Check Point Quantum Force (NGFW) Reviews

Our branch offices and customer sites require Internet access for the on-site staff and remote access capabilities for after-hours and remote support.

The Check Point firewalls allow us to provide site-to-site VPN, client VPN, web/app filtering, and IPS functionalities.

Client VPN is leveraged by site staff due to the majority of our sites requiring 24-hour support and also allows centralized teams to remotely assist with multiple sites globally.

We also use these at locations to provide security when our stand-alone network requires connectivity to the customer's network.

Check Point's solution is both affordable and easy to manage for the small business applications that we utilize them for. Due to the great pricing and support, we can afford to deploy the firewalls in a high-availability solution providing greater uptime and less worry. 

The price point of their equipment also means that we can often purchase a more robust solution compared to some competitors and Check Point's inclusion of more advanced features, such as IPS, by default, is a great selling point.

We greatly appreciate the ease of configuring firewall policy ACL rules and how the seamless integration with VPN users and user groups provides the ability to granularly restrict access. The uncomplicated configuration ensures that mistakes are avoided and rules are easily audited.

Having the ability to set an expiration date for remote access VPN users simplifies the process and increases security by ensuring that stale accounts and not forgotten.

In general, we find that CheckPoint offers a great balance between ease of use and configurability.

The one thing I have been continually asking for is a more robust certification process including self-paced study material similar to Cisco's Security certification track. Not everyone can afford the time and money to attend the official in-person classes offered by Check Point. Even if someone was not interested in fully pursuing a certification, offering certification guides is often a method that IT professionals follow in order to learn about a specific topic and keep for reference.

An area that I sometimes find lacking is the information provided by the system when performing troubleshooting issues such as site-to-site VPN tunnels. The logs provide general information regarding what is happening but often, it leaves you wanting additional details. This also ties back into the lack of training and knowledge required to utilize the more advanced features of the command line.

We have been using Check Point NGFW for more than five years.

We have never had a device or software failure in the more than five years that we have been using Check Point devices. To date, we are extremely happy with the performance.

The few times that we required customer service, they have been extremely helpful and knowledgeable. I would rate them on par with the other top-tier companies.

We previously utilized Cisco firewalls but the cost structure of the hardware, licensing, and support became prohibitive. Check Point offered a more robust solution at an affordable price point.

The initial setup was extremely quick and easy, and the deployment time for a new site is often under a day.  

The price point and licensing was the main factor in moving away from Cisco and migrating all of our sites to Check Point. They offered more features for a lower cost than competitors, and the licensing model was easy to understand.

We evaluated NGFWs from Cisco, Palo Alto, and Fortinet in addition to the Check Point.

The primary use is to protect the organization from any kind of attack. It is able to isolate, secure, and control every device on the network at all times. Solutions should have the ability to block infected devices from accessing corporate data and assets.

It provides access to the Internet for corporate resources in a secure manner. Our resources are used to host applications and services that are accessible to end-users over the Internet.

It is used to provide required/limited access for third parties who want to connect to our corporate network. Access is granted based on application type and should be independent of port or protocol.

It provides next-generation protection including IPS/Web Filtering/SSL decryption and more. 

It offers centralized policy management capabilities for all firewalls.

This solution was able to provide access to our internet-based resources using our application/FQDN.

The license offers different modules for NGTP and SNBT. It provides multiple functionality or blades, which can be enabled on the firewall depending upon organizational requirements.

Other than stateful packet filtering with the NGTP license, it provides blades such as IPS/URL/VPN/Application Control/content awareness/Anti-Bot/Anti-Virus/Anti-Spam. With SNBT, it provides additional security using the SandBlast Threat Emulation and SandBlast Threat Extraction for Zero-day attacks in real-time.

Any file, before it reaches an endpoint, is executed in a virtual environment for analysis. Based on the verdict and configured policy, a decision will be made as to whether it should be delivered to the endpoint or not.

It provides the flexibility to use any module with the NGTP and SNBT license. Depending upon the requirements, the blades/module can be enabled on the firewall security gateway and it can be deployed easily.

In case SSL decryption or IPS need to be enabled on any security gateway, it is simple to do. We can go ahead and enable the module/blade and then create a policy, deploy it, and it will start to work.

