Check Point Quantum Force (NGFW) Reviews

We use several of the blades. We use it for regular access control, but we also use the application control. We use HTTPS inspection and threat prevention. We use the Mobile Access blades as well IPS.

We have a Smart-1 205 as our management server and for the gateway we've got 3200s.

Over time, we've enabled different blades on the firewall. We started off with the access control policy, and since then we enabled the HTTPS inspection and the IPS blade. That's helped reduce our risk landscape as a whole.

The simplicity of the access control is the most valuable feature for us. It gives us the ability to easily identify traffic that is either being allowed or denied to our network. The ease of use is important to us. The more difficult something is to use, the more likely it is that you'll experience some type of service failure. When we do have issues, with the Check Point SmartConsole being as simple as it is to navigate, it makes it easy for us to identify problems and fix them, to minimize our downtime.

I would like there to be a way to run packet captures more easily in the GUI environment. Right now, if we want to read packet captures, we have to do so from the command line.

We have been using Check Point's NGFWs for as long as I've been with the Department of Mental Health, so it's three years that I've personally been using them.

Based on other networking hardware that I've used, I would say the Check Point NGFWs are just as stable, if not more so. We rarely have any issues. In the past, I've experienced networking hardware often needing to be rebooted. That's not something that happens with these devices. They're on 24/7 and we have next to no downtime. I can't think of a time in my three years here that one of the devices has gone down and caused us any downtime.

We've already purchased a new management server from Check Point, and it will be replacing our 205 appliance. They make it easy. These devices inter-operate together, so if we need more resources, for example, on the management end, we're able to buy that server and replace our old one and scale up as needed.

As far as users are concerned, we have 70 locations throughout the State of South Carolina with a total of 400 to 500 devices that can be connected at any point in time.

I would think we have plans to increase our usage. We work in tele-psychiatry, for the State of South Carolina, and telemedicine right now is a hot topic. I see it very likely that our usage could double and triple in the coming years.

We've had an issue with licenses not populating to a new device, but that is the only thing we've ever called them for in relation to replacing or adding in a new device.

They're very helpful. They're easy to get in touch with. It's not like you're sitting there on hold for hours at a time, and they're quick to get back to you. It might be that they're taking packet captures and analyzing them and then getting back to you. It's a quick turnaround. I can't think of any time we've ever had to wait more than 24 hours to get an answer on an issue we've had.

I have set up replacements and it's very straightforward. It's very easy. It's much easier than some of the other network equipment that I've had to deal with. Check Point provides a wizard that walks you through the process and that streamlines the entire process. They also provide instructions on how to go about getting to the wizard and the process that we needed to take to complete that configuration. It was relatively painless.

The replacement was configured in one day and deployed the next, with no issues.

There are five of us in our company who have management access. I'm the network administrator, and I've got four IT technicians who work under me and assist in the firewall configuration and deployment.

I don't believe we've ever had to actually call Check Point to assist with anything. It's pretty straightforward. The wizard does most of the work and we have all the instructions we need. It's pretty much all done in-house.

I definitely feel it's been worth our investment. Check Point is there to help when we need them. Our downtime has been very minimal, and when we do have issues, they're there to help us. They're there to get us back up and running as quickly as possible. It's definitely been worth its weight.

One of the main reasons that we went with Check Point is that they provide a good solution for a firewall but at an affordable price. As a state agency, we can't afford Cisco Firepower. It's just out of our budget to be able to pay for something where licensing and hardware are so expensive. Check Point has really met our needs for a budget-friendly solution.

We pay a yearly support fee in addition to the standard licensing fees with Check Point.

I've worked with Cisco routers and firewalls. I've worked with Ruckus switches and routers, and Aruba access points.

A drawback with these products is their stability. Almost all other networking devices I've seen need to be rebooted over time. If they're left unattended for extended periods of time, we experience some sort of downtime. That is not an issue with our Check Point products.

Do your research and look into cloud solutions. Check Point offers many cloud services, and that's where everything's moving, towards the future. Research the different appliances and solutions that Check Point offers and find out what works best for your particular situation.

