Check Point Quantum Force (NGFW) Reviews

I am currently working with Check Point Firewall because most of your customers have it deployed in their networks. Recently, we were involved in a significant firewall micro-implementation for one of our customers. We created configuration templates, specifically for routing and setting up bond interfaces within CheckPoint. These interfaces are similar to Cisco's port channels, where multiple physical interfaces are bound into one. 

I primarily work on the network side, so my expertise lies in configuring and working with firewalls. I have experience in firewall policies and know how to configure them within Check Point, including blocking URLs and specific website categories. However, I acknowledge that there's room for improvement, particularly in areas related to application-level control within the firewall. While I can't pinpoint a specific area for improvement, I am trying to enhance my skills and knowledge in various aspects of firewall management.

I have been using Check Point NGFW for the last 12 months.

During a project where I was working with a customer deploying Maestro in their network, we encountered an issue related to multicast traffic. Check Point's expert team suggested that we install a package called Jumbo Hotfix inside the Check Point, which resolved the problem. Overall, despite this issue, Check Point NGFW is a stable product with minimal encountered bugs.

Check Point is a stable product, but when compared to other vendors like Palo Alto and Fortinet, I'd recommend going with Palo Alto. Palo Alto is a more stable and robust firewall solution than Check Point.

The deployment of Check Point was straightforward. In the Azure cloud environment, it took approximately thirteen minutes to complete the deployment, while on-premises, the initial setup was relatively easy and not complicated. I have deployed Check Point both on-premises and in the Azure cloud. The deployment in Azure took place around four months ago for a customer's proof of concept (POC). The primary reason for this deployment was to address the customer's VPN subnet limitations with Azure VPN. I suggested that moving to a cloud-based CheckPoint solution would provide better VPN connections without IP subnet limitations. In the Azure deployment, I created a hub and VPN and deployed two CheckPoint instances, not just one. To manage these instances, I used a load balancer within the Azure network.

Regarding firewalls, my role primarily involves designing and deploying them, then handing over the management to the operations team. While I find the deployment process relatively easy, the issues the operations team faces later on can impact my perspective. I'd rate Check Point a 7 out of 10. The ease of deployment is a plus, but we've encountered some problems with Check Point, particularly related to documentation. Compared to vendors like Cisco and Juniper, the quality and comprehensiveness of the documentation could be improved.

We are using Check Point Next Generation Firewall both as an edge border gateway and as an internal gateway protecting users and servers networks. Using the Virtual System solution we create different network environments and virtual system firewalls in which we have different modules (additional license could be needed) activated depending on the topology of the network where the firewall is protecting the traffic. We are also implementing IPS on several internal firewalls that are inspecting such flows.

Mainly the easy central management with support for virtual systems has helped in the operating and analyzing time of the security department. We know that with other security solutions that don't scale well and don't have a central management system, you lose precious time operating the platform.

Under the same interface, we are using a stack of different security modules, so the learning curve is easier than the need to learn new interfaces for each specific appliance. At the same time, you can check the logs in a homogeneous way.

The management interface is easy to operate and is a standardized way of managing different firewall modules in the same client application. Additionally, it provides up-to-date security options through different license bundles and scalability to match almost any firewall security needs as you can easily add more systems to implement several cluster firewalls, running as a load-sharing whole system or active-standby members. The log explorer is also straightforward to use, and the results are easily exportable.

To provide visibility of the requirements you have to accomplish to perform some of the traffic security mechanisms. Several security modules are based on HTTPS inspection, losing a relevant security capability if you don't implement it in your network. So the product should point out this need clearly so you can fit your expectations in a real-world environment. That said, this is not a limitation of the product itself.

You need to read the requirements to take into consideration both throughput, security modules and storage (logs) needs so you can choose the appliance that best fits your organization.

I've used the solution for more than ten years.

In most environments, this solution is running pretty stable.

It is easy to scale both with virtual systems or by adding additional physical appliances.

Support has a good and fast response to new threats and is proactive with a big community.

Positive

We were using a Cisco firewall solution. It was outdated and the management interface was not unified.

We evaluated Palo Alto and Fortinet as well as Check Point

For the technical administration teams. I advise them to take, at least, the basic training so they can manage the solution adequately.

Check Point NGFW is a critical component of our security infrastructure. It provides comprehensive next-generation firewall (NGFW) security for our perimeter and DMZs, protecting us from a wide range of cyber threats, including malware, viruses, ransomware, phishing attacks, and zero-day threats.

Check Point NGFW uses a variety of advanced technologies to protect our network, including intrusion prevention, application control, and threat intelligence. It is also able to detect and block sophisticated cyberattacks that traditional firewalls cannot.

