IT Central Station is now PeerSpot: Here's why
Buyer's Guide
Firewalls
June 2022
Get our free report covering Fortinet, Palo Alto Networks, Microsoft, and other competitors of Check Point NGFW. Updated: June 2022.
610,045 professionals have used our research since 2012.

Read reviews of Check Point NGFW alternatives and competitors

Yannick Nganyade - PeerSpot reviewer
Network Solutions Architect at Ecobank Transnational Incorporated
Real User
Top 20
Gives you a lot of information when you are monitoring traffic
Pros and Cons
  • "It is critical that Palo Alto Networks NG Firewalls embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. In my environments, we have an integration with a third-party vendor. As soon as there is new information about new threats and the destination that they are trying to reach on any of our network devices, that traffic will be stopped."
  • "There is a bit of limitation with its next-generation capabilities. They could be better. In terms of logs, I feel like I am a bit limited as an administrator. While I see a lot of logs, and that is good, it could be better."

What is our primary use case?

We use it as an Internet-facing parameter firewall. In my environment, it has security and routing. It is on a critical path in terms of routing, where it does a deep inspection, etc.

How has it helped my organization?

There have been a lot of improvements from security to service.

It is critical that Palo Alto Networks NG Firewalls embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. In my environments, we have an integration with a third-party vendor. As soon as there is new information about new threats and the destination that they are trying to reach on any of our network devices, that traffic will be stopped.

What is most valuable?

Setting up a VPN is quite easy. 

It gives you a lot of information when you are monitoring traffic. 

In terms of user experience, Palo Alto has very good user administration.

Machine learning is important. Although we have not exhausted the full capabilities of the firewall using machine learning, the few things that we are able to do are already very good because we have an integration with a third-party. We are leveraging that third-party to get threat intelligence for some destinations that are dangerous, as an example. Any traffic that tries to go to those destinations is blocked automatically. There is a script that was written, then embedded, that we worked on with the third-party. So, machine learning is actually critical for our business.

What needs improvement?

There is a bit of limitation with its next-generation capabilities. They could be better. In terms of logs, I feel like I am a bit limited as an administrator. While I see a lot of logs, and that is good, it could be better.

I wanted Palo Alto Networks engineering to look at the traffic log, because I see traffic being dropped that happens to be legitimate. It would be interesting for me to just right click on the traffic, select that traffic, and then create a rule to allow it. For example, you sometimes see there is legitimate traffic being dropped, which is critical for a service. That's when actually you have to write it down, copy, a rule, etc. Why not just right click on it and select that link since that log will have the source destination report number? I would like to just right click, then have it pop up with a page where I can type the name of the rule to allow the traffic.

For how long have I used the solution?

I started using Palo Alto in 2015.

What do I think about the stability of the solution?

It is very stable. We had two outages this year that were not good. They were related to OSPF bugs. Those bugs affected our service availability. 

What do I think about the scalability of the solution?

It is quite scalable. I have been able to create a lot of zones to subinterfaces for a number of environments. I don't really have any issues regarding scalability. It meets my expectations.

How are customer service and support?

Palo Alto Networks NG Firewalls technical support is very poor. Three or four months ago, I had a bug where the database of the firewall was locked. You cannot do anything with it. We looked for documentation, giving us a procedure to follow, but the procedure didn't work. We logged a complaint with Palo Alto Networks, and they gave us an engineer. The engineer relied on documentation that doesn't work, and we had already tested. In the end, the engineer gave us an excuse, "No, we need this account to be able to unlock it." This happened twice. The way out of it was just to restart the firewall. You can restart the firewall and everything goes back to normal. Therefore, I think the support that we got was very poor.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I have used Check Point and Cisco ASA.

Initially, when I started with Palo Alto, we had Cisco ASA, but Palo Alto Networks beat ASA hands down.

We have a multi-vendor environment with different providers. Our standard is that we can't have the same firewall for each parameter, so there is some kind of diversity. 

We had ASA looking at one side of the network and Palo Alto Networks looking at the other side of the network. We also had Juniper looking at another side of the network. At the end of the day, ASA was very good, I don't dispute that. However, in terms of functionality and user experience, Palo Alto Networks was better. 

Palo Alto Networks beat ASA because it was a next-generation firewall (NGFW), while ASA was not.

How was the initial setup?

