Check Point Quantum Force (NGFW) Reviews

We use Check Point NGFW for security purposes. Our clients use it for security reasons, as mentioned during the call.

The most valuable feature is the availability of two consoles. In the normal GA login, I can create interfaces and configure interface IPs, while in the SmartConsole, I manage the NAT quality and firewall access. This allows me to effectively configure the Check Point firewall.

Check Point would benefit from having a single console for both basic and policy configurations. Currently, two different consoles are required, which could be more streamlined.

I have experience working with Check Point NGFW as part of the implementation team, working in both production environments and configuring firewalls.

I rate the stability of the solution as nine out of ten. While the solution is generally stable, there are complications, such as requiring SmartConsole for deployment and upgrades, which can be time-consuming.

Scalability must be carefully planned for, considering future growth and user base increases. The solution is suggested with a five-year plan in mind to accommodate growth. In cloud environments, scalability is adjusted based on customer requirements.

I rate technical support from Check Point at ten out of ten. The support is excellent.

Positive

The initial setup can be complex. Proper planning and scope of work are crucial to ensure a smooth setup.

I work as a network engineer in the implementation team. We handle deployments and configurations of Check Point firewalls.

In comparison to Fortinet and other products, the pricing may be considered high. Customers often look for budget-friendly options and may choose based on cost considerations.

As a technical expert, I would recommend Check Point NGFW. However, from a customer's budgetary perspective, they must evaluate their options.

I'd rate the solution nine out of ten.

I use it for UTM [Unified Threat Management]. I use a gateway firewall at the office.

Next Generation Firewall, along with Threat Emulation and Threat Extraction, is what I use. Real-time prevention is there to protect against zero-day malware and Check Point Sandbox.

And then, the CPU-based emulation is a better feature than any technologies not having that. Check Point has a CPU-based emulation. Normally, Fortinet and others, they do it differently. But these people work on a technology called CPU-based emulation. 

This CPU-based emulation is a unique CPU-level technology that catches malware before it has an opportunity to deploy or evade detection. They call it SandBlast. Check Point SandBlast Threat Emulation. That is a great feature, which they are using. It controls attempts to bypass OS security controls also. And then it avoids deep security.

I use our Check Point firewall for all the NATing of my applications. I use it for external traffic monitoring where my Internet links are connected, and I use it as a gateway.

The drawback is that I want to push the policy from my management console itself instead of on the Check Point device. For example, if I have two different firewalls, I want to push the policy to the gateway, and then it will take 10 to 20 minutes to roll back the policies. It should be applied faster.

I have been using it for more than a year.  

It is a stable product 99.4% of the time. 

Check Point NGFW has a feature where it can top two of the firewalls, and then we can integrate the performance. 

It's a cluster kind of solution where they can integrate.  

For the firewall, the support is good. 

Positive

I also use CloudGuard Security Posture Management. I also used Fortinet.

The major difference, I feel, is the threat emulation. It's zero-day protection. The supply chain attack is very, very low compared to all firewall vendors. 

For example, being parallel to Palo Alto Networks or FortiGate and NFT OS or Check Point, that supply chain attack was very, very low in our Check Point firewall. And then the maintenance was very, very low compared to all.

That is my takeaway. My one of my takeaways before proceeding with my procurement decision was that there are two things: one is the security point. Another one is performance. The last one is very, very important. That is for the supply chain attack because we need to concentrate more on other products also. 

So I don't want to spend too much time on the maintenance part. So this supply chain attack was very, very less compared to other providers since we are using multiple firewalls. This particular firmware was very stable, and there was no need to update until unless it is necessary and shared by Check Point team. So my takeaway is that the supply chain attack was very less compared to all.

If the person knows the technology and the basic functionalities of a firewall, they can integrate it very fast.

We took three days to deploy.

Three people were involved: my IT security manager, myself, and one L3 engineer who deployed the product.

The architecture and functionalities are managed by me, and then the deployment is taken care of by our team members.

Compared to Fortinet and Check Point, both are the same.

Check Point is coming up withsome AI integration and some AI features. They are using threat emulation on the AI front, but they are also discussing the quantum processor, where they have integrated many new features.

