurations, especially with complex operations and a high volume of users and VPNs.

The implementation team has around 20 people, with a total group including maintenance and support numbering 60.

Monetizing the risk is complex, and despite having software for calculating ROI in security, traditional calculations like the FAIR methodology do not apply efficiently in Latin America.

Check Point and Palo Alto solutions are among the more expensive options, but once a platform is adopted, switching is difficult. Clients tend to stay with the same brand for extended periods.

We have evaluated solutions from Fortinet, Palo Alto, and Cisco, however, the main offering is Check Point.

I'd rate the solution eight out of ten.

We use Check Point Next Generation Firewall both as a perimeter firewall and as an internal firewall. 

For customers, we recommend using the open platform, which is the software installed on your own server. We usually find that you get a lot more performance out of the software that way. Also, a lot of energy companies use it as well.

Check Point Next Generation Firewall helps us with routing failover, setting up a web dashboard for better management of the platform, and ensuring the stability and availability of our firewalls with its backup features.

The price point is good. You get a lot more features for the cost. How it's bundled and packaged is very simple to order. All the features are bundled with the product, and it's just a matter of checking a box to turn it on or off. 

Performance is usually better on OpenServers, where we provide the server on the Check Point platform.

The operating system and platform could be more tightly integrated. Some features are better done on the OS side of the platform. Integrating all features into one dashboard should avoid switching between the new and old dashboards.

Check Point Next Generation Firewall is quite stable. For features like backup and data, I would rate it highly.

Check Point Next Generation Firewall offers excellent scalability. With OpenServer, it's just a matter of purchasing licenses that enable more CPUs to be used. We can increase the RAM on the box and allow for more network traffic and customers onto our platform.

The support is great. I usually get it online and it meets our needs effectively.

Positive

Setup is easy. I would give it an eight out of ten.

The pricing is fair and more competitive than many competitors. On a scale of one to ten, with ten being the most expensive, I would rate it around a three in its category.

Cisco does not support SSL inspection, and its detection capabilities are limited. I would say Check Point is comparable with Palo Alto in terms of features and detection capabilities.

I would recommend Check Point Next Generation Firewall because of its detection capabilities, which ensure protection by identifying malicious files and suspicious activities. The price point is also lower compared to Palo Alto for the same features.

I'd rate the solution nine out of ten.

The most valuable feature of the solution is its efficiency.

You have an administration tool that is not on the appliance, and it should be in line with the appliance. You can put your modification online and compile it again before applying.

I have been using Check Point NGFW for seven years.

The solution's technical support is good.

Positive

We previously used Cisco. We switched to Check Point NGFW because Cisco was comparatively a bit outdated.

Check Point NGFW is a little expensive. We paid around 70,000 Euros for it, and the solution's maintenance fee is expensive. We also have to pay for technical support.

I am generally satisfied with the solution. The new Check Point products are more powerful than the previous appliances. The product is good but perhaps more adapted to big firms than small companies.

Overall, I rate the solution an eight out of ten.

The primary use case for the Quantum Spark Security Appliance 1570 in our organization is unified threat management, firewall protection, intrusion prevention, anti-virus, and anti-malware defenses to secure our network against external threats. We use its remote access solution, to secure remote access through VPN capabilities and mobile device support, ensuring our employees can connect safely from anywhere. Additionally, the appliance features content filtering, application control, and bandwidth management to optimize network performance and enforce usage policies. 

It enhanced our organization's security posture compared to our previous solution. It offers superior protection with advanced threat management capabilities, including robust firewall defenses, intrusion prevention, and real-time anti-virus and anti-malware protection. 

This has markedly reduced our vulnerability to cyber threats. Additionally, the appliance's content filtering and application control features have enabled us to manage bandwidth more efficiently, prioritizing critical business applications and preventing unnecessary traffic. This optimization has not only improved network performance but also reduced operational costs by eliminating bandwidth wastage. 

The WatchTower feature is particularly valuable, providing real-time monitoring of incidents, which enhances our ability to promptly address and mitigate security threats, ultimately leading to reduced overheads and improved overall efficiency. 

