Check Point Quantum Force (NGFW) Reviews

We use the solution for network security, perimeter security, DMZ, antibot, antivirus, endpoint protection, email security, sandblast, and DLP. The environment is a multi-environment and consists of multiple networks, segmented and managed by a management server. These firewalls protect the network, external and internal. 

We are also protecting several customers and it allows remote access connection from anywhere in a secure way.

There are also site-to-site VPNs with different customers, vendors, and cloud providers, using the highest security encryption algorithms.

The organization is more secure. These firewalls work as expected. We have a perimeter and network segmentation well defined and firewall features and blades like IPS, Identity awareness, antibot, antivirus, threat prevention, endpoint security, and DLP, all allow the organization to have most of the security components centralized which allows for easier maintenance and monitoring. 

In relation to the monitoring, Check Point has tools that allow the administrator to track the traffic, and identify threats, attacks, and also check the forensics to understand what happened in case of a breach and ensure it won't happen again.

The most valuable elements include:

Smart View Tracker: To check the traffic logs easily. This is the best logging tool for me so far. You can identify almost everything from the logs, using a smart view tracker.

Smart Dashboard: allows for rule creation and administration and management and is user-friendly. The administration allows you to copy and paste rules, move the order, and create objects, pretty easily. It is very handy.

CPUSE: A Smart way to upgrade firewall software versions. You can easily verify if you can upgrade to the desired version, download the right package and upgrade, and also check the status of the upgrade. It's a great tool.

Error logs can be more specific. Sometimes the error shows only a general error and the solution could be hard to find or difficult to apply. 

Documentation can be improved. It has been improved, however, when you search for errors, in relation to documentation and how to solve it, sometimes it is not that simple to find the right solution. Troubleshooting errors could be sometimes difficult and some tools are only available for the Check Point support team. 

The price is also a factor to take into account. Other competitors offer low prices in relation to Check Point and the executive team may opt for the cheapest vendor (if you have to compare to another good one yet note a cheaper price).

I've used the solution for ten years.

The solution offers good scalability.

The solution offers good customer service and good support.

Positive

I have been using Check Point since the beginning.

The initial setup is straightforward.

We handled the setup in-house.

The solution is super stable.

The pricing could be better, however, the vendor is excellent and I strongly recommend it.

I did not evaluate other options.

I'm a consultant and Check Point partner. I have deployed a lot of Check Point firewalls and support Check Point firewalls for our customers. Our customer environments are different. I deployed standalone, cluster, and two-layer firewalls. 

One of our customers has over 200 branch offices which were protected by Check Point SMB appliances. All these appliances are managed by CheckPoint SmartProvisioning. 

This customer has one cluster Check Point which secures server segments and one cluster Check Point which secures client segments.

Check Point firewall products include a lot of modules. Application Control, IPS, email security, mobile access, content awareness, URL filtering, antivirus, antibot, and DLP. Check Point meets our customer requirements at the perimeter with an all-in-one solution. 

For example, the IPS blade prevents attacks with updated signatures. URL filtering policy control customers users' internet activity. Antivirus and antibot blade controls malicious activity and files. Mobile access blades give customers to access their sites from anywhere securely.

There are a lot of features that I found valuable for our customers. 

For example, active-active and active-standby high availability features are very useful. 

If you want to share traffic loads to both cluster members you can use the active-active feature, if you don't want to share traffic loads you can prefer active standby. Your connections sync on both cluster members at both high availability choices. That way, your connections are never lost. 

Another valuable feature is performance improvement ability. With ClusterXL and CoreXL you can improve performance.

Check Point should add additional management choices. For example, Check Point doesn't fully have management support via browser. You need to use Check Point's SmartConsole for management. SmartConsole is .exe and it is supported only on the MS Windows platform. If you are using Linux or a Mac you can not manage Check Point. You should be able to use a virtual PC whose OS is Windows inside the Linux or MAC. Check Point states that this is a decision made for security reasons, however, certain management features can be done through the browser, yet not fully.

I have been using the Check Point firewall for about 20 years.

Check Point support center is very professional.

Positive

We did not use a different solution previously.

After buying the firewall, you can use Check Point for a lifetime, however, it is a subscription base for content security features.

We also evaluated Fortinet and Cisco.

If you are looking for a firewall appliance that has a lot of security features, easy installation, and configuration, Check Point firewall products are the best for you.

We are using the new version of Check Point NGFW. 

We use the solution for web page protection to provide the security service which is lacking in Bolivia, a poverty ridden country. 

I like the facility of the product configuration. The ease with which the solution can be put into production makes it easy for my employers and for me to provide client support. 

The interface could be better. There is much equipment that is involved in the monitoring of many clients in a single interface. 

With other platforms, such as WatchGuard, it is very simple to manage four, five or six of these. We are talking about a lot of clients. The platforms for doing monitoring should be addressed. 

The solution boasts good stability. 

The solution boasts good scalability. 

I have not had need to make use of technical support. 

The initial setup is easy. 

When it comes to the deployment and maintenance, there are two people involved, one for the deployment and the other for monitoring, consisting of an engineer and a technician. 