It has a default five-user license for Mobile/SSL VPN, so the organization can check the solution any time or can even provide access to critical users on an as-needed basis, without getting the OEM involved, all on the same box.

For smaller organizations with the correct sizing of the appliance, they can use the full security solution on a single box. It will provide financial benefits along with reducing the cost of purchasing additional solutions or appliances. 

For example:

• URL Filtering Module: It can replace the proxy solution for on-premises users with integration of application control and the Identity module. Active Directory access can be provided based on the User ID and the website or application.
• SSL VPN or SSL decryptor, and more. 
  
• Core assignment for each interface, which can be done using the CLI. If the administrator determines that a particular interface requires more compute, he can manually assign additional cores accordingly. This is done by enabling hyperthreading on the firewall. 
• The policy can be copied from any security gateway and pasted onto another one.

This is a zone-based firewall, which differs from other firewall solutions available on the market. It changes the way the admin manages firewall policy. The administrator has to be careful while defining policy because it can lead to configuration errors, allowing unwanted access.

For example, if a user needs to access the internet on the HTTPS port, then the administrator has to create a policy as below, rather than using NAT for assigning the user's machine to a public IP.

Source: User machine
Destination: any
Port: HTTPS
Action: allow (for allowing the user's machine access)

This has to be done along with the below policy:

Source: User machine
Destination: Other Zone created on Firewall
Port: HTTPS
Action: block 

The two policies, together, mean that the user's machine will not be able to communicate with any other L3 Network created on the firewall.

The firewall throughput or performance reduces drastically after enabling each module/blade.

It does not provide for standalone configuration on the security gateway. Instead, you need to have a management server/smart console for managing it. This can be deployed on a dedicated server or can be deployed on the security gateway itself.

I have been using the Check Point NGFW for more than eight years.

This solution is very much stable and does not require frequent changes in architecture. The patch frequency is limited and it does not require frequent maintenance windows in terms of downtime.

This firewall is very much scalable. The introduction of Maestro has changed the concept of hyperscaling.  

The technical support is excellent. The center is located in major cities in India along with the Check Point presales team.

We did not use another solution prior to this one. We have been using Check Point for a long time.

During the initial setup, support is excellent. It is a well-known OEM and they have people ready to resolve any issue that should arise.

Our in-house team deployed it with support from the OEM.

Cost-wise, it cheaper than industry leaders such as Palo Alto. The licensing is straightforward; there are only three types of licenses that include NGFW, NGTP, and SNBT, so the organization can choose its license according to their requirements.

We have evaluated solutions by Juniper, Cisco, and Palo Alto.

Before implementing the security gateway, you need to be sure about the license and modules that you are going to enable. This includes determining the proper size, as it can affect throughput drastically after enabling each module. This is especially true for SSL decryption.

The architecture needs to be studied before finalizing, as the configuration is done remotely using the centralized smart console. All of the security gateways need to be connected to the management server for any policy configuration, and they should be available at all times.

I work as an internal network team member. We protect the company environment from outside threats, outside viruses, and ransomware attacks. It is kind of an IT administrator job.

They are protecting internal security as well as giving us security from the outside world or public environment. 

It protects the environment. It gives advanced features to our company, like Antivirus, more granular security policies, and more control over the traffic, e.g., what we want to allow or deny to our environment. 

What I like about this firewall is it has a central management system. We can configure or monitor a number of firewalls at a time from the central management system. 

They have a logging system where we can have our logs visible. The logs are easy to view and understand. 

While the logs are very good and easy to understand, when you want to download these customized logs, they don't have as many features compared to competitive firewalls. 

Check Point has a very good Antivirus feature. However, compared to the competition in the market, it is lacking somewhere. In my last organization, I worked with Palo Alto Networks as well. I found that while they both have an antivirus feature, the Palo Alto antivirus feature is much better. Check Point should improve this feature. It is a good feature, but compared to Palo Alto, it lacks.

I have been using it for the last three years, since 2017.

Check Point is already a very big name in the market. Our software updates, even the Antivirus updates, are very stable in the market. There are no problems with its stability.

