Check Point Quantum Force (NGFW) Reviews

In our organization, we are using distributed device management. Here, management and distributed devices are separate deployments. Therefore, our management is very easy in our organization for traffic management. Here, tier architectures are used. That smart console, smart getaway, and management are different devices. Each device is connected to the other. 

Threat prevention is used as well. Basically, threat prevention is used for preventative management traffic entering into our internal organization. The hash value is used whether traffic is legitimate or not for distributed traffic. 

We are using Check Point for URL filtering. 

In our organization, we are using policy configurations where various policies are configured for internal to outside organization communication, and our DM's are there too. Various zones are created in our organization. 

For each particular zone, if I want to communicate with the external zone, then I need to create a policy for internal to external. Various rules can be created, particularly for organization communication outside the organization. It will be configured in our organization and four gateways are there allowing for our four different locations to communicate. 

In our HR deployment, hiring deployment, there is a new and legacy mode that we are currently using.

The distributed deployment is very helpful. This way, the burden on each device is less and management is very easy and CPU process utilization will be not high on a particular device - it'll be distributed on each device. Management is very easy.

We like that it is a next-generation firewall where hackers would need to inspect down to a seventh layer, an application layer, and that offers us better protection. 

The initial setup was straightforward.

The solution can scale.

We would like to see constant improvement in anti-malware functionality and anti-threat protection.

Various functions affect our organization's traffic performance.

They need more focus on the stability of IP security.

The organization has used the solution for five years, however, I only joined the company two years ago. 

It provides very good stability for traffic management and network flow. We monitor various locks that will be there for internal and external traffic. I'd like, however, more stability of IP security, more of that is needed. Sometimes there is an issue in IP security clarity.

The scale is currently very good. In our organization around 3000 or more employees use it. There is two IT personnel that will configure 30 Check Points, 13,500 gateways will be there and it will handle around 3000 plus employees. 

We will increase usage. Currently, one new branch will be open. They are also migrating from Fortinet to Check Point's firewall. The previous they did 40 deployments here, however, currently they're migrating to the Check Point next-generation firewall.

Tech support is very good. After logging the call, if there is an issue discovered, they are very supportive. They are helpful and responsive. We've very happy with them.

Positive

We used to use Fortinet, however, it did not go deep enough and check down to layer seven.

The initial setup was straightforward. That said, I wasn't part of the initial setup, as it was set up before I came to work with the organization.

I'm comfortable with the licensing. The pricing, for what you get, is pretty reasonable. 

I'm an end-user of the product. I don't have a specific business relationship with the company.

I'd rate the solution at a ten out of ten.

The primary use case of this solution is to protect the organization's LAN network from cyber threats.

With the help of Check Point NGFW, we are able to prevent attacks like phishing, ransomware, zero-day attacks, malware, etc.

The thing I like about this product is its capability of auto NAT and auto zone detection.

Service support can be improved.

I've been using the solution for the last year. 

The stability is the best.

The scalability is good.

Customer service and support can be improved.

Neutral

No, I did not use a different solution. 

The initial setup is easy.

We implemented it through our in-house team.

For the current market situation setup cost, pricing, and licensing look fine.

No, I did not evaluate other options.

The product is an excellent perimeter firewall solution. But compared to Palo Alto, the management console is critical. It's difficult to let customers understand the dashboard of the firewall because there are three distinct dashboards. The three dashboards include smart connect, Check Point Firewall dashboard and more. 

The solution is used by our organization for security purposes across small and medium banks in our country, who happen to be customers of our company. 

The architecture of the solution is extraordinary because when a Check Point Firewall protects a customer or organization, a DDoS attack can hardly occur. Another valuable feature is the real-time zero-day protection.  

The user interface needs to improve and should be user-friendly. The customer of this solution also needs to undergo training to use the solution dashboards, unlike products like Palo Alto. 

In the next release, Check Point can try to add the DDoS or web application firewall within the overall firewall. If Check Point is able to implement the aforementioned integration within the firewall module, then people don't need to buy each firewall separately. The comprehensive firewall addition will increase the sales volume of any next generation firewall because TCO (Total Cost of Ownership) will be low. 

