Check Point Quantum Force (NGFW) Reviews

We use Check Point NGFW for separating the IT networks from the OT networks. It provides advanced threat prevention, access control, IP policy, zoning, virtual interfaces, and NAT capabilities. While it also provides VPN, we are currently not using it but are exploring the option.

The best features offered by Check Point NGFW include threat prevention and application and identity awareness. Identity awareness is utilized to enforce policies that help identify systems based on users and groups, which is especially useful in enforcing access control in our OT environments. The ability to add policies for granular network segmentation using virtual interfaces for VLANs is beneficial. Check Point firewall has protocol awareness, aiding in anomaly detection in traffic packets. Centralized management using SmartConsole is valuable as it allows both IT and OT network administrators to manage the same firewall with varied permissions. Compliance and audit support for certain frameworks, along with logging and policy enforcement report generation, are additional strengths. Check Point in the OT DMZ assists with improved OT network visibility and faster incident response with its built-in logging, reducing incident response time.

Check Point NGFW could improve by continuing innovation and enhancing integration with popular SIEMs. More granularity and control for threat prevention, especially on the OT side, would be beneficial.

I have been using Check Point NGFW for over five years now.

The use of Check Point firewalls has helped improve our security posture without any downtime, thanks to the high availability architecture.

The solution is scalable because additional Check Point blades can be added to grow the network. It offers virtual and cloud options, making it suitable for expanding dynamic OT networks that span edge, remote locations, or hybrid clouds.

I rate customer support a nine. While it is exceptional, I believe there is always room for improvement.

The initial setup was complex, particularly with understanding different cloud infrastructures.

Incident response time has reduced significantly, and downtime due to network issues has been minimized, leading to an improved return on investment.

We briefly looked at Fortinet and Cisco options but chose Check Point because we are a Check Point shop.

I advise thoroughly planning ahead, understanding your environment, and ensuring a good network segmentation standard is set up. Pre-plan deployment using automated scripting. Familiarize yourself with SmartConsole and SmartEvent, especially in a multi-site setup. Begin enabling threat prevention gradually and plan for high availability using HA clustering with dual power supplies. On a scale of one to ten, I rate Check Point NGFW as ten.

Hybrid Cloud

I use it for UTM [Unified Threat Management]. I use a gateway firewall at the office.

Next Generation Firewall, along with Threat Emulation and Threat Extraction, is what I use. Real-time prevention is there to protect against zero-day malware and Check Point Sandbox.

And then, the CPU-based emulation is a better feature than any technologies not having that. Check Point has a CPU-based emulation. Normally, Fortinet and others, they do it differently. But these people work on a technology called CPU-based emulation. 

This CPU-based emulation is a unique CPU-level technology that catches malware before it has an opportunity to deploy or evade detection. They call it SandBlast. Check Point SandBlast Threat Emulation. That is a great feature, which they are using. It controls attempts to bypass OS security controls also. And then it avoids deep security.

I use our Check Point firewall for all the NATing of my applications. I use it for external traffic monitoring where my Internet links are connected, and I use it as a gateway.

The drawback is that I want to push the policy from my management console itself instead of on the Check Point device. For example, if I have two different firewalls, I want to push the policy to the gateway, and then it will take 10 to 20 minutes to roll back the policies. It should be applied faster.

I have been using it for more than a year.  

It is a stable product 99.4% of the time. 

Check Point NGFW has a feature where it can top two of the firewalls, and then we can integrate the performance. 

It's a cluster kind of solution where they can integrate.  

For the firewall, the support is good. 

Positive

I also use CloudGuard Security Posture Management. I also used Fortinet.

The major difference, I feel, is the threat emulation. It's zero-day protection. The supply chain attack is very, very low compared to all firewall vendors. 

For example, being parallel to Palo Alto Networks or FortiGate and NFT OS or Check Point, that supply chain attack was very, very low in our Check Point firewall. And then the maintenance was very, very low compared to all.

