Check Point Quantum Force (NGFW) Reviews

We use it as a firewall solution with built-in VPN capabilities, anti-virus, and malware detection. It has good blocking abilities and is easy to set up and maintain.  

They allow VOIP traffic to pass through the firewall as well to onsite PBXes. The firewalls themselves are for SMB environments, with between five and 25 users at different sites and in different states.  

Employees regularly work from home, so a VPN solution is a necessity to allow for remote file shares and or/remote desktop through a encrypted VPN tunnel.  

With the added ability to have multiple VPN methods to connect, the solution has worked well for remote workers who are either utilizing the Check Point VPN client or the SSL VPN web client.

The throughput with full threat detection is adequate for the Internet circuit installed at most of the client locations and is in fact better than the previous firewall solution.

The support has been great whenever Check Point has been contacted. They help resolve an issue or explain how to perform some necessary action. 

For the most part, the NGFW is easy to understand and set up and there are, of course, advanced options if a non-standard problem arises.

The reporting feature has been helpful to get a quick understanding of network traffic and threats identified. Even if a false positive is identified, it's been helpful to perform more of a deep dive into what triggered the detection and to certify that there is a problem or that there isn't a problem.

Anti-virus and anti-malware on the NGFW device have been pretty solid and have caught many threats before they entered the network.

The event logs are relatively informative and can provide information on why traffic was accepted or rejected.

Geo-blocking would be very useful. There are too many attempts to infiltrate by non-country users. I can block access by IP address or IP network, however, a country-level blocking would be more useful and much quicker to implement.

It would also be nice to have a smaller home user device that could automatically contact the main firewall and establish a VPN connection. This would be great for remote users to secure their work PC at home.

On the front page of the appliance, it lists current threats identified. It would be helpful if clicking on the threat took you to the exact logs instead of showing all host logs as you still have to scroll through the host logs to find the information you are looking for.

I have been using Check Point since 2016. It's been a little over five years.

We've had very few issues; the builds themselves haven't had any issues.

The solution is very scalable; Check Point has a variety of NGSW devices that can scale with the user base.

Support is excellent, quick to respond, and quick to provide a resolution to any problem.

Positive

We used Watchguard. We switched due to the threat protection and we felt that Check Point did a better job of providing protection.

The initial setup is straightforward and plug and play for a basic configuration to get you started. You can then begin building the NAT and policy rules, which are easy enough to do.

We implemented the solution in-house.

The malware blocking capabilities more than paid for the cost of the device and license.

I'd advise users to size their appliance correctly before purchasing it.

We did not evaluate other options. 

We used this firewall to replace a faulty Cisco 2500. The main solution needed packet filtering and port restriction. We found the functionality handy for filtering email spam. There's a helpful API embedded in the device. 

The online version of the documentation is well written.

The speed of the device is really impressive as it is able to process 1.8 GPS, which is a big improvement over the older device.

The delivery time was really fast. With the help of the reseller, we got the device in less than three days.  

As a replacement for an old solution in the office, we were not expecting big improvements with the firewall. However, we had noticed an improvement while we added rules into the system. The new GUI is really nice and easy to use.

We are now able to use infrastructure as a code and add the firewall into the pipeline with terraform as a controller and everything works really well. 

The API is handy and we are now testing how we can add rules via code. Also, the GUI is easy to use.

The Terraform module for Check Point is complete and really useful for managing the firewall.

Mail filtering is a really good feature that we are implementing for scam protection. 

The graphic interface is really easy to use and easy to teach to other members of the team.

The online documentation is complete and easy to read and understand.

The 3-year warranty offered is nice to have with no extra costs needed from us.

The exterior of the physical device can be improved with the use of a display and not just simple lights.

All the physical devices located in the rack are similar, Just a box with some small lights that does not provide too much information. 

For. me as a final user I will be happy if I can get a display that can show the error code when is a failure and not a simple  red led (This is the common practice). 

I just want more information when I'm on front the device. i know always can walk to my desk and check the GUI with the documentation and the information required. 

I've used the solution for three months now.

I have not had any issues since the moment of installation.

Users get a really nice performance in the order of 2.5 GPS.

Technical support is excellent. I do not have any complaints.

Positive

Yes. We used to use a Cisco 2500 and a Fortinet 110C. 

The Check Point device is better and the speed is superior.