I have been using Check Point NGFW for five years. 

I would rate the stability an eight out of ten. 

If you have the Maestro version, scalability is the best among all competitors. For large organizations that have ten thousand users, they don't need to bother about the extra cost of the Maestro version. For organizations with one or two thousand users, the Maestro version can be a luxury for them. 

The tech support is very helpful for Check Point NGFW. The support team even asks for remote access to resolve the problem immediately. But sometimes, it takes between eight to twelve hours to connect with a level three engineer to get the support. The response time needs to improve. I would rate the tech support a six out of ten. 

A firewall is a critical asset, and when there is a problem with the perimeter firewall, an individual cannot communicate outside the organization, so support is required immediately. 

Neutral

Our company's usual deployment model for the solution is on-premises because cross-border data transmission is prohibited. The installation of Check Point NGFW takes between seven to ten days (working five hours a day). For the banks who are customers of our company, we could only work for deployment after the usual banking hours, so it took longer. 

I can conclude that deployment and running the User Accessibility Test (UAT) can take a maximum of forty hours. Two engineers are needed to deploy Check Point NGFW. 

I have evaluated SentinelOne and CrowdStrike. The rollback feature of ransomware attacks in SentinelOne cannot be found in competitors. 

I would recommend Check Point NGFW over Palo Alto and Cisco as a complex security solution for a complex environment. I would rate the solution a ten out of ten. 

We use the solution as a perimeter and OT demarcation firewall. As we are a large utility company with a distributed network, Check Point plays a vital role in terms of network segmentation. Specifically, we need identity-aware authentication to give us the best VPN compared to other players in the market. 

Centralized management is a major plus of Check Point, which provides us with a better user experience. 

We use it to safeguard our office network on a routine basis. These firewalls protect against external threats, manage VPN access for remote users, and address various security scenarios. 

Our primary focus involves malware prevention, intrusion detection, and ensuring robust security measures to shield our office network from potential cyber threats originating from the internet. It serves as a traditional yet effective security system, providing comprehensive protection against hackers and potential risks associated with internet usage.

Check Point has a Purpose fit solution for our environment A lot of things need to be improved in Check Point NGFW. 

For example, their support team isn't very efficient and useful. The solution itself isn't easy to learn, making it hard for support to provide solutions. The design makes it so pockets (specific teams) have to work together when there's an issue, which creates a mess. Also, Check Point lacks competitive capabilities like SD-WAN and CGM app integration. 

Visibility needs improvement. For example, Fortinet shows all connected devices with IP addresses, MAC addresses, and sometimes usernames. More granular detail is crucial for security. 

Support efficiency, visibility, and adding competitive capabilities are key areas for improvement.

The product offers a robust and intuitive experience, catering to the essential needs of users. 

The Cleanup Rule's ability to discard unwanted traffic and the inclusion of default Autonomous Threat Prevention Profiles does simplify security measures; we're able to cater to various deployment scenarios. 

I was impressed by how easy it was to activate blades and implement them on a security gateway. 

The Smart Console's efficient user interface ensures that the changes to the policy are swiftly made. We're also able to maintain proper audit logs.

The solution requires improvements in the following areas:

- Having the Zone Alarm and the standalone endpoint VPN become compatible products. 

- Having Smart Console in-place upgrades with IP/fingerprint retention 

- A Mac version of the Smart Console.

- Streamlining of the endpoint solution and deployment options.

I've used the solution for ten years.

Technical support is excellent.

Positive

The initial setup was straightforward.

We implemented the solution through a vendor. They offered excellent support.

We use the product for safeguarding our office network on a routine basis. These firewalls protect against external threats, manage VPN access for remote users, and address various security scenarios. 

Our primary focus involves malware prevention, intrusion detection, and ensuring robust security measures to shield our office network from potential cyber threats originating from the internet. 

It serves as a traditional yet effective security system, providing comprehensive protection against hackers and potential risks associated with internet usage.

A lot of things need to be improved in Check Point NGFW. For example, their support team isn't very efficient and useful. The solution itself isn't easy to learn, making it hard for support to provide solutions. The design makes it so pockets (specific teams) have to work together when there's an issue, which creates a mess. 

