Check Point Quantum Force (NGFW) Reviews

In today's world, we can't completely rely on traditional signature-based devices, as technology involving cyberattacks is becoming more sophisticated. We require an all-in-one solution that can defend against newly-created attacks, necessitating the usage of NGFW firewalls. This is where Check Point comes into the picture.

Our environment contains multiple roaming users, where we have to extend trust beyond the organizational network. Not only is there east-west traffic to deal with, but a large volume of north-south traffic, as well. We are required to monitor all of the traffic, which includes many branch offices connected centrally.

Monitoring Data via DLP in such a scenario, we require a single solution, which is nothing but Checkpoint.

It has not only improved our environment but the entire organization. Adopting it brings better functionality.

Starting from the basic firewall blade to sandbox threat emulation and threat extraction, it works seamlessly to protect against both known and unknown malware.

After the version 80.xx migration, Check Point stability and security have improved tremendously.

Through the management server, it has become very easy to manage the configuration for each of the blades, as well as the day-to-day operations. With central management, it has become possible to manage endpoint devices as well.

Check Point has the best technical support, which I feel if we consider other firewall vendors in the market, is an important distinguishing point.

Stateful inspection is one of the strongest points in this product, which is applicable while creating policies for application and URL filtering.

Check Point provides dedicated blades to monitor network traffic, which helps while troubleshooting network and packet-related issues.

It is easy to filter traffic based on source-destination services, time, etc, which is an enhancement over other firewalls in the market.

Check Point fulfills our requirements but it is important that they stay on top of competitors by addressing certain points.

There are issues with stability while upgrading devices with hotfixes. For example, many times, a device will stop giving responses after an upgrade (observed in 80.10 release).

The rule database needs to be improved because when we apply rules for the destination, based on service and application and URL filtering Layer, the parallel lookup fails.

I have more than three years of experience with Check Point NGFW.

Stability can be improved further.

Scalability is excellent.

Technical support is very good and provides the right solutions every time. They are highly skilled.

We have seen many customers migrating their firewall from Sophos to Check Point, or from Cisco to Check Point. The main reason has been that they were not getting NGFW functionality and the security feature sets that Check Point provides.

The initial setup is straightforward.

I implemented it with the help of a vendor.

We are definitely getting most of the things that we expect from this product.

Check Point is a vendor that listens to customers and determines what they want. Based on the requirements and the solutions offered by other vendors, Check Point will negotiate to try and give the customer the best price.

Check Point offers options and operates differently from other vendors with respect to licensing. Each blade requires that you have a license.

We also evaluated Palo alto.

I think people like me love Check Point because in my experience over the years, I have not heard of a comprise where Check Point was protecting the network. As long as the devices are configured properly, this is a very small chance of being compromised.

In general, the NGFW features in Check Point fulfill our requirements, which is expected from a Cybersecurity firm that has been involved in the field for a long time. 

We use firewalls to protect our private environment from the public environment. My IT group is in charge of protecting the environment and maintaining safe usage of the internet. This product gives us a better, safer solution for the users within our company. 

Using this solution saves us time because nowadays, there are many malicious sites, as well as other threats and viruses on the internet. As it is now, we are not required to do anything because we have the antivirus and regular updates from Check Point. That is very helpful for us because when new viruses emerge, we just install the new signature and it works to protect us.

What used to take me seven days to do, now takes me only five. However, this is not just a time benefit because it better protects our environment as well. I estimate a 20% to 30% reduction in the number of attacks, compared to before.

I like the antivirus, attack prevention, three-layer architecture, and data center management features.

The antivirus updates are quite frequent, which is something that I like.

Central management is a key feature. We have between five and ten firewalls on-premises, and if we want to configure or push the same configuration to all of the firewalls, then the centralized management system is very helpful. It means that we only have to push the configuration once and it gets published on all of the firewalls.

The level and availability of training should be improved. I have seen people that are not well trained on the Check Point firewall and the reason is simply that the quality of available training is poor compared to that of other firewalls on the market.

The command-line interface (CLI) should be more user-friendly.

I have been using Check Point NGFW for approximately four years, since 2017.

I work on the Check Point firewall five days a week and the stability is very good. In general, the updates to the software and antivirus are very stable. We have not faced any issues.

It is very easy to scale and extend usage. We started with five firewalls and now there are approximately ten. There is not much effort required to scale and it is not very complex.

