Check Point Quantum Force (NGFW) Reviews

I use it for UTM [Unified Threat Management]. I use a gateway firewall at the office.

Next Generation Firewall, along with Threat Emulation and Threat Extraction, is what I use. Real-time prevention is there to protect against zero-day malware and Check Point Sandbox.

And then, the CPU-based emulation is a better feature than any technologies not having that. Check Point has a CPU-based emulation. Normally, Fortinet and others, they do it differently. But these people work on a technology called CPU-based emulation. 

This CPU-based emulation is a unique CPU-level technology that catches malware before it has an opportunity to deploy or evade detection. They call it SandBlast. Check Point SandBlast Threat Emulation. That is a great feature, which they are using. It controls attempts to bypass OS security controls also. And then it avoids deep security.

I use our Check Point firewall for all the NATing of my applications. I use it for external traffic monitoring where my Internet links are connected, and I use it as a gateway.

The drawback is that I want to push the policy from my management console itself instead of on the Check Point device. For example, if I have two different firewalls, I want to push the policy to the gateway, and then it will take 10 to 20 minutes to roll back the policies. It should be applied faster.

I have been using it for more than a year.  

It is a stable product 99.4% of the time. 

Check Point NGFW has a feature where it can top two of the firewalls, and then we can integrate the performance. 

It's a cluster kind of solution where they can integrate.  

For the firewall, the support is good. 

I also use CloudGuard Security Posture Management. I also used Fortinet.

The major difference, I feel, is the threat emulation. It's zero-day protection. The supply chain attack is very, very low compared to all firewall vendors. 

For example, being parallel to Palo Alto Networks or FortiGate and NFT OS or Check Point, that supply chain attack was very, very low in our Check Point firewall. And then the maintenance was very, very low compared to all.

That is my takeaway. My one of my takeaways before proceeding with my procurement decision was that there are two things: one is the security point. Another one is performance. The last one is very, very important. That is for the supply chain attack because we need to concentrate more on other products also. 

So I don't want to spend too much time on the maintenance part. So this supply chain attack was very, very less compared to other providers since we are using multiple firewalls. This particular firmware was very stable, and there was no need to update until unless it is necessary and shared by Check Point team. So my takeaway is that the supply chain attack was very less compared to all.

If the person knows the technology and the basic functionalities of a firewall, they can integrate it very fast.

We took three days to deploy.

Three people were involved: my IT security manager, myself, and one L3 engineer who deployed the product.

The architecture and functionalities are managed by me, and then the deployment is taken care of by our team members.

Compared to Fortinet and Check Point, both are the same.

Check Point is coming up withsome AI integration and some AI features. They are using threat emulation on the AI front, but they are also discussing the quantum processor, where they have integrated many new features.

Overall, I would rate it a nine out of ten.

My main use case for Check Point NGFW is to filter the whole infrastructure traffic, and we use it as the perimeter firewall for our data center.

Check Point NGFW helps me in my daily operations by managing traffic across almost 30 branches, and we utilize its SD-WAN features to communicate with other third-party companies through a VPN.

For branch communication, we use the SD-WAN feature of Check Point NGFW, and through the VPN, we establish a connection between our company and the third-party companies. Currently, we filter our traffic between the branch sites and third-parties, and access the internet through that exchange firewall.

The best features Check Point NGFW offers in my experience are its application identification and control capabilities, which stand out as we use them beyond Layer 3 communications.

The application identification and control feature of Check Point NGFW helps my organization by allowing quick responses to make decisions and segregate applications that need more attention.

Check Point NGFW positively impacts my organization as it has improved our security posture and made us less vulnerable to attacks compared to our previous status; we can easily filter URLs and enhance web security.

While we don't have specific numbers, we measure increased security through our ability to block malicious attacks, including phishing attacks, easily.

Check Point NGFW has a steep learning curve for starters; it's not easy to learn and is a bit complex to start from scratch.

Check Point NGFW sometimes has limitations on third-party integrations, requiring more specifics rather than being straightforward.

I have been using Check Point NGFW for almost two years.

Check Point NGFW is stable.

We scaled up Check Point NGFW about six months ago, and it handled that scalability fantastically.

Customer support for Check Point NGFW has been stable, even while we faced some issues.

Positive

I did not previously use a different solution; it was similar to Cisco ASA.

The initial setup with Check Point NGFW was a bit complex.

We have seen a return on investment with Check Point NGFW as we have reduced incidents from the previous setup.

My experience with pricing, setup cost, and licensing for Check Point NGFW is that the high subscription fees aren't easy to afford, and it's not recommended for mid-sized companies or businesses. The cost is a little bit high compared to other competitors.

Before choosing Check Point NGFW, I evaluated Cisco, but I didn't look into other options on PeerSpot.