Overall, I would rate it a nine out of ten.

My main use case for Check Point Quantum Force (NGFW) is that we totally rely on this technology to provide our employees internet access and the connectivity between other branches of my organization while also providing SSL VPN to our work-from-home employees.

A specific example of how I use Check Point Quantum Force (NGFW) for connectivity between branches is that we have configured IPSec tunnels between multiple branches, allowing employees from remote branches to directly access the private network devices or remotely access any desktop. For SSL VPN, we have provided remote access VPN for our work-from-home employees.

Previously, before Check Point Quantum Force (NGFW) remote access VPN, our employees had to connect into our network to access some private network resources that were deployed in our local network. After implementing Check Point Quantum Force (NGFW), we enabled these features, allowing connections from remote locations.

Check Point Quantum Force (NGFW) has positively impacted my organization as the user experience of accessing the internet has really improved, and we are enjoying good security as well as seamless connectivity between the branches.

I have noticed specific outcomes, such as it hastening the access to remote branch resources, allowing us to take the remote desktop of any employee residing in the branches, which has significantly improved the experience.

According to my experience, the best features Check Point Quantum Force (NGFW) offers are its ability to provide internet access to all my employees and the security it provides to access the internet in a secure manner, ensuring no security breaches. Additionally, the VPN connectivity between branches and SSL VPN is also a standout feature.

Regarding the security aspect, Check Point Quantum Force (NGFW) includes features such as IPS and IDS and antivirus, which are excellent and provide good security to our private network.

I believe Check Point Quantum Force (NGFW) can be improved by being made more affordable for small organizations.

I have been using Check Point Quantum Force (NGFW) for more than three years.

Check Point Quantum Force (NGFW) is pretty stable, with no issues regarding performance or throughput.

Check Point Quantum Force (NGFW) is currently handling our organization's growth well, with no issues regarding scalability.

The customer support for Check Point Quantum Force (NGFW) is very good in technical matters, and I have had no issues contacting them.

I have been using Check Point Quantum Force (NGFW) only since starting.

I have seen a good return on investment as Check Point Quantum Force (NGFW) is saving my employees' time, securing our infrastructure, and providing seamless connectivity.

My experience with pricing, setup cost, and licensing was straightforward. As a partner of Check Point, there is no issue with the pricing or setup cost.

Before choosing Check Point Quantum Force (NGFW), I evaluated FortiGate Next-Generation Firewall.

My main use case for Check Point NGFW is to filter the whole infrastructure traffic, and we use it as the perimeter firewall for our data center.

Check Point NGFW helps me in my daily operations by managing traffic across almost 30 branches, and we utilize its SD-WAN features to communicate with other third-party companies through a VPN.

For branch communication, we use the SD-WAN feature of Check Point NGFW, and through the VPN, we establish a connection between our company and the third-party companies. Currently, we filter our traffic between the branch sites and third-parties, and access the internet through that exchange firewall.

The best features Check Point NGFW offers in my experience are its application identification and control capabilities, which stand out as we use them beyond Layer 3 communications.

The application identification and control feature of Check Point NGFW helps my organization by allowing quick responses to make decisions and segregate applications that need more attention.

Check Point NGFW positively impacts my organization as it has improved our security posture and made us less vulnerable to attacks compared to our previous status; we can easily filter URLs and enhance web security.

While we don't have specific numbers, we measure increased security through our ability to block malicious attacks, including phishing attacks, easily.

Check Point NGFW has a steep learning curve for starters; it's not easy to learn and is a bit complex to start from scratch.

Check Point NGFW sometimes has limitations on third-party integrations, requiring more specifics rather than being straightforward.

I have been using Check Point NGFW for almost two years.

Check Point NGFW is stable.

We scaled up Check Point NGFW about six months ago, and it handled that scalability fantastically.

Customer support for Check Point NGFW has been stable, even while we faced some issues.

Positive

I did not previously use a different solution; it was similar to Cisco ASA.

The initial setup with Check Point NGFW was a bit complex.

We have seen a return on investment with Check Point NGFW as we have reduced incidents from the previous setup.