Directly or indirectly, there are between 2,000 and 3,000 people using it. Whenever their traffic is required to be sent to the internet from the office environment, the traffic passes through the firewall.

We are very happy with our experience with technical support. They are very knowledgeable and the process for resolving tickets or problems is fast. We have had incidents dealt with quickly by their team. 

Prior to Check Point, we were using Cisco ASA and we are still using it today. The reason for implementing Check Point is that we wanted more advanced features. What we found was that after 2017, we needed better protection for our environment, and that is something that comes with advanced firewalls such as Check Point and Palo Alto.

I'm very happy with the Check Point firewall because it includes many features that are missing from Cisco ASA. Also, it offers a better and easier experience.

One of the significant differences is that Cisco ASA does not have a central management system. If we want to configure 10 firewalls with the same configuration, it is not possible to push them all at once. Instead, you have to configure them one by one. Apart from that, the antivirus and threat management need additional hardware because the functionality is not present in Cisco ASA. 

One of the positive points about Cisco ASA is that the training is very good, and it is available on the internet. This makes it easy to use for somebody who is new to the product. This is unlike the case with Check Point, where quality training is not available.

We found the initial setup to be straightforward, as we have many experienced people in our team and they have worked with Check Point firewalls. 

We used the central management functionality a lot, and we initially configured five or six firewalls. It took between six and seven months for the complete deployment.

Our implementation strategy included the three-layer architecture, the centralized management system, the console, and the web UI. We followed the process that was recommended by Check Point.

Our in-house team was in charge of the deployment. We have a team of seven people that work in shifts, and we did all of the work, with some support from Check Point.

Six or seven people in different shifts are required for maintenance. At any given time, we generally work with two or three people during the same shift. I think that two people working at the same time are sufficient.

We have seen ROI and when you consider the features like central management, antivirus, and threat management, it is a good investment.

We did have cost savings, moving to Check Point from Cisco ASA. We required additional hardware devices, such as an IPS solution, antivirus, and threat management. In addition, we needed too many resources because we had so many individual ASA firewalls. There was no central management system, so more staff were required.

Ultimately, with Check Point, we needed fewer people and we also saved on the cost of hardware.

The price of this solution is average; not too high and not too low. It is more expensive than Cisco ASA but cheaper than Palo Alto.

After the first package of licenses, we have not needed to purchase additional ones. When our license expires then we will purchase another one. 

We also evaluated a solution by Palo Alto and we chose Check Point because it was more cost-friendly.

The biggest lesson that I have learned from using this product is that it is good to see a company like Check Point is continuously working on the quality of their product, and we should learn from that. It is good to improve over time because it is very easy to get into the market, but it is not too easy to sustain. 

My advice for anybody who is implementing this firewall is to ensure that they are trained completely because it is not easy to use. Moreover, there is not much training available online, so you want to have trained with the device. This is a product with many features, which are pros, but these same features can become cons if you are not using it with complete knowledge.

In summary, this is a good product and they have been improving continuously, but there are still some areas to improve.

I would rate this solution an eight out of ten.

The main use case is Firewall provisioning and integration with Tufin and Skybox. Also, we focus on firewall compliance, rule review, VPN configuration, and network troubleshooting.

Working for one of the largest companies, I found that using Check Point has made firewall provisioning very easy for us, and integration with the above-mentioned tools has eased the process of PCI audit, security compliance, and rule recertification.

I think the VSX has been the most valuable feature for us. We use it for tunnel management, which is great. The configuration has been quite straightforward.

Debugging could be improved when compared to the competition.

I think the product release lifecycle should be improved.                                                       

We have been using Check Point NGFW for almost eight years.

Previously, we used Cisco ASA. We switched because of the fact that Check Point offers more stability and visibility into the firewalls. Management is easier, especially using the GUI version.

I think that the pricing is different for every organization.

We did evaluate Juniper, as well.

We have two clusters. We are using them as both perimeter firewalls and data center firewalls.

In the past few years, we encountered attempted attacks on our company and we succeeded in finding that we were those attacks, or that some user or workstation was communicating with malicious sites. Without the Check Point Next Generation Firewall, we wouldn't have had the tools to identify these things and to remediate the problems.

A firewall is a firewall. It's a Layer 4 machine that blocks or allows traffic for ports. That's the basics and we don't need a next-generation firewall for that. But the features that are important include:

• IPS
• sandbox
• SandBlast
• Anti-Bot
• URL filtering.

