Check Point Quantum Force (NGFW) Reviews

We use the NGFW to give security and protection to our local network and internet user from internet threats like viruses, worms, bots, and intrusion. 

We also use it to control the internet URLs accessed by the user. We subscribe to two internet service providers with total bandwidth available of 450 Mbps and we have more than 700 internet users connected. 

Check Point's firewall does a good job of protecting the user from malicious threats. It is able to run smoothly without being a bottleneck in the network. 

Check Point NGFW helps us to secure our user's computer and our server and therefore helps us to maintain business operations. It has important features like an intrusion prevention system, anti-virus, and anti-bot capabilities. 

It also helps us manage bandwidth efficiently by managing what website is allowed to access by users. 

We're limiting user access to websites with high bandwidth demand like video streaming and social media, of forbidden websites like adult websites. 

We can manage which users have access to certain websites.

The antivirus, antibot, and intrusion prevention systems are great. It's very important due to the fact that to prevent is better than to recover. The features play a critical role in preventing any security incidents from happening and minimalizing them before they become bigger problems. 

Its URL filtering feature is great. We can manage which users are allowed access to which websites at a certain time. We can also manage which application is allowed and forbidden for the users. 

Check Point has a vast list of applications it is able to manage - from torrents to games, social media, etc. 

The product could provide an easier user interface and management, by combining all functions (network and policy configuration) into one single application rather than splitting it into different applications. 

Users will also really appreciate it if Check Point provides a free management and logfile analysis module. In the existing setup, a user must pay an extra subscription fee to have access to the firewall management module. It makes the user without a subscription unable to fully gain insight from the firewall log file so they are unable to fully utilize the device

I've used the solution for four years.

It's stable. The system runs with minimal problems. I said minimal because yes there were problems. In 4 years using checkpoint, we have maybe 2 major problem. One was hardware modul failure, that replaced as soon as possible by support team, and the other was software/configuration problem, that get solved also with the help of support team

It has the ability to scale depending on the product model.

They provide good support, depending on your troubles. For more complicated requests, maybe you will have to pay.

Check Point is the company's first NGFW.

The initial setup is simple, however, customizing it could be complex.

We implemented the solution through a vendor team. The score I'd give for their expertise is seven out of ten.

if you pay for the setup cost, make sure you get it set up exactly as you need it to be.

We looked into Sophos, Sangfor, and Palo Alto.

We use the solution for the DMZ firewall. It's very common and very easy to make configuration, Having IPsec for tunneling solutions with third-party routers and firewalls with other branch offices is very helpful. 

It offers support for segmentation networks. 

The geolocation feature makes it so that our company can easily allow or block a location of IP and can integrate with our SOC or our log management system. 

URL filtering is very powerful for blocking malicious connections. 

The user interface is very cool and easy to use. It has anti-DDOS protection which is very useful too.

The solution is very helpful. Using Check Point helps our security team with mitigation and prevention with an easy user interface and configuration. 

Anti-malware and URL filtering can mitigation many malicious activity and log for event easy for us to send to our security operation center team, for internet solutions we use load balancing method with a round-robin algorithm which is very very helpful for internal user solution for accessing the internet with redundant availability.

URL filtering and anti-malware protection at=re the most useful as those can mitigate many malicious events and make connections between users and the internet safe. It's faster with the load balancing method and supports a round-robin algorithm. This firewall in our environment has high availability or cluster system which makes our availability higher, especially for business continuation plans. Support for troubleshooting and maintenance cases is great. They are very helpful and fast at solving many problems.

The network automation and security automation could be better. We need integration with more third-party security solutions.

We need two-factor authentication solutions for the virtual private network solution. We need a firewall or NGAV/EDR with lightweight resources that is still powerful for blocking and preventing attacks and malicious activity. 

We need enhancement for our perimeter for our security zone, especially for network access control with portal authentication. 

I've been using the solution for five years.

We did use a different solution. We switched as we need more enhancements. 

We also looked into Fortinet.

In our organization, we are using distributed device management. Here, management and distributed devices are separate deployments. Therefore, our management is very easy in our organization for traffic management. Here, tier architectures are used. That smart console, smart getaway, and management are different devices. Each device is connected to the other. 

