Check Point Quantum Force (NGFW) Reviews

In my company, we use the Check Point NG Firewall solution to secure the perimeter and user network. We use IPS/IDS, deep packet inspection, and VPN. We have implemented routing rules based on the destination of the traffic, and the performance of the global solution is satisfactory.

We use the solution, too, as the firewall in a core node, which is very important to the business. It secures the network equipment and service integrity.

We are delighted with the powerful management console and diagnostic tools.

The Check Point Next Generation Firewall has improved the performance of our network, bringing the IT administrator a lot of information and data to make decisions about security, vulnerability, strengths, and weaknesses in our deployed projects.

It provides a lot of information to help better understand our users. Now we feel more confident with our network and know what happens on it, as well as what kind of traffic we have.

In addition, we have many reports that include data to help with decision-making and information about how the solution reduces cost and risk.

The most valuable feature in my opinion is the powerful deep packet inspection engine. This engine provides me with a great capacity to control the traffic generated by my users and provides our company with a very real vision of the use that users make of the network.

The reporting capability is very important as we are able to show the company management the benefits and the return on investment, in terms of securing our network.

The number of physical network ports on the device should be increased to allow for greater capacity.

Another point of improvement would be to continue improving the integration line with our current NAC solution in order to exchange more attributes and increase the granularity of the implemented policies.

We have been using the Check Point NGFW for three years.

Compared to other similar solutions on the market, this product is quite complete.

In my opinion, this solution is already quite complete with respect to our requirements.

Nowadays, there are many threats and it's necessary to have an automatic process to defend your organization. The Check Point NGFW is a good solution for this use case.

For my organization, CheckPoint NGFW helped us with enforcing threat prevention.

Threat prevention capabilities are a natural extension of next-generation firewalls' deep packet inspection capabilities. As the traffic passes through the device, they also inspect the traffic for known exploits of existing vulnerabilities (IPS).

Files can be sent off-device to be emulated in a virtual sandbox to detect malicious behavior, named sandbox security.

I think that the main benefit of an NGFW is the ability to safely enable the use of Internet applications that empower users to be more productive while blocking less desirable applications.

I think that the most valuable feature is the prevention of known and zero-day threats because they are constantly trying to access your company and compromise its data. It is very important to have your solution always update for this.

I think that another important feature is that it is a cloud solution. More and more companies have all of their systems in the cloud and the threats are pointing here.

The features that a next-generation firewall includes are application and user control, integrated intrusion prevention, advanced malware detection such as sandboxing, and leverages threat intelligence feeds.

Check Point products have many places that need to be improved, but they are constantly upgrading.

I have been using Check Point NGFW since 2015.

Check Point has a good support department and they are always ready to help you.

Previously, I used Fortinet but Check Point provides us with more features.

I used this solution for the first time in 2015 when I worked for a local Internet Service Provider. At that point, I used the R77.30 console and I saw all of the good features that it provided.

Now, I use R80.30 in my current company and these products are the best in the market. This company is going to be at the forefront and you can complete your solution with other products in their portfolio.

Today’s next-generation network firewall can be found deployed on-premises at the edge of enterprises and branch offices, on-premises at internal segment boundaries, in public clouds such as Amazon (AWS), Microsoft Azure, and the Google Cloud Platform. They are also deployed in private clouds.

The licensing includes the cost of support.

We evaluated many others options including solutions by Fortinet, Palo Alto, SonicWall, etc.

We think that Check Point is the best because they are at the forefront.

We have deployed Check Point firewalls for perimeter security and also for filtering East-West traffic. 

Check Point helps in improving perimeter security along with giving insights into different kinds of traffic and attacks.

Isolation between different tiers of APPs is critical for us and Check Point is utilized for handling high traffic volumes of East-West traffic.

We are leveraging the VPN module on the perimeter firewall for users to access the VPNs. VPN authentication is integrated with RSA for multi-factor authentication.

