Check Point Quantum Force (NGFW) Reviews

Check Point is currently our perimeter firewall at various locations. We use their failover clustering with high availability option, which performs flawlessly. Upgrades are easy to perform and have always worked reliably for us. Technical support is always available to assist with these operations, which makes the process less stressful to the admins. 

We are also using their ISP Redundancy feature, which works as advertised - perfectly! It's easy to implement, especially with the awesome documentation from our engineer. We also use their Remote Access VPN offering and have really seen its value this past year, due to COVID-19. The VPN has been 100% rock solid, especially during the most critical times in our history.

As mentioned in the primary use case question, ISP Redundancy and VPN are the two primary use cases. When the pandemic hit, a sudden shift to a remote workforce was a major requirement for us, and we needed a reliable and stable firewall. Implementing ISP Redundancy helped ensure that, as well as having a tried and tested VPN solution. Upgrades have occurred during this time and manually planned failovers as well; every upgrade and test went smoothly and without issue. The last thing we could afford is an outage.

They offer very scalable solutions to extend compute resources if needed so initial sizing isn't too much of an issue as you can easily add more resources if needed. Reliability is a major factor in any hardware or software solution, and Check Point uses leading-edge hardware, and their software upgrade process is flexible for various deployment requirements. 

Policy configuration has been consistent over the years, so there is not much of a learning curve as upgrades are released. 

Their threat analysis reporting from their management console is very comprehensive and easy to use. Their web-based dashboard is well designed and offers many out-of-the-box reporting, and provides admins extensive customizations.

The pricing is on the high end, specifically with the software licensing, although they are flexible on some levels, and offer hardware buyback options when upgrading. 

The software licensing model is too complicated with all the various tiers of SKUs (i.e. per software blade). They need to simplify this for easier purchasing and renewing. 

Customer support is not always as responsive with solutions as you might need. They do provide on-the-spot assistance when upgrading, which is great. However, there are times when an issue is reported and it may take a week or two before a solution is provided.

We have been using Check Point firewalls for 20+ years. We originally used the Nokia hardware platform, which was not technically NGFW at the time, however, the OS and its configuration have maintained some similarities over the years. It keeps getting better every release.

Lately, stability is 100% reliable. Earlier generation firewalls were a bit unreliable, however, as Check Point acquired third-party hardware. For example, their Nokia acquired security appliances had a firmware that worked, until they started to modify the firmware (IPSO 6.0 was solid, but problems started with our upgrade to R75), then it became less stable; frequent crashes, settings not saving, high availability issues, frequent reboots required.  Eventually, we upgraded to their NGFW offerings.  Their newer hardware, and firmware R77.x was released, and we have been stable ever since.  Upgrades to R80.x have been flawless, HA works as expected, and we have had zero performance issues.

They are very scalable. If you need more computing resources, adding more hardware is easily done.

Customer support is not always as responsive to finding solutions as you might need. They do provide on-the-spot assistance when upgrading, which is great. However, there are times when an issue is reported and it may take a week or two before a solution is provided.

We have always used Check Point.

Setup was very straightforward and easy. We did have the assistance of our Check Point engineer, which is just awesome.

We implemented through Check Point directly.

I do not measure ROI financially, although personally speaking, we have definitely gotten back every dollar we've spent by having reliable and secure infrastructure.

The setup cost is not a challenge at all. Check Point engineers work directly with you throughout the whole process. The pricing is high, for the hardware and software, although discounts are negotiable. The software blade licensing is broken down into many flavors, depending on your needs. It is very a la carte and provides various product offerings, including endpoint management, VPN, disk encryption, etc.

We did review a few competitors during a possible migration plan. The proof of concept did not yield better results, so we stayed with Check Point. We reviewed Cisco, Palo Alto, and SonicWall.

If you don't need/use their a la carte software blades (FDE, Ransomware, etc.) you can always add on later. They are very accommodating with trial licensing to test in a proof of concept way. If you already have other third-party products that perform those functions, you can bundle Check Point's and save a bit of money consolidating them.

We needed to replace our external firewall solution as we were having issues with the HTTPS inspection on our previous solution and the level of support being provided was terrible, leaving us with an issue that could not be fixed for over six months. 

We had already deployed a new internal firewall solution but needed something that would protect that from external factors. We also needed a new solution to replace our client VPN solution. The Check Point solution gave us that as one whole solution instead of having to manage multiple services.

