Check Point Quantum Force (NGFW) Reviews

Our primary uses for the Check Point NGFW are network segmentation, identity awareness, and application control.

The most valuable features for us are identity awareness, IDS and IPS, and application control.

The speed of technical support is very slow and is something that should be improved.

We have been using Check Point firewalls for about 20 years.

There were times in the past when it wasn't as stable as it is now. However, with the current version, we have been running for the past year without any issues.

Our company has about 1,000 users that generate traffic that passes through the firewall. Beyond that, we haven't had much need to scale.

The technical support is very slow.

The two firewalls that we having implemented are Check Point and Fortinet.

I have also worked with Juniper but it does not have all of the advanced features that Check Point has, such as application control and identity awareness.

The initial setup is pretty simple. The amount of time required for deployment depends on the number of rules that need to be configured. The initial setup can be done in one day, and the post-setup configuration depends on the rules to be applied.

The initial setup was completed by a partner, who was a certified system integrator.

Our in-house team handles maintenance.

This product is not cheap and there are additional costs that depend on what model or package that you buy. If you need more features then you may have to buy additional modules. In our case, we knew what we wanted in advance so there were no additional costs.

Overall, I am pretty happy with Check Point firewalls. My advice for anybody who is implementing this product is to get somebody with experience to help choose the correct, stable version, and assist with the configuration. All of the new features take time to implement properly, but if the correct steps are followed then they won't run into problems when the system goes into production. 

I would rate this solution a nine out of ten.

We primarily use the product to block traffic at the application layer, limiting access to YouTube and social media during busy periods while allowing it during lunchtime or office hours.

The product's primary benefits include effective intrusion blocking and improved network management. 

I appreciate the support provided as well. It is highly reliable and has a prompt response time. 

The system's operation could be enhanced. I recommend developing a management console that can more efficiently handle multiple Check Point devices, as we have multiple appliances across different sites. 

We have been using Check Point NGFW since 2016 for approximately eight years.

There are occasional issues, but they are typically resolved with subsequent updates. I rate the stability a six out of ten. 

We have three sites where we use Check Point NGFW. The first site has about 1000 users, the second site has between 800 and 900 users, and the third site has approximately 100 to 200 users.

I rate the product scalability as two out of ten. Improvement is needed as it could be more convergent, particularly for on-premises solutions.

We are currently using Check Point, Palo Alto, and Cisco.

Check Point's advantages include its lower cost than Palo Alto. However, it requires maintenance of many parts, as it is only partially GUI-based. In contrast, Palo Alto is mostly GUI-based, simplifying operations for our IT security team.

The setup process was straightforward. Some aspects in terms of maintenance are easier due to the GUI-based interface.

We took help from a consultant for implementation. 

I recommend Check Point Firewalls. It is a solid product with reliable support and frequent updates.

I rate it an eight.

In our logistics setup, we employ Check Point NGFW across various critical areas. For instance, we use it to secure different database applications within our systems, ensuring robust protection for our operations. Whether it is managing updates, maintaining standby reliability, or enhancing system performance, Check Point NGFW plays a vital role in safeguarding our logistics infrastructure.

Using Check Point in our system has provided several benefits. Firstly, it ensures secure access for authorized users while preventing unauthorized access from public users. Secondly, it enables us to monitor application usage closely, identifying any suspicious activity such as repeated failed login attempts. 

Check Point NGFW provides essential security, featuring no-obligation access for secure connections, strong intrusion prevention, and comprehensive antivirus protection.

One area for improvement in Check Point NGFW is the support process. It can be challenging to open a technical support case through the customer portal, often requiring additional steps to open the case.

I have been working with Check Point NGFW since 2015.

We have not experienced any major stability issues with Check Point NGFW.

Check Point NGFW is fairly scalable.

The technical support is decent. I would rate them as an eight out of ten.

Positive

Setting up a new Check Point NGFW is generally straightforward for us. With our experience and familiarity with the process, we can handle it without encountering any significant issues. We are used to creating simulations and implementing improvements, which facilitates the setup process, even at an intermediary level. We usually require two engineers for the deployment process, along with additional resources like network switches, PCs, and testing equipment.

