Check Point Quantum Force (NGFW) Reviews

The biggest thing is the central management. It is quite good and allows us to manage the different firewalls from it. We can implement and configure many firewalls and push our policies to them as well.

One of the most valuable features is the antivirus. It's very good.

We also now support cascading objects. We didn't support this previously, but on Check Point we do.

The dashboard is quite good, you can explore a lot of features there and it's easy to understand.

It also gives us SSL inspection, which provides more effective mitigation of defects and data leakage.

The antivirus is not as effective as it could be because updates are not that frequent.

Another area for improvement is that certifications are quite expensive with Check Point.

I've been using the Check Point Next Generation Firewall for the last year.

My role includes working on Check Point and Cisco ASA firewalls to make changes on them, per customer requirements or as the organization needs. I also explore new features and do troubleshooting.

It's quite stable. Until now, we haven't faced any issues.

The Check Point 44000 and 64000 Next Generation Firewalls are designed to be quite scalable. 

If we do face an issue which is not our support boundaries, we involve the Check Point TAC. They're quite technical, so they help us to resolve things. They are always helpful. They're knowledgeable and their response time is very fast.

Previously we were working on Cisco ASA firewall which didn't support the cascading objects. Also, Cisco supports two gateways, whereas the Check Point supports up to five gateways.

We also decided to bring on Check Point because there are a lot of switches that are not supported in Cisco ASA. Also, with Cisco, IPS does not come with the firewall and we have to configure it separately. The Check Point IPS comes with it.

There are a lot of features which are not supported in the Cisco ASA Firewalls.

The initial setup of the firewall is straightforward. I didn't find any difficulties in moving from Cisco ASA to Check Point. The dashboard is quite friendly, so it didn't take much time to learn.

Deployment took about three days.

We have different stages in our implementation process like planning, approving, implementing, checking and validating, and the last one is matching. Job roles in our organization go according to these stages the approvals. I do the planning part and my approval request goes to my team leader.

We have about 400 to 500 users. They are semi-technical or non-technical people, such as network and security engineers, who are tracking and monitoring the firewalls. If we're talking about troubleshooting we have from different levels, like L1, L2, L3.

It's saving us a notable amount of time. 

Check Point is good. It has a lot of features which will support a lot of things in your organization, and the dashboard is quite good. There are a lot of features, such as data protection and data inspection, at a good price.

We use them to protect our edge infrastructure and for interconnecting our sites using the VPN.

One of the most valuable features is the data center object integration with Azure. We are using Azure a lot and there is very nice synchronization between the objects in Azure, and it's very easy to implement rules using this feature.

Other valuable features include: 

• the VPN — it's quite easy to configure it and it provides us with an easy way to interconnect our sites.
• the CLI, for automating things
• it is very easy to manage, to make backups, and to configure
• the support and the graphical user interface.

The NAT services part needs improvement. It's not sophisticated. It needs functions like range assignment for NATing. The way you assign a list of IPs for NATing is too simple. It just allows you to use pools.

There could also be improvement to the automation. They should provide a tool for creating and maintaining rules.

I have been using Check Point firewalls for more than five years.

The stability is an eight out of 10 because we have had some problems with URL filtering, with the domain filtering in particular. When the domain is under a CDN, it sometimes gives us problems because there is more than one IP for each domain.

We have also had problems with data center objects or Azure objects where we have created a rule and the rule stops working. We opened a case with Check Point and they answered us. We installed fixes and it looks like it's working now.

The scalability is quite nice at the firewall level. It gives us the possibility of implementing clusters and high-availability.

We are also working on an Azure implementation and it looks good. We have not yet deployed to the Azure Check Point implementation, but it promises a lot.

We have about 200 employees and, on the administrative side, there are 12 to 15 people working with the Check Point solution. They are mostly networking infra engineers. We are using about 40 percent of the firewall capacity. We don't currently have plans to increase capacity.

We are satisfied with the support. When we have a problem, it's very easy to contact the support center and they give a fast response. I would give their support a nine out of 10.

I have worked with the Cisco ASA firewalls and with firewalls from manufacturers like MikroTik.

It's hard to measure ROI, but our sense of security, as a company, is good with Check Point.

In terms of quality versus price, Check Point is very balanced.