My experience with pricing, setup cost, and licensing for Check Point NGFW is that the high subscription fees aren't easy to afford, and it's not recommended for mid-sized companies or businesses. The cost is a little bit high compared to other competitors.

Before choosing Check Point NGFW, I evaluated Cisco, but I didn't look into other options on PeerSpot.

I recommend Check Point NGFW to others looking into it because it's a good protective device.

From the vendor, I was not offered a gift card or incentive for this review.

Check Point NGFW is a fantastic product, and it is also easy to integrate with third-party devices.

On a scale of one to ten, I rate Check Point NGFW a nine.

In our customer environment, Check Point Quantum Force (NGFW) is used for edge security and internal security, both for data center and edge side.

We don't have Check Point Quantum Force (NGFW) personally. We install it for our customers and then take care of it.

What I found very valuable in Check Point Quantum Force (NGFW) is the possibility to share everything with the ThreatCloud. For example, when a customer encounters a new virus, malware, or signature, it gets uploaded into the ThreatCloud and shared among all other customers.

The issues with Check Point Quantum Force (NGFW) are mainly related to reliability. It depends significantly on the hotfix version of the gateway. You could end up with a version that's stable or unstable, or for example, stable for one scenario, but then in certain specific scenarios, it becomes unstable and creates an issue. This requires contacting support, discussing with R&D, and verifying if there is a new version or custom fix to install.

I have been using Check Point Quantum Force (NGFW) for around two years, slightly more.

Check Point Quantum Force (NGFW) is stable overall and behaves the way it should. There are specific issues that are not just limited to the version, but they include processes and blades. When I mention specific issues, it involves different components that make up the security gateway.

Stability concerns are the main reason I chose a seven rating. It's very important for customers because they rely heavily on the security gateway to operate in order to maintain connections.

Based on the documentation, Check Point Quantum Force (NGFW) should handle scalability effectively, since it's based on AI, making the throughput significantly bigger than its predecessor.

Customer support for Check Point Quantum Force (NGFW) is a bit of a hit and miss. Sometimes they have tunnel vision, so they only see the initial request and don't evaluate the whole scenario.

Neutral

My experience with the pricing, setup cost, and licensing of Check Point Quantum Force (NGFW) is that it is straightforward but still expensive. It's quite pricey.

The return on investment for Check Point Quantum Force (NGFW) depends on the customer. Some customers didn't see the value and changed from Check Point to a different product.

Before choosing Check Point Quantum Force (NGFW), we evaluated Palo Alto Networks.

You can add blades in the gateway of Check Point Quantum Force (NGFW). Blades are modules such as antivirus, anti-bot, or filtering, and they help prevent attacks or improve your security and perimeter.

The performance of Check Point Quantum Force (NGFW) varies based on whether it's a VM or a security appliance. The Quantum version, which is fairly new, focuses on the AI trend. It should have better throughput, better performance, and faster processing overall.

I rate Check Point Quantum Force (NGFW) a seven out of ten because it's stable enough, works very well, and doesn't have many CVE vulnerabilities. However, it's sometimes unreliable in terms of stability, depending on the version. Many customers have a positive impact, while others have a worse experience.

I would recommend evaluating your needs for Check Point Quantum Force (NGFW). If you are a small company, this product might be too extensive for your necessities. It depends on the throughput, gigabyte requirements, and pure performance needs. You can always use a VM or SMB Quantum Spark.

My main use case for Check Point NGFW is using it as our data center firewall, which basically keeps the resources behind the data center safe from all the different cybersecurity threats.

Check Point NGFW has made a difference for our data center, especially when some people at some point tried to spoof their IPs within the organization, and upon checking the logs, we found a couple of IPs that had been blocked because they were trying to get in from a different network where we don't expect those IPs, so the traffic was denied because of the IP spoofing setup.

The best features Check Point NGFW offers include unified threat management, web filter engines, and intrusion prevention, which I find valuable because it's important for us to have the security behind the data center down to the dot, and because of the granular policies we set, we can manage every bit of security when it comes to the data center network.