Also, Check Point lacks competitive capabilities like SD-WAN and CGM app integration. And visibility needs improvement. For example, Fortinet shows all connected devices with IP addresses, Mac addresses, and sometimes usernames. More granular detail is crucial for security. 

Support efficiency, visibility, and adding competitive capabilities are key areas for improvement.

The product offers a robust and intuitive experience, catering to the essential needs of users. 

The Cleanup Rule's ability to discard unwanted traffic and the inclusion of default Autonomous Threat Prevention Profiles simplifies security measures, catering to various deployment scenarios. I was impressed by how easy it was to activate blades and implement them on a security gateway, with the process taking less than five minutes. 

Additionally, the Smart Console's clear and efficient user interface ensures that the changes to the policy are swiftly made, with the added benefit of maintaining proper audit logs.

Places for improvement include:

• Having a Zone Alarm and the standalone endpoint VPN that become compatible products.
• Having a Smart Console in-place upgrades with IP/fingerprint retention.
• Offering a Mac version of Smart Console.
• Integration of CPview and things like fw accel stat in the monitoring blade.
• No more legacy SmartDashboard for some features.
• Streamlining of the endpoint solution and deployment options and also offering the possibility to convert shared policy to unified policy when you run R80.X via some sort of wizard in a layer or so. This is a classical case for people who upgraded their R77 management.
• Offering a fixed deployment schedule for accumulator hotfixes. This would help us foresee maintenance windows in organizations with rigid change management procedures.
• Finding a way to restore the object search like in R77, where you could find any part of an object name and not a word in the object.
• Scheduling policy pushes in Smart Console.

I've used the solution for ten years.

It can function as either a standalone appliance or as part of a clustered solution, offering flexibility to suit the needs of various customers, ranging from small businesses to large enterprises. We have experience working with a diverse clientele across different industries, leveraging Check Point's solutions to provide comprehensive network security tailored to each organization's requirements.

Extracting data from the logs and utilizing the log analyzer tool provides valuable insights and enhances the product's overall effectiveness.

Managing a smaller number of firewalls is straightforward, but as the scale increases, especially with numerous firewall instances, the complexity grows significantly. Scalability should be improved.

I have been working with it for twenty years.

It offers good stability capabilities.

We've encountered challenges related to scalability, particularly with its performance slowing down as the volume of objects in the network grows.

While most engineers are typically responsive, there may be variations in their availability and response times. I would rate its customer service and support eight out of ten.

Positive

I also work with Fortinet, and I find it preferable because it offers a wider range of options. Additionally, its integrated package functions exceptionally well, with seamless coordination between services.

The initial setup process is typically straightforward for most customers. However, when comparing Check Point with other solutions like FortiGate, there's a notable difference in how policy rules are implemented. With Check Point, you need to install the entire policy each time you want to make changes, whereas FortiGate allows for more streamlined updates by simply accepting the modifications. This can sometimes add complexity to installing a new policy with Check Point.

The deployment time varies depending on the scale of the project. For small cases, it may only take a couple of minutes, while larger-scale deployments can span up to a month. Having a skilled engineer is crucial; one proficient engineer can handle the job effectively. Maintenance is relatively straightforward.

While it may be slightly more expensive, when compared with competition it is reasonable. Licenses are renewed annually.

Overall, I would rate it nine out of ten.

We brought all of our cloud platforms to Microsoft Azure. We needed a tool that would give us the security of regulating access control so that we could monitor our environment in case something was penetrating our internal network.

This was the primary movement for which the Check Point NGFW tool was acquired since we needed our collaborators to have secure access to the company's resources and applications since this tool provides us with the alerts and corrections that must be made when finding a security breach in our environment.

Check Point NGFW also provides a great capacity of features that help us apply them to the organization. It has web filtering limited to third parties, SSL encryption, and the application's administration is very simple and centralized since it helps us a lot in reporting and generating alerts.

The organization needed a tool that would provide various security functionalities in the organization, and so far, Check Point NGFW has helped us a lot. It has helped us by applying access control policies and limiting access to third parties and only those who must enter the organization to use resources and applications.