The pricing for Check Point NGFW tends to be higher compared to other options in the market, especially for high-end models. In comparison with enterprise-grade firewalls like Palo Alto, Check Point is among the more expensive choices.

My recommendation for organizations considering implementing Check Point NGFW is to prioritize selecting high-end models for optimal performance and security. Check Point NGFW offers robust protection for networks and data, allowing businesses to maintain their operations with confidence. Overall, I would rate Check Point NGFW as an eight out of ten.

We are resellers, and our customers need a robust and well-performing NGFW. The Check Point NGFW tool was acquired since they needed collaborators to have secure access to the company's resources and applications. This tool provides us with the alerts and corrections that must be made when finding a security breach in their environment. 

Check Point NGFW also provides a great capacity of features and helps us apply them to the organization. It has web filtering limited to third parties and SSL encryption. The application's administration is very simple and centralized since it helps them a lot in reporting and generating alerts.

The organization needed a tool that would provide various security functionalities in the organization, and so far, Check Point NGFW has helped them a lot. 

It has helped the company by applying access control policies and limiting access to third parties and only those who must enter the organization to use resources and applications. 

The application behaved very well with the current resources in the company network; it helped us to prevent several security holes found with web filtering and internal DDoS attacks. 

Check Point NGFW can quickly identify where the attacks are coming from, provide detailed and complete information on the attacks, and provide zero-day attacks in real-time.

One of the valuable characteristics of Check Point NGFW is that it presents very centralized management. Due to this, their security throughout and outside of the organization has improved. 

Many collaborators work from their homes or different places and help them filter and limit access to packet inspection with flexibility and speed that was not previously possible. 

The records that it shows and generates (depending on its configuration) make everything very visible to be able to adjust and correct in time. When superiors ask for administrative information, it provides great value. 

Its management web interface is very easy and user-friendly.

The tool provides what is expected in its security functionality. However, some points must be improved, such as the latency in the GUI entry. It takes a while to register and allow access to the administrative panel.

Customer service should be improved, both in the administrative and technical fields. Support cases have been generated several times, and it takes time to resolve the case. Finding support is a little bit hard. This needs to be improved.

I've used the solution for one and a half years.

We use the solution for full-scale integration and end-to-end management at the organization in a distributed deployment. The deployment/installation is quite easy.

Check Point NGFW is the best in terms of comprehensive protection against network threats and security against malware and phishing attacks. It smoothly restricts these via anti-phishing algorithms. 

Check Point NGFW source package covers all the bases - application control, NAT, DLP, routing, content awareness, VPN, desktop security, and much more. 

It is scalable, provides end-to-end resolution and customized productive services like providing a complete solution for perimeter protection that blocks the traffic based on an IP address or on applications and content. This makes Check Point NGFW a highly promising and more or less a complete solution.   

Check Point NGFW proved to be highly scalable, secure, and stable, among other alternatives to multiple firewalls present in the market. 

Before we used Check Point, we faced many issues such as latency, business interruptions, etc. In a single bundle we have the all solutions we need - like application/URL filtering, and threat emulation/extraction. In one single platform, we can manage everything with no need for a separate console to check/manage the features and behaviors. It has improved the performance and has minimal latency.

The most valuable aspects include:

Security Management. In a single console, we can manage the policies. It includes all the included bundles, features, and monitoring of logs.

Packet Filtering. This is used to examine every packet of data passing through your network. 

Built-in High Availability. A standard backup feature should be included if you cannot risk losing your firewall. 

Bandwidth control and monitoring. It's important to control the use of the bandwidth you have available.

Policy verification/validation. Check Point provides a convenient abstraction for bundling the validation of data against an expectation suite. 

They could improve by lowering prices. The source package is a bit more expensive than its competitors. We've had some downtime issues

Improvements in the time and attention given to solutions for generated cases.  Licensing that is more comfortable and affordable.

Check Point NGFW Firewall requires frequent updates to build more user-friendly dashboards.

A few services of Check Point NGFW require immediate improvements, like the customer support portal and the ads management on the platform.

Sometimes the KB article does not include all the steps. There is a chance for improvement in the content of global KB articles.

I've used the solution for eight or more years. 

The primary use case for this solution is to protect the devices under the firewall.

