Azure Firewall vs Check Point NGFW comparison

Cancel
You must select at least 2 products to compare!
Cisco Logo
98,383 views|65,159 comparisons
Microsoft Logo
27,627 views|22,405 comparisons
Check Point Logo
27,632 views|19,121 comparisons
Comparison Buyer's Guide
Executive Summary
Updated on Apr 6, 2022

We performed a comparison between Azure Firewall and Check Point NGFW based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: The majority of Azure Firewall users feel that it is simple and straightforward to set up and deploy. Users of Check Point NGFW are divided over whether or not it was simple to deploy. Some reviewers note that Check Point NGFW is simple to deploy when you already have experience with the product.

  • Features: Users of Azure Firewall find it to be both scalable and stable. They point out that it has other valuable features, including its threat intelligence and its auto-scaling features. However, its user interface could be improved.

    Users of Check Point NGFW feel that it is highly scalable and they point out that it has many other valuable features, including its threat detection and firewall features. However, users feel that its stability could be improved.
  • Pricing: Users of Azure Firewall feel that it is a pretty inexpensive product to use. In contrast, users of Check Point NGFW feel that it is expensive.
  • Service and Support: Most users of Azure Firewall feel that the technical support that it offers is good. However, one user notes that the documentation that they offer could be improved. Users of Check Point NGFW are divided over whether or not their technical support is effective. Some users felt that the training that they offer could be improved.

Comparison of Results: Based on the parameters we compared, Azure Firewall seems to be a superior solution. All other things being more or less equal, our reviewers found Check Point NGFW to be rather expensive to purchase. Users of Check Point NGFW feel that the stability of the product could be improved. Additionally, some users are not so impressed by the technical support and training that it offers.

To learn more, read our detailed Azure Firewall vs. Check Point NGFW Report (Updated: January 2023).
670,400 professionals have used our research since 2012.
Q&A Highlights
Question: Which would you recommend - Azure Firewall or Check Point NGFW?
Answer: Azure Firewall is easy to use and provides excellent support. Valuable features include integration into the overall cloud platform, autoscaling, and the ability for users to create virtual IP addresses. The cost of the solution is also competitive. Check Point NGFW solution offers zero-day protection and provides absolute in-depth visibility with a multi-layer, multi-blade approach. This solution has a Smart Controller that allows you to manage all firewalls from one single location. It also has good antivirus protection and knowledgeable, responsive support. Check Point NGFW is cost-effective and provides valuable support to get through required compliance audits. For Azure Firewall you have to specify each IP address used. We also found Azure to be challenging to implement from region to region, as it does not currently offer a universal approach across regions. Support can be very slow to respond and has caused us some downtime, affecting productivity and overall satisfaction. Check Point NGFW VPN can be very complex to set up. The deployment can be more challenging than many other solutions on the market. Although once fully deployed, things do get easier. Debugging can also be very difficult and makes it seem less stable than other solutions out there. Training and support could be better overall. Conclusion Azure is great, especially since almost everyone is part of the Azure ecosystem. However, it may not be the best solution for larger enterprises, as stability is limited, and the scale-up scale-out approach needs improvement. Check Point can be very challenging to set up and deploy, but the unique multi-layer, multi-blade approach gives greater flexibility and transparency, which makes it a great option for larger enterprises with more complex, intricate needs.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now.""We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government.""It brings us the ability to work from anywhere and has allowed us to work remotely without having to incur a lot of other costs. If we didn't have this type of solution, since we have so many on-prem services that are required, we would have likely lost money and been unable to deliver. We have a video services team who helped build the content for our sporting events. When you are watching a Leaf game and those swipes come by as well as the clips and things, those are all generated in-house. Without the ability to access our on-premise resources, we would have been dead in the water. So, the return on that is pretty impressive.""I have not contacted technical support. There is a lot of information on the internet for troubleshooting. All you need to do is use a search engine and you will find the information you are looking for easily.""It helped us a lot with our VPNs for the home office during COVID. There has been more security and flexibility for VPNs and other applications.""The CLI is the most valuable feature. This solution is very flexible and offers different functionality including firewalls and VPN connectivity.""I like the IPS feature, it is the most valuable.""The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands."

