Check Point Quantum Force (NGFW) Reviews

We use Check Point NGFW to provide more protection for our network from internal and external sources. I also work on creating checks, rules, troubleshooting, and generating daily reports.

Check Point NGFW makes it easier to handle and use the firewall efficiently. It helps protect our network from internal and external threats.

The firewall's default behavior of blocking all traffic, including a cleanup rule that blocks everything from external to internal sources, is highly valuable for protecting our network.

In the rule creation process, we need to decide on the source address, destination address, and services. There are improvements needed in this area.

I have used Check Point NGFW for one and a half years.

To maintain stability, I monitor high utilization and CPU usage, enabling and disabling connections as necessary.

Check Point NGFW is not scalable enough. However, it enhances performance with high availability, shifting to a secondary firewall if one fails.

When I can't resolve an issue technically, I consult with a senior engineer. I rate the technical support seven out of ten.

I did not work with any other firewalls before Check Point. I am familiar with CCNA routing and switching.

The initial setup involves connecting cables, opening the IP address using a browser, and configuring the firewall. It takes about one hour.

Only one person is required for the deployment.

Check Point NGFW is very important because it is easier to handle and use.

I don't have information regarding the pricing, as it is considered an internal matter of the organization.

I did not evaluate any other options. I chose Check Point firewall based on my knowledge of CCNA routing and switching.

Check Point NGFW is easy to use, create rules, and take backups. It simplifies backing up and managing processes with click-and-go options.

I'd rate the solution seven out of ten.

On-premises

My main use case for Check Point NGFW is perimeter security, and we use it on-prem.

I use Check Point NGFW for perimeter security specifically in our data centers.

The best features Check Point NGFW offers are centralized manage control and centralized load manage control.

The AI power enhances the features of Check Point NGFW.

The AI powered features provide real time threat detection.

Check Point NGFW has positively impacted my organization by improving security and reducing incidents.

We have seen a 2% reduction in incidents.

Check Point NGFW could be improved if support was better.

My experience with support has shown that there are delays.

I have been using Check Point NGFW for three years.

In my experience, Check Point NGFW is not stable.

The scalability of Check Point NGFW is satisfactory.

I find the customer support to be very challenging.

I would rate the customer support a seven on a scale of one to ten.

Neutral

Before using Check Point NGFW, I was using Dell SonicWALL, and we switched to Check Point NGFW because it is a better solution than Dell SonicWALL.

The initial setup with Check Point NGFW has been straightforward.

I have seen a return on investment with Check Point NGFW in terms of time saved and fewer people needed for operations.

My experience with pricing, setup costs, and licensing has been straightforward.

Before choosing Check Point NGFW, I also evaluated options such as Palo Alto.

I don't have anything else to add about my use case.

I don't have anything else to add about the needed improvements, as of now.

My advice to others looking into using Check Point NGFW is to go for it.

I think Check Point NGFW is a great product, and other customers should experience it.

On a scale of one to ten, I would rate Check Point NGFW an eight.

On-premises

The tool helps with VPN and connecting mobile devices. We also use it for identity security. It filters internet access and controls applications. The firewall has an intrusion prevention system and stops data loss. 

Internet access and filtering are important, and data loss prevention is definitely key. The threat access builder is useful. Application control is also big for us. We use it to check and block application downloads, looking for malicious or rogue software. This feature is very helpful.

Sometimes, the firewall doesn't pick up on certain things. If an attacker is clever and uses a low-profile indicator, the firewall might flag an anomaly but not give enough information to decide if it's worth investigating. The threat intelligence component also has challenges. It doesn't always tie alerts to active campaigns or threat actor groups. We often have to do extra work and use other products to figure these out.

I rate the solution's stability a seven out of ten. 

I rate the tool's scalability an eight out of ten. My company has 2500 users. 

The tool's support was responsive in critical situations, but for non-critical issues, they sometimes dropped the ball or didn't get back quickly enough. We had to do a lot of follow-ups and escalations to our technical account manager.

Neutral

Before choosing Check Point NGFW, we used Palo Alto Networks. We switched because of issues with Palo Alto. Their customer support wasn't very responsive. Some policies weren't working right, letting things through that should've been blocked. We compared different pricing options and features before deciding on Check Point NGFW. The main differences between Palo Alto and Check Point NGFW were mostly in how they worked for us. They both offer good next-gen firewalls, but we had some problems with Palo Alto. Sometimes it wouldn't notify us quickly when something got through. Its prevention wasn't always as strong as we wanted.