The biggest lesson I have learned from using Check Point's firewalls is not to be afraid to call for help. There are times where I may be trying to figure something out myself, when in all reality, all I need to do is call Check Point customer support. They'll explain to me why something is configured a certain way, or if there's a better way that I could go about configuring something, and things of that nature. They have been very helpful and have saved me time, anytime I've called.

I can't think of any additional features their NGFW needs that we don't already have access to. I know there are features such as moving the dashboard toward the cloud, and I think that's beneficial, but it's something they already offer. We just don't take advantage of it right now.

We use Check Point's firewall to provide network security to our organization as well as to other, third-party vendors.

The Check Point firewall is providing advanced-level security. Compared to before, our company is more secure now. It is not only securing the users working within the LAN environment, but also to the end-users or remote users in the company.

The most valuable features are its 

• antivirus
• threat detection
• central management system. 

The central management makes it easier, and is a time-saver, when implementing changes. We can do all the changes within Check Point and not use any third-party device.

The antivirus Check Point offers could be better when compared to competitors' firewalls. Updates should be more frequent. With other firewalls, updates are very frequent, but with Check Point updates are not so frequent. That needs to be improved.

Also, the certification as well as learning about this Check Point is much costlier when compared to the other firewalls. I have recently done certifications in various firewalls and Check Point's certification was more costly.

I have been using Check Point's NGFW for the last six years.

The Check Point firewall is very stable. It is one of the oldest firewalls in the market. It has all the advanced features, according to the security features we have. It's quite a stable firewall.

It is very good and scalable. We have recently expanded the usage of Check Point and it was not a very tough process to scale this firewall.

Right now it's protecting around 3,000-plus employees.

It has been a very good experience every time we call Check Point. We usually get them on a phone call and they are very informative people. They always provide us the solution.

We had another solution. We switched because Check Point gave us more advanced features and there was market demand for network security.

The initial setup was a little complex. The training from Check Point should be increased. It was a little complex, but with the help of their TAC and the help of other engineers, we installed it.

The deployment has taken about eight months. We have deployed it in a three-way architecture. We have installed a security gateway, an SMS (security management system) and we have installed the console.

We have a team of four people, all network engineers, for deployment and maintenance of the solution. We take care of all the firewalls for the organization, including Check Point's.

We had help from a Check Point integrator. It was a good experience. They were very helpful.

We are happy with our investment in Check Point's firewall. Per our standards, and for our environment, it is a very good firewall. It is protecting us well.

Pricing is a little high compared to competitive firewalls, but it is easy to go through the licensing steps.

We evaluated other options, including Cisco ASA. The difference was that Check Point provides advanced features, such as threat prevention and antivirus. Apart from those, it also provides us with IPS. Also, for Cisco ASA, we had to take extra services to install it, so we went for Check Point.

Make sure you get good training on Check Point's firewall, and it would be good if you have working experience on the device.

Using Check Point, I have learned that we need to serve our remote users as well, and Check Point is a firewall which is capable of doing that.

We use it to provide security to our environment from the outside world. We are using it to provide security against vulnerabilities using threat prevention, Antivirus, and IPS.

In advance, we get security vulnerabilities. So, we can configure new security policies, update our antivirus, or check the configuration to protect the environment.

We like the centralized management for configuring multiple firewalls. It also gives us the Antivirus, threat prevention, and vulnerability tests. These four features protect the environment with security checks. Vulnerability tests allow us to configure changes that can protect the environment.

The Antivirus feature is something that could be improved. We don't get much from the Antivirus update in comparison to their competitor's firewalls. It needs to be more advanced because Check Point is nowadays sent all over the world. Therefore, the Antivirus feature should be of very good quality and cover all virus checks. I would also like the Antivirus updates to be more frequent.

I have been working with it for the last seven years.

It is a very stable firewall. The updates that we get from this Check Point Firewall are also very stable. 

The scalability is good.

There are more than 10,000 users. The Check Point Firewall is deployed through the company.

All their technical people are very solid in their knowledge.

I have used Cisco ASA and FTD. We switched from Cisco ASA to Check Point because there were no antivirus, vulnerabilities, or security prevention features. Check Point has more advance features, which are easier to use, than Cisco.

We also had to install IPS devices with Cisco.

The initial setup was straightforward. It was not too difficult to deploy the Check Point firewall. Deployment takes between 12 to 15 months.