One standout feature relates to a user feature that puts users into sessions every time they are configuring, meaning one person is not going to configure the same thing that another does, and it locks the configuration to avoid confusion where one changes one thing and another person changes something differently on the other side, and when you're done, the session is committed, and you can still roll back in case the commit has an issue, which I find quite beneficial.

Check Point NGFW has positively impacted my organization by providing confidence that it's managing all the threats out there for us, even though at any one point in time, threats are coming in all over the place. The sense of confidence and peace of mind is the biggest positive impact, as cybersecurity is a bit fragile, so a product that gives you peace of mind goes a long way.

I find that the licenses are a bit expensive compared to other vendors, and while the price is justified, at times, renewing them becomes a bit painful, so if it could become a bit more budget-friendly, that would work for me.

That licensing issue would be the main area regarding needed improvements.

I have been working in my current field for three years.

The pricing, setup cost, and licensing process were smooth without any challenges.

Check Point NGFW is reliable, and in terms of scalability, I'd say it's quite okay, considering we're using data center grade, but also there are options for some of the remote branches that we have at a lower cost, so you don't have to buy the bigger devices for the smaller branches, making the scalability suitable, and I rate customer support highly because whenever you log a case with the right level of urgency, they deal with it promptly as required.

I would rate customer support a 10.

Positive

I'm not sure of that information, but I think a different solution was used before I arrived.

Regarding return on investment, it might not really be that kind of metric, but since we've deployed Check Point NGFW, we've not had any incident, which speaks for itself because that is basically what it's about. The fact that we've not had any breach toward the data center side is plenty enough.

My advice to others looking into using Check Point NGFW is that it's quite strong and reliable with cutting-edge threat prevention and unified management, making it a solid foundation for a profitable business. I rate Check Point NGFW a 10 out of 10.

The tool helps with VPN and connecting mobile devices. We also use it for identity security. It filters internet access and controls applications. The firewall has an intrusion prevention system and stops data loss. 

Internet access and filtering are important, and data loss prevention is definitely key. The threat access builder is useful. Application control is also big for us. We use it to check and block application downloads, looking for malicious or rogue software. This feature is very helpful.

Sometimes, the firewall doesn't pick up on certain things. If an attacker is clever and uses a low-profile indicator, the firewall might flag an anomaly but not give enough information to decide if it's worth investigating. The threat intelligence component also has challenges. It doesn't always tie alerts to active campaigns or threat actor groups. We often have to do extra work and use other products to figure these out.

I rate the solution's stability a seven out of ten. 

I rate the tool's scalability an eight out of ten. My company has 2500 users. 

The tool's support was responsive in critical situations, but for non-critical issues, they sometimes dropped the ball or didn't get back quickly enough. We had to do a lot of follow-ups and escalations to our technical account manager.

Neutral

Before choosing Check Point NGFW, we used Palo Alto Networks. We switched because of issues with Palo Alto. Their customer support wasn't very responsive. Some policies weren't working right, letting things through that should've been blocked. We compared different pricing options and features before deciding on Check Point NGFW. The main differences between Palo Alto and Check Point NGFW were mostly in how they worked for us. They both offer good next-gen firewalls, but we had some problems with Palo Alto. Sometimes it wouldn't notify us quickly when something got through. Its prevention wasn't always as strong as we wanted.

We felt Palo Alto's traffic inspection was only partial, not checking everything thoroughly. Check Point NGFW seemed to offer better inspection. Check Point NGFW also had better threat intel and application control. With Palo Alto, we couldn't see all our applications, only some of them. This caused shadow IT problems. Cost was also a factor in our decision.

The initial setup of Check Point NGFW is relatively straightforward. It's similar to other firewalls I've used and not too complex. If you have all the prerequisites in place, it's fairly easy to set up. On a scale of one to ten, with ten being the easiest, I'd rate the setup process around seven or eight.

The deployment takes about a week. We had a deployment process that involved going through change management, getting approvals, notifying stakeholders like the infrastructure team, and deploying the solution.

We used a consultant for the deployment because we were dealing with other initiatives and it was a tight situation timing-wise, even though we could have done it in-house.

