Check Point Quantum Force (NGFW) Reviews

We've used the solution for perimeter and DMZ security as we host a website that is accessible online.

On the perimeter, we have Check Point acting as the entry point to our web server farm with load balancers. The access policy is configured with the least privilege, only allowing connections that are part of business requirements.

Intrusion prevention is enabled in prevent mode to detect and block well-known vulnerabilities and attacks. The device connects to Check Point's cloud for updates on signatures to new threats. 

We are peering with Partners via Site-to-Site VPNs for Services.

1. It's offering perimeter security to publicly accessible sites. There's better security at the edge and DMZ with the use of access policies. 

2. The activation of Intrusion Prevention Blades offers better security at the perimeter and between DMZ Zones. IPs also have prebuilt security profiles making deployments of IPS fast and efficient, and exceptions to the rule base are easy.

3. The use of a remote access VPN is used to connect to partner sites.

4. Check Point offers virtualized systems, making it easy to scale. Instead of buying new equipment, we have set up virtual systems for the DC and user networks.

1. Intrusion prevention. Preventing and detecting well know vulnerabilities to our publicly accessible systems is easy. Inbuilt predefined security profiles can be deployed out of the box.

2. Virtualized security. Virtualized products are used to provide more scalability and ease of administration to the network.

3. Identity awareness. Granular policies on the firewall are based on identities.

4. Site-to-site VPN. We can make connections with partners securely.

5. Reporting. Prebuilt reports that are already in a well-presented manner could be presented to management.

6. Access Policy and NAT rules base.

1. Complexity in upgrades. Currently, upgrades are quite cumbersome. I would prefer the click of a button and process upgrades.

2. Pricing. The pricing is quite high as compared to other industry firewalls (such as Cisco or Fortinet).

3. Documentation. They have to improve on providing more documentation and examples for certain features online. In other sections, it feels shallow and we could use more information and examples.

4. Complexity in system tweaks. There are some knobs that need to be tweaked at the configuration files on the CLI which can be considered complex.

5. Check Point Virtual Security. The features take a bit more time to be released as compared to physical gateways.

I've used the solution from 2017 until now.

A word of caution, especially on new software: you might hit a couple of bugs. Therefore, the general recommendation is to wait for a few takes before upgrading to a major version.

With older versions it's stable.

The solution offers high-performance devices ranging from small to big data centers.

Virtual Security offers up to 13 connected gateways helping with managed security.

First-line support is hit or miss, and at times getting an engineer to assist on the call can take hours.

Opening tickets on the Check Point platform is ok with the first response depending on the workload of the engineers.

This is one place Check Point needs to improve.

Previously we were using Cisco ASA 5585. However, the performance was not reliable, and scaling would have been an issue.

We opted to go with Check Point, which could handle high performance and scaling was easier. Check Point also offered IPS features which were easier. Check Point also had better reporting and management tools.

The initial setup was a bit complex since we were deploying virtual systems.

The interface configurations, access policy, VPNs, and NAT setup were easy. The complexity was in understanding how Check Point handles virtualized security instead of physical security gateways.

The initial implementation was with the help of a vendor with good knowledge of the product.

It's used to protect the organization from security threats and provide connectivity to our applications which is the main platform for business. That's the ROI we've noted.

The pricing and licensing for Check Point are high.

Due to experience with Check Point, we did not evaluate other options (like Fortigate or Palo Alto).

Generally, Check Point is a good product with a lot of security features that I would recommend to any organization.

We are a top enterprise with a huge Check Point presence. We have been using Check Point since its older R65 version, and we are currently on the R81 version. 

We have close to 200 Check Point devices for DC and all remote sites. We are also using Check Point for our edge security along with the Sandbox environment. 

Check Point is also used as a VPN solution which is a pretty easy setup. 

Check Point Cloud Guard is an excellent find we were able to do some cloud-based networking in our private cloud. 

HTTP forwarding is one feature that I haven't seen in Check Point's competitors. With it, I can just send all HTTP traffic to a cloud-based proxy directly without building a GRE tunnel or VPN. 

We took some major leaps with Check Point virtualization. VSX is one of the phenomenal features of Check Point. It allows us to virtualize multiple environments. We have saved hundreds of thousands of dollars with VSX. 

Instead of using a number of small firewalls, we bought a couple of CP 23K series with 20 virtual licenses. It really worked for us with the MDS and smart log. 

HTTP forwarding is something I haven't seen elsewhere.

VSX, URL filtering, and DLP are all excellent. VSX is the best thing we have used. We can use virtual switches and virtual routers for VLAN extensions. Another great feature is the "Active-Active" state that no other firewalls provide. I worked with other vendors as well; however, Check Point is the only one that can provide very good support on the Active-Active state. I still like the traditional way of troubleshooting using TCPDUMP and the FW monitor. Application IDs can be used, which is a significant improvement from previous versions.