We have done a cloud-based deployment throughout our network.

We did the deployment ourselves. We have onsite specialists who have done many deployments.

20 people take care of the deployment and troubleshooting of this firewall.

There is a money saving because we no longer require other devices, like an IPS, a separate antivirus, or vulnerability tests. We get all the devices within a single tool. Before, we would have different teams taking care of different devices. Now, we take care of only one device, which is another source of savings. We have saved a lot of money with this solution.

The prices are good for its features. The benefit of its license is we get timely security prevention updates. The price is good for the technology that we get.

This is a good solution. I would recommend to take advantage of as many features as you can. It has many features, and to protect security, you should use all the best features that you can.

As soon as the company will grow, we will definitely increase our usage of the firewall. We have already increased our usage due to employees working from home.

The biggest lesson that I learned is we can use the features of a firewall security to protect our environment. Also, rather than deploying multiple firewalls, we can configure a centralized management system, and this saves time.

I would rate this solution an eight out of 10.

I am using this solution for perimeter security in the company. Our firewall security is centralized under one management. Also, we use this firewall to manage some of the VPN clients and the employees' access across the company. 

Each firewall is capable of using the VPN client, but we only use two. We have five in total, but we only use two for these issues.

I am using the firmware version for the operating system. The blades are firewalled for IPS and mobile access.

Last year, we used the Check Point Identity Awareness Software Blade. Now, we only use a normal firewall with IP address rules, address destination, and services. Then, we can filter by users. So, my boss has access to these things by user. Even if it's connected with the Active Directory, we can filter by user name, or in this case by server name, and it works perfectly. This is very valuable for our company.

The most valuable features about Check Point are the API and automation process.

Using the GUI, you can add comments from your PC or the client server. If I want to check the firewall rules, I can send one line of command to determine if it is configured or not. 

Its implementation and integration with the rest of the network are better than its competitors.

The stability needs improvement for its version releases. They have a feature called Inline Layer as part of the R80.10 release. In the last version, it still had bugs and is not working very well. I would like the developers to release a version that is more stable, because if you start to use the latest release and try to use this newest feature, I'm not 100 percent sure that it will work very well. After six months of development, it might start working better. However, at the beginning, it's not a good choice to implement in your company with your first attempt. But one or two releases later, it might be better. 

If you only have one vendor and they are downgraded or no longer a leader in their industry, then you need to change the entire solution, making it more expensive. For example, Check Point's components are not interchangeable with other vendors.

Around four years.

The stability of the firewall is nice if you use the legacy mode, because the new mode is not good. Things worked in version 77, which is older. It was more stable. When they jumped from version 77 to 88, sometimes things didn't work that used to work in the earlier version.

The scalability of the firewall depends on the model. In terms of the implementation, it's really easy.

We have about 25 users for the entire solution. We have two engineers who work on deployments and implementation. We have another 18 engineers who do support and operations. They have responsibility to monitor the firewall 24/7.

It protects the core network and ISP: the routing, switching, and APM backbone. This is around 8,000 pieces of equipment. 

We don't have plans to increase our usage right now.

I would rate the technical support as a seven out of 10. Sometimes, it's difficult to get them to understand what the issue is. Sometimes, the issue is not resolved, then we solve it by ourselves with Check Point's documentation, which can be useful. When you open a case with Check Point, they can be a little slow. Sometimes, they don't solve things.

In the beginning, we used Fortinet, Juniper, and Cisco. Now, we only use Check Point for firewalls. 

Last year, we changed the Fortinet firewall to the Check Point firewall. The Check Point API let me make 100 net rules in just 10 minutes, which saved us time.

The administration is awful in Fortinet. They have the FortiGate portal on an HTTP portal. Therefore, if you want to make a change, you can make a change. But if you do the change, then it's directly applied on the network, and we don't want to do that. We configure and change the policy and routing. We only apply the changes in the night. However, with Fortinet, you need to configure and apply the changes at the same time. So, it's not useful for our operations.

With Fortinet, you need to duplicate the rules from the DMZ to the Internet and the Internet to the DMZ. In Check Point, you only use one rule, which works on both sites.