We have reduced the number of firewalls using the VSX cluster from Check Point. This reduced management overhead to a great extent. Also, the stability of clustered firewall helps us in meeting SLAs with clients.

Check Point firewalls can be tuned for one-off cases like allowing out-of-sync packets for a source-destination pair, which is a feature that helped us tackle application issues. 

We have deployed VPN firewalls in multiple data centers, which help with load sharing and redundancy for the VPN traffic.

Managing all of our user VPNs, customer VPNs, and Cloud VPN tunnels' endpoint encryption from a single management portal is helping us.

VSX helps to reduce the physical footprint on datacenter racks.

The SmartView monitor and SmartReporter help us to monitor and report on traffic.

Centralized management and management high availability give the ability to manage firewalls in a DR scenario. 

Features such as the ability to simultaneously edit the rule base by multiple admins and revert to a previous rule base revision are very useful.

Having a separate appliance for logging helps us in meeting the security audit requirements, without having an overhead on management.

Configurations can be complex in some situations and need experienced engineers for managing the solution.

Integration with a third-party authentication mechanism is tricky and needs to be planned well.

SmartView monitor can be enhanced to display granular details of gateways with a single click. Also, having the ability to generate alerts from the Smart Monitor would be a nice feature.

We have been using Check Point firewalls for the last eight years.

Support might take a long time to resolve issues in rare scenarios.

My advice for anybody who is implementing this solution is to always keep an identical configuration, even interface statuses, in a VSX cluster before an upgrade to minimize upgrade failures.

We use this solution as a layer 3/4 firewall deploying access rules in our DMZ. We have more than six different centers with different service layers, a core of up to 500Gb per site, and other service centers providing security for all inbound and outbound connections.

VSX gives us the capacity to consolidate hardware in fewer devices, reducing the OPEX, and creating different VFWs to provide service to different environments or services.

Layer 7 features allow us to upgrade our security services. Activating the required features only requires upgrading the license.

This product has provided us the total control of our connections in our very bandwidth and session-intensive environment. It offers high capacity on NAT tables that, with other vendors, needed to use really huge devices to support.

We can control all of our international connections in a central point with a distributed cluster in a very easy way and with good performance.

The layer 7 features (AV, IPS, Web filtering, etc) and integrations with AWS provide us a clear point of management for future deployments on the cloud.

The packet inspection capabilities are great.

ARP protections based on interface works better than it does with other vendors.

There are new improvements related to the upgrade of the solution, making for the easiest upgrade/update procedures.

New features allow for concurrent use of the console in write mode between different users.

The exposed API allows us to automate a lot of actions in a very easy way.

The central console and log collector are basically the best central management consoles, and each day provides new useful features like counts, etc.

There are issues with stability in some specific versions.

The VPN is a little difficult to configure, and sometimes you need help from Check Point professional services.

There are some performance problems with the IPS when the FW is in a high load, but in general, it is working better than in previous versions.

The routing is configured on the gateway, so, you need to remember for migration purposes.

The virtual infrastructure of the central management requires a huge amount of resources to work properly and manage all the logs without problems.

I have been using Check Point NGFW for more than 10 years.

In general, this is a very stable solution. We have had only one incident in the last few years that was with the size or the route tables in memory that finally it was discovered that was a bug in a specific version and was solved upgrading the devices to new firmware that solved the bug

This product is very scalable. There are a lot of different virtual and physical devices to cover any requirement in terms of sessions, performance, etc.

We are very happy with the support. They are very skilled engineers and always fast at analyzing and solving issues.

We did you another solution, but we switched due to prices and solution stability.

The initial setup is not more complex than other solutions.

Was implemented using a third-party vendor.

Our ROI with this firewall is high.

The vendor has a very flexible licensing approach.

Cost per Gb reduced and reduced OPEX compared with other vendors.

We evaluated Fortinet, Juniper, and Palo Alto.

This is a complex solution and there are other vendors that are easier to manage, but it is perhaps the best solution regardless.

