Check Point Quantum Force (NGFW) Reviews

It's just enterprise firewalls, firewall clusters for redundancy to secure the company network from the internet, and as well as a data center firewall, for example, if you want to split up subnets to control traffic between them.

The management is very handy and intuitive, and it has a lot of features. I think it's one of the products in this market which has the most possibilities.

I saw some other firewall vendors or firewall solutions from other vendors. And maybe I like it because I'm very familiar with Check Point and the management of the Check Point gateways. So, probably, I'm just not aware of how other solutions work and how to use them. 

We also see or have a lot of customers with Palo Alto. That's also a solution we see a lot, but we have been a Check Point partner for more than seven or eight years since the beginning of our company. We have done a lot of research on firewall solutions. 

In our opinion, it's one of the best because the management is very handy. So it's easy to implement every possible configuration, and you have a good oversight of your rule set. 

If I compare it with Cisco Meraki, for example, if the rules grow, then it's very hard to get oversight or to have oversight over the whole rule set. So then it becomes hard to manage.

With Check Point, it's easy because even when you have 200 or more rules, it's still very user-friendly, and you can still quickly manage your whole rule set.

What I like about Meraki is the whole cloud-managed feature, where it can configure gateways in the cloud and preconfigure it as well. So I don't need to have access to the device or create a configuration in the cloud. 

And as soon as the firewall comes online connected to the internet, then it downloads its configuration from the cloud. I think Check Point does also have such a solution, but I'm not aware that it's as easy as Cisco Meraki. Sometimes it would be nice if they would have the same possibilities.

I have been using it for about five years now. 

I have not yet faced any challenges with performance or stability. Sometimes when we implement core firewalls, there are applications that have longer session timeouts than the Check Point firewalls in the default settings. 

Windows has a default session timeout for about two hours, I think, and Check Point's is one hour. So, it's not a performance issue, but the application will not run as well as before the security gateway analyzes and blocks traffic. So, it depends.

Scalability  is a very good point of Check Point's solution. They can scale very well and very large.

The technical support is also very well and specific. It's very useful to have technical support from Check Point.

I have experience with Nutanix Flow. It's also possible to enable training in Nutanix Flow where you can redirect the traffic to Check Point gateways. I think that's a very useful feature if you need layer seven traffic analysis and blocks. But I don't have any customers, or we don't have any customers, who use chaining. We also don't have any customers who use a micro-segmentation solution from Check Point. So, I'm not aware if they have a comparable solution like Flow.

For the initial setup, you need a good knowledge of the operating system, Gaia OS. It needs some knowledge to get started, but if you've done it once, then it's easygoing.

Normally, we check the customer's requirements. Then we start to deploy the gateway and start with a basic rule set so the customer is able to refine it for their needs. If we are in charge of creating a complete rule set, we will bring all the requirements into a concept and then create a rule set in a more suitable way.

Some customers have very basic requirements. If it's just to deploy the gateways, then it's very easy and quick. You just need maybe a few days and a maintenance window outside of business hours. But there are also customers who have a lot more requirements, like scanning or analyzing the traffic for subnets inside of the network. 

For example, a core firewall can be very time-consuming. You need to do a lot more research and concepts or write concepts on how to achieve that. That can take a few months.

For maintenance, you need to know what you do. It can be difficult if you don't know what you want to achieve. If you are not aware of network security, then probably it's not that easy, and you may run into configuration errors or mistakes. It's easy to manage, but you have to know what you do.

Check Point is not the cheapest vendor in the market, but it has everything you need compared to other solutions. So that's probably the main reason for the cost or the prices. I think it's probably on the same level as Palo Alto.

I would recommend Check Point to other users who are looking into implementing it.

I would advise others to compare or write down their requirements and have a look to see if Check Point is able to fulfill all the requirements.

Overall, I would rate it a nine out of ten.

The primary objective was to replace the Cisco ASA firewalls with Check Point NGFWs. In addition to their firewall functions, these NGFWs also provide features like Web Application Firewall and Network Data Security. We used this approach to consolidate security measures into a single, comprehensive solution, much like having a master key at the main entrance rather than separate keys for each window and door. This streamlines security management and ensures a more efficient and robust overall security strategy.

