Check Point Quantum Force (NGFW) Reviews

The product is an excellent perimeter firewall solution. But compared to Palo Alto, the management console is critical. It's difficult to let customers understand the dashboard of the firewall because there are three distinct dashboards. The three dashboards include smart connect, Check Point Firewall dashboard and more. 

The solution is used by our organization for security purposes across small and medium banks in our country, who happen to be customers of our company. 

The architecture of the solution is extraordinary because when a Check Point Firewall protects a customer or organization, a DDoS attack can hardly occur. Another valuable feature is the real-time zero-day protection.  

The user interface needs to improve and should be user-friendly. The customer of this solution also needs to undergo training to use the solution dashboards, unlike products like Palo Alto. 

In the next release, Check Point can try to add the DDoS or web application firewall within the overall firewall. If Check Point is able to implement the aforementioned integration within the firewall module, then people don't need to buy each firewall separately. The comprehensive firewall addition will increase the sales volume of any next generation firewall because TCO (Total Cost of Ownership) will be low. 

I have been using Check Point NGFW for five years. 

I would rate the stability an eight out of ten. 

If you have the Maestro version, scalability is the best among all competitors. For large organizations that have ten thousand users, they don't need to bother about the extra cost of the Maestro version. For organizations with one or two thousand users, the Maestro version can be a luxury for them. 

The tech support is very helpful for Check Point NGFW. The support team even asks for remote access to resolve the problem immediately. But sometimes, it takes between eight to twelve hours to connect with a level three engineer to get the support. The response time needs to improve. I would rate the tech support a six out of ten. 

A firewall is a critical asset, and when there is a problem with the perimeter firewall, an individual cannot communicate outside the organization, so support is required immediately. 

Neutral

Our company's usual deployment model for the solution is on-premises because cross-border data transmission is prohibited. The installation of Check Point NGFW takes between seven to ten days (working five hours a day). For the banks who are customers of our company, we could only work for deployment after the usual banking hours, so it took longer. 

I can conclude that deployment and running the User Accessibility Test (UAT) can take a maximum of forty hours. Two engineers are needed to deploy Check Point NGFW. 

I have evaluated SentinelOne and CrowdStrike. The rollback feature of ransomware attacks in SentinelOne cannot be found in competitors. 

I would recommend Check Point NGFW over Palo Alto and Cisco as a complex security solution for a complex environment. I would rate the solution a ten out of ten. 

We use the solution as a perimeter and OT demarcation firewall. As we are a large utility company with a distributed network, Check Point plays a vital role in terms of network segmentation. Specifically, we need identity-aware authentication to give us the best VPN compared to other players in the market. 

Centralized management is a major plus of Check Point, which provides us with a better user experience. 

We use it to safeguard our office network on a routine basis. These firewalls protect against external threats, manage VPN access for remote users, and address various security scenarios. 

Our primary focus involves malware prevention, intrusion detection, and ensuring robust security measures to shield our office network from potential cyber threats originating from the internet. It serves as a traditional yet effective security system, providing comprehensive protection against hackers and potential risks associated with internet usage.

Check Point has a Purpose fit solution for our environment A lot of things need to be improved in Check Point NGFW. 

For example, their support team isn't very efficient and useful. The solution itself isn't easy to learn, making it hard for support to provide solutions. The design makes it so pockets (specific teams) have to work together when there's an issue, which creates a mess. Also, Check Point lacks competitive capabilities like SD-WAN and CGM app integration. 

Visibility needs improvement. For example, Fortinet shows all connected devices with IP addresses, MAC addresses, and sometimes usernames. More granular detail is crucial for security. 

Support efficiency, visibility, and adding competitive capabilities are key areas for improvement.

The product offers a robust and intuitive experience, catering to the essential needs of users. 

The Cleanup Rule's ability to discard unwanted traffic and the inclusion of default Autonomous Threat Prevention Profiles does simplify security measures; we're able to cater to various deployment scenarios. 

I was impressed by how easy it was to activate blades and implement them on a security gateway. 

The Smart Console's efficient user interface ensures that the changes to the policy are swiftly made. We're also able to maintain proper audit logs.