We felt Palo Alto's traffic inspection was only partial, not checking everything thoroughly. Check Point NGFW seemed to offer better inspection. Check Point NGFW also had better threat intel and application control. With Palo Alto, we couldn't see all our applications, only some of them. This caused shadow IT problems. Cost was also a factor in our decision.

The initial setup of Check Point NGFW is relatively straightforward. It's similar to other firewalls I've used and not too complex. If you have all the prerequisites in place, it's fairly easy to set up. On a scale of one to ten, with ten being the easiest, I'd rate the setup process around seven or eight.

The deployment takes about a week. We had a deployment process that involved going through change management, getting approvals, notifying stakeholders like the infrastructure team, and deploying the solution.

We used a consultant for the deployment because we were dealing with other initiatives and it was a tight situation timing-wise, even though we could have done it in-house.

Aside from the consultant, we had two or three staff members involved in the deployment. Their job roles were mainly on the security side - security architects, engineers, and analysts. Their roles were fluid, so they could take on various tasks if they had the knowledge or interest. For maintaining the solution, the number of staff required depends on the scale of the deployment. In our setup, about two people were in charge as the main points of contact.

I saw definite operational impacts from using Check Point NGFW. It helped prevent breaches, data security issues, and security incidents. We constantly saw attempts being blocked and picked up by the firewall. This was an improvement over Palo Alto, where some things got through without being detected. With Check Point NGFW, we got a significant return on investment because it prevented a major incident from happening and escalating.

I rate the solution's pricing an eight out of ten. It costs around 100,000-200,000 dollars per month. Besides standard licensing fees, we paid extra for enterprise-level premium support. There were also onboarding costs factored in. These additional costs made it more expensive overall. The total cost was around 100,000 dollars, which was challenging for our budget. Check Point was also pricey, not much different from Palo Alto Networks. However, we decided switching to Check Point was better because it offered more capabilities for a similar price.

I rate the overall solution a seven out of ten. 

Hybrid Cloud

Amazon Web Services (AWS)

We were looking for a solution to simplify our hybrid cloud infrastructure. We wanted something that could manage both our on-premises and cloud environments seamlessly. Nutanix offered that unified management plane. We also needed to improve our disaster recovery capabilities.

It's been really good. It simplified our operations significantly. We're able to manage everything from a single pane of glass, which has been a huge time saver.

The Prism Central management console is excellent. It gives us a centralized view of our entire infrastructure. Also, the built-in disaster recovery capabilities have been essential. We've tested failover scenarios, and they worked flawlessly. It simplified our operations significantly. We're able to manage everything from a single pane of glass, which has been a huge time saver.

The initial setup was a little complex, but Nutanix support helped us through the process. Also, licensing can be a bit complicated.

We've been using it for about two and a half years now.

Nutanix support helped us through the process when the initial setup was complex.

Positive

The initial setup was a little complex, but Nutanix support helped us through the process.

Licensing can be a bit complicated.

Absolutely. Especially for companies looking to simplify hybrid cloud management and improve disaster recovery.

Hybrid Cloud

Other

We use Check Point NGFW for edge firewalls as well as internal segregation firewalls. It easily allows us to separate critical traffic from non-critical office traffic.

We use Check Point NGFW for edge firewalls as well as internal segregation firewalls. It easily allows us to separate critical traffic from non-critical office traffic. Check Point ThreatCloud is excellent. Their central management console makes managing hundreds of firewalls very easy, and their antivirus that's part of the ThreatCloud is very good. Since implementing it, we have noticed a lot less getting through that maybe other antivirus within firewalls had failed to catch.

Pricing is high, but it's worth it. That's the main one.

I have been using Check Point NGFW for over ten years.

Check Point NGFW is stable.

Check Point NGFW has excellent scalability.

Customer support is excellent.

Positive

We did previously use several solutions from SonicWall and other vendors, and Check Point was just a better overall solution for our environment.

Make sure to get a good third-party consultant or something to assist you, as the learning curve is steep at first.