More Cisco Secure Firewall Pros →

"The solution should be capable of self-scaling, which is one of the features we like about it.""It is easy for me to protect certain ports or even the IP addresses, as well as do whitelisting, blacklisting, and the FQDN when we want virtual machines connected and to protect certain websites.""In terms of the reporting, it's beautiful. It integrates with Azure monitoring and with Azure policies. That piece is a big help. You can set governing policies and you can use the application firewall, as well as the Azure Firewall, to enforce those policies.""It provided ease of maintenance. If a new firewall was needed, we only had to run the pipelines for this. So, the maintenance was very easy.""I can easily configure it.""All its features are good. That's why we recommend it.""I like its order management feature. It doesn't have the kind of threat intelligence that Palo Alto has, but the order management makes it much simpler to know the difference.""The most valuable feature is threat intelligence. It is based on filtering and can identify multiple threats."

More Azure Firewall Pros →

"The failover from one device to the other has been seamless and we find that we do not lose ongoing SIP calls or Teams chats.""We can also run policies with two or more people simultaneously without problems or the risk of developing the wrong policy.""The packet inspections have been a strong point.""We do not have any problems with stability.""One of the solution's best features include a packet-filtering firewall that examines packets in isolation.""Check Point has strong security features as well as some decent monitoring and management capabilities.""I like the SmartEvent feature. When we see a threat, SmartEvent can create a rule for that. SmartEvent works with the SmartCenter to block a threat attack with a block monitor. The SmartCenter has the management for all the firewalls and data centers in a single dashboard.""The AntiSpam/Mail blade was also one of the main reasons we went with this product since we hosted our email server locally. This was an extra layer of protection on top of the existing solution."

More Check Point NGFW Pros →

Cons
"We only have an issue with time sync with Cisco ASA and NTP. If the time is out of sync, it will be a disaster for the failover.""This solution could be more granular and user-friendly.""It lacks management. For me, it still doesn't have a proper management tool or GUI for configuration, logging, and visualization. Its management is not that easy. It is also not very flexible and easy to configure. They used to have a product called CSM, but it is no longer being developed. FortiGate is better than this solution in terms of GUI, flexibility, and user-friendliness.""If they want to add better features to the current Cisco ASA, they can start by increasing the encryption. That is the only thing they need to improve.""The ease of use needs improvement. It is complex to operate the solution. The user interface is not friendly.""Cisco ASA Firewall could improve by adding more advanced features such as web filtering, which is available in the next-generation firewalls. However, the Cisco ASA Firewall I am using could be old and these features have been updated.""There are some limitations with SSL. Regarding the security assessment for the ISO 27000 standard, there are certain features that Cisco needs to scale up. Not all products support it, so you need to be slightly careful, especially on the site track.""Third-party integrations could be improved."

More Cisco Secure Firewall Cons →

"Azure Firewall should have a free trial version for new users so that they can evaluate it before deploying it.""It is a cloud service, but the lending speed for each region is not always the same. For example, in China, the speed is slow. They need to think about how to make sure that the service pace or speed is always the same in all regions. It would be a great improvement if they can provide the same pace worldwide.""The threat intelligence part could be better. I don't see why our customers have to get an additional solution with Azure Firewall. It would be great if they made it on par with Palo Alto.""It would be nice to be able to create groupings for servers and offer groups of IP addresses.""An Azure firewall is not a real firewall.""The development area and QA area could be improved. With those improvements, we can improve projects and take even less time to implement them.""You have to have a defined IP range within your network to associate it with your network. The problem is you have to plan ahead of time if you expect to use the firewall in the future so that you don't have to reconfigure your subnets or that specific IP range. Other than that, I don't any issues. I use it for basic configuration for a single application, so I really don't try to leverage it for multiple applications where I might find some complexity or challenges.""It has fewer features than you can get from other firewalls, like anti-spam and anti-phishing. Those kinds of things are not included. It only includes IDS and IDB."