Our policy is to deny all outbound traffic unless we allow it, which can generate a lot of work to build a rule base that allows everything we need to get out. 

This solution has made managing connections out to the web much better due to the categorisation and app control that is available. Being able to say certain apps and services are allowed out, instead of finding all the relevant IPs, has massively reduced the workload. The ability to manage the Client VPN and relevant rules for that in the same location has also improved the way we work. Having links into AD for group membership recognition and having rules based around this has been very useful in improving the way remote users can access the network.

Logging has been excellent. Being able to see all logs from all the various firewalls at different sites in one window has made fault finding much easier. We can see how the traffic is moving through the sites and on which firewall. 

It has also been easy to see machines that may have had infections as we can report easily on devices trying to talk out to sites and services that are known to be dangerous. We have these set up as an HA pair on our main site and we have a lot of audio and video services that go out over the web. 

The failover from one device to the other has been seamless and we find that we do not lose ongoing SIP calls or Teams chats. 

The functionality of the S2S VPN service has been temperamental for us at times and is not always simple to manage or check the state of. 

We find the GUI to be wrong and the CLI doesn't always show all of the connections. 

From a general usability point of view, if you have not used Check Point before, the learning curve is steep. Perhaps managing and configuring the devices could be streamlined for people with less experience so that they can pick it up quicker. There needs to be extra wizards for the out-of-the-box builds.

I've used the solution for six months.

On the firewall side and content filtering side of the solution, it has been faultless. There has been no real downtime to note and the access to the web via relevant rules has always worked as expected.

We have a fairly small setup in the grand scheme of things, however, from what we have seen, the ability to add in new firewalls or increase the hardware spec seems very good and it would be easy to transition from older to newer hardware when the time comes.

Due to the support model we signed up for, we don't deal directly with Check Point support. We deal with the vendor first and they will deal with any 1st/2nd and even most 3rd priority issues. They would then go to Check Point if they need more assistance on our behalf. The level of support and responsiveness of their support has been excellent. We're always getting at least a response within a few hours, even on a P3/P4 issue.

Positive

We did have another solution, but due to an issue with the HTTPS inspection that the manufacturer was not able to properly rectify or fix for 6 months, we lost faith in their ability to provide adequate support going forward for any issues we might come across. 

The setup was complex due to the nature of the Check Point firewalls and us having to make some config setup in one portal and others on the CLI. We also had to arrange the rule base via the management console. There could be 3 different places you need to make various changes. We also used private microwave links as redundancy for VPN connections and that had caused significant issues in getting set up as the link selection did not cooperate at first.

We implemented via a vendor and I have to say their level of expertise was brilliant. Every question we threw at them, they were able to provide an answer to. 

It was not the cheapest solution to go for, but the amount of admin time that has been saved by the use of Check Point firewalls has definitely given us a great return, giving us more time to work on other aspects of our network. Also, being able to consolidate 2 solutions (Firewall and Client VPN) into one solution has saved more money and admin time. 

We found that Check Point was very flexible with its pricing. We were looking at a spec of hardware in other solutions. We found that Check Point did not have a direct competitor, but to help with the bid, they managed to reduce the costs of their higher-spec hardware to make it competitive with the other solutions we were looking at. It's not our fault they did not produce the hardware of a similar spec. It's up to them to try and provide a solution that would make it a competitive solution. 

We looked at several other solutions in including Palo Alto at the top of the market and Sophos XG further down.

I would say as good as the solution is, if you are looking to get the most out of it, you should look to get a company or consultant who knows the Check Point solution inside out to assist with the setup. We found a partner who specialized in Check Point and we would not have been able to get it to the stage we have without them.

We use our Check Point NGFW firewall mainly for perimeter security. Those firewalls are placed at many sites distributed over Europe. We love the firewall management and think it's still the golden standard for creating a rule base and we go more and more in the direction of identity bases user access to secure our environment.

The other firewall blades, such as Anti-Bot, Application and URL-Filtering, and IPS, are used on all sites. It's easy to deploy, as the firewall is able, with the latest version, to learn from the traffic and adapt the IPS policy.

Check Point NGFW has improved our organization with more security and easier deployments. There is a smaller amount of workload in the supporting area. We find a lot of documentation for the products and benefit from a big community. The Check Point support is much better than what we have seen from other vendors. The firewall policy is easy to deploy and we can do a more granular separation of specific user groups. We feel much more secure with this product - especially the API support - and possible automation has saved us a lot of time in our team and organization.