There are several crucial advantages to using Check Point NGFW including its ease of use, as it provides a unified interface for managing multiple security functions. It offers impressive scalability to meet the demands of a large organization and can handle substantial traffic. Its simplified management, enhanced remote support capabilities, and the ability to facilitate secure VPN connectivity for numerous offices and employees are highly beneficial.

The current model is predominantly hardware appliance-based, which can incur substantial costs. These appliances must be purchased separately, contributing to a significant investment.

Our most recent engagement with Check Point NGFW was a year ago when we implemented it for one of your financial sector clients.

The stability of the firewall has been exceptional, with very minimal disruptions. There was only one instance of downtime, and it wasn't attributed to any fault in the firewall itself or the hardware, but due to a configuration issue. I would rate it eight out of ten.

The scalability of Check Point firewalls is a notable strength. These firewalls can handle a substantial number of connections. For instance, they can manage up to one million connections on the NDSW server. Regarding its VPN capacity, it can support around 5,000 to 8,000 users per box, which is quite impressive. This scalability makes Check Point firewalls well-suited for organizations with high connection and user requirements. I would rate it eight out of ten.

Their support team has demonstrated an approximately 24-hour turnaround time, which is considered quite good. We have rarely needed to engage with Check Point support because most issues are resolved internally. Typically, we turn to OEM support only when we encounter challenges that are beyond our capabilities.

I also have experience with Fortinet and Cisco, both of which have made significant developments recently. They have introduced software-based firewall and system solutions, which have garnered attention from customers. This shift in the competitive landscape has led to changes in customer preferences, with more organizations considering Fortinet as a viable option for their security needs.

This process can be a bit complex at times, mainly because it depends on the specific client architecture and how they want to set it up.

The deployment process can be rated at about six in terms of complexity. Several factors influence this complexity, but getting the infrastructure ready is often the most challenging aspect. To successfully deploy, you need to account for downtime, ensure proper backups are in place, and ideally test it in a sandbox environment before going live. After deployment, thorough checks and adjustments are necessary. It typically requires at least two days of parallel operation, where both the new and old equipment run simultaneously. In an environment with no existing infrastructure to replace, the process is generally smoother. Deployment typically involves a team of 2 or 3 people working full-time for 4 to 5 days, equivalent to nine hours a day. Maintenance is handled by a networking team, which includes a Network Operations Center. The team consists of approximately eleven people managing various network components, including L1, L2, and L3 devices.

When considering a POC for a security solution, it's essential to assess the various use cases and functionalities it offers, such as NDSW which is particularly useful for protecting sensitive data. Check Point NGFW is not solely a firewall; it's a comprehensive security solution with various capabilities. It can address a wide range of security requirements, making it a valuable and versatile asset for organizations looking to enhance their security posture. I would rate it eight out of ten.

My main use case for Check Point NGFW is to filter the whole infrastructure traffic, and we use it as the perimeter firewall for our data center.

Check Point NGFW helps me in my daily operations by managing traffic across almost 30 branches, and we utilize its SD-WAN features to communicate with other third-party companies through a VPN.

For branch communication, we use the SD-WAN feature of Check Point NGFW, and through the VPN, we establish a connection between our company and the third-party companies. Currently, we filter our traffic between the branch sites and third-parties, and access the internet through that exchange firewall.

The best features Check Point NGFW offers in my experience are its application identification and control capabilities, which stand out as we use them beyond Layer 3 communications.

The application identification and control feature of Check Point NGFW helps my organization by allowing quick responses to make decisions and segregate applications that need more attention.

Check Point NGFW positively impacts my organization as it has improved our security posture and made us less vulnerable to attacks compared to our previous status; we can easily filter URLs and enhance web security.

While we don't have specific numbers, we measure increased security through our ability to block malicious attacks, including phishing attacks, easily.

Check Point NGFW has a steep learning curve for starters; it's not easy to learn and is a bit complex to start from scratch.

Check Point NGFW sometimes has limitations on third-party integrations, requiring more specifics rather than being straightforward.