Aside from the consultant, we had two or three staff members involved in the deployment. Their job roles were mainly on the security side - security architects, engineers, and analysts. Their roles were fluid, so they could take on various tasks if they had the knowledge or interest. For maintaining the solution, the number of staff required depends on the scale of the deployment. In our setup, about two people were in charge as the main points of contact.

I saw definite operational impacts from using Check Point NGFW. It helped prevent breaches, data security issues, and security incidents. We constantly saw attempts being blocked and picked up by the firewall. This was an improvement over Palo Alto, where some things got through without being detected. With Check Point NGFW, we got a significant return on investment because it prevented a major incident from happening and escalating.

I rate the solution's pricing an eight out of ten. It costs around 100,000-200,000 dollars per month. Besides standard licensing fees, we paid extra for enterprise-level premium support. There were also onboarding costs factored in. These additional costs made it more expensive overall. The total cost was around 100,000 dollars, which was challenging for our budget. Check Point was also pricey, not much different from Palo Alto Networks. However, we decided switching to Check Point was better because it offered more capabilities for a similar price.

I rate the overall solution a seven out of ten. 

Our customers find that the Check Point NGFW highly effective for data center deployments. Additionally, smaller models are well-suited for branch locations where local internet breakout is necessary. These smaller models streamline internet access at remote sites, eliminating the need for third-party service providers and reducing costs. The 26000 and 28000 series excel in securing DMZs, while the lower-end versions are ideal for branch-level internet breakout, allowing direct cloud connectivity without intermediary networks. It offers cost savings and efficient security solutions tailored to various deployment scenarios.

Some of the most valuable features are URL filtering, web filtering, and content filtering. Typically, customers would need to invest in cloud web security solutions for local internet breakout. However, by deploying Check Point firewalls, which include these functionalities built-in at each site, the need for separate cloud-based solutions is eliminated. This consolidation reduces costs significantly, as one product serves multiple purposes: routing, switching, and next-generation security features such as timeboxing and malware filtering.

Check Point could enhance its capabilities further by focusing on global threat intelligence, particularly in addressing zero-day attacks and other unknown threats. If I were to suggest improvements for this firewall, it would involve enhancing its core features. Currently, there are many additional licenses available for purchase, such as DDoS protection, URL filtering, and global threat intelligence. These additional licenses increase the overall cost significantly, as they are add-ons to the base model. It would be beneficial if Check Point included more licenses bundled with the base model, reducing the need for additional subscription charges for essential functionalities.

I have been working with it for one year.

I would rate its stability capabilities eight out of ten. I'm uncertain about its performance in large enterprises, where stability is paramount. It's crucial that the firewall can handle high throughput, accommodating multiple gigabytes of bandwidth, alongside additional firewall features like web filtering, content filtering, and sandboxing. In my experience with capacities ranging from one hundred to two hundred megabytes, focusing solely on web and content filtering, the product has proven to be stable.

There is room for improvement in scalability. Adding more firewall features can impact the performance of the device, particularly in terms of processor capacity. I would rate it six out of ten. Our customers typically fall within the medium-sized business category.

All manuals are accessible on the website, ensuring comprehensive documentation is readily available. The publicly available documentation is satisfactory, covering a wide range of information. However, certain documents not accessible to the public are provided to partners through a partner sign-in portal. This access ensures that all necessary documentation is available within our organization.

The initial setup was quite straightforward. It involved basic configuration, which I would rate as an eight out of ten in terms of simplicity.

The deployment took approximately five hours. The process can be executed in various methods. I typically perform a remote login from the console. The deployment involves three main steps: IP configuration, security configuration, and DNS setup, including any necessary DNS protection configurations.

It falls in a moderate price range, not as inexpensive as some alternatives but not as costly as Palo Alto. I would rate it seven out of ten. There are numerous additional licenses required for advanced security features, leading to additional costs.

Check Point has introduced several SD-WAN and IoT features, among others. I would suggest exploring the zero-trust features offered by Check Point. Additionally, if interested in incorporating SD-WAN or IoT capabilities, these features are readily available within the product. It's important to note that in today's landscape, Check Point offers more than just a traditional firewall; it's a comprehensive and advanced solution. Overall, I would rate it eight out of ten.