That is my takeaway. My one of my takeaways before proceeding with my procurement decision was that there are two things: one is the security point. Another one is performance. The last one is very, very important. That is for the supply chain attack because we need to concentrate more on other products also. 

So I don't want to spend too much time on the maintenance part. So this supply chain attack was very, very less compared to other providers since we are using multiple firewalls. This particular firmware was very stable, and there was no need to update until unless it is necessary and shared by Check Point team. So my takeaway is that the supply chain attack was very less compared to all.

If the person knows the technology and the basic functionalities of a firewall, they can integrate it very fast.

We took three days to deploy.

Three people were involved: my IT security manager, myself, and one L3 engineer who deployed the product.

The architecture and functionalities are managed by me, and then the deployment is taken care of by our team members.

Compared to Fortinet and Check Point, both are the same.

Check Point is coming up withsome AI integration and some AI features. They are using threat emulation on the AI front, but they are also discussing the quantum processor, where they have integrated many new features.

Overall, I would rate it a nine out of ten.

My main use case for Check Point Quantum Force (NGFW) is enterprise-grade protection, and its security features, and we centrally manage and report using this tool.

We use Check Point Quantum Force (NGFW) as our IPS and anti-bot software for enterprise-grade protection and centralized management.

Check Point Quantum Force (NGFW) has impacted our organization positively because we're more secure.

I measure that improved security by noting that we've seen fewer security incidents.

The best features Check Point Quantum Force (NGFW) offers are its advanced protection features such as IPS, anti-bot, sandboxing, and it reduces the need for multiple point solutions.

The sandbox and reduction of point solutions in Check Point Quantum Force (NGFW) allow us to isolate an issue and solve it.

Check Point Quantum Force (NGFW) can be improved with better cost and better reporting.

Regarding needed improvements, it's too expensive and specific aspects of the reporting could be better.

I have been using Check Point Quantum Force (NGFW) for four years.

Check Point Quantum Force (NGFW) is stable.

The scalability of Check Point Quantum Force (NGFW) is good and it's easy to scale.

The customer support is okay, not bad.

Neutral

We didn't use any other solution before choosing Check Point Quantum Force (NGFW).

My experience with pricing, setup cost, and licensing was a good experience.

I have seen a return on investment.

My experience with pricing, setup cost, and licensing was a good experience.

We didn't evaluate other options before choosing Check Point Quantum Force (NGFW).

I don't have any advice to give to others looking into using Check Point Quantum Force (NGFW).

My company does not have a business relationship with this vendor other than being a customer.

I was not offered a gift card or incentive for this review and I don't have any additional thoughts about Check Point Quantum Force (NGFW) before we wrap up.

On a scale of one to ten, I rate Check Point Quantum Force (NGFW) an eight.

On-premises

We use Check Point NGFW to secure the perimeter of our customers. It is a great solution that enables us to prevent any type of attack from external threats by securing our infrastructure up to level seven of the ISO OSI stack. We implement blades like IPS, anti-bot, and antivirus. We deploy different solutions such as physical Check Point or VSX, and we have also deployed on VMware and on physical appliances. The deployment is very easy, and after deploying the firewall and enabling all the blades, we just need to manage it.

The best feature of Check Point NGFW is the Threat Prevention blade, specifically EPS. In recent months, Check Point has offered automation to automate threat prevention, making it a very strong blade to secure our perimeter. This blade has blocked many external attacks that could have led to data loss or server compromise for our customers. Additionally, Check Point NGFW can be used in cloud environments like Azure and AWS. It's a great solution, easy to deploy due to templates in cloud environments. Other valuable features include Identity Awareness, which allows us to manage access to resources by user rather than by IP address.

It's not easy to say what needs improvement because it is a very strong solution. I think the VSX technology could be made easier to manage with elastic scalability and evolving technology. However, overall, Check Point is a strong solution that works very well, and I'm satisfied with it as is.

I have been using the solution for about seven years.

Scalability is very good. For example, if you have a VSX cluster, you can add a new member and use the VSX configure feature to push all the configurations to the new gateway. This makes it equal to the other members. Also, the scale set on cloud environments is the best concept of scalability because you can have templates that create new instances in case of high CPU utilization and decrease when it goes down.

