Check Point Quantum Force (NGFW) Reviews

We implement Check Point in the front end to protect internet platforms and security platforms. 

Check Point provides very good performance with many solution options and many kinds of modules.

I'd like to see more integration with other solutions. 

I've been using this solution for a couple of months. 

This solution is stable and scalable.

We've rarely used support but they've been helpful when we needed them. 

We migrated from Cisco to Check Point. Check Point is easier for the administration console.

Before migrating to Check Point, we tested it in several environments. We used a consultant for deployment and we now have 800 users in the company and six engineers responsible for maintenance. 

We pay an annual license fee. 

I recommend this solution and rate it a 10 out of 10. 

On-premises

It's our main firewall and the first line of protection from outside attacks. We use it to interconnect our remote locations (that use different vendors and equipment) and let the employees work remotely. We're a small site with 300 users and this equipment is more than enough for us. We use almost all the blades and the equipment has run smoothly for years. This NGFW monitors all the traffic outside of the main network, prevents malicious activities, and lets us easily manage network policies to shape our connections.

We have a lot of flexibility now, and a leg up identifying zero-day threats. We have multiple ways of doing policies now that we didn't have before. The options are more robust than previous products and I would say that we're pleased with the product. The reports I'm getting are that we're satisfied, even impressed, with the options Check Point offers.

There is a scope of improvement in detecting zero-day threats using the SandBlast technology, by introducing emulation of Linux-based operating systems. We have also observed issues while using the products with SSL decryption. There is room for improvement in application-based filtering, as with other firewalls available in the market today. Check Point has improved its application filtering capabilities in the recent past and their latest version, R80, is more capable but still, creating an application-based filter policy is a little cumbersome.

It's a NGFW with all of the capabilities required to protect for next-generation attacks at the perimeter level. The module or Security features that are provided as part of the base license with Check Point include (VPN, IPS, Application Control, and Content Awareness) which itself is strong enough to protect the organization.

The packet inspections have been a strong point. Our identity collectors have also been helpful. In many ways, Check Point has been a step up from the SonicWall that we had in-house before that. There's a lot of additional flexibility that we didn't have before.

I would like there to be a way to run packets that capture more easily in the GUI environment. Right now, if we want to read packet captures, we have to do so from the command line.

The biggest improvement they could make is having one software to install on all three levels of their products, so that the SMBs, the normal models, and the chassis would all run the same software. Now, while there is central management, everything that has to be configured on the gateway itself works differently on the three kinds of devices.

I started using the solution 3 months ago.

The web interface was easy for me. The configuration is logical, so it's easy to use and easy to understand how to protect, how to open a port, how to manage, and how to route a device. That's why I prefer Check Point. It's robust and I never have issues with the hardware.

The scalability is quite good. You can scale well across locations for not too much cost. If a company needs to expand, it can do so relatively easily.

Also, cost-wise, it's very affordable to scale up. It's not expensive to add hardware and licenses as needed. They make upgrading very cheap.

We have 200 people on the solution. That said, they are using it with an IPsec tunnel. They don't use all of the capabilities of the hardware. They are using it just to encrypt tunneling between the sites.

Technical support has been excellent

Yes, we were previously using SonicWall but security is less robust in comparison to Check Point.

The initial setup is very easy.

We implemented it through a vendor called S G Informatics India Pvt Ltd.

The level of expertise I would rate at 10 out of 10.

I would recommend going into Check Point solutions. Although Check Point has the option of implementing your firewall on a server, I would advise implementing it on a perimeter device because servers have latency. It's best to deploy it on a dedicated device. Carry out a survey to find out if the device can handle the kind of workload you need to put through it. Also, make it a redundant solution, apart from the Management Server, which can be just one device. Although I should note that, up until now, we have not had anything like that ourselves.

We have looked into Sophos.

The most valuable features are the security blades and the ease of managing the policies, searching logs for events, and correlating them.

On-premises

Check Point is very strong as compared to the other vendors in the market.

The solution offers a very good centralized management console. 

It works well even for small deployments. 

The perimeter security is excellent. 

It works well even for cloud environments and has been very useful during COVID when people weren't necessarily in the office. 

The creation of policies is simple. It's easy to configure them when we need to.

We have found the troubleshooting process to be very easy and helpful.

The GUI is simple and straightforward. 

The sandbox environment on offer has been great. 

The support has been super-helpful. They've always been great, even at a pre-sales level.

The initial setup is very straightforward. 