The most valuable features are the identity-based access and high-quality intrusion prevention functionalities. 

One of the most valuable aspects is the central management, which includes a large wide range of API calls. With the central management, we can define a reasonable security policy for many sites and not only for network segments but for user and AD groups. This gives us a bit more "Zero Trust" in our network.

It's enabled us to move away from basic LAN to LAN segmentation to a more powerful user separation approach.

One area which is still lacking is the site-to-site VPN solution. This is still an area that could be improved, although the features have gotten much broader and I really have seen an improvement over the last 10 years of working with the product. The separation from encryption domains between the tunnels came recently as a new feature to the product. This really helps a lot. Yet, we are still seeing a lack of compatibility with other devices, even though this is the case with many vendors. Especially with IKEv2, we are struggling with many vendors to set up perfectly running tunnels.

I'm working with Check Point for 10 years.

If you go by best practice recommendations from Check Point the stability is very good.

Scalability is really good. Check Point has the Maestro solution, where you can really scale easily without wasting resources.

They are really anxious to solve issues as fast as possible. They also try to get in actual contact with you via phone or chat to fully understand the issue.

Positive

In some areas we were using Cisco, however, we changed to Check Point to centralize things.

The setup is pretty straightforward, at least for the basic setup. Even with more complicated configurations, you have good support and experts at Check Point in the background that can help.

We did it ourselves.

Check Point is definitely not the cheapest solution, but the better security makes it worth the price. The licensing model is pretty easy, especially when it comes to the extension for many environments.

We looked at Cisco, Barracuda, and Fortinet.

I'd advise teams to give it a try!

Currently, I'm working as a Lead Security Architect in the healthcare industry. We have two data centers, multiple branch offices, multiple cloud subscriptions, and over 200 employees. Our operation is mission-critical and requires it to be up and running 24/7. We need to protect multiple applications that are developed in-house, sensitive data including PHI, Financial, intellectual property, et cetera.

Check Point NGFW and its security modules have been our security solution for the past six years to protect all of our assets, including our cloud subscriptions.

Check Point Next Generation Firewalls are key components in protecting our assets and information. Their security modules are very easy to use and understand. Also, it's one of the most user-friendly interfaces I’ve had the opportunity to use and I’ve had the chance to work with more than four firewall solutions.

Their reporting and logs modules are amazing. It provides a level of detail and visibility that we haven't had before. It’s useful to understand what is happening on our network and has been very successful in blocking attacks and providing options for executive summaries. 

Being able to manage all the security gateways for our multiple sites in a single management console and share policies has been very beneficial.

The Remote Access VPN has been crucial to us, especially during this pandemic. We had to be on lockdown for a couple of months and being able to deploy a remote workforce with Check Point VPN was a crucial part of our business continuity strategy.

The logs and reporting are very easy to use and manage. Also, the IPS and IDS are critical components to keeping our network secure. They are very easy to configure and there are multiple templates that can be used out of the box that provides maximum protection to our network.

The support offers the best services I have experienced. It's better than any other IT vendor.

Check Point Firewalls haven't failed me during the past six years that I have been using them. 

If I had to mention anything that I would like to see some improvement on, it’s on the internet load balancing options. Internet load balancing provides either active/passive or active/active load balancing, however, I would like to see more options that provide SD-WAN capabilities while also allowing for more than two links. I know this can be performed with other network devices, however, adding the option as part of the NGFW would be awesome.

I have been using Check Point for 6 years now.

I've never had a single issue on any of my security gateways.

I haven't had the opportunity to scale, however, I have seen many demos of maestro architecture, and it looks awesome.

As I mentioned before, Check Point support is one of the best services from any IT vendor I have experienced. They answer very quickly and also provide solutions most of the time within the first call.

I have used multiple solutions in the past. We migrated from Cisco ASA to Check Point six years ago and have never looked back. Our old ASA required additional hardware components for additional security services.

The product is very easy to set up.

The implementation was performed by a vendor team in combination with our in-house security team.

My peace of mind is the ROI.

Check Point is not the cheapest firewall solution, but you get what you pay for. It's super reliable and their service is great.

I had the opportunity to review Palo Alto and Fortinet.

I'd advise other users to give it a try.