Threat prevention is used as well. Basically, threat prevention is used for preventative management traffic entering into our internal organization. The hash value is used whether traffic is legitimate or not for distributed traffic. 

We are using Check Point for URL filtering. 

In our organization, we are using policy configurations where various policies are configured for internal to outside organization communication, and our DM's are there too. Various zones are created in our organization. 

For each particular zone, if I want to communicate with the external zone, then I need to create a policy for internal to external. Various rules can be created, particularly for organization communication outside the organization. It will be configured in our organization and four gateways are there allowing for our four different locations to communicate. 

In our HR deployment, hiring deployment, there is a new and legacy mode that we are currently using.

The distributed deployment is very helpful. This way, the burden on each device is less and management is very easy and CPU process utilization will be not high on a particular device - it'll be distributed on each device. Management is very easy.

We like that it is a next-generation firewall where hackers would need to inspect down to a seventh layer, an application layer, and that offers us better protection. 

The initial setup was straightforward.

The solution can scale.

We would like to see constant improvement in anti-malware functionality and anti-threat protection.

Various functions affect our organization's traffic performance.

They need more focus on the stability of IP security.

The organization has used the solution for five years, however, I only joined the company two years ago. 

It provides very good stability for traffic management and network flow. We monitor various locks that will be there for internal and external traffic. I'd like, however, more stability of IP security, more of that is needed. Sometimes there is an issue in IP security clarity.

The scale is currently very good. In our organization around 3000 or more employees use it. There is two IT personnel that will configure 30 Check Points, 13,500 gateways will be there and it will handle around 3000 plus employees. 

We will increase usage. Currently, one new branch will be open. They are also migrating from Fortinet to Check Point's firewall. The previous they did 40 deployments here, however, currently they're migrating to the Check Point next-generation firewall.

Tech support is very good. After logging the call, if there is an issue discovered, they are very supportive. They are helpful and responsive. We've very happy with them.

Positive

We used to use Fortinet, however, it did not go deep enough and check down to layer seven.

The initial setup was straightforward. That said, I wasn't part of the initial setup, as it was set up before I came to work with the organization.

I'm comfortable with the licensing. The pricing, for what you get, is pretty reasonable. 

I'm an end-user of the product. I don't have a specific business relationship with the company.

I'd rate the solution at a ten out of ten.

The primary use case of this solution is to protect the organization's LAN network from cyber threats.

With the help of Check Point NGFW, we are able to prevent attacks like phishing, ransomware, zero-day attacks, malware, etc.

The thing I like about this product is its capability of auto NAT and auto zone detection.

Service support can be improved.

I've been using the solution for the last year. 

The stability is the best.

The scalability is good.

Customer service and support can be improved.

Neutral

No, I did not use a different solution. 

The initial setup is easy.

We implemented it through our in-house team.

For the current market situation setup cost, pricing, and licensing look fine.

No, I did not evaluate other options.

We utilize the Check Point NGFW to segregate our environment, separating our network to filter traffic between segments. Additionally, we leverage its features such as IPS, antivirus, and more, making it the foundation for all the Check Point features we use.

Check Point enables us to secure all our networks by segregating the different areas of our network. It also allows us to view logs of all traffic crossing the various areas. Through the firewall, we can access logs and evidence of activity between our areas, whether within or from the data center to the Internet.

We like the way it protects our network, how easy it is to see and filter logs, and how easy it is to manage next-generation firewall policies.

The upgrade process for Check Point NGFW is not very simple, making it difficult to find the resources needed for the upgrade compared to competitors like Fortinet. Fortinet makes the upgrade process much more manageable. 

Check Point should start working on a new, more straightforward process. Perhaps a graphical interface where you can just click to initiate the upgrade, and it will automatically replace the nodes, starting with the secondary node in a cluster and then upgrading the primary node. This would make the process automatic with just one quick action, similar to what we see in competitors like Fortinet.

I have been using Check Point NGFW for ten years.

We're encountering some issues with the Check Point NGFW. They've stopped communicating with the manager, and sometimes, we cannot push policies from the manager to the FortiGate and Check Point. The latest versions we've been working with, especially the Check Point software, haven't been very stable.

I rate the solution's stability a seven out of ten.

