Check Point Quantum Force (NGFW) Reviews

Check Point NGFW is great in terms of functionality. We use it to control the infra outbound/inbound traffic and with it and we can block suspicious IPs directly on our SAM database instead of creating or adding in firewall rules. This not only saves time but also provides immediate protection from malicious traffic without deploying the changes in firewall gateways. 

We used to check who is doing what changes and when. We can now check logs to find why any traffic is blocked, and, if blocked, it gives good details of each error. We can easily organize all firewalls through one smart console.

Its GUI platform is very good. It helps us to divide up the rule base which made it easier to recognize the rules. Its SAM database gives us the amazing ability to block suspicious activity without waiting for the next change window to push the changes. In packet flows, it first checks the SAM database beforehand in order to process the packet further.

The logs give us plenty of detail as to why any packet was blocked or allowed. It really proves the purpose of getting a stateful firewall, showing the context of every packet.

The SAM database, URL/application filtering and IPS, Data Loss prevention, VPN and mobile device connectivity, stateful packet inspection, and unified management console are all useful features. 

It allows us to avoid having to go and log in to each firewall device for creating the rules as it can be done from its central console. We can manage all the firewalls and create rules and deploy them through the smart console which is really good. It helps us avoid creating the same object in each firewall. 

Its auditing features are also good for checking who did what changes and when.

The URL objects take significant time in processing compared to other products like Cisco FTD; it would be better if they could improve it. 

We have seen that whenever we configured URL objects, the CPU percentage went higher. Therefore, we started using IKP-based objects, however, in today's cloud world where every application is in the cloud and they change IPs on a random basis, whenever each new IP change happens, it's too risky to allow the whole cloud subnet (like Google or Azure). They need to therefore fix URL processing times. 

I've used the solution for four years.

It's used for a small business network which needed additional protection and threat prevention, remote work capabilities, and excellent support. It's capable of handling multiple public IPs and directing traffic to the appropriate interfaces.  The solution can handle multiple ISPs for backup or aggregation of traffic. 

The environment consists of eight PCs and six other devices which need Internet access and which must be protected.  The ability to restrict traffic to specific network addresses as well as the ability to block malicious hosts trying to get into the network has been great.

Check Point's Next Generation Firewall solution was perfect for reviewing logs, providing an initial layer of anti-virus/malware protection, and providing the support, when needed, to ensure that the product remained up-to-date.  

The ease of searching through the logs for specific incidents is outstanding and very easy to understand. In addition, the categories for web content blocking have been helpful for setting base traffic standards, can block P2P networks, social media, and content not suitable for business.

The protection has been outstanding! I have not had an infected machine behind the firewall since I first installed and started using NGFW. I appreciate the network health reports, the infected devices report, they make my job a lot easier by providing the information right there in the interface. 

With the web category blocking turned on, I can set it and forget it so that inappropriate business content is not brought into my network, it makes it easier to ensure that time isn't being wasted on non-business-related activities.

I really want to see geo-blocking as a feature of NGFW. Way too many hacking attempts from other countries are coming from where we don't travel. In addition, would like to see the VPN use MFA easily, just as another layer of protection.  

Another area of improvement would be a click to block when there are attempted hacks. While the infected device blocking is a good start, you should block traffic from the originator of the traffic; it would be great to be able to do that with any traffic. 

Also, it would be helpful to set thresholds on attempts and then autoblock that traffic for X amount of time, or permanently.

I've used the solution for six years.

I have not had any issues with the device for the past six years; it has just worked.  By that I mean that unlike some cheaper firewalls (consumer grade), the Checkpoint NGFW is enterprise grade, I never had to reboot the firewall to get traffic working again, I would just leave it up and running until a firmware upgrade was available and after the upgrade, the firewall would automatically reboot, but aside from those times, firewall was on 24/7.

The solution is very scalable. There are a lot of different types of devices to choose from.

Anytime I needed support, they've worked with me until the issue has been resolved.  I'd give them an A+.

Positive

We used Watchguard, however, we needed better protection and also wanted to try out Check Point NGFW as I'd heard good things about it.

The initial setup was straightforward. I just needed to figure out how to migrate policies (recreate them) from a different vendor to Check Point. It was relatively easy to figure out and there has extensive documentation available.

We handled the initial setup in-house

Peace of mind is my real ROI.

The pricing is a little on the high side, however, the protection afforded is worth it.

I did not evaluate other solutions. I previously utilized devices from Sonicwall and Watchguard.

Do your research and size the appliance correctly.

The main use of the Check Point NGFW in our organization is the protection of all of our on-site infrastructure. This includes all network elements, physical and virtual servers, end-user equipment, and all other elements that may be linked in the future within our infrastructure.

The product is provisioned in a virtualized environment with the purpose of expanding resources whenever required and generating high availability of the services it offers us, both in the protection of applications through application control and the other blades that make up this solution.

The Check Point Next Generation Firewall solution has allowed us to improve our protection scenario as it is above other products that we have known. It allows us to easily update against the latest security vulnerabilities and has also allowed us to have the opportunity to analyze unexpected behavior in files and applications.

