Check Point Quantum Force (NGFW) Reviews

My company had the need to replace the existing firewall cluster of our data center, due to the end of support and end of life of the model. The choice of our next firewall depended on the following:

1) Ease of use

2) Ease of deployment

3)Centralized Management

4) Remote Access VPN Support

5) Strong Forums and Community

6) Strong Technical Support in case of any failure

7) Training of administrators via vendor certifications

8) Reporting capabilities for capacity planning

We have many site-to-site VPNs with our partners; they access our platform via site-to-site VPNs, remote access VPNs, and the internet.

With the outstanding capabilities of Check Point, we managed to have stable site-to-site VPNs with all our partners and with every other vendor's devices. The remote access capabilities and features are considered very strong, since the settings are excessive, and focused on each customer's need. 

The IPS engine and all threat prevention features are considered stable. Central management of every firewall spread all over the world is achieved by setting up an SMS server, which makes our lives easier.

SMS server is considered very valuable, as Central management of every firewall spread all over the world is achieved by setting it up.

Remote Access VPN is used by our company for work-from-home purposes of our employees and for partners that need to access our resources.

Reporting of network interface traffic is very valuable since capacity planning for the next quarter or year takes place, and provides us with valid data.

Firewall access rules contain the negative choice.

IPS engine protects our infrastructure from malicious events.

NAT counters, ACL Counters.

Monitoring of the site-to-site VPNs and administration of the site-to-site VPNs (bring tunnel down, bring tunnel up) should be improved, as this will make the troubleshooting process easier, if something goes wrong, in order to understand which side has the issue.

As a company, we have the need to pass traffic from one site to site VPN to another, and this is not achieved directly via ACL policies; we need to create another VS environment in order to achieve it.

SmartEvent Settings and Policy GUI, and the rest of external apps should be improved.

I've used the solution for three years.

We use it for our core firewall and also for VPN.

It can be managed by many people. I have a team, and any of them can manage this firewall and make some changes. All the changes are combined into one policy.

Its usability is the best for me. As compared to Palo Alto, Juniper, or Cisco firewalls, Check Point firewall has the best user interface for management, reading logs, looking for some objects, and looking for policies.

It's expensive.

We have been using this solution for more than 15 years.

It's stable.

I don't know about its scalability because I haven't had to scale. I have a flat traffic rate.

I have 500 users. It's deployed across two data centers.

I contacted them sometimes but not very often. It was a good experience. I have contacts with the engineers in Check Point. They provide the right solution every time. I also use the Check Point support portal. They have many descriptions and solutions for some of the problems.

I have previously used Palo Alto, Juniper, and Cisco. Check Point NGFW is better than all of them. 

I changed from Cisco ASA. It was a long time ago. Cisco ASA was an old technology, whereas Check Point NGFW has better performance and better knowledge about applications.

It was easy for me because I have many years of experience. I could see its benefits within two or three months of deployment.

In terms of maintenance, it requires normal maintenance. Its maintenance is similar to other devices.

It's expensive, but its price is reasonable looking at its functionality and power.

Try many solutions and then choose the best one for you.

I'd rate Check Point NGFW a ten out of ten.

In the search to establish the best perimeter security while achieving standards, protection, reduced expenses, and additional benefits, we found this product. It allows us to see a low return on the investment that could be established. We like the Check Point brand, thanks to the characteristic benefits, evolution, and innovation that the brand has. It's allowed us to establish and meet the needs we have.

The state-of-the-art perimeter firewall we use today has great benefits and an outstanding number of available features put into place. The characteristics on offer have come to give an added value under a single investment, thus offering many advantages. We have achieved and a return on investment and the benefits are consistent with the expectations set in motion. We are managing to correct and protect not only one area, but we are putting into operation additional functions to achieve an appropriate level of security. 

We like that we can create different VPN services connected from site to site or remote desktop connections to establish connections from point to site or from site to site, thus giving us a really high capacity to establish and manage simultaneously. This has allowed us to be a little more flexible, giving each of the members of the organization the possibility of working from home and being able to interconnect with the different branches of our central service quickly, safely, and efficiently. 

The policy installation module should be improved. It needs to be faster and have a complete interface to manage and apply changes more quickly when creating a policy or wanting to modify an existing one. 

One of the features that has been getting better over time is the way you install and apply your policies. Before, they were very slow. Today, it has improved. That said, it could be a little faster and more efficient and thus achieve a fast, light, and efficient installation in the services that are being configured instantly when they are applied.

I've used the solution for one year.

Check Point Next Generation Firewall is one of the most secure and stable firewalls present in the market. the integration & implementation of Check Point Next Generation firewall took place due to security concerns, and we were impressed by what this product brings with it.

