Check Point Quantum Force (NGFW) Reviews

We use this product for providing perimeter security, as well as advanced threat protection capabilities to critical infrastructure. The solution is expected to deliver high-performance throughput for voluminous traffic continuously. 

We are using these gateways for multiple functionalities such as:

• Perimeter Gateways
• Anti - APT (Advanced Persistent Threat)
• Anti Malware / Anti Virus
• SSL Inspection
• Network Intrusion Prevention System
• Private Threat Cloud

All of our solutions are expected to run in high availability and have good resiliency. 

Check Point NGFW is the first perimeter security solution used in our environment and it is able to deliver the expected results. Specifically, it supports high-performance throughput for voluminous traffic.

The vendor has proven capability of identifying known threats, which can be seen while managing the firewall. The OEM has identified a roadmap in line with the emerging threat landscape and evolves the product to counter these threats. 

The central management console has helped with segregation, where planned interventions with management consoles do not have any impact on production or critical business traffic.

Next-Generation Threat Prevention capabilities provide security in a high-traffic load, ensuring detection and prevention of known threats by AME, AV, and Sandblast technologies. 

We are also using the system to create VPN gateways for our multiple partners and we haven't faced any issues with them.

 Check Point gateways are a stable product that can run without any issues until a major upgrade or vulnerability mitigation is required.

The support has been reasonable and they were able to minimize the impact during critical incidents.

There is a scope of improvement in detecting zero-day threats using the SandBlast technology, by introducing emulation of Linux-based operating systems. We have also observed issues while using the products with SSL decryption.

There is room for improvement in application-based filtering, as with other firewalls available in the market today. Check Point has improved its application filtering capabilities in the recent past and their latest version, R80, is more capable but still, creating an application-based filter policy is a little cumbersome. 

We have been using the Check Point NGFW for the past four years.

This solution is very much stable and does not require frequent changes in architecture. The patch frequency is limited, which reduces the downtime requirements.

This NGFW is very much scalable; however, I am not sure about other components such as PTC, etc.

Technical support is a mixed experience. Most of the time, issues are handled well in a timely manner but some issues have lingered for a very long time, causing multiple iterations.

We did not use another similar solution prior to this one.

As we use a lot of components from Check Point, the setup was a little complex in terms of deployment and traffic handling.

We had assistance from the vendor's professional services team to ensure smooth deployment. It was a green field project so the deployment was easy. The team deployed on implementation had expertise with the solution.

The ROI for security is the confidence that the solution is able to deliver the expected outcome. This includes stability, Threat Prevention capabilities, Granular policies, etc.

Licensing is pretty straightforward and is based on the blades available, such as NGFW, NGTP, and NGTX. Generally speaking, the pricing is in line with other players in the industry.

We evaluated products by Fortinet and Palo Alto.

In summary, this is a good solution that is stable, and I recommend it.

Our primary use case is as a perimeter firewall for main and DR sites for a financial institution. It secures Internet access for users through IPS/AV/Threat Emulation/Application control and URL filtering with HTTPS inspection and geolocation restrictions. 

It secures our email and MDM solutions. 

We also use it to create site-to-site VPNs with vendors. Remote access is achieved through the use of a secure workspace and SSL network extender. Securing and inspecting HTTP traffic to our web servers is another important task. 

It secures several DMZs and segregates them from the rest of the network.

We use all of the security features available. 

It has helped us with controlling internet access, securing our external websites, and providing remote access that you can trust (secure workspace). The latter provides with a virtual Windows 7 desktop that only allowed apps can be initiated from. In our case, we launch RDP sessions from secure workspace. 

The latest version of the software is a big win overall, with major improvements in how the rulebase is scanned (it's not the top down classical rulebase checking, but a column based checking) and overall efficiency.

Remote access with a secure workspace provides a clear separation between the client and corporate network. 

Threat Emulation (sandboxing) is great for zero-day malware and it is easy to configure. 

Logging and administration are best-of-breed. You can quickly trace back on all sorts of logs in no time. 

IPS and AV rules are granular and specific for the rules that you need. 

The geolocation feature is good for dropping irrelevant traffic. 

Configuration through SMS is quick and easy. It eliminates administration errors while checking consistency before applying a policy.

