Check Point Quantum Force (NGFW) Reviews

The Check Point NGFW is the best product that I have ever used. It has pluses and minuses, as do others, but the usability, simplicity, and the configuration abilities are very user-friendly. After a while, other vendors just don’t come close to it.

The second thing is that is just works and it does it with ease. The upgrades and bug fixes are frequent and well documented. Also, the patches just work ;-)

There are some negatives but as I already said, they aren’t many and from my point of view, we can see past them.

It has made our lives and working in the company a lot easier. We have a better overview of the logs and what happens with the traffic in our company. Which means that the search for the certain logs is easy, quick and smooth. The overview of the logs is also very good as it is very detailed. The installation is allot quicker as it was before what also helps us with the implementation of the firewall rules. The rule consolidation is also very important as we have more than 60 fw rule change requests per day.

The rules are very easy to deploy and can be optimized pretty quickly. The R80 has a great feature on how the rules are processed, which costs less in terms of CPU and threads than it did before.

The features that are integrated into the firewall are very useful for our everyday use. Examples of these are the log manager, the firewall monitor commands, and the Linux commands. These are all very useful and helpful.

The VPN tunnels are easy to set up once you understand how they have to be configured.

One of the main features that need improvement is the rule filter export. All of the other vendors can export the filtered IPS as a PDF or CSV file, but with the smart dashboard, it’s just not possible. One can only export the whole rule base and then search for the IPS, which is super time-consuming as you can’t send the whole rule base to a customer. You would get weird questions about certain rules, why they are deployed or configured as they are, and maybe even get unwanted tips on how to change them.

We have been using Check Point NGFW for eight years.

In terms of stability, this solution is very good.

The scalability is high.

The technical support is very good.

We did not use another solution prior to this one.

The initial setup is very easy.

I implemented and deployed Check Point NGFW alone.

Maybe the pricing is a bit high but you get the durability and the duration.

We evaluated Palo Alto and Cisco ASA.

This is a complex high availability solution growing by over 100% per year. The complexity of the business environment made the ability to increase capacity without having to remove previous hardware much easier.

We have a large online presence with users needing realtor access to our environment. 

The improvements to our business are easy to explain. It is faster, easy to use, and there are multiple capabilities all in one box. The best examples are the endpoint and anti-virus options.

The ability to add more firewalls and increase the capabilities, rather than remove the hardware, is an exceptional step forward. No competitor was able to compete with this. Not having to continually replace hardware year after year was a massive driver in the decision-making process. The throughput going up by 100% with each added device is exceptional.

There are many features we have found good.

The best feature is the ability to increase the capacity of the solution by exactly what you add, not losing anything for High Availability. This feature alone will save us as we increase the number of devices in the stack.

Having so many top-end products in one box also assists in managing this device. URL filtering and anti-virus and other services are easy to deploy but assist in getting your company a good name.

The Infinity product seems amazing but we have a long way to go before saying it is successful.

One of the biggest disappointments is the GUI. I felt it was a little bit more clunky than some competitors. The screens don't flow as easily as they should. Improving user experience will further elevate this product.

The way the management console operates is not user-friendly, either. It needs to become less intrusive. The user experience is not as high as it should be due to the problems with the user interface. The newer products in the range seem to address my concerns, which I have had for even the older products.

I have been using Check Point NGFW for six months.

Having leading-class firewalls with massive growth possibilities made the purchasing decision much easier. Having carried out a few PoCs, the obvious decision was the Check Point solution of Maestro and 6500s in a high availability environment.

We use this solution for our perimeter firewall to protect our web applications, systems, and network. We are running our complete business with Check Point.

The complete traffic is managed by Check Point. The Check Point threat emulation blade is enabled to protect zero-day attacks and it will detect and prevent attachments and other payloads from this type of attack.

We have been running Check Point for the last ten years and it protected our network, systems, and applications against the latest attack. Our organization is running 500 applications that are being protected.

The next-generation firewall will manage all of the traffic and prevent the latest & advanced threats from attackers. The latest operating systems R 80.20 is wonderfully designed and allows customers to manage everything with a single console.

The most valuable feature is that we are protected against zero-day threats.

Everything can be managed from a single console.

We would like to see the following improvements:

1. Multiple ISP redundancy.
2. CPU utilization.
3. VPN traffic.
4. HA concept, where if we apply the policy in the primary appliance that should be applied to HA appliance automatically.
5. The number of bugs has to be reduced.
6. The number of false positives should be reduced. 
7. Threat emulation has to be improved.
   