The WatchTower app is accessible from mobile devices, providing administrators with the flexibility to monitor and manage security on the go. This mobility ensures that security management is not confined to the office, allowing for rapid response even when off-site.

They should improve integration with third-party security tools and software for a more unified security ecosystem. 

They should enhance compatibility with various network environments and cloud platforms can be valuable. Offer more comprehensive support options, including extended hours and more accessible resources.

They should provide more extensive training materials and documentation to help users maximize the appliance's capabilities. Integrate user awareness and training modules within the appliance to educate employees on security best practices.

We have been using it for more than two years. 

Stability is exceptionally positive. Since its implementation, the appliance has demonstrated remarkable reliability and uptime, consistently maintaining our network's security without disruptions

It provides a robust and scalable solution that meets both our current requirements and future growth plans.

Customer service is overall good, but we would like it to be more enchnaced. 

Positive

We previously used a different security solution but we switched it because of a phishing attack. Though we had a solution, it had not done its job perfectly. 

The setup is straightforward.

We implemented it through a vendor. I would rate it an eight out of ten.

It helped us reduce operational costs associated with network security. By optimizing bandwidth management, preventing security breaches, and streamlining administration tasks, we've minimized wastage and improved resource utilization. 

Setup cost is not much, hence pricing and licensing need to be considered. If pricing gets lower that would be great. 

We previously used a different security solution but switched to the Quantum Spark Security Appliance 1570 due to several issues with the old system. Our previous solution lacked advanced threat management features like real-time anti-virus and anti-malware protection, and had ineffective bandwidth management leading to network performance bottlenecks. 

This is a best solution for us so far and we recommend this to anyone. 

Our customers have been using it for the network security.

Unlike Fortinet, where the log loading process can take up to a month, Check Point stands out for its efficiency. While other solutions may only provide logs for a short period, such as one or two months, Check Point impressively retains logs for up to six months on some machines and at least three months on others. This extended log retention period is a significant advantage for our customers, providing them with valuable insights and enhancing their overall security posture.

One of the most advantageous features of Check Point firewall is its multi-interface capability. While traditional firewalls typically have a single interface, Check Point stands out by offering tools with multiple interfaces. This capability, now known as SmartConsole, allows users to manage policies, security objects, and routing points all from one dashboard. This contrasts with other firewalls where users often have to log in separately to access different functionalities. The hierarchical structure of communication and management in Check Point firewalls adds complexity, making it more challenging for attackers to exploit vulnerabilities. Additionally, Check Point introduced SD-WAN functionality in December 2013, further enhancing its capabilities and staying ahead of the curve in network security.

There's a significant area for improvement when it comes to pricing. While frequent updates and patches are released, which is commendable and adds significant value, the loading time for SD-WAN updates can be excessively long.

The feature we're eager to see enhanced in Check Point is reporting, particularly in terms of highlighting past reports. Currently, if we create a rule for a report in the morning, we expect to receive an email highlighting it. While we can set this up, the issue lies in segregating the project into separate reports.

I have been working with it for five years.

Occasionally, we face certain issues and downtimes. Downtime varies depending on the type of changes or updates being made. For instance, a version upgrade typically requires only fifteen minutes for reboots. However, for patch updates or version updates, downtime can extend to at least one hour. In some cases, especially in custom environments, downtime may exceed two to three hours.

It provides good scalability. Despite having only three customers, I've implemented the firewall for over a thousand users. These users are situated in factory environments, meaning there are thousands of endpoints, including those connected via VPN.

I am relatively satisfied with the level of technical support provided. We primarily work with Indian support teams, and while some technical engineers are exceptionally intelligent and quick to resolve issues within ten to fifteen minutes, others may take longer. However, the crucial aspect is that they eventually provide an answer or escalate the issue if needed. When I contact support, I first inquire about the assigned person, and if I am familiar with them, I proceed with the interaction. Otherwise, I prefer to escalate the query to another region to avoid wasting time. I would rate it eight out of ten.

