IT Central Station is now PeerSpot: Here's why

Azure Firewall vs Check Point NGFW comparison

Cancel
You must select at least 2 products to compare!
Executive Summary
Updated on April 6, 2022

We performed a comparison between Azure Firewall and Check Point NGFW based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: The majority of Azure Firewall users feel that it is simple and straightforward to set up and deploy. Users of Check Point NGFW are divided over whether or not it was simple to deploy. Some reviewers note that Check Point NGFW is simple to deploy when you already have experience with the product.

  • Features: Users of Azure Firewall find it to be both scalable and stable. They point out that it has other valuable features, including its threat intelligence and its auto-scaling features. However, its user interface could be improved.

    Users of Check Point NGFW feel that it is highly scalable and they point out that it has many other valuable features, including its threat detection and firewall features. However, users feel that its stability could be improved.
  • Pricing: Users of Azure Firewall feel that it is a pretty inexpensive product to use. In contrast, users of Check Point NGFW feel that it is expensive.
  • Service and Support: Most users of Azure Firewall feel that the technical support that it offers is good. However, one user notes that the documentation that they offer could be improved. Users of Check Point NGFW are divided over whether or not their technical support is effective. Some users felt that the training that they offer could be improved.

Comparison of Results: Based on the parameters we compared, Azure Firewall seems to be a superior solution. All other things being more or less equal, our reviewers found Check Point NGFW to be rather expensive to purchase. Users of Check Point NGFW feel that the stability of the product could be improved. Additionally, some users are not so impressed by the technical support and training that it offers.

To learn more, read our detailed Azure Firewall vs. Check Point NGFW report (Updated: May 2022).
Buyer's Guide
Azure Firewall vs. Check Point NGFW
May 2022
Find out what your peers are saying about Azure Firewall vs. Check Point NGFW and other solutions. Updated: May 2022.
608,010 professionals have used our research since 2012.
Q&A Highlights
Question: Which would you recommend - Azure Firewall or Check Point NGFW?
Answer: Azure Firewall is easy to use and provides excellent support. Valuable features include integration into the overall cloud platform, autoscaling, and the ability for users to create virtual IP addresses. The cost of the solution is also competitive. Check Point NGFW solution offers zero-day protection and provides absolute in-depth visibility with a multi-layer, multi-blade approach. This solution has a Smart Controller that allows you to manage all firewalls from one single location. It also has good antivirus protection and knowledgeable, responsive support. Check Point NGFW is cost-effective and provides valuable support to get through required compliance audits. For Azure Firewall you have to specify each IP address used. We also found Azure to be challenging to implement from region to region, as it does not currently offer a universal approach across regions. Support can be very slow to respond and has caused us some downtime, affecting productivity and overall satisfaction. Check Point NGFW VPN can be very complex to set up. The deployment can be more challenging than many other solutions on the market. Although once fully deployed, things do get easier. Debugging can also be very difficult and makes it seem less stable than other solutions out there. Training and support could be better overall. Conclusion Azure is great, especially since almost everyone is part of the Azure ecosystem. However, it may not be the best solution for larger enterprises, as stability is limited, and the scale-up scale-out approach needs improvement. Check Point can be very challenging to set up and deploy, but the unique multi-layer, multi-blade approach gives greater flexibility and transparency, which makes it a great option for larger enterprises with more complex, intricate needs.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I like that Cisco Firepower NGFW Firewall is reliable. Support is also good.""One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now.""The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy.""Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be.""Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports.""We have not had to deal with stability issues.""A good intrusion prevention system and filtering.""If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."

More Cisco Firepower NGFW Firewall Pros →

"Azure's cost-effectiveness is its major advantage.""I can easily configure it.""Microsoft's technical support is very good. They're quite knowledgable and responsive.""All its features are good. That's why we recommend it.""The solution is stable.""In terms of the reporting, it's beautiful. It integrates with Azure monitoring and with Azure policies. That piece is a big help. You can set governing policies and you can use the application firewall, as well as the Azure Firewall, to enforce those policies.""The solution should be capable of self-scaling, which is one of the features we like about it.""Among the most valuable features are the DDoS protection that protects your virtual machines, the threat intelligence, and traffic filtering."