The web UI for VSX could be better. As we enable VSX on physical gateways we cannot access the web UI. Smart log setup isn't so easy. We have some issues with some domains, however, overall, the smart log is a really good feature that helps navigate to the right domains for troubleshooting. 

We have so many applications, including smart updates, provisioning, etc. I would like to see a single pane where I can do everything instead of going to each application and making changes. 

More and more application IDs and integration is a really good thing and that's something I am looking for. 

I've used the solution for eight years.  

We used another solution before, which was only command-line based. Check Point was only the major competitor and best option a decade ago. 

We need to choose technology first, and obviously, others follow. Check Point's three-tier architecture is the main reason for us using it. I believe the pricing is pretty competitive.

We did look at other options, including Fortinet, however, nothing is as good as Checkpoint. 

Check Point is a good solution. It is a reliable solution above all. 

We are using physical appliances along with some VSX's in our network. We mostly use firewall only (due to high traffic usage). We are using CP NGFW to protect the company from the internet and also provide security while we are connecting to the internet.  

We have physical clusters that we manage via our company's external connections through S2S. We are managing our core and client networks with separate clusters. Applying security rules and providing NAT when we need it. We are also using CP in our DRC environment to provide SRC and DST NAT with VSX to provide access to machines that have the same IP addresses.

Back when we had a different brand of firewalls, we were having trouble managing all of them separately. With Check Point's HA capability, we merged all of our Check Point firewall management. With this, we can apply a viable DRC solution that our company needs and also manage, view logs, and administer all of the components together.

With the capable appliances, we don't experience any CPU and Memory utilization most of the time. With the help of new versions, Check Point is moving forward. We hope the upcoming version will provide hyper flow, and this will solve our elephant flow problem.

The solution offers a good GUI. It is easy to use, smart, simple, and user-friendly.

The client VPN and S2S VPN capabilities are great. Check Point's mobile access provides us with flexibility. We don't have a single point of failure regarding the VPN access points anymore.

We can use Check Point NGFW physically, virtually (with Check Point VSX), and on the cloud with CloudGuard. We have most of the features available even within these different environments.

We can apply SAM Rules (without installation needs), and Custom Intelligence Feeds.

It has good API support and provides value when you need it. 

The API support is good. However, Check Point needs to focus on more prepared scripts for some tiresome actions. Other vendors provide this, including Palo Alto). We are in a big organization now, and we need good tools to maintain stability and get rid of the objects and rules that we don't use.

If you are working within a big organization, you may have some CPU and memory utilization problems. Most of the time, we are encountering these kinds of problems, and due to that, we can't use other features and blades other than the firewall or threat prevention.

I find Check Point's log experience a little tiresome as it does not provide information with limited blades enabled. We'd like to see information around session time, sent and received bytes, etc. Even if you manage to get some data, you may find it not very reliable.

I've been using Check Point's NGFW and its features for about five years. 

I found Check Point's stability a little bit so-so. Not that good, not that bad. Most of the time it is reliable. We had lots of problems before due to the utilization of our firewalls. Most of the time, the hotfixes provided the solution. However, applying hotfixes and getting in touch with the R&D when needed may be tiresome.

It's pretty good. The HA Features provide a good solution so far, and with Maestro it will perform better.

I had the chance to work with Fortigate and Palo Alto Firewalls before. Due to the stability and know-how regarding Check Point, we chose this vendor.

We always believed and saw that the money we spent on Check Point was not in vain.

I use the solution in my company for cybersecurity, securing perimeter networks, giving the user access to VPN, URL filtering, antivirus, sandblast, network segmentation, and monitoring purposes.

Regarding the benefits of using the tool, I would say we spend less time investigating security incidents because we have fewer of them to deal with because Check Point works quite well. The tool offers greater visibility when it comes to network traffic.

The solution's most valuable feature is its adaptability and configurable nature. The software's security posture, I would say, has reduced vulnerabilities than other vendors, and we value that greatly in our company.

The product's support is an area of concern where improvements are required. Sometimes, there are bugs in the software, and the speed at which the product resolves those bugs could be improved. The system is quite complex, and you need to be an expert to get the most benefits, making it an area where the tool could be improved.

It would be nice if Check Point could update its own agents, for example, VPN clients or identity clients. I think the product has a very large number of features.

The product's price is an area of concern, making it an area where I would like to see some improvements.

I have been using Check Point NGFW for a bit less than fifteen years. I use Check Point R81.20.

