Check Point Quantum Force (NGFW) Reviews

We are resellers, and our customers need a robust and well-performing NGFW. The Check Point NGFW tool was acquired since they needed collaborators to have secure access to the company's resources and applications. This tool provides us with the alerts and corrections that must be made when finding a security breach in their environment. 

Check Point NGFW also provides a great capacity of features and helps us apply them to the organization. It has web filtering limited to third parties and SSL encryption. The application's administration is very simple and centralized since it helps them a lot in reporting and generating alerts.

The organization needed a tool that would provide various security functionalities in the organization, and so far, Check Point NGFW has helped them a lot. 

It has helped the company by applying access control policies and limiting access to third parties and only those who must enter the organization to use resources and applications. 

The application behaved very well with the current resources in the company network; it helped us to prevent several security holes found with web filtering and internal DDoS attacks. 

Check Point NGFW can quickly identify where the attacks are coming from, provide detailed and complete information on the attacks, and provide zero-day attacks in real-time.

One of the valuable characteristics of Check Point NGFW is that it presents very centralized management. Due to this, their security throughout and outside of the organization has improved. 

Many collaborators work from their homes or different places and help them filter and limit access to packet inspection with flexibility and speed that was not previously possible. 

The records that it shows and generates (depending on its configuration) make everything very visible to be able to adjust and correct in time. When superiors ask for administrative information, it provides great value. 

Its management web interface is very easy and user-friendly.

The tool provides what is expected in its security functionality. However, some points must be improved, such as the latency in the GUI entry. It takes a while to register and allow access to the administrative panel.

Customer service should be improved, both in the administrative and technical fields. Support cases have been generated several times, and it takes time to resolve the case. Finding support is a little bit hard. This needs to be improved.

I've used the solution for one and a half years.

We are using Check Point Next-Generation Firewalls to protect and prevent our corporate network and infrastructure from attackers.  We are using NGFWs to filter unwanted and malicious traffic from the internet. Check Point NGFWs provide Layer 7 or application layer monitoring and detection. 

It is a stateless firewall which examines packets deeply and detects any malware or malicious URLs. It greatly protects our infrastructure by acting as a perimeter for our organization. 

Moreover, it has log ingestion and deep packet analysis capabilities. 

Check Point Next-Generation Firewalls improved the security posture of our organization by detecting, analyzing, and blocking unwanted traffic. It blocks any malicious files, processes and URLs due to having deep packet inspection and monitoring. 

Check Point firewalls not only detects anything malicious against it's signatures rather it analyses and monitors all processes running on different machines to detect anything wrong and then block those processes or URLs. 

Log storage gives us insights when required. 

Deep packet inspection, Layer 7, and application layer monitoring and detection are the great features of Check Point Next-Generation Firewalls. They greatly improve and protect an organization, its staff, and its resources. 

Check Point's SmartConsole is a great tool for admins as all firewalls can be centrally managed and all policies can be pushed as and when required by using SmartConsole. Log ingestion and threat hunting are also great functions in Check Point firewalls that enhances and improves a security posture. 

The SmartConsole to manage Checkpoint Next Generation Firewalls takes a long time to load and gets stuck sometimes. It could be due to a lot of rules and policies defined on the firewalls. However, SmartConsole software needs to be improved by having some more functions to make an admin's life easier. 

Log queries are slow and take time to load. 

Query functions need to be improved and should be quick to give the required information. 

There should be filters having drop-down options to use and select during log analysis. 

I have been using Check Point firewalls for more than two years. 

We use Check Point as well as Cisco. The firewall is used in order to continue filtering with VMware VMotion on different data centers. 

We have several data centers that are stretched. Our Check Point firewalls are used to filter north/south traffic.

With BGP on Gaia, when one of the clusters is unreacheable, the traffic is rerouted to another cluster. 

We also use VSX which is really a very good product for macrosegmentation.

The management of the firewall and advanced routing is great. It's easy to use and troubleshoot.

We need east/west Check Point firewalls in order to do micro-segmentation. A good solution for us is a solution that can be installed on différent systems (Linux, Windows K8S, bare metal, etc.) and can have centralized management.

Troubleshooting is also a big feature that will be necessary in this use case. 

I've used the solution for many years.

We also looked at Ciscos ASA and Fortigate.