I would like to have an improved secure workspace solution for remote access. I hear that the Apache Guacamole solution has been integrated into R81. 

The site-to-site VPN options are numerous, but they can get confusing. Interoperability with other vendors is not the strongest when it comes to setting up VPNs. It's totally different from any other VPN vendors I have come across. 

Improvements are needed in policy backups and reverting to the previous policy. This used to be better in R77.30. 

Policy installation tends to take a long time when the rule base increases in size, which can become frustrating. 

I have been using Check Point NGFW for 10 years.

We have never had any unexpected crashes or issues.

It should scale well as they now support more than 40 CPUs on a single system. 

Our experience has been great, although we don't have direct support. This means that sometimes, it takes a while to get to the bottom of issues.

Check Point is really the best NGFW I have come across and I have worked with many vendors including Cisco, Juniper, and FortiGate. It's a platform that a huge amount of research has gone into over the years. It has a great support community and clear guides to solve all sorts of problems and issues.

I didn't switch to Check Point, as it was always there. We haven't switched away from it over the past 10 years. 

We always need some help on installs or major upgrades. 

We have used several vendors and some are better than others. 

It is difficult to calculate ROI when it comes to security products. 

The hardware cost is not huge, but you need to push for good pricing on software licensing and blades.

Check Point was implemented in the company before I arrived. 

It's demanding for the administrator, as it takes years to get an in-depth knowledge of the platform. Otherwise, it is easy to use from day one.

I'm a consultant at a Check Point partner. I have deployed a lot of Check Point firewalls and support Check Point firewalls for our customers. Our customer environments are different. I have deployed standalone, cluster, and two-layered firewalls.

Check Point firewall products include a lot of modules including Application Control, IPS, Email security, Mobile access, Content Awareness, URL Filtering, Antivirus, Antibot, and DLP. 

Check Point meets our customers' requirements at the perimeter with an all-in-one solution. For example:

• The IPS blade prevents attacks with updated signatures.
• URL filtering policy control customers' users' internet activity.
• Antivirus and antibot blade controls malicious activity and files.
• Mobile access blades allow customers to access their sites from anywhere securely.

There are a lot of features that I have found valuable for our customers.

For example, active/active and active/standby high availability features are very useful. If you want to share traffic loads to both cluster members, you can use the active/active feature, whereas if you don't want to share traffic loads then you can prefer active standby. Your connections sync on both cluster members for either highly available choice, so your connections never lost.

One of the most valuable features is performance improvement, wherewith ClusterXL and CoreXL, you can improve performance.

Check Point should include additional management choices; for example, Check Point does not offer full management support via browser.

You should use Check Point Smart Console for management, although it is an EXE and is supported only on the MS Windows platform. If you are using Linux or Mac, you cannot manage Check Point. Instead, you need to use a virtual PC with the Windows OS installed, running inside Linux or Mac. Check Point states that this is a decision made for security reasons, but that certain management features can be done through the browser, although not fully.

I have been using the Check Point firewall for more than 20 years.

This solution is very stable for all of our customers.

One of our customers has more than 200 branch offices, which are protected by Check Point SMB appliances. All of these appliances are managed by Check Point SmartProvisioning. This customer has one Check Point cluster that secures server segments and another Check Point cluster to secure the client segment.

The latest product, Maestro is very good and scales well.

Check Point support is very good and we are very satisfied.

My company is working with different firewall products but I am a Check Point expert and only support their products.

The initial setup is straightforward.

All implementation is handled by our team.

There are different ROIs for each customer but our customers' ROIs are high, as expected.

The pricing is high compared to competitors.

Our customers evaluate other products but a lot of them prefer Check Point.

We have a pretty small office and therefore, a small network environment, and the SMB appliances from Check Point were a perfect fit and exactly what we were looking for in order to improve our overall security posture in the office.

It was critical for us to be able to secure our network, including intrusion detection and prevention along with threat emulation and extraction for zero-day threat help, and Check Point fit perfectly.

After implementing the solution, we were able to get through a third-party penetration test of our network without issue.

Check Point NGFW has improved our organization by making our corporate network much more secure. Once our SMB appliance was installed, configured, and up and running, we could rest a little easier knowing that unauthorized access to our network just became much more difficult.