The biggest lesson I have learned from using Check Point firewalls is that if you know how to work with Linux, you will be able to manage almost all the features.

We recommend to clients who are installing applications that they can work with Check Point Next Generation Firewalls. Our role is to support our customers in terms of their migration, firewall room cleanups, and implementing all the security features that the firewall has.

Our clients have branch offices in Mexico and Bermuda. Check Point is one of the top names in these areas.

Our clients come to us to fix holes in their endpoint security management infrastructure, which might be letting things through like ransomware. We recommend Check Point Firewalls and some other endpoint security management solutions to mitigate these risk factors. We use this solutions to help build a perimeter for the company, as it helps filter threats from affecting our clients' infrastructure.

The application authentication feature of Check Point is the most valuable as it helps us keep users secure. 

It works smoothly when managing clients' on-premise and cloud firewalls.

Permissions from the client regarding troubleshooting and how well we can packet capture have not been smooth.

Check Point should quickly update and expand its application database to have what Palo Alto has. 

There have been some issues with third-party integrations.

I've been using Check Point Firewalls since 2012. This was right from the beginning when it was hardware from Nokia and the R65 and R66 models. So far, that has gone well.

They are stable. There are no standalone Check Point boxes. If a module goes down, it doesn't affect the base as a whole. Check Point Firewalls have nice redundancy.

Scalability is a good feature that this solution has. It is easy scale out and do site-to-site implementations. Sometimes, you have to clean the OS or RAM to free up availability. However, if you do this, then there are generally no issues with scaling it.

The documentation is really good. 

Their support guys response is really quick. Though, sometimes it takes them more than four to five to get back to us via email and acknowledge an issue. If you have the diamond support, it is definitely fast. However, if you don't have that sort of expensive after-sale support, then it is a problem to engage a Check Point technician at a very fast pace.

We actively participate in the community group.

Our clients are migrating over to Check Point NGFW from Cisco, Juniper, and Fortinet because they want the Check Point Application Intelligence feature. 

We set up the management tool for the clients to manage all their infrastructure.

The migration is generally seamless and takes one shift or day (about nine hours).

We migrate clients to Check Point from other solutions. We also have situations where it's a clean install for deployment, which is the most common scenario.

We are working with Check Point Firewalls to provide installation, migration, updates, setup, etc. 

In the beginning, we needed help from the vendor with the setup. The support was good.

Our clients have seen ROI.

Cisco pushes clients to purchase their hardware, and this is not the case with Check Point. This helps to easily manage costs.

There are now more competitors in the market, like Palo Alto and VMware. 

Palo Alto is a bit more smooth and cost-efficient than Check Point. Palo Alto has Unified Threat Management (UTM) coupled with a dake lake database that is huge. Also, its migration is more smooth than Check Point's. 

Look for a software with licenses that support the features you want. I would recommend doing an RFP before purchasing. Get in touch with Check Point's sales team and compare it with other solutions.

Check Point features are always evolving. They try to stay abreast of the market. I would recommend not using older, obsolete models of Check Point because of this. 

I would rate this solution as an eight out of 10.

The primary use of the firewall is to allow or block some traffic. Mainly, it is the perimeter firewall for the Internet. It filters the traffic from external to internal, e.g., to secure the traffic. 

Some of our customers have been demanding Check Point as their firewall product.

I do the installation, support, firewalls, etc.

It provides a central station where it is very easy to deploy our firewall policy in one click to many firewalls. This is one of the leading perks. It saves time by having one central station because I can deploy the same kind of policy to many firewalls at once. 

With the latest release, it's easy to configure firewall rules with the scripting. This is one of the features that we have been demanding for some time so we can script some actions for automation.

The best part is that it is very intuitive. It is easy to configure, deploy, and maintain. If it works, it works.

The troubleshooting: When you find something that is not working, it is very easy to check in the logs what is failing and fix it in a short time.

The login tool is really nice.

We can virtualize the physical firewall in a virtual environment. However, the virtual environment is not stable at all. We have some customers who are using the virtual environment feature, and sometimes it crashes. We have many tickets open and the response is not as good as expected. We have to wait months for a resolution.

If you use all the features available on the firewall, it's not working. If you keep it simple, then it works. When you try to do cool things, you start to have some problems because that kind of integration is not fully developed.

I have worked with Check Point since 2007.