More Azure Firewall Cons →

"There should be better integration with our current NAC solution to increase the granularity of policies that we implement.""Potential improvements could be made around simplifying VPN functionality and configuration.""In terms of what could be improved, I would say the application control and the visibility. I'd like granularity where you can have all the levels of policies that are defined, including the intel threat. It depends on what kind of intel threat the company has.""There needs to be advanced troubleshooting.""The upgrade is something we would like to be improved in the future as the frequency of hotfixes is too much, and by the time we finish the one round, we already have the new version released and are required to upgrade.""There are issues with stability while upgrading devices with hotfixes.""One of the main features that need improvement is the rule filter export.""Pricing needs to be lowered from start, this would be more effective than lowering it during negotiations."

More Check Point NGFW Cons →

Pricing and Cost Advice
  • "The price is comparable."
  • "We sell Cisco ASA Firewall as a bundle — the price is very cheap. If a customer were to go for renewal direct from Cisco, then the price would be quite high."
  • "It definitely competes with the other vendors in the market."
  • "The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
  • "I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
  • "It is affordable. The hardware is not that expensive anymore. It is a matter of licensing these days."
  • "Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain."
  • "I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
  • More Cisco Secure Firewall Pricing and Cost Advice →

  • "Azure Firewall is quite an expensive product."
  • "The licensing module is good."
  • "The total cost of ownership is much less than Palo Alto, Cisco, or any other brand."
  • "It is pay-as-you-go. So, you pay based on the usage. If I remember it well, there is a basic fee, and there is a traffic fee. It is not per month. It is per hour or something like that. It is not so expensive."
  • "Azure Firewalls operate on a pay-as-you-go model, similar to cloud services."
  • "The solution is cheaper than other brands. My company has an enterprise contract and we finally got a good price with Azure."
  • "Azure Firewall comes with Azure native services. We did not buy any kind of license for it. Whether you have a free subscription or a pay-as-you-go model, you can deploy the Azure Firewall service... The amount that you use will determine how much you pay."
  • "It is expensive, especially with the premium functions. For one of the clients, it was very expensive. You have to use it more at an enterprise level, and there, it was not at an enterprise level. So, it was very costly, but security-wise, it was a very wise decision to use it that way."
  • More Azure Firewall Pricing and Cost Advice →

  • "The cost of the pricing and licensing are okay. They are giving me a good product as far as I know. It is more expensive than Cisco, but cheaper than Palo Alto, which is fine. It has many good features, so it deserves a good price as well."
  • "They sell it in one box. In that one box, they sell Antivirus and Threat Prevention. They have everything, so we are not required to purchase additional IPS hardware for it."
  • "It is more expensive than Cisco ASA but cheaper than Palo Alto."
  • "Each blade requires that you have a license."
  • "The price of Check Point is lower than Palo Alto but higher than Cisco ASA."
  • "The price of this product is not too costly and you do not need to pay for all of the features."
  • "The vendor has a very flexible licensing approach."
  • "Check Point should provide some basic license for mobile access VPN by default, for at least five to ten users."
  • More Check Point NGFW Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    670,400 professionals have used our research since 2012.
    Answers from the Community
    Netanya Carmi
    Anil Redekar - PeerSpot reviewerAnil Redekar (Infosys)
    Real User

    Check Point firewall does a deep inspection of packets till Layer 7 and is more compatible with the organizational environment. 


    The Azure firewall is also a cloud-based security solution that also provides Advance Threat Protection. 

    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer:One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer:Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure… more »
    Top Answer:Both products are very stable and easily scalable. The setup of Azure Firewall is easy and very user-friendly and the… more »
    Top Answer:Both of these solutions are excellent options that provide flexible scalability and solid security. Fortinet Fortigate… more »
    Top Answer:I have experience on both from Disti and channel experience. Please find below my comments (nothing new as such)… more »
    Top Answer:Azure Firewall is easy to use and provides excellent support. Valuable features include integration into the overall… more »
    Top Answer:The central management console has helped with segregation, where planned interventions with management consoles do not… more »
    Comparisons
    Also Known As
    Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
    Check Point NG Firewall, Check Point Next Generation Firewall
    Learn More
    Overview

    The Cisco Secure Firewall portfolio delivers greater protections for your network against an increasingly evolving and complex set of threats. With Cisco, you’re investing in a foundation for security that is both agile and integrated- leading to the strongest security posture available today and tomorrow.