We got full support from the provider and the manufacturer.

The vendor did all the migration in just a couple of hours.

I'm not involved in finance. I can't speak to any ROI.

I was not involved in the pricing; I was only involved in the installation and use it regularly.

The provider offers us the device in three days with the support to import the existing rules and make the migration. We didn't evaluate anything else. 

I really love the device and would choose it over the Cisco and the Fortinet 110C.

Our network security is based heavily on Check Point products. We secure our Internet gateway with Check Point. We also secure our production and other very important systems and solution that are mission-critical with Check Point NGFW. For an extra layer of security, we heavily use Check Point Identity Awareness to make Client IP-based rules obsolete. We control the access via dedicated Active Directory Security to groups. These user groups are used instead of IP Client Subnet ranges, increasing our security.

The Check Point Management makes troubleshooting and log analytics very comfortable. Our Engineers only need a few seconds to see if a connection is dropped or allowed, et cetera. This makes fulfilling these standard tasks easy for the operation team. The easy ruleset management helps us not lose the overview over the Check Point Firewall (NGFW) rulesets in daily operation. Good security should always be simple and clean and this product helps to make our environment more secure against any attacks from the outside.

We are using the classic firewalling, the Intrusion Preventions System (IPS) and we also use Check Point Identity Awareness. The most useful feature is for sure the classic firewalling, however, we could get this feature also from other vendors. The most valuable feature is the highly integrated NGFW features such as the IPS or Check Point Identity Awareness, which makes Check Point the best choice on the market. They have been leading the market for 20 years. This is deserved, in our opinion.

Check Point, of course, has flaws. As a Check Point Engineer, you must also be a Junior Linux Engineer as many things are happening on the command line in daily operation and almost all the time during troubleshooting. This makes learning Check Point a little bit harder than other firewall brands. The licensing was always a pain and is still a pain to deal with. 

For the next release, we would like to have better ruleset cleanup tools that are already included. It would make security management tools obsolete.

We've used Check Point for almost ten years.

We are using Check Point NGFW for controlling the traffic on our entire network. It controls the traffic and access of the networks and also the traffic outside of our network. The firewalls are used in and HA-Setup.  

The features we use are application and URL-filtering, anti-bot/virus, and sandboxing functions. It is also used for Site2Site VPNs and endpoint VPNs. For us, the Check Point NGFW is the center of network traffic and security. 

We use the new features of Check Point to reduce standalone systems. 

In the past few years, the attacks and risks have grown. That's why we introduced a NGFW. All the securtiy risks can be minimized with the product. Especially if you route the whole network trafiic over the firewall. You can filter malicious sites and traffic and can analyze the entirety of traffic. The URL filter works much better and is much stronger than our other previous solution. 

In the case of migrating or patching, it is very easy due to the fact that you can transfer the whole ruleset and settings from your old device. Patching is very easy and we've never had problems.

If you have an HA Setup you will have zero downtime. Teams and VoIP traffic will also not get stuck; you would notice anything while switching to the backup module. 

The quality of the patches and hotfixes is great. We never had any issues during or after patching. All patches and hotfixes are well documented and if you have any issues the KB is very helpful. 

The log is very clear and can be filtered very easily. If you need to analyze not only the connection you can use the CLI to dump TCP packets. 

The activation of additional features is very easy and well documented.

Sometimes, the firewall has its peculiarities which you have to know especially when you want to set up a Site2Site VPN with a third-party vendor - specifically if you want to set up IKEv2. 

The debugging of VPN tunnels is very stressful. Sometimes you don't know what the firewall negotiates with the other site, so you have to use the command-line for the VPN debugging. However, if you use both sites, the setup is very easy. 

The speed could be better when installing policy changes. In the beginning, we didn't have all features active. Now, it is all active and it takes some time to install. This is sometimes annoying if you forget a small change.

We've been using this solution for several years. This is our 3rd Check Point firewall.

The environment in which it was deployed is a financial institution that requires high availability, confidentiality, and integrity of information within the supporting infrastructure. The NGFW is used specifically for the VPN, firewalling and it also serves as virtual patching in the event of zero-day vulnerabilities that are very common within some well know client desktop computers and servers.