We have seen a good return on investment. However, I do not have any metrics I can easily share.

All good. No issues.

We evaluated a few other companies. The main one, or the biggest competitor, was Palo Alto.

Make sure, if you do not have any experience with Check Point, to get a good third-party consultant or something to assist, as the learning curve is steep at first, but well worth the end benefit. Reliability, customer support, and just overall excellence. I would rate the overall solution ten out of ten.

On-premises

My main use case for Check Point Quantum Force (NGFW) is that we use it for a perimeter firewall and separation firewall.

The best features Check Point Quantum Force (NGFW) offers are that it's a good product with a lot of features and a great GUI interface to manage it.

The interface of Check Point Quantum Force (NGFW) stands out because in a single point, I can read all the logs of my device.

Check Point Quantum Force (NGFW) has positively impacted my organization because it is our core security system, and it performs effectively.

At the moment, I haven't any ideas on how Check Point Quantum Force (NGFW) can be improved.

I have been using Check Point Quantum Force (NGFW) for about ten years.

Check Point Quantum Force (NGFW) is very stable.

For our company, Check Point Quantum Force (NGFW) is scalable enough.

We reached out for customer support and received the correct support, the support that we needed.

Positive

Before Check Point Quantum Force (NGFW), we used an old Check Point firewall.

I don't have information on whether we have seen a return on investment with Check Point Quantum Force (NGFW).

I don't know the price because I only made the technical decision, but I spoke about the price with my manager.

We stayed with Check Point and did not evaluate other options before choosing Check Point Quantum Force (NGFW).

I would rate Check Point Quantum Force (NGFW) a nine out of ten because I think we can improve the product a little bit.

My advice to others looking into using Check Point Quantum Force (NGFW) is that it is a good product and can solve a lot of security problems in your company.

My company does not have a business relationship with the vendor other than being a customer, as we are an end user.

I was offered a gift card or incentive for this review.

I prefer not to use my real name or company name when publishing my review.

On-premises

We use the Check Point Next Generation Firewall for whitelisting and blacklisting of addresses. It's part of our identity management solution and is utilized for inbound and outbound traffic services. 

Additionally, it is integrated with our DMZ, managing traffic from an IP addressing scheme. We also use it for monitoring different types of classified and nonclassified applications.

Check Point has improved our organization's ability to manage both classified and nonclassified applications securely, ensuring they pass through multiple layers of security within our firewall infrastructure.

One of the most valuable features is the ability to whitelist and blacklist sources to control access to our ecosystem, ensuring secured SaaS application access. It provides robust security across classified and nonclassified applications and integrates well with our existing infrastructure.

The graphical user interface (GUI) could benefit from some updates, although it is generally satisfactory in its current form.

The solution is stable, and I have the utmost confidence in its software stability.

The application is very scalable, allowing us to manage security across different network layers and support various applications and activities.

Customer support quality depends on the person you interact with. However, the support team we engaged was knowledgeable and well-versed with the application, allowing us to resolve any potential issues effectively.

Positive

We switched to Check Point due to cost and maintenance benefits. The previous solutions required significant resources to handle network and communication alignment during upgrades.

The initial setup is straightforward, with no significant issues arising from the box configuration.

Our implementation team comprised about thirty individuals, including supervisors for each stage, to manage testing, validation, staging, and production.

We conducted a detailed analysis and determined a high return on investment. Maintenance and stability were key factors contributing to a favorable ROI.

We found the pricing reasonable, ensuring the product was not overpriced. However, I am not familiar with the exact cost details.

I would absolutely recommend this solution to others for its robust security and scalability.

I'd rate the solution ten out of ten.

On-premises

We needed stateful inspection, logging, integration with Active Directory, and the ability to monitor devices using standard SNMP for use cases. Now, with the tool's Skyline product and OpenTelemetry, we can monitor it through Prometheus and Grafana. It has all the features we needed when we certified the solution.

Integration with Active Directory, IPS, standard VPN, and the firewall itself are the most valuable features for us. We haven't yet certified or aren't using Application Control, anti-bot, or anti-virus features.

Significant improvements have been made in the product. I started working with the R65 code and then upgraded to R74.40. When they transitioned from R77.30 to R80.x, they made major back-end modifications, switching from a flat file system to Solaris and Postgres. This was a big step that neither customers nor their support staff were fully prepared for.