When we bought Palo Alto, we had Juniper devices in our environment. We were told that it was a bit like Juniper, so we were happy. However, some people were a bit skeptical and scared of Juniper firewalls. Because of that, it took us a very long time to put them on the network. However, as soon as we did the implementation, we realized that we were just thinking too much. It was not that difficult. 

We deployed Palo Alto Networks as part of a project for data center implementation. The implementation of the firewall didn't take long.

What about the implementation team?

We buy through a third-party. Our account is managed by IBM.

What was our ROI?

We have seen ROI. There is more visibility in the environment in terms of security. There was a time when we suspected a security breach, and this firewall was able to give us all the logs that we expected. 

What's my experience with pricing, setup cost, and licensing?

Palo Alto is like Mercedes-Benz. It is quite expensive, but the price is definitely justified.

Which other solutions did I evaluate?

One thing is system administration. In our opinion, Palo Alto administration is easier compared to other vendors. I know other vendors who have Check Point. You have to manage Check Point, and it is a bit cumbersome. It is a very nice, powerful firewall, but you need more knowledge to be able to manage Check Point compared to Palo Alto. Palo Alto is very straightforward and nice to use.

In our environment, troubleshooting has been easy. Anybody can leverage the Palo Alto traffic monitoring. In Cisco ASA and Check Point, you also have these capabilities, but capturing the traffic to see is one thing, while doing the interpretation is another thing. Palo Alto is more user-friendly and gives us a clearer interpretation of what is happening.

One thing that I don't like with Palo Alto is the command line. There isn't a lot of documentation for things like the command line. Most documents have a graphic user interface. Cisco has a lot of documents regarding command lines and how to maneuver their command line, as there are some things that we like to do with the command line instead of doing them with the graphic interface. Some things are easy to do on a graphic interface, but not in the command line. I should have the option to choose what I want to do and where, whether it is in the command line or a graphic interface. I think Palo Alto should try to make an effort in that aspect, as their documentation is quite poor.

We would rather use Cisco Umbrella for DNS security.

I compared the price of Palo Alto Networks with Juniper Networks firewall. The Juniper firewall is quite cheap. Also, Palo Alto Networks is a bit expensive compared to Cisco Firepower. Palo Alto Networks is in the same class of Check Point NGFW. Those two firewalls are a bit expensive.

It gives us visibility. In my opinion, the first firewall that I would put on our network is Palo Alto Network and the second would be Check Point.

What other advice do I have?

Palo Alto Networks NG Firewalls is a very good firewall. It is one of the best firewalls that I have used.

I would rate Palo Alto Networks as nine out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Chris Booyens - PeerSpot reviewer
IT Manager at Thyme IT
Real User
Top 20
A rock-solid and sensible product that works very well, comes at a fair price, and requires minimal handling
Pros and Cons
  • "There are many features. VPN, firewalling, and intrusion detection are the main features that are most useful for us at this time."
  • "Their support is fairly good, and they come back to me. I've had an issue once or twice where I couldn't understand what the support person was saying because those calls were probably routed to India. They were a bit difficult to understand, but it is generally not an issue."

What is our primary use case?

We use it for firewalling. Lately, we are also using it for remote access or VPN access for the users to the firewall and then onto the local network for people working from home. We've seen a huge jump in work from home. Everybody is working from home, so we need a secure connection to the office.

I am not using its latest version. I normally wait for a couple of months before upgrading the unit to make sure there are no bugs or issues. I check on the forums to see what other people are saying and whether there are any issues. 

What is most valuable?

There are many features. VPN, firewalling, and intrusion detection are the main features that are most useful for us at this time.

What needs improvement?

Their support is fairly good, and they come back to me. I've had an issue once or twice where I couldn't understand what the support person was saying because those calls were probably routed to India. They were a bit difficult to understand, but it is generally not an issue.

For how long have I used the solution?

I have been using this solution for seven years.

What do I think about the stability of the solution?

It is stable. We've been dealing with it for such a long time. We know exactly how to set it up. Sometimes, clients have got funny ideas, and I just say to them, "You tell me what you need, and I'll do the config and set it up." I've got two clients who have got technical skills. One of them is fairly proficient on Sophos, so he does the work as well, but for most of our other clients, we set it up, and there are no issues. It just works.

What do I think about the scalability of the solution?

It is scalable provided you purchase the correct product. We do a bit of homework. We don't just sell you the first device on the list because that's not always suitable. We do a scope of the client's business. They may be a startup with just five users, but they might have a plan to have 100 or 200 users. We need to just size according to what they anticipate to be. It is no good if we sell them an entry-level device now, and two months later, it is too small. We purchase according to a client's requirements.

