Check Point Quantum Force (NGFW) Reviews

We initially started using the Check Point device for the VPN blade.  

After using the VPN blade for several months and using the hardware interface we found it very easy to use.  

The small business hardware device was powerful and easy to set up. We started using the firewall and Nat shortly after that. 

Having additional features like the threat prevention that has IPS antivirus antibot and threat emulation we're all added bonuses. This also gives us a piece of mind for the safety of our business.  

Securing our organization was our main goal. Check Point, with threat prevention which includes IPS antivirus antibot and threat emulation has better secured our business from the internet.  

With the auto-updates made simple and knowledgeable support personnel, it has freed up our time to focus on other IT strategies.  

Utilizing the Check Point support team has allowed us to configure and use other money-saving features like VPN tunneling to remote offices, while still remaining secure in our systems.

Check Point VPN has been most valuable to our organization. Having a hardware solution that allows our remote users to connect securely to our business is extremely valuable. 

The ease of use, setup and configuration backed by the knowledgeable support of Check Point has made this a smooth and easy setup. Our users can get connected securely, anywhere. When connected with our Check Point VPN endpoint, users get the same security and prevention from the threat prevention module as the rest of the devices on our network.

As a small business, IT expenditures are always a tough call and hard sell. With every business connected to the internet these days, firewalls and threat prevention are very important for any business of any size. Check Point's small business devices are a great fit for most any business. However, including some sort of menu or grouping for VOIP would help the small business area that has limited support. Check Point support is very knowledgeable and can also help in this area as they've helped our business evolve as well.

I've been using the solution for 20 years.

The hardware units are solid. It is a stable solution. While you're subscription is active checkpoint fully supports your hardware and will replace if you have any uncorrectable issues.  After 20 years, I've only had to do a hardware replacement once.  Once setup, they just do what their supposed to do.

The solution is very scalable. Configurations can be imported to other units.  Many levels of hardware and software are available.

Customer service has always been very knowledgeable about their products.

Positive

We used to use Norton VPN. We switched due to the fact that we had issues with the system.

The product offers a simple basic setup.

We handled the implementation in-house.

There are different levels of protection and yearly maintenance on offer.

We did not evaluate other options previously. 

The support is great.

Check Point NGFW is great in terms of functionality. We use it to control the infra outbound/inbound traffic and with it and we can block suspicious IPs directly on our SAM database instead of creating or adding in firewall rules. This not only saves time but also provides immediate protection from malicious traffic without deploying the changes in firewall gateways. 

We used to check who is doing what changes and when. We can now check logs to find why any traffic is blocked, and, if blocked, it gives good details of each error. We can easily organize all firewalls through one smart console.

Its GUI platform is very good. It helps us to divide up the rule base which made it easier to recognize the rules. Its SAM database gives us the amazing ability to block suspicious activity without waiting for the next change window to push the changes. In packet flows, it first checks the SAM database beforehand in order to process the packet further.

The logs give us plenty of detail as to why any packet was blocked or allowed. It really proves the purpose of getting a stateful firewall, showing the context of every packet.

The SAM database, URL/application filtering and IPS, Data Loss prevention, VPN and mobile device connectivity, stateful packet inspection, and unified management console are all useful features. 

It allows us to avoid having to go and log in to each firewall device for creating the rules as it can be done from its central console. We can manage all the firewalls and create rules and deploy them through the smart console which is really good. It helps us avoid creating the same object in each firewall. 

Its auditing features are also good for checking who did what changes and when.

The URL objects take significant time in processing compared to other products like Cisco FTD; it would be better if they could improve it. 

We have seen that whenever we configured URL objects, the CPU percentage went higher. Therefore, we started using IKP-based objects, however, in today's cloud world where every application is in the cloud and they change IPs on a random basis, whenever each new IP change happens, it's too risky to allow the whole cloud subnet (like Google or Azure). They need to therefore fix URL processing times. 

I've used the solution for four years.

I would like to see Check Point add more cloud management features and better integration with LAN software-defined networking. 

I rate Check Point eight out of 10 for stability. 

Check Point is definitely scalable.

It really depends on the customer's deployment and environment, but we often mix and match firewalls. Check Point is more expensive but easier to manage, and their presales and after-sale support are way better than Fortinet's.

Check Point is more complicated to deploy than Fortinet.

Check Point needs to lower its price drastically, and the licensing model is very complex.

I rate Check Point NGFW nine out of 10. I would only recommend it for medium to large enterprises.

