Check Point Quantum Force (NGFW) Reviews

We are a financial institution and we use Check Point as a firewall that is positioned for external connections, like the Internet, leased lines, and site-to-site VPNs for other companies. Check Point protects our mobile applications connected to the internet, as well as the main company website. Some firewalls are positioned on some of our HQs.

We're on version R80.40 (some minor firewalls are on R80.30) and we use 13000, 23000, and 26000 series appliances. We use Application Control, Identity Awareness, IPS, URL Filtering, Anti-bot, Antivirus, Threat extraction, and Threat emulation blades.

I've been in the same company for 11 years, and Check Point has been running in a stable manner for our company's main internet connection (and 7 years before that).

It has protected our main applications successfully without any performance drops, and with its flawless logging capabilities, we were able to pinpoint any issues every time.

The management is also the best among any other firewall, with the convenience to create the objects and rules on the same page. This has helped us save time on operations. We can use APIs to create objects and rules to easily finish some projects.

The best features are the stability and the performance of the firewall and its software blades, simplicity to write the firewall rules on its GUI, and its logging capabilities.

The firewalls are working stably, without any interruptions. As we planned our capacity well, we've never had any performance issues.

The firewall rule writing and object creation are the best and simplest I've seen on a firewall (I've looked at 6 different vendors). I often wonder why the other vendors don't do it Check Point's way.

To see the logs, we can search like a search engine, and we can combine different search strings to pinpoint the interesting traffic.

The product can be improved with fewer hotfixes, and if more generally available jumbo hotfixes were used.

We don't often hit bugs. It's perfectly normal for an NGFW device as other vendors are always fixing bugs too. However, when we hit a bug, the support team recommends some hotfix, and if we upgrade to that, we have to uninstall it before we apply some newer jumbo hotfix. If those fixes were included in a fast manner in the jumbo hotfix (as jumbo hotfixes are tested thoroughly for general availability), it would be ideal.

I've used the solution for 11 years.

Check Point's Next Generation Firewall has definitely improved our organization as we previously used a Linux firewall and we have had to manually configure internet control measures. When it comes to configuring firewall policies it was time-consuming. This has been taken care of by Check Point's Next Generation firewall. Even the integration to the Active Directory has been made to be seamless and requires a minimum effort from our security and network administrators. The technologies that are in place are amazing. For example, the Threat Extraction and Threat Emulation technologies. The Sandbox technology, or Threat Cloud, is world-class.

The remote access blade functionality is really valuable as we now need to just install the client on the user's machines and the client can be preconfigured with the site details. This makes our lives very simple. The logging of the firewall is also phenomenal as it is very granular and very easy to filter. 

The Application control blade is another valuable feature as we now only need to create a rule to be applied and to specify the applicable application which is categorized. The ability to configure dynamic objects, for example, Microsoft Office 365, is also a valuable feature.

The reports are very detailed and the variety is amazing. It caters to everything and is even more that what we had bargained for. They are also customizable, which makes them extremely valuable to us. 

Another great feature is the ability to publish corporate applications in a secure web environment.

Many problems have been solved with these firewalls and we've largely been very satisfied. Thanks to this infrastructure that we have managed, in this pandemic time, to quickly and effectively offer the potential to remotely work for everyone has been good. 

Also important is the separate management interface that has made it possible to carry out even the most operations while comfortably seated at the desk. It provides multiple profiles that you can apply depending on the scenario that presents itself.

It takes a while to install the rules so that if you make a mistake you can only fix it after a few minutes. There's no problem with traffic processing. 

Sometimes you are forced to interact on several levels: on the one hand, you put in the rules, and on the other, you put in the route. The predefined reports are few and it would be nice to increase them since the logs are excellent.

In my work experience, I have been able to use multiple firewall platforms. There are only two valid ones for me and one of them is definitely Check Point. The others charge less but there is a reason for that. It is a good idea to think carefully before rather than after you suffer from a serious attack.

We have been using the solution for three years now.

For me, the solution has been stable. Perhaps running it on a small scale helps.

I like the fact that it's so simple to scale.

I find the support to be very prompt. They go the extra mile to assist and are thorough in their troubleshooting.