In addition, the constant improvement in the new versions allows us to include better features in the administration and ease in its configuration and allows for the possibility of obtaining important data through the reports that it generates.

The most valuable aspects of this product include:

1. Scalability. It has allowed us to grow in a safe way and in accordance with our particular needs.

2. Support. The attention of both the distribution channels and the manufacturer has allowed us to count on the help needed in critical moments and in an easy way.

3. All in One. This product contains all the services we require for the protection of our entire infrastructure, including also end-users who are most vulnerable.

At the product and service level, I consider that it is within all the expectations that every organization has and each version includes functionalities that you may not have imagined, however, I do believe that they could improve in two aspects:

1. Administration Console. We need to be able to transfer the administration console to a web environment that does not require the installation of a client. On some occasions it is possible, due to specific needs, to have to do it from another computer or from a cell phone.

2. Protection of Web Applications. In our particular case, we have different web applications developed by the same organization, however, that requires a specialized protection element such as a WAF. Having this service or feature within the same solution would be very valuable.

We have been using this product for more than six years.

We use Check Point for the firewall in DMZ and surrounding zones and another product we have. We use a variety of series from 2000, 4000, and 6000 gateways, and also we use Smart-1 and Maestro solutions. 

We apply some features (IPS - Intrusion Prevention System, application control, reporting, antivirus, and anti-spam) using Smart-1 to make day-to-day operation more simple and easy using one management for all gateways. The remote console, such as SSH, is a little complicated, however, you can use it for troubleshooting.

It's improved our organization with simple day-to-day operations with easy tracking of traffic for troubleshooting, with a variety of features. The latest benefit for our company is to save more space for our rack with Maestro and virtualization. 

Some problems may appear and we can open TAC to get assistance from the principal. We also can control more traffic of users to the internet using application control. Our email is more secure using anti-spam and currently, we are in the middle of activating HTTPS inspection to secure our application on the internet.

I enjoy the application control for user traffic control to the internet and the tcpdump command for troubleshooting.

When applying application control, we can ensure user access to the internet in accordance with company policy and easy implementation if some users need exception access.

There is an easy troubleshooting network connection via logs and monitoring menu. We often use this menu for checking connections and if the traffic is not in the logs menu, we can use the tcpdump command from the ssh session to the gateway. It's the fastest way to troubleshoot.

For the migration for Smart-1, I wish the security policy could allow for a migration per gateway. 

There needs to be more storage space for reporting. The storage is always full if the reporting feature is on.

We need HA for Smart-1.

The traffic trekking (logs view) needs to be more accurate. Some traffic is often not in the logs view.

We'd like to have more user friendly menu for import vpn users.

There needs to be more compatibility with SIEM.

It would be great if we could join domains with more than one Active Directory server (active-active).

There needs to be an easy menu for export backup configuration (the current menu always has an error).

The signature information needs more detail. We need to know current update versions and on running versions.

I have been using Check Point since 2010 (12 years).

We already are using a variety of brands.

Sometimes you need to repeatedly upgrade the version or update the patch.

The help we received was good.

The cost is pricey. 

We did not evaluate other solutions first. 

Check Point offers excellent security.

Check Point is a bit difficult to use and manage so it would be nice to see some improvement in those areas.

This is a stable solution.

This is a scalable solution. We have about twenty customers that are using the solution currently.

I have not needed to contact support.

The initial setup was a bit complex only because there are no vendors to help with the installation requiring you to need to be trained.

Other competitors would be Fortinet and Palo Alto.

Check Point is more complex than Fortinet and less complicated than Palo Alto.

I would recommend this solution to anyone with an eye for security and would rate it a seven out of ten.

We use Check Point to protect our two data centers under an active scheme. It allows us to protect our customer information while preventing cybersecurity events that put our customers at risk. We use threat prevention and extraction, VPN, firewall blade, VSX, and the entire Check Point management suite. Our setup includes two firewalls in a high availability and VSX environment, respectively. We also take advantage of Check Point's load balancer, which works very well. The failover is performed automatically, without any flashing or noticeable impact on the user. 

Check Point NGFW enabled us to switch from a decentralized solution with seven firewalls to a solution that's easier to manage with high-availability firewalls and capabilities that were previously lacking in NGFX. It helped us connect our users working remotely during the quarantine while maintaining our security policies and avoiding zero-day attacks. 

The solution makes administration more straightforward because we can replicate the policies in both data centers with a single click, helping us to deploy quickly in both gateways without problems.

Check Point's most useful feature is threat prevention and extraction. It was tough to manage seven firewalls and a perimeter solution for IPS, anti-malware, anti-bot, and sandboxing. 

Integrating everything in Check Point allows us to see all the attacks that are blocked with our perimeter countermeasures every day. Check Point's high detection rate improves our overall security posture, and we can achieve a low rate of false positives through a few adjustments to the configuration.

It could be easier to access the installation of the Hostfix for VSX solutions. The CLI commands help us understand how virtual firewalls behave in terms of processor, memory, and other aspects. More graphic visualizations of CPUSE commands would be a welcome improvement, and Check Point could expand scripts to run within the solution for multiple tasks.