Check Point NGFW has helped us to significantly reduce our risk of cyberattacks by providing comprehensive protection against a wide range of threats, including malware, viruses, ransomware, phishing attacks, and zero-day threats. 

It has also improved our network performance and reliability by optimizing traffic flow and reducing latency. 

We are confident that Check Point NGFW will continue to protect our network from the latest cyber threats due to its advanced security features and its team of experts who are constantly monitoring and updating the product.

As a security professional with over ten years of experience, I've seen firsthand the devastating impact that cyberattacks can have on organizations of all sizes. That's why I'm so passionate about using the best possible security solutions to protect my clients.

One of my favorite security solutions is Check Point NGFW. It provides comprehensive protection against a wide range of cyber threats, including malware, viruses, ransomware, phishing attacks, and zero-day threats. It is also designed to deliver high performance even in the most demanding environments, and it can be scaled to meet the needs of organizations of all sizes.

I've also found Check Point NGFW to be very easy to use and manage, even for users with limited IT expertise. This is important to me because I want to make sure that my clients can focus on their business without having to worry about complex security solutions.

Overall, I highly recommend Check Point NGFW to any organization that is looking for a comprehensive and effective security solution.

There are a few areas where Check Point NGFW could be improved. First, it can be expensive, especially for small businesses. Second, it can be complex to configure and manage, especially for users with limited IT expertise. Finally, its licensing model can be complex and confusing.

Despite these areas for improvement, I still highly recommend Check Point NGFW to any organization that is looking for a comprehensive and effective security solution. I am confident that Check Point will continue to improve its products in the future, and I am excited to see what new features and capabilities they come up with next.  

One thing I would like to see in the next release is an AI-powered threat detection and prevention system that can automatically identify and block new and emerging threats.

We've been a Check Point customer for over 21 years, and we've always felt that they are a trusted partner in our cybersecurity efforts.

Overall, I'm very impressed with the stability of Check Point NGFW. It's a powerful security solution that can meet the needs of organizations of all sizes.

One of the things that I appreciate most about Check Point NGFW is its flexibility. It can be deployed in a variety of ways, including physical appliances, virtual machines, and cloud-based instances. This makes it easy to scale your security infrastructure up or down as needed.

I've always been impressed with the responsiveness and expertise of Checkpoint's customer service and support team.

Positive

We have never used a different solution. We have been using Check Point NGFW since we first launched our network 21 years ago, and we have been very satisfied with its performance and reliability.

The complexity of the initial setup of Check Point NGFW depends on the size and complexity of your network, as well as the features and capabilities that you need.  

If you have a large enterprise with a complex network or need to configure all of the features and capabilities of Check Point NGFW, I would highly recommend that you engage Check Point Professional Services to help you with the setup process.

We have always used Check Point Professional Services to assist with our implementation.  They are very knowledgeable and can save you a lot of time and frustration.

To maximize the ROI of Check Point NGFW, it is important to choose the right deployment model, use Check Point's security services, and keep the software up to date.

There are a few areas where Check Point NGFW could be improved. First, it can be expensive, especially for small businesses. Second, it can be complex to configure and manage, especially for users with limited IT expertise. Finally, its licensing model can be complex and confusing.

Despite these areas for improvement, I still highly recommend Check Point NGFW to any organization that is looking for a comprehensive and effective security solution. I am confident that Check Point will continue to improve its products in the future, and I am excited to see what new features and capabilities they come up with next.

We evaluated Cisco ASA Firewall before choosing Check Point NGFW.

A few months ago, one of my clients was targeted by a sophisticated ransomware attack. Check Point NGFW was able to detect and block the attack before it could cause any damage. My client was very grateful for Check Point NGFW's protection, and I was relieved that I was able to help them avoid a costly and disruptive attack.

It assists us in filtering files for our internal users, ensuring that our data remains secure and protected. During the pandemic, it has been invaluable in enabling remote connections through VPN for our employees who are working from home, facilitating our COVID-19 response efforts. We established point-to-point VPN connections with approximately thirty clients, which enhances our security, especially at the outermost layer of our network, safeguarding us from external threats.

It includes features like IPS, which keeps us informed about potential threats attempting to breach our infrastructure, adding a crucial layer of security. It is user-friendly and straightforward to manage, which simplifies our overall network security management.

It could greatly improve our customer experience by centralizing management. Currently, we face the issue of having different management interfaces, which require us to switch between them, causing some difficulties and inefficiencies in our workflow. There are instances where the software crashes and this necessitates frequent upgrades from one version to another.

I have been using it for four years now.

I would rate it as highly stable, giving it a solid nine out of ten.

