Check Point Quantum Force (NGFW) Reviews

The primary use case for the Quantum Spark Security Appliance 1570 in our organization is unified threat management, firewall protection, intrusion prevention, anti-virus, and anti-malware defenses to secure our network against external threats. We use its remote access solution, to secure remote access through VPN capabilities and mobile device support, ensuring our employees can connect safely from anywhere. Additionally, the appliance features content filtering, application control, and bandwidth management to optimize network performance and enforce usage policies. 

It enhanced our organization's security posture compared to our previous solution. It offers superior protection with advanced threat management capabilities, including robust firewall defenses, intrusion prevention, and real-time anti-virus and anti-malware protection. 

This has markedly reduced our vulnerability to cyber threats. Additionally, the appliance's content filtering and application control features have enabled us to manage bandwidth more efficiently, prioritizing critical business applications and preventing unnecessary traffic. This optimization has not only improved network performance but also reduced operational costs by eliminating bandwidth wastage. 

The WatchTower feature is particularly valuable, providing real-time monitoring of incidents, which enhances our ability to promptly address and mitigate security threats, ultimately leading to reduced overheads and improved overall efficiency. 

The WatchTower app is accessible from mobile devices, providing administrators with the flexibility to monitor and manage security on the go. This mobility ensures that security management is not confined to the office, allowing for rapid response even when off-site.

They should improve integration with third-party security tools and software for a more unified security ecosystem. 

They should enhance compatibility with various network environments and cloud platforms can be valuable. Offer more comprehensive support options, including extended hours and more accessible resources.

They should provide more extensive training materials and documentation to help users maximize the appliance's capabilities. Integrate user awareness and training modules within the appliance to educate employees on security best practices.

We have been using it for more than two years. 

Stability is exceptionally positive. Since its implementation, the appliance has demonstrated remarkable reliability and uptime, consistently maintaining our network's security without disruptions

It provides a robust and scalable solution that meets both our current requirements and future growth plans.

Customer service is overall good, but we would like it to be more enchnaced. 

Positive

We previously used a different security solution but we switched it because of a phishing attack. Though we had a solution, it had not done its job perfectly. 

The setup is straightforward.

We implemented it through a vendor. I would rate it an eight out of ten.

It helped us reduce operational costs associated with network security. By optimizing bandwidth management, preventing security breaches, and streamlining administration tasks, we've minimized wastage and improved resource utilization. 

Setup cost is not much, hence pricing and licensing need to be considered. If pricing gets lower that would be great. 

We previously used a different security solution but switched to the Quantum Spark Security Appliance 1570 due to several issues with the old system. Our previous solution lacked advanced threat management features like real-time anti-virus and anti-malware protection, and had ineffective bandwidth management leading to network performance bottlenecks. 

This is a best solution for us so far and we recommend this to anyone. 

It can function as either a standalone appliance or as part of a clustered solution, offering flexibility to suit the needs of various customers, ranging from small businesses to large enterprises. We have experience working with a diverse clientele across different industries, leveraging Check Point's solutions to provide comprehensive network security tailored to each organization's requirements.

Extracting data from the logs and utilizing the log analyzer tool provides valuable insights and enhances the product's overall effectiveness.

Managing a smaller number of firewalls is straightforward, but as the scale increases, especially with numerous firewall instances, the complexity grows significantly. Scalability should be improved.

I have been working with it for twenty years.

It offers good stability capabilities.

We've encountered challenges related to scalability, particularly with its performance slowing down as the volume of objects in the network grows.

While most engineers are typically responsive, there may be variations in their availability and response times. I would rate its customer service and support eight out of ten.

Positive

I also work with Fortinet, and I find it preferable because it offers a wider range of options. Additionally, its integrated package functions exceptionally well, with seamless coordination between services.