Initially, I was using the Cisco ASA5500 series firewall. I never believed there could be better firewall devices in terms of ease of setup and management. The NGFW from Check Point has increased my confidence in terms of performance and ease of configuration with its intuitive interface. It supports the VPN configuration without any unnecessary latency and packet dropping.                                                                                                                              

It blocks over 97% of threats!                                          

VPN, firewalling, and virtual patching are the most valuable aspects for me. The NGFW is so effective that I can go to sleep and vacation. Check Point products rarely have vulnerabilities that put the whole organization at risk, unlike some other firewall products.

The VPN tunnels are very effective in terms of stability and quick connection.

Virtual patching is useful as a workaround for zero-day vulnerabilities.                           

It offers excellent filtering of URLs.

The interface can be more user-friendly in terms of the design and location of critical and commonly used icons.

They could add a web user Interface.

I have been using the Check Point NGFW since 2018 when it was deployed in my company.

The stability is awesome and it puts me in a no-worries mood!

The scalability is awesome.

Technical support is friendly and awesome.

Positive

I did use Cisco ASA. The administration was grueling coupled with some nefarious vulnerabilities and the cost of ownership.

The initial deployment was demanding due to my network architecture, not because of the product.

The implementation was done through a vendor.

We've seen ROI at 6 months to 1 year.

However, the ROI was realized within weeks of deployment.

The solution is reasonably priced relative to some other brands.

We did not evaluate other options.

It is the best amongst the rest.

Several enterprises, from financial institutions to hospitals, use this product mainly as edge solution. In most cases, the setup was based on a redundant configuration. Other cases which have been rolled out are based on smaller devices in office locations and larger devices in the central datacenter of the customer. As an MSSP we trust the reliability of the solutions, since we cannot risk having our reputation being harmed. Our team is perfectly able to manage the devices on a day by day basis using the central management solution.

The tension of being well protected from the outside world has decreased due to the sturdiness and reliability of the solution. 

Results are predictable and managing everything is easy with the right tooling. The management solutions are easy to use and make it possible for our administrators to manage numerous amounts of devices in one console. 

Software updates/upgrades contain valuable additions and it is clear that Check Point has the right focus on the requirements of what should be added as functionality.

Trustworthiness and stability are the key aspects when looking at these products. 

The up to date-ness of the threat intelligence and the underlying network of devices adding value to it is good. 

With many of their own investigators adding their findings to the threat database, Check Point has become a leader in having their product in the higher ranks of the spectrum of efficiency. 

The different hardware models focus on a wide spectrum of the market, so any company can choose a model that makes sense for them from the range.

The world is changing rapidly, and even though Check Point is delivering security solutions on many levels such as endpoints, cloud, and on-premise. 

A more centric solution would be preferable. They should take all existing products and make them a part of a suite that is easily manageable from one platform. This would leverage the use of the different products since no administrator wants many interfaces to manage the complete environment. 

Pricing needs to be lowered from start, this would be more effective than lowering it during negotiations.

We've used the solution for more than 10 years products and have been delivering the solution to our customers.

The product is very stable.

The solution is less scalable when using hardware-based solutions. Especially the smaller models have limited possibilities to expand on port / performance level. Both issues can be resolved using the Maestro solution, but that is limited to specific models.

Technical support is very good and easily accessible.

Positive

We previously used Cisco and Fortinet. Check Point is a long-lasting vendor that we use, based on trust.

The initial setup is pretty straightforward, especially when working with preset best practice profiles.

We handled it on our own. 

In the end, the ROI is good once a company knows the protection level on offer.

Pricing and licensing are not the best within the market. That said when you get to know the products they offer you will be happy to pay a bit more.

We also looked at Palo Alto previously.

We primarily use the solution for central administration and management of a lot of locations worldwide. That's the main task for this solution for our Central IT Team. Central logging and troubleshooting are 2nd level topics that are great to handle with the SmartDashboard and other tools.

We started in the past with base features and checked the NGFW features. Application Control gives us the option to permit applications and not just some IP address lists. Before we had so much manual work for dealing with firewall rules.

For some topics, we've given the Service Desk permissions and it's working great.

We have so many standalone firewalls. The central management of Check Point with different sessions/permissions is great. We can administrate all topics smoothly. The Application Control brings us to the next level of controlling cloud apps and other stuff.

Anti-Bot and the IPS are good features to check/defend our servers and company. We can prevent servers easily for vulnerabilities from/to the public internet and we can see what traffic/actions is active on our lines. 

