Check Point Quantum Force (NGFW) Reviews

My company is an IT service provider. We suggest customers choose the Check Point next-generation firewall along with other OEMs for their environment. Once they choose (and confirm the product with model capabilities), we migrate the existing firewall to the new firewall. 

I have deployed multiple Check Point products. Based on my experience and its effective features, I do suggest customers go with Check Point NGFW. I love its security profiles which effectively secure the organization's LAN, DC, and DMZ network.

The solution has improved organizations via:

1. Ease of deployment: We can easily implement and deploy the check Point NGFW.

2. Deep Inspection: It inspects traffic beyond just port number and IP address.

3. Threat Prevention: It has multiple security features and we can enable and integrate these features like IPS(Intrusion Prevention System), Anti-Bot Protection, and SandBoxing.

4. Organizations can enable Multi-Factor Authentication (MFA) in their network environment to verify their identity before they access the network. this feature keeps the integrity of the LAN network.

My favorite feature of Check Point NGFW is its "deep traffic inspection capability" due to the fact that:

1. It provides deep-level control over the network activity, allowing you to prioritize critical traffic first based on organization requirements.

2. It analyzes application behavior to detect suspicious activity.

3. We integrate with Sandbox technology to safely detonate and analyze zero-day threats. 

4. It also blocks the application and prevents them from accessing the organization's LAN network.

5. It gets a regular zero-day signature update.

During my initial level implementation of check Point NGFW, I faced issues troubleshooting. The problem was with its command line. 

Check Point runs on Linux and its command line is Linux-based. However, at the time, I was not familiar with Linux commands, and I invested lots of time in finding the Linux command and understanding the meaning, then went for troubleshooting.

It would be very helpful if the OEM provided all the Linux commands in a way that we could easily understand and follow the steps to configure or troubleshoot the issue using the command line.

For the last year, I have been implementing and deploying Check Point NGFW in multiple client environments. 

Its NAT automation and routing intelligence are excellent. We are not required to configure NAT rules separately; we can enable them while creating an object. We are also not required to configure reverse routing for LAN subnets.

At this time, Check Point NGFW is more stable than other options.

The scalability is wonderful.

Customer service and support are good. However, they can be enhanced.

Positive

We do not choose the solution. Rather, we provide multiple solutions to the customer.

The solution is easy to implement.

We are from the vendor side. We can help implement the solution. 

As of now, everything is good as per the market scenario.

We did not evaluate other options. 

My main use case for Check Point Quantum Force (NGFW) is that we use it for a perimeter firewall and separation firewall.

The best features Check Point Quantum Force (NGFW) offers are that it's a good product with a lot of features and a great GUI interface to manage it.

The interface of Check Point Quantum Force (NGFW) stands out because in a single point, I can read all the logs of my device.

Check Point Quantum Force (NGFW) has positively impacted my organization because it is our core security system, and it performs effectively.

At the moment, I haven't any ideas on how Check Point Quantum Force (NGFW) can be improved.

I have been using Check Point Quantum Force (NGFW) for about ten years.

Check Point Quantum Force (NGFW) is very stable.

For our company, Check Point Quantum Force (NGFW) is scalable enough.

We reached out for customer support and received the correct support, the support that we needed.

Positive

Before Check Point Quantum Force (NGFW), we used an old Check Point firewall.

I don't have information on whether we have seen a return on investment with Check Point Quantum Force (NGFW).

I don't know the price because I only made the technical decision, but I spoke about the price with my manager.

We stayed with Check Point and did not evaluate other options before choosing Check Point Quantum Force (NGFW).

I would rate Check Point Quantum Force (NGFW) a nine out of ten because I think we can improve the product a little bit.

My advice to others looking into using Check Point Quantum Force (NGFW) is that it is a good product and can solve a lot of security problems in your company.

My company does not have a business relationship with the vendor other than being a customer, as we are an end user.

I was offered a gift card or incentive for this review.

I prefer not to use my real name or company name when publishing my review.

Check Point is mainly used for internal communication. Our clients have multiple platforms, and customers use it for internal communications and protection, from the DMZ to the LAN to the DMZ, and also for MPLS connectivity with multiple branches. 

As I've seen, the customers also use it as a gateway for publishing their website. This is only for the perimeter, however.

It is very easy to identify the logs. It is also very well managed because of the threat cloud architecture. 

Another thing is that whenever we make changes on the firewall, we first need to publish them and then install the policies. This allows us to double-check the policies before they are implemented, which is helpful.