In the past three months, my company has had stability issues, but the impact was quite low, which is great because we have a cluster environment. When one node fails, the other one picks up the job. When changing from version to version, sometimes bugs show up that need to be resolved.

The tool allows you to add as many nodes as you like or can afford. If it is virtualized, you can also give it more resources.

In my company, I think we have four nodes, which are the main nodes, and then we have eight smaller regional nodes. We have around 260 users and 280 endpoints.

I rate the technical support a five or six out of ten.

Neutral

The product's initial setup phase was so long ago that I don't remember how it went. The product is not the most intuitive and easy to set up because of the large number of settings you can configure and the ways how you can configure those settings. Without an expert or consultant, I wouldn't recommend implementing the tool by yourself if you value your time and don't want a big downtime later.

The tool's ROI is almost impossible to calculate because it's a security product. If nothing happens, then you always feel like you are paying too much, but you don't know how the situation would change if you use cheaper firewalls and have to face a security breach.

The product's price is on the higher side but I also feel that it is more secure than the other solutions in the market.

In the past, my company had tested Fortinet and Sophos, but we did not migrate to them. Though the price of the firewalls from Fortinet and Sophos were better, from a security perspective, Check Point was better. In the recent years, there have been a lot of critical vulnerabilities detected in those firewalls and breaches because those vulnerabilities were detected and we didn't get them. So we value that greatly.

The tool requires maintenance. You need to update the product version. If we don't encounter any bugs in the installation process, I would say that the maintenance process is quite straightforward.

I recommend the tool to others. If you value your data and it is a mission-critical project, then Check Point is the right choice.

I rate the tool an eight out of ten.

We are using the product in a small office to secure our network to configure the firewall settings to control incoming and outgoing traffic. 

This includes setting up rules for allowing or blocking specific types of traffic.

We use intrusion prevention features to detect and prevent potential threats and attacks on your network.

It enables logging and monitoring features to keep track of network activity and identify potential security incidents.

With the solution, we can implement strong user authentication mechanisms to control access to your network resources.

The use of Check Point NGFW makes our business feel safer.

NGFWs typically include advanced threat prevention mechanisms, such as intrusion prevention systems (IPS), antivirus, anti-malware, and threat intelligence. These features help protect your network from a wide range of cyber threats.

NGFWs can integrate with user identity management systems, enabling more granular control over network access based on user identities. This is particularly important for enforcing security policies on a per-user basis.

The interface is user-friendly, and also they give you small training courses on the Coursera website to explain how to use the products.

The dashboard provides a quick overview of the security status, including key metrics, alerts, and recent events. This helps administrators get a snapshot of the network's security posture.

The ability to monitor network traffic and security events in real time is crucial. Check Point's interface often provides real-time visibility into network activity, making it easier to identify potential issues or threats.

Their products are pretty complete, and the explanations are very well done.

Check Point offers training and certification programs for administrators and security professionals. These programs help individuals develop the skills needed to effectively manage and secure networks using Check Point products.

Timely updates to security databases, firmware, and software are crucial for addressing new threats. Check Point's commitment to providing ongoing support ensures that organizations have access to assistance when needed.

We have been using this solution for the last two years already.

The solution we use is pretty complete. For the moment, the stability is good enough for us.

CkeckPoint has solutions for different sizes of companies. Therefore, the solution is scalable. The client has to choose the right solution for their needs. If you call the contact center, they can advise you on your options.

We have not used technical support, up until now we haven't needed them.

Positive

We used a normal antivirus on the endpoints previously. However, after we took a cybersecurity course, we understood that a bigger security solution was needed.

The initial setup is easy. You just click through, next, next, next, and take some steps to make an account and do some basic setups. Everything basically works out of the box.

We implemented the solution through a vendor team; they had well-trained technicians.

To feel safer in the online environment is the most important thing these days. Everything is online now. A solution like that makes it easier and safer for you to work and do things online.

After researching what's available in the market, choose a product. Read reviews and watch demos to assess the user interface and learn what options the product offers.

We searched the market for months before we chose Check Point. There are many security solutions on the market, both for on-premises and on the cloud. We chose Check Point for the ease of use.

The solution is perfect for us. That said, for each client, the needs are different.

We have deployed this product for the protection of our MPLS connection between 20 geographic distinct sites, two data centers, and an internet connection.

We are also using the product to establish IPsec tunnels with 5 external entities totally transparent to our users.

We're a new company that started to invest in cybersecurity and protection products and chose Check Point for their cloud solutions that protect a vast majority of our devices. 

We are happy with the deployment of the product and the ease of use.

Since the deployment and go-live of the solution, we noted a rise in productivity of some people, we think it has to do with the deployment of the application control and web filtering capabilities of the product.

