Check Point Quantum Force (NGFW) Reviews

We have multiple customers that use this product.  Integrated logging is the best around.  

It's clear and does the job it's supposed to do.  

We typically install this as the network edges and encourage our customers to have one at each location. Some prefer to backhall the smaller sites to the main branch where it handles all the inspection and rules.  

We also set up multifactor SSL VPN solutions at the main location which allows visibility into remote worker traffic. Overall, it's used mostly by small to medium businesses.

We have been able to sell this product for a long time as it's highly rated and has a deep feature set. We have probably sold millions of dollars worth of Check Point products over the years.  

When the customer comes to us wanting the most protection we typically suggest Check Point first. Our engineers enjoy being able to quickly deploy a solution and have the familiarity with the product to be able to troubleshoot it quickly once it's deployed. For the most part, we train our customers to be able to manage it themselves.

Mostly the logging features of the Check Point NGFW are the most valuable.  Being able to search in clear text is simple for the customer and for troubleshooting an environment. 

I also like that you can get trial licenses for just about every product solution.  This allows us to suggest a feature, implement it, and then show the customer that it has value. We tend to retain the customer on that product for the long term once it has been deployed and they are able to see what it's doing to protect them.

The only thing holding it back is the price. It's too expensive for mid-market companies. There are other platforms that have emerged that have a similar feature set, however, are more difficult to deploy. This is really only a problem for the engineers as the customer doesn't care how many hours the engineer has to put in to make it work in their environment. If the Check Point product came in at a lower price point it would make it easier for the customer to see the value in cost, thus making it easier for us to sell.

I've used the solution for seven years.

It has been the most stable for a long time.  That track record is something that you can show the customer. 

The product is highly scalable especially if you integrate the orchestration solution. 

Support is hit or miss lately. They have lost too many good reps to other companies. 

We have used other solutions, however, we continue to use Check Point NGFW.

The initial setup is simple once you have the appropriate infrastructure setup.  Once Check Point gets away from the central management solution and allows for on-box management it will make small businesses happier. 

I am part of the vendor team. We do a good job implementing it, although sometimes it takes too much time to deploy a product. 

We tell the customer that the ROI is the protection they are receiving and the stability of the product.  

We tell customers truthfully it's the best product, however, it has the highest cost and you'll pay for each license.  

We are always evaluating other solutions for our customers. Palo Alto and Fortigate are the top two others at the moment.

They just need to get the pricing down or do a better job of bundling the licensing.

We use the solution to configure sandboxing features for enterprises. We also use it for policy-level configurations and VPNs.

Sandboxing is the most valuable feature. A majority of the configurations are very accurate. We can find what an organization's user is downloading from the internet.

The support team should be faster.

I have been using the solution since 2016.

All products have some bugs. However, we had a minimum bug experience with Check Point. I rate the tool’s stability an eight out of ten.

The product is scalable. Everyone in our company uses the product. We are 100 users. We have an on-premise firewall. We use it every day.

I have contacted the support team. I have had good conversations with the engineers. Sometimes, it takes a little bit of time to solve some issues. If it's a complex issue, we need to start from scratch and escalate to a bigger tier of support.

Positive

The initial setup is very easy.

The product is not that expensive for what it is offering, but it could be cheaper. Nowadays, all the vendors are increasing their prices. Suggesting the product to the customers will be easier if it is a little cheaper. The tool offers good attributes.

Palo Alto is also a good vendor. We chose to go with Check Point as well for our enterprise solution as distributors, and we suggest it to our customers.

I was an engineer for AT&T. I helped customers with configurations. The vendor is taking care of the user side of security with Check Point Harmony. It is a very good product. Check Point Harmony must provide administrators the ability to manage external programs remotely. Some customers want such features, and other vendors provide them. I would recommend the solution to others. The vendor has been investing a lot of money and effort to prevent zero-day attacks. Overall, I rate the tool a nine out of ten.

We use the solution for full-scale integration and end-to-end management at the organization. The Check Point NGFW implementation took place quite smoothly.

