Check Point CloudGuard Network Security vs Fortinet FortiGate comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Jul 9, 2023

We performed a comparison between Check Point CloudGuard Network Security and Fortinet FortiGate based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

Features: Check Point is notable for its VPN Blade, IPS Blade, URL filtering, and Applications Control Blade. It provides advanced threat prevention, centralized management, and a focus on cloud security. Fortinet FortiGate is commended for its all-inclusive bundle solution, user-friendly interface, and robust security capabilities.

For Check Point, there are areas that could be improved including cluster creation on AWS, data protection visibility, DLP feature, user interface, integration, cost reduction, documentation, and flexibility in deployment. Fortinet FortiGate could benefit from enhancements in SSL VPN, multi-factor authentication, reporting capabilities, GUI interface, software support, scalability, user interface, web application firewall and DDoS protection, troubleshooting of VPN connections, and protection against attacks and ransomware.

Service and Support: CloudGuard Network Security's customer service has received mixed feedback, with some customers expressing satisfaction with the technical support, while others have mentioned concerns regarding response time. Some Fortinet customers have found the support to be good, while others have felt the need for improvement.

Ease of Deployment: Check Point offers an initial setup that is straightforward and simple, although it may require technical expertise. The deployment time for this solution can range from one day to a few days. Fortinet FortiGate's setup is generally not too complex and straightforward, with deployment times varying from a few hours to two months.

Pricing: Check Point CloudGuard is known for its high setup cost, however, it provides excellent security and value. Fortinet FortiGate offers a reasonably priced and competitive setup cost, with a good balance between price and performance. That said, some users have mentioned that the renewal price for FortiGate is often higher than the initial purchase price.

ROI: CloudGuard Network Security has demonstrated a return on investment (ROI) ranging from 80% to 85%. Users have experienced increased benefits and found that management is easier compared to other options. Fortinet FortiGate has proven to be cost-effective, resulting in savings. Additionally, it has enhanced security measures, delivering positive outcomes.

Comparison Results: Check Point CloudGuard is the preferred choice when compared to Fortinet FortiGate. Users appreciate CloudGuard's user-friendly interface, ease of use, and comprehensive security features like VPN, IPS, URL filtering, and Applications Control Blade. CloudGuard also offers scalability, stability, and a focus on cloud security.

To learn more, read our detailed Check Point CloudGuard Network Security vs. Fortinet FortiGate Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Q&A Highlights
Question: We're trying to choose between Fortinet or Checkpoint UTM firewalls. Can you help?
Answer: more advantages with Fortigate : Fortitoken for two factor AUTH . FortiAp accespoints managed thru Fortigate . Forticloud for audit& reporting .IPS&DOS limit thresholds , etc
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"SSL/TLS traffic inspection features are used for advanced threat prevention against secure SSL traffic.""The CloudGuard Network Security's most valuable feature is implementing IPS for accessing our data center and server environment in Azure. It helps us to prevent attacks. By protecting our environment with Check Point, which we were already familiar with, it provided a solution that extended into the cloud environment.""The most valuable features are the ease of administration with the cloud management extension and the cloud licensing model.""Now, we can filter which websites users can access and block categories that are a risk. For example, we can block social media and gambling sites. This has helped to decrease the risk of access to malicious content on the internet.""I like how straightforward it is and simple it is to implement in the cloud.""The solution has been quite stable.""We consolidated from three management consoles and three clusters to only one, which is a big improvement.""The ease of deployment has been nice. It is like managing any of our on-prem firewalls."

More Check Point CloudGuard Network Security Pros →

"The CLI and GUI do a good job of putting a lot at your fingertips.""The feature I like most is the SD-WAN. It allows you to manage more than one ISP at the same time. And there is a high-availability mode, so if one of your ISPs is down, you still have a backup.""The stability and scalability of this solution are satisfactory. Its SD-WAN, VPN, and URL filtering features are very useful.""The most valuable features are the enterprise modeling and the simple interface.""Fortinet FortiGate's most valuable features are ease of use, flexibility, and most of the configuration we can be done using the GUI. When we compare Fortinet FortiGate with other solutions the firewall policy are very easy to understand.""The management console is pretty simple, so anyone who understands networking can initially deploy the solution.""Provides good firewall security and has great VPN features.""The Fortinet FortiGate local partners were good. I did not have direct contact with Fortinet support."