There are performance issues with certain Check Point NGFW models, particularly when enabling multiple features. These issues are often related to CPU utilization, causing some traffic to slow down. Competitors like Fortinet offer greater scalability than Check Point. In equivalent models, Fortinet performs better with lower CPU usage for the same amount of traffic. However, it's worth noting that Check Point excels in traffic inspection and detecting malicious activities. 

While Fortinet may offer better performance, Check Point provides superior security capabilities. Check Point's scalability is not as efficient, as it consumes more CPU when handling higher traffic volumes. Therefore, if speed is a priority, Fortinet may be a better option, but for comprehensive traffic inspection and security, Check Point remains a strong choice despite its scalability limitations.

I rate the solution's scalability an eight out of ten.

The support engineers sometimes lack sufficient knowledge, making it very difficult to receive a prompt response to our problems. Sometimes, we need ten remote sessions with them before they assign someone capable of resolving the issue. They start escalating only after we complain to the managers. When we open a case, we are assigned a junior staff member who requests information, resulting in lengthy delays in communication.

Neutral

The initial step is much more complex than other methods. The integration process will be a bit simpler. It takes two days. You need to start by configuring the management IPs, then proceed to establish the connection to the manager using what they call the sync password. Finally, you need to start creating the policy that you want to use.

I rate the initial setup a seven out of ten, where one is difficult, and ten is easy.

The solution is expensive compared to Fortinet.

AI is more commonly utilized on the vendor rather than the client side. Therefore, they employ AI to enhance their product and understand and detect more threats that require attention, albeit with a turnaround time.

One should opt for Check Point if they have engineers or partners with expertise in Check Point because it's not the easiest product to work with. It's much simpler for someone who has never worked with Check Point or Fortinet to start with Fortinet, which is much easier to manage. However, if you possess the knowledge of the security blades in Check Point, they are superior to those in Fortinet, with the IPA.

Overall, I rate the solution an eight out of ten.

The product is an excellent perimeter firewall solution. But compared to Palo Alto, the management console is critical. It's difficult to let customers understand the dashboard of the firewall because there are three distinct dashboards. The three dashboards include smart connect, Check Point Firewall dashboard and more. 

The solution is used by our organization for security purposes across small and medium banks in our country, who happen to be customers of our company. 

The architecture of the solution is extraordinary because when a Check Point Firewall protects a customer or organization, a DDoS attack can hardly occur. Another valuable feature is the real-time zero-day protection.  

The user interface needs to improve and should be user-friendly. The customer of this solution also needs to undergo training to use the solution dashboards, unlike products like Palo Alto. 

In the next release, Check Point can try to add the DDoS or web application firewall within the overall firewall. If Check Point is able to implement the aforementioned integration within the firewall module, then people don't need to buy each firewall separately. The comprehensive firewall addition will increase the sales volume of any next generation firewall because TCO (Total Cost of Ownership) will be low. 

I have been using Check Point NGFW for five years. 

I would rate the stability an eight out of ten. 

If you have the Maestro version, scalability is the best among all competitors. For large organizations that have ten thousand users, they don't need to bother about the extra cost of the Maestro version. For organizations with one or two thousand users, the Maestro version can be a luxury for them. 

The tech support is very helpful for Check Point NGFW. The support team even asks for remote access to resolve the problem immediately. But sometimes, it takes between eight to twelve hours to connect with a level three engineer to get the support. The response time needs to improve. I would rate the tech support a six out of ten. 

A firewall is a critical asset, and when there is a problem with the perimeter firewall, an individual cannot communicate outside the organization, so support is required immediately. 

Neutral

Our company's usual deployment model for the solution is on-premises because cross-border data transmission is prohibited. The installation of Check Point NGFW takes between seven to ten days (working five hours a day). For the banks who are customers of our company, we could only work for deployment after the usual banking hours, so it took longer. 

I can conclude that deployment and running the User Accessibility Test (UAT) can take a maximum of forty hours. Two engineers are needed to deploy Check Point NGFW. 

I have evaluated SentinelOne and CrowdStrike. The rollback feature of ransomware attacks in SentinelOne cannot be found in competitors. 

I would recommend Check Point NGFW over Palo Alto and Cisco as a complex security solution for a complex environment. I would rate the solution a ten out of ten. 