Performing maintenance for a solution takes around 12 people. Maintenance is something that our team is capable of. Internally, we have had many training sessions on Check Point Firewall. Our seniors have managed that for us so we are capable of doing it. Most of our BAU is done by us.

Scalability is very easy. I haven't found anything that is the issue with the scalability of this firewall. If you have complete knowledge of it, the scalability is not tough.

I used their assistance many times. The experience with them is sometimes very good. They give the best solution in a short amount of time. Two out of 10 times, I feel that they are only looking to close their tickets. They are keen to do that. My personal experience with the support is an eight out of 10.

We currently use Check Point and Cisco ASA. The purpose for the company is to increase the security. They were only using Cisco ASA Firewall, which is kind of a degrading firewall right now because it lacks many features, which are advanced in Check Point Firewall. With Cisco ASA, we need to purchase additional IPS hardware. But, for Check Point, we do not require that. Also, if we want the same configuration for multiple firewalls at a time, then Cisco ASA does not support that. We have to create the same policy in each firewall.

We have our own on-premises firewalls, not cloud-based. The production time took around nine to 12 months' time. The setup was completed during this time.

We follow the three-tier architecture for this firewall, which is also recommended by Check Point. We have the central management device as well as the web console and firewall.

For the deployment process, there were only four senior network engineers involved from our company.

It is easy to control from the central management system. For example, if we have 10 firewalls, and we want to push that same configuration among them, we can use this solution's central management system to do that simultaneously. So, there is time saving in that way. The time savings does depend on the situation. For example, if I am running half an hour of work on each firewall, that will take around 300 minutes. However, if I do this work from the central management system, then it will only take 30 minutes to push the same configuration to those same 10 devices.

They sell it in one box. In that one box, they sell Antivirus and Threat Prevention. They have everything, so we are not required to purchase additional IPS hardware for it.

The cost of the pricing and licensing are okay. They are giving me a good product as far as I know. It is more expensive than Cisco, but cheaper than Palo Alto, which is fine. It has many good features, so it deserves a good price as well.

I have experience with Palo Alto Networks Firewalls and Cisco ASA Firewall. Compared to these solutions, Check Point has a very good, understandable log viewer. It is easy to view and understand the logs, which helps a lot while doing troubleshooting or making new security policies for the organization. Also, it is very easy to create new security policy rules.

The Check Point Antivirus feature lacks in comparison to Palo Alto Networks. Also, compared to other competitive solutions, the training for Check Point available right now is very expensive as well as the certification is little expensive.

Get properly trained. When I entered this organization, I struggled with this firewall. There are very few good quality training programs available in the market. Or, if it is available, then it is very expensive. So, I advise new people to get properly trained because it has many feature sets, and if they do not use them with the proper knowledge, then it could worsen their situation.

I am happy with the organization's progress, as they work hard on their product. It is a good lesson from a personal level: We should work hard and improve ourselves. 

I would rate this solution as a nine out of 10.

We use Check Point firewalls to secure our internal network from the outside world and to provide a good, comfortable, and secure environment for our employees.

We have various models from the R80 series, such as the R80.10 and the R80.30.

Before, we were using firewalls from Palo Alto. The benefit of the Check Point firewall is that it has more security features. It has antivirus signatures and additional features for which we should require additional hardware devices in the firewall. It also gives us a central management system, which was not present in the Cisco ASA.

Check Point's Next Generation Firewall has many good features. It has a central management system, and that means we do not have to go to each and every firewall to configure it. We can manage them with the central device. 

There are also additional features, compared to a Layer 4 or Layer 3 firewall, such as AV signatures and devices, which are very helpful for securing the company's network.

The only thing which I think should be improved is that training should be increased. In my position I also interview potential employees and I haven't found many people in the market, nowadays, who are familiar with the Check Point firewall. They are more familiar with Palo Alto and Cisco ASA and they are more comfortable with them. Check Point is one of the good firewalls and training should be increased by the company so that more people are familiar with it and with their switches.

I have been using Check Point's firewalls for the last three-and-a-half years.

The stability is very good. The updates we get for the antivirus and the URL filtering sites are also very nice and happen very often. That is a good thing because there are various new attacks coming out but we get their updates on time. 