From a stability standpoint, sometimes when upgrading to a new version, there are some stability issues. The device occasionally may stop responding. 

It would be beneficial if they offered better load balancing. 

They could make the licensing a bit easier to deal with, especially for enterprise-level options. 

We primarily use the solution for security, as a next-generation firewall that we use in our environments. It is very good at detection and prevention. However, we are still exploring use cases.

While the solution is mostly stable, we do find that we have stability issues moving to different versions. You run the risk of the device not responding in some cases. 

The scalability is possible, however, it's based on requirements. When we get a new solution, we plan out for the next four or five years. It can scale so long as you design it properly at the outset. 

Technical support is helpful and responsive. We're quite satisfied with the level of service we can expect. They are very good.

I've also worked with Palo Alto and Cisco. 

The initial setup is extremely straightforward. You don't even have to be overly technical to manage it. They make it very easy. It's not overly complex or difficult.

The licensing is okay. Clients can go for a one, three, or five-year license. 

Sometimes it's complicated to put new licensing on existing devices. If we have issues, we can raise questions with the sales management team and they are always very helpful. Larger, enterprise-level devices, in particular, can be a bit complex to deal with. 

We are integrated partners and we provide services to the customers.

I didn't get any chance to work on version 80.40, however, a lot of the customers are on versions 80.10, 80.20, and 80.40.

I would encourage users and companies to use Check Point. It's quite a good solution. I find it to be a better solution than, for example, Palo Alto.

I'd rate the solution at a ten out of ten.

On-premises

We primarily use the solution for perimeter security - including DMZ and as an internet firewall. We use Check Point Firewalls as the first line of defense from the internet and they are also used to segregate the internet, DMZ, and internal networks. Check Point VSX technology is used to split the hardware into multiple virtual firewalls to cater to different environments so they are well segregated. We have BGP running on the firewalls, such as all of our network devices in our environment, to learn and advertise routes. Check Point does a decent job with BGP and does an excellent job as a perimeter firewall.

Check Point was brought into our environment as a perimeter security device to replace the Juniper NetScreen which was originally used as the perimeter firewall. When Juniper announced the end of life of NetScreen devices, we decided to go with Check Point mainly because of the ease of management and also because Check Point was an Industry leader and Juniper was still in the initial stages of building their own firewalls using JunOS. With the introduction of Check Point with the VSX features, we could use BGP instead of the tedious static routes that we had in place with the old NetScreen.

The VSX has been great. The ability to split single hardware into multiple virtuals along with support for dynamic routing using BGP is very useful for our environment.

We like the management console. The Check Point smart dashboard has made things easier for administration and we've been able to manage all the Check Point devices from one place which is very useful.

The operations support is great. There is a smart log system that is very good for troubleshooting and reporting. We also use the CLI for troubleshooting purposes (for the likes of FWMonitor and tcpdump) while the FW rules are managed via the smart console which does wonders for operations support.

It is common for any network device to compromise on stability when more and more features are packed into it. It may work for small organizations when they want a single device to do everything for security. However, it is a big issue for us as a large financial institution when even a small outage costs dearly. Check Point, being our perimeter firewall, has failed quite a few times mainly when handling BGP. I would like less CPU-intensive features to be introduced to replace the existing heavy-duty processes. They may already have a lot of features, so the enhancement of existing features could focus on robustness rather than introducing new features.

I've been using the solution for three years.

With the upgrade to R80, the solution has become more stable. We have had outages because of the gateways failure while running BGP with older versions. After the upgrade, we havent had such outages.

With the latest upgrades of R80, Check Point has bettered its performance, and hence, scalability has improved a lot. Also, there are multiple NG features that can be utilized that makes it more suitable for multiple solutions.

They offer very good customer support; they're always available and capable.

We previously used NetScreen and they were at their end of life.

Check Point has its own design that is a little complex compared to other products. This has a 3-tier architecture and we need management servers and gateways separate. I would still say its not much of a hassle building it.

We handled everything through Check Point PS. They were very good.

I can't really comment, as I do not have much idea about this space.

The solution is priced well in the market in order to compete with the other products.

I wasn't in the organization when the evaluation happened. However, I know Juniper SRX was one of the solutions looked at as we are using them for our internal firewalls.

On-premises

As a next-generation firewall, this product is capable of handling all kinds of threats that might try to attack the network, including events such as DDoS attacks. 