We're also happy with the deployment process and the help that the Check Point partner provided in the initial configuration of the product. 

Our users also noted more speed on the internet connection, as I said probably because of the block rules implemented with the features mentioned above.

I have to say that it was Application Control and web filtering are excellent. We knew we had users watching videos and using not approved apps yet didn't have a way to centrally block them. With NGFW we do and we can set up profiles/groups of users with different permissions which allow for example IT to have media streaming access and "regular" users don't.

Also having a VPN concentrator on the same device is a plus since made our user management with Active Directory connection a lot easier and faster.

We're a new company so regarding additional features we can name only a few, for example, a better API for extracting data so that we can integrate with our monitoring solution, at the moment we use Nagios/Icinga.

It would be nice if there is a mobile-friendly console for our techs so that they can help users when not at their desks since they do frequent external work.

Better connection between the legacy console and the new one since we have a company that still uses an on-prem device and we have to use two consoles.

We've been using this product for one year.

We didn't use a previous solution. 

I'd advise others to read the license differences and features.

We've evaluated Fortinet and Forscout products.

Our customer has been the best in stock trading; they observed that in peak hours or business hours buying and selling the stocks was time-consuming.

When they reached out to the firewall team, we checked the disk space, memory, and HDD we didn't notice much difference.

However, we monitored the interface utilization, and 1 GB was choking up and being consumed. The cpstat status on the interface level monitor and bundling the multiple interfaces fixed the issue.

We have been fixing the performance and also found that the solution offers:
1. A user-friendly dashboard with all the information available in front view and we view according to our requirements in graphical, statistically, etc.
2. Check Point firewall can combine all locations in one Check Point management console so that we can monitor everything with alert configuration.
3. We have multiple options for SIC resetting.
4. We can monitor the complete organization (for RAM, Memory, Disk, and CPU) and alert handle monitoring. We can now easily handle failovers.

The Check Point firewall features for Next Generation Firewalls are excellent. Through scripts, we can easily push firewall rules, extract, and import as per availability. Scripting is the best way to support the firewall functionality and it's been supported by all major versions. We can monitor all types of logs (traffic logs, management logs, and active logs). 

The firewall is EDR-supported; we can block or allow the URLs as per phishing or detection. 

Firewall flow and logs analysis is awesome.  

Bug Fixes and enhancement requests should be remediated earlier, as we have multiple dependencies and auditors are forced to have the latest possible environments.

Check Point's major version should have an extended time than the default time mentioned in the end-of-life policy document with additional prices.

As for deployment, we follow best practices for long-term support services. Tools must be introduced and supportive in analyzing the data, flow, and threats. We have to introduce the scripting part to work seamlessly.

I've been using the solution for more than ten years.

The stability offers high performance.

The scalability offers high performance.

The support is the best in the marketplace.

Positive

We did not use a different solution. It's the best in the marketplace and stronger than any other firewall. We can trust it 100%.

The initial setup was complex.

We handled the setup in-house.

Definitely, every sector [banks, finance, corporate, etc] should have a Check Point Firewall for strengthening/securing the environment.

We did not evaluate other options.

I usually apply Check Point to protect my customer's environment as a main solution boundary gateway, DMZ gateway, LAN gateway, or VPN site-to-site with other Check Point appliances and other vendors. I do a Harmony Endpoint full integration. I use other tools such as threat prevention blades (like IPS and IDS), anti-virus, anti-bot, anti-malware, and the Sandblast solution.

I haven't had any data leaks or vulnerability situations. The NGFW has been working as it should! It's performing well and offers great security for me and my customers by protecting the environment. Administrators can easily follow and monitor security events, or the health status of the environment or appliance using Smarteview, SmartEvent, and the monitoring blade. We can look at CPU usage, disk space, and traffic and can see user history in real-time. 

The threat extraction is the most valuable aspect. It protects the final user and prevents them from falling into the trap of infected files. When a file needs to be downloaded by a machine user, this solution analyzes the file at the same time to send to the user a clean version of this file. If not infected, the real version is available. The threat emulation can scan the computer applications searching for malicious activities and block them according to policy.

It could be easier to manage the licenses on blades and contracts. If you have a large environment it will take too much time for your team to verify if all the licenses and contracts are correct and work well. Although it is possible to manage licenses using SmartUpate and SmartConsole, if there are issues, you can only fix them using an expert shell. Simplifying the process would help simplify the daily tasks of administrators.  

I've been using the solution for two years.

Technical support works well.

Positive

NGFW is not a cheap solution, however, it does guarantee security. If the goal is to protect assets, using NGFW by Check Point helps immensely.

I use this in my company environment. I did not evaluate other options.