Check Point Quantum Force (NGFW) Reviews

The customer's use case involves employing it to safeguard their internal applications from external threats. They utilize various gateway features, including user identity-based policy, anti-spam, antivirus, IPS, anti-BOT, and other security measures, effectively creating a robust defense against a wide range of potential risks.

The primary focus is on safeguarding the customer's internal applications, especially for traders. When it comes to security, the main advantage lies in risk mitigation, akin to insurance.

The most valuable feature is its unique inspection model, which was initially a basic firewall inspection. Over time, they've developed and refined this model to cater specifically to trade-related intelligence. It is now a crucial and central component of their security infrastructure.

From an administrative perspective regarding Check Point NGFW, there are two key suggestions to improve efficiency. Firstly, administrators should be able to create a unified policy which means that when administrators set up policies in Check Point, they should have the flexibility to configure different security profiles and other security parameters all within the same access policy, simplifying the process. Secondly, the upgrade process for Check Point Firewalls currently involves extended downtime as it often requires a fresh installation. This downtime can last up to around sixty minutes, causing disruptions to business operations. To enhance the user experience, Check Point should consider adopting an incremental upgrade approach, similar to competitors like Palo Alto or Fortinet, as it would help minimize downtime and streamline the upgrade process, making it more efficient and user-friendly.

I have been working with it for about ten years.

It provides good stability features. I would rate it six out of ten.

Scalability is achievable in the cloud environment. By following the appropriate processes, you can configure automated scanning and other necessary functions to ensure it.

From a technical support perspective, there is room for improvement in Check Point's services. They have increasingly outsourced a significant portion of their support, primarily to third parties. This outsourcing has raised concerns, as it often results in longer resolution times and troubleshooting processes. In my experience, working with Level 3 engineers is more satisfactory and efficient, whereas Level 1 and Level 2 support can sometimes fall short of expectations and extend the time required to address issues.

Neutral

When comparing Check Point to Fortinet and Palo Alto solutions, there are several advantages and disadvantages to consider. One key advantage of Check Point is its robust logging capabilities. Administrators can access detailed traffic flow information, providing valuable insights into network activity. Another strength is the trust associated with Check Point. They pioneered the concept of "stateful firewall," which has established a strong foundation for trust in their security solutions and is built on their extensive experience and history in the field.

The initial setup is a medium-level complexity task.

When deploying on AWS cloud, I typically opt for CloudFormation templates to facilitate the setup of Check Point. This approach offers the advantages of infrastructure as code. When it comes to on-premises deployments, the process is manual and involves tasks such as physical cable connections, configuring interfaces, setting up routes, and defining network policies. For a typical mid-sized project, a single person is usually sufficient for the cloud deployment, taking no more than two hours if the implementation plan is well-defined and the design is in place.

The cost can vary depending on the specific model and feature set requirements, as well as the unique value it offers to the organization. The price may be perceived as relatively high when compared to the features and capabilities they provide.

My advice for anyone considering it would be to begin by thoroughly understanding their specific needs and requirements. It's crucial to assess budget constraints and security priorities. If an organization has a sufficient budget and prioritizes a robust security posture, I would recommend considering Fortinet. They often provide a more comprehensive security exposure when compared to Check Point. For organizations with legacy systems or a strong preference for Check Point's Endpoint solutions, my advice is to segregate the management and gateway components. Avoid running both on the same platform to prevent complexity and potential issues. Separating these functions can lead to a smoother and more efficient operation. Overall, I would rate it six out of ten.

The primary distinction between an NG Firewall and a traditional firewall lies in their configuration flexibility and scalability. Regarding options and features, the spoofing functionality in Check Point has been instrumental in enhancing security in our critical environment. It plays a crucial role in securing our internet connectivity.

Its functionality is highly satisfactory. In the newer Check Point version, there are additional features in VPN and IP security that enhance tunnel security. This flexibility extends to the Check Point MDM platform, allowing for streamlined management across different domains. In my current client's complex infrastructure, there's often a need to replicate rules from one firewall to another within the same room. With Check Point, it's a straightforward process of creating the rules in one policy and then easily copying and pasting them into other policies.