There is a customer who has many switches and routers in their network. They are only protected by an old Cisco ASA firewall. So, the customer instead finds a new vendor or service, and thus we install the Check Point Firewall.

Since the customer has many devices, it takes quite some time to move the Cisco ASA firewall rules to the Check Point policies. However, Check Point has a function to import the policies so it takes less time to do so. Still, the rules that were imported are a mess so we still need to check them one by one and fix the errors before installing them in the customer environment.

The Check Point NGFW has improved the organization by helping with multi-tasking.

The Check Point Firewall that we have is better than the previous Cisco ASA as the firewall has IPS, anti-virus, and anti-bot installed into it at the same time. The IPS is frequently updated so the rules are always new and in place. The firewall IPS and anti-virus can also get other threat intelligence from the web so that the firewall will always have good protection that is up to date. 

The anti-bot is good as it can prevent the firewall from being protected from DDoS without creating any rules as it automatically blocks IPs that are sending too much information to the servers.

The features I found most valuable are the import, logging, and IPS.

The import makes it easier for us to copy the rules without starting from scratch, which will take lots of time. The next thing I find most valuable is the logging. The logging which is called Smartview can distill the logs into simple reports which makes it easier to see all the attacks and issues the firewall faces without diving deep into the logs. Lastly, the IPS is always new and up to date so the attacks that happen are always blocked.

The firewall can improved to make it more user-friendly. The firewall is somewhat not user-friendly as it has many sections and makes it complicated for a layman to understand where to put the policies and rules. 

The firewall also doesn't save the policies immediately after you save them, which means you need to do one more extra step in order for the new rules or policies to take effect. During my first time handling it, I did not understand why the rules and policies I put in didn't work until I found out that you need to click the install button until it takes effect.

We are using Check Point Next-Generation Firewalls to protect and prevent our corporate network and infrastructure from attackers.  We are using NGFWs to filter unwanted and malicious traffic from the internet. Check Point NGFWs provide Layer 7 or application layer monitoring and detection. 

It is a stateless firewall which examines packets deeply and detects any malware or malicious URLs. It greatly protects our infrastructure by acting as a perimeter for our organization. 

Moreover, it has log ingestion and deep packet analysis capabilities. 

Check Point Next-Generation Firewalls improved the security posture of our organization by detecting, analyzing, and blocking unwanted traffic. It blocks any malicious files, processes and URLs due to having deep packet inspection and monitoring. 

Check Point firewalls not only detects anything malicious against it's signatures rather it analyses and monitors all processes running on different machines to detect anything wrong and then block those processes or URLs. 

Log storage gives us insights when required. 

Deep packet inspection, Layer 7, and application layer monitoring and detection are the great features of Check Point Next-Generation Firewalls. They greatly improve and protect an organization, its staff, and its resources. 

Check Point's SmartConsole is a great tool for admins as all firewalls can be centrally managed and all policies can be pushed as and when required by using SmartConsole. Log ingestion and threat hunting are also great functions in Check Point firewalls that enhances and improves a security posture. 

The SmartConsole to manage Checkpoint Next Generation Firewalls takes a long time to load and gets stuck sometimes. It could be due to a lot of rules and policies defined on the firewalls. However, SmartConsole software needs to be improved by having some more functions to make an admin's life easier. 

Log queries are slow and take time to load. 

Query functions need to be improved and should be quick to give the required information. 

There should be filters having drop-down options to use and select during log analysis. 

I have been using Check Point firewalls for more than two years. 

We use Check Point as well as Cisco. The firewall is used in order to continue filtering with VMware VMotion on different data centers. 

We have several data centers that are stretched. Our Check Point firewalls are used to filter north/south traffic.

With BGP on Gaia, when one of the clusters is unreacheable, the traffic is rerouted to another cluster. 

We also use VSX which is really a very good product for macrosegmentation.

The management of the firewall and advanced routing is great. It's easy to use and troubleshoot.

We need east/west Check Point firewalls in order to do micro-segmentation. A good solution for us is a solution that can be installed on différent systems (Linux, Windows K8S, bare metal, etc.) and can have centralized management.

Troubleshooting is also a big feature that will be necessary in this use case. 

I've used the solution for many years.

We also looked at Ciscos ASA and Fortigate.