The initial setup process is typically straightforward for most customers. However, when comparing Check Point with other solutions like FortiGate, there's a notable difference in how policy rules are implemented. With Check Point, you need to install the entire policy each time you want to make changes, whereas FortiGate allows for more streamlined updates by simply accepting the modifications. This can sometimes add complexity to installing a new policy with Check Point.

The deployment time varies depending on the scale of the project. For small cases, it may only take a couple of minutes, while larger-scale deployments can span up to a month. Having a skilled engineer is crucial; one proficient engineer can handle the job effectively. Maintenance is relatively straightforward.

While it may be slightly more expensive, when compared with competition it is reasonable. Licenses are renewed annually.

Overall, I would rate it nine out of ten.

I am currently working with Check Point Firewall because most of your customers have it deployed in their networks. Recently, we were involved in a significant firewall micro-implementation for one of our customers. We created configuration templates, specifically for routing and setting up bond interfaces within CheckPoint. These interfaces are similar to Cisco's port channels, where multiple physical interfaces are bound into one. 

I primarily work on the network side, so my expertise lies in configuring and working with firewalls. I have experience in firewall policies and know how to configure them within Check Point, including blocking URLs and specific website categories. However, I acknowledge that there's room for improvement, particularly in areas related to application-level control within the firewall. While I can't pinpoint a specific area for improvement, I am trying to enhance my skills and knowledge in various aspects of firewall management.

I have been using Check Point NGFW for the last 12 months.

During a project where I was working with a customer deploying Maestro in their network, we encountered an issue related to multicast traffic. Check Point's expert team suggested that we install a package called Jumbo Hotfix inside the Check Point, which resolved the problem. Overall, despite this issue, Check Point NGFW is a stable product with minimal encountered bugs.

Check Point is a stable product, but when compared to other vendors like Palo Alto and Fortinet, I'd recommend going with Palo Alto. Palo Alto is a more stable and robust firewall solution than Check Point.

The deployment of Check Point was straightforward. In the Azure cloud environment, it took approximately thirteen minutes to complete the deployment, while on-premises, the initial setup was relatively easy and not complicated. I have deployed Check Point both on-premises and in the Azure cloud. The deployment in Azure took place around four months ago for a customer's proof of concept (POC). The primary reason for this deployment was to address the customer's VPN subnet limitations with Azure VPN. I suggested that moving to a cloud-based CheckPoint solution would provide better VPN connections without IP subnet limitations. In the Azure deployment, I created a hub and VPN and deployed two CheckPoint instances, not just one. To manage these instances, I used a load balancer within the Azure network.

Regarding firewalls, my role primarily involves designing and deploying them, then handing over the management to the operations team. While I find the deployment process relatively easy, the issues the operations team faces later on can impact my perspective. I'd rate Check Point a 7 out of 10. The ease of deployment is a plus, but we've encountered some problems with Check Point, particularly related to documentation. Compared to vendors like Cisco and Juniper, the quality and comprehensiveness of the documentation could be improved.

We are using Check Point Next Generation Firewall both as an edge border gateway and as an internal gateway protecting users and servers networks. Using the Virtual System solution we create different network environments and virtual system firewalls in which we have different modules (additional license could be needed) activated depending on the topology of the network where the firewall is protecting the traffic. We are also implementing IPS on several internal firewalls that are inspecting such flows.

Mainly the easy central management with support for virtual systems has helped in the operating and analyzing time of the security department. We know that with other security solutions that don't scale well and don't have a central management system, you lose precious time operating the platform.

Under the same interface, we are using a stack of different security modules, so the learning curve is easier than the need to learn new interfaces for each specific appliance. At the same time, you can check the logs in a homogeneous way.

The management interface is easy to operate and is a standardized way of managing different firewall modules in the same client application. Additionally, it provides up-to-date security options through different license bundles and scalability to match almost any firewall security needs as you can easily add more systems to implement several cluster firewalls, running as a load-sharing whole system or active-standby members. The log explorer is also straightforward to use, and the results are easily exportable.