In terms of the scalability, it is very easy to extend the utilization of Check Point firewalls. We did so in the past. We extended our environment in our organization and it was very easy to extend it.

We have around 4,000 to 5,000 people who are using the Check Point firewalls directly or indirectly. They are passing their traffic through it. Expansion of our usage completely depends on the organization. If they want to do so they will tell us and, if that happens, we will definitely go for Check Point firewalls.

We have used Check Point TAC to resolve our issues. We have had good support. They have good engineers there.

We were using Palo Alto and Cisco before and we replaced them with Check Points.

We used Palo Alto in a  few of our sites, but we found Palo Alto was more expensive and its updates and services were also more expensive compared to the Check Point firewall.

Cisco is a very basic firewall in the market, and it has a limited set of features, compared to Palo Alto and Check Point. Palo Alto has rich features, but it is one of the more expensive firewalls in the market. The Check Point firewall is not too expensive, but it is also a third-generation firewall.

The drawback of the Check Point firewall is the lack of training materials. That should be increased.

We have a team of seven to eight people who have all installed and configured environments so the initial setup, for us, was a very straightforward process. And these are the people who handle maintenance of the firewall and manage it, during different shifts. They are all network engineers.

It took us between nine and 12 months to do the implementation. We have Check Point hardware so we followed the recommended, three-level architecture, in which there is a SmartConsole, the hardware security gateway firewall, and the central management device.

The pricing is good. It is less than Palo Alto's firewalls. Check Point has the same features as Palo Alto, but the licensing and cost of these firewalls are not too expensive. It is one of the best firewalls in the market in this range.

Check Point firewalls have many features. Before configuring it in an environment, you should know each and every feature of the firewall. You should also follow the three-level hierarchy which is recommended by Check Point.

There are a few add-on features for Check Point firewalls. I only learned that by using the firewalls. I'm very happy with the way Check Point is progressing. They continue to work on their firewalls even after making their name. That is something we should follow in our lives as well: Once we have made our name, we should not stop there. We should further build the reputation of the company and product.

We are very happy with the Check Point firewalls. The only thing missing, as I mentioned earlier, is that training should be increased for the firewall by the organization. Otherwise, we are very happy with investment in this solution.

We use the solution to protect our organization and workers from the outside Internet or any untrusted network.

We have the three-tier architecture of Check Point. We use its consoles, central management system, and firewall device for managing it. This three-tier architecture is recommended by the Check Point Community.

We protect our internal customers using Check Point Firewalls by providing them security as well as detecting vulnerabilities. 

The most valuable feature would be the central management system of Check Point because we can manage multiple firewalls through it at the same time. It doesn't matter the location.

I also like the advanced Antivirus feature of Check Point.

The Threat Management feature makes it very easy to detect the vulnerabilities and other factors. We can make new policy according to it. Policy creation is very simple in Check Point. Because the logs are very good in Check Point Firewall, this reduces our work with the reports that we are getting from the Threat Management. It is very convenient for us to use the reports to make new policies for security and other things.

It is very user-friendly.

The training for Check Point Firewall should increase, including the number of Training Centers. For most new people in our organization, we have to provide them training from our end, as they are not trained in Check Point Firewalls. So, we have to do the training, from our point of view, to make our engineers able to use Check Point Firewalls. However, with other firewalls, they are already trained, so we are not require to provide them training. This could be improved by the Check Point Community.

I have been using it for the past six years.

The Check Point Firewall is stable. 

The updates that we get are also very stable. We haven't found any stability issues in the updates at all. Features, like the Antivirus, are updated with almost every release and done on a frequent basis.

The scalability is very good for Check Point Firewall. It is very easy to increase. For example, during the COVID-19 period, we increased our deployment on an emergency basis, and it was very easy.

My organization has around 4,000 people. 

For Check Point, we have a team of around eight people who manage it. We are basically a team of senior network engineers.

The tech support is very good for Check Point. We get straightforward solutions for it every time, and they do not take a lot of time since we have to resolve the cases quickly in a live environment. So, they are very helpful and capable.

We are also using Cisco ASA, and we have been thinking that we need to go with Cisco or Check Point. At last, we have decided to go with Check Point because of its advanced features.