We've got clients with four users, and the number can go up to hundreds. I'm currently busy setting one up for 150 users, and obviously, there is much more work involved in doing the remote VPN setups.

How are customer service and technical support?

I use the local support in South Africa. If they can't help me, then I log a case with their international support. They're fairly good, and they come back to me. 

I've had an issue once or twice where I couldn't understand what the support person was saying because those calls were probably routed to India. They were a bit difficult to understand. They spoke so fast, and I could not hear what they were saying, but it is generally not an issue. It is not a showstopper, and we manage to work. If I don't understand, I say to them, "Can we rather chat by email?", which makes it a lot easier.

Which solution did I use previously and why did I switch?

There some other firewalls that my company is using, but they're way below in terms of specs and what they can do. Sophos XG is a layer 7 firewall, and most of the others are only layer 2 firewalls. Sophos is far superior. 

I do not have any knowledge about Cisco, Juniper, or other firewalls. I don't really use them. I use some open-source firewalls, but they're also a lot lighter. I've got one or two very small clients or non-profits where we run an open-source firewall, but the feature set is way limited compared to Sophos.

Sophos XG comes in at a fair price as compared to some of the other products out there. Its learning curve wasn't that steep. It makes sense, and it is a sensible product. It is not like some of the other products.

How was the initial setup?

It is simple for me. I've done so many setups. I can probably do these things in my sleep. In fact, I have got one in front of me now that I need to configure and install. I'm fairly proficient in the use of these devices. I'm happy with it.

The deployment duration depends on the setup. Some simple setups can be up and running within two hours. Complex ones most probably will take four to six hours. It also depends on the client's needs. Some of them have simple requirements, and they just want firewalling and one or two remote-access VPNs. Others have got a complex setup where we need to set up cameras and VoIP telephone systems. It all depends on a client's requirements.

It doesn't require any maintenance because the definitions are auto-updated. I've got a dashboard where I can manage all of the firewall devices from one dashboard. If I want to upgrade the software on 20 of them, I'll log onto the dashboard and upgrade the software just by selecting it and saying upgrade the software, and it is done. It requires very minimal handling on a day-to-day basis. Antivirus definitions, scanning definitions, and all those things are auto-updated anyway.

What's my experience with pricing, setup cost, and licensing?

It comes at a fair price as compared to some of the other products out there. Its price is in the middle. It is not the cheapest, and it is also not as expensive as Juniper, Check Point, and definitely Cisco. Nowadays, everybody is very cost-sensitive, and people don't want to spend unnecessary money, but even before that, it was a fairly priced product.

You've got your choice of what license you want. There are basically two types of licenses, and it depends on what you need to do, and everything is included in that license. There is no cost for VPN and DMZ. You purchase the license, and you know upfront what you're getting or what you're not getting, and that's it. It is one license fee and done and dusted.

What other advice do I have?

I would definitely recommend this solution to others. I recommend it to all my clients. I'm using it at home as well, and it works great. I'm fairly proficient in it, so I'm very confident. I can recommend it to anybody and everybody. It is a great product, and I've got no issue with it.

I would rate Sophos XG a ten out of ten. It is a rock-solid product that works. We've so many deployments of this solution. I'm just happy with it. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Rauf Mahmudlu - PeerSpot reviewer
Network Engineer at a energy/utilities company with 10,001+ employees
Real User
Top 20
Capable of handling a lot of traffic, never had any downtime, and very easy to configure
Pros and Cons
  • "The configuration was kind of straightforward from the command line and also from the ASDM. It was very easy to manage by using their software in Java."
  • "One thing that we really would have loved to have was policy-based routing. We had a lot of connections, and sometimes, we would have liked to change the routing depending on the policies, but it was lacking this capability. We also wanted application filtering and DNS filtering."

What is our primary use case?

We were using ASA 5585 without firepower. We were using it just as a stateful firewall. We also had an IPS module on it. So, we were also using it for network segmentation and network address translations for hosting some of the services or giving access to the internet for our end users.

How has it helped my organization?

Initially, it was good. At the time we bought it, usually, IPS was in a different solution, and the firewall was in a different solution. You had to kind of correlate between the events to find the attacks or unwanted behavior in the network, but it had everything in a kind of single platform. So, the integration was great.

