Check Point Quantum Force (NGFW) Reviews

We currently use Check Point's firewall for our data center. We use Check Point firewall for providing the first layer of security to web application servers and intranet servers. It is robust and easy to upgrade, which makes it less stressful for the administrators. Its failover clustering option also works seamlessly.

The Check Point firewall is used to secure our environments. It also allows us to set up tunnels between our various sites.

We use it for the publication of services, as well as a notification system that reports on user behavior and unusual traffic - both within and outside of the network. 

Over the years, we have experienced various types of attacks on our company, and, without the help of the Next Generation CheckPoint Firewall, we would have lost.

The spoofing feature helps us to prevent various attacks in our organization.

The firewall policy designing and implementation allow for inline policies that make for clearer teaching on the correct use of policies as well as a more readable list. We can also run policies with two or more people simultaneously without problems or the risk of developing the wrong policy.

The initial sizing is not a problem. You can easily add more resources if needed. Reliability is a major factor in any hardware or software solution, and Check Point uses cutting-edge hardware. Their software upgrade process is flexible for different deployment requirements. 

Their threat analysis reporting in their management console is comprehensive and easy to use. The web-based dashboard is well designed and offers a wide variety of out-of-the-box reporting. It offers admins extensive customization.

The list of site-to-site VPN configuration options is long. They can become confusing and communication with other vendors when deploying VPNs is not the strongest. It's totally different from any other VPN vendor I've encountered.

It lists the current threats identified on the appliance's front page. It would be easier to find information by clicking on the threat and clicking the exact logs, rather than all host logs.

The smart console is heavy. It would be better if it was like the web-based consoles that Palo Alto and Fortigate FW offer.

I've been using the solution for more than a year.

We initially started using the Check Point device for the VPN blade.  

After using the VPN blade for several months and using the hardware interface we found it very easy to use.  

The small business hardware device was powerful and easy to set up. We started using the firewall and Nat shortly after that. 

Having additional features like the threat prevention that has IPS antivirus antibot and threat emulation we're all added bonuses. This also gives us a piece of mind for the safety of our business.  

Securing our organization was our main goal. Check Point, with threat prevention which includes IPS antivirus antibot and threat emulation has better secured our business from the internet.  

With the auto-updates made simple and knowledgeable support personnel, it has freed up our time to focus on other IT strategies.  

Utilizing the Check Point support team has allowed us to configure and use other money-saving features like VPN tunneling to remote offices, while still remaining secure in our systems.

Check Point VPN has been most valuable to our organization. Having a hardware solution that allows our remote users to connect securely to our business is extremely valuable. 

The ease of use, setup and configuration backed by the knowledgeable support of Check Point has made this a smooth and easy setup. Our users can get connected securely, anywhere. When connected with our Check Point VPN endpoint, users get the same security and prevention from the threat prevention module as the rest of the devices on our network.

As a small business, IT expenditures are always a tough call and hard sell. With every business connected to the internet these days, firewalls and threat prevention are very important for any business of any size. Check Point's small business devices are a great fit for most any business. However, including some sort of menu or grouping for VOIP would help the small business area that has limited support. Check Point support is very knowledgeable and can also help in this area as they've helped our business evolve as well.

I've been using the solution for 20 years.

The hardware units are solid. It is a stable solution. While you're subscription is active checkpoint fully supports your hardware and will replace if you have any uncorrectable issues.  After 20 years, I've only had to do a hardware replacement once.  Once setup, they just do what their supposed to do.

The solution is very scalable. Configurations can be imported to other units.  Many levels of hardware and software are available.

Customer service has always been very knowledgeable about their products.

Positive

We used to use Norton VPN. We switched due to the fact that we had issues with the system.

The product offers a simple basic setup.

We handled the implementation in-house.

There are different levels of protection and yearly maintenance on offer.

We did not evaluate other options previously. 

The support is great.

Check Point NGFW is great in terms of functionality. We use it to control the infra outbound/inbound traffic and with it and we can block suspicious IPs directly on our SAM database instead of creating or adding in firewall rules. This not only saves time but also provides immediate protection from malicious traffic without deploying the changes in firewall gateways. 