Positive

We have experience working with Fortigate and Palo Alto in the past. In Sri Lanka, Check Point has a strong marketing presence, which influences customer decisions.

The initial setup can be complex and may pose a challenge, especially for those without prior experience. Setting it up for the first time requires careful attention and a level of expertise to navigate effectively.

The deployment process begins with configuring the firewall's IP and other settings. Once this initial configuration is complete, we proceed to the AI portal. In the AI portal, the first step is to configure the interfaces. After configuring the interfaces, we proceed to install the created interface. Next, we move on to the SmartConsole. To access the SmartConsole, we download it from the app portal. Once the SmartConsole is installed, we can easily create rules for logging purposes, manage objects, configure networking, and VPN, and other technical tasks from the SmartConsole. Routing and related tasks are typically handled in the data portal. One individual is enough for the deployment. The duration of the setup process varies depending on factors such as the complexity of the customer's environment and the site architecture. For instance, in a relatively simple scenario with just two VLANs and a couple of VPNs, the configuration could be completed within a few working days. Maintenance is essential, with upgrades and patch updates being mandatory at least once every six months. This ensures the system remains up-to-date and secure.

Our customers are pleased with the return on investment. The occasional bugs and updates, common to all firewalls including Check Point, are being addressed promptly. The platform is regularly updated to ensure optimal performance.

The price is on the higher side.

While the cost may be a consideration, the level of security provided by Check Point is exceptional. In my experience, I have not encountered any cyber attacks. The only negative experience was not related to the firewall but rather to customer issues with the router. It's important to remember that compromising security for cost savings can ultimately lead to vulnerabilities. Therefore, investing in high-security solutions like Check Point is worthwhile. Overall, I would rate it eight out of ten.

I am currently working with Check Point Firewall because most of your customers have it deployed in their networks. Recently, we were involved in a significant firewall micro-implementation for one of our customers. We created configuration templates, specifically for routing and setting up bond interfaces within CheckPoint. These interfaces are similar to Cisco's port channels, where multiple physical interfaces are bound into one. 

I primarily work on the network side, so my expertise lies in configuring and working with firewalls. I have experience in firewall policies and know how to configure them within Check Point, including blocking URLs and specific website categories. However, I acknowledge that there's room for improvement, particularly in areas related to application-level control within the firewall. While I can't pinpoint a specific area for improvement, I am trying to enhance my skills and knowledge in various aspects of firewall management.

I have been using Check Point NGFW for the last 12 months.

During a project where I was working with a customer deploying Maestro in their network, we encountered an issue related to multicast traffic. Check Point's expert team suggested that we install a package called Jumbo Hotfix inside the Check Point, which resolved the problem. Overall, despite this issue, Check Point NGFW is a stable product with minimal encountered bugs.

Check Point is a stable product, but when compared to other vendors like Palo Alto and Fortinet, I'd recommend going with Palo Alto. Palo Alto is a more stable and robust firewall solution than Check Point.

The deployment of Check Point was straightforward. In the Azure cloud environment, it took approximately thirteen minutes to complete the deployment, while on-premises, the initial setup was relatively easy and not complicated. I have deployed Check Point both on-premises and in the Azure cloud. The deployment in Azure took place around four months ago for a customer's proof of concept (POC). The primary reason for this deployment was to address the customer's VPN subnet limitations with Azure VPN. I suggested that moving to a cloud-based CheckPoint solution would provide better VPN connections without IP subnet limitations. In the Azure deployment, I created a hub and VPN and deployed two CheckPoint instances, not just one. To manage these instances, I used a load balancer within the Azure network.

Regarding firewalls, my role primarily involves designing and deploying them, then handing over the management to the operations team. While I find the deployment process relatively easy, the issues the operations team faces later on can impact my perspective. I'd rate Check Point a 7 out of 10. The ease of deployment is a plus, but we've encountered some problems with Check Point, particularly related to documentation. Compared to vendors like Cisco and Juniper, the quality and comprehensiveness of the documentation could be improved.