More Azure Firewall Pros →

"The level of security is excellent. It protects our organization well.""Check Point has a really cool GUI.""I think that the most valuable feature is the prevention of known and zero-day threats because they are constantly trying to access your company and compromise its data.""It provides access to the Internet for corporate resources in a secure manner.""It's offering great security while also being rather easy to manage.""The only area that Check Point still seems to excel in is their logging.""In addition to the different security features that Check Point security solutions have, their integration with other technologies makes the security environment a complete security type.""The activation of additional features is very easy and well documented."

More Check Point NGFW Pros →

Cons
"Web filtering needs improvement because sometimes the URL is miscategorized.""Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment.""Most of the features don't work well, and some features are missing as well.""It would be great if some of the load times were faster.""This product is managed using the Firepower Management Center (FMC), but it would be better if it also supported the command-line interface (CLI).""The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore.""The performance should be improved.""The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area."

More Cisco Firepower NGFW Firewall Cons →

"It would be nice to be able to create groupings for servers and offer groups of IP addresses.""They can improve the pricing of Azure Firewall.""An Azure firewall is not a real firewall.""Azure Firewall has limited visibility for IDPS, no TLS inspection, no app ID, no user ID, no content ID, no device ID. There is no antivirus or anti-spyware. Azure Firewall doesn't scan traffic for malware unless it triggers an IDPS signature. There is no sandbox or machine learning functionality, meaning we are not protected from Zero-day threats. There is no DNS security and limited web categories.""The threat intelligence part could be better. I don't see why our customers have to get an additional solution with Azure Firewall. It would be great if they made it on par with Palo Alto.""It has fewer features than you can get from other firewalls, like anti-spam and anti-phishing. Those kinds of things are not included. It only includes IDS and IDB.""It needs a lot of improvement, especially on intruder detection. They are working hard on that.""Right now, with Azure Firewall, we cannot have a normal inbound traffic flow. For inbound, Microsoft suggests using application gateways, so the options are very limited. I cannot use this firewall as an intermediate firewall because of the limitations, and I cannot point routing to another firewall. So if I want to use back-to-back firewall architecture in my environment, I cannot use Azure Firewall for that type of configuration either."

More Azure Firewall Cons →

"Potential improvements could be made around simplifying VPN functionality and configuration.""Check Point should add additional management choices.""My customers complain that the interface isn't user-friendly.""The price of this product could be improved.""The speed of technical support is very slow and is something that should be improved.""The training for Check Point Firewall should increase, including the number of Training Centers. For most new people in our organization, we have to provide them training from our end, as they are not trained in Check Point Firewalls. So, we have to do the training, from our point of view, to make our engineers able to use Check Point Firewalls. However, with other firewalls, they are already trained, so we are not require to provide them training. This could be improved by the Check Point Community.""I would like to see an improvement of built-in monitoring capabilities such as throughput. Practically visualization of CPview outputs into beautiful pink GUI will do it.""Debugging could be improved when compared to the competition."

More Check Point NGFW Cons →

Pricing and Cost Advice
  • "Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
  • "This product requires licenses for advanced features including Snort, IPS, and malware detection."
  • "This product is expensive."
  • "For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
  • "The price of Firepower is not bad compared to other products."
  • "The solution was chosen because of its price compared to other similar solutions."
  • "The price is comparable."
  • "It definitely competes with the other vendors in the market."
  • More Cisco Firepower NGFW Firewall Pricing and Cost Advice →

  • "Azure Firewall is more expensive. If Microsoft can make Azure Firewall cheaper, I can see that all clients will think of using it. One client used FortiGate because it is much cheaper. Some clients ask me for Cisco, but in the cloud estimate, I found its cost is the same as Azure Firewall."
  • "Azure Firewall is quite an expensive product."
  • "The licensing module is good."
  • "The total cost of ownership is much less than Palo Alto, Cisco, or any other brand."
  • "It is pay-as-you-go. So, you pay based on the usage. If I remember it well, there is a basic fee, and there is a traffic fee. It is not per month. It is per hour or something like that. It is not so expensive."
  • "Azure Firewalls operate on a pay-as-you-go model, similar to cloud services."
  • More Azure Firewall Pricing and Cost Advice →