The purpose of using the firewall is to protect the users from the external network, internet. Apart from that, we have set up IPsec tunnels between two different sites, and for internal usage, between two different zones, we use these firewalls as well.

Our environment consists of a 3-tier architecture, which is recommended by Check Point. We use the central management system to manage our 3-tier architecture, and we use the Smart Console as well.

This solution has improved the way our organization functions in multiple ways. For example, during the pandemic situation, things completely shifted. People who are working from the office are now working from home, and it is our responsibility, as network security engineers, to monitor the home users. We do not want them to access any blacklisted sites and we want to make sure that they are protected from threats and risks from the internet.

With the Office Mode VPN, it would not be possible to manage work from home because the security would not be in place. We have more granular security options with this firewall.

There are many useful features including the Office VPN, which provides us with a seamless connection for users who are working remotely. This is helpful for our employees that are working from home, as they get the same office environment as if they were on-premises. It is also helpful for us as an organization because we have good control and visibility over their data, including network traffic packets.

There are two major areas that need to be improved.

The study material for Check Point needs to be improved, as well as the cost for certification. One of my friends recently completed the certification and it was costlier than other firewall security certificates.

The reports are generally good but there is not much control. We would like to have more filters. Essentially, we want more granular reporting.

I have been using Check Point NGFW since 2018.

There are no issues with stability that we have found. It is a good brand, and it is one of the oldest and finest firewalls on the market right now.

Scalability is not a problem. It has both UI and CLI-based options to configure it, and it is not difficult to extend or scale. We have between four and six deployments and we plan to continue using it in the future. As we are growing, we will continue to expand its usage.

We have about 12 people working directly with Check Point NGFW. There are approximately 4,000 users who are indirectly using it, as their traffic passes through the firewall. It is used by the entire organization.

We have support available from the Check Point TAC team. Our experience with them has been pretty good. We haven't had any issues or problems communicating with them or getting a solution from them.

Prior to Check Point, we were using Cisco ASA.

The problem with Cisco ASA is that it is a purely CLl-based firewall. Check Point is not only UI and CLI-based, but it is also a next-generation firewall. It has many different and more advanced features, compared to Cisco ASA.

For example, in Cisco ASA, we can use only two gateways in active-active mode, but with this product, we can use five gateways at a time. Another difference is that the Cisco ASA policy configuration options are not as granular as Check Point.

The initial setup process was very straightforward.

Our deployment took between seven and eight months, which included replacing our Cisco ASA firewall. It began with the planning, then implementation, followed by validation, and then we replaced the existing firewall. It would have been a little complex for us, but we did it all in a very straightforward manner.

We have a very good in-house engineering team that does the setup and configuration. We did not require any third-party assistance because we have had full training on it.

Our deployment included seven or eight people who were working in different shifts. Similarly, we have three to four network security engineers working in shifts who maintain it. This includes things like dealing with tickets for updating policies.

We are happy with the return that we are getting from this firewall.

Rather than money, this product is saving the security of our organization. This is the first thing that we were looking for, before deploying this firewall in our organization. We know that ASA is cheaper than Check Point, but our concentration was making the environment more secure.

Cost-wise, it is more expensive than Cisco ASA, but the returns include better security and more granular options. We are happy with that. We were not looking to save money but rather, providing a safer environment for our users.

The price of this product is not too costly and you do not need to pay for all of the features. It is more expensive than Cisco ASA, yet cheaper than a similar product by Palo Alto. The cost varies, depending on the service. For example, we have opted for Geo Protection, which is something that costs extra, but we wanted that feature.

We did not evaluate other options. We only compared the differences between our existing Cisco ASA implementation and Check Point.

The biggest lesson that I have learned from using this product is that the TAC team is very knowledgeable and supportive. If I want to understand something or if I have doubts, then usually clear it up and make sure that I understand the logic. I have learned a lot from them.