The customer support is very, very good. We have premium direct support with all our solutions, and within a few minutes, we can be in contact with the TAC of Check Point. Also, the R&D provides us with custom fixes when needed.

Neutral

We also use a Fortinet solution, which is a competitive vendor. Fortinet offers vDOMs that allow for the creation of logically separate firewalls. However, Check Point is better. In the last three years, Fortinet has had a lot of CVEs that impacted security, whereas Check Point hasn't. Check Point is very secure.

The setup is not complex. We just need to install the operational system Gaia with an ISO file and perform a first-time wizard to set the initial configuration like DNS, NTP, and network interfaces. After that, we connect the firewall to the management server, which can be a Security Management Server or a Multi-Domain Management Server. Then, we can start creating new policy packages, new rules, and install them on the gateway.

In terms of time savings, Check Point NGFW saves time. By using NGFW with VSX, we can deploy many virtual firewalls using the same hardware. This is a time-saving measure because we don't need to deploy a cluster or a firewall each time; we just create a virtual system on the management server using the same appliance.

We evaluated Fortinet and Palo Alto. When we need to do a cost estimation for our customers, we consider these vendors. However, my team's experience is very strong with Check Point, so we try to buy a Check Point solution whenever possible.

I advise others to use Check Point NGFW because it is a great solution. I rate Check Point NGFW a nine. Considering the time of deployment, the quality of support, and the features and blades the vendor offers, it is on top of the world in this field. A nine is the right number.

Hybrid Cloud

Other

We are working with Check Point NGFW as an internet firewall, a data center firewall, and a core firewall. We also deal with customers using the Maestro firewall for data centers.

One of the main advantages I have seen with Check Point NGFW is centralized management. The number of vulnerabilities is very few compared to commodity products, so customers don't have to worry even if it is exposed to the internet. Specific features include threat prevention, threat cloud, Infinity Portal for centralized cloud management, URL filtering, content awareness blade, identity awareness blade, and VPN blades. Customers only need to subscribe to what they require, so resources are free for other uses.

Check Point NGFW should concentrate more on the SMB market, as solutions in this space are not as strong in security. In terms of SD-WAN technology, Check Point's offerings are not as mature as competitors. There are some issues during initial setup, particularly with establishing connectivity with the Infinity Portal.

I have been working with Check Point NGFW for one year.

During initial setup, deployment teams usually face issues establishing the initial connectivity with the Infinity Portal.

As far as I have seen, Check Point NGFW is very stable. I have worked with Check Point products for 15 years and haven't found any stability or performance issues.

Check Point NGFW is very scalable. They offer multiple solutions from SMBs to enterprise data centers, making it an easily scalable solution with no issues in scalability.

We have escalated issues to Check Point technical support multiple times and have received timely and very good responses, especially from the local support team available in our country.

Positive

I have worked with almost all the major products: Fortinet, Palo Alto, Cisco ASA, and FTD.

There can be issues during the initial setup, particularly with establishing connectivity with the Infinity Portal.

I am currently in presales and not directly involved in deployment, but I have been part of a deployment team before.

Compared to other solutions, the pricing of Check Point NGFW is high. However, for customers particularly concerned with security, such as in enterprises, data centers, financial sectors, or government sectors, the pricing is justified. If a customer is not highly focused on security, a less expensive firewall may suffice.

I have experience with major vendors such as Fortinet, Palo Alto, Cisco ASA, and FTD.

I would recommend Check Point NGFW due to their long history of providing secure solutions and their pioneering stateful inspection technology. Their threat cloud is one of the richest AI clouds available. They also offer strong R&D, which results in fewer vulnerabilities in their products. Overall, I rate Check Point NGFW an eight out of ten.

On-premises

We use Check Point NGFW for security purposes. Our clients use it for security reasons, as mentioned during the call.

The most valuable feature is the availability of two consoles. In the normal GA login, I can create interfaces and configure interface IPs, while in the SmartConsole, I manage the NAT quality and firewall access. This allows me to effectively configure the Check Point firewall.