I've been using Check Point NGFW for seven years

Check Point works well in a high-availability setup, and the failover is fast. We had very few instances of unavailability. It happened once when we had hard disk issues, but the RMA process was quite simple, and the replacement part came quickly.

We added new Check Point firewalls twice this year, and it was relatively simple. You can quickly migrate the configurations, and your new firewall is ready to go after a few adjustments to the settings.

Check Point's support has been excellent, and they respond immediately via phone, chat, and email. In particular, I think the chat support was great. 

Positive

Previously, we were using seven open-source firewalls, and we decided to go for a solution with good ratings from NGFW users. We wanted something well-positioned in the market that had good support.

Migrating from an open-source, decentralized setup with seven firewalls to centralized management was complex, but it was less complicated than we expected thanks to Check Point’s management features. The ability to perform a parallel startup helped a lot during deployment.

A vendor team helped us, and the migration was smooth. The Check Point engineers who worked for our partner were well trained to handle the implementation.

Check Point NGFW can be expensive compared to other competitors, but the price matches the functionality and efficiency of the solution.

We considered Fortinet, Palo Alto, and SonicWall before settling on Check Point

We are using Firewall Intrusion Prevention and URL Filtering, and we just purchased the Endpoint Protection package for our workstations.

It is deployed on-premises. We have two Check Point systems in place. We have one that's between our business network and the outside world, and we also have one that's between our business network and our internal SCADA system.

We haven't updated to version 81, so we're still at version 80.

It has provided us with great protection from threats. I've been here 30 years, and we've had two incidents, and none of them were within the time we've used Check Point.

The console or the single interface on the blades is most valuable.

The only thing that we've seen is instances where console and administrative interfaces get locked up or freeze, and we have to get the machine rebooted.

I have been using this solution for probably 10 years.

I would rate it a nine out of 10 in terms of stability.

Its scalability is very good. Our entire force is about 190 people, and most of them use it at some point just because they are going out to the internet and have that protection for the workstations. 

It is being used extensively. Everyone is using it, and we do have plans to increase the functionality on the device.

They provide really good support. I would rate them a five out of five. 

I can't remember the product, but what we had initially was an entry-level device. It was a single-purpose firewall. We went up to an enterprise solution that had additional features.

It was pretty simple to transfer the old firewall configuration to the new one. So, it was pretty straightforward and easy. I would rate it a four out of five in terms of effortlessness.

It took over a month. We ran two systems. We built a new system for a couple of weeks before switching over completely.

We used a consultant. Our experience with them was very good.

For deployment and maintenance, we have five people on our staff. We have to do some maintenance on it. It's pretty much scheduled to rotate between us so that we keep our skills fresh.

We've not done an initial study on any kind of ROI. We rarely do. In positives, we try to perform a yearly risk assessment of our systems, and we find very few vulnerabilities. So, it is doing what it's supposed to. It is keeping us safe.

Its cost is a little higher than other products.

We evaluated other options, but I don't remember their names. We basically went to the consultant we deal with for security-related things and said, "What's out there? What do you recommend?" He gave us three and recommended that the Check Point was probably the lead one.

I would advise comparing it to the other products.

I would rate it a nine out of 10. It has served us very well and given us very few headaches.

Checkpoint Firewall provides advanced security for the organization and its connection to the members/participants. The Check Point FW controls access and traffic to and from the internal and external networks. The Check Point Firewall rule base defines the access control and network performance to help our organization achieve the below security goals:

• Only allows authorized connections and prevents vulnerabilities in a network
• Gives authorized users access to the correct internal networks
• Optimizes network performance and efficiently inspects connections

Check Point Firewall provides advanced security for the organization. The FW controls access and traffic to/from the internal and external networks. The Firewall rule base defines the access control and network performance to help our organization achieve the below security advantages:

• Only allows authorized connections and prevents vulnerabilities in a network
• Gives authorized users access to the correct internal networks
• Optimizes network performance and efficiently inspects connections
• Protection of all assets from internal and external threats

The following features are most valuable: 

• Threat prevention
• Malware prevention
• IPS
• IDS
  

Check Point should improve services related to the cloud-based solution. Due to these challenging times, most organizations seek to move to cloud-based implementation to minimize the cost and for easy deployment, access, and remote support. 

The Next-Generation Firewall should also be focused on zero-day threats as attacks have improved the past few years. They need to ensure that all connections and nodes are being protected. 

Sandblast technology is also a good tool as it offers enterprise solutions on malware detection and prevention.

I've used the solution for five years.

The solution is stable and can support all OS deployments. It's easy to manage.

We recommend the product as it is excellent and very scalable.

There have been no issues regarding the support from Check Point and the local vendor.

Positive

We previously used Fortinet.

The initial setup was straightforward. 

We did the deployment in-house and with a vendor team. The level of expertise was a 10/10.

The solution is easy to deploy. The pricing is lower than other solutions. We've had no issue with licensing.

We looked into Watchguard, Palo Alto, and Sophos.

We need more information on the ability to collaborate enterprise support.