Check Point NGFW is the best in terms of comprehensive protection against network threats and security against malware and phishing attacks. It smoothly restricts these via anti-phishing algorithms.

Check Point NGFW source package covers all the bases - application control, NAT, DLP, routing, content awareness, VPN, desktop security, and much more.

It is scalable, provides end-to-end resolution and customized productive services like providing a complete solution for perimeter protection that
blocks the traffic based on an IP address or on applications
and content. This makes Check Point NGFW highly promising and makes it a complete solution.

Check Point NGFW is the best in terms of comprehensive protection against network threats, malware, and phishing and smoothly restricts these via anti-phishing algorithms.

The source package covers all the bases - application control, NAT, DLP, routing, content awareness, VPN, desktop security, et cetera.

It provides end-to-end resolution. It is a customized productive service and a complete solution for perimeter protection that blocks traffic based on IPs, applications, and content.

The most valuable services it provides are end-to-end resolution and perimeter protection; It blocks traffic based on IP address, applications, and content.

Check Point NGFW is best in terms of comprehensive protection against network threats, malware, and phishing. It has great anti-phishing algorithms.

They could improve by lowering prices. The source package is a bit more expensive than its competitors. 

We've had some downtime issues.

It could be more generalized and user-friendly in terms of its support portal for raising tickets. Ads management should all just be on a single click.

Overall Check Point NGFW is highly scalable and provides end-to-end resolution and a wide range of customized productive services with a huge community and team behind it.

I've used the solution for about 1.5 years or so.

I hadn't gone through any such solution earlier. I just tried in-built system solutions.

Check Point NGFW integration is quite smooth in terms of licensing. They are a bit more expensive, yet they are overall a strong product and a must-have for professionals.

No, I did not go through software review websites for recommendations and software services outlooks.

Check Point NGFW is highly scalable. It has a wide range of customized productive services with a huge community and team behind its technology.

Check Point NGFW proved to be highly scalable, secure, and stable, among other alternatives of multiple firewalls present in the market.

At an organizational level, the integration and implementation of Check Point NGFW took place on a priority basis due to data and system security concerns against malware and phishing attacks.

Check Point NGFW bifurcates, channels, and segregates the internal network and builds a secure VLAN, and separates it for every department.

Check Point NGFW is highly scalable and provides end-to-end resolution and customized productive service making Check Point NGFW more promising and user-friendly than its alternatives and services like navigation, control, and filtering ensure that all users stay connected to business applications and restrict traffic.

At the organizational level, the integration and implementation of Check Point NGFW took place on a priority basis based on our data and system security concerns about malware and phishing attacks.

Check Point NGFW bifurcates, channels, and segregates internal networks. It builds a secure VLAN and separates it for every department.

It's scalable and provides end-to-end resolution. It offers services like navigation, control, and filtering and ensures that all users stay connected to business applications while restricting traffic.

Check Point NGFW is great for data and system security management against malware and phishing attacks.

Check Point NGFW Firewall requires frequent updates to build more user-friendly dashboards. They need to begin the implementation of more active VPN support.

A few services of Check Point NGFW require immediate improvements, like the customer support portal and the ads management on the platform. These services need to be improved to help ensure mass adoption of Check Point NGFW.

Check Point NGFW Protects from all types of internal and external attacks, and it is easy to use. 

The integration of Check Point NGFW in my organization has taken about 1.5 years or so, and it's still going smoothly.

I haven't gone through any other platforms or solutions. However, these platforms have become a key part of our organization & work management.

Check Point NGFW is a highly scalable and secure solution that is user-friendly. It is up to the mark in terms of data and system security management. Potential users should just go for it. 

I haven't personally evaluated other solutions via reviews from some software review websites.

Go for Check Point NGFW. It's the best among market alternatives and is a must-have solution for professionals.

The Check Point firewalls are used to protect both the edge and datacenter firewall environment.