The compliance part of the product has been very useful to our organization. There are many useful reports from this firewall device. For example, it can tell us how much of our network has compliance with the guidelines that are in place.

The product is very easy to use.

It's quite a stable solution.

The scalability is very good.

The solution is easy to install and deploy.

The product could always be even more stable and secure, as it would improve protection.

As we aren't using the very latest iteration, it's hard to say which features are lacking, as some might have been added in the latest releases we haven't yet migrated over to.

The pricing could always be more competitive.

Technical support needs to be more helpful.

I've been using the solution for the last six months or so. It's been less than a year, and therefore, it hasn't been that long. 

The stability is good. There are no bugs and glitches. It doesn't crash or freeze. It's reliable. 

The solution offers good scalability. If a company needs to expand it, it can do so. It's not hard.

We have 50 users on the solution right now.

I would say that technical support could be better. We also use Cisco, and, in comparison, Cisco's support is way better in terms of how helpful and responsive they are. We aren't as satisfied with Check Point. They need to be faster, friendlier, and much more knowledgeable. 

Right now I am using Check Point and Cisco ASA.

The initial setup is not overly complex or difficult. It's pretty straightforward.

The deployment doesn't take long either. It's a fast process.

You only really need two people for deployment and maintenance for most setups.

I handled the implementation myself. I did not need the assistance of an integrator or consultant. 

The solution could work to make the pricing a bit lower. It's similar in cost to Palo Alto, however, if it was lower, it would make them more competitive. 

We are a customer and an end-user. We don't have a business relationship with Check Point. 

We are not using the latest version of the solution, however, I cannot speak to the actual version number. We might be a version or two behind the latest update.

I'd rate the solution at an eight out of ten. We've largely been quite pleased with its capabilities.

I would recommend the solution to other users and companies. 

The next-generation firewalls are used on the perimeter within a couple of data centers. There are lots of firewalls and we are trying to consolidate everything in the final solution. The MDS and VSX are real solutions that are easing the consolidation across different domains to make management easier. It also improves the overall solution from the operations perspective where BAU teams can leverage different Check Point product lines, like Smart Log, to support customers on a daily basis.

There is a lot of legacy traffic from other vendors that has been migrated to Check Point which has resulted in a lot of stability in our environment. Moreover, consolidation happening across different legacy environments is being enhanced by the usage of MDS and VSX solutions offered by Check Point. This is making things easier from both a migration and implementation perspective. It offers easy management architecture, and, with Smart Log, makes life easier for the operations engineers and different teams working with Check Point products.

The most valuable feature of Check Point is the Centralized Management (MDS) and Virtualization (VSX) for the firewalls. Using these features provides enhanced security with reduced cost across different domains and tenants with complete segregation from the policies database and a user traffic perspective. Using these features is proving to be scalable as things are virtualized and the resources can be increased or decreased as per the demand or usage from a project perspective.

The product or services can be improved from the cost and the pricing perspective. There are a lot of other competitors in the market providing similar solutions with more low-cost options. There is no doubt that the great three-tier architecture of Check Point is great, however, when the cost is considered, it proves to be a bit expensive as compared to other products in the market. Also, the licensing and maintenance costs are quite high. Maintaining these solutions proves to be a bit costly to organizations from a day-to-day perspective.

I've used the solution for five years.

The stability is excellent.

The scalability is really good.

We are satisfied with the level of support.

Yes, we have used a different solution previously and have switched because of the great performance that Check Point offers.

The initial setup is pretty straightforward.

Yes, and we had a good experience.

The ROI meets our expectations.

The cost is quite high for Check Point products.

Yes, however, I prefer not to say which.

Overall, the solution and product line are good but more competitive pricing can be offered.

On-premises

We use Check Point for VPN access for all employees, as a rule. We also used it as a filter, a firewall, and it's the front line of our access to the Internet.

It has VPN access for our employees and it controls access, barring intrusion for non-authorized access.

The URL filter is activated to filter access to our employees. We use filtering for VPN access.

The configuration is one of the best features of this product.

When this product was purchased approximately 12 years ago it was the top of the line.

The product has been working very well.

I don't have any issues with the software of this solution. It works as is expected.

I would like to see more integration with other infrastructures. We are considering Cisco because it is more integrated, and the network limits of the solution are better.

Recently, we experience a problem with the hardware because it was too old, it was blocked. The hardware failed, but the software did not. With older hardware, it is a problem because our network is growing every year. The solution is not at maximum performance. 

It does not have the performance that we require. The network is not the same as it was 12 years ago. There are several logs.