Our bandwidth was increasing, and the number of services that we were hosting was increasing. Our old solutions couldn't catch up with that. Cisco ASA was able to handle a lot of traffic or concurrent connections at that time. We had almost 5 million per week. We didn't have to worry about it not having enough memory and stuff like that. It was a powerful machine.

What is most valuable?

The configuration was kind of straightforward from the command line and also from the ASDM. It was very easy to manage by using their software in Java. 

High throughput, high concurrent connections, easy site-to-site VPN were also valuable. It also had the capability to do double network translations, which is really useful when you are integrating with other vendors for site-to-site VPN.

What needs improvement?

When we bought it, it was really powerful, but with the emerging next-generation firewalls, it started to lack in capabilities. We couldn't put application filtering, and the IPS model was kind of outdated and wasn't as useful as the new one. For the current state of the network security, it was not enough.

One thing that we really would have loved to have was policy-based routing. We had a lot of connections, and sometimes, we would have liked to change the routing depending on the policies, but it was lacking this capability. We also wanted application filtering and DNS filtering.

For how long have I used the solution?

We have been using it for around eight years.

What do I think about the stability of the solution?

Its stability is really great. It is very stable. We didn't have to worry about it. In the IT world, every time you go on holiday, you think that something might break down, but that was not the case with Cisco ASA.

Initially, we had just a single firewall, and then we moved to high availability. Even when it was just one hardware without high availability, we didn't have any problems. Apart from the planned maintenance, we never had any downtime.

What do I think about the scalability of the solution?

We feel we didn't even try to make it scalable. We had 30,000 end users.

How are customer service and support?

We haven't interacted a lot with them because we have our own network department. We were just handling all the problem-solving. So, there were only a couple of cases. Initially, when one of the first devices came, we had some problems with RAM. So, we opened the ticket. It took a bit of time, and then they changed it. I would rate them an eight out of 10.

Which solution did I use previously and why did I switch?

Our bandwidth was increasing, and the number of services that we were hosting was increasing. Our old solutions couldn't catch up with that. We had some really old D-link firewalls. They were not enterprise-level firewalls.

After our IPS subscription ended, we couldn't renew it because Cisco was moving to the next-generation firewall platform. They didn't provide us with the new license. Therefore, we decided to move to Palo Alto. The procurement process is taking time, and we are waiting for them to arrive.

How was the initial setup?

It was straightforward. Cisco is still leading in the network area. So, there are lots of resources where you can find information. There are community forums and Cisco forums, where you can find answers to any questions. You don't even have to ask. You can just Google, and you will find the solution. Apart from that, Cisco provides a lot of certification that helps our main engineers in learning how to use it. So, the availability of their resources was great, and we just followed their best-case scenarios. We could easily configure it.

The deployment took around two or three weeks because we had different firewalls. We had a couple of them, and we migrated all to Cisco. We also had around 30,000 rules. So, the data input part took a lot of time, but the initial installation and the initial configuration were done in a matter of days.

It took us one week to set up the management plane. It had different ports for management and for the data. After finishing with the management part, we slowly moved segments to Cisco. We consolidated the rules from other firewalls for one zone. After Cisco verified that it was okay, we then moved on to the next segment.

What about the implementation team?

We did it ourselves. We had about five network admins for deployment and maintenance.

What was our ROI?

We definitely got a return on investment with Cisco ASA. We have been using it for eight years, which is a long time for IT. We only had one capital expenditure. Apart from that, there were no other costs or unexpected failures. It supported us for a long time.

What's my experience with pricing, setup cost, and licensing?

When we bought it, it was really expensive. I'm not aware of the current pricing.

We had problems with licensing. After our IPS subscription ended, we couldn't renew it because Cisco was moving to the next-generation firewall platform. So, they didn't provide us with the new license.

Which other solutions did I evaluate?

I am not sure about it because back then, I was just an engineer. I didn't have decision-making authority, so I wasn't involved with it.

We recently have done pilots with Check Point and FortiGate for a couple of months. They were next-generation firewalls. So, they had much more capability than ASA, but because of being a pilot, we didn't get full-scale throughput like big enterprise-level firewalls. The throughput was not enough, and their memory cache was always filling up. They were smaller models, but both of them had the features that ASA was lacking. Traffic shaping in ASA is not as good, but these two had good traffic shaping.

What other advice do I have?