More Fortinet FortiGate Pros →

Cons
"Improvements needed include better integration with Azure features to match on-premises capabilities.""The initial setup is difficult. It took me three tries to get it right. The setup took two or three hours.""In the past year, I noticed that the challenging part, especially in the cloud, is upgrading to the next release of the firewall. Unlike on-premise upgrades, it's not as simple in the cloud. You need to recreate the machine, which makes the process more complex.""Its price is fair, but it can be more favorable.""The cost needs improvement as it is currently quite expensive.""Check Point CloudGuard Network Security should give productive reports as per business requirements. It needs to improve support since the time-limit extended beyond a day. It should include more seamless API integrations.""The only pain points we have had with it were when we did major version upgrades. Rather than being able to do incremental upgrades on those, we had to completely redeploy. I know that has changed recently, but we had some hiccups when we did the upgrades. This is the only issue we have had.""Some more built-in marketplace templates would be nice. It would be nice to see more vendor assistance in deployments and backup of recoveries versus having customers rely upon that themselves. That would make it a lot more seamless and aligned with the standard on-premise model that is there. Check Point can extend the same posture that they have to CloudGuard and make that transition very seamless."

More Check Point CloudGuard Network Security Cons →

"Scalability is one of the disadvantages. When it comes to scalability, you have to actually change the box. If you want to upgrade it, you need to actually change the existing box and probably you take the system off to other sites.""The license renewal process, annual renewal price, and the web application firewall features should be improved.""The visibility of the network can be better. The GUI can be improved for better visibility of the network flow. Other solutions have better GUI in terms of network visibility.""Some features of Fortinet FortiGate are actually fee enabled that are inconvenient for deploying in production. Other issues relate to isolation with Cisco products and your server.""I need user-behavior analytics, to find threat scenarios from inside the organization, insider attacks. That would be very helpful for us. In addition, I would like next-generation features for small and medium businesses. These businesses require UTM, all in one product. Fortinet must include it.""We have an issue with hotel guest vouchers.""It would be nice if FortiGate incorporated some built-in endpoint protection features. I would also like a built-in SOC dashboard for managing multiple Fortinet firewalls.""There are a lot of bugs I have found in the solution and it is difficult to upgrade. These areas need improvement."

More Fortinet FortiGate Cons →

Pricing and Cost Advice
  • "On average, it is normally on the lower end, being less expensive than Palo Alto or Cisco."
  • "It is more expensive than other solutions and would be more competetive in the market if it came down in price."
  • "We pay approximately ‎€150,000 ($166,000 USD) per year."
  • "Licensing is simply by the number of hosts that you are looking to protect within your environment. It makes it much easier to ensure that you are covering your environment."
  • "There is flexibility in the different licensing models that are offered."
  • "The pricing is pretty high, not just for your capital, for what you have to pay upfront, but for what you pay for your annual software renewals as well, compared to a lot of other vendors. Check Point is near the top, as far as how much it's going to cost you."
  • "Pricing of CloudGuard is pretty fair when you have a single account. It's comparable with other cloud providers. But for our use case, it got really pricey when we had to deploy multiple CloudGuards on multiple accounts in different regions, because you can't have CloudGuard protecting multiple regions. That's the big thing."
  • "The pricing and licensing have been good. We just had to do a license increase for our portion of it. We had that done within a couple of days. Given the fact that it's purely a software-based license, it ends up being even quicker than doing it for an on-prem firewall."
  • More Check Point CloudGuard Network Security Pricing and Cost Advice →

  • "Fortinet has one or two license types, and the VPN numbers are only limited by the hardware chassis make."
  • "These boxes are not that expensive compared to what they can do, their functionality, and the reporting you receive. Fortinet licensing is straightforward and less confusing compared to Cisco."
  • "Go for long term pricing negotiated at the time of purchase."
  • "Work through partners for the best pricing."
  • "The value is the capability of having multiple services with one unique license, not having the limitation per user licensing schema, like other vendors."
  • "Easy to understand licensing requirements."
  • "​We saved a bundle by not needing all the past appliances from an NGFW.​"
  • "The cost is too high... They have to focus on more features with less cost for the customer. If you see the market, where it's going, there are a lot of players offering more features for less cost."
  • More Fortinet FortiGate Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which WAN Edge solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Comparison Review
    Anonymous User
    I have used both Sophos and Fortinet products in production and I have found the Sophos UTM appliances (hardware and virtual) to be a better fit most of the time -- with a few caveats which I will touch on below. In both instances, the transition from TMG will be mostly straightforward. The main hang-ups will be with the VIP/load balancing and SSL. For some reason that completely escapes me, both of these vendors make getting valid certificates onto their boxes unnecessarily difficult -- the Fortinet appliances more so than the Sophos UTM appliances. At one point a Fortinet engineer had to write an entire manual on how to get an SSL certificate uploaded successfully on the 4.x firmware Sophos: The one feature that is missing (and this makes some amount of sense) from the Sophos appliance is BITS caching for updates. Other than that, Sophos offers a full replacement for TMG on UTM9. The XG platform also offers a replacement for the TMG; however, some of the rumblings about upcoming releases suggests that Sophos is going to give XG the Apple iOS treatment and "streamline" the interface...potentially cutting out/hiding some functionality. On the effectiveness of the NGFW, Sophos is mostly good but has a few issues blocking all pieces of an application. For instance, we had to build custom blocking rules for OpenVPN (the vpn was being used to bypass the content filter) because the default Application Control wasn't effectively blocking the application. Fortinet: If it… Read more →
    Answers from the Community
    Anonymous User
    WhatsUp677 - PeerSpot reviewerWhatsUp677 (Pre-Sales / Technical Account Manager at a tech services company with 1-10 employees)
    Real User