This is a product that is rich in features and my advice for anybody who is deploying it for the first time is to learn about them in advance. It is a little bit different than a CLI-based firewall and I recommend learning about all of the features before deploying it.

At this point, we are happy with the results that we are getting from Check Point, and are not looking to replace it. It works as we were expecting before it was deployed.

I would rate this solution a ten out of ten.

In today's world, we can't completely rely on traditional signature-based devices, as technology involving cyberattacks is becoming more sophisticated. We require an all-in-one solution that can defend against newly-created attacks, necessitating the usage of NGFW firewalls. This is where Check Point comes into the picture.

Our environment contains multiple roaming users, where we have to extend trust beyond the organizational network. Not only is there east-west traffic to deal with, but a large volume of north-south traffic, as well. We are required to monitor all of the traffic, which includes many branch offices connected centrally.

Monitoring Data via DLP in such a scenario, we require a single solution, which is nothing but Checkpoint.

It has not only improved our environment but the entire organization. Adopting it brings better functionality.

Starting from the basic firewall blade to sandbox threat emulation and threat extraction, it works seamlessly to protect against both known and unknown malware.

After the version 80.xx migration, Check Point stability and security have improved tremendously.

Through the management server, it has become very easy to manage the configuration for each of the blades, as well as the day-to-day operations. With central management, it has become possible to manage endpoint devices as well.

Check Point has the best technical support, which I feel if we consider other firewall vendors in the market, is an important distinguishing point.

Stateful inspection is one of the strongest points in this product, which is applicable while creating policies for application and URL filtering.

Check Point provides dedicated blades to monitor network traffic, which helps while troubleshooting network and packet-related issues.

It is easy to filter traffic based on source-destination services, time, etc, which is an enhancement over other firewalls in the market.

Check Point fulfills our requirements but it is important that they stay on top of competitors by addressing certain points.

There are issues with stability while upgrading devices with hotfixes. For example, many times, a device will stop giving responses after an upgrade (observed in 80.10 release).

The rule database needs to be improved because when we apply rules for the destination, based on service and application and URL filtering Layer, the parallel lookup fails.

I have more than three years of experience with Check Point NGFW.

Stability can be improved further.

Scalability is excellent.

Technical support is very good and provides the right solutions every time. They are highly skilled.

We have seen many customers migrating their firewall from Sophos to Check Point, or from Cisco to Check Point. The main reason has been that they were not getting NGFW functionality and the security feature sets that Check Point provides.

The initial setup is straightforward.

I implemented it with the help of a vendor.

We are definitely getting most of the things that we expect from this product.

Check Point is a vendor that listens to customers and determines what they want. Based on the requirements and the solutions offered by other vendors, Check Point will negotiate to try and give the customer the best price.

Check Point offers options and operates differently from other vendors with respect to licensing. Each blade requires that you have a license.

We also evaluated Palo alto.

I think people like me love Check Point because in my experience over the years, I have not heard of a comprise where Check Point was protecting the network. As long as the devices are configured properly, this is a very small chance of being compromised.

In general, the NGFW features in Check Point fulfill our requirements, which is expected from a Cybersecurity firm that has been involved in the field for a long time. 

We use firewalls to protect our private environment from the public environment. My IT group is in charge of protecting the environment and maintaining safe usage of the internet. This product gives us a better, safer solution for the users within our company. 

Using this solution saves us time because nowadays, there are many malicious sites, as well as other threats and viruses on the internet. As it is now, we are not required to do anything because we have the antivirus and regular updates from Check Point. That is very helpful for us because when new viruses emerge, we just install the new signature and it works to protect us.

What used to take me seven days to do, now takes me only five. However, this is not just a time benefit because it better protects our environment as well. I estimate a 20% to 30% reduction in the number of attacks, compared to before.

I like the antivirus, attack prevention, three-layer architecture, and data center management features.

The antivirus updates are quite frequent, which is something that I like.