      From your data center, branch offices, cloud environments, and everywhere in between, you can leverage the power of Cisco to turn your existing network infrastructure into an extension of your firewall solution, resulting in world class security controls everywhere you need them.

      Investing in a Secure Firewall appliance today gives you robust protections against even the most sophisticated threats without compromising performance when inspecting encrypted traffic. Further, integrations with other Cisco and 3rd party solutions provides you with a broad and deep portfolio of security products, all working together to correlate previously disconnected events, eliminate noise, and stop threats faster.

      Azure Firewall is a user-friendly, intuitive, cloud-native firewall security solution that provides top-of-the-industry threat protection for all your Azure Virtual Network resources. Azure Firewall is constantly and thoroughly analyzing all traffic and data packets, making it a very valuable and secure fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. Azure Firewall allows users to create virtual IP addresses and provides for secure DDoS protection for the virtual machines on your network. It also provides fast and efficient east-west and north-south traffic security.

      Azure Firewall is a managed, cloud-based network security service built to protect your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.

      Azure Firewall has two significant offerings, Standard and Premium.

      Azure Firewall Standard works directly with Microsoft Cyber Security and supplies excellent L3-L7 filtering and threat awareness. The proactive real-time threat awareness will quickly alert you and immediately deny all traffic to and from any known problematic or suspicious domains or IP addresses. Microsoft Cyber Security is updated continually to protect against all new and known potential threats at all times. To learn more about Azure Firewall Standard, click here.

      Azure Firewall Premium provides everything the standard version does, and additionally adds extra levels of data encryption, network intrusion detection, extended URL filtering, and Web category filters. To learn more about the added features of Azure Firewall Premium, click here.

      Key Benefits and Features of Azure Firewall:

      • High availability - You do not need load balancers with Azure Firewall; it's already built in and ready to go.
      • Self-scalability - Azure Firewall is intuitive and will auto-scale as needed based on traffic flow to be ready for peak traffic times.
      • Threat awareness - Using Microsoft Cyber Security to filter traffic, Azure Firewall will deny any known problematic threats to keep your network safe.
      • Additional IP addresses - You can securely add up to 250 public IP addresses with Azure Firewall
      • Improved web category filtering - You can set up specific protocols to allow or deny categories within websites that are deemed inappropriate for use within your network. You have the ability to organize categories based on a defined set of descriptions.

      What our real users have to say:

      Many PeerSpot users found Azure Firewall to be very user-friendly and easy to use. They liked that it offers seamless integration to the cloud and were especially pleased with the threat filtering options.

      Regarding integration and threat intelligence, our users wrote:

      “The most valuable feature is the integration into the overall cloud platform.”

      The most valuable feature is threat intelligence. It is based on filtering and can identify multiple threats.”

      I think that one of the best features is definitely the premium version, along with the IDPs in terms of the intrusion detection and prevention system.”



      Check Point NGFW is a next generation firewall that enables safe usage of internet applications by blocking malicious applications and unblocking safe applications. Check Point NGFW, which uses deep packet inspection to identify and control applications, has features such as application and user control and integrated intrusion prevention (IPS), as well as more advanced malware prevention capabilities like sandboxing.

      Check Point NGFW includes 23 firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance.

      Benefits of Check Point's Next Generation Firewall

      • Robust security: Check Point NGFW delivers the best possible threat prevention with SandBlast Zero Day protection. The SandBlast protection agent constantly inspects passing network traffic for exploits and vulnerabilities. Suspicious files are then emulated in a virtual sandbox in order to detect and report malicious behavior.

      • Security at hyperscale: On-demand hyperscale threat prevention performance provides cloud level expansion and resiliency on premises.