Check Point would benefit from having a single console for both basic and policy configurations. Currently, two different consoles are required, which could be more streamlined.

I have experience working with Check Point NGFW as part of the implementation team, working in both production environments and configuring firewalls.

I rate the stability of the solution as nine out of ten. While the solution is generally stable, there are complications, such as requiring SmartConsole for deployment and upgrades, which can be time-consuming.

Scalability must be carefully planned for, considering future growth and user base increases. The solution is suggested with a five-year plan in mind to accommodate growth. In cloud environments, scalability is adjusted based on customer requirements.

I rate technical support from Check Point at ten out of ten. The support is excellent.

Positive

The initial setup can be complex. Proper planning and scope of work are crucial to ensure a smooth setup.

I work as a network engineer in the implementation team. We handle deployments and configurations of Check Point firewalls.

In comparison to Fortinet and other products, the pricing may be considered high. Customers often look for budget-friendly options and may choose based on cost considerations.

As a technical expert, I would recommend Check Point NGFW. However, from a customer's budgetary perspective, they must evaluate their options.

I'd rate the solution nine out of ten.

My main use case for Check Point NGFW is using it as a next gen firewall for perimeter security, for branch connectivity, VPN access, and deep packet inspection of north south traffic. That is the main use case.

Check Point NGFW has positively impacted my organization, which has around two thousand employees, by keeping us protected from cyber threats. It's challenging nowadays, but with Check Point NGFW deployed for perimeter security, we effectively block unwanted or malicious intrusions, allowing all organizational users to stay safe while performing their tasks without disruption. The positive impact is evident as users remain focused on their work, which contributes to improving our organizational economic growth.

The best features Check Point NGFW offers include application control, which makes it granular control for managing applications. There are thousands of applications in the Check Point repository, making it easy to write a policy according to requirements based on application needs. Another feature such as URL filtering works efficiently, allowing us to categorize websites for user access. We can create allow and deny policies based on organizational needs. Additionally, there is IPS for preventing threats, which can take action against malware or unwanted traffic trying to enter the network. This keeps us safe and protected against cyber threats.

Check Point NGFW also has an antivirus capability and allows identity-based policies with easy integration of LDAP or two-factor authentication methods. HTTPS inspection stands out as Check Point NGFW excels in identifying threats because it inspects all traffic, including encrypted traffic, for malicious activities. Check Point has good hardware capabilities to accelerate and manage overall traffic load, accommodating heavy loads easily. SmartConsole centralizes firewall management for better control over multiple firewalls and policies.

For improvements, I believe integrating AI-driven features for bulk operations or complicated tasks would be beneficial for Check Point NGFW. A feature that allows users to prompt the AI for backend tasks would save operational teams time and streamline processes. Additionally, improving the dashboards for better visibility and metrics regarding attack traffic would also benefit the monitoring team.

I have been using Check Point NGFW for two and a half years.

I rate the overall stability of Check Point NGFW at a ten out of nine because, while it performs exceptionally, SmartConsole needs improvement regarding performance. Sometimes it takes time to install policies, but I believe future enhancements will improve this aspect.

Overall, I would rate Check Point NGFW as a nine for its good performance, leaving one point for future improvements, particularly in SmartConsole performance.

The scalability of Check Point NGFW is good. We can utilize its entire feature set, including URL filtering, application control, IPS, and threat intelligence. Integrations with LDAP and other two-factor authentication solutions are easily accomplished, adding to its good integration perspective.

Check Point NGFW's customer support is very good. Occasionally, responses can be delayed, but I understand there are circumstances on their side, which is acceptable. I hope their support will improve in the future.

Positive

My experience with Check Point NGFW's pricing reveals it is a bit higher than other vendors. However, considering the security and features Check Point NGFW offers, it's justified. Licensing can be complex and requires careful planning due to add-on licenses, so it's essential to plan what licenses our organization needs accordingly. The initial learning curve for new administrators can be challenging since it is not very user-friendly. However, for those who understand the product, handling all tasks becomes easier. For beginners, it can be complicated to grasp the Check Point NGFW architecture, and advanced reporting could be improved with better visuals or dashboards.