I have been using Check Point NGFW for almost two years.

Check Point NGFW is stable.

We scaled up Check Point NGFW about six months ago, and it handled that scalability fantastically.

Customer support for Check Point NGFW has been stable, even while we faced some issues.

Positive

I did not previously use a different solution; it was similar to Cisco ASA.

The initial setup with Check Point NGFW was a bit complex.

We have seen a return on investment with Check Point NGFW as we have reduced incidents from the previous setup.

My experience with pricing, setup cost, and licensing for Check Point NGFW is that the high subscription fees aren't easy to afford, and it's not recommended for mid-sized companies or businesses. The cost is a little bit high compared to other competitors.

Before choosing Check Point NGFW, I evaluated Cisco, but I didn't look into other options on PeerSpot.

I recommend Check Point NGFW to others looking into it because it's a good protective device.

From the vendor, I was not offered a gift card or incentive for this review.

Check Point NGFW is a fantastic product, and it is also easy to integrate with third-party devices.

On a scale of one to ten, I rate Check Point NGFW a nine.

Generally speaking, it's like any other NGFW. It's quite a versatile solution for many aspects. It's not like a separate solution for firewalling, but a separate solution for web access. It's just very convenient to have everything in one box. On the other hand, when you need something, like a very top-rank solution for very specific things, like network intrusion prevention or network intrusion detection as a component of NGFW, I would say it looks weaker compared to the well-designed solution for its purpose. It has the same issue as many other versatile or unified solutions, so it's really convenient.

From our point of view, including me and my colleagues, I would say it's really good that they have a lot of integrations with third-party companies. Integrations with third-party companies are really convenient. API offers many convenient ways to integrate with open-source solutions. It's very, very good when you have everything in one package and one bundle.

If you check each and every point from this part, you will find some flow in an area, or you will discover another flow in another area. It's unfortunate, and not a usual situation and it is not just for NGFW but for any other tool, making it a disadvantage where improvements are required.

For the next release, I would prefer the tool to be more flexible in terms of general deployments because some additional companies must be deployed as a basic one. For those who have been working with their solutions for a relatively short amount of time, it would be better for the tool to offer an adequate knowledge base, not just very superficial information, or maybe not too much in that spot, something like average stuff. The tool should be more flexible in terms of deployment, and a more adequate knowledge base should be available.

About the UI, it is hard to comment because it has been more or less the same for many years. Professionals have already been using the tool's interface for many years. From a contemporary angle, the tool's interface looks a bit outdated from a UI point of view. The UI has been more or less static in terms of changes for the last couple of years. People can get to the UI and work with it in a couple of months, but compared to any other solutions on the market, which are more flexible and more rapidly evolving, I would say that UI should be considered for improvement.

I have been using Check Point NGFW for two to two and a half years. My company is a partner and reseller of the solution.

For stability in high-load networks, I rate the solution a six to seven out of ten.

Scalability-wise, I rate the tool an eight to nine out of ten.

There could be some performance issues under the heavy deployments and heavy load, but generally, if you are talking about the general scalability, it is quite good.

The tool is suitable for large and very large enterprise businesses. From our company's practice, I would say it is meant for banks and financial institutions. It is also quite popular in heavy industries. I would say it has a more or less wide list. It is more or less very popular in banking.

The tool can be scaled up, but even despite high scalability, it requires a lot of extra companies to bear a high-load environment and high-load networks, making it a bit unfair, especially when comparing some of the numbers with the real-world statistics it likes too far from reality.

The solution's technical support is fine. I rate the technical support a nine to ten out of ten.

Positive

If ten means easy, I rate the product's initial setup phase a six to seven out of ten. It is not a plug-and-play solution. It requires much more skill and effort for the specialist to set it up properly. Even if there are any PoCs, you can easily discover the difference between the easy setup process and the more difficult setup phases, and I would say that Check Point falls under the latter category as it takes much more time and effort. Sometimes, it could be buggy, and you just need to fix some other firmware or software update.

The solution is deployed on an on-premises model for large and very large enterprises.