We faced many challenges. For example, an issue with the managed view that Check Point has. When clicking on a rule, we are supposed to have a full view of that rule and its log portion. This should show what's passing through the rule, what's coming to the rule, and all of that on a single pane of glass. Currently, the log isn't showing when we click on a particular rule. This might be an issue with an upgrade or something. Because of this, we can't implement anything on the live system; we only have a maintenance window every weekend, and it's hard to troubleshoot within an hour.

Another problem is that when we created around two lakhs of Check Point objects on the firewall, it became very slow.

I have been using it for two months. 

It is not slow. But, we implemented two lakhs of objects on the firewall, and that caused the slowness. It can happen with all firewalls, not only Check Point.

Currently, I work with enterprise customers.

It was good. No issues with that.

Positive

I can recommend Check Point, Fortinet, and even SonicWall. 

I come from a system integrator background, we first understand the customer's requirements before suggesting a firewall. Sometimes we aggressively push SonicWall because the user's requirements are more aligned with SonicWall. That's how we propose solutions.

It is very easy to install, not that complicated.

The complexity and time depend on the customer's requirements.

No maintenance: In the past two months, we haven't faced anything that required replacements on the firewall.

Pricing is good. The price is very reasonable for enterprise customers.

It offers average pricing. Previously, I worked as a system integrator, and we faced some cross-product environments where Check Point was quite costly compared to the product we were working with.

Overall, I would rate it an eight out of ten. 

We use the Check Point Next Generation Firewall for whitelisting and blacklisting of addresses. It's part of our identity management solution and is utilized for inbound and outbound traffic services. 

Additionally, it is integrated with our DMZ, managing traffic from an IP addressing scheme. We also use it for monitoring different types of classified and nonclassified applications.

Check Point has improved our organization's ability to manage both classified and nonclassified applications securely, ensuring they pass through multiple layers of security within our firewall infrastructure.

One of the most valuable features is the ability to whitelist and blacklist sources to control access to our ecosystem, ensuring secured SaaS application access. It provides robust security across classified and nonclassified applications and integrates well with our existing infrastructure.

The graphical user interface (GUI) could benefit from some updates, although it is generally satisfactory in its current form.

The solution is stable, and I have the utmost confidence in its software stability.

The application is very scalable, allowing us to manage security across different network layers and support various applications and activities.

Customer support quality depends on the person you interact with. However, the support team we engaged was knowledgeable and well-versed with the application, allowing us to resolve any potential issues effectively.

Positive

We switched to Check Point due to cost and maintenance benefits. The previous solutions required significant resources to handle network and communication alignment during upgrades.

The initial setup is straightforward, with no significant issues arising from the box configuration.

Our implementation team comprised about thirty individuals, including supervisors for each stage, to manage testing, validation, staging, and production.

We conducted a detailed analysis and determined a high return on investment. Maintenance and stability were key factors contributing to a favorable ROI.

We found the pricing reasonable, ensuring the product was not overpriced. However, I am not familiar with the exact cost details.

I would absolutely recommend this solution to others for its robust security and scalability.

I'd rate the solution ten out of ten.

We use Check Point NGFW to provide more protection for our network from internal and external sources. I also work on creating checks, rules, troubleshooting, and generating daily reports.

Check Point NGFW makes it easier to handle and use the firewall efficiently. It helps protect our network from internal and external threats.

The firewall's default behavior of blocking all traffic, including a cleanup rule that blocks everything from external to internal sources, is highly valuable for protecting our network.

In the rule creation process, we need to decide on the source address, destination address, and services. There are improvements needed in this area.

I have used Check Point NGFW for one and a half years.

To maintain stability, I monitor high utilization and CPU usage, enabling and disabling connections as necessary.

Check Point NGFW is not scalable enough. However, it enhances performance with high availability, shifting to a secondary firewall if one fails.

When I can't resolve an issue technically, I consult with a senior engineer. I rate the technical support seven out of ten.

Neutral

I did not work with any other firewalls before Check Point. I am familiar with CCNA routing and switching.

The initial setup involves connecting cables, opening the IP address using a browser, and configuring the firewall. It takes about one hour.

Only one person is required for the deployment.

Check Point NGFW is very important because it is easier to handle and use.

I don't have information regarding the pricing, as it is considered an internal matter of the organization.

I did not evaluate any other options. I chose Check Point firewall based on my knowledge of CCNA routing and switching.

Check Point NGFW is easy to use, create rules, and take backups. It simplifies backing up and managing processes with click-and-go options.

I'd rate the solution seven out of ten.