The initial setup is really easy. You can do it in 30 minutes. Setting up an environment for a firewall and its management with a licensed demo took me an hour last week, and that includes the time for configuring the rules. The whole installation is 30 minutes and the configuration is another 30 minutes.

If you are implementing from another vendor, Check Point has a program called SmartMove. Then, all you need is the configuration of the previous firewall. Once you do some optimization, then you are ready for the integration. This might take a month overall.

We consulted with one partner of Check Point, who is our provider. If the issue is really big, then we open a case with Check Point directly via the partner. My experience with them was really nice. It was the best experience that I had ever had.

They have amazing engineers. Their expertise is unbelievable. They do integrations really well. They could improve on routing and networking, but the product is what is important for me. 

The firewall is only for protection. It is not used to sell services.

The pricing and licensing are expensive. If you compare it with Fortinet, then it is cheaper on a yearly basis. However, Check Point is the most expensive firewall right now in terms of licenses and its appliance. My recommendation is if you want a long-term investment, then you should use an open server. If you use an open server, then the latency is really low. If you pay for a full appliance, it's more expensive.

Check Point's web administration is not complete. If you compare it to Fortinet's web administration, Check Point's web administration is not nice. However, Check Point's full solution, including SmartConsole, is better than Fortinet's solution.

If you use Apple computers or Linux, the product may not be a good choice for you.

I would rate the solution as a seven point eight out of 10. They can improve some things. They can make it more flexible in terms of its software. It is a good solution, and I like it. For me, it's the best firewall solution.

I have been using this solution since the GAIA OS R77 was there. I am using it for my day to day access such as policy creation, policy modification, and also regularly policy disabling and deletion. I have 17K+ users in my organization, 100 + client to site VPN and I have a number of S2S as well. My daily job is health checkup, security log monitoring and incident management, daily IPS checks, threat presentation reports and to analyze the risk and take necessary action on that as well.

It secures my organization. With the application blade, I can make security as application based and the custom application is also very useful. With identity awareness blades we get insights on our local users who are accessing/passing through the respective rule as users.  We also use the DLP, IPS, and VPN features. We have multiple site to sites with our clients and it is very easy to configure and manage.

IPS helps with security against upcoming and unknown threats and activities. We regularly check the report and as per daily report we will check the risk and prevent each alert that is critical based on our business requirement and make it secure.

IPSec VPN is also our key feature as our organization having widely customer across globe so it is very good feature to us to connect and run our business with them very smoothly and softly. 

The unknown category has been a pain point. We cannot understand this category and the Check Point engineers are also stuck with it. If we enable HTTPS inspection then without this category my URL will stop working. This has a huge impact on my business. We are still running without HTTPS inspection even in a monitoring mode.

Our SAM rule is also not working to block the IP address which we don't allow in our organization so we have to create a traditional rule base block which is a time-consuming job for me and my team.

I am using this solution for four years.

This is widely scalable solution.

I would say not much exp and not lower, average technical support. We are struggling in most of the cases.

Very easy.

In-house team and technical support team.

I would say it's complete ROI for us.

Setup is easy, in my short tenure I have done multiple migrations and have set up our new organization. For cost and pricing, I don't have an idea.

This is a very good and best solution as a perimeter device for NGFW.

It is a typical firewall that has been implemented in most of our regions. We use it for normal firewall policies and VPNs.

We are mainly using Check Point firewalls. We also have a few Check Point cloud security programs.

Everything can be managed from a single dashboard nowadays.

Since we upgraded to R.80 from our previous R.77 version, the activity of my team has improved a lot. We don't have to open multiple consoles or go to multiple nodes. Even though we are managing multiple solutions of Check Point, they feel similar to us now.

The most valuable feature is the Check Point Management Server, especially version R.80 onward. We can manage everything. We have endpoint security, cloud security, and email security. Everything can be managed from a single management server, making this a very unique and easy solution to use in the market now.

From a technical perspective, it is an easy solution to use. Everything seems perfect. We are not using all of its features, like sandboxing. 

The main thing for a normal operations guy who is creating tools and firewalls, it is quite difficult to manage. It requires an expert level of knowledge in Check Point products to manage these scalable platform appliances and the virtual firewall that comes with it. We have to educate our guys and give them training on a regular basis to work on these products. Otherwise, it's fine.

About five years.