The time to deploy the solution depends on the stage because you can talk about the initial deployment or you can talk about the deployment, including the integrations. I would say that the integrations would be really time-consuming. For the initial deployment, I would say it is a couple of days if it is not really a large installation and a couple of weeks are needed for the initial deployment.

ROI is like an artificial point in connection to a solution like Check Point NGFW, and its numbers are quite questionable.

Suppose the company has too many different solutions from different vendors. In that case, it becomes a greater burden in terms of support and everything, especially in terms of management of these solutions. I would say that Check Point would be a good choice if they are planning to migrate. If it is something like a choice between one NGFW from a vendor and you want to move into the Check Point NGFW, it becomes a bit more tricky. It becomes really hard to say about the ROI because it is just like a different approach. If you are moving between a lot of different solutions from different companies, then ROI will be really good and attractive.

The tool's price is reasonable in case you are not using it in a high-load environment. If you are not expecting significant increases or peak increases in loading, it should be fine. If it is a really highly loaded VLE environment, and if you try to rely on the tool's official numbers, I would say you can put your environment and network in jeopardy because it becomes really unstable. For the last couple of years, the situation has changed, and it has become really tricky to understand why the tool's official numbers aren't aligned with real-world numbers, which is a big problem for the VLE customers because when they are just trying to consider their official stats and official scalability numbers, it might be tricky. VLE customers should have, like, a 20 to 30 percent extra, or else, at this point, it becomes much more expensive.

The tool's prices don't make any sense because we are not talking about MSRP prices for VLE. We are talking about the discounted prices, which could be a really, really huge gap between the MSRP and the discounted price. I don't think these numbers will highlight any beneficial aspect of the price for you.

There needs to be accuracy in terms of scalability. It should be well-designed, and if the customer does not have enough resources or their own resources, it is better to involve an adequate number of SIs. The system integrator will do the trick, and if a person is experienced, then everything can be really good in terms of the certifications, the statistics, and everything else. The system integrator should do everything properly, but it will be quite expensive, especially if we are talking about large and very large enterprises. For mid-sized businesses, it should be fine because it is less tricky, and even the normal specialized person on the customer side should be fine with using it, as it can be quite easy. In any case, scalability is a bottleneck here.

I rate the tool a seven out of ten.

I used Check Point NGFW to secure the data centers of medium to large enterprise companies. In many cases, it serves as a perimeter firewall, though its use can vary based on specific needs. Primarily, it functions as a defensive firewall.

The GUI is not very user-friendly, and configuring it can be challenging. The management console often has issues, sometimes requiring high CPU usage on your FTP or Windows system to open or manage sessions. It can be resource-intensive. Additionally, when viewing or monitoring logs, they sometimes do not appear immediately and may be outdated or missing.

I have been using Check Point NGFW for two years.

It is a stable device.

They support a range of enterprises, from small to large. Their solutions can accommodate environments with as few as 50 users to those with thousands or more. So, handling a large number of users is not an issue.

Support is very good.

Positive

The initial setup is not straightforward and can be more complex than that of other devices like Palo Alto or Fortinet firewalls. The setup for the CMA and management center requires careful implementation. Additionally, integrating components such as MDM and other security devices, including sandboxes, can be challenging to achieve a cohesive and secure environment.

The time required for deployment depends on the amount of configuration needed. Typically, it might take a full day, but with sufficient time, a basic configuration can often be completed in about eight to ten hours.

I have worked with both on-premises and VM versions. The CMA is typically deployed as a VM on a server, while the firewall is a physical device. 

I have already deployed many times by myself, so there is no need for many people.

It is a cheaper device than what other vendors offe.

For security features, I typically use the templates or standards provided by the vendor. Based on my experience over the past three years, I haven’t encountered any significant complaints from customers about attacks or major issues while using the firewall to protect their data centers.

Google has a premium partnership with Check Point, involving extensive verification processes for major customers. This strong partnership indicates a significant level of collaboration between the two companies.

I haven’t handled any maintenance, but the support center has been very helpful. They provided excellent support and demonstrated strong knowledge whenever I reached out for assistance. They are proficient in various languages and have a good grasp of Linux, which is essential for effective support.