We needed stateful inspection, logging, integration with Active Directory, and the ability to monitor devices using standard SNMP for use cases. Now, with the tool's Skyline product and OpenTelemetry, we can monitor it through Prometheus and Grafana. It has all the features we needed when we certified the solution.

Integration with Active Directory, IPS, standard VPN, and the firewall itself are the most valuable features for us. We haven't yet certified or aren't using Application Control, anti-bot, or anti-virus features.

Significant improvements have been made in the product. I started working with the R65 code and then upgraded to R74.40. When they transitioned from R77.30 to R80.x, they made major back-end modifications, switching from a flat file system to Solaris and Postgres. This was a big step that neither customers nor their support staff were fully prepared for.

Now, they're adding more features due to the increased flexibility of the new back-end. The main improvement I'd suggest is better preparation when introducing new features. Before releasing, they must train their support staff to troubleshoot these new features. The transition from R77.30 to R80.x was problematic due to a lack of preparation by Check Point, customers, and support.

Sizing is crucial, but we've never had issues with the products we've sized for each environment. The Maestro solution provides a lot of flexibility. On a scale of one to ten, with ten being the highest scalability, I'd rate it a ten.

I use Palo Alto firewalls. Check Point NGFW was the first to invent the stateful inspection firewall. They focus more on security and try to keep their motto of "keep security simple". They don't get bogged down in marketing or complicated terminology when using their products.

Even enabling a firewall blade on Palo Alto requires learning about different sync ports, how sync ports differ between chassis, and navigating through multiple GUI tabs for configuration. It's not as straightforward.

On the other hand, Check Point NGFW has kept things very simple for deployment. You set it up once, and then you can repeat the same process repeatedly.

On a scale of one to ten, with ten being the easiest, I'd rate the initial setup as ten. The process is straightforward: you rack and stack, configure the management code, create a standard policy, establish SIC, and push the policy. This process has remained consistent over the years.

For deployment, it took us longer than the typical two weeks because we had to design solutions for different scenarios. Check Point offers various options, such as clustering solutions, Maestro solutions, and standalone solutions. We had different use cases—some required standard clusters with ClusterXL, while others needed scalability solutions like Maestro. We also had to factor in sizing considerations.

The certification process took about the same amount of time as other products. We've been using the Maestro solution for a while now, so when new platforms are released, there isn't much change required beyond certifying the new hardware and ensuring backward compatibility with our certified solution.

Initially, it took a little more than two weeks to certify. However, the actual deployment still follows the same standard process and is actually easier now than it was in the past.

We call the team responsible for deploying certified solutions to the service delivery team. It's made up of two groups: build services and service delivery. The build services team works with our networking team to ensure our network and peering devices are set up right to host the firewall.

The service delivery team focuses more on the firewall itself. We need about three or four extra people from build services for firewall deployment. They act as go-betweens with the network team, ensuring our firewall solution works well with the peering devices when we put it in place. The build services team is important because they ensure everything fits together properly when we set up our firewall.

For maintenance, the solution is pretty stable. We have a global team, but a separate team handles regular firewall changes and daily operations. For support, we have about ten people total - three groups of three people each. This team manages around 1200 firewalls, including Check Point and Palo Alto devices.

Check Point NGFW is much cheaper than other platforms, including Palo Alto. Its scalability, especially with the Maestro solution, is a big advantage. If you're looking for good security at a reasonable price with a good return on investment, I believe Check Point NGFW is the way to go.

I've been dealing with Check Point NGFW for my entire career. I started with their Stateful Inspection feature. The term "Next Generation Firewall" is just marketing. Check Point's UTM product was designed from the ground up with next-generation features. They have a feature called Blaze. Besides stateful inspection firewalls and VPNs, they offer IPS, application control, URL filtering, antivirus, and antibot. You can also integrate it with third-party tools like Active Directory for authentication. This combination of features is what's called a next-generation firewall.

Other vendors use terms like app ID or user ID. They focus less on ports and more on ensuring services match their intended use. For example, if port 22 is enabled, it should be for SSH service, not something else. We use both Check Point NGFW and other products. I think if you commit to one vendor's approach, it can be hard to switch late.

My customer is one of the big banks in Bangladesh, and they use the solution to protect themselves from malware.

The solution's most valuable feature is CDR (content disarm and reconstruction). The Infiniti Portal feature helps manage the firewall and get a proper report, which is required for management. Capacity and Maestro are good features that can produce better firewall speed.

I want better (DPI) Deep Packet Inspection in Check Point NGFW. The solution should include some behavioral features to detect the malware smartly.