It can function as either a standalone appliance or as part of a clustered solution, offering flexibility to suit the needs of various customers, ranging from small businesses to large enterprises. We have experience working with a diverse clientele across different industries, leveraging Check Point's solutions to provide comprehensive network security tailored to each organization's requirements.

Extracting data from the logs and utilizing the log analyzer tool provides valuable insights and enhances the product's overall effectiveness.

Managing a smaller number of firewalls is straightforward, but as the scale increases, especially with numerous firewall instances, the complexity grows significantly. Scalability should be improved.

I have been working with it for twenty years.

It offers good stability capabilities.

We've encountered challenges related to scalability, particularly with its performance slowing down as the volume of objects in the network grows.

While most engineers are typically responsive, there may be variations in their availability and response times. I would rate its customer service and support eight out of ten.

Positive

I also work with Fortinet, and I find it preferable because it offers a wider range of options. Additionally, its integrated package functions exceptionally well, with seamless coordination between services.

The initial setup process is typically straightforward for most customers. However, when comparing Check Point with other solutions like FortiGate, there's a notable difference in how policy rules are implemented. With Check Point, you need to install the entire policy each time you want to make changes, whereas FortiGate allows for more streamlined updates by simply accepting the modifications. This can sometimes add complexity to installing a new policy with Check Point.

The deployment time varies depending on the scale of the project. For small cases, it may only take a couple of minutes, while larger-scale deployments can span up to a month. Having a skilled engineer is crucial; one proficient engineer can handle the job effectively. Maintenance is relatively straightforward.

While it may be slightly more expensive, when compared with competition it is reasonable. Licenses are renewed annually.

Overall, I would rate it nine out of ten.

We brought all of our cloud platforms to Microsoft Azure. We needed a tool that would give us the security of regulating access control so that we could monitor our environment in case something was penetrating our internal network.

This was the primary movement for which the Check Point NGFW tool was acquired since we needed our collaborators to have secure access to the company's resources and applications since this tool provides us with the alerts and corrections that must be made when finding a security breach in our environment.

Check Point NGFW also provides a great capacity of features that help us apply them to the organization. It has web filtering limited to third parties, SSL encryption, and the application's administration is very simple and centralized since it helps us a lot in reporting and generating alerts.

The organization needed a tool that would provide various security functionalities in the organization, and so far, Check Point NGFW has helped us a lot. It has helped us by applying access control policies and limiting access to third parties and only those who must enter the organization to use resources and applications.

The application behaved very well with the Azure resources in the cloud; it helped us to prevent several security holes found with web filtering and internal DDoS attack.

Check Point NGFW can quickly identify where the attacks are coming from, provides detailed and complete information on the attacks, and provides zero-day attacks in real-time.

One of the valuable characteristics of Check Point NGFW is that it presents very centralized management. Due to this, it's improved our security throughout the organization and outside of it. Many collaborators work from their homes or different places and help us filter, limit of access to packet inspection with flexibility and speed that was not previously possible.

Other characteristics are the records that it shows us and generates depending on its configuration and they are very visible to be able to attack and correct in time, or when superiors ask us for administrative information in that part it provides great value.

As such, the tool provides what is expected in its security functionality. However, some points must be improved, such as the latency in the GUI entry. It takes a while to register and allow access to the administrative panel.

Another point where customer service should be improved, both in the administrative and technical fields. Support cases have been generated several times, and it takes time for the case to be resolved. In addition to that, the solutions need to attend to us. It takes a long time to coordinate a call since they do not handle a comprehensive schedule.

This solution has been used for approximately one year in the company.

The stability of the tool is good. We have not presented any problem even when an update is made.

The scalability presented by the tool is very good and flexible.

The experience has not been very good. That is one of the points that must be improved.

Positive

There was no type of tool that would supply these qualities.

The configuration of the tool is very simple and quick to install.

The installation was done jointly with an engineer provided by the supplier, and his capacity was good.

The prices are competitive. However, it is worth making an investment since, in the future, the profit will be seen against any environmental attack.

Check Point manages a good cost in its products and it is worth making the investment since this can prevent a collapse in the organization.

Check Point was always our first option. With this type of solution, many security teams are from Check Point.

The tool behaves well. The only improvement that I have seen that is necessary is to improve the latency when entering the application and they must improve the support.