Now, they're adding more features due to the increased flexibility of the new back-end. The main improvement I'd suggest is better preparation when introducing new features. Before releasing, they must train their support staff to troubleshoot these new features. The transition from R77.30 to R80.x was problematic due to a lack of preparation by Check Point, customers, and support.

Sizing is crucial, but we've never had issues with the products we've sized for each environment. The Maestro solution provides a lot of flexibility. On a scale of one to ten, with ten being the highest scalability, I'd rate it a ten.

I use Palo Alto firewalls. Check Point NGFW was the first to invent the stateful inspection firewall. They focus more on security and try to keep their motto of "keep security simple". They don't get bogged down in marketing or complicated terminology when using their products.

Even enabling a firewall blade on Palo Alto requires learning about different sync ports, how sync ports differ between chassis, and navigating through multiple GUI tabs for configuration. It's not as straightforward.

On the other hand, Check Point NGFW has kept things very simple for deployment. You set it up once, and then you can repeat the same process repeatedly.

On a scale of one to ten, with ten being the easiest, I'd rate the initial setup as ten. The process is straightforward: you rack and stack, configure the management code, create a standard policy, establish SIC, and push the policy. This process has remained consistent over the years.

For deployment, it took us longer than the typical two weeks because we had to design solutions for different scenarios. Check Point offers various options, such as clustering solutions, Maestro solutions, and standalone solutions. We had different use cases—some required standard clusters with ClusterXL, while others needed scalability solutions like Maestro. We also had to factor in sizing considerations.

The certification process took about the same amount of time as other products. We've been using the Maestro solution for a while now, so when new platforms are released, there isn't much change required beyond certifying the new hardware and ensuring backward compatibility with our certified solution.

Initially, it took a little more than two weeks to certify. However, the actual deployment still follows the same standard process and is actually easier now than it was in the past.

We call the team responsible for deploying certified solutions to the service delivery team. It's made up of two groups: build services and service delivery. The build services team works with our networking team to ensure our network and peering devices are set up right to host the firewall.

The service delivery team focuses more on the firewall itself. We need about three or four extra people from build services for firewall deployment. They act as go-betweens with the network team, ensuring our firewall solution works well with the peering devices when we put it in place. The build services team is important because they ensure everything fits together properly when we set up our firewall.

For maintenance, the solution is pretty stable. We have a global team, but a separate team handles regular firewall changes and daily operations. For support, we have about ten people total - three groups of three people each. This team manages around 1200 firewalls, including Check Point and Palo Alto devices.

Check Point NGFW is much cheaper than other platforms, including Palo Alto. Its scalability, especially with the Maestro solution, is a big advantage. If you're looking for good security at a reasonable price with a good return on investment, I believe Check Point NGFW is the way to go.

I've been dealing with Check Point NGFW for my entire career. I started with their Stateful Inspection feature. The term "Next Generation Firewall" is just marketing. Check Point's UTM product was designed from the ground up with next-generation features. They have a feature called Blaze. Besides stateful inspection firewalls and VPNs, they offer IPS, application control, URL filtering, antivirus, and antibot. You can also integrate it with third-party tools like Active Directory for authentication. This combination of features is what's called a next-generation firewall.

Other vendors use terms like app ID or user ID. They focus less on ports and more on ensuring services match their intended use. For example, if port 22 is enabled, it should be for SSH service, not something else. We use both Check Point NGFW and other products. I think if you commit to one vendor's approach, it can be hard to switch late.

My customer is one of the big banks in Bangladesh, and they use the solution to protect themselves from malware.

The solution's most valuable feature is CDR (content disarm and reconstruction). The Infiniti Portal feature helps manage the firewall and get a proper report, which is required for management. Capacity and Maestro are good features that can produce better firewall speed.

I want better (DPI) Deep Packet Inspection in Check Point NGFW. The solution should include some behavioral features to detect the malware smartly.

Check Point NGFW is a very stable solution.

I rate the solution’s stability nine and a half out of ten.

Around 20 small and medium businesses are using the solution. The solution's scalability is really good. It has a feature called Maestro, which can increase bandwidth by three terabytes.

I rate the solution's scalability an eight out of ten.