They provide good step-by-step implementation guides, similar to what is available for Fortinet's FortiGate. However, I find the implementation process for other vendors to be easier. Pricing varies among the three vendors, so there are differences in cost. Palo Alto offers the best options for sizing, though I haven’t worked operationally.

I recommend it, but you should know Linux and its commands to work effectively with this device.

Overall, I rate the solution a six out of ten.

Our customers find that the Check Point NGFW highly effective for data center deployments. Additionally, smaller models are well-suited for branch locations where local internet breakout is necessary. These smaller models streamline internet access at remote sites, eliminating the need for third-party service providers and reducing costs. The 26000 and 28000 series excel in securing DMZs, while the lower-end versions are ideal for branch-level internet breakout, allowing direct cloud connectivity without intermediary networks. It offers cost savings and efficient security solutions tailored to various deployment scenarios.

Some of the most valuable features are URL filtering, web filtering, and content filtering. Typically, customers would need to invest in cloud web security solutions for local internet breakout. However, by deploying Check Point firewalls, which include these functionalities built-in at each site, the need for separate cloud-based solutions is eliminated. This consolidation reduces costs significantly, as one product serves multiple purposes: routing, switching, and next-generation security features such as timeboxing and malware filtering.

Check Point could enhance its capabilities further by focusing on global threat intelligence, particularly in addressing zero-day attacks and other unknown threats. If I were to suggest improvements for this firewall, it would involve enhancing its core features. Currently, there are many additional licenses available for purchase, such as DDoS protection, URL filtering, and global threat intelligence. These additional licenses increase the overall cost significantly, as they are add-ons to the base model. It would be beneficial if Check Point included more licenses bundled with the base model, reducing the need for additional subscription charges for essential functionalities.

I have been working with it for one year.

I would rate its stability capabilities eight out of ten. I'm uncertain about its performance in large enterprises, where stability is paramount. It's crucial that the firewall can handle high throughput, accommodating multiple gigabytes of bandwidth, alongside additional firewall features like web filtering, content filtering, and sandboxing. In my experience with capacities ranging from one hundred to two hundred megabytes, focusing solely on web and content filtering, the product has proven to be stable.

There is room for improvement in scalability. Adding more firewall features can impact the performance of the device, particularly in terms of processor capacity. I would rate it six out of ten. Our customers typically fall within the medium-sized business category.

All manuals are accessible on the website, ensuring comprehensive documentation is readily available. The publicly available documentation is satisfactory, covering a wide range of information. However, certain documents not accessible to the public are provided to partners through a partner sign-in portal. This access ensures that all necessary documentation is available within our organization.

The initial setup was quite straightforward. It involved basic configuration, which I would rate as an eight out of ten in terms of simplicity.

The deployment took approximately five hours. The process can be executed in various methods. I typically perform a remote login from the console. The deployment involves three main steps: IP configuration, security configuration, and DNS setup, including any necessary DNS protection configurations.

It falls in a moderate price range, not as inexpensive as some alternatives but not as costly as Palo Alto. I would rate it seven out of ten. There are numerous additional licenses required for advanced security features, leading to additional costs.

Check Point has introduced several SD-WAN and IoT features, among others. I would suggest exploring the zero-trust features offered by Check Point. Additionally, if interested in incorporating SD-WAN or IoT capabilities, these features are readily available within the product. It's important to note that in today's landscape, Check Point offers more than just a traditional firewall; it's a comprehensive and advanced solution. Overall, I would rate it eight out of ten.

We use Check Point Quantum Network Gateways for all our on-site firewalls. It protects the network edge, network core, data center, and our AWS direct connect. 

We are a payment facilitator and security is one of our core requirements. 

We have implemented VSX which enabled us to reduce the hardware footprint. 

We have implemented 6700NGFW, 6600NGFW, and 6400NGFW in different network segments. We have enabled basic firewall, ClusterXL, and IPS licensing. 

Due to the nature of the traffic, we do not use Application Control or URL Filtering.

With our previous firewall solution, we had no automated compliance tools. Now, with the Check Point Quantum Network Gateways, we have the ability to automate compliance reports for both GDPR and PCI3.2, and by using VSX (Virtual System Extension) we have reduced our data center footprint. This will lead us to become a more sustainable organization. 