The firewalls have been deployed in a high availability design and are virtualized using Check Point VSX VSLS. This means we have multiple virtual firewalls protecting different parts of the data center (e.g., DB, Edge, WAN, pre-production.)

We have activated multiple software blades, including firewall, VPN, URL filtering, Application Control, compliance, reporting, and threat emulation, to name a few.

A similar design has been deployed at the DR with a similar set of firewalls.

The following has been improved:

1) The edge security posture has greatly improved. We are now able to detect and prevent threats coming from the public internet. The firewall is able to block know threats using the inbuild Intrusion Prevention blades.

2) We can connect with other organizations using site-to-site VPNs to enable inter-organization communication.

3) Check Point comes with a strong management solution that allows us to monitor and track threats that are detected and prevented. It also helps us be in compliance with industry standards.

The following features have been valuable:

1) IPS - The edge security posture has dramatically improved as we can now detect and prevent threats from the public internet. The firewall can block know threats using the inbuild Intrusion Prevention blades.

2) VPN - We can connect with other organizations using site-to-site VPNs for inter-organization communication.

3) Management Blades - Check Point comes with a strong management solution that allows us to monitor and track detected and prevented threats. It also helps us be in compliance with industry standards.

The following can be improved:

1) The management solution is currently using a desktop client for administration purposes. This should be improved by ensuring configuration on the firewalls can be done 100% using a web-based approach. This is currently a work in progress in R81.X, yet should be fast-tracked.

2) The Check Point TAC support has, in recent years, deteriorated. Getting support is usually a pain as the TAC engineers don't seem to understand our issues fast enough and are not readily available. This is in contrast to the amount of money paid for the support.

I've used the solution for five years.

A lot of improvement is required in how checkpoint TAC engineers handle their assigned cases. Tickets can be opened for very long without clear solutions.

Neutral

We previously used Cisco ASA 5585 Firewall.

The setup was fairly easy as the team is well trained.

We worked with Check Point professional services.

This is a premium enterprise product, hence the price is very high.

We looked at FortiGate Firewalls.

Check Point should review their pricing models especially for the African market.

We are Check Point's Authorized partners, and Check Point NGFW is used for our Client's network security. These Next Generation Firewalls are excellent. All of our customers are happy. Check Point gateways provide superior security compared to any competitors in the Indian market. 

Our clients have networking solutions that range from 50 to 200 routers and hubs. Also, their endpoints range from 100 to 2,000 endpoints. Check Point's unique solution helps us to cater to all sizes of companies, from SMEs to large enterprises without compromising on any security vulnerabilities.

Check Point NGFW gateways provide superior security compared to any Indian market competitors. It delivers the highest-caliber threat prevention with excellent SandBlast Zero Day protection out of the box. 

Also, its on-demand hyper-scale threat prevention performance provides our customer with cloud-level expansion and resiliency on-premises. By integrating the most advanced threat prevention and consolidated management, Check Point's security gateway appliances are designed to prevent any cyber attack, reduce complexity, and lower our clients' costs.

The features which are most valuable include:

1] Uncompromising Security

2] Security at Hyperscale

3] Unified Security

4] Check Point's Quantum helps our clients in their overall cybersecurity practice

5] Protects network, data center, endpoints, and IoT

6] Ultra-scalable protection against Gen-V cyber attacks

7] Best Protection with SandBlast Threat Prevention

8] Maestro Hyper-scale Networking

9] Remote Access VPN protects your Remote Users

10] Highest level of security with Autonomous Threat Prevention

11] Modular Hardware and high-performance CPUs

We would like to see the following improvements:

1] Check Point can improve a little better in their technical services, especially in the Indian market. 

2] Check point can add features like log management which would be very useful to get compliant with CERTin standards. 

3] Check Point should look into SIEM solutions as today's Indian market is going towards SOC capability, and SIEM is the backbone of any SOC solution.

4] Automation is the crux of today's digital transformation era, and Check Point should include automation in its products.

5] Incident forensics like UBA or CASB is the next challenge in the security domain, and these features should be included if possible.