I support multiple environments in Brazil, including banks, schools, government, and the military, mostly with on-premise equipment. Some of these environments had more than 30 Check Point NGFW clusters and some of these have 4 on-premise appliances on each cluster, using the full capabilities of the Check Point Blades.

Using the firewall blades, and the threat prevention blades, we can provide big security for our customers. In the lo4j case, Check Point acts fast and all of the systems are already protected from the threat.

My organization already used Check Point before I arrived, however, compared with open-source firewalls, is in another tier. The usability and maintenance are so much better.

The management in Check Point is exceptional. The Smartconsole feature centralizes the management features, reports, log visualizing, rules, objects, et cetera.

The Check Point could use more time to upgrade the VPN configurations console. At the moment it is not easy to configure some VPN S2S in Check Point. You need to keep opening several groups, objects, and options to configure one simple VPN.

I've used the solution for one year.

The stability is very good!

The scalability is very good.

The initial levels of support are not that good. 

Positive

We used pfSense and suggest just to go for the corporative product.

I don't have insights about the pricing for Check Point.

We did not evaluate other options. 

The need to get faster bug resolving issues. For example, the R80.40 has so many bugs at the moment. 

We primarily use it for internet security. We use it for firewalling, ePass, and threat detection including anti-malware protection, bug protection, and social inspection. We can also use it for DLP.

The solution helps out in our security goals. It acts as a primary source of protection for threats from the internet and is great for data leakage protection.

Most of the time, it's pretty stable. 

We have all the features we want or need in this appliance. It's been good so far. 

Sometimes there are security bugs, which is frustrating.  

Right now, we have a problem with DLP and this problem has become very big. Check Point, our firewall, is not handling data properly. There seems to be some sort of security bug.

I've used the solution for ten years or so. It's been a decade at least. 

The solution, for the most part, is very stable. We find it to be quite reliable. There are bugs, however, which have caused some issues. 

The solution is not scalable per se. There is only one way to upgrade and that is to buy new appliances.

Currently, we have around 7,000 people using this solution.

Likely, we won't be increasing usage. We are building new releases and we are considering changing this solution to another vendor. We might switch from Check Point to maybe Palo Alto or Cisco. We don't know which yet.

We haven't really dealt with technical support. We typically go through our partners.

We also use Cisco as well. We use Cisco ASA. Check Point, right now, is our primary firewall.

Check Point offers very good management. For an administrator, it's easy to manage this appliance, this firewall. Cisco, historically, has a big problem with this, specifically with FTD firewalls. There also tend to be some bugs you have to contend with.

I can't speak to the initial setup process. Our partner handled it and therefore I wasn't really part of the process. That said, for me. the process is pretty simple.

My understanding is that the deployment took a few days. 

I'd rate the experience of the initial setup at a four out of five. 

About two people were able to handle the implementation process. Typically, they are architects and engineers. 

We had a partner set up the solution for us.

We have seen a decent ROI. I'd rate it at a four out of five. 

I can't speak to the cost of the solution. We deal with it through a partner, and I'm not involved in any of the pricing aspects. 

We are considering switching to Palo Alto or maybe Cisco in the near future. 

We are a customer and an end-user.

Some blades, some function blades on Check Point, are very good, however, it's not all of them. Right now, I know DLP and social inspection are a problem. New users should be aware of this. 

Overall, I would rate the solution at a seven out of ten.

I'm at a university in Queretaro, Mexico and it's used to protect our infrastructure: wireless, LAN, PCs.  Since the solution prevents attacks, we have the checkpoint in all our equipment, from the critical infrastructure to the directors' and employees' cell phones.

This is the best enterprise solution. Almost every university in Mexico has Fortinet or VXN, but our mission is to have the best cybersecurity protection for our information and our users. We're a private university and our clients and information are the priority. This is the reason why I chose Check Point NGFW.   

The solution interface is good. It has three different ones: the NGFW, the Endpoint, and Harmony Mobile.

I've been using this solution for five years.

It is very stable.

The scalability of this solution is good.

Because my employees work in other departments, we used the deployment consultant. The service was very good.

The setup was simple because we had the checkpoint expert support. The time it took was standard and once the installation was complete, there was no problem at all.

The setup was simple because we had our partner and checkpoint expert support.  The time it took was standard and once the installation was complete, there was no problem at all.

I would rate this solution a nine out of ten. This is a very good solution. It's complex because it's not too easy to use, but the brand and our partner help us with NG Firewall configuration issues or other solutions like Harmony.