We have found the central management (Smart Console) to be very helpful in managing all the firewalls and keeping the software/hotfix versions up to date.

By implementing VSX (Virtual System Extension), we were able to reduce our hardware footprint, reducing both direct and indirect costs. This also enables us to quickly scale up or down to meet business needs.

We have also found that the Intrusion Prevention System implemented on Check Point Quantum Network Gateways is robust, efficient, and very easy to implement. Being able to add it later as a software feature is a real boon. The customization options enabled us to zero in on our specific use case.

Due to our unique environment, we have to implement BGP on our firewalls, and the way that BGP is implemented on Check Point Quantum Network Gateways is not intuitive and requires additional custom configuration. This caused a significant delay in our migration. The way that NAT is implemented was also not intuitive and required additional custom configuration.

We have also run into an interface expansion limitation, and thus it would be helpful if products lower in the stack would offer more interface expansion options.

The solution has been in use for one year.

During the first year of operation, we have seen 100% up-time.

Due to the VSX implementation, I would conclude that it is highly scalable.

Customer service and support from the vendor have been excellent. They have assisted in communicating issues back to Check Point and the subsequent response from Check Point has been very good.

Positive

We used Cisco ASA 5500 series firewalls, but these have reached the end of life and needed to be replaced.

The initial setup and migration was complex and we had a vendor team assisting.

The expertise of the vendor team is excellent; I'd rate their services nine out of ten.

It is important to carefully consider your needs. Additional features can be activated easily - for additional licensing costs. However, opting for extended licensing can provide cost savings through discounts.

In looking at replacing the existing firewalls we considered Cisco, Palo Alto, and Check Point. 

Check Point Quantum Network Gateways offered us a more favorable price point without compromising on functionality.

We use the solution for threat protection in the banking and finance sectors.

Check Point NGFW is popular because of the protection it offers. 

The pricing and UI need to be improved. 

The enterprise is quite expensive. There are small boxes that are competitive enough.

I have been using Check Point NGFW for a year.

The product is stable.

I rate the solution’s stability a nine-point five out of ten.

The solution can scale up to enterprises.

I rate the solution’s scalability a nine-point five out of ten.

The initial setup is easy, but maintenance is very difficult. Deployment and fine-tuning take a day.

There were no glitches or issues. We were able to achieve a positive ROI for our business. It saved them a significant amount of money that would otherwise have been spent on dealing with ransomware activities.

The product is expensive and costs around one-point-five million.

I rate the product’s pricing an eight out of ten, where one is cheap, and ten is expensive.

Thorough planning is essential when implementing a Check Point NGFW. You need a checklist outlining what policies to establish. While the installation is straightforward and does not require much effort beyond obtaining a license, creating and configuring policies can be time-consuming. Therefore, allocating sufficient time and resources to policy creation is crucial to ensure effective security management.

Overall, I rate the solution a nine out of ten.

Historically, the primary uses for these gateways were perimeter security and internet filtering. However, we now push all our internal traffic through the gateways for LAN segregation and to isolate obsolete operating systems.

Our isolated operating systems and LANs only allow specific traffic from a specific source to access them, making these critical production/business systems more secure. It's not a simple case of just replacing these legacy operating systems but replacing the industrial machinery that they control - which would require an investment of tens of millions of pounds.

Isolating obsolete operating systems wasn't in the scope when implementing the gateways originally. However, it has enabled us to secure Windows XP/Windows 7/2003/2008 machines which are end of support yet are still required to run industrial software and interface with large machines, which are not easy to replace.

Isolating machines and networks, along with SSL inspection, wasn't in scope when the gateways were spec'd. That said, five years later, they are still rock solid, and along with the Threat Cloud intelligence service, this ensures that our firewall is equipped with up-to-date threat intelligence, enhancing its ability to detect and mitigate emerging threats.

One of the strengths of Check Point Firewall lies in its granular policy management capabilities. We can define security policies based on a variety of criteria, including user identity, application, and content type. This level of granularity allows us to enforce security policies that align with our specific needs and compliance requirements.