By turning on the various software blades, intrusion detection and prevention were in place, we had threat emulation and extraction in place, etc. It was a one-stop-shop for us and gave users on our network a certain peace of mind knowing that there was something in place to help keep them safe from malicious actors.

There are many aspects of Check Point NGFW that are valuable and important to our organization, but I'd say the top three are intrusion detection and prevention, threat emulation, and threat extraction. These three features have set a good baseline of security on top of the normal application URL filtering and other services of the firewall.

The way in which a computer is immediately isolated if it starts behaving badly and I get a notification of an infected computer is also extremely nice and a great feature.

When first looking into the Check Point offerings, it was fairly confusing trying to determine the differences between the different offerings. Specifically, SMBs versus other models, and which one would work best within my environment for my use case. I think we ended up in a good spot after speaking with a reseller in the area, but it would have been nice to be able to get there independently.

The WatchTower app that can be used to access the SMB appliance remotely is a nice touch, but it doesn't allow for many actions to be taken and therefore is relegated to mostly notifications. At that point, it requires me to gain local access to go further. It would be nice to add more features to the WatchTower app to be able to perform certain administrative functions without the need for local access. 

We have been using Check Point NGFW for two years.

This product is stable and we have had no issues.

We did not use another solution prior to this one.

Easy setup and configuration by a non-network/security person.

Check Point brings good value for the money and is competitive in the market.

We evaluated Fortinet FortiGate but Check Point seemed like a better fit for us in terms of features and value.

Our primary use case is to secure the perimeter and users in our network.

We use IPS/IDS, deep packet inspection, and VPN.

Our network performance and safety have improved. The reporting also gives us more information about our network, including cost and risk reduction.

This solution helps to keep our network safe and secure, protecting our investment.

The most valuable feature is the powerful, deep packet inspection engine.

The management console and diagnostic tools are powerful and we are happy with them.

The reporting is detailed and helpful.

There should be better integration with our current NAC solution to increase the granularity of policies that we implement.

We have been using the Check Point NGFW for two years.

Overall, this is a very complete tool.

In my company, we use the Check Point NG Firewall solution to secure the perimeter and user network. We use IPS/IDS, deep packet inspection, and VPN. We have implemented routing rules based on the destination of the traffic, and the performance of the global solution is satisfactory.

We use the solution, too, as the firewall in a core node, which is very important to the business. It secures the network equipment and service integrity.

We are delighted with the powerful management console and diagnostic tools.

The Check Point Next Generation Firewall has improved the performance of our network, bringing the IT administrator a lot of information and data to make decisions about security, vulnerability, strengths, and weaknesses in our deployed projects.

It provides a lot of information to help better understand our users. Now we feel more confident with our network and know what happens on it, as well as what kind of traffic we have.

In addition, we have many reports that include data to help with decision-making and information about how the solution reduces cost and risk.

The most valuable feature in my opinion is the powerful deep packet inspection engine. This engine provides me with a great capacity to control the traffic generated by my users and provides our company with a very real vision of the use that users make of the network.

The reporting capability is very important as we are able to show the company management the benefits and the return on investment, in terms of securing our network.

The number of physical network ports on the device should be increased to allow for greater capacity.

Another point of improvement would be to continue improving the integration line with our current NAC solution in order to exchange more attributes and increase the granularity of the implemented policies.

We have been using the Check Point NGFW for three years.

Compared to other similar solutions on the market, this product is quite complete.

In my opinion, this solution is already quite complete with respect to our requirements.

We support various clients in the government sector in Mexico. We provide different solutions in terms of network security, data security, and perimeter security. The NGFM Firewall is available locally and different offices and/or institutions of the government sector pass through a more secure and controlled infrastructure.

This type of infrastructure has different zones or areas that are managed and keeping them centralized has helped us to maintain and control them. In addition, we are generating fast and safe solutions for our users on each site.

Check Point has provided us with an easier way to control all of the access traffic for more than 50 segments that we have within the organization. In addition, we have been able to maintain stricter control of the users and/or equipment that are had in all the institutions that make up the government sector of the entity.

