We performed a comparison between Check Point CloudGuard Network Security and Cisco ASA Firewall based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity."
"I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete."
"It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."
"IPS and Snort are very important because they also differentiate Cisco from other vendors and competitors."
"The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
"The main thing that I love the most is its policy and objects. Whenever I try to give access to a user, I can create an object via group creation in the object fields. This way, I am not able to enter a user in the policy repeatedly."
"You do not have to do everything through a command line which makes it a lot easier to apply rules."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"It improves the availability of engineers to carry out projects."
"The most valuable feature of Check Point CloudGuard Network Security is the ease of use. It was not difficult to learn."
"It's possible to sync the Check Point Management with the cloud portal, therefore allowing automated rules to be set in place whenever creating a new VM."
"Check Point CloudGuard technical support is good."
"The most valuable feature is threat prevention."
"The most valuable feature is the centralized dashboard, which is used for managing all of the Check Point Security Gateways."
"We have complete visibility of attacks originating from email including spear-phishing, spoofing, etc."
"I like the firewall and the virtual machine. I also like that it's compatible with Amazon Web Services and Azure."
"Its security and filtering are most valuable. Every layer of data that comes into the organization goes through it. After setting up the criteria, it automatically filters the traffic. We don't have to check it often."
"The most valuable feature would be the IP blocking. It gets rid of things that you don't need in your environment."
"The most valuable feature is the ability to block almost all of the ports."
"Cisco tech is always good and helpful. I would rate them as 10 out of 10."
"All the rules are secure and we haven't had a significant malware attack in the five years that we've been using ASA Firewall. It has been a tremendous improvement for our network. However, I can't quantify the benefits in monetary terms."
"I think Cisco ASA Firewall is the most stable firewall solution."
"It's pretty reliable and allows for isolation capabilities within the network."
"One of the most valuable features is the GUI front end, which is very easy to use. But I'm also a command-line guy, and being able to access the device via command-line for advanced troubleshooting is quite important."
"Web filtering needs improvement because sometimes the URL is miscategorized."
"An area of improvement for this solution is the console visualization."
"I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device."
"I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here."
"The application detection feature of this solution could be improved as well as its integration with other solutions."
"I think they need to review their whole UI because it feels like it was created by a whole bunch of different teams of developers who didn't fully talk to each other. The net policy screen is just a mess. It should look like the firewall policy screen, and they should both act the same, but they don't. I feel like it's two different buildings or programming, who don't talk to each other, and that really annoys me."
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility."
"Implementations require the use of a console. It would help if the console was embedded."
"Check Point support, beyond CloudGuard, does need some improvement."
"At the cost level, the solution is somewhat expensive."
"CheckPoint CloudGuard could be better at solving cases."
"The documentation has been rough. Being able to do it yourself can be hit or miss given the constraints of the documentation."
"Its architecture and user interface need improvement. The user experience for this solution also needs to be improved, particularly in implementation, management, and operations."
"Check Point support could improve."
"I would like to see a step-by-step initial installation of the firewall. That would be really helpful. Like in Oracle appliances, when you start it asks you, what's your current IP address? An initial setup should be a step by step and intuitive process. You click on "begin," it asks you some simple questions. You fill in the blanks - your current IP address, what you want to do, you want to set up a site to site VPN, for example, that kind of thing. That would be the smartest thing to have."
"It is somewhat problematic in the area of the cloud."
"They need to do an overhaul of the management console."
"I would like it if there was a centralized way to manage policies, then sticking with the network functions on the actual devices. That is probably the thing that frustrates me the most. I want a way that you can manage multiple policies at several different locations, all at one site. You then don't have to worry about the connectivity piece, in case you are troubleshooting because connectivity is down."
"Some individuals find the setup and configuration challenging."
"The access layer of this solution could be improved in terms of the way the devices interconnect with our network. We need to be able to analyze the traffic between the different interconnection in these areas."
"In the next release, I would like to see the VPN and UTM features included."
"The configuration is an area that needs improvement."
"The graphical interface should be improved to make the configuration easier, to do things with a single click."