  • "This product is not cheap and there are additional costs that depend on what model or package that you buy."
  • "Palo Alto is somehow not as good as Check Point, budget-wise and performance-wise. Palo Alto is more costly than Check Point."
  • "Comparatively, Check Point pricing is a little high. However, if you have that budget, I would recommend anybody to go with Check Point."
  • "The pricing and licensing are expensive. If you compare it with Fortinet, then it is cheaper on a yearly basis. However, Check Point is the most expensive firewall right now in terms of licenses and its appliance. My recommendation is if you want a long-term investment, then you should use an open server. If you use an open server, then the latency is really low. If you pay for a full appliance, it's more expensive."
  • "Use the basic sizing tool to do the correct sizing so you don't waste too much money, because it's not a very cheap solution when compared to other vendors."
  • "The prices are good for its features. The benefit of its license is we get timely security prevention updates. The price is good for the technology that we get."
  • "Pricing is a little high compared to competitive firewalls, but it is easy to go through the licensing steps."
  • "One of the main reasons that we went with Check Point is that they provide a good solution for a firewall but at an affordable price. As a state agency, we can't afford Cisco Firepower. It's just out of our budget to be able to pay for something where licensing and hardware are so expensive. Check Point has really met our needs for a budget-friendly solution."
  • More Check Point NGFW Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    608,010 professionals have used our research since 2012.
    Answers from the Community
    Netanya Carmi
    Anil Redekar - PeerSpot reviewerAnil Redekar (Infosys)
    Real User

    Check Point firewall does a deep inspection of packets till Layer 7 and is more compatible with the organizational environment. 


    The Azure firewall is also a cloud-based security solution that also provides Advance Threat Protection. 

    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer: The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer:Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure… more »
    Top Answer:Both products are very stable and easily scalable. The setup of Azure Firewall is easy and very user-friendly and the… more »
    Top Answer:Both of these solutions are excellent options that provide flexible scalability and solid security. Fortinet Fortigate… more »
    Top Answer:I have experience on both from Disti and channel experience. Please find below my comments (nothing new as such)… more »
    Top Answer:Azure Firewall is easy to use and provides excellent support. Valuable features include integration into the overall… more »
    Top Answer:Weaknesses:  CP NGFW can't create redundant IPsec tunnel with other OEM firewalls. Log size is too high I believe… more »
    Comparisons
    Also Known As
    Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
    Check Point NG Firewall, Check Point Next Generation Firewall
    Learn More
    Overview

    Cisco Firepower Next-Generation Firewall (NGFW) is a firewall that provides capabilities beyond those of a standard firewall and delivers comprehensive, unified policy management of firewall functions, application control, threat prevention, and advanced malware protection from the network to the endpoint.

    Cisco NGFW Firewalls include advanced threat defense capabilities to meet diverse needs, from small offices to high-performance data centers and service providers, and are deployed in leading private and public clouds. Available in a wide range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Cisco NGFW firewalls are also available with clustering for increased performance, high availability configurations, and more.

    Key Features of Cisco NGFW Firewalls

    • Breach prevention and advanced security: Prevent attacks before they get inside. Cisco provides its firewalls with the latest intelligence to stop emerging threats and employs filtering to enforce policies on hundreds of millions of URLs. Cisco NGFW offers built-in sandboxing and advanced malware protection that continuously analyzes file behavior to quickly detect and eliminate threats.

    • Comprehensive network visibility: Constantly monitor your network so you can rapidly spot and stop bad behavior. Cisco NGFW provides a holistic view of all activity and provides a clear picture of threat activity across users, hosts, networks, and devices, as well as information on threats and website, application, and VM activities.

    • Flexible management and deployment options: Centrally deploy, customize, and manage all your appliances.