The integration of Check Point Next Generation Firewall in my organization has taken over one year or so, and it helps to segregate the internal network and build a secure VLAN that separates every department.

Scalability, end-to-end resolution, and customized productive services make Check Point Next Generation Firewall far better than the alternatives present in the market. It has services like navigation, control, and filtering that ensure that all users stay connected to business applications and helps restrict traffic.

The integration of Check Point Next Generation Firewall proved to be highly productive and scalable, and everything was offered at a lower price.

Check Point Next Generation Firewall helped out us drive innovation and growth in our organization. It provided a safe passage for system and data security via its services of navigation, control, and filtering. The product ensures that all users stay connected to business applications and helps restrict traffic.

Overall, the Check Point Next Generation Firewall protects us from all types of internal and external threats while being easy to use and set up.

The integration of the Check Point Next Generation Firewall in my organization has taken over one year. It helps to segregate the internal network and build a secure VLAN that separates every department.

We like the scalability, end-to-end resolution, and customized productive services. This makes Check Point Next Generation Firewall far better than any alternative present in the market.

It offers services like navigation, control, and filtering, which ensure that all users stay connected to business applications.

Check Point Next Generation Firewall Protects systems from all types of internal and external threats.

Check Point Next Generation Firewall requires frequent updates. They need to build a more user-friendly dashboard and have the implementation of more active VPN support.

Apart from this, Check Point Next Generation Firewall customer support service needs to be improved. They need to offer quicker resolution and maintenance during downtime.

Check Point Next Generation Firewall Protects from all types of internal and external attacks and is a must-have software for professionals and organizations.

It has been more than one year since I integrated Check Point NGFW.

I haven't been in integration with any other solution.

We decided on this solution after looking at reviews and comparing prices. Check Point proved to be the best option in the end. 

I would advise others to go for it. It's easy to set up and available at lower pricing than alternatives.

No, we did not evaluate other options. We just compared other alternatives from some review websites and decided to go for Check Point.

It's a must-integrate solution for professionals and organizations.

The primary use of Check Point NGFW is as a firewall that gives us the control of allowing in non-threatening traffic in and blocking malicious traffic. It is also a valuable tool that allows us to interconnect our remote sites via IPSEC VPN. 

This, alongside all of the basic blades such as Application Control, allows us to be granular when choosing what applications we allow within our organization and additionally filters based on categories combined with identity awareness. This allows us to be as granular as we would like with specific users/departments within our organization.

Check Point NGFW was one of the top contenders when we were looking to implement a new firewall strategy. 

We have had some issues with VPN tunnels specific to AWS, which were eventually resolved after a lengthy case however, other than that, the features offered are all great, and the firewall has done its job to my expectation. 

It is, however, difficult at times to read the actual documentation for the blades/appliance as it would appear that sometimes the terminology is incorrect or skewed, which leads to a longer implementation time.

As with any firewall, IPSEC VPN is the critical functionality. Not every organization has the budget to implement MPLS or SD-WAN, which makes IPSEC the go-to for site-to-site connectivity. 

Another critical blade/feature is the application control blade in combination with URL filtering. These two security features, tied together with identity awareness, are a game changer and allows an admin to be as granular as possible when blocking specific applications or allowing a specific application to a specific user/department within the organization

Being on R80.40, I am sure a bunch of features have already been implemented that I am not currently taking advantage of. However, one feature I have yet to see implemented is authenticated email support for alerts generated via the GW or SMS. As a security product, it is mind-blowing that this is not a thing today, and it only relies on SMTP un-authenticated to send emails to administrators. However, I'm not sure if that really applies to the firewall itself or if it is more so a topic of discussion for the SMS.

I've used the solution for five years.

We switched from SonicWall back in the day due to the feature sets available at the time.

We also evaluated Palo Alto.

We are using these Next Generations Firewalls to segregate and protect our data center and business-critical data from the user LAN. 

We have some of the resources behind these firewalls which should be allowed to a certain set of users only. This is done using the authentication against the Active Directory groups and only the designated users are allowed to access the contents based on the firewall rules. 

Along with this, we use IPS and Antivirus features to protect our most critical network.

The solution is great and simple to implement. It has improved the security posture and overall management of this segregated network.

We have this deployed globally across multiple sites and it's very easy to manage compared to other vendors. 

We have been using this solution now for a few years and never came across any issues. 

The documentation is simple to understand and is easily available. 

The support is also observed to be good and we never had to escalate the cases due to support issues.

We have been using Check Point NGFW to protect the business-critical data from the other networks and provide secured access to the users best on the authentication, integrated with the Active Directory. 

We have been using packet filtering, stateful inspection, and VPN awareness along with user authentication and have not observed any performance issues in the last several years. If you are looking for a solid solution that is very stable in nature, this is the best choice.