8. Reporting has to be improved.

I have been using Check Point Next Generation Firewall for ten years.

We are happy with Check Point technology and support.

Both IN and OUT traffic is managed by Check Point. We are happy with Check Point technology including the protection, management, and the ability to secure the enterprise network against advanced threats.

The solution is easy to use. I like the monitoring the most.

All the advanced features of automation, especially the first installation of tunnels, need improvement. Also, in terms of configuration, in terms of tuning, and fine-tuning the system, I think they do make it a bit hard for users. Right now, we need to teach admins, the network and security admins about system fine-tuning in terms of load balancing between CPUs, assignment of processes. I don't think a network admin or a system admin should deal with it in terms of when we are speaking about the firewall or networking device. It should be automatic.

It's a stable solution. There are about 15,000 users installed behind the firewall.

It's a scalable solution. It's very good.

It's easy to install Check Point, but not in the case of a large environment and multiple clusters. This is an ongoing project I can't tell you how long deployment takes. It's a huge network that I have. I have three people maintaining the solution.

I have a basic network firewall and not the advanced feature, full feature security system. I think they are the best. Still, for instance, when installing a tunnel in Check Point vs installing a tunnel in Cisco, the difference is that in Check Point nothing makes sense, and in Cisco you have the duration capability, the hierarchy of the configuration.

I would rate this solution as 8 out of 10. Mostly because of configuration problems - problems with configuring VPNs, and panels, etc.

We primarily use the solution as a firewall device and for our VPN.

It gives me very detailed reports. The endpoint solution for clients is wonderful.

We're looking at the endpoint because there are some smaller issues with internet connectivity within our country.

Although they have it now, we don't have a license for it, and I think mobile device security should be a standard feature. I cannot control someone bringing their device to my network and what they do.

Within the first four weeks, we had a few little issues with stability, consideration issues here and there. But the partner helped and gave direction that and now it's better. It's still under warranty so we are okay with it. We have about 250 users. We also have the administrative and the IT team in the company that manages different solutions.

We are definitely planning to increase the scale, especially the endpoint. The cost in comparison with the brand new addition will be okay.

Right now, the agreement we have is elaborate enterprise support. That means we are entitled to an engineer within 48 hours if we have issues that can't be resolved remotely. I've been satisfied with technical support so far.

We were using the Sonicwall NSG 3400. It's a good appliance, but the major problem is they don't have competent technical partners in Nigeria. So all our support was via email, phone, and remote. It wasn't very good which is why we had to change it. Sometimes our network went down and we had to start calling so that we can call on the device. They needed to have someone in Nigeria that could assist. That's why we had to leave it.

The initial setup was very straightforward. You can customize it and change it as you need. But the initial information is wonderful. Initial deployment took approximately two and a half days. Then, to complete everything took a week. Deployment took about 3-4 people.

We had a partner. A representative of Check Point came and did the implementation.

We pay a license fee on a three year basis. We have a three-year license. We pay $5,000-$6,000 a year.

I would advise anyone to try Check Point.

I would rate this solution 7.5 out of 10. I think they should make their licensing simpler.

The management of our company requires a firewall implementation. We use Check Point to complete the network compliance rules.

We use Check Point NGFW for compliance. The initial request leads to secondary requests. By the time you have recognition, there is recollection. For the main service, it's collection.

The feature we have found to be the most valuable is the management firewall. 

This product has room for improvement in technical support for Africa. There are some problems with African countries. We also need to provide excellent services. 

The additional feature I would most like to see included in the next release of this solution is removal management.

The stability of the solution is quite good. It has a great GUI and it's comfortable. I love the content. Of course, you also have great support.

The new version is highly scalable. Now all of our users depend on the firewall. We have about 150 users. We require two staff for deployment and management.

We previously used Sophos. We switched for more security. 

The initial setup was straightforward. Our deployment took two or three weeks. Deploying the first one was two weeks, but the other ones were around one week.

For the first setup, I used a consultant. For the second one, I didn't. We didn't need one.

Licensing costs for this solution are on a yearly basis.

On a scale from one to 10, I would rate this product a nine. Nobody's perfect.

• Perimeter and datacentre firewalls
• URL filtering
• Anti-bot
• Anti-malware
• Application awareness.

Consolidated many of our DMZ services into one appliance, and it's easy to add IPS functionality on firewalls.

All of the above mentioned.

Simplify licensing.