The solution requires improvements in the following areas:

- Having the Zone Alarm and the standalone endpoint VPN become compatible products. 

- Having Smart Console in-place upgrades with IP/fingerprint retention 

- A Mac version of the Smart Console.

- Streamlining of the endpoint solution and deployment options.

I've used the solution for ten years.

Technical support is excellent.

Positive

The initial setup was straightforward.

We implemented the solution through a vendor. They offered excellent support.

We use the product for safeguarding our office network on a routine basis. These firewalls protect against external threats, manage VPN access for remote users, and address various security scenarios. 

Our primary focus involves malware prevention, intrusion detection, and ensuring robust security measures to shield our office network from potential cyber threats originating from the internet. 

It serves as a traditional yet effective security system, providing comprehensive protection against hackers and potential risks associated with internet usage.

A lot of things need to be improved in Check Point NGFW. For example, their support team isn't very efficient and useful. The solution itself isn't easy to learn, making it hard for support to provide solutions. The design makes it so pockets (specific teams) have to work together when there's an issue, which creates a mess. 

Also, Check Point lacks competitive capabilities like SD-WAN and CGM app integration. And visibility needs improvement. For example, Fortinet shows all connected devices with IP addresses, Mac addresses, and sometimes usernames. More granular detail is crucial for security. 

Support efficiency, visibility, and adding competitive capabilities are key areas for improvement.

The product offers a robust and intuitive experience, catering to the essential needs of users. 

The Cleanup Rule's ability to discard unwanted traffic and the inclusion of default Autonomous Threat Prevention Profiles simplifies security measures, catering to various deployment scenarios. I was impressed by how easy it was to activate blades and implement them on a security gateway, with the process taking less than five minutes. 

Additionally, the Smart Console's clear and efficient user interface ensures that the changes to the policy are swiftly made, with the added benefit of maintaining proper audit logs.

Places for improvement include:

• Having a Zone Alarm and the standalone endpoint VPN that become compatible products.
• Having a Smart Console in-place upgrades with IP/fingerprint retention.
• Offering a Mac version of Smart Console.
• Integration of CPview and things like fw accel stat in the monitoring blade.
• No more legacy SmartDashboard for some features.
• Streamlining of the endpoint solution and deployment options and also offering the possibility to convert shared policy to unified policy when you run R80.X via some sort of wizard in a layer or so. This is a classical case for people who upgraded their R77 management.
• Offering a fixed deployment schedule for accumulator hotfixes. This would help us foresee maintenance windows in organizations with rigid change management procedures.
• Finding a way to restore the object search like in R77, where you could find any part of an object name and not a word in the object.
• Scheduling policy pushes in Smart Console.

I've used the solution for ten years.

We brought all of our cloud platforms to Microsoft Azure. We needed a tool that would give us the security of regulating access control so that we could monitor our environment in case something was penetrating our internal network.

This was the primary movement for which the Check Point NGFW tool was acquired since we needed our collaborators to have secure access to the company's resources and applications since this tool provides us with the alerts and corrections that must be made when finding a security breach in our environment.

Check Point NGFW also provides a great capacity of features that help us apply them to the organization. It has web filtering limited to third parties, SSL encryption, and the application's administration is very simple and centralized since it helps us a lot in reporting and generating alerts.

The organization needed a tool that would provide various security functionalities in the organization, and so far, Check Point NGFW has helped us a lot. It has helped us by applying access control policies and limiting access to third parties and only those who must enter the organization to use resources and applications.

The application behaved very well with the Azure resources in the cloud; it helped us to prevent several security holes found with web filtering and internal DDoS attack.

Check Point NGFW can quickly identify where the attacks are coming from, provides detailed and complete information on the attacks, and provides zero-day attacks in real-time.

One of the valuable characteristics of Check Point NGFW is that it presents very centralized management. Due to this, it's improved our security throughout the organization and outside of it. Many collaborators work from their homes or different places and help us filter, limit of access to packet inspection with flexibility and speed that was not previously possible.

Other characteristics are the records that it shows us and generates depending on its configuration and they are very visible to be able to attack and correct in time, or when superiors ask us for administrative information in that part it provides great value.