It is pretty stable. It hasn't caused many issues over the years, unlike normal network issues. They do release bug fixes at least once a month. We keep very good track of that and update the patches regularly, but we haven't run into bigger issues so far. So, I'd say it is quite stable. 

The firewall is very easy to use and hasn't caused much trouble for us over the years.

From a scalability perspective, they have a solutions like Check Point Maestro. Therefore, it is easy to upscale nowadays.

We have over 200,000 end users.

They should improve the support a bit. Though they have expert engineers in tech, sometimes the amount of time to get back a solution for an issue is more than what is acceptable, even though it is a high priority.

During a scheduled activity or an implementation, they find their highest level of support. During an implementation, I never faced an issue with the support. I would rate them a nine out of ten for this.

The company has been using Check Point firewalls for the past 10 years. Before that, they used Cisco ASA.

Mostly, I have worked on Check Point products. Therefore, the initial setup was straightforward. It was not that complicated. 

I can spin up a firewall and put it in production within an hour. If it's a migration from a different solution or upgrading an existing management solution, it might take some time because of the planning. There are a lot of things that have to be a part of the implementation or migration activities.

We do it ourselves most of the time. We only take help when it comes to scalable platforms, like big chassis firewalls, which are little complicated. Then, we get outside help.

I manage the operations team and have also been involved as a consultant.

We have some best practices in place that we follow.

There are four security engineers who deploy and maintain this solution.

Comparatively, Check Point pricing is a little high. However, if you have that budget, I would recommend anybody to go with Check Point.

For cloud security purposes, we looked at FortiGate. In the end, we decided to go with Check Point. Primarily, we went with Check Point because of the fee. We also already had expertise on Check Point and the team is comfortable around it. We like that Check Point has a single dashboard. Feedback from peers suggests that the support in India for NGFWs is not as good with other vendors as it is at Check Point.

Get a team who has expertise on this product and educate your team. Give them training. If Check Point is using a new version, make sure your team is aware of that. If there are any changes, let them know and make them comfortable working around this product because we have had some issues due to lack of expertise.

If you don't have an expert in-house team for implementation, I would strongly recommend getting help of the Check Point professional services team. There are a few third-party operational services, but I would go with Check Point professional services.

We are planning to increase our usage of the solution. Every project that we take on has Check Point security products as part of the solution.

I would give this solution an eight out of 10 because of the support. They take too much time when they should give you a result.

We have around 500 firewalls all around the world with a global team to manage them. We are using Check Point NGFW for Internet traffic, IPS, and UTM devices.

Atos provides this solution, including network design and advice.

• Antivirus
• IPS
  
• They got the logs into one site, which is wonderful.
• There is a secure action line code that you can announce your products in.
• If you have a number of sites, like a hundred sites around the world, you can deploy multiple VSX testing. 
• All over the world, you can have DMZs in data centers, e.g., in the USA, Dubai, and London. 
• It is easy to deploy and upgrade. 
• Easy to manage, e.g., if there is a new engineer onsite, they can easily manage it.

In a VPN setup, we have Internet connection via Check Point. The connectivity is not turnkey like competing devices. We have not yet terminated our site-to-site VPN because things are fluctuating right now and Check Point needs to be upgraded. Also, their troubleshooting needs to be improved for this. 

I have been using it for five years.

I haven't seen any stability issues, though I have seen some issues with the management of the gateway. Stability-wise, it is good (a nine out of 10).

We have 74 locations. We can have 10,000 users maximum via an Internet gateway. We have four data center across the world: two in USA, one in London, and one in Dubai. Passing through Check Point per location: in the USA - 5000 users, in London - 2000 users, and in Dubai - 10,000 users.

There are 12 network security engineers/consultants managing Check Point and the legacy firewall, SonicWall.

Right now, we cannot go directly to Check Point because of vendor dependency. We have to first initiate with our vendor.

We migrated SonicWall to Check Point about two years back. That took one year to set up in our organization. 

We switched away from SonicWall because it is a legacy firewall at end of life. SonicWall was missing features that Check Point has, like UTM, IDS, IPS, antivirus, etc. Check Point is better for protection and performance-wise.

It is easy to deploy or upgrade. There is no need to do this manually with commands. This solution can be set up online.