In terms of scalability, we haven't needed to expand significantly as our current setup consists of firewall checkpoints at the main site and another set at the HQ. These devices can seamlessly communicate with one another. We use SmartConsole managing system, which serves as a centralized hub for collecting and managing logs from all our Check Point Firewalls. As far as I know, the limit for management servers is five firewalls, so beyond that, additional licensing may be required to accommodate more devices.

We don't engage directly with its support team. Instead, we work through a reseller who handles our support needs. When we require assistance, we reach out to the reseller, and if necessary, they will liaise with Check Point on our behalf.

We were previously using Cisco ASA, Cisco X-ray, and FortiGate. However, the technologies we had, particularly the Cisco ASA, were outdated, and there was a clear need to upgrade to a next-generation appliance. When considering our options, we received a proposal from a local vendor in Angola, and after reviewing it, we decided to move forward with Check Point as it is widely recognized as one of the top solutions in the market.

The initial setup is straightforward. I would rate it nine out of ten.

We've had positive experiences with the deployments, and we've recommended it in several instances. Currently, we have implemented four Check Point Firewalls. Our initial deployment at the primary site took approximately a week to set up. After fine-tuning and making necessary adjustments, the total time for implementation was roughly two weeks. The main office at our headquarters had a similar timeline, as the tuning process does require a significant amount of time and effort.

The technology itself is impressive, but I find the pricing a bit on the higher side. This is partly due to the complexities we face with exchange rates in our country, as obtaining foreign currency can be challenging.

Having worked with products from various providers, I've found the experience and functionality of Check Point to be quite impressive and I strongly recommend it, provided they invest in essential training, which is a critical component. Its user-friendly management interface simplifies the process, and it offers a wealth of features. I would rate it nine out of ten.

Our customer’s infrastructure is entirely based on Check Point. They are using around 2,000 firewalls worldwide. We resolve the problems in their product as a service provider.

Check Point is a great technology. It doesn't compromise the performance of the users. The tool provides great security. It was the first firewall that provided 3-way handshake. It was the first stateful firewall in the market.

The tool’s architecture could be improved a bit. It should provide Single-Pass Parallel Processing. Check Point’s interface is quite segregated.

I have been using the solution for seven to eight years.

The tool will be stable if the implementation team has done a good job.

The tool is scalable. If a user faces any constraints, we can upgrade the tool. The hardware is scalable. Our customers are enterprise-level businesses.

The technical support team is not excellent. It’s not easy to get people on call on urgent tickets. They join the call, but the support is not as smooth as other vendors like Cisco and Zscaler.

Positive

Palo Alto provides Single-Pass Parallel Processing. Palo Alto and Check Point are not very different.

The product is easy to install. It's an interesting product. Once we get the knowledge of Check Point, it's quite easy to work on. However, for new users, the solution is a bit difficult. For a single gateway, if we are ready with all the necessary software we need while installing, the deployment takes one to two hours.

A single-site deployment, where all gateways and management are taken care of, can be done by one or two people. However, a complete implementation team is required if some things are to be done on the cloud and some in the branch offices. One team will handle the policies, and the other will handle the basic installations. Once the solution is stabilized, maintenance will be easy.

Check Point is a good tool. I would recommend it to others. Overall, I rate the solution a nine out of ten.

We use the solution as a perimeter firewall. We also use it for endpoint security and VPN.

The product is very user-friendly. The configuration can be managed and customized as required. We can customize the tool for each stakeholder.

It will be good if the product is rack-mounted. The product must be updated to protect users from the latest firewall threats.

I have been using the solution for almost six years.

The tool is very stable.

The tool is easily scalable. Almost 2000 people are using the product in my organization.

The support is good.

Positive

We also work with other vendors. Check Point is as good as its competitors, but its cost is a bit higher.

The initial setup is very easy. One firewall engineer can deploy the product within a few hours. It is very easy to maintain the tool. We need only one person to maintain it.

The tool is a bit expensive. The product’s operational cost is very high. We pay a yearly licensing fee. We also pay for support.

Check Point is the most user-friendly solution. It can be configured quickly. Overall, I rate the product an eight out of ten.

The primary use case is segmentation in many different areas of the company network. We had a few critical use cases: there was a need for an internal firewall, and also an edge firewall. Apart from having simple segmentation, we had a requirement for additional features like the possibility to decrypt traffic, the possibility to inspect URLs or the intrusion prevention system feature. 

A very important thing for us was also to have a very good quality of vendor support. Definitely, this is something we can get here. 

With Check Point we have achieved our primary goal - segmentation. We were able to limit North-South and East-West traffic which had a very impressive impact on improving security posture. 

We also have the possibility to control Internet traffic, we can use the URL filtering feature together with traffic decryption to be able to allow only safe communication. A very important thing for us is also having the possibility to use identity awareness and be able to implement policy based on user IDs (user ad groups).