    • Fast detection: Detect threats in seconds and detect the presence of a successful breach within hours or minutes. Cisco NGFW allows you to deploy consistent policy that's easy to maintain, with automatic enforcement across all the different parts of your organization.

    • Automation and product integrations: Seamlessly integrate with Cisco tools and automatically share threat information, event data, policy, and contextual information with email, web, endpoint, and network security tools. Cisco NGFW automates security tasks like impact assessment, policy management and tuning, and user identification.

    Reviews from Real Users

    Cisco NGFW stands out among its competitors for a number of reasons. Two major ones are its extensive discovery abilities that enable you to constantly see what is happening on your network and take action when necessary, and the high level of protection it provides.

    Mike B., a director of IT security at a wellness & fitness company, writes, "It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."

    Zhulien K., the lead network security engineer at TechnoCore LTD, notes, " The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy. Again, with that being said, I cannot shy away from giving kudos to all of the other features such as AVC (Application Visibility and Control), SSL Decryption, Identity policy, Correlation policy, REST API, and more. All of the features that are incorporated in the Cisco Firepower NGFW are awesome and easy to configure if you know what you are doing. Things almost always work, unless you hit a bug, which is fixed with a simple software update. "

    Azure Firewall is a user-friendly, intuitive, cloud-native firewall security solution that provides top-of-the-industry threat protection for all your Azure Virtual Network resources. Azure Firewall is constantly and thoroughly analyzing all traffic and data packets, making it a very valuable and secure fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. Azure Firewall allows users to create virtual IP addresses and provides for secure DDoS protection for the virtual machines on your network. It also provides fast and efficient east-west and north-south traffic security.

    Azure Firewall is a managed, cloud-based network security service built to protect your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.

    Azure Firewall has two significant offerings, Standard and Premium.

    Azure Firewall Standard works directly with Microsoft Cyber Security and supplies excellent L3-L7 filtering and threat awareness. The proactive real-time threat awareness will quickly alert you and immediately deny all traffic to and from any known problematic or suspicious domains or IP addresses. Microsoft Cyber Security is updated continually to protect against all new and known potential threats at all times. To learn more about Azure Firewall Standard, click here.

    Azure Firewall Premium provides everything the standard version does, and additionally adds extra levels of data encryption, network intrusion detection, extended URL filtering, and Web category filters. To learn more about the added features of Azure Firewall Premium, click here.

    Key Benefits and Features of Azure Firewall:

    • High availability - You do not need load balancers with Azure Firewall; it's already built in and ready to go.
    • Self-scalability - Azure Firewall is intuitive and will auto-scale as needed based on traffic flow to be ready for peak traffic times.
    • Threat awareness - Using Microsoft Cyber Security to filter traffic, Azure Firewall will deny any known problematic threats to keep your network safe.
    • Additional IP addresses - You can securely add up to 250 public IP addresses with Azure Firewall
    • Improved web category filtering - You can set up specific protocols to allow or deny categories within websites that are deemed inappropriate for use within your network. You have the ability to organize categories based on a defined set of descriptions.

    What our real users have to say:

    Many IT CEntral Station (soon to be Peerspot) users found Azure Firewall to be very user-friendly and easy to use. They liked that it offers seamless integration to the cloud and were especially pleased with the threat filtering options.

    Regarding integration and threat intelligence, our users wrote:

    “The most valuable feature is the integration into the overall cloud platform.”

    The most valuable feature is threat intelligence. It is based on filtering and can identify multiple threats.”

    I think that one of the best features is definitely the premium version, along with the IDPs in terms of the intrusion detection and prevention system.”



    Check Point NGFW is a next generation firewall that enables safe usage of internet applications by blocking malicious applications and unblocking safe applications. Check Point NGFW, which uses deep packet inspection to identify and control applications, has features such as application and user control and integrated intrusion prevention (IPS), as well as more advanced malware prevention capabilities like sandboxing.

    Check Point NGFW includes 23 firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance.

    Benefits of Check Point's Next Generation Firewall

    • Robust security: Check Point NGFW delivers the best possible threat prevention with SandBlast Zero Day protection. The SandBlast protection agent constantly inspects passing network traffic for exploits and vulnerabilities. Suspicious files are then emulated in a virtual sandbox in order to detect and report malicious behavior.