The log management process in MDS consumes a significant amount of storage, so it would be highly beneficial if there's an opportunity to optimize these logs and save storage space. While it does enhance network security, it tends to consume substantial resources, including CPU, memory, and storage. It could be an exceptionally useful and efficient solution if there were outgoing or AI-driven algorithms to streamline log management and periodically delay the logs.

I have been working with it for almost four years.

Regarding stability, I would rate it seven out of ten. While there have been occasional issues like false positives and blocking misreads in my NGFW, overall, it's a good product.

In terms of scalability, I would rate it seven out of ten.

The level of support provided depends on the specific contract. With a premium contract, it gets you treated as a top-priority customer, and they respond promptly, making every effort to find solutions. If you have a standard support contract, your experience might be more like that of an ordinary customer. In general, I've found them to be helpful, and I would rate their support six out of ten.

Neutral

I was working with Palo Alto for a couple of years, and I found their data protection functionality to be particularly interesting. I believe this feature is quite innovative and that other vendors should consider taking inspiration from it.

When it comes to the setup process, I've noticed that publishing and informing policies in different steps can be a bit complex. The typical sequence of publishing policies, configuring them, and then deploying them to the firewall can feel suboptimal at times. There are situations where an immediate policy installation is needed and it would be beneficial if there were options to install policies directly before the publishing step. Overall, the setup process is not overly complex, but it's not as straightforward.

When it comes to the quality-price ratio, I've found that Check Point offers a competitive balance in the market. I would rate it four out of ten.

I would rate it six out of ten.

Check Point Next Generation Firewall is one of the most secure and stable firewalls present in the market. the integration & implementation of Check Point Next Generation firewall took place due to security concerns, and we were impressed by what this product brings with it.

The integration of Check Point Next Generation Firewall in my organization has taken over one year or so, and it helps to segregate the internal network and build a secure VLAN that separates every department.

Scalability, end-to-end resolution, and customized productive services make Check Point Next Generation Firewall far better than the alternatives present in the market. It has services like navigation, control, and filtering that ensure that all users stay connected to business applications and helps restrict traffic.

The integration of Check Point Next Generation Firewall proved to be highly productive and scalable, and everything was offered at a lower price.

Check Point Next Generation Firewall helped out us drive innovation and growth in our organization. It provided a safe passage for system and data security via its services of navigation, control, and filtering. The product ensures that all users stay connected to business applications and helps restrict traffic.

Overall, the Check Point Next Generation Firewall protects us from all types of internal and external threats while being easy to use and set up.

The integration of the Check Point Next Generation Firewall in my organization has taken over one year. It helps to segregate the internal network and build a secure VLAN that separates every department.

We like the scalability, end-to-end resolution, and customized productive services. This makes Check Point Next Generation Firewall far better than any alternative present in the market.

It offers services like navigation, control, and filtering, which ensure that all users stay connected to business applications.

Check Point Next Generation Firewall Protects systems from all types of internal and external threats.

Check Point Next Generation Firewall requires frequent updates. They need to build a more user-friendly dashboard and have the implementation of more active VPN support.

Apart from this, Check Point Next Generation Firewall customer support service needs to be improved. They need to offer quicker resolution and maintenance during downtime.

Check Point Next Generation Firewall Protects from all types of internal and external attacks and is a must-have software for professionals and organizations.

It has been more than one year since I integrated Check Point NGFW.

I haven't been in integration with any other solution.

We decided on this solution after looking at reviews and comparing prices. Check Point proved to be the best option in the end. 

I would advise others to go for it. It's easy to set up and available at lower pricing than alternatives.

No, we did not evaluate other options. We just compared other alternatives from some review websites and decided to go for Check Point.

It's a must-integrate solution for professionals and organizations.

We've used the solution for perimeter and DMZ security as we host a website that is accessible online.

On the perimeter, we have Check Point acting as the entry point to our web server farm with load balancers. The access policy is configured with the least privilege, only allowing connections that are part of business requirements.

Intrusion prevention is enabled in prevent mode to detect and block well-known vulnerabilities and attacks. The device connects to Check Point's cloud for updates on signatures to new threats. 

We are peering with Partners via Site-to-Site VPNs for Services.

1. It's offering perimeter security to publicly accessible sites. There's better security at the edge and DMZ with the use of access policies. 