As such, the tool provides what is expected in its security functionality. However, some points must be improved, such as the latency in the GUI entry. It takes a while to register and allow access to the administrative panel.

Another point where customer service should be improved, both in the administrative and technical fields. Support cases have been generated several times, and it takes time for the case to be resolved. In addition to that, the solutions need to attend to us. It takes a long time to coordinate a call since they do not handle a comprehensive schedule.

This solution has been used for approximately one year in the company.

The stability of the tool is good. We have not presented any problem even when an update is made.

The scalability presented by the tool is very good and flexible.

The experience has not been very good. That is one of the points that must be improved.

Positive

There was no type of tool that would supply these qualities.

The configuration of the tool is very simple and quick to install.

The installation was done jointly with an engineer provided by the supplier, and his capacity was good.

The prices are competitive. However, it is worth making an investment since, in the future, the profit will be seen against any environmental attack.

Check Point manages a good cost in its products and it is worth making the investment since this can prevent a collapse in the organization.

Check Point was always our first option. With this type of solution, many security teams are from Check Point.

The tool behaves well. The only improvement that I have seen that is necessary is to improve the latency when entering the application and they must improve the support.

My primary use case of Check Point's firewalls is to provide in-depth network filtering with advanced threat prevention, which can be set up simply using autonomous threat prevention where the firewall learns about the environment and then actions threat prevention based upon that. The threat prevention can also be custom-built for your environment. 

I also use the Check Point Always On VPN for remote endpoints, which allows users to authenticate and connect to the VPN pre-login without any input from the users.

It has improved my organization due to the in-depth security it provides. Check Point has a lot of security-focused features that provide a great level of network security. It has improved the security posture of the organization due to the granularity that can be set in the policies, such as using access roles to set user-based access, and time-based rules to only apply a specific firewall rule at a specific time. It has also improved my organization because of the in-depth troubleshooting steps that are made available to the end user, meaning we can troubleshoot issues easily, and troubleshooting steps can get very advanced.

I have found the VPN and the application control/URL filtering the most valuable features. The main reason for this is that the VPN blade allows easy VPN setup between two VPN gateways, allowing for not only site-to-site VPNs but also for remote users to connect to the Check Point gateways. This feature is easy to set up. Also, users can troubleshoot the VPNs very in-depth.

The application control and URL filtering features are valuable since they allow very granular control of what is coming in and out of a network. Instead of just allowing certain Layer 4 ports in/out of the network, specific applications can be allowed, which not only can tighten a security posture. It makes administering the product easier as, when a new app is rolled out, it can simply be added to the policy.

One feature that could be improved is the internet object in the application control/URL filtering blade. In most deployments, this works as it says it will. However, the object is based on topology, not internet IP ranges. This means that in certain scenarios (and likely a non-standard deployment), the internet object can not refer to the internet. This can be bypassed by creating a networking group containing class A, B & C networks and using this in the policy, right-clicking the group and ticking 'negate.' 

Another improvement would be to improve the simplicity of deploying SAML as an authentication option when connecting using a remote access VPN. Check Point's deployment guide is very in-depth. However, the process could be simpler.

I've used the solution for three years.

The stability is very good.

The scalability is good.

Support is very good from Check Point.

Positive

The initial setup can be straightforward or complex depending on the complexity of the environment. Usually, it is fairly straightforward.

We implemented the solution in-house.

My company had the need to replace the existing firewall cluster of our data center, due to the end of support and end of life of the model. The choice of our next firewall depended on the following:

1) Ease of use

2) Ease of deployment

3)Centralized Management

4) Remote Access VPN Support

5) Strong Forums and Community

6) Strong Technical Support in case of any failure

7) Training of administrators via vendor certifications

8) Reporting capabilities for capacity planning

We have many site-to-site VPNs with our partners; they access our platform via site-to-site VPNs, remote access VPNs, and the internet.

With the outstanding capabilities of Check Point, we managed to have stable site-to-site VPNs with all our partners and with every other vendor's devices. The remote access capabilities and features are considered very strong, since the settings are excessive, and focused on each customer's need. 