    • Security at hyperscale: On-demand hyperscale threat prevention performance provides cloud level expansion and resiliency on premises.

    • Unified management: Check Point's SmartConsole makes it easy to manage and configure network security environments and policies. With the SmartConsole, users can manage all the firewall gateways and access logs and install databases from one location. Unified management control across the network increases the efficiency of security operations and reduces IT costs.
    • Continuous logging: Check Point NGFW’s Threat Management feature detects vulnerabilities and logs them. Using the logged data, users can easily create and implement efficient security policies.

    • Remote access: The remote access VPN provides a seamless connection for remote users.

    Check Point NGFW is suitable for organizations of all sizes, from small businesses to larger enterprises.

    Reviews from Real Users

    Check Point NGFW stands out among its competitors for a number of reasons. Two major ones are its intrusion prevention feature as well as its centralized management, which makes it very easy to deploy firewall policies to many firewalls with one click.

    Shivani J., a network security administrator, writes, "Check Point has a lot of features. The ones I love are the antivirus, intrusion prevention, and data loss prevention."

    G., a network administrator at Secretaría de Finanzas de Aguascalientes, writes, “Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution. The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters.”

    Arun J., a senior network engineer, notes, “The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them.”

    Offer
    Learn more about Cisco Firepower NGFW Firewall
    Learn more about Azure Firewall
    Learn more about Check Point NGFW
    Sample Customers
    Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
    Information Not Available
    Control Southern, Optimal Media
    Top Industries
    REVIEWERS
    Comms Service Provider19%
    Financial Services Firm17%
    Government13%
    Manufacturing Company6%
    VISITORS READING REVIEWS
    Comms Service Provider28%
    Computer Software Company21%
    Government7%
    Manufacturing Company4%
    REVIEWERS
    Financial Services Firm31%
    Government15%
    Manufacturing Company15%
    Computer Software Company15%
    VISITORS READING REVIEWS
    Computer Software Company28%
    Comms Service Provider19%
    Government6%
    Financial Services Firm5%
    REVIEWERS
    Financial Services Firm25%
    Computer Software Company15%
    Comms Service Provider8%
    Government6%
    VISITORS READING REVIEWS
    Comms Service Provider26%
    Computer Software Company23%
    Financial Services Firm7%
    Government7%
    Company Size
    REVIEWERS
    Small Business40%
    Midsize Enterprise26%
    Large Enterprise34%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise20%
    Large Enterprise55%
    REVIEWERS
    Small Business21%
    Midsize Enterprise17%
    Large Enterprise63%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise18%
    Large Enterprise61%
    REVIEWERS
    Small Business26%
    Midsize Enterprise19%
    Large Enterprise54%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise22%
    Large Enterprise55%
    Buyer's Guide
    Azure Firewall vs. Check Point NGFW
    May 2022
    Find out what your peers are saying about Azure Firewall vs. Check Point NGFW and other solutions. Updated: May 2022.
    608,010 professionals have used our research since 2012.

    Azure Firewall is ranked 19th in Firewalls with 16 reviews while Check Point NGFW is ranked 2nd in Firewalls with 186 reviews. Azure Firewall is rated 6.8, while Check Point NGFW is rated 8.8. The top reviewer of Azure Firewall writes "Good value for your money, good URL filtering, supports intrusion prevention, and is stable". On the other hand, the top reviewer of Check Point NGFW writes "Central architecture means we can see an end-to-end picture of attacks". Azure Firewall is most compared with Palo Alto Networks NG Firewalls, Palo Alto Networks VM-Series, Fortinet FortiGate-VM, Fortinet FortiGate and Cisco ASA Firewall, whereas Check Point NGFW is most compared with Fortinet FortiGate, Palo Alto Networks NG Firewalls, Cisco ASA Firewall, pfSense and Juniper SRX. See our Azure Firewall vs. Check Point NGFW report.

    See our list of best Firewalls vendors.

    We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.