I recommend Check Point NGFW to others looking into it because it's a good protective device.

From the vendor, I was not offered a gift card or incentive for this review.

Check Point NGFW is a fantastic product, and it is also easy to integrate with third-party devices.

On a scale of one to ten, I rate Check Point NGFW a nine.

In our customer environment, Check Point Quantum Force (NGFW) is used for edge security and internal security, both for data center and edge side.

We don't have Check Point Quantum Force (NGFW) personally. We install it for our customers and then take care of it.

What I found very valuable in Check Point Quantum Force (NGFW) is the possibility to share everything with the ThreatCloud. For example, when a customer encounters a new virus, malware, or signature, it gets uploaded into the ThreatCloud and shared among all other customers.

The issues with Check Point Quantum Force (NGFW) are mainly related to reliability. It depends significantly on the hotfix version of the gateway. You could end up with a version that's stable or unstable, or for example, stable for one scenario, but then in certain specific scenarios, it becomes unstable and creates an issue. This requires contacting support, discussing with R&D, and verifying if there is a new version or custom fix to install.

I have been using Check Point Quantum Force (NGFW) for around two years, slightly more.

Check Point Quantum Force (NGFW) is stable overall and behaves the way it should. There are specific issues that are not just limited to the version, but they include processes and blades. When I mention specific issues, it involves different components that make up the security gateway.

Stability concerns are the main reason I chose a seven rating. It's very important for customers because they rely heavily on the security gateway to operate in order to maintain connections.

Based on the documentation, Check Point Quantum Force (NGFW) should handle scalability effectively, since it's based on AI, making the throughput significantly bigger than its predecessor.

Customer support for Check Point Quantum Force (NGFW) is a bit of a hit and miss. Sometimes they have tunnel vision, so they only see the initial request and don't evaluate the whole scenario.

Neutral

My experience with the pricing, setup cost, and licensing of Check Point Quantum Force (NGFW) is that it is straightforward but still expensive. It's quite pricey.

The return on investment for Check Point Quantum Force (NGFW) depends on the customer. Some customers didn't see the value and changed from Check Point to a different product.

Before choosing Check Point Quantum Force (NGFW), we evaluated Palo Alto Networks.

You can add blades in the gateway of Check Point Quantum Force (NGFW). Blades are modules such as antivirus, anti-bot, or filtering, and they help prevent attacks or improve your security and perimeter.

The performance of Check Point Quantum Force (NGFW) varies based on whether it's a VM or a security appliance. The Quantum version, which is fairly new, focuses on the AI trend. It should have better throughput, better performance, and faster processing overall.

I rate Check Point Quantum Force (NGFW) a seven out of ten because it's stable enough, works very well, and doesn't have many CVE vulnerabilities. However, it's sometimes unreliable in terms of stability, depending on the version. Many customers have a positive impact, while others have a worse experience.

I would recommend evaluating your needs for Check Point Quantum Force (NGFW). If you are a small company, this product might be too extensive for your necessities. It depends on the throughput, gigabyte requirements, and pure performance needs. You can always use a VM or SMB Quantum Spark.

My main use case for Check Point NGFW is using it as our data center firewall, which basically keeps the resources behind the data center safe from all the different cybersecurity threats.

Check Point NGFW has made a difference for our data center, especially when some people at some point tried to spoof their IPs within the organization, and upon checking the logs, we found a couple of IPs that had been blocked because they were trying to get in from a different network where we don't expect those IPs, so the traffic was denied because of the IP spoofing setup.

The best features Check Point NGFW offers include unified threat management, web filter engines, and intrusion prevention, which I find valuable because it's important for us to have the security behind the data center down to the dot, and because of the granular policies we set, we can manage every bit of security when it comes to the data center network.

One standout feature relates to a user feature that puts users into sessions every time they are configuring, meaning one person is not going to configure the same thing that another does, and it locks the configuration to avoid confusion where one changes one thing and another person changes something differently on the other side, and when you're done, the session is committed, and you can still roll back in case the commit has an issue, which I find quite beneficial.

Check Point NGFW has positively impacted my organization by providing confidence that it's managing all the threats out there for us, even though at any one point in time, threats are coming in all over the place. The sense of confidence and peace of mind is the biggest positive impact, as cybersecurity is a bit fragile, so a product that gives you peace of mind goes a long way.

I find that the licenses are a bit expensive compared to other vendors, and while the price is justified, at times, renewing them becomes a bit painful, so if it could become a bit more budget-friendly, that would work for me.

That licensing issue would be the main area regarding needed improvements.

I have been working in my current field for three years.

The pricing, setup cost, and licensing process were smooth without any challenges.