To provide visibility of the requirements you have to accomplish to perform some of the traffic security mechanisms. Several security modules are based on HTTPS inspection, losing a relevant security capability if you don't implement it in your network. So the product should point out this need clearly so you can fit your expectations in a real-world environment. That said, this is not a limitation of the product itself.

You need to read the requirements to take into consideration both throughput, security modules and storage (logs) needs so you can choose the appliance that best fits your organization.

I've used the solution for more than ten years.

In most environments, this solution is running pretty stable.

It is easy to scale both with virtual systems or by adding additional physical appliances.

Support has a good and fast response to new threats and is proactive with a big community.

Positive

We were using a Cisco firewall solution. It was outdated and the management interface was not unified.

We evaluated Palo Alto and Fortinet as well as Check Point

For the technical administration teams. I advise them to take, at least, the basic training so they can manage the solution adequately.

It assists us in filtering files for our internal users, ensuring that our data remains secure and protected. During the pandemic, it has been invaluable in enabling remote connections through VPN for our employees who are working from home, facilitating our COVID-19 response efforts. We established point-to-point VPN connections with approximately thirty clients, which enhances our security, especially at the outermost layer of our network, safeguarding us from external threats.

It includes features like IPS, which keeps us informed about potential threats attempting to breach our infrastructure, adding a crucial layer of security. It is user-friendly and straightforward to manage, which simplifies our overall network security management.

It could greatly improve our customer experience by centralizing management. Currently, we face the issue of having different management interfaces, which require us to switch between them, causing some difficulties and inefficiencies in our workflow. There are instances where the software crashes and this necessitates frequent upgrades from one version to another.

I have been using it for four years now.

I would rate it as highly stable, giving it a solid nine out of ten.

In terms of scalability, we haven't needed to expand significantly as our current setup consists of firewall checkpoints at the main site and another set at the HQ. These devices can seamlessly communicate with one another. We use SmartConsole managing system, which serves as a centralized hub for collecting and managing logs from all our Check Point Firewalls. As far as I know, the limit for management servers is five firewalls, so beyond that, additional licensing may be required to accommodate more devices.

We don't engage directly with its support team. Instead, we work through a reseller who handles our support needs. When we require assistance, we reach out to the reseller, and if necessary, they will liaise with Check Point on our behalf.

We were previously using Cisco ASA, Cisco X-ray, and FortiGate. However, the technologies we had, particularly the Cisco ASA, were outdated, and there was a clear need to upgrade to a next-generation appliance. When considering our options, we received a proposal from a local vendor in Angola, and after reviewing it, we decided to move forward with Check Point as it is widely recognized as one of the top solutions in the market.

The initial setup is straightforward. I would rate it nine out of ten.

We've had positive experiences with the deployments, and we've recommended it in several instances. Currently, we have implemented four Check Point Firewalls. Our initial deployment at the primary site took approximately a week to set up. After fine-tuning and making necessary adjustments, the total time for implementation was roughly two weeks. The main office at our headquarters had a similar timeline, as the tuning process does require a significant amount of time and effort.

The technology itself is impressive, but I find the pricing a bit on the higher side. This is partly due to the complexities we face with exchange rates in our country, as obtaining foreign currency can be challenging.

Having worked with products from various providers, I've found the experience and functionality of Check Point to be quite impressive and I strongly recommend it, provided they invest in essential training, which is a critical component. Its user-friendly management interface simplifies the process, and it offers a wealth of features. I would rate it nine out of ten.

Our customer’s infrastructure is entirely based on Check Point. They are using around 2,000 firewalls worldwide. We resolve the problems in their product as a service provider.

Check Point is a great technology. It doesn't compromise the performance of the users. The tool provides great security. It was the first firewall that provided 3-way handshake. It was the first stateful firewall in the market.

The tool’s architecture could be improved a bit. It should provide Single-Pass Parallel Processing. Check Point’s interface is quite segregated.

I have been using the solution for seven to eight years.

The tool will be stable if the implementation team has done a good job.