One of the standout features of our Check Point Gateways is the user-friendly interface. Smart Console (management console) is well-designed and intuitive and provides administrators with a centralized hub for monitoring and configuring security policies. The web version isn't quite there yet, so to get the most out of it, the console needs to be installed, but it allows users to tailor it to their specific needs, and the menu structure is logical, making navigation a breeze for both novices and experienced administrators.

2FA on login would assist us with compliance however at the moment, it's not a major factor for us - yet may be in the future.

It would be nice to have comprehensive documentation and training resources that can help users and administrators better understand and utilize the full range of Check Point's capabilities. We ended up having to travel to London to sit through lots of training as we didn't find the information readily available.

Finding the costs associated with a particular blade can be challenging. This isn't specific to Check Point, but sometimes we need a ballpark cost quickly and don't have the time to speak to a reseller.

The company has been using Check Point gateways for around five years, myself about two years.

Hardware has been 100%; software has been slightly less as we had an issue where the gateways would failover. 

We run a pair of Gateways in HA mode, this solution has worked for us, and there have been no cases of downtime. Adding additional gateways should in theory be quite simple however for us there is no need.

Support has been quick to respond to any questions or issues.

Positive

The company used to sue Cisco Firepower. I wasn't with the company when switching.

The setup was straightforward; the implementation team went on the CCSA and CCSE courses.

We handled the setup initially in-house.

We ran these gateways for five years and will look to do the same with the replacements.

Work with Check Point's presale team and complete the scoping document. If you are an existing customer, use the CPSizeME. 

The company also evaluated Palo Alto.

We have run Check Point Security Gateways for five years and have had very few issues; they have been rock solid, and the hardware has been 100%.

Our company undertook a network transformation and instead of implementing a separate IPS solution, we've opted for the NGFW of Check Point. We've leveraged the different security blades available in the Check Point NGFW. Besides the IPS blade, we've also leveraged the anti-malware threat intelligence blades for our gateways, especially for the perimeter. 

We've also enabled the IPS blade for our remote offices as part of the additional security layer for our smaller international offices and used both the IPS and anti-malware for our bigger offices. 

We've managed to reduce the CAPEX cost of the network transformation when we leveraged the versatility of the Check Point NGFW solution. 

Instead of purchasing separate solutions for the IPS, anti-malware, and threat intelligence, the security blades of the Check Point NGFW were just enabled. 

The software subscription cost is already included in the annual software and hardware maintenance cost which made the solution more cost-effective than having separate solutions wherein we need to maintain a separate subscription for each. 

Besides the basic firewall feature of the Check Point NGFW, we find the IPS and anti-malware security blades to be most valuable for our current implementation.

The IPS and anti-malware solutions have successfully identified and blocked potential threats from our perimeter. 

Though we are also using threat intelligence, we see more validation of the successful use of the IPS an anti-malware. 

The successful performance of the security blades has shown the value of the investment along with the comparable success of leveraging the NGFW over a separate specialized security solution. 

Overall, we are satisfied with the performance of the NGFW both from the functional and operational perspective. The solution has been proven effective in detecting and blocking potential and intentional threats to the company's internal network without impacting the performance of the appliance. 

What can be improved though is the capability of providing an executive summary report that can highlight the performance and operational effectiveness of the implemented security solution. The current reporting capability needs to be parsed and edited to be appreciated by leadership.

We've been using Check Point NGFW for more than 4 four years.

Check Point NGFW has been very stable and very rarely do we encounter any performance issues due to hardware or software issues. 

The solution is very scalable and easy to manage.

Customer service and support are very responsive, and we get quick and fairly consistent turnaround times for the resolution. 

Positive

We previously used Cisco Firepower, however, we were not satisfied with its performance both functional and operational. 

The initial setup was straightforward since the deployment is just the typical high-availability active standby implementation. 

We implement through a vendor team. The vendor team is very competent and has consistently displayed their expertise in the technology. 

Unfortunately, our team does not have visibility on the ROI.

If the implementation would require multiple gateways, consider leveraging the Infinity Total Protection. 

We no longer evaluated other options.