      • Unified management: Check Point's SmartConsole makes it easy to manage and configure network security environments and policies. With the SmartConsole, users can manage all the firewall gateways and access logs and install databases from one location. Unified management control across the network increases the efficiency of security operations and reduces IT costs.
      • Continuous logging: Check Point NGFW’s Threat Management feature detects vulnerabilities and logs them. Using the logged data, users can easily create and implement efficient security policies.

      • Remote access: The remote access VPN provides a seamless connection for remote users.

      Check Point NGFW is suitable for organizations of all sizes, from small businesses to larger enterprises.

      Reviews from Real Users

      Check Point NGFW stands out among its competitors for a number of reasons. Two major ones are its intrusion prevention feature as well as its centralized management, which makes it very easy to deploy firewall policies to many firewalls with one click.

      Shivani J., a network security administrator, writes, "Check Point has a lot of features. The ones I love are the antivirus, intrusion prevention, and data loss prevention."

      G., a network administrator at Secretaría de Finanzas de Aguascalientes, writes, “Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution. The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters.”

      Arun J., a senior network engineer, notes, “The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them.”

      Offer
      Learn more about Cisco Secure Firewall
      Learn more about Azure Firewall
      Learn more about Check Point NGFW
      Sample Customers
      There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
      Information Not Available
      Control Southern, Optimal Media
      Top Industries
      REVIEWERS
      Financial Services Firm16%
      Comms Service Provider13%
      Computer Software Company9%
      Government8%
      VISITORS READING REVIEWS
      Computer Software Company20%
      Comms Service Provider18%
      Government7%
      Educational Organization5%
      REVIEWERS
      Financial Services Firm29%
      Government14%
      Manufacturing Company14%
      Computer Software Company14%
      VISITORS READING REVIEWS
      Computer Software Company22%
      Comms Service Provider10%
      Financial Services Firm7%
      Government7%
      REVIEWERS
      Financial Services Firm24%
      Computer Software Company15%
      Comms Service Provider7%
      Government7%
      VISITORS READING REVIEWS
      Computer Software Company19%
      Comms Service Provider16%
      Financial Services Firm8%
      Government7%
      Company Size
      REVIEWERS
      Small Business35%
      Midsize Enterprise25%
      Large Enterprise40%
      VISITORS READING REVIEWS
      Small Business28%
      Midsize Enterprise18%
      Large Enterprise53%
      REVIEWERS
      Small Business19%
      Midsize Enterprise26%
      Large Enterprise56%
      VISITORS READING REVIEWS
      Small Business23%
      Midsize Enterprise17%
      Large Enterprise60%
      REVIEWERS
      Small Business28%
      Midsize Enterprise18%
      Large Enterprise54%
      VISITORS READING REVIEWS
      Small Business25%
      Midsize Enterprise19%
      Large Enterprise56%
      Buyer's Guide
      Azure Firewall vs. Check Point NGFW
      January 2023
      Find out what your peers are saying about Azure Firewall vs. Check Point NGFW and other solutions. Updated: January 2023.
      670,400 professionals have used our research since 2012.

      Azure Firewall is ranked 14th in Firewalls with 17 reviews while Check Point NGFW is ranked 4th in Firewalls with 162 reviews. Azure Firewall is rated 7.0, while Check Point NGFW is rated 9.0. The top reviewer of Azure Firewall writes "Good value for your money, good URL filtering, supports intrusion prevention, and is stable". On the other hand, the top reviewer of Check Point NGFW writes "Centrally managed, good antivirus and attack prevention capabilities, knowledgeable support". Azure Firewall is most compared with Palo Alto Networks NG Firewalls, Fortinet FortiGate-VM, Palo Alto Networks VM-Series, pfSense and Fortinet FortiGate, whereas Check Point NGFW is most compared with Fortinet FortiGate, Palo Alto Networks NG Firewalls, pfSense, OPNsense and Juniper SRX. See our Azure Firewall vs. Check Point NGFW report.

      See our list of best Firewalls vendors.

      We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.