A basic firewall is a basic firewall. You don't need Check Point and you don't need Palo Alto or the other vendors to block ports from source to destination. But we need the advanced features of this product to give us the visibility into, and the security and protection from, scenarios that are not the usual source-to-destination attacks. The solution needs to understand what the connection is, what the behavior of the connection is, and what the reason for the connection is. It can't be a stupid machine. It needs to know that if you're allowing port 53 from source to destination, that it has to check and give us the information that this communication is legitimate, and not something that is malicious.

We just upgraded to the latest software version of Check Point so we have a lot of new stuff to learn. The older version had a little bit of a problem with identity awareness and with HTTPS inspection with the visibility of the logs, and the implementing of rules. But as far as I can see now, with the new version, most of the problems were fixed.

In terms of new features, maybe it would help if we could start to manage all the stuff in the cloud and not in the on-prem servers. The management side could also be faster when you install policies. But other than that, I'm satisfied.

I've used Check Point NGFW firewalls for more than eight years.

In all the time I've been using Check Point there have been no major issues or problems. It's a very stable environment and a very stable solution, in my experience.

We have around 600 to 700 endpoints, workstations, points of sale, and mobile devices. We also have about 200 servers, a WiFi environment, and a networking environment that is not small. We have implemented it 100 percent but, because of the Coronavirus, the company itself is not 100 percent capacity.

For now, we have implemented everything that we wanted and the firewalls are working 100 percent. There are no plans in the near future to grow. Of course, if everything goes back to normal, maybe we will grow.

There are no problems for us in terms of scalability because we're not working at full capacity. We designed the new solution to give us the resources that meet our needs for the moment and for the future. There is no problem with scalability and we can add new firewalls, or replace what we have with bigger firewalls. Everything is okay in terms of scalability from our side.

We continue using our partner for resolving problems and doing the changes that we need. That is the way that most vendors are working. First of all you need a partner and then the partner will open up a case with Check Point.

But one of the best things about working with Check Point, especially here in Israel, is that there is a direct line to the support, because we have such a good relationship with them, to speed things up.

The support is fast, professional, and thorough. Those are the most important things when you have a problem. If we need to call for support from either our partner or Check Point, we get a quick response and, usually, a fast resolution of the problem.

We migrated from Check Point to Check Point

It was really pretty straight forward because we upgraded from an older Check Point product. The installation and the assimilation of the new firewall was very quick with almost no downtime and almost no problems.

We deployed four firewalls in two clusters and, all in all, it took about one day of work; half a day for each side. That includes the installation, the configuration, and the exporting of the configuration from the old system and, of course, all the fixes and patches.

On our side there was one person involved in the initial setup, just to make sure that everything was going okay and, after the installation, to do all the checks and verify that everything was working fine and as needed.

We deployed it with the help of a partner, called Spider Solutions, here in Israel. Our experience with them was good. The technician that came here to install the firewalls was professional and thorough. Everything went according to plan, with no issues.

The whole initial setup was done by the partner and our role was more oversight to see that everything was okay and to give the information that was needed to proceed.

The pricing in this category is a jungle, but Check Point was very competitive. They were very forthcoming and agile for our budget needs.

I have checked a few other vendors and solutions but, in the end, Check Point is the best candidate for our organization. That's true technology-wise and because of the support. Because Check Point is an Israeli company, it's very easy to get help very fast. We speak the same language and that helps as well. Doing support in Hebrew is very helpful for us. 

Other vendors were either more expensive or, to get some of the features, we would have had to upgrade to a bigger, stronger, and more expensive machine. But with Check Point, that wasn't the case.

Check this solution and see how it fits with your organization. See how easily you can manage and control the environment. The visibility and the management provided by the product is one of the most important things, other than the security features that the product has. And check the sizing carefully. Check that the machines you're going to buy are sufficient for your current needs and the future needs of your organization.

We are using this solution for the security enhancement of our internal company network. This is to protect our customers as well as internal users from the untrusted network or outside world.

I am using the physical appliances of Check Point Firewall as well as virtual machines (VMs). We are using the same versions of R80 on our VMs that we are using for our physical appliances.

It saves a lot of manpower. If we have centralized management, then we do not require as many members on our team. So, this is a cost saving feature. If there wasn't centralized management, we would need 30 members instead of 11 members for our team. 

The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them. 

It has various features, like Threat Prevention and Antivirus. It is easier to use and have knowledge of a single device rather than multiple devices/technologies when doing an installation. It is also easy to use because of having Antivirus and Threat Prevention features within the same firewall.