I recommend others looking into using Check Point NGFW to utilize all available licensing for application control, URL filtering, and IPS. It's essential to enable HTTPS inspection to understand its impact on firewall performance and plan accordingly. If the hardware is sufficient, higher models should handle heavy loads effortlessly. I suggest exploring SmartConsole features, as there are many available. Although not everything can be utilized, maximizing its capabilities is beneficial. Additionally, the inspection settings for IPS and TCP/UDP protocols should be adjusted according to best practices to ensure smooth operations without blocking legitimate traffic due to strict configurations. Overall, I rate Check Point NGFW a 9 out of 10.

On-premises

In our customer environment, Check Point Quantum Force (NGFW) is used for edge security and internal security, both for data center and edge side.

We don't have Check Point Quantum Force (NGFW) personally. We install it for our customers and then take care of it.

What I found very valuable in Check Point Quantum Force (NGFW) is the possibility to share everything with the ThreatCloud. For example, when a customer encounters a new virus, malware, or signature, it gets uploaded into the ThreatCloud and shared among all other customers.

The issues with Check Point Quantum Force (NGFW) are mainly related to reliability. It depends significantly on the hotfix version of the gateway. You could end up with a version that's stable or unstable, or for example, stable for one scenario, but then in certain specific scenarios, it becomes unstable and creates an issue. This requires contacting support, discussing with R&D, and verifying if there is a new version or custom fix to install.

I have been using Check Point Quantum Force (NGFW) for around two years, slightly more.

Check Point Quantum Force (NGFW) is stable overall and behaves the way it should. There are specific issues that are not just limited to the version, but they include processes and blades. When I mention specific issues, it involves different components that make up the security gateway.

Stability concerns are the main reason I chose a seven rating. It's very important for customers because they rely heavily on the security gateway to operate in order to maintain connections.

Based on the documentation, Check Point Quantum Force (NGFW) should handle scalability effectively, since it's based on AI, making the throughput significantly bigger than its predecessor.

Customer support for Check Point Quantum Force (NGFW) is a bit of a hit and miss. Sometimes they have tunnel vision, so they only see the initial request and don't evaluate the whole scenario.

Neutral

My experience with the pricing, setup cost, and licensing of Check Point Quantum Force (NGFW) is that it is straightforward but still expensive. It's quite pricey.

The return on investment for Check Point Quantum Force (NGFW) depends on the customer. Some customers didn't see the value and changed from Check Point to a different product.

Before choosing Check Point Quantum Force (NGFW), we evaluated Palo Alto Networks.

You can add blades in the gateway of Check Point Quantum Force (NGFW). Blades are modules such as antivirus, anti-bot, or filtering, and they help prevent attacks or improve your security and perimeter.

The performance of Check Point Quantum Force (NGFW) varies based on whether it's a VM or a security appliance. The Quantum version, which is fairly new, focuses on the AI trend. It should have better throughput, better performance, and faster processing overall.

I rate Check Point Quantum Force (NGFW) a seven out of ten because it's stable enough, works very well, and doesn't have many CVE vulnerabilities. However, it's sometimes unreliable in terms of stability, depending on the version. Many customers have a positive impact, while others have a worse experience.

I would recommend evaluating your needs for Check Point Quantum Force (NGFW). If you are a small company, this product might be too extensive for your necessities. It depends on the throughput, gigabyte requirements, and pure performance needs. You can always use a VM or SMB Quantum Spark.

On-premises

My main use case for Check Point NGFW is using it as our data center firewall, which basically keeps the resources behind the data center safe from all the different cybersecurity threats.

Check Point NGFW has made a difference for our data center, especially when some people at some point tried to spoof their IPs within the organization, and upon checking the logs, we found a couple of IPs that had been blocked because they were trying to get in from a different network where we don't expect those IPs, so the traffic was denied because of the IP spoofing setup.