We have two devices. Right now, we are deploying and upgrading a new setup, where you can do management, management plus gateway on the device, or virtually you can install your management device on VMware or Hyper-V. With the Hyper-V and the Management Server, you can access all the gateways. For the Management Server and gateways, we have an activation key.

We are an IBM OEM company who received installation support from that vendor. They provided all the network connectivity.

For our implementation, we:

1. Started with an initial diagram of the configurations and what we want to see after the installation.
2. Segregated the SonicWall and Check Point tools for the migration since we used automation.
3. Checked the mode of installation. We went with transparent mode.
4. Collected the IPs for the firewall. It required multiple IPs because with we have cluster nodes.
5. Assessed the feasibility of Check Point in our environment.

For our strategy, we looked at:

• How many users are in all our offices? For example, is it a small office, mid-size office, or data center?
• Using high-end versus lower-end devices, e.g., lower-end devices means a smaller price tag.

A smaller office of less than 500 people would get a 4000 Series. Whereas, a larger office would get a 5600 or 7000 Series. We have to be focused on the natural topology.

We have had some vulnerabilities when we upgraded the R80.30 Management Server. We have some gateways right now in our R77.30 version, and this means if we go without license in R80.30, then it will prompt a bad connection and terminate. We have had some license difficulties with the connection going from R70 to R80. However, these don't largely impact performance.

We looked at Fortinet and Palo Alto. We did not feel FortiGate was capable of what we required. Palo Alto is somehow not as good as Check Point, budget-wise and performance-wise. Palo Alto is more costly than Check Point.

If you need a good support or something that is good budget-wise, then I recommend going with Check Point compared to Cisco or Palo Alto.

It is a good firewall. It has returned good performance. We are happy with the product. I would rate the product as a nine out of 10.

Check Point NGFW is being used as a security product in the environment. It is securing the IT infrastructure and delivering the services as expected. In the current world scenario, IT is becoming the backbone for every organization, and most business is highly dependant on IT so securing the IT infrastructure is becoming challenging. Check Point NGFW meets the expectations of our organization to secure the IT infrastructure as per organizational need. Check Point NGFW also gives many security features in single box which reduce your management complexities.

Our organization's primary need is to make information available and secure from an insider as well as outsider threats. Check Point NGFW can give you lots of security features on a single device that can be used as per the organization's need, you not need to procure separate security devices to strengthen the security. The organization also provides services like service providers so it becomes more critical to secure the IT environment and we believe Check Point NGFW family is meeting the requirement as per the expectation.

Advanced logging capabilities: Check Point generates extensive logs which may be very useful to figure out the issues. Its logs also contain too much information which can be used to modify the policy as per user need and organizational security environment. The same can be used to figure out probable attack surface or necessary steps for mitigation. 

Anti-spoofing security feature: Check Point has inbuilt by default enabled feature of anti-spoofing which reduces the attack surface from the spoofed IP addresses. 

IPS: Check Point IPS is one of the best products in the market.  

Management: Check Point should move away from its current architecture wherein it mandatorily requires a management server to manage the gateways. They should develop A feature in the gateway itself so that no management server is needed for policy and gateway management. They should leave it to the user whether they want to procure a dedicated management server or run the show with the gateway itself. It will also reduce the operation cost.

They should also optimize the packet mode feature like Cisco’s firewall packet tracer wherein it tells administrators which policy or rule is processing the intended traffic.

More than two years.

Check Point maestro is highly scalable, their other chassis base solutions are also scalable 

If you choose Check Point maestro platform they you need not to worry about the scalability.

They are very cooperative and supportive in nature. 

We were using an ACL based firewall which was traditional and not meets the current security expectation. So to meet the advance security requirement product like Check Point is needed.

It was straightforward.

Check Point authorised partner had been involved in the migration to avoid any operation issue 

Hard to calculate.

They should first understand their organization's needs and accordingly choose the product. In case if someone is not sure especially about sizing then they should use the Check Point maestro platform as it gives you the flexibility to augment the capacity on the fly without disrupting the existing running operation.

We have not evaluated any other option before Check Point. 

Check Point gives you flexibility and eases the management with meeting organisation’s security need. But before choosing proper sizing has to be done.