I would like the user interface to be more user-friendly. I want the UI to be easier to use than Check Point's competitors. 

We have been using this technology for the last four years.

Check Point is the one of the most trusted vendors in the market. All the Checkpoint Firewall updates are very nice. We get the updates every months, and they are very stable updates.

The solution is very scalable. It is easy to expand it, if required. and doesn't take too much time. It also doesn't require too much manpower.

There are 2000 to 4000 people who are indirectly using Check Point Firewall.

It is always a good experience to work with their technical support. They are knowledgeable, always finding a solution. If we send them a bug, they fix it as soon as they can. 

I previously used Cisco ASA Firewalls for network security. 

Check Point is more advanced in comparison to Cisco Firewall. It has many good features, like central management, Threat Prevention, and Antivirus included in one device. With Cisco, we didn't have that.

The setup is straightforward, not complex; it was a simple setup. For the physical firewall, we just required a physical appliance, then we set it up according to our requirements. We had the complete setup guidelines. We used the three-tier hierarchy, which is standard and recommended for Check Point. We could also purchase service from Check Point to assist with the setup process. So, it was a good experience.

Our deployment took six to eight months.

We didn't require Check Point's help during deployment. After deployment, we did require their help for critical cases.

This product provides a complete return on investment. It gives us the level of security that we expect and should have.

The pricing and licensing part is something that could be improved. Check Point license and pricing are a bit higher compared to competing firewalls. I think they can work on that.

We didn't require an evaluation process. We knew that we had to go for Check Point.

I would rate the solution an eight out of 10.

The Next Generation Firewalls, the 64000 and 44000 series, provide us with support for large data centers and telco environments. They're quite reliable and provide great performance.

There are a lot of features which help us in providing a more secure environment for our organization, such as when we have Active-Active.

The most valuable feature is that the scalable 64000 Next Generation Firewalls are designed to excel in large data centers and the telco environment as well. We have a lot of these types of customers, and these Check Point firewalls support them.

In addition 

• it supports dynamic objects, which we use for security purposes
• the antivirus is quite effective
• the logging and tracking are quite easy
• overall, it is easy to use.

The area where Check Point can improve is the antivirus, as it only provides a small number of updates for it. Updates should be more frequent.

In addition, the certification process is quite expensive. It should be a little cheaper so that everyone can be trained and certified and have better knowledge of Check Point's products.

I have been using Check Point's firewalls for more than a year. My responsibilities include implementing changes on the firewalls and troubleshooting.

They're quite stable and quite good. Management is simple because we can implement a lot of changes on the firewalls through the central manager.

They're quite scalable because they support large data centers, while offering reliability and performances as well.

The initial setup is quite easy. You don't need much training for it. Deployment takes around one week.

We have different stages in the setup process and we follow all the stages. We have to give structure to the plan, outline what we need to do. That goes to our manager, our senior experts, for approval. Then we implement the changes after their approval. Once the changes are implemented, we have our team leaders who validate whether everything is good and as expected or not. Then we close it. This is the basic strategy we follow in our organization.

About 500 to 600 employees work on Check Point firewalls in our organization and they have different roles. For example, I handle network and security admin. There are also security associates, consultants, and analysts.

The pricing of Check Point's firewalls is good. It is not that expensive.

We're using Check Point Next Generation Firewalls to secure the internal LAN network from unwanted threats and for protecting the environment for business use.

The most valuable feature is the central management system through the Security Management Server. Apart from that, the graphical user interface helps us to do things easily.

The frequency of the antivirus updates which we get for Check Point firewalls should increase. They should be of good quality compared to the competitive firewalls on the market. They should give us stable antivirus signatures. That is an area in which they can improve.

I have been using Check Point's Next Generation Firewalls for the last three-and-a-half years.

These firewalls are very stable and, apart from the antivirus issue which I mentioned, everything is stable in them. The best thing is that they are the most advanced firewall on the market.

Per my experience, it is very easy to scale these firewalls, because they are combined with the central management point. It is very easy to push the same configuration to different firewalls at the same time. It does not take much time to extend usage.

We use them throughout our organization. Currently we have used them for around 50 percent of our needs and there is definitely a room to grow. In the future we will definitely try to increase usage, if it is required.

We have had a good experience with the Check Point support guys. The solutions they provide are very straightforward and are provided quickly.