The university is growing every year and with that, I purchase more endpoint licenses and Harmony Endpoint because the firewall works well on the dimension and capacity. Next year, we plan to integrate Harmony Email and Office. The solution also prevents threats to Office 365.

Our organization implements, maintains, and operates Check Point's firewall. 

Check Point solutions were implemented by our organization in accordance with the project documentation and further adjusted at the request of the customer. 

We ourselves also use a Check Point firewall in conjunction with a firewall from another vendor - both to protect our network perimeter and to test various functions and new emerging firewall capabilities and identify various bugs before they reach customers in the product environment.

We and our customers use almost the entire palette of capabilities of the firewall solution from Check Point. We use almost every feature, from anti-spoofing and network segmentation to URL filtering and intrusion prevention systems. We also willingly use virtual private networks from Check Point, both site to site and client to site. We also leverage the antivirus blade and anti-DDoS attacks. Some of our customers use Check Point capabilities for mobile devices, which are also successfully implemented in the firewall.

We found a very successful implementation of the virtual private network client, since, for some time now, everyone has been working from home. With the firewall from Check Point, this function is implemented very conveniently and securely. 

A convenient new version of the firewall management console, which, starting with the R80 version, has become standard for many Check Point blades, however, unfortunately, not for all. You still need to use older consoles to manage some features. For example, to access the monitoring blade, I need the old console, but the new console should start it.

You need to merge all the old consoles into one new one and make the interface more convenient for the novice administrator. Until now, the initial settings as well as subsequent changes to the "iron" part of the firewall, namely its interfaces, routing, or DCCP settings, you must use the web interface through a browser. This is inconvenient. Of course, you can use the command-line for these purposes, however, this also complicates the configuration process for the administrator and requires a well-known habit.

I've used the solution for six years.

There is room for improvement in terms of stability.

The scalability is great.

Technical support could sometimes be better.

Neutral

I have used and still use solutions from Sophos, however, in Check Point, some functions are implemented more conveniently. For example, work with logs.

Before installing, I recommend to go through the training.

I handled the implementation myself.

The ROI is good.

Working in an MSP environment, there are more than a hundred firewalls and we use Check Point NGFW firewall which is mainly implemented as perimeter security and internal segmentation firewall. 

Due to our requirements, we implement site-to-site VPN between clients and cloud providers (AWS/Goggle/Azure). The centralized managed infrastructure makes it simple for the IT staff to operate and monitor the firewalls. 

The Smart Console provides a single pane of glass that allows the IT staff to easily manage the environment and troubleshoot issues.

The Smart Console provides a single pane of glass that allows the IT staff to easily manage the environment and troubleshoot issues. 

The UI decreases the hours required to complete a task. It also incorporates compliance and audit control validation into the system. 

IT staff can construct a single policy across all enforcement points in the Infinity architecture. 

There's a unified policy table that combines threat prevention and segmentation policies. 

SmartEvent allows consolidated event management and export.

The Identity-Based Inspection Control gives us the ability to leverage the organization’s Microsoft AD, LDAP, RADIUS, and Cisco pxGrid. 

The Terminal Servers group membership allows policies to automate typical processes (user moves/add/changes) and decrease configuration changes required on the firewall, which is tremendously beneficial. This limits the integration with the identity store to just one interface, and we still get broad security coverage based on a single set of identity policies. 

We leverage the combination of identity and application awareness, which is mandatory in order to build scalable security policies that protect the business without compromising user experience. This feature is extended to the SmartEvent console.

The SmartEvent blade has a huge number of security events/logs. We are trying to find correlation with the help of the SmartEvent blade, however, it may impact the performance of our Check Point management server. It requires additional licenses for Check Point management servers. It should be inbuilt within the management server.

With the increase of volume of traffic, the required resource/hardware to properly run goes up. Therefore, the hardware engineering to architecture flow has to be more efficient.

I've used the solution actively since 2008.

There were moments of where it did struggle when the rules were not properly maintained meaning that rules clean up exercise has to be performed annually to prune out rules no longer being use to allow the firewall to function more efficiently.

Overall, the product handles a production workload like a champ.

Customer service was pleasant.

Positive

Working in an MSP, we have multiple vendors/principals of NGFWs.

You have to work with a sales account manager to get the best price.

You need to work with a vendor that is overall quite knowledgeable. 

The solution should be evaluated and a trial run should be done in the lab as Check Point provides VM instances that can be installed on an open server box. Make sure to check with sales about the features and if they require additional licenses before purchasing.

Working in MSP, we have looked at various NGFWs. Check Point is one of them.