"The most valuable feature would be ASDM. The ability to go in, visualize and see the world base in a clear and consistent manner is very powerful."
"The most valuable features of this solution are advanced malware protection, IPS, and IDS."
"You can also put everything into a nice, neat, little package, as far as configuration goes. I was formerly a command-line guy with the ASA, and I was a little nervous about dealing with a GUI interface versus a command line, but after I did my first deployment, I got a lot more comfortable with doing it GUI based."
"Provides good integrations and reporting."
"It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."
"The most valuable feature is the access control list (ACL)."
"The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable."
"If configured, Firepower provides us with application visibility and control."
"Advanced check prevention is a great feature that provides threat intelligence at speed."
"The features of the solution which I have found most valuable are its flexibility and agility. It's a fully scalable solution, from our perspective. We can define scaling groups and, based on the load, it will create new instances. It's truly a product which is oriented toward the cloud mindset, cloud agility, and this is a great feature."
"The visibility, the one-pane-of-glass which allows me to see all of my edge protection through one window and one log, is great. Monitoring everything through that one pane of glass is extremely valuable."
"The solution could improve to have a DLP feature."
"It improves the availability of engineers to carry out projects."
"It really is a pretty complete solution."
"The most valuable feature is that we can use the same manager server that we use on our own Check Point firewalls. We integrated CloudGuard on that manager and we can use the same kind of protections that we use on the on-prem firewalls, like the IPS and antivirus policy. We can have the same kind of protection on the Cloud environment that we have on-premise."
"The Capsule solution and application filters are the most valuable. It is pretty straightforward to implement, and it also has good stability and scalability. Their technical support is also really good."
"The configuration capabilities and the integration with other tools are the most valuable features. I really like this product. Cisco is one of my favorite brands, and I always think Cisco solutions are very reliable, easy to configure, and very secure."
"The configuration support is very good. You can find a lot of configuration samples and troubleshooting tips on the internet, which is very good."
"The features that are most valuable within the firewall are the IPS as well as the Unified Communications. We also really like the dynamic grouping."
"It is pretty stable. I haven't seen many issues during the past four years."
"The most valuable feature is that it's secure."
"The most valuable features are the provision of internet access, AnyConnect, and VPN capabilities."
"ASA integrates with FirePOWER, IPS functionality, malware filtering, etc. This functionality wasn't there in the past. With its cloud architecture, Cisco can filter traffic at the engine layer. Evasive encryptions can be entered into the application, like BitTorrent or Skype. This wasn't possible to control through a traditional firewall."
"The initial setup was not complex."
"The solution could offer better control that would allow the ability to restrictions certain features from a website."
"I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device."
"Cisco Firepower is not completely integrated with Active Directory. We are trying to use Active Directory to restrict users by using some security groups that are not integrated within the Cisco Firepower module. This is the main issue that we are facing."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"The only drawback of the user interface is when it comes to policies. When you open it and click on the policies, you have to move manually left and right if you want to see the whole field within the cell. Checkpoint has a very detailed user interface."
"We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."
"It would be great if some of the load times were faster."
"Most of the features don't work well, and some features are missing as well."
"The API integration is complex, which is an area that should be improved."
"The documentation has been rough. Being able to do it yourself can be hit or miss given the constraints of the documentation."
"I would like to see a step-by-step initial installation of the firewall. That would be really helpful. Like in Oracle appliances, when you start it asks you, what's your current IP address? An initial setup should be a step by step and intuitive process. You click on "begin," it asks you some simple questions. You fill in the blanks - your current IP address, what you want to do, you want to set up a site to site VPN, for example, that kind of thing. That would be the smartest thing to have."
"The convergence time between cluster members is still not perfect. It's far away from what we get in traditional appliances. If a company wants to move mission-critical applications for an environment to the cloud, it somehow has to accept that it could have downtime of up to 40 seconds, until cluster members switch virtual IP addresses between themselves and start accepting the traffic. That is a little bit too high in my opinion. It's not fully Check Point's fault, because it's a hybrid mechanism with AWS. The blame is 50/50."
"As an administrator, I can say that among all of the Check Point products I have been working with so far, the Virtual Systems solution is one of the most difficult."
"The initial setup is complex and could be made simpler."
"CheckPoint CloudGuard could be better at solving cases."
"Check Point CloudGuard Network Security could improve by making it easier to configure."
"Sometimes my customers say that Cisco Firewalls are a bit more difficult compared to Fortigate or Palo Alto. There is complexity in the configuration and the GUI could be improved."
"I would like to see them add more next-generation features so that you don't need a lot of appliances to do just one task. It should be a single solution."
"I don't have to see all the object groups that have been created on that firewall. That's just something that I would really appreciate on the CLA, even though it already exists on the GUI."
"Some individuals find the setup and configuration challenging."
"It is hard to control the bandwidth of end-users with a Cisco Firewall. That is the main issue I've faced. I used Mikrotik for many years for this very reason. Mikrotik has the option to set a bandwidth restriction for a single IP or complete segments. Cisco should add this option to their firewall."
"Cisco should work on ASDM. One of the biggest drawbacks of Cisco ASA is ASDM GUI. Cisco should improve the ASDM GUI. The configuration through ASDM is really difficult as compared to CLI. Sometimes when you are doing the configuration in ASDM, it suddenly crashes. It also crashes while pushing a policy. Cisco should really work on this."
"The user interface is a little clunky and difficult to work with. Some things aren't as easy as they should be."
"It would be good if Cisco made sure that the solution supports all routing protocols. Sometimes it doesn't."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
More Check Point CloudGuard Network Security Pricing and Cost Advice →
Check Point CloudGuard Network Security is ranked 8th in Firewalls with 30 reviews while Cisco ASA Firewall is ranked 4th in Firewalls with 90 reviews. Check Point CloudGuard Network Security is rated 8.4, while Cisco ASA Firewall is rated 8.4. The top reviewer of Check Point CloudGuard Network Security writes "Unified Security Management has enabled us to combine our on-prem appliances and cloud environments". On the other hand, the top reviewer of Cisco ASA Firewall writes "Includes multiple tools that help manage and troubleshoot, but needs SD-WAN for load balancing". Check Point CloudGuard Network Security is most compared with Azure Firewall, VMware NSX, Fortinet FortiGate, Sophos XG and Barracuda CloudGen Firewall, whereas Cisco ASA Firewall is most compared with Fortinet FortiGate, Palo Alto Networks WildFire, Meraki MX, pfSense and Juniper SRX. See our Check Point CloudGuard Network Security vs. Cisco ASA Firewall report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.