We use Check Point firewalls to prevent attacks against the data center servers by adding more layers of security, such as IPS, Data Leak Prevention. We have also used Check Point to implement security policies in layer 7 and applications as well as to configure the VPN for internal users of the organization.

Check Point's firewall security solution is a complete solution that allows you to prevent attacks against your data center servers and avoid the transmission of viruses to end-users via ransomware, phishing, or forgery of URLs.

Check Point has a centralized console that makes it possible to manage all the deployed equipment. It also has a built-in VPN service that lets users connect through VPN to our organization, which facilitates teleworking while cutting off unauthorized access to the organization's internal network.

The predefined reports are limited and should provide more information. Check Point should provide a greater number of defined reports and produce reports for each division of the organization. Also, historical statistics cannot be obtained from the central console, the data or logs must be exported to another machine and processed from there to obtain this historical information. The number of available physical ports could be increased and Check Point could add support for higher speeds.

We have been using Check Point firewalls for more than 10 years.

Check Point is a company that has been producing firewalls for many years. It is a leader in today's market, and its products are very stable. They are always updating and improving their products to stay at the top of the market. 

Check Point NGFW allows easy and fast scalability.

Our experience with Check Point technical support was very positive. They always resolved questions or incidents quickly and professionally.

We have always had Check Point solutions.

The initial configuration was simple. The previous team was also using Check Point, we only had to export and update the rules. Only a couple of things had to be corrected and changed.

It was implemented through a CheckPoint partner who demonstrated great experience in migration.

When implementing, I would suggest you define in a real way what you want to allow —applications, content, destinations, etc. — and drop the rest of the traffic. It is important to review the groups, objects, and networks created to efficiently define the security policies that you finally want to implement.

Before making the last purchase, we evaluated other solutions, such as Palo Alto or Fortinet.

I would rate Check Point NGFW 10 out of 10.

My solution is based on an on-site architecture. I currently manage a Check Point Next-Generation Firewall for my more than 400 sites such as perimeter and DMZ. For the sites with a perimeter to the internet, I have them in a high availability scheme with balancing internet services. In the case of DMZ, they allow me to control incoming and outgoing traffic through policies based on Identity awareness. I use the application control blade to allow RDP access to the specific servers needed by administrators.

In the beginning, my organization did not have a security scheme, which caused a latent security risk. My internet services were never enough due to the high traffic used towards social networks and entertainment sites. With my Next-Generation Firewall, I have managed to reduce the cost of my links since now we use them appropriately in the resources and tasks that are necessary. 

For the lateral movements, previously all of my users had access to server networks and communication could cause lateral movement of viruses and ransomware. Now, I have the perimeter towards the internet protected and I am protected against unauthorized access.

What gives me the most value is undoubtedly the security that the anti-bot and anti-virus blades provide. With the automatic updates of signatures, I am always protected against new threats. The identity awareness blade helps me to have better control and organization over unauthorized access of my users onto exclusion sites such as social networks. In the DMZ it allows me to control administrators with access to highly important networks such as servers, developments, etc.

Of the areas of improvement that I want to see in this product, without a doubt, one is the technical support. In this time of globalization, with so many cyberattacks and risks, the Check Point support staff take a long time to attend to incidents due to the high demand. 

Another change that I would like to see is the ability to be able to test the policies before launching a change. It is somewhat annoying to apply a change and then notice that, after a while, the message appears that the installation of policies has failed, either due to some duplicate rule, some duplicate port, duplicate service or IP, et cetera.

I've been using the solution for 5 years.

It really is a very stable and reliable brand.

it is better when using an open server solution since some teams are limited to growth.

The support service can improve the attention to clients as well as the escalation times.

I did not previously use a different solution. I've just used Check Point.

The installation is really simple and easy to manage.

We also previously looked at Meraki, Fortigate, and Palo Alto as options. 

I have been designing, deploying, implementing, and operating Check Point's Security solutions including NGFWs and EndPoint security as well as Remote Access VPNs, Intrusion Prevention systems, URL filtering, user identity, UTMs, et cetera, for around 12 years. 

I have also used VSX and MDS/MDLS solutions. In my organisation I am using over 150 virtual and physical appliances and also MDS for virtualized/contanerized central configuration management and also central log management MDLS/MLM. We are using this not just for NGFW but also for other Perimeter security solutions.

This solution has helped keep the security posture of my organization in the best possible shape. Check Point's solutions stay a cut above its competitors to make sure your IT infra Cyber is safe from both known as well as zero-day attacks and malware. 