We have proposed and deployed Check Point in a university environment that has multi-layer firewall protection for different zones, including DMZ, a server zone, Wi-Fi, a staff zone, a student hostel zone, guests, etc. Each zone is guarded by a firewall.

We need the NGFW to protect and secure the campus networks for more than 50,000 users. One of the key points is it is cost-effective and scalable to expand the throughput capacity. We expect the solution is possible to protect the networks for at least five to eight years without replacing the hardware investment. 

The solution provides better stability and some interesting features such as the ease of throughput expansion (or we can say the load sharing).

The scalability helps to offload the high traffic volume during school time. It also enhances redundancy. 

The load sharing capabilities using ClusterXL is possible to switch over the cluster mode to load sharing or Maestro. I also appreciate how easy it is to scale this product.

It is also great that the Check Point community (CheckMates portal) has a lot of helpful guidance. It helps us to work better and ease to find unfamiliar configurations on the new features, it is great for larger organizations as well as very small ones.

They offer very scalable solutions to extend computing resources if needed. We can expand the capacity in a very short time. 

The threat analysis reporting from their management console is very comprehensive and easy to use. 

Their web-based dashboard is well designed and offers much out-of-the-box reporting, and provides admins extensive customizations. 

In the operational GUI, Check Point provides rich customization methods to allow us to easily visualize/categorize objects in different colors. It makes operating the firewall much easier.

Under the same capacity requirements, Cheak Point is a bit higher than Fortinet yet much cheaper than Palo Alto. Although using Quantum Maestro to enhance scalability expansion is very helpful to cut down the total cost, it is still an issue for most of the company. Check Point is not a cheap solution and it's always painful to see exactly how much we need to spend on this. 

The upgrade process is not as easy as may be expected. If there is something that goes wrong, it causes the internet service to go down for the whole campus network. I am not happy with that situation since the upgrade process is a very common process. The outcome is not acceptable.

It is scalable and very easy to expand the throughput and resources.

Check Point firewall provide a very cool feature using Quantum Maestro Hyperscale Orchestrator, it provides on-demand cloud-like scaling of our on-premises security gateways. By using Maestro, we can aggregate multiple mid-level Check Point appliances to provide a high throughput volume. It is very useful to scale up to 52 appliances. If we use other firewall solutions, they can only aggregate up to TWO firewalls with same model in clustering or purchase a more high end model firewall. 

For a long term planning, we can expand the throughput by reusing the existing Check Point hardware investment and adding new appliances to.

The deployment is straightforward, however, the ongoing upgrades are not satisfactory.

We use the solution for network security, perimeter security, DMZ, antibot, antivirus, endpoint protection, email security, sandblast, and DLP. The environment is a multi-environment and consists of multiple networks, segmented and managed by a management server. These firewalls protect the network, external and internal. 

We are also protecting several customers and it allows remote access connection from anywhere in a secure way.

There are also site-to-site VPNs with different customers, vendors, and cloud providers, using the highest security encryption algorithms.

The organization is more secure. These firewalls work as expected. We have a perimeter and network segmentation well defined and firewall features and blades like IPS, Identity awareness, antibot, antivirus, threat prevention, endpoint security, and DLP, all allow the organization to have most of the security components centralized which allows for easier maintenance and monitoring. 

In relation to the monitoring, Check Point has tools that allow the administrator to track the traffic, and identify threats, attacks, and also check the forensics to understand what happened in case of a breach and ensure it won't happen again.

The most valuable elements include:

Smart View Tracker: To check the traffic logs easily. This is the best logging tool for me so far. You can identify almost everything from the logs, using a smart view tracker.

Smart Dashboard: allows for rule creation and administration and management and is user-friendly. The administration allows you to copy and paste rules, move the order, and create objects, pretty easily. It is very handy.

CPUSE: A Smart way to upgrade firewall software versions. You can easily verify if you can upgrade to the desired version, download the right package and upgrade, and also check the status of the upgrade. It's a great tool.

Error logs can be more specific. Sometimes the error shows only a general error and the solution could be hard to find or difficult to apply. 

Documentation can be improved. It has been improved, however, when you search for errors, in relation to documentation and how to solve it, sometimes it is not that simple to find the right solution. Troubleshooting errors could be sometimes difficult and some tools are only available for the Check Point support team. 