Check Point NGFW is reliable, and in terms of scalability, I'd say it's quite okay, considering we're using data center grade, but also there are options for some of the remote branches that we have at a lower cost, so you don't have to buy the bigger devices for the smaller branches, making the scalability suitable, and I rate customer support highly because whenever you log a case with the right level of urgency, they deal with it promptly as required.

I would rate customer support a 10.

Positive

I'm not sure of that information, but I think a different solution was used before I arrived.

Regarding return on investment, it might not really be that kind of metric, but since we've deployed Check Point NGFW, we've not had any incident, which speaks for itself because that is basically what it's about. The fact that we've not had any breach toward the data center side is plenty enough.

My advice to others looking into using Check Point NGFW is that it's quite strong and reliable with cutting-edge threat prevention and unified management, making it a solid foundation for a profitable business. I rate Check Point NGFW a 10 out of 10.

The tool helps with VPN and connecting mobile devices. We also use it for identity security. It filters internet access and controls applications. The firewall has an intrusion prevention system and stops data loss. 

Internet access and filtering are important, and data loss prevention is definitely key. The threat access builder is useful. Application control is also big for us. We use it to check and block application downloads, looking for malicious or rogue software. This feature is very helpful.

Sometimes, the firewall doesn't pick up on certain things. If an attacker is clever and uses a low-profile indicator, the firewall might flag an anomaly but not give enough information to decide if it's worth investigating. The threat intelligence component also has challenges. It doesn't always tie alerts to active campaigns or threat actor groups. We often have to do extra work and use other products to figure these out.

I rate the solution's stability a seven out of ten. 

I rate the tool's scalability an eight out of ten. My company has 2500 users. 

The tool's support was responsive in critical situations, but for non-critical issues, they sometimes dropped the ball or didn't get back quickly enough. We had to do a lot of follow-ups and escalations to our technical account manager.

Neutral

Before choosing Check Point NGFW, we used Palo Alto Networks. We switched because of issues with Palo Alto. Their customer support wasn't very responsive. Some policies weren't working right, letting things through that should've been blocked. We compared different pricing options and features before deciding on Check Point NGFW. The main differences between Palo Alto and Check Point NGFW were mostly in how they worked for us. They both offer good next-gen firewalls, but we had some problems with Palo Alto. Sometimes it wouldn't notify us quickly when something got through. Its prevention wasn't always as strong as we wanted.

We felt Palo Alto's traffic inspection was only partial, not checking everything thoroughly. Check Point NGFW seemed to offer better inspection. Check Point NGFW also had better threat intel and application control. With Palo Alto, we couldn't see all our applications, only some of them. This caused shadow IT problems. Cost was also a factor in our decision.

The initial setup of Check Point NGFW is relatively straightforward. It's similar to other firewalls I've used and not too complex. If you have all the prerequisites in place, it's fairly easy to set up. On a scale of one to ten, with ten being the easiest, I'd rate the setup process around seven or eight.

The deployment takes about a week. We had a deployment process that involved going through change management, getting approvals, notifying stakeholders like the infrastructure team, and deploying the solution.

We used a consultant for the deployment because we were dealing with other initiatives and it was a tight situation timing-wise, even though we could have done it in-house.

Aside from the consultant, we had two or three staff members involved in the deployment. Their job roles were mainly on the security side - security architects, engineers, and analysts. Their roles were fluid, so they could take on various tasks if they had the knowledge or interest. For maintaining the solution, the number of staff required depends on the scale of the deployment. In our setup, about two people were in charge as the main points of contact.

I saw definite operational impacts from using Check Point NGFW. It helped prevent breaches, data security issues, and security incidents. We constantly saw attempts being blocked and picked up by the firewall. This was an improvement over Palo Alto, where some things got through without being detected. With Check Point NGFW, we got a significant return on investment because it prevented a major incident from happening and escalating.

I rate the solution's pricing an eight out of ten. It costs around 100,000-200,000 dollars per month. Besides standard licensing fees, we paid extra for enterprise-level premium support. There were also onboarding costs factored in. These additional costs made it more expensive overall. The total cost was around 100,000 dollars, which was challenging for our budget. Check Point was also pricey, not much different from Palo Alto Networks. However, we decided switching to Check Point was better because it offered more capabilities for a similar price.

I rate the overall solution a seven out of ten. 

My main use case for Check Point Quantum Force (NGFW) is that we use it for a perimeter firewall and separation firewall.

The best features Check Point Quantum Force (NGFW) offers are that it's a good product with a lot of features and a great GUI interface to manage it.

The interface of Check Point Quantum Force (NGFW) stands out because in a single point, I can read all the logs of my device.

Check Point Quantum Force (NGFW) has positively impacted my organization because it is our core security system, and it performs effectively.