The application behaved very well with the Azure resources in the cloud; it helped us to prevent several security holes found with web filtering and internal DDoS attack.

Check Point NGFW can quickly identify where the attacks are coming from, provides detailed and complete information on the attacks, and provides zero-day attacks in real-time.

One of the valuable characteristics of Check Point NGFW is that it presents very centralized management. Due to this, it's improved our security throughout the organization and outside of it. Many collaborators work from their homes or different places and help us filter, limit of access to packet inspection with flexibility and speed that was not previously possible.

Other characteristics are the records that it shows us and generates depending on its configuration and they are very visible to be able to attack and correct in time, or when superiors ask us for administrative information in that part it provides great value.

As such, the tool provides what is expected in its security functionality. However, some points must be improved, such as the latency in the GUI entry. It takes a while to register and allow access to the administrative panel.

Another point where customer service should be improved, both in the administrative and technical fields. Support cases have been generated several times, and it takes time for the case to be resolved. In addition to that, the solutions need to attend to us. It takes a long time to coordinate a call since they do not handle a comprehensive schedule.

This solution has been used for approximately one year in the company.

The stability of the tool is good. We have not presented any problem even when an update is made.

The scalability presented by the tool is very good and flexible.

The experience has not been very good. That is one of the points that must be improved.

Positive

There was no type of tool that would supply these qualities.

The configuration of the tool is very simple and quick to install.

The installation was done jointly with an engineer provided by the supplier, and his capacity was good.

The prices are competitive. However, it is worth making an investment since, in the future, the profit will be seen against any environmental attack.

Check Point manages a good cost in its products and it is worth making the investment since this can prevent a collapse in the organization.

Check Point was always our first option. With this type of solution, many security teams are from Check Point.

The tool behaves well. The only improvement that I have seen that is necessary is to improve the latency when entering the application and they must improve the support.

My primary use case of Check Point's firewalls is to provide in-depth network filtering with advanced threat prevention, which can be set up simply using autonomous threat prevention where the firewall learns about the environment and then actions threat prevention based upon that. The threat prevention can also be custom-built for your environment. 

I also use the Check Point Always On VPN for remote endpoints, which allows users to authenticate and connect to the VPN pre-login without any input from the users.

It has improved my organization due to the in-depth security it provides. Check Point has a lot of security-focused features that provide a great level of network security. It has improved the security posture of the organization due to the granularity that can be set in the policies, such as using access roles to set user-based access, and time-based rules to only apply a specific firewall rule at a specific time. It has also improved my organization because of the in-depth troubleshooting steps that are made available to the end user, meaning we can troubleshoot issues easily, and troubleshooting steps can get very advanced.

I have found the VPN and the application control/URL filtering the most valuable features. The main reason for this is that the VPN blade allows easy VPN setup between two VPN gateways, allowing for not only site-to-site VPNs but also for remote users to connect to the Check Point gateways. This feature is easy to set up. Also, users can troubleshoot the VPNs very in-depth.

The application control and URL filtering features are valuable since they allow very granular control of what is coming in and out of a network. Instead of just allowing certain Layer 4 ports in/out of the network, specific applications can be allowed, which not only can tighten a security posture. It makes administering the product easier as, when a new app is rolled out, it can simply be added to the policy.

One feature that could be improved is the internet object in the application control/URL filtering blade. In most deployments, this works as it says it will. However, the object is based on topology, not internet IP ranges. This means that in certain scenarios (and likely a non-standard deployment), the internet object can not refer to the internet. This can be bypassed by creating a networking group containing class A, B & C networks and using this in the policy, right-clicking the group and ticking 'negate.' 

Another improvement would be to improve the simplicity of deploying SAML as an authentication option when connecting using a remote access VPN. Check Point's deployment guide is very in-depth. However, the process could be simpler.

I've used the solution for three years.

The stability is very good.

The scalability is good.

Support is very good from Check Point.

Positive

The initial setup can be straightforward or complex depending on the complexity of the environment. Usually, it is fairly straightforward.

We implemented the solution in-house.