Check Point technology has allowed us to keep the organization and distribution of the network in order within the institution. In addition, the VPN service we have has worked correctly for users who want to work remotely from their homes, which was of great help during the pandemic.

Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution.

The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters. It is well organized.

Some other of the services that have worked well for us are antivirus, anti-bot, and URL filtering. Together, these have allowed us to maintain control and organization amongst the users.

Another one of the pluses that have helped us a lot has been the IPsec VPN, especially in these times of pandemic.

Using the tool is somewhat complex when teaching new staff, although after practice it is quite easy to get used to this technology.

One of the improvements that could be included is to have a help menu to obtain advice or help for the different options that are presented in the application.

The equipment is complex, so you need guidance from specialized people or those who constantly work with Check Point. Better forums and information manuals could be provided so that users from different institutions can have more access to the information.

The company has been using the Check Point NGFW for more than four years.

Compared to other networking equipment I have used, I would say that Check Point's NGFW is just as stable. We rarely have problems, and they can all be properly fixed without affecting productive or critical network elements.

There are currently more than 5,000 users within government facilities in Mexico. This team has provided us with the necessary resources to provide services to users in record time.

With the teams that we currently have, we have not considered increasing the number of technicians. If the need should arise then Check Point is still a very good option.

Technical support has been available when we have problems, and they are always there to help us get back up and running as quickly as possible. In addition, the equipment is kept up-to-date with the latest versions, or alternatively, those recommended by the provider.

This solution was deployed before I entered this governmental organization. What I have heard is that prior to this, the security and segmentation control was not ideal and they wanted to improve it. With the implementation of Check Point, great improvements have been provided to the infrastructure, maintaining order within the organization.

When I entered the company, the equipment was already installed. With the passage of time, some configurations have been improved and some extra services have also been achieved for mobile users.

It was implemented through a provider that has been guiding us towards the correct use of the equipment and the best practices to keep it updated. The service has been excellent, both in common day-to-day ticketing situations, including the most serious incidents.

It has been well worth the investment, as the Check Point technology is there to help when we need it.

One of the main reasons that Check Point is used is that it helps us to administer security at a reasonable price. This is naturally in addition to meeting the expectations of the institution.

An annual technical support fee is paid to maintain the equipment with the most updated licenses and versions and thus avoid vulnerabilities

Check Point is the option that has always been considered for its good firewall organization, which allows us to have excellent security.

My advice is to always have a supplier with whom you can resolve doubts or more specific technical questions. Since the equipment requires many very technical parameters, it is helpful to have a person who understands and uses this technology correctly.

We deployed a Check Point firewall on the perimeter as well as on the internal network. Both are in HA & we have enabled all threat prevention blades. All devices are 5600 & 4200. We are managing our two firewalls with two different security management servers.

Currently, we are using the R80.20 firmware version and we have a pretty simple design.

Our primary uses are firewall security, VPN, web filtering & monitoring. We have also used the TE-100X appliance for private cloud sandboxing.

With Check Point, we achieved redundancy but the problem was three public IP addresses that were required to be configured as HA, with two physical IPs & one virtual IP.

Our previous firewall used a single public IP but now, with Check Point using three, it became very difficult for us to make available the same segment of public IP addresses from our ISP. After many support calls, however, we found a solution.

The other option which is helpful is that there are no limits for any objects used in the policy. Our previous firewall does support limited time objects & IP address objects.

Check Point's new Smart dashboard has an all-in-one configuration interface. They provide a very easy configuration for NAT and one tick for source & destination NAT is possible.

Policies can be configured in a more organized way using a section & layered approach.

Application control has all of the required application data to introduce it into policy and the URL filtering works great, although creating regular expressions is complicated.

The software upgrade procedure is very easy; it just needs few clicks & we are done.

Check Point has both GUI (Graphical Interface) & smart dashboard, but it will be better if it sticks to either one of them. 

A threat prevention policy needs to be created in a different tab but instead, if those policies could be related to access policy then it will be easier to apply the threat prevention to our relevant traffic.

One of the most complicated aspects is the VPN Configuration, which should be simplified in future releases. The monitor tab should have a VPN tab, where we can see the current tunnel status.

I have been using Check Point NGFW for more than the last three years.