Central management is a key feature. We have between five and ten firewalls on-premises, and if we want to configure or push the same configuration to all of the firewalls, then the centralized management system is very helpful. It means that we only have to push the configuration once and it gets published on all of the firewalls.

The level and availability of training should be improved. I have seen people that are not well trained on the Check Point firewall and the reason is simply that the quality of available training is poor compared to that of other firewalls on the market.

The command-line interface (CLI) should be more user-friendly.

I have been using Check Point NGFW for approximately four years, since 2017.

I work on the Check Point firewall five days a week and the stability is very good. In general, the updates to the software and antivirus are very stable. We have not faced any issues.

It is very easy to scale and extend usage. We started with five firewalls and now there are approximately ten. There is not much effort required to scale and it is not very complex.

Directly or indirectly, there are between 2,000 and 3,000 people using it. Whenever their traffic is required to be sent to the internet from the office environment, the traffic passes through the firewall.

We are very happy with our experience with technical support. They are very knowledgeable and the process for resolving tickets or problems is fast. We have had incidents dealt with quickly by their team. 

Prior to Check Point, we were using Cisco ASA and we are still using it today. The reason for implementing Check Point is that we wanted more advanced features. What we found was that after 2017, we needed better protection for our environment, and that is something that comes with advanced firewalls such as Check Point and Palo Alto.

I'm very happy with the Check Point firewall because it includes many features that are missing from Cisco ASA. Also, it offers a better and easier experience.

One of the significant differences is that Cisco ASA does not have a central management system. If we want to configure 10 firewalls with the same configuration, it is not possible to push them all at once. Instead, you have to configure them one by one. Apart from that, the antivirus and threat management need additional hardware because the functionality is not present in Cisco ASA. 

One of the positive points about Cisco ASA is that the training is very good, and it is available on the internet. This makes it easy to use for somebody who is new to the product. This is unlike the case with Check Point, where quality training is not available.

We found the initial setup to be straightforward, as we have many experienced people in our team and they have worked with Check Point firewalls. 

We used the central management functionality a lot, and we initially configured five or six firewalls. It took between six and seven months for the complete deployment.

Our implementation strategy included the three-layer architecture, the centralized management system, the console, and the web UI. We followed the process that was recommended by Check Point.

Our in-house team was in charge of the deployment. We have a team of seven people that work in shifts, and we did all of the work, with some support from Check Point.

Six or seven people in different shifts are required for maintenance. At any given time, we generally work with two or three people during the same shift. I think that two people working at the same time are sufficient.

We have seen ROI and when you consider the features like central management, antivirus, and threat management, it is a good investment.

We did have cost savings, moving to Check Point from Cisco ASA. We required additional hardware devices, such as an IPS solution, antivirus, and threat management. In addition, we needed too many resources because we had so many individual ASA firewalls. There was no central management system, so more staff were required.

Ultimately, with Check Point, we needed fewer people and we also saved on the cost of hardware.

The price of this solution is average; not too high and not too low. It is more expensive than Cisco ASA but cheaper than Palo Alto.

After the first package of licenses, we have not needed to purchase additional ones. When our license expires then we will purchase another one. 

We also evaluated a solution by Palo Alto and we chose Check Point because it was more cost-friendly.

The biggest lesson that I have learned from using this product is that it is good to see a company like Check Point is continuously working on the quality of their product, and we should learn from that. It is good to improve over time because it is very easy to get into the market, but it is not too easy to sustain. 

My advice for anybody who is implementing this firewall is to ensure that they are trained completely because it is not easy to use. Moreover, there is not much training available online, so you want to have trained with the device. This is a product with many features, which are pros, but these same features can become cons if you are not using it with complete knowledge.

In summary, this is a good product and they have been improving continuously, but there are still some areas to improve.

I would rate this solution an eight out of ten.

I work as an internal network team member. We protect the company environment from outside threats, outside viruses, and ransomware attacks. It is kind of an IT administrator job.