2. The activation of Intrusion Prevention Blades offers better security at the perimeter and between DMZ Zones. IPs also have prebuilt security profiles making deployments of IPS fast and efficient, and exceptions to the rule base are easy.

3. The use of a remote access VPN is used to connect to partner sites.

4. Check Point offers virtualized systems, making it easy to scale. Instead of buying new equipment, we have set up virtual systems for the DC and user networks.

1. Intrusion prevention. Preventing and detecting well know vulnerabilities to our publicly accessible systems is easy. Inbuilt predefined security profiles can be deployed out of the box.

2. Virtualized security. Virtualized products are used to provide more scalability and ease of administration to the network.

3. Identity awareness. Granular policies on the firewall are based on identities.

4. Site-to-site VPN. We can make connections with partners securely.

5. Reporting. Prebuilt reports that are already in a well-presented manner could be presented to management.

6. Access Policy and NAT rules base.

1. Complexity in upgrades. Currently, upgrades are quite cumbersome. I would prefer the click of a button and process upgrades.

2. Pricing. The pricing is quite high as compared to other industry firewalls (such as Cisco or Fortinet).

3. Documentation. They have to improve on providing more documentation and examples for certain features online. In other sections, it feels shallow and we could use more information and examples.

4. Complexity in system tweaks. There are some knobs that need to be tweaked at the configuration files on the CLI which can be considered complex.

5. Check Point Virtual Security. The features take a bit more time to be released as compared to physical gateways.

I've used the solution from 2017 until now.

A word of caution, especially on new software: you might hit a couple of bugs. Therefore, the general recommendation is to wait for a few takes before upgrading to a major version.

With older versions it's stable.

The solution offers high-performance devices ranging from small to big data centers.

Virtual Security offers up to 13 connected gateways helping with managed security.

First-line support is hit or miss, and at times getting an engineer to assist on the call can take hours.

Opening tickets on the Check Point platform is ok with the first response depending on the workload of the engineers.

This is one place Check Point needs to improve.

Positive

Previously we were using Cisco ASA 5585. However, the performance was not reliable, and scaling would have been an issue.

We opted to go with Check Point, which could handle high performance and scaling was easier. Check Point also offered IPS features which were easier. Check Point also had better reporting and management tools.

The initial setup was a bit complex since we were deploying virtual systems.

The interface configurations, access policy, VPNs, and NAT setup were easy. The complexity was in understanding how Check Point handles virtualized security instead of physical security gateways.

The initial implementation was with the help of a vendor with good knowledge of the product.

It's used to protect the organization from security threats and provide connectivity to our applications which is the main platform for business. That's the ROI we've noted.

The pricing and licensing for Check Point are high.

Due to experience with Check Point, we did not evaluate other options (like Fortigate or Palo Alto).

Generally, Check Point is a good product with a lot of security features that I would recommend to any organization.

We are a top enterprise with a huge Check Point presence. We have been using Check Point since its older R65 version, and we are currently on the R81 version. 

We have close to 200 Check Point devices for DC and all remote sites. We are also using Check Point for our edge security along with the Sandbox environment. 

Check Point is also used as a VPN solution which is a pretty easy setup. 

Check Point Cloud Guard is an excellent find we were able to do some cloud-based networking in our private cloud. 

HTTP forwarding is one feature that I haven't seen in Check Point's competitors. With it, I can just send all HTTP traffic to a cloud-based proxy directly without building a GRE tunnel or VPN. 

We took some major leaps with Check Point virtualization. VSX is one of the phenomenal features of Check Point. It allows us to virtualize multiple environments. We have saved hundreds of thousands of dollars with VSX. 

Instead of using a number of small firewalls, we bought a couple of CP 23K series with 20 virtual licenses. It really worked for us with the MDS and smart log. 

HTTP forwarding is something I haven't seen elsewhere.

VSX, URL filtering, and DLP are all excellent. VSX is the best thing we have used. We can use virtual switches and virtual routers for VLAN extensions. Another great feature is the "Active-Active" state that no other firewalls provide. I worked with other vendors as well; however, Check Point is the only one that can provide very good support on the Active-Active state. I still like the traditional way of troubleshooting using TCPDUMP and the FW monitor. Application IDs can be used, which is a significant improvement from previous versions.