We have been using CheckPoint NGFW for quite some time now, and the only thing that could be improved is the upgrade procedure and the frequency of the hotfixes we get. 

We have this deployed in multiple sites globally and managed via the central management server. The upgrade is something we would like to be improved in the future as the frequency of hotfixes is too much, and by the time we finish the one round, we already have the new version released and are required to upgrade. We would like to see some improvement in this area.

I've used the solution for 15 years.

The stability is rock solid.

The solution is easily scalable.

It's been a long time since we started using this. When we decided to expand several years before and we decided to go ahead with Check Point and continued with Check Point. We reviewed a lot of other products from different vendors, however, his was chosen as the best by our engineering team and we decided to stick with this.

The set up is very simple and more straightforward than we thought.

The setup cost is pretty much the same as compared to the other vendors. The initial pricing could be slightly better, however, the licensing and maintenance cost is much better compared to the other similar products in the market.

Cisco and PaloAlto were the other options evaluated.

We have different cloud platforms within the organization and needed a solution that would allow us to control different aspects of them from one single platform, which has allowed us to manage and apply policies across all different locations. 

It has allowed us to be more efficient with compliance and maintenance of all different platforms; management of the users is now tighter, and fewer resources have to be invested in applying all the needed policies and levels of access based on company roles.

The product provides a full security posture for our cloud environment. We get complete visibility of all the workload hosted across all different platforms and all traffic coming in/ out of these cloud platforms. These policies are on 24/7 from any device, say desktop, laptop, mobile, etc. 

All this is pretty easy to set up and notifies any anomaly as soon as it arises for immediate attention/ correction; some of these issues will be addressed automatically and just let you know it was identified and solved.

The management console offers excellent visibility of all security options and configurations, also showing all the traffic from each user. 

Once you're working on a specific action, the interface will pop relevant information around past actions contradicting the new policy, showing you strictly where potential threats may come from. 

Admins and executives are more at ease with the compliance engine within the software as it measures how many of the security requirements we're compliant with, making their work much more accessible from that standpoint.

This is something that doesn't directly affect us. However, I know VMware is not supported by the platform. 

Also, it seems that plenty of features you may not know even exist unless you do some extensive, deep digging as they're not coming up in the initial configuration, so you have to go through the documentation to realize their existence. 

Support is really good, so you may rely on them to learn more about these coded features I'm talking about, also to make the proper calibration for the rules/policies you're applying as they may not turn the results expected from the first config.

We've used the solution for +2 years now.

I have a relatively small infrastructure, with a VMware Vsphere running all my servers on virtual machines. My network consists of approximately 30 workstations. The Check Point NGFW helps detect attacks against enterprise applications. 

It can enforce application functionality specific controls, monitor application data and content, and monitor HTTP, HTTPS, SMTP and other application protocols for better protection. I can audit applications running on my network, monitor their content and data, identify hosts on which applications are running, and identify users of the applications.

I have been using the Check Point NGFW as a primary firewall with all policies and rules configured on it. It helps as an Intrusion Detection System. This has improved my network performance as it illuminates suspicious activities before they reach the network. 

The network monitoring tool allows me to know who and what is hogging all the bandwidth and therefore apply it to remediate action and hence improve network performance. The Check Point NGFW helps me with QOS, during these times of work from home and virtual meetings, I can easily allocate required bandwidth to MS Teams, Zoom, and WebEx.

The most valuable features are the application and user control. This allows me to allow applications that encourage productivity and limit those that hinder productivity. The Network Address Translation (NAT) will always be a valuable feature as it allows me to turn my private cloud to the public at the click of a button and have secure control over the accessible servers/applications. sandboxing is also a valuable feature that allows the NGFW to act as an anti-malware, this would be largely helpful to prevent or minimize ransomware attacks.

Although very efficient, the product could be developed in a way that does not take a lot more system resources. It would be very useful if the Check Point NGFW was able to learn the environment and its user's real-time activities and automatically send only logs of interest to the security admin to actually force the security admin to review these logs since the logs are useless if not reviewed. Implementation and setup should be made as easy as possible. At times a misconfigured NGFW because of its complexity will be more of a vulnerability than protection.

I've used the solution for four years.

The stability is very good.

The scalability is very good.

Technical support is always on point.

Positive

We did use a different product. The previous solution was actually more complex to set up and had a high price.

The individual setup was complex. However, with the support of an expert on the solution, it became straightforward.

We used a vendor team. Their level of expertise was acceptable.

The ROI is on the positive side.

I'd advise users to find a local vendor of the solution they are looking into and compare all middleman pricing.

We also looked at Cisco Firepower.