We used to check who is doing what changes and when. We can now check logs to find why any traffic is blocked, and, if blocked, it gives good details of each error. We can easily organize all firewalls through one smart console.

Its GUI platform is very good. It helps us to divide up the rule base which made it easier to recognize the rules. Its SAM database gives us the amazing ability to block suspicious activity without waiting for the next change window to push the changes. In packet flows, it first checks the SAM database beforehand in order to process the packet further.

The logs give us plenty of detail as to why any packet was blocked or allowed. It really proves the purpose of getting a stateful firewall, showing the context of every packet.

The SAM database, URL/application filtering and IPS, Data Loss prevention, VPN and mobile device connectivity, stateful packet inspection, and unified management console are all useful features. 

It allows us to avoid having to go and log in to each firewall device for creating the rules as it can be done from its central console. We can manage all the firewalls and create rules and deploy them through the smart console which is really good. It helps us avoid creating the same object in each firewall. 

Its auditing features are also good for checking who did what changes and when.

The URL objects take significant time in processing compared to other products like Cisco FTD; it would be better if they could improve it. 

We have seen that whenever we configured URL objects, the CPU percentage went higher. Therefore, we started using IKP-based objects, however, in today's cloud world where every application is in the cloud and they change IPs on a random basis, whenever each new IP change happens, it's too risky to allow the whole cloud subnet (like Google or Azure). They need to therefore fix URL processing times. 

I've used the solution for four years.

I would like to see Check Point add more cloud management features and better integration with LAN software-defined networking. 

I rate Check Point eight out of 10 for stability. 

Check Point is definitely scalable.

It really depends on the customer's deployment and environment, but we often mix and match firewalls. Check Point is more expensive but easier to manage, and their presales and after-sale support are way better than Fortinet's.

Check Point is more complicated to deploy than Fortinet.

Check Point needs to lower its price drastically, and the licensing model is very complex.

I rate Check Point NGFW nine out of 10. I would only recommend it for medium to large enterprises.

I support multiple environments in Brazil, including banks, schools, government, and the military, mostly with on-premise equipment. Some of these environments had more than 30 Check Point NGFW clusters and some of these have 4 on-premise appliances on each cluster, using the full capabilities of the Check Point Blades.

Using the firewall blades, and the threat prevention blades, we can provide big security for our customers. In the lo4j case, Check Point acts fast and all of the systems are already protected from the threat.

My organization already used Check Point before I arrived, however, compared with open-source firewalls, is in another tier. The usability and maintenance are so much better.

The management in Check Point is exceptional. The Smartconsole feature centralizes the management features, reports, log visualizing, rules, objects, et cetera.

The Check Point could use more time to upgrade the VPN configurations console. At the moment it is not easy to configure some VPN S2S in Check Point. You need to keep opening several groups, objects, and options to configure one simple VPN.

I've used the solution for one year.

The stability is very good!

The scalability is very good.

The initial levels of support are not that good. 

Positive

We used pfSense and suggest just to go for the corporative product.

I don't have insights about the pricing for Check Point.

We did not evaluate other options. 

The need to get faster bug resolving issues. For example, the R80.40 has so many bugs at the moment. 

We primarily use it for internet security. We use it for firewalling, ePass, and threat detection including anti-malware protection, bug protection, and social inspection. We can also use it for DLP.

The solution helps out in our security goals. It acts as a primary source of protection for threats from the internet and is great for data leakage protection.

Most of the time, it's pretty stable. 

We have all the features we want or need in this appliance. It's been good so far. 

Sometimes there are security bugs, which is frustrating.  

Right now, we have a problem with DLP and this problem has become very big. Check Point, our firewall, is not handling data properly. There seems to be some sort of security bug.

I've used the solution for ten years or so. It's been a decade at least. 

The solution, for the most part, is very stable. We find it to be quite reliable. There are bugs, however, which have caused some issues. 

The solution is not scalable per se. There is only one way to upgrade and that is to buy new appliances.

Currently, we have around 7,000 people using this solution.

Likely, we won't be increasing usage. We are building new releases and we are considering changing this solution to another vendor. We might switch from Check Point to maybe Palo Alto or Cisco. We don't know which yet.

We haven't really dealt with technical support. We typically go through our partners.

We also use Cisco as well. We use Cisco ASA. Check Point, right now, is our primary firewall.