At the moment, I haven't any ideas on how Check Point Quantum Force (NGFW) can be improved.

I have been using Check Point Quantum Force (NGFW) for about ten years.

Check Point Quantum Force (NGFW) is very stable.

For our company, Check Point Quantum Force (NGFW) is scalable enough.

We reached out for customer support and received the correct support, the support that we needed.

Positive

Before Check Point Quantum Force (NGFW), we used an old Check Point firewall.

I don't have information on whether we have seen a return on investment with Check Point Quantum Force (NGFW).

I don't know the price because I only made the technical decision, but I spoke about the price with my manager.

We stayed with Check Point and did not evaluate other options before choosing Check Point Quantum Force (NGFW).

I would rate Check Point Quantum Force (NGFW) a nine out of ten because I think we can improve the product a little bit.

My advice to others looking into using Check Point Quantum Force (NGFW) is that it is a good product and can solve a lot of security problems in your company.

My company does not have a business relationship with the vendor other than being a customer, as we are an end user.

I was offered a gift card or incentive for this review.

I prefer not to use my real name or company name when publishing my review.

Check Point is mainly used for internal communication. Our clients have multiple platforms, and customers use it for internal communications and protection, from the DMZ to the LAN to the DMZ, and also for MPLS connectivity with multiple branches. 

As I've seen, the customers also use it as a gateway for publishing their website. This is only for the perimeter, however.

It is very easy to identify the logs. It is also very well managed because of the threat cloud architecture. 

Another thing is that whenever we make changes on the firewall, we first need to publish them and then install the policies. This allows us to double-check the policies before they are implemented, which is helpful.

We faced many challenges. For example, an issue with the managed view that Check Point has. When clicking on a rule, we are supposed to have a full view of that rule and its log portion. This should show what's passing through the rule, what's coming to the rule, and all of that on a single pane of glass. Currently, the log isn't showing when we click on a particular rule. This might be an issue with an upgrade or something. Because of this, we can't implement anything on the live system; we only have a maintenance window every weekend, and it's hard to troubleshoot within an hour.

Another problem is that when we created around two lakhs of Check Point objects on the firewall, it became very slow.

I have been using it for two months. 

It is not slow. But, we implemented two lakhs of objects on the firewall, and that caused the slowness. It can happen with all firewalls, not only Check Point.

Currently, I work with enterprise customers.

It was good. No issues with that.

Positive

I can recommend Check Point, Fortinet, and even SonicWall. 

I come from a system integrator background, we first understand the customer's requirements before suggesting a firewall. Sometimes we aggressively push SonicWall because the user's requirements are more aligned with SonicWall. That's how we propose solutions.

It is very easy to install, not that complicated.

The complexity and time depend on the customer's requirements.

No maintenance: In the past two months, we haven't faced anything that required replacements on the firewall.

Pricing is good. The price is very reasonable for enterprise customers.

It offers average pricing. Previously, I worked as a system integrator, and we faced some cross-product environments where Check Point was quite costly compared to the product we were working with.

Overall, I would rate it an eight out of ten. 

We use the Check Point Next Generation Firewall for whitelisting and blacklisting of addresses. It's part of our identity management solution and is utilized for inbound and outbound traffic services. 

Additionally, it is integrated with our DMZ, managing traffic from an IP addressing scheme. We also use it for monitoring different types of classified and nonclassified applications.

Check Point has improved our organization's ability to manage both classified and nonclassified applications securely, ensuring they pass through multiple layers of security within our firewall infrastructure.

One of the most valuable features is the ability to whitelist and blacklist sources to control access to our ecosystem, ensuring secured SaaS application access. It provides robust security across classified and nonclassified applications and integrates well with our existing infrastructure.

The graphical user interface (GUI) could benefit from some updates, although it is generally satisfactory in its current form.

The solution is stable, and I have the utmost confidence in its software stability.

The application is very scalable, allowing us to manage security across different network layers and support various applications and activities.

Customer support quality depends on the person you interact with. However, the support team we engaged was knowledgeable and well-versed with the application, allowing us to resolve any potential issues effectively.

Positive

We switched to Check Point due to cost and maintenance benefits. The previous solutions required significant resources to handle network and communication alignment during upgrades.

The initial setup is straightforward, with no significant issues arising from the box configuration.

Our implementation team comprised about thirty individuals, including supervisors for each stage, to manage testing, validation, staging, and production.

We conducted a detailed analysis and determined a high return on investment. Maintenance and stability were key factors contributing to a favorable ROI.

We found the pricing reasonable, ensuring the product was not overpriced. However, I am not familiar with the exact cost details.

I would absolutely recommend this solution to others for its robust security and scalability.

I'd rate the solution ten out of ten.