We are looking for a cheaper product that is more integrated than our Cisco Network appliance.

It may also need to support other types of architecture.

The only reasons we are looking at other solutions are price and integration.

Check Point was installed in the company approximately 12 years ago.

The stability is good.

We are a company with 1,200 employees, and approximately 700 are using this solution.

We have five HP Servers, and we have a cluster in different geographic locations. 

Check Point has been installed in an HP-certified server. It is not an appliance, it is an HP Server.

We have one or two professionals who work on the platform.

It is not a cheap solution, which is why we are looking for another one.

We are currently evaluating new firewall solutions because the Check Point that we have was installed approximately 12 years ago, and wanted to change to a next-generation firewall.

The HP Server works fine without any maintenance, but it needs to be taken care of. We did not, which caused a disk to fail. We have one or maybe two that are working. I don't have any complaints about the HP Server. It was sized for that network load at that time.

I would rate Check Point a ten out of ten. It works as expected.

On-premises

It's our main firewall and the first line of protection from the outside! We use it to interconnect our remote locations (that use different vendors and equipment) and let the employees work remotely.

We're a small site with 300 users and this equipment is more than enough for us. We use almost all the blades and the equipment has run smoothly for years.

This NGFW monitors all the traffic outside of the main network, prevents malicious activities, and lets us easily manage network policies to shape our connections.

Stability and security are the best way to describe this solution. The attacks from the outside still exist, but now we're better protected. We can view everything that goes in and out of our network with all the information in one place. The drill-down is very helpful and easy to use. Currently, we can troubleshoot connection problems live and solve them in a couple of minutes. This is an improvement on the 1-2 hours with the old solution.

In 4 years we've only had one problem with the equipment (due to a malfunctioning UPS). That corrupted the boot of the equipment, but was easily solved with an fsck.

We basically use almost all the blades, since the IPS, Threat Emulation, Spam, etc., are essential for our work. However, currently, Mobile Access is the most valuable. The stability of the solution and the security it gives when working remotely is great. It lets our employees work from everywhere, anytime!

The AntiSpam/Mail blade was also one of the main reasons we went with this product since we hosted our email server locally. This was an extra layer of protection on top of the existing solution.

Threat and Application control are also very important to us.

I do prefer to manage everything from only one point of entry/one application. Some things can only be configured from the smart console and others from the smart dashboard. This is the only handicap in this solution. It would be ideal to manage everything from one central place.

Instead of using a windows application to manage the equipment, it would be better to use a web app to configure the solution from a browser.  I know that it's not as powerful (you can't do everything from there), but then we could manage the solution and troubleshoot from any device.

It's faster to see the event logs on a webpage than it is to see them in the smart console.

I've used the solution for 4 years.

It's very stable. It's also the main reason I love the solution.

During this time i never had to manually restart the equipment because of connectivity problems or because of CPU/memory degradation performance. Sometimes these values get high, but i never lose Throughtput, the equipment continues to run smoothly. We used to restart our older firewall at least 2 times per month.

In the beginning, because we use the spam blade, the memory usage was always high, and the administration was a little bit slow. But Checkpoint provided us an extra memory upgrade and after that we never had administration problems. If we don't have internet connection it's allways the ISP, it was never because of the firewall.

Although I only have one unit, I know that it scales perfectly.

We only had one problem with this equipment. That was because it couldn't boot properly due to disk corruption (malfunction UPS), however, searching the technical Check Point forums it was easy to find a solution to the problem at hand.

We managed to solve the problem without contacting customer service at all.

We used to have Zyxel products, but they were aging and couldn't let us connect at faster speeds.

The setup was easy. It didn't take long to have it up and running.

The only concern for us was the remote sites - since it was different vendors. However, we had everything documented and prepared and due to that, it went flawlessly.

It was also easy to create access policies.

The implementation was through a vendor, and the installation went really well. The consultant was Check Point certified and explained everything in detail.

Later on, we added new remote sites to the configuration (in-house) without any problem. We didn't need to check with the vendor.

It's not easy to calculate, however, given the stability and security of the solution, it's elevated. There are no bulletproof solutions. That said, now we can rest a bit more because our assets are more protected than they were a couple of years ago.

The setup cost, pricing, and licensing can be a bit expensive, but, I promise, it's completely worth the cost.

I evaluated Fortinet and Check Point.

It simply works like a charm. The stability and trust in the vendor are also very important to us.

On-premises