"Cisco should work on ASDM. One of the biggest drawbacks of Cisco ASA is ASDM GUI. Cisco should improve the ASDM GUI. The configuration through ASDM is really difficult as compared to CLI. Sometimes when you are doing the configuration in ASDM, it suddenly crashes. It also crashes while pushing a policy. Cisco should really work on this."
Cisco Firepower Next-Generation Firewall (NGFW) is a firewall that provides capabilities beyond those of a standard firewall and delivers comprehensive, unified policy management of firewall functions, application control, threat prevention, and advanced malware protection from the network to the endpoint.
Cisco NGFW Firewalls include advanced threat defense capabilities to meet diverse needs, from small offices to high-performance data centers and service providers, and are deployed in leading private and public clouds. Available in a wide range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Cisco NGFW firewalls are also available with clustering for increased performance, high availability configurations, and more.
Key Features of Cisco NGFW Firewalls
Reviews from Real Users
Cisco NGFW stands out among its competitors for a number of reasons. Two major ones are its extensive discovery abilities that enable you to constantly see what is happening on your network and take action when necessary, and the high level of protection it provides.
Mike B., a director of IT security at a wellness & fitness company, writes, "It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."
Zhulien K., the lead network security engineer at TechnoCore LTD, notes, " The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy. Again, with that being said, I cannot shy away from giving kudos to all of the other features such as AVC (Application Visibility and Control), SSL Decryption, Identity policy, Correlation policy, REST API, and more. All of the features that are incorporated in the Cisco Firepower NGFW are awesome and easy to configure if you know what you are doing. Things almost always work, unless you hit a bug, which is fixed with a simple software update. "
Check Point CloudGuard provides unified cloud native security for all your assets and workloads, giving you the confidence to automate security, prevent threats, and manage posture – everywhere – across your multi-cloud environment.
Cisco ASA Firewall is a security device that combines firewall, intrusion prevention, virtual private network (VPN), and antivirus capabilities. Its main purpose is to provide proactive threat defense to stop attacks before they spread through the network.
Cisco ASA Firewall Features
Cisco ASA Firewall has many valuable key features, including:
Cisco ASA Firewall Benefits
Some of the benefits of using Cisco ASA Firewall include:
Reviews from Real Users
Below are some reviews and helpful feedback written by Cisco ASA Firewall users.
A Cisco Security Specialist at a tech services company says, “All the features are very valuable. Among them is the integration for remote users, with AnyConnect, to the infrastructure. All the security through that is wonderful and it's very easy. You connect and you are inside your company network via VPN. Everything is encrypted and it's a very good solution.” He goes on to add, “The intrusion prevention system, the intrusion detection, is perfect. But you can also integrate Cisco with an IPS solution from another vendor, and just use the ASA with AnyConnect and as a firewall. Cisco ASA also provides application control. You can block or prevent people from going to certain applications or certain content.”
Jonathan M., Head of Information Communication Technology at National Building Society, comments, "The benefits we see from the ASA are connected to teleworking as well as, of course, having the basic functionality of a firewall in place and the prevention of attacks. The standard reports allow us to constantly monitor our environment and take corrective steps.”
Eric H., CEO at NPI Technology Management, explains, “The command-line interface is really useful for us. We script basic installations and modifications through the command-line, which is considered sort of old school, and yet it allows us to fully document the changes that we're making due to the fact that we can save the exact script that was applied and say, "Here are the changes that we made."
Check Point CloudGuard Network Security is ranked 8th in Firewalls with 32 reviews while Cisco ASA Firewall is ranked 4th in Firewalls with 89 reviews. Check Point CloudGuard Network Security is rated 8.4, while Cisco ASA Firewall is rated 8.4. The top reviewer of Check Point CloudGuard Network Security writes "You can have everything under a single pane of glass". On the other hand, the top reviewer of Cisco ASA Firewall writes "Includes multiple tools that help manage and troubleshoot, but needs SD-WAN for load balancing". Check Point CloudGuard Network Security is most compared with Azure Firewall, VMware NSX, Fortinet FortiGate, Palo Alto Networks VM-Series and Barracuda CloudGen Firewall, whereas Cisco ASA Firewall is most compared with Fortinet FortiGate, Palo Alto Networks WildFire, Meraki MX, pfSense and Juniper SRX. See our Check Point CloudGuard Network Security vs. Cisco ASA Firewall report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.