I wouldn't recommend this solution because it is already considered to be a legacy firewall.

I would rate Cisco ASA Firewall a strong eight out of 10. It is powerful, but it lacks some of the capabilities.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Alexander Mumladze - PeerSpot reviewer
Network Engineer at LEPL Smart Logic
Real User
Top 5
Good protection and filtering capabilities, and everything can be easily done through the web user interface
Pros and Cons
  • "I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
  • "When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance."

What is our primary use case?

They were placed in a company on the perimeter near the ISP. There were two clusters. One cluster was at the front, and one cluster was near the data center to filter the traffic from the users to the data center and from the data center to the users and outside.

How has it helped my organization?

Our clients were completely satisfied with this firewall in terms of protection from attacks, filtering of the traffic that they wanted, being able to see inside the zip files, etc.

What is most valuable?

I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection.

Its IPS engine also works very fine. I don't have much experience with it because I am an IT integrator, and we only configured it, but the company for which we configured these firewalls used this feature, and they say that IPS works very fine. They were also very pleased with its reporting. They said that its reporting is better than other firewalls they have had.

What needs improvement?

When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance.

In terms of tracking users, the Palo Alto Networks firewall is better than Cisco Firepower.

For how long have I used the solution?


What do I think about the stability of the solution?

It is very stable because it is based on the Cisco ASA Firewall hardware, which is an old-generation firewall. I have had Cisco ASA Firewall for more than 10 years, and they have been working fine till now. So, Cisco Firepower NGFW Firewall's performance and stability are the best. I have never seen any issues or heard from anyone that it is bad.

What do I think about the scalability of the solution?

Its scalability is very good. It was a small implementation. Traffic was maximum of 150 megabits per second. 

How are customer service and support?

I haven't worked with Cisco support.

Which solution did I use previously and why did I switch?

I have had experience with the Fortinet FortiGate firewall. It is very easy, and it does its job very well. Both Firepower and FortiGate do their job very well, but I like the Palo Alto Networks firewall the most. I have not experienced it in a real environment. I have placed it in my lab. It is a very complex firewall, and you need to know how to configure it, but it is the best firewall that I have seen in my life.

As compare to the Palo Alto Networks firewall, both Firepower and FortiGate are simpler. You can just learn which button to use and how to write rules, policies, etc. In Palo Alto, you can not guess this. You should know where each button is, how it works, and what it does. If you don't know, you cannot get the performance you want from Palo Alto. So, Firepower and FortiGate are easier to learn.

Firepower is very good for a small implementation. If you are doing a Cisco setup, you can place kind of 16 devices in one cluster. When it comes to the real environment, you need to have maybe three devices in one cluster. If two of them are in one data center and the third one is in another data center, the third firewall does not work very well when it comes to traffic flow because of the MAC address. When you want to implement Firepower in small infrastructures, it is very good, but in big infrastructures, you would have some problems with it. So, I won't use it in a large environment with five gigabits per second traffic. I will use the Palo Alto firewall for a large environment.

How was the initial setup?

It is straightforward. For me, it is very simple. The menu is quite impressive. Everything that you want to do can be done from the web user interface. You don't need to access the CLI if you don't like it. It is very easy to make rules with its web user interface.

Its deployment took two days. In terms of the implementation strategy, the first cluster was in the data center, and its main job was to filter user traffic going to the data center. The second cluster was on the edge. Its main job was to mitigate attacks on the inside network and to capture the traffic that could have viruses, malicious activities, etc.

What about the implementation team?

I deployed it myself, and it took me two days to deploy two clusters of Cisco Firepower NGFW Firewall. 

What was our ROI?

I think our client did get an ROI. They are very satisfied with what they can do with these firewalls. It fits all of their needs.

What's my experience with pricing, setup cost, and licensing?

Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones.

I don't remember any costs in addition to the standard licensing fees.

What other advice do I have?

Our client didn't implement dynamic policies for dynamic environments because they were a small company, and they didn't need that kind of segmentation. I am not sure if it reduced their firewall operational costs because they were a small company, and the traffic was not so high.

I would rate Cisco Firepower NGFW Firewall an eight out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Thendo Ndzimeni - PeerSpot reviewer
Network Administrator at Automated Outsourcing services
Real User
Top 5
Secure, multifeatured, and user-friendly solution for protecting networks
Pros and Cons
  • "Secure, user-friendly, stable, and scalable network security solution. Installation is straightforward."
  • "Fortinet FortiGate can be integrated with different platforms. They have integrations in place, but I can't say they're 100%."