I like the Next-Generation Firewall. This is the primary feature and use case for this solution. It's a very important thing for us to have a solution that provides ease of use and an intuitive interface.

We are also using other security blades that are included in the package like URL filtering, identity awareness, IPS, antibot, and threat detection.

The most valuable thing for us is to have the possibility to use all the security blades and all security products and have a consistent policy among different security features. Reporting and integration with external solutions are great.

Check Point could improve the time for delivering requested features from customers. It could be delivered much faster. Also, communication and status reporting for such requests have a lot of room for improvement. After the request, we do not get any information on the status or progress until it is implemented.

Looking at the trend in the market which aims for vendor consolidation, the strategy to deliver one vendor SASE could be beneficial for Check Point and its customers. 

I've been familiar with the product since 2003. At my current company, CheckPoint appeared three years ago.

The stability is good.

The range of platforms is huge. It can fit every traffic requirement.

Overall I have had a positive experience with support. Sometimes it takes too long to resolve issues, however.

Positive

I have been using Cisco ASA. The switch was done based on the intuitive management interface and ease of use of Check Point.

The setup is straightforward, even if the policies are big and complex.

We have used help from a third-party company.

I'd advise users to prepare their requirements before choosing the product and model.

I also evaluated Palo Alto.

It is a really good solution. You should be happy with it if you choose it.

The customer's use case involves employing it to safeguard their internal applications from external threats. They utilize various gateway features, including user identity-based policy, anti-spam, antivirus, IPS, anti-BOT, and other security measures, effectively creating a robust defense against a wide range of potential risks.

The primary focus is on safeguarding the customer's internal applications, especially for traders. When it comes to security, the main advantage lies in risk mitigation, akin to insurance.

The most valuable feature is its unique inspection model, which was initially a basic firewall inspection. Over time, they've developed and refined this model to cater specifically to trade-related intelligence. It is now a crucial and central component of their security infrastructure.

From an administrative perspective regarding Check Point NGFW, there are two key suggestions to improve efficiency. Firstly, administrators should be able to create a unified policy which means that when administrators set up policies in Check Point, they should have the flexibility to configure different security profiles and other security parameters all within the same access policy, simplifying the process. Secondly, the upgrade process for Check Point Firewalls currently involves extended downtime as it often requires a fresh installation. This downtime can last up to around sixty minutes, causing disruptions to business operations. To enhance the user experience, Check Point should consider adopting an incremental upgrade approach, similar to competitors like Palo Alto or Fortinet, as it would help minimize downtime and streamline the upgrade process, making it more efficient and user-friendly.

I have been working with it for about ten years.

It provides good stability features. I would rate it six out of ten.

Scalability is achievable in the cloud environment. By following the appropriate processes, you can configure automated scanning and other necessary functions to ensure it.

From a technical support perspective, there is room for improvement in Check Point's services. They have increasingly outsourced a significant portion of their support, primarily to third parties. This outsourcing has raised concerns, as it often results in longer resolution times and troubleshooting processes. In my experience, working with Level 3 engineers is more satisfactory and efficient, whereas Level 1 and Level 2 support can sometimes fall short of expectations and extend the time required to address issues.

Neutral

When comparing Check Point to Fortinet and Palo Alto solutions, there are several advantages and disadvantages to consider. One key advantage of Check Point is its robust logging capabilities. Administrators can access detailed traffic flow information, providing valuable insights into network activity. Another strength is the trust associated with Check Point. They pioneered the concept of "stateful firewall," which has established a strong foundation for trust in their security solutions and is built on their extensive experience and history in the field.

The initial setup is a medium-level complexity task.

When deploying on AWS cloud, I typically opt for CloudFormation templates to facilitate the setup of Check Point. This approach offers the advantages of infrastructure as code. When it comes to on-premises deployments, the process is manual and involves tasks such as physical cable connections, configuring interfaces, setting up routes, and defining network policies. For a typical mid-sized project, a single person is usually sufficient for the cloud deployment, taking no more than two hours if the implementation plan is well-defined and the design is in place.

The cost can vary depending on the specific model and feature set requirements, as well as the unique value it offers to the organization. The price may be perceived as relatively high when compared to the features and capabilities they provide.

My advice for anyone considering it would be to begin by thoroughly understanding their specific needs and requirements. It's crucial to assess budget constraints and security priorities. If an organization has a sufficient budget and prioritizes a robust security posture, I would recommend considering Fortinet. They often provide a more comprehensive security exposure when compared to Check Point. For organizations with legacy systems or a strong preference for Check Point's Endpoint solutions, my advice is to segregate the management and gateway components. Avoid running both on the same platform to prevent complexity and potential issues. Separating these functions can lead to a smoother and more efficient operation. Overall, I would rate it six out of ten.