Our Security Operation Center is very happy about the solutions too due to the fact that they have so much transparency.

QoS, Anti-Bot, IPS, and Application Control are the main features we're using.

The QoS blade is very good for controlling traffic such as Windows patches, mail traffic and other stuff. In the past, sometimes we had no control and couldn't help when too much traffic had occurred.

Anti-Bot is great at preventing our clients and corporate network from calling the central control.

IPS is good in protecting our systems in DMZ zones when patching of servers sometimes can't be done.

Application control for controlling Cloud Apps like MS Teams, M365 Apps, or others, is perfect. Previously, we had only IP Lists for stuff like this.

Administration of the routing and system settings should be moved to the central dashboard. It's not good to go to all GAIA Interfaces to change settings there.

The client for the central tools is very big - maybe using web access in future releases, similar to other vendors should be possible.

The firmware for the Check Point Firewalls is very big. It takes a long time when we are using small lines for data transfers. Other vendors have updates lower than 100MB. For Check Point often we need a minimum of 2GB.

I've used the solution for nine years.

The scalability is great.

We previously used Watchguard. It was not so good with different vendors for some features.

We are a Critical Access hospital with close to 1,000 endpoints and hundreds of users. We currently have multiple ISPs coming into the hospital for internet redundancy. There are multiple buildings on our campus that are connected with copper and fiber. We have had clinics in multiple cities attached to our network at various times. 

We installed the Check Point NGFW in our environment to act as our main firewall and gateway. This allows us to keep several of the vendor devices (lab analyzers and other third-party equipment) segregated on different VLANs so they have no access to our production VLAN. This system is also our VPN concentrator for several site to site VPNs and remote software VPN connections.

In the past 15+ years that I have run these firewalls, we have been able to make huge strides in increasing our security posture. This has been evidenced by our annual Security Risk Assessments run by a third party. Check Point is always coming out with new features that help make it easer to manage our security posture. We have received multiple comments from other organizations praising us for the speed and accuracy of setting up new site-to-site VPNs with the proper access. This is all possible because of the intuitive Check Point software.

There are many great features, however, with our last upgrade, we now have a web GUI that allows us to pull up multiple facets of the firewall environment. This feature has been very handy. There have been times we have a connectivity issue, and both sides are blaming each other. If I'm away from my desk and don't have my laptop, I can quickly bring up the interface on my phone and search through the logs, rule base, and VPN communities to help quickly troubleshoot the problem. I can't say it enough - this has been invaluable.

Overall, this is a great system, and I'm struggling to come up with things that I think should be improved. 

I have had some issues in the past with the desktop client being slow to come up for logging in, and then slow to respond to screen changes, however, overall, it really hasn't been too bad. 

For additional features in the next release, I would like to see more change functions available in the new Web GUI version. This is still a new offering from the company, therefore, I can only assume it will get better as customers make suggestions/requests.

I've used the solution for over 15 years.

This system has been rock solid in our environment. I have even run beta software to try out new features. I trust the company and their top-notch support staff to keep us running smoothly.

This system has been very scalable. Check Point offers multiple security 'blades' that let you start out small, and increase as needed without having to drop a bunch of money on new hardware.

I rarely have critical issues, however, when I do, I can call and get an engineer rather quickly. For most of my issues, I utilize the online support portal and/or knowledge base articles.

Positive

We had engineers online with us to help us get everything setup. They have done this many times, and they were able to give us a lot of information to help prep the environment. This left us with minimal downtime.

We used Check Point for implementation, and they are top-notch. They know the hardware and software better than anyone.

That is difficult to calculate. We have had hospitals and clinics drop like flies to ransomware, DDOS attacks, and other issues. The financial impact of something like that would be huge. You can't put a price on safety. 

We are trying to do the best we can in an ever-changing landscape of cyber dangers, and we feel that Check Point has been a great name to hang our safety on. In the 15+ years I've been working with Check Point, I have only changed out the hardware twice. We pay an annual fee to cover licenses and support. In general, this is a great investment.

We purchased this through a VAR, so your mileage may vary when it comes to cost and initial service for setup. 

The licensing can be a bit tricky when you have more than one appliance. That said, they are very open and explain how it all works. They give the ability to set up trials of all the different license 'blades' to let you try before you buy.