The initial setup was very straightforward. We didn't have many problems.

The deployment part took around nine to 10 months. We completely planned the deployment before doing it. Since we already installed Check Point Firewall in multiple branches earlier, we used those same plans to configure it.

We didn't require any external help for the deployment. Our R&D and tech were capable of doing it. Our deployment team consisted of six to eight people, working in different shifts, to configure it.

Overall, it is a good cost saving product. We do not have to purchase additional hardware for it, which is a good. This saves us 10 percent in costs compared to Cisco.

The solution saves us about 20 percent in our time, which is substantial.

The price could be decreased, because the competitors of Check Point Firewall are giving lower prices in comparison.

The licensing part is something that is very easy to do in Check Point Firewall. We just need to purchase the license, then we have to write the keys in while installing it. The good thing is that it is an easy process to update the license.

We are also using Cisco ASA and FTD. The problem with Cisco ASA is the GUI is missing, while the GUI is good for Check Point Firewall. Apart from that, in Check Point, there are advanced features, like Antivirus and Threat Management, for which we do not require other hardware, where it is required for Cisco ASA Firewall. So, Check Point provides us a cost savings in that way.

The central management system of Check Point is missing in Cisco ASA. This is a good feature because it saves time. We can use it to manage multiple firewalls through one central management device. It is also easy to use.

We are slowly eliminating Cisco ASA and using more Check Point Firewalls, bringing more Check Point Firewalls into our environment.

I have also used Palo Alto, but the organization is using Check Point because they have more confidence in things like Check Point's stability factor. However, more people are trained to use Palo Alto.

Get good training on Check Point, which is very rare to obtain at this point of time. Before implementing or deploy the product, you should be trained properly so you know all the features. It has heavy features in terms of quantity. You should know about each feature before using or deploying it.

I would rate the solution as an eight out of 10. 

Our primary use cases for Check Point NGFW are for perimeter security and content filtering for browsing behavior.

We have a lot of flexibility now and a leg up identifying zero day threats. We have multiple ways of doing policies now that we didn't have before. The options are more robust over previous products and I would say that we're pleased with the product. The reports I'm getting are that we're satisfied, even impressed, with the options Check Point offers.

Packet inspections have been a strong point. Our Identity Collectors have also been helpful. In many ways, Check Point has been a step up from our SonicWalls that we had in-house before that. There's a lot of additional flexibility that we didn't have before.

We saw a noticeable performance hit using SonicWalls. Whether it's because we've provisioned the Check Point gateways correctly from a hardware standpoint or whether it's the software that is much more efficient (or both), we do packet inspection with very little impact to hardware resources and throughput speeds are much improved.

With SonicWall, after it would calculate inspection overhead, we might see throughput at, and often below, 15%. My network administrator gave me data showing Check Point hovering at 50%, and so we were actually seeing Check Point fulfill its claims better than SonicWall.

Because there's quite a bit of flexibility in Check Point, improved best practices would be helpful. There might be six ways to do something and we're looking for one recommended way, one best practice, or maybe even a couple of best practices. A lot of times we're trying to figure out what we should do and how we should handle a particular problem or scenario. Having a better roadmap would help us as we navigate the options.

The VPN setup could be simplified. We had to engage professional services for that. That's not a problem, but compared to other products we've used, it was a little more complex.

We started putting Check Point NGFW into production late first quarter this year, right before the pandemic hit. We put in two gateways and one management server.

Stability is there especially compared to previous security products. Certain things had quirky behaviors. For instance, once we upgraded to 80.40, a couple items inexplicably acted up (not uncommon for any software upgrade). Certain policies would drop and then show up again (remained in force, just briefly disappeared from management console). I would have to get some specifics from my network administrator, but I do recall some strange behaviors. One of them was fixed by a patch and another one still has a backup issue that's pending right now about how to best back up the device before we upgrade.

I haven't had to test scalability yet because we purchased it for our existing needs and as a company, our performance and our needs are pretty flat. We don't really have need to scale yet.

We are adequately equipped for what we need and we have room to grow and to add all of our users and possibly add additional products down the road and still have plenty of room to do so on how these gateways are powered.

