We performed a comparison between Check Point NGFW and Palo Alto Networks NG Firewalls based on our users’ reviews in four categories. Our conclusion is presented below.
Comparison Results: Our users feel Check Point NGFW is the better choice for NG Firewalls. Users appreciate its unique multi-layer, multi-blade approach. Additionally, the central management station allows users to manage everything in one place, helping to improve overall performance. The great price, support, and performance make this a great choice.
"Easy to use support and licensing portal as well as activation process."
"A strong point of FortiGate is that the graphical interface is complete and easy to use, especially if we think there is a list of operations that we are able to perform inside."
"The next-gen features, the unified threat management capabilities are something that just about everybody is interested in at this point."
"Easy to implement, and it is also reliable."
"The most valuable feature is the policy routing and application control."
"The most important feature, normally for small business customers, is link load balancing."
"The response is very quick and they can visually resolve our problems in a short period."
"Fortinet FortiGate's most valuable features are ease of use, flexibility, and most of the configuration we can be done using the GUI. When we compare Fortinet FortiGate with other solutions the firewall policy are very easy to understand."
"The application authentication feature of Check Point is the most valuable as it helps us keep users secure."
"The firewall rule writing and object creation are the best and simplest I've seen on a firewall."
"Apart from it having very good features, I personally like the vulnerability assistance via report management which detects host and network vulnerability."
"It's really simple to set up."
"The technical services always replied in a very fast and effective way."
"Its functionality is highly satisfactory."
"We do not have any problems with stability."
"Its usability is the best for me. As compared to Palo Alto, Juniper, or Cisco firewalls, Check Point firewall has the best user interface for management, reading logs, looking for some objects, and looking for policies."
"The technology's very good. We have had a lot of good experience with this solution."
"The solution does a great job of identifying malicious items and vulnerabilities with URL filtering."
"Compared to other firewalls from Check Point, Fortinet, and Cisco, for example, Palo Alto Networks NG Firewalls use the most advanced techniques. They have sandbox integration and others in the orchestrator. Palo Alto's security features are at a higher level than those of the competitors at the moment."
"It's quite nice. It's very user-friendly, powerful, and there are barely any bugs."
"The most important part of this solution is its reliability, as it just works without any fancy features."
"The most significant benefit is threat protection. Anti-malware uses signatures, so dynamic analyzers like WildFire are the best way to protect the company. It is a firewall based on application control, user ID, and security policy. We can use it based on user and application ID without a stateless firewall or TCPIP ports."
"The solution's most valuable feature is the robust firewall, which we can also use as a UTM device."
"There are many valuable features, such as wireless cloud features."
"It should be more stable. There should be full integration within Fortinet products themselves as well as with other third-party products. Especially when you're not dealing with SIEM and the correlation of the security box, we want Fortinet to be able to share that information with as many other products as it can."
"As far as wanting more scalability or things in the network diagram, it's going to cost you."
"MTBF: Hardware failure is more common when compared to SonicWall or Cisco ASA."
"I'm not sure if it's something that they already have or are developing something, however, we need some dedicated features for container security."
"Technical support for this solution can be improved."
"At first glance, the interface for the device is very confusing."
"Fortinet Fortigate could benefit by simplifying some of their processes."
"Fortinet FortiGate could improve by having better visibility. Palo Alto has better visibility."
"The firewall throughput or performance reduces drastically after enabling each module/blade."
"I would like there to be a way to run packets that capture more easily in the GUI environment. Right now, if we want to read packet captures, we have to do so from the command line."
"Although the GUI is simple to use and fairly comprehensive, more support via CLI would be beneficial for bulk operations."
"Hopefully, in the future, these will be much more plug-and-play and orchestrated from a single administration console."
"The area it needs improvement is the SandBlast Agent. It receives a file, or if it detects a Zero-day attack, it takes the file and analyzes it, either on-premise or in the Check Point Cloud, and then it reports back whether the file is secure or non-secure, or is unknown. That particular area definitely needs a bit more improvement, because there is a delay... where it needs improvement is where [SandBlast is] an appliance-based solution rather than a software or cloud-based solution."
"The only downside to Check Point, is, due to the vast expanse of configurable options, it does become easily overwhelming."
"The frequency of the antivirus updates which we get for Check Point firewalls should increase. They should be of good quality compared to the competitive firewalls on the market. They should give us stable antivirus signatures. That is an area in which they can improve."
"We need east/west Check Point firewalls in order to do micro-segmentation."
"We have a lot of the older firewall models, i.e., the PA-220. It seems that with newer operating systems the PA-220 is becoming slower than when I first bought it. It is not really an issue for users who are passing traffic through the firewall, but more from the management access of it."
"PA-220 Next-Generation Firewall would be perfect if it has spam filtering."
"The tech support was once great, but now it is poor. The tech support has gone south. It is really difficult. I had a Priority 1 case last a week in their queue, and after multiple complaints, I finally got somebody to take the case. These are things that are unacceptable in the business world. They could train their employees better."
"We would like to see the external dynamic list for this solution improved. The current version does not automatically block malicious IP addresses, which would be very useful."
"The level of control and granularity in terms of rule customization could be enhanced. However, compared to our previous solution, Palo Alto provides much better drill-down capabilities."
"I believe it would be beneficial if the solution could integrate with Google Chrome, especially for students who use Chromebooks. However, as far as I know, the solution currently does not support Google Chrome."
"The support could be improved. Palo Alto does not have a support team located in Bangladesh, and their support team operates from another location. Therefore, when we raise a ticket, it takes some time for them to respond, which can be problematic for us."
"Palo Alto can do a little bit better when it comes to the User-ID part. I've been facing problems related to double authentication. You have a computer user, but you also have a VPN user, and when you do a single sign-on to another page, these logs can sometimes generate a problem notification. It doesn't happen a lot, but in some networks, it could be a problem. It would be very helpful to have the ability to restrict the connections that you can have in your VPN. For example, if you have the credentials, you can connect with the same user account from different computers or devices. If you have the domain information, you can connect from different devices. That's a problem that they need to address and resolve. They should ensure that at any moment, only one person is connected through a specific user account."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Check Point NGFW is ranked 5th in Firewalls with 276 reviews while Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 162 reviews. Check Point NGFW is rated 8.8, while Palo Alto Networks NG Firewalls is rated 8.6. The top reviewer of Check Point NGFW writes "Good antivirus protection and URL filtering with very good user identification capabilities". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". Check Point NGFW is most compared with Sophos XG, Cisco Secure Firewall, Netgate pfSense, Azure Firewall and OPNsense, whereas Palo Alto Networks NG Firewalls is most compared with Azure Firewall, Meraki MX, Sophos XG, Netgate pfSense and Cisco Secure Firewall. See our Check Point NGFW vs. Palo Alto Networks NG Firewalls report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi, I would suggest going for Checkpoint, the suitability depends on your specific security needs, budget constraints, network infrastructure, Integration capabilities, cloud integration, compliance and reporting, user-friendly interface but the support and the specific behavior for some solutions for routing, networking balance or specific connectivity is better known constraints, Checkpoint Multiplatform support (Open Servers Solutions) The advantages in Palo Alto (SSL Decryption, Wildfire SandBox Integration, Scalability)
Hi, I would suggest going for Check Point.
I'm with Check Point now, for more than 2 years. IPS, threat prevention, antibot identification, and antivirus notification are up to the mark. Moreover, it has a friendly user interface where anyone can create policies and work on it.