With respect to stability, we always have ongoing support calls. We have faced lots of issues that have led to upgrading with a Hotfix.

When it comes to scalability, our current Check Point is far better than our previous firewall.

Technical support is very helpful & always there to help us with issues. Also, the TAC response is quick.

Previously, we had a Fortinet firewall, which was pretty slow when it came to operations.

The initial setup was simple.

We implemented the firewalls with our in-house team.

Check Point should provide some basic license for mobile access VPN by default, for at least five to ten users.

The only other vendor that we have evaluated is Fortinet.

We use this firewall to protect the internal network and to set up the IPSec standard from one location to another.

One of the benefits that we have realized from using this product is that the user interface makes it easier to operate, compared to using the CLI.  In Check Point 5.0, we bought the option, giving us the ability to use the GUI as well as the CLI. A person who is comfortable with the UI can work with it according to different scenarios.

The most valuable feature is the set of encryption options that are available.

Viewing the logs in the interface is easy to do, which is one of the things that I like.

This is a UI-based firewall that is easy to use.

The antivirus feature is a little bit weak and should be improved. The updates are not as regular when compared to other firewalls, such as Palo Alto.

The training materials and certification process should be improved. For example, the certificates are more expensive and there's no good training available on the internet right now.

I have been using Check Point NGFW for approximately seven years, since 2014.

The stability of this firewall is good and we haven't had any problems. It is a well-known, quality brand.

There are no issues with extendability or scalability. Over the course of a year, we added another firewall, bringing us from one to two deployments, and the process was not tough. We were easily able to manage it.

We have approximately 12 people who work with this firewall during different shifts.

I have been in contact with technical support many times, and they are good. Most of the time, they solve the problem as soon as possible, and they give a perfect solution.

Currently, we are using firewalls from different vendors, including Palo Alto and Cisco. Our Cisco ASA solution is completely CLI-based and Palo Alto is like Check Point with an interface that is a mix of UI and CLI-based.

Both Palo Alto and Cisco ASA have very good tutorials available on the internet, including videos on YouTube and courses on Udemy.

On the other hand, Cisco ASA is more difficult to use because there is no UI and for a person who does not have any knowledge of the networking commands, they have to learn them.

The first phase of the implementation is to plan the firewall deployment. After that, we do the configuration and validate it. In the case of a Check Point firewall, this process will take between two and three months to complete.

The complexity of the process depends on the features that you want to add. In general, it is straightforward and not too complex.

I was not present when the first firewall was set up, although I was presented for the deployment of new ones. Whenever there is a new firewall deployment, I am involved. We have between four and five network engineers who take care of this part.

There is no maintenance required from our side. When we have a hardware issue then we contact technical support to get it sorted out.

We have seen ROI; for the purpose that we have deployed this firewall, we are getting returns. Based on this, we are buying more Check Point firewalls.

The price of Check Point is lower than Palo Alto but higher than Cisco ASA. For us, the price for licensing is fine, we have no issue with it, and feel that the cost is justified.

There are no costs in addition to the standard licensing fees.

My advice for anybody who is implementing Check Point NGFW is that if they get stuck, then visit the technical support section of the website and read the articles that are available. I have learned many things from the tech articles, and it's a good website if you want to learn about it in-depth.

One of the things that I learned is that Check Point firewalls also use Linux commands. After working with Check Point, I improved my Linux skills, which is a good thing for me.

I would rate this solution a nine out of ten.

The main use case is Firewall provisioning and integration with Tufin and Skybox. Also, we focus on firewall compliance, rule review, VPN configuration, and network troubleshooting.

Working for one of the largest companies, I found that using Check Point has made firewall provisioning very easy for us, and integration with the above-mentioned tools has eased the process of PCI audit, security compliance, and rule recertification.

I think the VSX has been the most valuable feature for us. We use it for tunnel management, which is great. The configuration has been quite straightforward.

Debugging could be improved when compared to the competition.

I think the product release lifecycle should be improved.                                                       

We have been using Check Point NGFW for almost eight years.

Previously, we used Cisco ASA. We switched because of the fact that Check Point offers more stability and visibility into the firewalls. Management is easier, especially using the GUI version.

I think that the pricing is different for every organization.

We did evaluate Juniper, as well.