We have a total of about 620 employees that use Check Point NGFW. I would say we are 80% there. There are still some users that have to be migrated to it once we test their accounts, their kiosks, that kind of stuff. 

There is one primary employee who is dedicated to maintenance and there are another two who back him up but our network administrator is primarily responsible.

Mixed experience, mostly satisfactory. Some support engineers are quite helpful and efficient, others required more patience working through support incidents. ATAM support has been high quality, and as previously mentioned, local support has been key to resolving some cases much more quickly. If we were giving their support a letter grade, it would be in the B range.

We were previously using SonicWall. We switched because we were struggling with performance, support, and strategy. There were things that were broken that did not have coherent or reliable fixes. At the time we did not consider it to be next-generation technology. There were problems with GeoIP enforcement. There were also quite a few performance problems, especially with inspecting traffic. It would literally bring the device to its knees once we turned on all the inspections that we really felt that we needed. It was under-provisioned, under-specced, and coupled with all the support problems we had, we started shopping for a new solution.

The setup was both straightforward and complex. There were some complexities in there that required us to get help. We have some local representatives that are very helpful and so we frequently contacted them for guidance.

We're still migrating people behind Check Point, especially in our main facility, but the heavy lifting was done by early summer. It took around three to four months.

Our strategy was to set it up in parallel with the existing firewalls and begin setting up policies and testing the policies against individual services in-house. Then, as we were successful, we would grab pilot users and migrate them to Check Point and have them start trying to break things or browse to certain sites and see what behaviors they were getting.

It was a slow migration with a handful of people at first. We tweaked their experiences and just kept adding people. It was gradual. We tested, fixed, and then migrated a few more incrementally.

We had two different ways of getting help. We have local representatives who are in the same metropolitan area and they were very responsive. Then when we would have to contact standard support. We were satisfied about 80% of the time. Sometimes follow-up was not there. Sometimes there would be delays and occasionally there would be rehashing of information that didn't seem like it was efficient. Eventually, we would get the answers we would need.

That's why we rely heavily on the local people because they could sometimes light a fire and get things moving a little bit quicker.

Primarily it's offered stability and caught behaviors and given users (and administrators) a level of confidence as they are doing their daily jobs. The inspection that Check Point does, even when we download a document or a PDF, offers a bit more peace of mind in those types of transactions. GeoIP is working like we had hoped compared to SonicWall.

We have a lot of granularity in our policies. We can accommodate some really interesting scenarios on our operations floors, certain groups needing certain types of access versus other groups. We're accommodating them fairly seamlessly from migrating from SonicWall to Check Point. We might have struggled to try to make stuff happen in SonicWall, and Check Point just seems to ingest it and run with it. Having access to Check Point's AI ThreatCloud cloud has given us a lot of peace of mind. ThreatCloud is 25+ years worth of exploit research that informs and feeds CP technologies and gateways.

Another feature that's been helpful is the sandbox feature. A lot of companies offer this type of thing now, but CP has been offering it for quite a while. If end users are browsing websites, and they download a payload-infected document from a website, SandBlast will detect it and take it offline. It will sandbox it, detonate it there safely, pull out the content that we're actually looking for, then re-present that cleaned content back to the user.

Strongly consider augmenting standard support with Check Point's premium option or by purchasing ATAM/professional services time blocks, especially during deployment.

Standard support is decent, though occasionally frustrating from a turnaround perspective. While we sometimes wait a while for resolution on some cases, the information we receive is usually quality; that's been our experience.

We looked at Palo Alto, Fortinet, and Sophos. I brought some of that experience to bear on our decision but our shortlist was Palo Alto, Fortinet, and Check Point.

The reason I selected Check Point was partly its pedigree, knowing that Palo Alto formed out of Check Point. Both companies are built from the same DNA and each has a history and a culture I respect and trust. Check Point Research is regularly in the news it seems for finding exploits and vulnerabilities in popular cloud platforms. 

Check Point offered quality local support, including our technical sales representative and a support manager that live in the area. A couple of executives also live in the area. If we needed to escalate, we had the people here locally that could help us with that.