I did not use a different solution, however, I came to know about this product while I was working for a company called Syrex.

It was set up for us by a company I used to work for.

It was through a vendor, and they were very good and did it on time as they promised.

A stable and fully functioning solution has enabled us to focus on other aspects of growing the business.

I looked at Fortigate, and it was not as clearly defined, and easy to follow as Check Point is.

Check Point does cost a lot, but for me, it's worth the money I paid.

Some of the products are easier to deploy. For example, the Harmony products are simpler as they have a per user/per device pricing model.

We use Check Point Gateways for securing our data centers including DMZ networks as well as gateways for our branch offices around the world. They are connected via MPLS, internet, or site-to-site VPNs depending on the branch connectivity.

A minimum standard for the whole environment is the NGFW. Firewall rules according to our security policy. VPN for site-to-site tunnels to our own gateways or to partners and customers. IPS is set primarily to prevent, and for some signatures to detect. 

Application Control is still in the early stages.

Firewalling is one of Check Point's core business attributes, and it just works.

Creating site-to-site VPNs between Check Point Gateways that are within the same management is unbelievably easy. If you create VPNs for 3rd parties and there are mismatches or issues, you will see logs that help pinpoint issues or misconfiguration.

Application control help with identifying applications and therefore makes firewall rules easier since changing ports don't have to be adapted every time an application changes or updates.

Generally speaking, all features are well documented and the two platforms help with configuration. Documentation and knowledgebase articles in the user center as well as user recommendation within the forums are great. The Admin Guides are really well documented, but it's a lot to read.

Check Point helps a lot with automatization which definitely reduces the effort to maintain the environment. The best example would be the CDT tool which helps with decreasing the amount of time for upgrading whole environments.

The policy installation length is still too long. It was promised that the time would be severely reduced in newer versions, but it is still too long. R81 promises at least parallel policy installations, which help in larger environments.

Check Point's advantage (to be able to configure everything) is also a disadvantage. The environment is quite complex. Troubleshooting is not always easy as there are a lot of possible debugs that can be taken, and the support will not always send the right or necessary debugs. Some debugs also can cause a heavy load, so you have to keep an eye on what you troubleshoot.

Our company has used Check Point for well over 10 years.

If it's running, it's stable. New setups have to be tested though.

The solution can be scaled from very small branch offices to huge data centers or even cloud data centers.

Support depends on how well you describe the issue and send information. Sometimes escalation is necessary.

The more features (blades) are turned on, the more complex the environment becomes. If something goes wrong, you have to rule out several issues (hardware, blades, et cetera).

I am using Check Point Next Generation.

The solution boasts a host of features that we like. 

Tech support should be improved. There are times when the technical team fails to understand things at the ground-level. 

The dashboard can stand improvement. 

The solution is overly expensive. 

The initial setup is a bit complex. 

The solution is scalable. 

Technical support could be better, as the tech team at times does not manage to understand ground-level issues. 

The setup is somewhat on the easy side, but certain things are complex. While the solution is a little easier to manage than Palo Alto, I was forced to make comparisons between the two products. 

The price is too high. 

The solution is geared towards organizations hosting more than 50,000 employees.

We use a remote access VPN, and this is a perimeter firewall for our data center to secure our servers and internal applications. We are using model G-6600.

Check Point is awesome from a security standpoint. Based on our experience and also the experience of the other customers, it is a very stable appliance.

It should be user-friendly from an implementation point of view. Its setup is a little bit difficult.

I have been using this solution for four years.

From a security standpoint, it is very stable, and I would rate it a nine out of 10. I don't have any issues with it.

At present, we have 30 for our distribution. So, it is pretty scalable.

Their support is good. Their L1 and L2 support across the globe is great. L3 support is with the Israel team, and they have the right competency to troubleshoot it. Sometimes, when something needs to be done in the software in detail, we need to wait for people to come online from Israel. I would rate their L3 support a six out of 10 because we need to wait for the team from Israel to come online.

It is a little difficult to set up. We need a really skillful engineer to manage it. After we have onboarded it correctly, it is very easy to manage, and it is very secure. Initially, we had some challenges and issues, and when we got the right resource and support from the vendor, they all got resolved. It took four or five days.