From an operations point of view, Check Point solutions are the best in terms of providing central configuration management and also central log correlation and management. Additionally, Check Point's virtualization solutions around VSX are super-efficient and very stable.

I found Check Point's software ability to provide for all the perimeter security solutions including next-generation firewalls, intrusion prevention systems, identity and access management, and URL filtering. They are all excellent. Check Point's Central configuration management, central log correlation, and management solution are a cut above the other vendors and are the best in the industry. Check Point's virtualization solutions are also very efficient and can be scaled. They are highly stable solutions (MDS/Domain Managers & MDLS).

To be very very honest, I do not see any major gap or improvement area for any of Check Point Cybersecurity solutions, whether it's your enterprise be cloud-based only, on-prem (Private cloud or Legacy infrastructure), or hybrid infrastructure. Check Point's solutions are highly cost-efficient, have low OPEX costs, are very stable, are safe and secure, and helps maintain the enterprise's security posture. 

Check Point's security solutions are a cut above the other vendors, not just today but for the last 30 years. Without having to mention any gaps, Check Point's development team works hard to stay ahead of technology in the cybersecurity space.

I feel the only thing that I see as a possible improvement in Check Point software is the lack of ability to create "static discard routes" which makes it difficult for NAT ranges to be advertised via BGP to neighbors. Although Check Point has an alternative of creating a dummy interface to introduce "directly connected" routes for NAT ranges so that they could then be advertised up/downstream, having the ability to do so using "static discards" would be a great thing to have.

I've worked with the solution for a little over 12 years.

The product is very stable.

The solution is highly scalable.

The sales, pre-sales, professional services, and tech support are all very nice.

Yes, and we switched because Check Point proved to be more reliable.

The initial setup is absolutely straightforward.

We implemented it through an in-house team.

Every dollar spent is worth it.

Yes, we looked at Cisco, Juniper, and Palo Alto.

Not at the moment.

We require local perimeter security in one of our workshops, which is why we require a new-generation firewall solution. The local equipment works for us to be able to provide perimeter security in our workshop.

Thanks to these Check Point Gateway devices and with the integration of many additional security solutions, we have protection against zero-day threats. In addition, we have the possibility of carrying out all the management from the Infinity security portal and can administer all our policies, view logs, and monitor devices, among other tasks.

Thanks to Check Point, we managed to carry out a better security implementation. By placing one in a workshop, we managed to solve issues with attacks and malware.

The solution is easy to administer thanks to its dashboards. The monitoring is really useful.

The most valuable aspects include:

The best improvements to be considered are:

• Improvements in the time and attention given to solutions for generated cases.
• Licensing that is more comfortable and affordable. Currently, some prices are very expensive.
• In terms of language in the application, they could better facilitate the handling of others.
  

This is an excellent product of the new generation, administered in the Infinity Portal. We have used the product for at least two years.

Previously, we had not carried out verifications of other devices.

In our organization, we are using distributed device management. Here, management and distributed devices are separate deployments. Therefore, our management is very easy in our organization for traffic management. Here, tier architectures are used. That smart console, smart getaway, and management are different devices. Each device is connected to the other. 

Threat prevention is used as well. Basically, threat prevention is used for preventative management traffic entering into our internal organization. The hash value is used whether traffic is legitimate or not for distributed traffic. 

We are using Check Point for URL filtering. 

In our organization, we are using policy configurations where various policies are configured for internal to outside organization communication, and our DM's are there too. Various zones are created in our organization. 

For each particular zone, if I want to communicate with the external zone, then I need to create a policy for internal to external. Various rules can be created, particularly for organization communication outside the organization. It will be configured in our organization and four gateways are there allowing for our four different locations to communicate. 

In our HR deployment, hiring deployment, there is a new and legacy mode that we are currently using.

The distributed deployment is very helpful. This way, the burden on each device is less and management is very easy and CPU process utilization will be not high on a particular device - it'll be distributed on each device. Management is very easy.

We like that it is a next-generation firewall where hackers would need to inspect down to a seventh layer, an application layer, and that offers us better protection. 

The initial setup was straightforward.

The solution can scale.

We would like to see constant improvement in anti-malware functionality and anti-threat protection.

Various functions affect our organization's traffic performance.

They need more focus on the stability of IP security.