I feel that the clients are very satisfied with the product.

I don't have any particular advice when it comes to the deployment process. This will depend on the client's needs. 

I rate Check Point NGFW as an eight out of ten. 

We are using Check Point NGFW as a firewall for our organization. All the internet traffic goes through it.

The separate management feature of Check Point NGFW is very convenient.

I have been Check Point NGFW for approximately five years.

The solution is stable when it is running incapacity, if it goes beyond it can be not stable. There could be more stability by having more ports or CPU power.

The solution is scalable.

The technical support is really poor. We have to wait for approximately 48 hours sometimes for a simple solution.

The installation is not straightforward.

We needed help from the Check Point expert experts because we deployed it in the HA. It's a bit different from the other firewall vendors. You need a Check Point expert to deploy it initially.

We have a five-person technical team for the maintenance of the solution. We use managers, admins, engineers, and developers.

I rate Check Point NGFW an eight out of ten.

My primary use case of this solution is for the data center in the perimeter security. We configure all of our security features like anti-boot, antivirus, and filtering.

I think the most valuable feature is that the application and configuration were easy for us. When we need to do some work with the networks, configuration and deploying are easy - if I want to search for information, it is easy in the Check Point platform.

I think the price of this product could be improved - other solutions are cheaper in comparison. In the next release, I would like to be able to perform sandboxing to check email attachments and information sent through the cloud for viruses.

I think this solution is stable.

My impression is that the solution is scalable.

I implemented using a vendor team, whose performance was good.

I considered using Cisco before deciding on Check Point.

Check Point is easy for the configuration user. I would rate this solution as eight out of ten.

I work for a systems integrator and have designed and deployed solutions over many years with Check Point components. Problems solved with Check Point NGFWs have included securing the edge, data center segregation, SWG replacement, Remote Access, and many others.

I have designed and installed Check Point deployments from a single SMB appliance to multiple highly available chassis, running numerous virtual systems. Numerous different use cases include appliance form-factors, running modules, and licenses.

I have always found that Check Point's fully integrated management provides significant improvements to organisations where I have deployed them. As management has always been integral in the Check Point deployment, all functionality and visibility is natively baked into the management platform, which provides a single point to configure and monitor every function. Alternative vendors have added centralized management functionality as a secondary feature and therefore have never been able to compete on this front.

Management integration is holistic as centralized management has been core to the solution for decades. Where other vendors have bolted management on over time, Check Point has always made it central to everything that they do.  

I find that this is one of the most significant and valuable features of Check Point. In addition to that, many new features that eventually become the standard across the industry end up being first introduced by Check Point - sometimes years ahead (such as Threat Extraction which allows active content to be stripped from files being downloaded and a "clean" copy to be provided in near real-time, while sandbox inspection is being performed).

Product-wise, I have no real complaints. 

Potential improvements could be made around simplifying VPN functionality and configuration.  

The main area that the organization can improve is around the lack of local, in-state technical support. Competitor vendors have a strong presence in the Adelaide Market, however, Check Point has always been limited with its commitment to staffing local technical resources. If this focus is made, I could see Check Point returning to the strength that it once had in the Adelaide market.

I've used the solution for 17 years.

I do like that this solution is a very robust firewall.

It's very stable. 

The product is well supported. The solution is very scalable. 

Technical support has been quite good. 

The only thing I would like to improve is the updates. Sometimes when they bring on new upgrades, they affect something else. That happens sometimes. For example, something that was working well might have a new issue after an update. It's understandable as they do have like to add innovations. When you are innovative, you face some risks. 

They have already announced that they will be adding SD-WAN as a new feature.

I've been using the solution for 18 years.

The solution is very stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. That said, I would like the latest version to be more stable.

The product is very scalable. You have very good options. For example, if you start with a smaller firewall and you want to upgrade to have newer hardware, they have different options. For example, you can run a script that is going to tell you the new appliances that you need, according to your new requirements according to your network consumption. 

It did launch Maestro about two years ago. Maestro is something that allows you to stack firewalls. If your current firewalls handle the traffic anymore, you can add new firewalls to it. 

If you want to change the firewall you can do these trade-ins. You can return the old firewall and they will give you a special discount. 

Technical support has been very helpful and responsive. We've been happy with the level of support they offer. 

The product is easy to set up. I am seasoned on Check Point. For me, it's very easy. I wouldn't say it's hard. 

I'd rate the solution at a ten out of ten.

Check Point has strong security features as well as some decent monitoring and management capabilities.

My customers complain that the interface isn't user-friendly.

I have been using Check Point for eight years.

Check Point stable. I've had no problems.

Check Point is scalable.

Check Point support is good.

Check Point's setup process isn't very user-friendly.

Check Point is a little more expensive than FortiGate.

I rate Check Point nine out of 10. I work with both Check Point and FortiGate. Each has its advantages and disadvantages. Check Point is more secure than FortiGate. However, Fortigate is more affordable and user-friendly. FortiGate offers seamless solutions to customers, so If they want a solution that's easy to use, they go with FortiGate.