The solution provides good technical support.

Positive

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup an eight out of ten.

Check Point NGFW is not a cheap solution. Customers often need to pay a premium for its services.

On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven out of ten.

Check Point NGFW is a good firewall. You can mount it into your firewall in every country and have the report. You can find out how good it is. Customers can change this firewall or determine the efficiency of other firewalls, including Check Point. After 15 days, they can see the report, which is a good feature.

Overall, I rate the solution an eight out of ten.

On-premises

It's just enterprise firewalls, firewall clusters for redundancy to secure the company network from the internet, and as well as a data center firewall, for example, if you want to split up subnets to control traffic between them.

The management is very handy and intuitive, and it has a lot of features. I think it's one of the products in this market which has the most possibilities.

I saw some other firewall vendors or firewall solutions from other vendors. And maybe I like it because I'm very familiar with Check Point and the management of the Check Point gateways. So, probably, I'm just not aware of how other solutions work and how to use them. 

We also see or have a lot of customers with Palo Alto. That's also a solution we see a lot, but we have been a Check Point partner for more than seven or eight years since the beginning of our company. We have done a lot of research on firewall solutions. 

In our opinion, it's one of the best because the management is very handy. So it's easy to implement every possible configuration, and you have a good oversight of your rule set. 

If I compare it with Cisco Meraki, for example, if the rules grow, then it's very hard to get oversight or to have oversight over the whole rule set. So then it becomes hard to manage.

With Check Point, it's easy because even when you have 200 or more rules, it's still very user-friendly, and you can still quickly manage your whole rule set.

What I like about Meraki is the whole cloud-managed feature, where it can configure gateways in the cloud and preconfigure it as well. So I don't need to have access to the device or create a configuration in the cloud. 

And as soon as the firewall comes online connected to the internet, then it downloads its configuration from the cloud. I think Check Point does also have such a solution, but I'm not aware that it's as easy as Cisco Meraki. Sometimes it would be nice if they would have the same possibilities.

I have been using it for about five years now. 

I have not yet faced any challenges with performance or stability. Sometimes when we implement core firewalls, there are applications that have longer session timeouts than the Check Point firewalls in the default settings. 

Windows has a default session timeout for about two hours, I think, and Check Point's is one hour. So, it's not a performance issue, but the application will not run as well as before the security gateway analyzes and blocks traffic. So, it depends.

Scalability  is a very good point of Check Point's solution. They can scale very well and very large.

The technical support is also very well and specific. It's very useful to have technical support from Check Point.

Positive

I have experience with Nutanix Flow. It's also possible to enable training in Nutanix Flow where you can redirect the traffic to Check Point gateways. I think that's a very useful feature if you need layer seven traffic analysis and blocks. But I don't have any customers, or we don't have any customers, who use chaining. We also don't have any customers who use a micro-segmentation solution from Check Point. So, I'm not aware if they have a comparable solution like Flow.

For the initial setup, you need a good knowledge of the operating system, Gaia OS. It needs some knowledge to get started, but if you've done it once, then it's easygoing.

Normally, we check the customer's requirements. Then we start to deploy the gateway and start with a basic rule set so the customer is able to refine it for their needs. If we are in charge of creating a complete rule set, we will bring all the requirements into a concept and then create a rule set in a more suitable way.

Some customers have very basic requirements. If it's just to deploy the gateways, then it's very easy and quick. You just need maybe a few days and a maintenance window outside of business hours. But there are also customers who have a lot more requirements, like scanning or analyzing the traffic for subnets inside of the network. 

For example, a core firewall can be very time-consuming. You need to do a lot more research and concepts or write concepts on how to achieve that. That can take a few months.

For maintenance, you need to know what you do. It can be difficult if you don't know what you want to achieve. If you are not aware of network security, then probably it's not that easy, and you may run into configuration errors or mistakes. It's easy to manage, but you have to know what you do.

Check Point is not the cheapest vendor in the market, but it has everything you need compared to other solutions. So that's probably the main reason for the cost or the prices. I think it's probably on the same level as Palo Alto.

I would recommend Check Point to other users who are looking into implementing it.

I would advise others to compare or write down their requirements and have a look to see if Check Point is able to fulfill all the requirements.

Overall, I would rate it a nine out of ten.