Its been three years since I strated using the product.

The solution is highly stable.

This solution is highly scalable.

The technical support is nice.

Positive

We are currently working with Sophos, however, we started recommending Check Point to our clients due to the excellent capabilities that they carry.

The setup is straightforward.

The setup, pricing or licensing cost of other products is on-par or a little higher than Check Point.

We have evaluated Sophos and Palo Alto.

At the organizational level, we needed to protect the security of our organization. This is where a much broader need arises. We must protect each of the branches that our company has - in some cases larger than other branches. We took on the task of implementing a next-generation firewall from Check Point which allows us to have valuable equipment that adjusts to the needs of each of the branches according to their size and organizational demand by the number of users. This equipment is designed for infinity architecture. 

The designs, including Check Point next-generation firewall equipment, have allowed us to have all branches interconnected with the same brand and the same site-to-site communication service. We can encrypt the traffic through these VPNs and ensure communication in all directions, solving transactions and access to applications and services within our organization and outside of it. Additionally, we have a content filtering robot that ensures that users and applications are reached solely and exclusively by our networks and users. 

The most outstanding feature of Check Point is the possibility of having more than 60 indicating services within it. Among the most outstanding in keeping safe is its rule management, VPN configuration, SSL, and, above all, HTTPS Inspection, which is a solution that allows us to see what users do. We can decipher the activity of each connection and see what is inside it. In this way, we ensure that the data is not violated or violated by third parties outside our organization and we validate the internal and timely security. 

The Next Generation Firewall (NGFW) Configuration Guides in XL cluster are very complex and other guides should be reviewed to validate configuration references. They should be updated for new versions.

Something worth mentioning is the need for Spanish support and better representation for teams in the Latin American area. There is a growing demand for these IT services and new technologies.

Its guides are identical to the existing ones. It would be more pleasing that these guides be updated and improve their design.

Give it a try, and it will help you more in these times when users are more remote than local.

I've used the solution for two years.

It is quite scalable. That said, it is complex to integrate cluster services from the same equipment.

I was testing WatchGuard and Fortinet. In the end, it was easier for me to integrate Check Point.

The cost is quite high. That said, it must be understood that it is not only a firewall, it is a solution that integrates more solutions within it.

The product is basically for completing a firewall task. On top of that, the aim is to find a comprehensive solution with the innovations from next-gen. We made an isolated zone in a small part of the company. Here, we aimed to provide basic security features with few security devices. In this context, we ran the Check Point appliance by opening almost all the blades on it. The Check Point software architecture was able to provide quite good results because it ran on its own OS. It's pretty good as a VM. At a point where we wanted to isolate VM devices, we provided a solution with a VM series of Check Point.

It has similar features to other competitors in standard sizes, so it's not a subject where it differs much. It provides us with a layer of security as a firewall. With the new blades that are opened as an extra, it can provide solutions that are needed today, such as IPS and URL filtering. 

You can do app and URL filtering through a separate policy layer. The fact that these can be separated and made in different layers provides excellent convenience for the administrators who regulate the rules. In object searches, object explorer is very easy and fast.

In my company, there have between ten and 15 firewalls on-premises, and if I want to configure or push the same configuration to all of the firewalls, then the centralized management system is easy and very helpful. 

It is difficult to convey the end-user experience. However, in general, administrators can get used to the interface and start working quickly. Especially after Revision 81.10, I can say that everything became more stable and faster in terms of management. It should be said that it does quite well on the DDOS side.

There are parts that are still on the SmartDashboard screen and that condemn you to use it, which should be removed and moved to the SamartConsole interface, which is the main screen. 

In addition, when you want to open the gateway by double-clicking on the interface, sometimes it can cause silly problems such as freezing. To fix these problems, Check Point needs to get rid of the SmartDashboard screen completely. Also, there is a need for performance improvements in the interface so that when the data and rulesets are large, there is a need for performance improvements in the next versions.

I've used the solution for about six years.