They are protecting internal security as well as giving us security from the outside world or public environment. 

It protects the environment. It gives advanced features to our company, like Antivirus, more granular security policies, and more control over the traffic, e.g., what we want to allow or deny to our environment. 

What I like about this firewall is it has a central management system. We can configure or monitor a number of firewalls at a time from the central management system. 

They have a logging system where we can have our logs visible. The logs are easy to view and understand. 

While the logs are very good and easy to understand, when you want to download these customized logs, they don't have as many features compared to competitive firewalls. 

Check Point has a very good Antivirus feature. However, compared to the competition in the market, it is lacking somewhere. In my last organization, I worked with Palo Alto Networks as well. I found that while they both have an antivirus feature, the Palo Alto antivirus feature is much better. Check Point should improve this feature. It is a good feature, but compared to Palo Alto, it lacks.

I have been using it for the last three years, since 2017.

Check Point is already a very big name in the market. Our software updates, even the Antivirus updates, are very stable in the market. There are no problems with its stability.

Performing maintenance for a solution takes around 12 people. Maintenance is something that our team is capable of. Internally, we have had many training sessions on Check Point Firewall. Our seniors have managed that for us so we are capable of doing it. Most of our BAU is done by us.

Scalability is very easy. I haven't found anything that is the issue with the scalability of this firewall. If you have complete knowledge of it, the scalability is not tough.

I used their assistance many times. The experience with them is sometimes very good. They give the best solution in a short amount of time. Two out of 10 times, I feel that they are only looking to close their tickets. They are keen to do that. My personal experience with the support is an eight out of 10.

We currently use Check Point and Cisco ASA. The purpose for the company is to increase the security. They were only using Cisco ASA Firewall, which is kind of a degrading firewall right now because it lacks many features, which are advanced in Check Point Firewall. With Cisco ASA, we need to purchase additional IPS hardware. But, for Check Point, we do not require that. Also, if we want the same configuration for multiple firewalls at a time, then Cisco ASA does not support that. We have to create the same policy in each firewall.

We have our own on-premises firewalls, not cloud-based. The production time took around nine to 12 months' time. The setup was completed during this time.

We follow the three-tier architecture for this firewall, which is also recommended by Check Point. We have the central management device as well as the web console and firewall.

For the deployment process, there were only four senior network engineers involved from our company.

It is easy to control from the central management system. For example, if we have 10 firewalls, and we want to push that same configuration among them, we can use this solution's central management system to do that simultaneously. So, there is time saving in that way. The time savings does depend on the situation. For example, if I am running half an hour of work on each firewall, that will take around 300 minutes. However, if I do this work from the central management system, then it will only take 30 minutes to push the same configuration to those same 10 devices.

They sell it in one box. In that one box, they sell Antivirus and Threat Prevention. They have everything, so we are not required to purchase additional IPS hardware for it.

The cost of the pricing and licensing are okay. They are giving me a good product as far as I know. It is more expensive than Cisco, but cheaper than Palo Alto, which is fine. It has many good features, so it deserves a good price as well.

I have experience with Palo Alto Networks Firewalls and Cisco ASA Firewall. Compared to these solutions, Check Point has a very good, understandable log viewer. It is easy to view and understand the logs, which helps a lot while doing troubleshooting or making new security policies for the organization. Also, it is very easy to create new security policy rules.

The Check Point Antivirus feature lacks in comparison to Palo Alto Networks. Also, compared to other competitive solutions, the training for Check Point available right now is very expensive as well as the certification is little expensive.

Get properly trained. When I entered this organization, I struggled with this firewall. There are very few good quality training programs available in the market. Or, if it is available, then it is very expensive. So, I advise new people to get properly trained because it has many feature sets, and if they do not use them with the proper knowledge, then it could worsen their situation.

I am happy with the organization's progress, as they work hard on their product. It is a good lesson from a personal level: We should work hard and improve ourselves. 

I would rate this solution as a nine out of 10.