The tool is scalable. If a user faces any constraints, we can upgrade the tool. The hardware is scalable. Our customers are enterprise-level businesses.

The technical support team is not excellent. It’s not easy to get people on call on urgent tickets. They join the call, but the support is not as smooth as other vendors like Cisco and Zscaler.

Positive

Palo Alto provides Single-Pass Parallel Processing. Palo Alto and Check Point are not very different.

The product is easy to install. It's an interesting product. Once we get the knowledge of Check Point, it's quite easy to work on. However, for new users, the solution is a bit difficult. For a single gateway, if we are ready with all the necessary software we need while installing, the deployment takes one to two hours.

A single-site deployment, where all gateways and management are taken care of, can be done by one or two people. However, a complete implementation team is required if some things are to be done on the cloud and some in the branch offices. One team will handle the policies, and the other will handle the basic installations. Once the solution is stabilized, maintenance will be easy.

Check Point is a good tool. I would recommend it to others. Overall, I rate the solution a nine out of ten.

We use the solution as a perimeter firewall. We also use it for endpoint security and VPN.

The product is very user-friendly. The configuration can be managed and customized as required. We can customize the tool for each stakeholder.

It will be good if the product is rack-mounted. The product must be updated to protect users from the latest firewall threats.

I have been using the solution for almost six years.

The tool is very stable.

The tool is easily scalable. Almost 2000 people are using the product in my organization.

The support is good.

Positive

We also work with other vendors. Check Point is as good as its competitors, but its cost is a bit higher.

The initial setup is very easy. One firewall engineer can deploy the product within a few hours. It is very easy to maintain the tool. We need only one person to maintain it.

The tool is a bit expensive. The product’s operational cost is very high. We pay a yearly licensing fee. We also pay for support.

Check Point is the most user-friendly solution. It can be configured quickly. Overall, I rate the product an eight out of ten.

The primary use case is segmentation in many different areas of the company network. We had a few critical use cases: there was a need for an internal firewall, and also an edge firewall. Apart from having simple segmentation, we had a requirement for additional features like the possibility to decrypt traffic, the possibility to inspect URLs or the intrusion prevention system feature. 

A very important thing for us was also to have a very good quality of vendor support. Definitely, this is something we can get here. 

With Check Point we have achieved our primary goal - segmentation. We were able to limit North-South and East-West traffic which had a very impressive impact on improving security posture. 

We also have the possibility to control Internet traffic, we can use the URL filtering feature together with traffic decryption to be able to allow only safe communication. A very important thing for us is also having the possibility to use identity awareness and be able to implement policy based on user IDs (user ad groups).

I like the Next-Generation Firewall. This is the primary feature and use case for this solution. It's a very important thing for us to have a solution that provides ease of use and an intuitive interface.

We are also using other security blades that are included in the package like URL filtering, identity awareness, IPS, antibot, and threat detection.

The most valuable thing for us is to have the possibility to use all the security blades and all security products and have a consistent policy among different security features. Reporting and integration with external solutions are great.

Check Point could improve the time for delivering requested features from customers. It could be delivered much faster. Also, communication and status reporting for such requests have a lot of room for improvement. After the request, we do not get any information on the status or progress until it is implemented.

Looking at the trend in the market which aims for vendor consolidation, the strategy to deliver one vendor SASE could be beneficial for Check Point and its customers. 

I've been familiar with the product since 2003. At my current company, CheckPoint appeared three years ago.

The stability is good.

The range of platforms is huge. It can fit every traffic requirement.

Overall I have had a positive experience with support. Sometimes it takes too long to resolve issues, however.

Positive

I have been using Cisco ASA. The switch was done based on the intuitive management interface and ease of use of Check Point.

The setup is straightforward, even if the policies are big and complex.

We have used help from a third-party company.

I'd advise users to prepare their requirements before choosing the product and model.

I also evaluated Palo Alto.

It is a really good solution. You should be happy with it if you choose it.