I used Palo Alto firewalls. Compared to Palo Alto we are happier with the Check Point Firewall features. Key differences are the ease of operating Check Point firewalls and the use of Linux, as we are all trained in Linux. It is easier for us to work on the ELA of Check Point firewalls. And Check Point's support is good.

Check Point is the best firewall we have found for our organization so we went with it.

In our company we do setup of Check Point firewalls very frequently because we are a growing company and we are required to do them on a fresh basis for our new branches.

The initial setup for these firewalls is straightforward. There's nothing complex about Check Point firewalls. They are easy to install and configure. We have cloud-based VM firewalls. We configure them in our environment. It is easy to access them and it is also easy to implement the changes on them.

Deployment time depends on the condition and the space of the organization. In our case, it requires three to six months for the setup phase. We have the same implementation strategy for all our branches, which is very simple. It is a three-level hierarchy which is recommended by Check Point. We use the SmartConsole, we use the Security Gateway, and we use the Security Management Server.

In my organization there are six people who have the access to the Check Point firewalls. Two of them are network administrators and four are managers.

We are happy with the return on investment from the Check Point firewalls. We are happy with the features and with the protection they provide us.

The licensing part is easy for Check Point firewalls. You just purchase the license and install it on the firewall. The pricing is a bit high, but obviously it gives you advanced features. If you want to buy the best thing on the market, you have to pay extra money.

When implementing the product, follow the recommendations which Check Point provides. Follow the backup for the firewall so that in case of an issue, you have a secondary firewall active.

The biggest lesson I have learned is that there is a scope of improvement. Companies that are improving and providing updates frequently are growing more. In addition, improving support is a very key part of things. Check Point rates well on all these points.

It's an on-prem deployment where we use it to protect our client and end-users who are working with the internet, and to protect their servers from external access. They have about 100 users and two servers.

When we did not have SSO, we had problems related to attacks compromising our firewall. That has been mitigated. We have the traffic going through the firewall to the server, so those types of things have really improved. We are seeing less traffic going to the server. When there was direct access to it, there was more and more traffic going to our server. So it has improved our server performance.

My favorite feature is the UTM piece and that was the main reason we bought it. It helps us to fine tune the network. We use it to block certain websites, to block access to particular locations, such as in Singapore or say Malaysia, where we have offices. We keep the previous device updated and, based on that, we also have static MAC address binding.

We also use the VPN services. The VPN features are mostly for our cloud connectivity and for our remote users to have local server access.

When I was creating the VPN on it and the client side through the portal, that feature was very annoying. I could not use it. It was much more usable after downloading it to the laptop. That was very good compared to using it directly from the browser.

I have been using Check Point NGFW for almost two-and-a-half years.

It's a stable solution. In the time I have been using this product, I have hardly seen anything break.

In terms of scalability, they have products that can fit into the environment. It's a very scalable solution. For our requirements, it fits very well. You can go with whatever kind of setup you want: Active-Passive, Active-Active. Check Point is very easy. Their solution is ready for our market; it's very well suited. Wherever we want to go, Check Point can provide a solution.

Currently, we are using somewhere around 50 to 60 percent of the box's capacity.

Sometimes, when I have gotten stuck, I have reached out to support and it's okay. They have helped me very quickly.

We did not have a previous solution. We went directly with Check Point. We liked the features provided by Check Point and we went for it.

The setup is not complex. It's easy to deploy. The documentation provided is very good. Deployment takes me two to three days. The hardware takes one-and-a-half days and then I get all the features up and running.

We have a standard implementation strategy. We have a checklist. We plan it out. Then we go into the field for the deployment. We have one dedicated engineer for deployment, and I also check it on a regular basis. The two of us are also the ones who manage the solution.

We have to consider things, cost-wise, when we are expanding into other locations. We don't have the budget to use it in other platforms. We have some servers that we deploy in AWS and other locations. But instead of going with Check Point, we go with other vendors to fit into the budget.

Check Point is really costly. When it comes to the Indian market, where we are located, we always consider budget solutions. So this is an area where Check Point could use some improvement.

In addition to the standard fees, support is an added expense.

The biggest lesson learned from using this solution is in terms of security. It is a really good product. I don't think there is anything missing from the Check Point firewalls. The features provided by the company are very good and provide what we need.

It's a very good security product, as long as you have the budget. It provides modern security and the architecture Check Point provides is good. And the application side will really help any size of business to deal with traffic based on the application.