The IPS engine and all threat prevention features are considered stable. Central management of every firewall spread all over the world is achieved by setting up an SMS server, which makes our lives easier.

SMS server is considered very valuable, as Central management of every firewall spread all over the world is achieved by setting it up.

Remote Access VPN is used by our company for work-from-home purposes of our employees and for partners that need to access our resources.

Reporting of network interface traffic is very valuable since capacity planning for the next quarter or year takes place, and provides us with valid data.

Firewall access rules contain the negative choice.

IPS engine protects our infrastructure from malicious events.

NAT counters, ACL Counters.

Monitoring of the site-to-site VPNs and administration of the site-to-site VPNs (bring tunnel down, bring tunnel up) should be improved, as this will make the troubleshooting process easier, if something goes wrong, in order to understand which side has the issue.

As a company, we have the need to pass traffic from one site to site VPN to another, and this is not achieved directly via ACL policies; we need to create another VS environment in order to achieve it.

SmartEvent Settings and Policy GUI, and the rest of external apps should be improved.

I've used the solution for three years.

We use it for our core firewall and also for VPN.

It can be managed by many people. I have a team, and any of them can manage this firewall and make some changes. All the changes are combined into one policy.

Its usability is the best for me. As compared to Palo Alto, Juniper, or Cisco firewalls, Check Point firewall has the best user interface for management, reading logs, looking for some objects, and looking for policies.

It's expensive.

We have been using this solution for more than 15 years.

It's stable.

I don't know about its scalability because I haven't had to scale. I have a flat traffic rate.

I have 500 users. It's deployed across two data centers.

I contacted them sometimes but not very often. It was a good experience. I have contacts with the engineers in Check Point. They provide the right solution every time. I also use the Check Point support portal. They have many descriptions and solutions for some of the problems.

I have previously used Palo Alto, Juniper, and Cisco. Check Point NGFW is better than all of them. 

I changed from Cisco ASA. It was a long time ago. Cisco ASA was an old technology, whereas Check Point NGFW has better performance and better knowledge about applications.

It was easy for me because I have many years of experience. I could see its benefits within two or three months of deployment.

In terms of maintenance, it requires normal maintenance. Its maintenance is similar to other devices.

It's expensive, but its price is reasonable looking at its functionality and power.

Try many solutions and then choose the best one for you.

I'd rate Check Point NGFW a ten out of ten.

The primary use of Check Point NGFW is as a firewall that gives us the control of allowing in non-threatening traffic in and blocking malicious traffic. It is also a valuable tool that allows us to interconnect our remote sites via IPSEC VPN. 

This, alongside all of the basic blades such as Application Control, allows us to be granular when choosing what applications we allow within our organization and additionally filters based on categories combined with identity awareness. This allows us to be as granular as we would like with specific users/departments within our organization.

Check Point NGFW was one of the top contenders when we were looking to implement a new firewall strategy. 

We have had some issues with VPN tunnels specific to AWS, which were eventually resolved after a lengthy case however, other than that, the features offered are all great, and the firewall has done its job to my expectation. 

It is, however, difficult at times to read the actual documentation for the blades/appliance as it would appear that sometimes the terminology is incorrect or skewed, which leads to a longer implementation time.

As with any firewall, IPSEC VPN is the critical functionality. Not every organization has the budget to implement MPLS or SD-WAN, which makes IPSEC the go-to for site-to-site connectivity. 

Another critical blade/feature is the application control blade in combination with URL filtering. These two security features, tied together with identity awareness, are a game changer and allows an admin to be as granular as possible when blocking specific applications or allowing a specific application to a specific user/department within the organization

Being on R80.40, I am sure a bunch of features have already been implemented that I am not currently taking advantage of. However, one feature I have yet to see implemented is authenticated email support for alerts generated via the GW or SMS. As a security product, it is mind-blowing that this is not a thing today, and it only relies on SMTP un-authenticated to send emails to administrators. However, I'm not sure if that really applies to the firewall itself or if it is more so a topic of discussion for the SMS.

I've used the solution for five years.

We switched from SonicWall back in the day due to the feature sets available at the time.

We also evaluated Palo Alto.