The best features Check Point NGFW offers include unified threat management, web filter engines, and intrusion prevention, which I find valuable because it's important for us to have the security behind the data center down to the dot, and because of the granular policies we set, we can manage every bit of security when it comes to the data center network.

One standout feature relates to a user feature that puts users into sessions every time they are configuring, meaning one person is not going to configure the same thing that another does, and it locks the configuration to avoid confusion where one changes one thing and another person changes something differently on the other side, and when you're done, the session is committed, and you can still roll back in case the commit has an issue, which I find quite beneficial.

Check Point NGFW has positively impacted my organization by providing confidence that it's managing all the threats out there for us, even though at any one point in time, threats are coming in all over the place. The sense of confidence and peace of mind is the biggest positive impact, as cybersecurity is a bit fragile, so a product that gives you peace of mind goes a long way.

I find that the licenses are a bit expensive compared to other vendors, and while the price is justified, at times, renewing them becomes a bit painful, so if it could become a bit more budget-friendly, that would work for me.

That licensing issue would be the main area regarding needed improvements.

I have been working in my current field for three years.

The pricing, setup cost, and licensing process were smooth without any challenges.

Check Point NGFW is reliable, and in terms of scalability, I'd say it's quite okay, considering we're using data center grade, but also there are options for some of the remote branches that we have at a lower cost, so you don't have to buy the bigger devices for the smaller branches, making the scalability suitable, and I rate customer support highly because whenever you log a case with the right level of urgency, they deal with it promptly as required.

I would rate customer support a 10.

Positive

I'm not sure of that information, but I think a different solution was used before I arrived.

Regarding return on investment, it might not really be that kind of metric, but since we've deployed Check Point NGFW, we've not had any incident, which speaks for itself because that is basically what it's about. The fact that we've not had any breach toward the data center side is plenty enough.

My advice to others looking into using Check Point NGFW is that it's quite strong and reliable with cutting-edge threat prevention and unified management, making it a solid foundation for a profitable business. I rate Check Point NGFW a 10 out of 10.

On-premises

We use Check Point NGFW for enterprise firewalling, VPN, data loss prevention (DLP), user authentication, and zero-trust connectivity. All the functions of Check Point NGFW are utilized.

The most valuable features in my experience include perimeter firewalling, cloud and mobile security, application control, URL filtering, DLP, threat prevention, intrusion protection, and safeguarding against malware, botnets, and zero-day attacks. Check Point NGFW's multi-layered security architecture enhances data protection strategies by unifying security management, which is crucial in environments with too many separate products. The application and identity-based inspection are critical for understanding the data packets within the network.

The primary area for improvement would be the configuration process. While Check Point NGFW is not inherently difficult to configure, it might be intimidating for newcomers. Other products, like FortiGate, are perceived as more intuitive because they are easier to configure from the start. This has led to a perception that may affect market share.

I have been working with Check Point NGFW for many years, probably around ten years.

I have encountered stability issues primarily with VPN, which required a code upgrade. However, overall stability is high, and I rate it a nine out of ten.

Check Point NGFW is quite scalable. I have used units that never exceeded their capacity. If specified correctly, even the smaller boxes offer high session and bandwidth rates, making the solution highly scalable, even up to telco-level requirements.

My experience with Check Point's technical support has been positive, especially during setup processes. Even challenging issues like those with VPNs have been resolved efficiently with their help.

Positive

The initial setup of Check Point NGFW can be daunting for new users, but once you understand it, the setup is straightforward. For me, it's an eight out of ten in terms of ease of the initial setup.

The perception is that Check Point NGFW is expensive, especially when all software modules are included. For larger enterprises with comprehensive service requirements, it is reasonably priced. However, in the medium-sized business market, it can be seen as expensive, leading to switches to alternatives like Fortinet.

I rate Check Point NGFW an eight out of ten. It's a solid solution, particularly for large enterprise businesses, especially in banking and government, where there is always a need to diversify between different products. The overall product rating I would give is an eight.

On-premises