What is our primary use case?

We use Fortinet FortiGate for web filtering, IPS reporting, and firewall policy routing.

What is most valuable?

What we like about Fortinet FortiGate is that it's fast. You can also use it immediately, e.g. you don't have to wait and apply the policy before you can use it. It's robust and offers immediate usage, unlike Check Point, which we noticed was a slow product.

Fortinet FortiGate is also more secure, depending on how you set up the SD-WAN technology.

We also like the zero trust access, arrays, and the EDR features on this product. It's also 100% more user-friendly, e.g. even when I worked with them configuration-wise. The availability of the support hotline and their knowledgebase articles, e.g. the Cookbook, help a lot. Those articles are accessible to everyone, and they're free.

Whenever you implement a solution, you can run through Cookbook, then you can install the Fortinet certificate if you aren't able to, if you're stuck, but most of the time you are likely to get it right. The Cookbook explain everything straight to the point, and this makes it much easier.

What needs improvement?

Fortinet FortiGate can be integrated with different platforms. They have integrations in place, but I can't say they're 100%.

For how long have I used the solution?

I've used Fortinet FortiGate for three years, and the last time I used it was last year.

What do I think about the stability of the solution?

The product is very stable. It's a powerful product.

What do I think about the scalability of the solution?

Fortinet FortiGate is a scalable product.

How was the initial setup?

Installing Fortinet FortiGate is straightforward. The Cookbook tells you where the issue is, then the packs that come with the software, they are quick to advise on what bugs you can expect, and how those bugs can be fixed. I enjoyed installing the product.

The initial setup for Fortinet FortiGate took less than a week. We spent another week migrating the policy, or recreating the policies on the new object, because of the incompatibility with Check Point. We had to recreate the policies, otherwise, the change was quick, and we just had to mount them and connect the HA link and the other internet link. The setup was quick.

What's my experience with pricing, setup cost, and licensing?

The product has different licensing models, depending on what you're going to do. For the IoT service, initially the program was for free, then the IoT service and the mix firmware that we had, we had to pay.

Services are separate in terms of Fortinet FortiGate license models, e.g. you could have IPS, AV scanning on high availability, etc. The license could be on annual renewal.

Which other solutions did I evaluate?

I evaluated Check Point, but my problem was that it was too slow to install, and you have to wait long while your environment is down. With Fortinet FortiGate, it was instant. Fortinet FortiGate is very easy to install, unlike Check Point. Fortinet FortiGate is a better product.

What other advice do I have?

I have experience with Fortinet FortiGate. I used to manage the product in the past, but in a different company. I transferred to another company into a new position, and Fortinet FortiGate is being used in my current company.

This product can be deployed both on-premises and on cloud. We use version 300E for on-premises, and VM04 on cloud.

They are doing a lot of things to improve Fortinet FortiGate, that I can't think of anything else I'd like added to it. There's zero trust access, the EDR, and the arrays. I can't really say that there's anything that they have not started. They're able to provide what I want.

We started with 100 users of Fortinet FortiGate in the company, then it went up to 270 users, because we also had a child company with end users of this product.

We didn't have to contact technical support for Fortinet FortiGate, because we had a third-party guy who was helping us, and we seldom contact him. If we find an issue, we just email, and he'll write back to us. We also get advise on the old firmware, for example, that there's a higher chance it's static and could be affected by vulnerabilities. Any help was done quickly, and it was nice. Nowadays, we are doing all the work, e.g. not having to contact our third-party guy.

We don't really need a team for deployment and maintenance. There's another engineer we're sharing ideas with, otherwise, deployment and maintenance are both very straightforward. You just need to know what you're doing, e.g. a good path, IPsec channels, etc., and it'll be much easier.

I can recommend Fortinet FortiGate to others, especially because I understand it the most now. We do know everybody won't choose it, because Check Point, Cisco, and other competitors are coming up with robust devices. Everyone wants to win against their competitors, but I'm happy with FortiGate. It's a product I can recommend to others.

I'm rating Fortinet FortiGate a ten out of ten, because it doesn't give me any issues. It's very easy for me to rate it a ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Firewalls
June 2022
Get our free report covering Fortinet, Palo Alto Networks, Microsoft, and other competitors of Check Point NGFW. Updated: June 2022.
610,045 professionals have used our research since 2012.