When it is failing, it is a nightmare. The stability has room for improvement. Sometimes, it is not working at all.

The scalability is good. I haven't had any scalability issues. If the firewall gets stressed, we buy a new firewall.

There are many options, such as, virtualization. They have also release a new product, Quantum, that makes it possible to scale up and have more firewalls. 

As an integrator, we have very big companies (like banks) to small companies, who have only 200 users or less. 

I would rate the technical support as a six out of 10. I have customers with no tickets open with Check Point and other customers who have many tickets open.

Solving some issues with them is a nightmare. They don't reply in time. They always ask the same questions. I expect better feedback from them, but that usually never happens.

Before Check Point, I used Cisco and Fortinet FortiGate.

The big differences is really the full integration firewall, e.g., Cisco doesn't provide this. Also, the Check Point central console is so much better because it provides that one central station, which is a plus.

The con for Check Point is the stability. The hardware for Check Point fails more often than other vendors. Usually, other firewalls are more stable than Check Point so I don't have to open as many cases with other vendors, like I do with Check Point.

There are two parts:

1. In the physical, you deploy with a wizard, which makes it very easy. It is a standard wizard where you click "Next, Next," then you see the GUI and everything is done there.
2. It is possible to do it in automatic way with the scripting. In the cases that you have some experience on it, it's very easy to deploy some scripts and the firewalls. For example, in the cloud, I created my own firewall with the same setup every day using the auto-integration since it's possible to integrate Azure with Check Point, which is very easy. One of the best features of the Check Point is its integration with the cloud, because not all vendors have that kind of integration.

The deployment time depends. If I do any scripting, it takes 30 minutes. If I do it manually, the deployment takes two hours. It also depends on the size and scope of the deploy, e.g., if I create a basic firewall rule or do a full automatic migration. However, It does take less time than other firewalls.

The implementation strategy depends on the customer.

I can deploy one firewall in an easy way. I can do it quickly by equiping firewall rules in text mode or in the API. However, when I have a problem, it's totally the opposite. I lose a lot of time.

The pricing and licensing are the worst part of Check Point. I usually don't know what I really am buying. When I have to do an inventory of the license, I don't know what it is being used for. Sometimes I feel I am being cheated, and the others times, I feel it is a bargain. Nobody knows! Even the Check Point representatives, they aren't clear on somethings, such as, what is the right license for what I need.

There is a possibility to have diamond support. You can have a technical engineer who is there just for you. When you have that type of feature, it's more expensive.

Cisco NGFWv

• Check the price first. 
• For migrations between different vendors, it's a nightmare. You need to do some tasks manually, otherwise it doesn't work when you migrate it. 
• Check the performance if it is working as expected. 
• Try to keep it simple.

It is a good product. I would rate the solution as an eight out of 10.

We work with these firewalls for overall security, including content filtering.

High-capacity and high-capability devices help us to integrate with the cloud infrastructure as well as internet applications.

The most valuable feature is the URL filtering. 

It also gives us a single console for everything. Rather than having one device for URL filtering and a different device as a firewall, this gives us everything in one place.

It would help if they were easier to deploy, without needing more technical people. It would be nice if we could just give basic information, how to connect, and that would be all, while the rest of the setup could be done remotely.

I have been using Check Point NGFWs for six years.

They're pretty stable. I don't see any issues there.

Scalability means upgrading to newer, better hardware.

From an end-user perspective, everyone in our organization is using it, as it's a perimeter device. If they have to access the internet, they use this firewall to allow that access. We have about 4,000 end-users and about 200,000 concurrent connections.

Check Point's technical support is a seven out of 10. Sometimes it takes a lot of time to get the right people on TAC issues. And to buy time, they just use generic questions, which is really time-consuming and doesn't relate to the problem at all.

For the infrastructure in question, we have always used Check Point firewalls.

I have worked with Cisco ASA. Cisco is more CLI oriented, whereas Check Point is more GUI oriented. With the GUI, it's easier to manage and administrate it. If the configuration becomes bigger and bigger, it is really easy to see things in the GUI versus a CLI.

The advantage of the CLI is that you can create scripts and execute them. But the disadvantage is that they become so lengthy that it becomes very difficult to manage.