The web UI for VSX could be better. As we enable VSX on physical gateways we cannot access the web UI. Smart log setup isn't so easy. We have some issues with some domains, however, overall, the smart log is a really good feature that helps navigate to the right domains for troubleshooting. 

We have so many applications, including smart updates, provisioning, etc. I would like to see a single pane where I can do everything instead of going to each application and making changes. 

More and more application IDs and integration is a really good thing and that's something I am looking for. 

I've used the solution for eight years.  

We used another solution before, which was only command-line based. Check Point was only the major competitor and best option a decade ago. 

We need to choose technology first, and obviously, others follow. Check Point's three-tier architecture is the main reason for us using it. I believe the pricing is pretty competitive.

We did look at other options, including Fortinet, however, nothing is as good as Checkpoint. 

Check Point is a good solution. It is a reliable solution above all. 

We are using physical appliances along with some VSX's in our network. We mostly use firewall only (due to high traffic usage). We are using CP NGFW to protect the company from the internet and also provide security while we are connecting to the internet.  

We have physical clusters that we manage via our company's external connections through S2S. We are managing our core and client networks with separate clusters. Applying security rules and providing NAT when we need it. We are also using CP in our DRC environment to provide SRC and DST NAT with VSX to provide access to machines that have the same IP addresses.

Back when we had a different brand of firewalls, we were having trouble managing all of them separately. With Check Point's HA capability, we merged all of our Check Point firewall management. With this, we can apply a viable DRC solution that our company needs and also manage, view logs, and administer all of the components together.

With the capable appliances, we don't experience any CPU and Memory utilization most of the time. With the help of new versions, Check Point is moving forward. We hope the upcoming version will provide hyper flow, and this will solve our elephant flow problem.

The solution offers a good GUI. It is easy to use, smart, simple, and user-friendly.

The client VPN and S2S VPN capabilities are great. Check Point's mobile access provides us with flexibility. We don't have a single point of failure regarding the VPN access points anymore.

We can use Check Point NGFW physically, virtually (with Check Point VSX), and on the cloud with CloudGuard. We have most of the features available even within these different environments.

We can apply SAM Rules (without installation needs), and Custom Intelligence Feeds.

It has good API support and provides value when you need it. 

The API support is good. However, Check Point needs to focus on more prepared scripts for some tiresome actions. Other vendors provide this, including Palo Alto). We are in a big organization now, and we need good tools to maintain stability and get rid of the objects and rules that we don't use.

If you are working within a big organization, you may have some CPU and memory utilization problems. Most of the time, we are encountering these kinds of problems, and due to that, we can't use other features and blades other than the firewall or threat prevention.

I find Check Point's log experience a little tiresome as it does not provide information with limited blades enabled. We'd like to see information around session time, sent and received bytes, etc. Even if you manage to get some data, you may find it not very reliable.

I've been using Check Point's NGFW and its features for about five years. 

I found Check Point's stability a little bit so-so. Not that good, not that bad. Most of the time it is reliable. We had lots of problems before due to the utilization of our firewalls. Most of the time, the hotfixes provided the solution. However, applying hotfixes and getting in touch with the R&D when needed may be tiresome.

It's pretty good. The HA Features provide a good solution so far, and with Maestro it will perform better.

I had the chance to work with Fortigate and Palo Alto Firewalls before. Due to the stability and know-how regarding Check Point, we chose this vendor.

We always believed and saw that the money we spent on Check Point was not in vain.

The device is being used for perimeter security devices across multiple clients across sites. Check Point has not only improved our organization - it also has given us holistic perimeter and endpoint security protection throughout the enterprise.  

Our sites across the globe have Check Point perimeter protection.

Pros include:

• Internal Network Protection from outside network
• VPN connectivity for secure data transmission across multiple vendors
• File download antivirus security
• URL Filtering
• Application filtering
• Malicious domains blocking

The solution has helped out organization stay safe with its depth application filter, URL filtering, and SSL inspection. It's mitigated a significant amount of risk for corporate users as well as to host services at our terminal that need access from the internet. By far, it's the best security solution one can adopt for their organization. 