The organization has used the solution for five years, however, I only joined the company two years ago. 

It provides very good stability for traffic management and network flow. We monitor various locks that will be there for internal and external traffic. I'd like, however, more stability of IP security, more of that is needed. Sometimes there is an issue in IP security clarity.

The scale is currently very good. In our organization around 3000 or more employees use it. There is two IT personnel that will configure 30 Check Points, 13,500 gateways will be there and it will handle around 3000 plus employees. 

We will increase usage. Currently, one new branch will be open. They are also migrating from Fortinet to Check Point's firewall. The previous they did 40 deployments here, however, currently they're migrating to the Check Point next-generation firewall.

Tech support is very good. After logging the call, if there is an issue discovered, they are very supportive. They are helpful and responsive. We've very happy with them.

Positive

We used to use Fortinet, however, it did not go deep enough and check down to layer seven.

The initial setup was straightforward. That said, I wasn't part of the initial setup, as it was set up before I came to work with the organization.

I'm comfortable with the licensing. The pricing, for what you get, is pretty reasonable. 

I'm an end-user of the product. I don't have a specific business relationship with the company.

I'd rate the solution at a ten out of ten.

We utilize the Check Point NGFW to segregate our environment, separating our network to filter traffic between segments. Additionally, we leverage its features such as IPS, antivirus, and more, making it the foundation for all the Check Point features we use.

Check Point enables us to secure all our networks by segregating the different areas of our network. It also allows us to view logs of all traffic crossing the various areas. Through the firewall, we can access logs and evidence of activity between our areas, whether within or from the data center to the Internet.

We like the way it protects our network, how easy it is to see and filter logs, and how easy it is to manage next-generation firewall policies.

The upgrade process for Check Point NGFW is not very simple, making it difficult to find the resources needed for the upgrade compared to competitors like Fortinet. Fortinet makes the upgrade process much more manageable. 

Check Point should start working on a new, more straightforward process. Perhaps a graphical interface where you can just click to initiate the upgrade, and it will automatically replace the nodes, starting with the secondary node in a cluster and then upgrading the primary node. This would make the process automatic with just one quick action, similar to what we see in competitors like Fortinet.

I have been using Check Point NGFW for ten years.

We're encountering some issues with the Check Point NGFW. They've stopped communicating with the manager, and sometimes, we cannot push policies from the manager to the FortiGate and Check Point. The latest versions we've been working with, especially the Check Point software, haven't been very stable.

I rate the solution's stability a seven out of ten.

There are performance issues with certain Check Point NGFW models, particularly when enabling multiple features. These issues are often related to CPU utilization, causing some traffic to slow down. Competitors like Fortinet offer greater scalability than Check Point. In equivalent models, Fortinet performs better with lower CPU usage for the same amount of traffic. However, it's worth noting that Check Point excels in traffic inspection and detecting malicious activities. 

While Fortinet may offer better performance, Check Point provides superior security capabilities. Check Point's scalability is not as efficient, as it consumes more CPU when handling higher traffic volumes. Therefore, if speed is a priority, Fortinet may be a better option, but for comprehensive traffic inspection and security, Check Point remains a strong choice despite its scalability limitations.

I rate the solution's scalability an eight out of ten.

The support engineers sometimes lack sufficient knowledge, making it very difficult to receive a prompt response to our problems. Sometimes, we need ten remote sessions with them before they assign someone capable of resolving the issue. They start escalating only after we complain to the managers. When we open a case, we are assigned a junior staff member who requests information, resulting in lengthy delays in communication.

Neutral

The initial step is much more complex than other methods. The integration process will be a bit simpler. It takes two days. You need to start by configuring the management IPs, then proceed to establish the connection to the manager using what they call the sync password. Finally, you need to start creating the policy that you want to use.

I rate the initial setup a seven out of ten, where one is difficult, and ten is easy.

The solution is expensive compared to Fortinet.

AI is more commonly utilized on the vendor rather than the client side. Therefore, they employ AI to enhance their product and understand and detect more threats that require attention, albeit with a turnaround time.

One should opt for Check Point if they have engineers or partners with expertise in Check Point because it's not the easiest product to work with. It's much simpler for someone who has never worked with Check Point or Fortinet to start with Fortinet, which is much easier to manage. However, if you possess the knowledge of the security blades in Check Point, they are superior to those in Fortinet, with the IPA.

Overall, I rate the solution an eight out of ten.