Check Point NGFW is a very stable solution.

I rate the solution’s stability nine and a half out of ten.

Around 20 small and medium businesses are using the solution. The solution's scalability is really good. It has a feature called Maestro, which can increase bandwidth by three terabytes.

I rate the solution's scalability an eight out of ten.

The solution provides good technical support.

Positive

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup an eight out of ten.

Check Point NGFW is not a cheap solution. Customers often need to pay a premium for its services.

On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven out of ten.

Check Point NGFW is a good firewall. You can mount it into your firewall in every country and have the report. You can find out how good it is. Customers can change this firewall or determine the efficiency of other firewalls, including Check Point. After 15 days, they can see the report, which is a good feature.

Overall, I rate the solution an eight out of ten.

It's just enterprise firewalls, firewall clusters for redundancy to secure the company network from the internet, and as well as a data center firewall, for example, if you want to split up subnets to control traffic between them.

The management is very handy and intuitive, and it has a lot of features. I think it's one of the products in this market which has the most possibilities.

I saw some other firewall vendors or firewall solutions from other vendors. And maybe I like it because I'm very familiar with Check Point and the management of the Check Point gateways. So, probably, I'm just not aware of how other solutions work and how to use them. 

We also see or have a lot of customers with Palo Alto. That's also a solution we see a lot, but we have been a Check Point partner for more than seven or eight years since the beginning of our company. We have done a lot of research on firewall solutions. 

In our opinion, it's one of the best because the management is very handy. So it's easy to implement every possible configuration, and you have a good oversight of your rule set. 

If I compare it with Cisco Meraki, for example, if the rules grow, then it's very hard to get oversight or to have oversight over the whole rule set. So then it becomes hard to manage.

With Check Point, it's easy because even when you have 200 or more rules, it's still very user-friendly, and you can still quickly manage your whole rule set.

What I like about Meraki is the whole cloud-managed feature, where it can configure gateways in the cloud and preconfigure it as well. So I don't need to have access to the device or create a configuration in the cloud. 

And as soon as the firewall comes online connected to the internet, then it downloads its configuration from the cloud. I think Check Point does also have such a solution, but I'm not aware that it's as easy as Cisco Meraki. Sometimes it would be nice if they would have the same possibilities.

I have been using it for about five years now. 

I have not yet faced any challenges with performance or stability. Sometimes when we implement core firewalls, there are applications that have longer session timeouts than the Check Point firewalls in the default settings. 

Windows has a default session timeout for about two hours, I think, and Check Point's is one hour. So, it's not a performance issue, but the application will not run as well as before the security gateway analyzes and blocks traffic. So, it depends.

Scalability  is a very good point of Check Point's solution. They can scale very well and very large.

The technical support is also very well and specific. It's very useful to have technical support from Check Point.

Positive

I have experience with Nutanix Flow. It's also possible to enable training in Nutanix Flow where you can redirect the traffic to Check Point gateways. I think that's a very useful feature if you need layer seven traffic analysis and blocks. But I don't have any customers, or we don't have any customers, who use chaining. We also don't have any customers who use a micro-segmentation solution from Check Point. So, I'm not aware if they have a comparable solution like Flow.

For the initial setup, you need a good knowledge of the operating system, Gaia OS. It needs some knowledge to get started, but if you've done it once, then it's easygoing.

Normally, we check the customer's requirements. Then we start to deploy the gateway and start with a basic rule set so the customer is able to refine it for their needs. If we are in charge of creating a complete rule set, we will bring all the requirements into a concept and then create a rule set in a more suitable way.

Some customers have very basic requirements. If it's just to deploy the gateways, then it's very easy and quick. You just need maybe a few days and a maintenance window outside of business hours. But there are also customers who have a lot more requirements, like scanning or analyzing the traffic for subnets inside of the network. 

For example, a core firewall can be very time-consuming. You need to do a lot more research and concepts or write concepts on how to achieve that. That can take a few months.

For maintenance, you need to know what you do. It can be difficult if you don't know what you want to achieve. If you are not aware of network security, then probably it's not that easy, and you may run into configuration errors or mistakes. It's easy to manage, but you have to know what you do.

Check Point is not the cheapest vendor in the market, but it has everything you need compared to other solutions. So that's probably the main reason for the cost or the prices. I think it's probably on the same level as Palo Alto.

I would recommend Check Point to other users who are looking into implementing it.

I would advise others to compare or write down their requirements and have a look to see if Check Point is able to fulfill all the requirements.

Overall, I would rate it a nine out of ten.