The initial setup is straightforward because it's a GUI interface. Even when it was upgraded, things didn't change in terms of the look and feel. It was still the same. There was no need to learn new things. It's easy for any administrator to learn new features.

On average, deployment takes one to two hours, including mounting and everything, from the physical work to moving the traffic there.

The issue is that we still need people to be onsite to do this because some tasks have to be done on the day. That means a technical person is required to do that work. We can't give it to any other person to do this because, until those particular steps are completed, things can't go any further.

We have six people, network admins, for deployment and maintenance because we have about 30 of firewalls.

We do it ourselves.

When we first started using them, we were just using them for basic functionality. Then we started using more features and introducing other components. For example, we had a different proxy server which we depended on. Once we got the Check Point, we could use the same device for multiple roles, which reduced the cost a lot. I would estimate our costs have been reduced by 30 percent.

If you use the features then it's cost-effective. Otherwise, it's expensive.

We use Check Point's firewall to provide network security to our organization as well as to other, third-party vendors.

The Check Point firewall is providing advanced-level security. Compared to before, our company is more secure now. It is not only securing the users working within the LAN environment, but also to the end-users or remote users in the company.

The most valuable features are its 

• antivirus
• threat detection
• central management system. 

The central management makes it easier, and is a time-saver, when implementing changes. We can do all the changes within Check Point and not use any third-party device.

The antivirus Check Point offers could be better when compared to competitors' firewalls. Updates should be more frequent. With other firewalls, updates are very frequent, but with Check Point updates are not so frequent. That needs to be improved.

Also, the certification as well as learning about this Check Point is much costlier when compared to the other firewalls. I have recently done certifications in various firewalls and Check Point's certification was more costly.

I have been using Check Point's NGFW for the last six years.

The Check Point firewall is very stable. It is one of the oldest firewalls in the market. It has all the advanced features, according to the security features we have. It's quite a stable firewall.

It is very good and scalable. We have recently expanded the usage of Check Point and it was not a very tough process to scale this firewall.

Right now it's protecting around 3,000-plus employees.

It has been a very good experience every time we call Check Point. We usually get them on a phone call and they are very informative people. They always provide us the solution.

We had another solution. We switched because Check Point gave us more advanced features and there was market demand for network security.

The initial setup was a little complex. The training from Check Point should be increased. It was a little complex, but with the help of their TAC and the help of other engineers, we installed it.

The deployment has taken about eight months. We have deployed it in a three-way architecture. We have installed a security gateway, an SMS (security management system) and we have installed the console.

We have a team of four people, all network engineers, for deployment and maintenance of the solution. We take care of all the firewalls for the organization, including Check Point's.

We had help from a Check Point integrator. It was a good experience. They were very helpful.

We are happy with our investment in Check Point's firewall. Per our standards, and for our environment, it is a very good firewall. It is protecting us well.

Pricing is a little high compared to competitive firewalls, but it is easy to go through the licensing steps.

We evaluated other options, including Cisco ASA. The difference was that Check Point provides advanced features, such as threat prevention and antivirus. Apart from those, it also provides us with IPS. Also, for Cisco ASA, we had to take extra services to install it, so we went for Check Point.

Make sure you get good training on Check Point's firewall, and it would be good if you have working experience on the device.

Using Check Point, I have learned that we need to serve our remote users as well, and Check Point is a firewall which is capable of doing that.

We use it to provide security to our environment from the outside world. We are using it to provide security against vulnerabilities using threat prevention, Antivirus, and IPS.

In advance, we get security vulnerabilities. So, we can configure new security policies, update our antivirus, or check the configuration to protect the environment.

We like the centralized management for configuring multiple firewalls. It also gives us the Antivirus, threat prevention, and vulnerability tests. These four features protect the environment with security checks. Vulnerability tests allow us to configure changes that can protect the environment.

The Antivirus feature is something that could be improved. We don't get much from the Antivirus update in comparison to their competitor's firewalls. It needs to be more advanced because Check Point is nowadays sent all over the world. Therefore, the Antivirus feature should be of very good quality and cover all virus checks. I would also like the Antivirus updates to be more frequent.

I have been working with it for the last seven years.

It is a very stable firewall. The updates that we get from this Check Point Firewall are also very stable. 

The scalability is good.

There are more than 10,000 users. The Check Point Firewall is deployed through the company.

All their technical people are very solid in their knowledge.