My former company used Palo Alto and, while I didn't interface with the products on a regular basis (we relied on the network team for analysis), I'd overhear frustrations with support. Palo Alto is also a great product and it wasn't an easy decision choosing between CP and PA from a technical perspective. I had never used Check Point prior to this position, but it outpaced its competitors in a few key areas, especially the pre-sales phase, POC engagements, local support options, and the maturity of Check Point's ThreatCloud technology.

My advice would be to look hard at premium support options. Know what your tolerances are, and if you expect fairly quick turnaround on support incidents, go ahead and invest that money in support. Definitely take advantages of pro services, buy a block of hours, whether that's 10 hours or 20 hours, and use that to fill in the knowledge gaps, especially during deployment. If you rely on standard support during setup, depending on how complex your environment is, you may be frustrated.

We did well doing what I recommended here. We bought two rounds of pro services (20 hours). I don't want to pile on standard support - it's not bad - it's just that if we were to rely only on standard support, I think our migration would have taken longer, and there might have been more frustrations. Because we had local support and because we bought pro services, it accelerated our timeline and it got us into production much quicker.

From what I've seen and heard from my staff, I would rate Check Point NGFW technology a nine out of ten.

We use it to protect our network from the outside world and unsecured networks. We also use it to provide a safe, secure network to the internal users of our organization.

I am using various versions on the model, like R80.10 and R80.30.

• Antivirus
• Threat Prevention
• The central management

These are vital, advanced firewall features for the market. They protect the environment more than the usual firewalls. 

Check Point's study materials should be provided by the company directly and be of very good quality. This is not provided right now and something that the company can improve. 

A disadvantage about Check Point is people in the market are not too familiar about its usage and people lack training on it.

I have been using it for the last six years (since 2014).

Check Point Firewalls are very stable. Check Point is one of the oldest company in firewalls with a very stable product. They provide good, stable updates.

It scales well. Recently, during COVID-19, we did the scalability process, and it was easy.

Currently, this is used only for our inbound networks to provide security to our internal network. Around 6,000 people are taking advantage of this technology directly and indirectly in our organization.

We have certainly increased number of firewalls in our organization. In the future, if is required, then we will definitely use more.

I have used the technical support very frequently. I would give them around a nine out of 10. They have very good support. In critical scenarios, they provide us very quick solutions, are very well-trained, and have a good knowledge about the product. That is what we expect from them. I am deducting one mark to allow room for improvement. 

Previously, we were using the Cisco ASA Firewalls, which are one of the most demanded firewall in the market. We switched to Check Point because their firewall is more advanced than Cisco ASA. They are also providing us the extra benefit of features, like their central management system, Antivirus, and Threat Prevention, which were not provided by Cisco ASA. 

It was straightforward; it was not too complex. It was simple to install and use the features, as we were already trained. Our company used their trainers before installing it. Getting all the knowledge of the firewall's features beforehand worked very well for installing/deploying the solution in our environment.

We were using different firewalls that we had to replace. For that replacement, we required two years for the transition to Check Point to get it to work.

For our implementation strategy, we used three-tier architecture strategy in which we have a console, three-tier management Gateway, and the firewall.

We have around 20 people on the team, because it is a large company. So, I deployed it with the help of 19 members. The team of 20 people work on different shifts and we manage all the organization's firewalls. We are all network engineers, though some of us have different designations.

It has a good return in terms of usage and the security that it provides. We are very happy with the security capabilities that this firewall has.

Check Point Firewall costs more compared to the other firewalls in the markets, as pricing is little high. However, it is easy to take the license and use it in the firewall.

We did an evaluation between Cisco ASA and Check Point. We had options to extend Cisco ASA or switch to Check Point, but we switched to Check Point Firewall.

Be knowledgeable before implementing this firewall because it has many advanced features compared to the normal firewalls in the market. If you want to use it in a better way, then you need to be trained on it. 

There were a few members who joined our organization who were familiar with Check Point, but they do not know about every feature which could be used and taken advantage of to better secure our network. I recommend getting proper training before using it.

I would rate this solution a nine out of 10 because I am a very happy customer of Check Point. I have had a good experience with this firewall. I like is the way it is improving a lot with the times.

We use it as a normal firewall for perimeter security, using some of the Next Generation features, like Anti-Bot and Antivirus. 