It should be user-friendly from an implementation point of view. I would rate it a six out of 10 in terms of implementation.

I would recommend this solution. From a security standpoint, Check Point is the best product, but a customer should have the right skillsets to onboard and manage this.

I've been working with multiple customers in India, and I don't see any specific features that they need. It has covered pretty much everything.

Overall, I would rate it a seven out of 10.

We use the solution for a perimeter firewall, an internal segmentation firewall, and a routing device in our organization.

Check Point NGFW is easy to use, flexible and provides good performance. The security of the product is excellent, we do not have to do a lot of patching or upgrades because of vulnerabilities.

The solution could improve by keeping more up-to-date with technology. For example, if Amazon releases something in the security field, Check Point should have integration or adoption of this feature a bit faster than it is today. Sometimes we can hear a lot of the marketing information about an attractive feature, which we would like to have, but the feature will be released in two years. This timeframe should decrease.

I have been using Check Point NGFW for approximately nine years.

The solution is stable.

This solution provides service for 50,000 employees in my organization.

We have premium support which is different from regular support. We have had good experiences with the support.

We have used BitScaler previously and use Check Point CloudGuard Network Security.

The installation is easy. It can be installed through an image very quickly.

The solution has saved us a lot of costs from an operational perspective.

There is an annual license required for this solution.

I would recommend this solution. However, I would advise everyone to carefully evaluate their needs against this vendor and compare them with the competition. There is a lot of strong competition between Palo Alto and Fortinet. One could have an advantage over the other for a customer's specific use case.

I rate Check Point an eight out of ten.

The user interface is very good.

The level of security is excellent. It protects our organization well.

It's a good overall product and we have a high level of satisfaction with the features on offer. 

Technical support could be improved. It's hit or miss in terms of the level of service and getting the answers you need.

I've been using the solution for ten years. 

We have hundreds of users that use the solution currently within our company.

We aren't 100% satisfied with technical support. Sometimes you get the help you need and sometimes you don't. Sometimes it's absolutely amazing. Sometimes they're great. However, you can't rely on them being like that all the time. We'd like the service level to be more reliable.

I can't speak to the installation process, as it was handled by an outside firm.

We had an integrator that assisted us with the implementation. 

I'm a customer and an end-user.

I would recommend the solution to other organizations especially if the company is looking for a certain level of security.

I'd rate the solution at an eight out of ten.

We implement Check Point in the front end to protect internet platforms and security platforms. 

Check Point provides very good performance with many solution options and many kinds of modules.

I'd like to see more integration with other solutions. 

I've been using this solution for a couple of months. 

This solution is stable and scalable.

We've rarely used support but they've been helpful when we needed them. 

We migrated from Cisco to Check Point. Check Point is easier for the administration console.

Before migrating to Check Point, we tested it in several environments. We used a consultant for deployment and we now have 800 users in the company and six engineers responsible for maintenance. 

We pay an annual license fee. 

I recommend this solution and rate it a 10 out of 10. 

It's our main firewall and the first line of protection from outside attacks. We use it to interconnect our remote locations (that use different vendors and equipment) and let the employees work remotely. We're a small site with 300 users and this equipment is more than enough for us. We use almost all the blades and the equipment has run smoothly for years. This NGFW monitors all the traffic outside of the main network, prevents malicious activities, and lets us easily manage network policies to shape our connections.

We have a lot of flexibility now, and a leg up identifying zero-day threats. We have multiple ways of doing policies now that we didn't have before. The options are more robust than previous products and I would say that we're pleased with the product. The reports I'm getting are that we're satisfied, even impressed, with the options Check Point offers.

There is a scope of improvement in detecting zero-day threats using the SandBlast technology, by introducing emulation of Linux-based operating systems. We have also observed issues while using the products with SSL decryption. There is room for improvement in application-based filtering, as with other firewalls available in the market today. Check Point has improved its application filtering capabilities in the recent past and their latest version, R80, is more capable but still, creating an application-based filter policy is a little cumbersome.

