"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."
"The Adversity Malware Protection (AMP) feature is the most valuable. It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard."
"Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity."
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"It's got the capabilities of amassing a lot of throughput with remote access and VPNs."
"If configured, Firepower provides us with application visibility and control."
"The features of the solution which I have found most valuable are its flexibility and agility. It's a fully scalable solution, from our perspective. We can define scaling groups and, based on the load, it will create new instances. It's truly a product which is oriented toward the cloud mindset, cloud agility, and this is a great feature."
"We have complete visibility of attacks originating from email including spear-phishing, spoofing, etc."
"Check Point is one of the few solutions that pay attention to cloud security. Many others mostly focus on providing on-premises solutions."
"The initial setup is pretty easy."
"The most valuable feature is that we can use the same manager server that we use on our own Check Point firewalls. We integrated CloudGuard on that manager and we can use the same kind of protections that we use on the on-prem firewalls, like the IPS and antivirus policy. We can have the same kind of protection on the Cloud environment that we have on-premise."
"The scalability is very good; again, very user-friendly. I wouldn't even say "user-friendly" because, as long as you deploy it properly, you can kill an EC2 and it will spin up another one right away, within about a minute and a half. And it will be ready for production right away."
"What's most valuable to me is that it's a contiguous solution that aligns well with the components that we've relied on and trusted from a traditional hardware, firewall, and unified threat management system. My engineers and analysts don't have to learn another platform. We have already entrusted our security controls to Check Point for perimeter and physical security, and now we can do so at the virtual layer as well, which is key to us."
"Auto-scaling and zero touch are valuable features."
"We find all of its features very useful. Its main features are policies and access lists. We use both of them, and we also use routing."
"The most important feature is the VPN connection."
"The command line is the same as it is on the Cisco iOS router."
"Everything is all documented in the file or in the command line script that gets uploaded to the device. It gives us great visibility."
"The clusters in data centers are great."
"The whole firewall functionality, including firewall policies and IPS policies, is valuable. It has all kinds of functionalities. It has IPS, VPN, and other features. They are doing quite a lot of stuff with their devices."
"I like all of the features."
"VPN and firewall are good features."
"The solution could offer better control that would allow the ability to restrictions certain features from a website."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"It would be great if some of the load times were faster."
"The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved."
"The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."
"I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement."
"In case the device is inaccessible due to some issue such as CPU or memory, there is no separate port or hardware partition provided for troubleshooting purposes."
"Micro-Segmentation functionality for EAST-WEST traffic is not native and requires integration with a third-party OEM."
"I hope that Check Point continues to improve its technical documentation regarding the Check Point CloudGuard IaaS gateway and management system."
"I would like to see a step-by-step initial installation of the firewall. That would be really helpful. Like in Oracle appliances, when you start it asks you, what's your current IP address? An initial setup should be a step by step and intuitive process. You click on "begin," it asks you some simple questions. You fill in the blanks - your current IP address, what you want to do, you want to set up a site to site VPN, for example, that kind of thing. That would be the smartest thing to have."
"Easier optimization techniques can definitely help with better performance of the OS, as using the vanilla software doesn't actually showcase the real capability of the software."
"The solution lacks the capability to scale effectively."
"The documentation has been rough. Being able to do it yourself can be hit or miss given the constraints of the documentation."
"I think they have pretty much mastered what can be done. There are some nuances like when you fail over from one cluster member to the other, the external IP address takes about two minutes to fail over."
"The graphical interface should be improved to make the configuration easier, to do things with a single click."
"Cisco ASA is not a next-generation firewall product."
"You need to have a little bit of knowledge to be able to configure it. Otherwise, it would be very difficult to configure because there is no GUI. The latest software available in the market has a GUI and probably zero-touch provisioning and auto-configuration. All these things are not available in our version. You need to manually go and configure everything in the switch. In terms of new features, we would definitely want to have URL-based filtering, traffic steering, and probably a little bit steering in the bandwidth based on the per-user level and per-user group. We will definitely need some of these features in the near future."
"The graphical interface could be improved. From what I have seen, Fortinet, for example, has a nicer GUI."
"It is expensive."
"It lacks management. For me, it still doesn't have a proper management tool or GUI for configuration, logging, and visualization. Its management is not that easy. It is also not very flexible and easy to configure. They used to have a product called CSM, but it is no longer being developed. FortiGate is better than this solution in terms of GUI, flexibility, and user-friendliness."
"The virtual firewalls don't work very well with Cisco AnyConnect."
"The solution has not had any layer upgrades. It does not have layer five and upwards, it only has up to layer four. This has caused some problems for us."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
More Check Point CloudGuard Network Security Pricing and Cost Advice →
Check Point CloudGuard Network Security is ranked 8th in Firewalls with 26 reviews while Cisco ASA Firewall is ranked 6th in Firewalls with 62 reviews. Check Point CloudGuard Network Security is rated 8.6, while Cisco ASA Firewall is rated 8.0. The top reviewer of Check Point CloudGuard Network Security writes "Unified Security Management has enabled us to combine our on-prem appliances and cloud environments". On the other hand, the top reviewer of Cisco ASA Firewall writes "Robust solution that integrates well with both Cisco products and products from other vendors". Check Point CloudGuard Network Security is most compared with Fortinet FortiGate, Palo Alto Networks NG Firewalls, Azure Firewall, VMware NSX and Sophos XG, whereas Cisco ASA Firewall is most compared with Fortinet FortiGate, Palo Alto Networks WildFire, Meraki MX and Juniper SRX. See our Check Point CloudGuard Network Security vs. Cisco ASA Firewall report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