We have two ISPs. We have a different firewall system in front of the Check Point Firewall. We also have normal Cisco switches combined with the Check Point solution. Then, our internal network is with Cisco, which is about 300 servers and 1,500 clients.

Since we are an insurance company, the solution is a necessity.

Two-thirds of our employees are working at home at the moment, so we use the VPN feature more than we used to. Of those two-thirds, only 100 or 200 are using the remote client from Check Point. The other employees are using other technologies, like NetScaler from Citrix. 

We use the basic firewall functionality, plus the VPN functionality, a lot.

We have about 100 remote sites, which is where we use the VPN functionality. For private lines, we prefer to do further private encryption on the line. It is very convenient to do it with Check Point, if you have Check Point on both sides. It is convenient and easy to monitor.

The firewall feature and DDoS Protector, when turned on, keep away attacks from the outside. They also prevent users from accessing things on the Internet that they are not supposed to access.

The Threat Emulation definitely needs improvement. A couple of years ago, we did a comparison with other companies, e.g., Lastline, offering threat emulation and threat detection functionalities, and Check Point was lacking. 

I have been using Check Point for 22 to 23 years. I have been using Check Point NGFW for 15 years, since 2005.

We used to have more problems. For the past five years, unless we have had a bug, which happens like once a year, it has been pretty stable. We did have a bug for the last three months, which has just been fixed. Before that we had another two or three major bugs. However, when there is a bug and it's not known to Check Point, they need quite a while to get it fixed. If they have a fix already, then there is a pretty quick turnaround to get it fixed.

There are three people working on firewalls, but not at 100 percent. We have the equivalent of one person doing firewalls 100 percent of the time using three people.

For our requirements, it's scalable enough. We have a 1 gig uplink to the Internet, which is easily doable with open servers. 

We used to have some problems with the performance, then we upgraded the license and the scalability has worked well since.

There are 1,200 to 1,500 users.

It depends whether the problem is known to Check Point. If they are aware there is a problem, quite often it will then depend on which tech you finally land on if it's easier or harder to get to the root cause. The last issue was in India so that was pretty bad. It's easier if you get directly through to Tel Aviv or Ottawa, but you can't choose. Once they know what the issue is, it's pretty good. It pretty much depends on the engineer that you get. There are pretty good engineers and there are many engineers who are at just the starter level at Check Point who are not really into the stuff. Sometimes it's hard, sometimes it's easy, depending on the problem and the tech engineer you get.

To the next manager, it's pretty easy to escalate an issue, if needed. Though, it depends on the manager. 

Our current sales staff isn't too good. Though, the one before was pretty good. So, you can escalate on that process well. As an escalation path, it works most of the time.

Once you do it for over 20 years, it is straightforward. If you have done it a couple of times, then you know what to do. However, even if you are a beginner, Check Point is more straightforward than Palo Alto or something like that. Once you get the idea of how a firewall works, Check Point does it that way.

There is a central location where we deploy upgrades, which normally take one business day since we have several clusters there. 

When deploying the solution to remote locations, we have several models to choose from.

When we tried Threat Emulation, we have received professional services from Check Point. However, for the normal setup, we don't involve any professional services.

It is like insurance for us.

The pricing and licensing are pretty steep. They know that they are good, so they are pricey.

We are also using Forcepoint, which is a little bit different on the OS and focused more on IPS/IDS. It is a good practice to combine two different firewall vendors in case one of them gets hacked.

We also evaluated Palo Alto, like five years ago, but that doesn't make much sense for us. 

Since we are trying to get our customers to do more self-service, we should see more inbound traffic. So, the usage will increase in the next two years.

We get more attacks from the outside these days, so it has become more important to use systems like Check Point. When I started with security 25 years ago, it was still something not everybody was aware they needed. Today, it's common sense that everybody needs to protect their perimeter.

Plan first, implement last. You should first be aware of what assets you want to protect and what are your traffic patterns. You should plan your policy and network topology ahead of time, then start to implement a firewall. If you just place it there without any plan of what it's supposed to do, it doesn't make too much sense. I think planning is 80 percent of the implementation.

I would rate this solution as an eight out of 10. It would be better if the support was quicker in the cases we had. Apart from that, we are happy with the functionality.