The price is also a factor to take into account. Other competitors offer low prices in relation to Check Point and the executive team may opt for the cheapest vendor (if you have to compare to another good one yet note a cheaper price).

I've used the solution for ten years.

The solution offers good scalability.

The solution offers good customer service and good support.

Positive

I have been using Check Point since the beginning.

The initial setup is straightforward.

We handled the setup in-house.

The solution is super stable.

The pricing could be better, however, the vendor is excellent and I strongly recommend it.

I did not evaluate other options.

I'm a consultant and Check Point partner. I have deployed a lot of Check Point firewalls and support Check Point firewalls for our customers. Our customer environments are different. I deployed standalone, cluster, and two-layer firewalls. 

One of our customers has over 200 branch offices which were protected by Check Point SMB appliances. All these appliances are managed by CheckPoint SmartProvisioning. 

This customer has one cluster Check Point which secures server segments and one cluster Check Point which secures client segments.

Check Point firewall products include a lot of modules. Application Control, IPS, email security, mobile access, content awareness, URL filtering, antivirus, antibot, and DLP. Check Point meets our customer requirements at the perimeter with an all-in-one solution. 

For example, the IPS blade prevents attacks with updated signatures. URL filtering policy control customers users' internet activity. Antivirus and antibot blade controls malicious activity and files. Mobile access blades give customers to access their sites from anywhere securely.

There are a lot of features that I found valuable for our customers. 

For example, active-active and active-standby high availability features are very useful. 

If you want to share traffic loads to both cluster members you can use the active-active feature, if you don't want to share traffic loads you can prefer active standby. Your connections sync on both cluster members at both high availability choices. That way, your connections are never lost. 

Another valuable feature is performance improvement ability. With ClusterXL and CoreXL you can improve performance.

Check Point should add additional management choices. For example, Check Point doesn't fully have management support via browser. You need to use Check Point's SmartConsole for management. SmartConsole is .exe and it is supported only on the MS Windows platform. If you are using Linux or a Mac you can not manage Check Point. You should be able to use a virtual PC whose OS is Windows inside the Linux or MAC. Check Point states that this is a decision made for security reasons, however, certain management features can be done through the browser, yet not fully.

I have been using the Check Point firewall for about 20 years.

Check Point support center is very professional.

Positive

We did not use a different solution previously.

After buying the firewall, you can use Check Point for a lifetime, however, it is a subscription base for content security features.

We also evaluated Fortinet and Cisco.

If you are looking for a firewall appliance that has a lot of security features, easy installation, and configuration, Check Point firewall products are the best for you.

We are using the new version of Check Point NGFW. 

We use the solution for web page protection to provide the security service which is lacking in Bolivia, a poverty ridden country. 

I like the facility of the product configuration. The ease with which the solution can be put into production makes it easy for my employers and for me to provide client support. 

The interface could be better. There is much equipment that is involved in the monitoring of many clients in a single interface. 

With other platforms, such as WatchGuard, it is very simple to manage four, five or six of these. We are talking about a lot of clients. The platforms for doing monitoring should be addressed. 

The solution boasts good stability. 

The solution boasts good scalability. 

I have not had need to make use of technical support. 

The initial setup is easy. 

When it comes to the deployment and maintenance, there are two people involved, one for the deployment and the other for monitoring, consisting of an engineer and a technician. 

I feel that the clients are very satisfied with the product.

I don't have any particular advice when it comes to the deployment process. This will depend on the client's needs. 

I rate Check Point NGFW as an eight out of ten. 

We are using Check Point NGFW as a firewall for our organization. All the internet traffic goes through it.

The separate management feature of Check Point NGFW is very convenient.

I have been Check Point NGFW for approximately five years.

The solution is stable when it is running incapacity, if it goes beyond it can be not stable. There could be more stability by having more ports or CPU power.

The solution is scalable.

The technical support is really poor. We have to wait for approximately 48 hours sometimes for a simple solution.

The installation is not straightforward.

We needed help from the Check Point expert experts because we deployed it in the HA. It's a bit different from the other firewall vendors. You need a Check Point expert to deploy it initially.

We have a five-person technical team for the maintenance of the solution. We use managers, admins, engineers, and developers.

I rate Check Point NGFW an eight out of ten.