It's a NGFW with all of the capabilities required to protect for next-generation attacks at the perimeter level. The module or Security features that are provided as part of the base license with Check Point include (VPN, IPS, Application Control, and Content Awareness) which itself is strong enough to protect the organization.

The packet inspections have been a strong point. Our identity collectors have also been helpful. In many ways, Check Point has been a step up from the SonicWall that we had in-house before that. There's a lot of additional flexibility that we didn't have before.

I would like there to be a way to run packets that capture more easily in the GUI environment. Right now, if we want to read packet captures, we have to do so from the command line.

The biggest improvement they could make is having one software to install on all three levels of their products, so that the SMBs, the normal models, and the chassis would all run the same software. Now, while there is central management, everything that has to be configured on the gateway itself works differently on the three kinds of devices.

I started using the solution 3 months ago.

The web interface was easy for me. The configuration is logical, so it's easy to use and easy to understand how to protect, how to open a port, how to manage, and how to route a device. That's why I prefer Check Point. It's robust and I never have issues with the hardware.

The scalability is quite good. You can scale well across locations for not too much cost. If a company needs to expand, it can do so relatively easily.

Also, cost-wise, it's very affordable to scale up. It's not expensive to add hardware and licenses as needed. They make upgrading very cheap.

We have 200 people on the solution. That said, they are using it with an IPsec tunnel. They don't use all of the capabilities of the hardware. They are using it just to encrypt tunneling between the sites.

Technical support has been excellent

Yes, we were previously using SonicWall but security is less robust in comparison to Check Point.

The initial setup is very easy.

We implemented it through a vendor called S G Informatics India Pvt Ltd.

The level of expertise I would rate at 10 out of 10.

I would recommend going into Check Point solutions. Although Check Point has the option of implementing your firewall on a server, I would advise implementing it on a perimeter device because servers have latency. It's best to deploy it on a dedicated device. Carry out a survey to find out if the device can handle the kind of workload you need to put through it. Also, make it a redundant solution, apart from the Management Server, which can be just one device. Although I should note that, up until now, we have not had anything like that ourselves.

We have looked into Sophos.

The most valuable features are the security blades and the ease of managing the policies, searching logs for events, and correlating them.

Check Point is very strong as compared to the other vendors in the market.

The solution offers a very good centralized management console. 

It works well even for small deployments. 

The perimeter security is excellent. 

It works well even for cloud environments and has been very useful during COVID when people weren't necessarily in the office. 

The creation of policies is simple. It's easy to configure them when we need to.

We have found the troubleshooting process to be very easy and helpful.

The GUI is simple and straightforward. 

The sandbox environment on offer has been great. 

The support has been super-helpful. They've always been great, even at a pre-sales level.

The initial setup is very straightforward. 

From a stability standpoint, sometimes when upgrading to a new version, there are some stability issues. The device occasionally may stop responding. 

It would be beneficial if they offered better load balancing. 

They could make the licensing a bit easier to deal with, especially for enterprise-level options. 

We primarily use the solution for security, as a next-generation firewall that we use in our environments. It is very good at detection and prevention. However, we are still exploring use cases.

While the solution is mostly stable, we do find that we have stability issues moving to different versions. You run the risk of the device not responding in some cases. 

The scalability is possible, however, it's based on requirements. When we get a new solution, we plan out for the next four or five years. It can scale so long as you design it properly at the outset. 

Technical support is helpful and responsive. We're quite satisfied with the level of service we can expect. They are very good.

I've also worked with Palo Alto and Cisco. 

The initial setup is extremely straightforward. You don't even have to be overly technical to manage it. They make it very easy. It's not overly complex or difficult.

The licensing is okay. Clients can go for a one, three, or five-year license. 

Sometimes it's complicated to put new licensing on existing devices. If we have issues, we can raise questions with the sales management team and they are always very helpful. Larger, enterprise-level devices, in particular, can be a bit complex to deal with. 

We are integrated partners and we provide services to the customers.

I didn't get any chance to work on version 80.40, however, a lot of the customers are on versions 80.10, 80.20, and 80.40.

I would encourage users and companies to use Check Point. It's quite a good solution. I find it to be a better solution than, for example, Palo Alto.

I'd rate the solution at a ten out of ten.