It's:

• Reduced attacks on DMZ servers
• Blocked access of malicious destinations hit by internal users
• Complete visibility about what is going and what is coming via internet
• Check Point is the industry’s unified cybersecurity architecture that protects businesses against sophisticated 5th generation cyber-attacks.
• Having multiple checkpoint products under the same roof provides consolidated security.
• Ultimately saving cost by having better centralized solution

The solution has a lot of valuable aspects, including:

• IPS & IDS
• Sandbox (Threat Emulation & Extraction)
• Ease of management
• Reports for analysis
• Better technical support
• Stateful inspection
• Application-aware boxes
• Threat detection capabilities
• Hyperscaling

Data loss prevention, compliance, threat emulation, and other blades overall make this a robustly unified platform for the implementation and management of security controls.

Since it is Layer 7, we are able to get down to the application level and block certain applications from even running.

Since it has an IPS in place, we are able to see possible attacks that have been prevented by the firewall.

The perimeter antivirus can be improved. It's not as good as other leaders.

Additional features that could be good to have/improved include:

• Modular capabilities 
• Integration with VMware and NSX products per client requirement
• 3rd Party support product is very limited 

The solution can integrate with other vendors to form IPsec connectivity with redundancy - which is only possible now between the CP to CP FW only.

The licensing part is a bit tricky. The product can simplify this further for ease of use.

They need to work on log size optimization.

Antivirus signatures should be updated in real-time.

We've used the solution for the last eight years.

The stability is very good.

The scalability is very good.

Technical support has been great.

Positive

We did not use a different solution previously.

The initial setup is straightforward. 

We had a vendor assist us.

We haven't used other products.

We also looked at FortiGate and Palo Alto.

I use the solution in my company for cybersecurity, securing perimeter networks, giving the user access to VPN, URL filtering, antivirus, sandblast, network segmentation, and monitoring purposes.

Regarding the benefits of using the tool, I would say we spend less time investigating security incidents because we have fewer of them to deal with because Check Point works quite well. The tool offers greater visibility when it comes to network traffic.

The solution's most valuable feature is its adaptability and configurable nature. The software's security posture, I would say, has reduced vulnerabilities than other vendors, and we value that greatly in our company.

The product's support is an area of concern where improvements are required. Sometimes, there are bugs in the software, and the speed at which the product resolves those bugs could be improved. The system is quite complex, and you need to be an expert to get the most benefits, making it an area where the tool could be improved.

It would be nice if Check Point could update its own agents, for example, VPN clients or identity clients. I think the product has a very large number of features.

The product's price is an area of concern, making it an area where I would like to see some improvements.

I have been using Check Point NGFW for a bit less than fifteen years. I use Check Point R81.20.

In the past three months, my company has had stability issues, but the impact was quite low, which is great because we have a cluster environment. When one node fails, the other one picks up the job. When changing from version to version, sometimes bugs show up that need to be resolved.

The tool allows you to add as many nodes as you like or can afford. If it is virtualized, you can also give it more resources.

In my company, I think we have four nodes, which are the main nodes, and then we have eight smaller regional nodes. We have around 260 users and 280 endpoints.

I rate the technical support a five or six out of ten.

Neutral

The product's initial setup phase was so long ago that I don't remember how it went. The product is not the most intuitive and easy to set up because of the large number of settings you can configure and the ways how you can configure those settings. Without an expert or consultant, I wouldn't recommend implementing the tool by yourself if you value your time and don't want a big downtime later.

The tool's ROI is almost impossible to calculate because it's a security product. If nothing happens, then you always feel like you are paying too much, but you don't know how the situation would change if you use cheaper firewalls and have to face a security breach.

The product's price is on the higher side but I also feel that it is more secure than the other solutions in the market.

In the past, my company had tested Fortinet and Sophos, but we did not migrate to them. Though the price of the firewalls from Fortinet and Sophos were better, from a security perspective, Check Point was better. In the recent years, there have been a lot of critical vulnerabilities detected in those firewalls and breaches because those vulnerabilities were detected and we didn't get them. So we value that greatly.

The tool requires maintenance. You need to update the product version. If we don't encounter any bugs in the installation process, I would say that the maintenance process is quite straightforward.

I recommend the tool to others. If you value your data and it is a mission-critical project, then Check Point is the right choice.

I rate the tool an eight out of ten.