I have used Cisco ASA and FTD. We switched from Cisco ASA to Check Point because there were no antivirus, vulnerabilities, or security prevention features. Check Point has more advance features, which are easier to use, than Cisco.

We also had to install IPS devices with Cisco.

The initial setup was straightforward. It was not too difficult to deploy the Check Point firewall. Deployment takes between 12 to 15 months.

We have done a cloud-based deployment throughout our network.

We did the deployment ourselves. We have onsite specialists who have done many deployments.

20 people take care of the deployment and troubleshooting of this firewall.

There is a money saving because we no longer require other devices, like an IPS, a separate antivirus, or vulnerability tests. We get all the devices within a single tool. Before, we would have different teams taking care of different devices. Now, we take care of only one device, which is another source of savings. We have saved a lot of money with this solution.

The prices are good for its features. The benefit of its license is we get timely security prevention updates. The price is good for the technology that we get.

This is a good solution. I would recommend to take advantage of as many features as you can. It has many features, and to protect security, you should use all the best features that you can.

As soon as the company will grow, we will definitely increase our usage of the firewall. We have already increased our usage due to employees working from home.

The biggest lesson that I learned is we can use the features of a firewall security to protect our environment. Also, rather than deploying multiple firewalls, we can configure a centralized management system, and this saves time.

I would rate this solution an eight out of 10.

My role is to do implementation and troubleshooting on the Check Point Firewall. We use this firewall for our organization's security by adding restrictions and security from viruses and other tech from the external Internet.

It is used in our internal company-wide network. It protects our company throughout the LAN network.

We have needed to install many third-party devices to provide major security to our organization. Because of Check Point and its many features, we do not require other third-party devices. We only require Check Point to provide the security.

It gives us centralized management for multiple firewalls. For example, if I want to push the same configuration to 10 firewalls, I can push it all at once with the help of the centralized management system.

It is easy to use because it supports Linux language in the CLI. This is a good for someone who already knows Linux language.

The company should increase the learning platform free of charge. For example, Palo Alto and Cisco ASA have very good platforms that are completely free. Almost everyone in this field has good product knowledge. Therefore, I would like more training and expertise to be available for Check Point NGFWs.

I would like the graphic user interface to be easier to use. For example, the NAT policy should be easier to use. Check Point's NAT policy is somewhat confused compared to other competitors.

I have been using it four years and four months.

It is a stable firewall that has new updates. The new updates are very impressive. There is also a good antivirus update which comes out very frequently and is completely stable.

The solution's scalability is good.

With our increasing business, we have given a proposal to increase the number of firewalls.

In my organization, there were five associate consultants included in the deployment process, including me.

The solution has very good, timely support. Most of the time, when we opened a case with their tech support, we have been in a panic situation because of the case's priority. However, the solution that we get is very straightforward and in very short amount of time.

My issues were resolved by the Check Point team or available on the Internet. So, all my problems were resolved.

I have used Palo Alto and Cisco ASA. When I used Check Point, I got to know that the CLI is based on Linux. I already know Linux, so it was very comfortable for me. Apart from that, it was the company's decision. They wanted to use this firewall.

The initial setup was straightforward because I have done training on Check Point. I didn't face any issue while implementing or while configuring it. I only faced a few issues, and they were resolved by the Check Point team.

It takes around nine to 12 months for the complete deployment of this solution. My deployment plan was a three-tier architecture, which is one of Check Point's features.

I deployed it myself with the help of one or two of my colleagues.

I am happy with the investment that we made on Check Point. The reason behind this: It has advanced features for protecting the environment.

I also evaluated Palo Alto and Cisco ASA.

Check Point pros:

• The CLI is very ease to use.
• It provides advanced security threat prevention.

Check Point cons:

• The graphical user interface should be easier to use.
• More training should be provided by Check Point. 

I would recommend this solution because it is a firewall that replaces many other devices. Money-wise, it is good. It also has many features. These can be utilized to protect your environment from outside threats.

You should have a couple of training and hands-on experiences before deploying the changes by yourself on the firewall. It has many features of which people are not knowledgeable so they usually utilize them.

With time, technology is getting better. Check Point is one of these examples. They have changed their products completely from the old R80 version, where their UI and CLI were much different. 

I would rate this solution as a nine out of 10.