Check Point offers very good management. For an administrator, it's easy to manage this appliance, this firewall. Cisco, historically, has a big problem with this, specifically with FTD firewalls. There also tend to be some bugs you have to contend with.

I can't speak to the initial setup process. Our partner handled it and therefore I wasn't really part of the process. That said, for me. the process is pretty simple.

My understanding is that the deployment took a few days. 

I'd rate the experience of the initial setup at a four out of five. 

About two people were able to handle the implementation process. Typically, they are architects and engineers. 

We had a partner set up the solution for us.

We have seen a decent ROI. I'd rate it at a four out of five. 

I can't speak to the cost of the solution. We deal with it through a partner, and I'm not involved in any of the pricing aspects. 

We are considering switching to Palo Alto or maybe Cisco in the near future. 

We are a customer and an end-user.

Some blades, some function blades on Check Point, are very good, however, it's not all of them. Right now, I know DLP and social inspection are a problem. New users should be aware of this. 

Overall, I would rate the solution at a seven out of ten.

It's a unified policy table that combines threat prevention and segmentation policies. 

Smart Event allows consolidated event management and exporting features is very useful when we need to deal in reports, since, for some time now, everyone has been working from home and on the firewall from Check Point. 

This function is implemented very conveniently and securely. The VPN over this firewall works as well as a standard VPN device. All in all, I'm delighted with their security solution. It is making configuring numerous layers of security policies easy to use and it always has been one of the things I liked most about their firewall solution.

Check Point firewalls are one of the most easy-to-use complete firewall solutions on the market. They protect our LANs against intruders, offer VPN for site-to-site connections, and haven't had a major issue in about 15 years. 

While not being cheap, their pricing models are competitive. 

A better approach to security focuses on prevention, blocking malware and other threats was difficult before they entered the network. By blocking the infection of “patient zero,” an NGFW with real-time prevention eliminates risk, damage, and cost to the organization.

It provides an SSL inspection facility. The SSL/TLS protocol improves the privacy and security of traffic by wrapping network communications in a layer of encryption and applying robust authentication. While this is a major benefit for data security, cyber threat actors also use SSL/TLS to conceal their activities on the network. An NGFW must go beyond signature-based detection to use technologies capable of detecting and remediating novel and zero-day threats.  

Sandboxing (including static, dynamic, and behavioral analysis) is great.

It's nearly impossible to add an exception for threat prevention services - like antivirus and anti-bot. You will be stuck with Indicators of Compromise marked as detect only, caching issues, and random effects. 

There is no clear way to report incorrect classification to support and a business is neither happy nor forgiving when they cannot receive mail from a crucial business partner. 

The KBs article should also be improved as all the global KB articles do not provide all the activity steps related to every issue.

I have been using this product for the last five years.

I have not used any other product.

The setup is very easy with minimal cost for licensing as well.

I have not used any other product.

I'm at a university in Queretaro, Mexico and it's used to protect our infrastructure: wireless, LAN, PCs.  Since the solution prevents attacks, we have the checkpoint in all our equipment, from the critical infrastructure to the directors' and employees' cell phones.

This is the best enterprise solution. Almost every university in Mexico has Fortinet or VXN, but our mission is to have the best cybersecurity protection for our information and our users. We're a private university and our clients and information are the priority. This is the reason why I chose Check Point NGFW.   

The solution interface is good. It has three different ones: the NGFW, the Endpoint, and Harmony Mobile.

I've been using this solution for five years.

It is very stable.

The scalability of this solution is good.

Because my employees work in other departments, we used the deployment consultant. The service was very good.

The setup was simple because we had the checkpoint expert support. The time it took was standard and once the installation was complete, there was no problem at all.

The setup was simple because we had our partner and checkpoint expert support.  The time it took was standard and once the installation was complete, there was no problem at all.

I would rate this solution a nine out of ten. This is a very good solution. It's complex because it's not too easy to use, but the brand and our partner help us with NG Firewall configuration issues or other solutions like Harmony.

The university is growing every year and with that, I purchase more endpoint licenses and Harmony Endpoint because the firewall works well on the dimension and capacity. Next year, we plan to integrate Harmony Email and Office. The solution also prevents threats to Office 365.