    Hi,

    I've been working with gateprotect UTM recently. It's cost effective and much easy to work with compared to Fortinet and Checkpoint UTM.
    http://www.gateprotect.com/en/Products/easy-use-eGUI

    With the quick guide packed with screen shots, and clear simple instructions, you'll get to know how easy and simple it is to get the gateprotect UTM up and running in no time.
    http://www.gateprotect.de/landing/start/start-en.html

    Also note gateprotect UTM has been identified as a top choice for SMB in Gartner UTM firewall survey, which makes it a reliable product/solution.
    http://www.gateprotect.com/en/gateprotect-identified-top-choice-small-medium-sized-businesses-gartner-utm-firewall-survey-0
    http://www.gateprotect.com/en/gateprotects-positioning-gartner-magic-quadrant

    it_user197499 - PeerSpot reviewerit_user197499 (Works)
    Vendor

    Go for checkpoint
    regards 
    kapil yadav

    it_user226620 - PeerSpot reviewerit_user226620 (Systems Engineer at a tech services company)
    Consultant

    Hi

    Both options are good but i would recommend the Cyberaom as i have had a
    chance to work with it before.

    Other options is Cisco Ironport .

    Regards

    Brian

    Maroun Abboud - PeerSpot reviewerMaroun Abboud
    Real User

    Hi Russell,

    I advise you to go with Sophos if not I advise you to go with Fortinet.

    Did you ask your team to check Sophos demo I sent?

    Regard

    Maroun Jean Abboud

    Mobile : 00961 70943122

    Skype :maroun_abboud1

    ramesh1923 - PeerSpot reviewerramesh1923 (Technical Specialist with 5,001-10,000 employees)
    Real User

    Both devices are good. Checkpoint is one of the market leader who gives a
    good UTM solution. Fortinet is cheaper when compare to checkpoint and
    flexible.

    You may try the Paloalto which gives more attention on zero day attacks.

    Thanks & Regards /*Ramesh M*

    it_user221883 - PeerSpot reviewerit_user221883 (Network Systems Manager with 51-200 employees)
    MSP

    At this point in time all of the major firewall vendors marketing Next-Gen firewalls provides similar features. I recently participated in a 2 day meeting with sales and engineers with Fortinet. I have to say Fortinet has come a long way in the last few years and am beginning to like their product more and more. In terms of feature set the two products are nearly identical.

    When comparing the two vendors there a clear separation in which product focus is clear. Fortinet is a major winner in their smaller units and provide the most bang for your buck. When central management with datacenter and enterprise sized firewalls are required you will find Checkpoint is the leader. In your question you mention CheckPoint UTM. When mentioning this I immediately think of the UTM-1N (old Model) or 620 (New Model). This is a standalone unit and is in the $500.00 - $800.00 range. A comparable unit would be a Fortinet FG-30D. These are the lower end units and I would not recommend them for a solution involving the number of product blades/features you have listed. I have a FotiWifi-60D for my home and it works quite well. I have all the blades configured and enabled. In my home we have 3 sometimes 4 occupants running games and/or streaming video constantly. We average 90GB of internet traffic a month. I have found the FortiWifi-60D able to keep up with the load but at times does peak in CPU and Memory.

    A major difference between Fortinet and Checkpoint is their GUI. I find the Checkpoint GUI to be much more intuitive and easier adapt to for new users. Fortinet on the other hand, excels in the CLI with a Cisco/Avaya mixed interface and help structure. Checkpoint is Linux based and almost any Linux command functions on their systems, however, there is limited tab completion and no mid command assistance.

    In regards to the firewall blade aka port based firewall I do not see one vendor being better than the other. I would leave this as a preference for what you are used to and what works best for you.

    I am going to lump Web Filtering, Layer7- App Filtering together. Both Fortinet and Checkpoint have powerful next-gen capabilities. Both vendors approach web filtering application filtering in a similar way. Utilizing category based URLs and Applications with recommended risk levels. Fortinet published their application/web catalogs at http://www.fortiguard.com. Checkpoint published their URL categorization at https://www.checkpoint.com/urlcat/main.htm and Application Catalog at http://appwiki.checkpoint.com/appwikisdb/public.htm. At this time I can confirm Checkpoint has 6,578 applications identified while Fortinet has roughly 3,500 (Please confirm with your sales rep on this number as I got it from their catalog’s last displayed number of applications and it could have been a display limit rather than the total identified).

    I do not have experience with Checkpoint’s IPS and Antivirus in an implemented production use so I can’t provide am accurate comparison. Based on Fortinet’s demos and my experience I would say that it is a comprehensive product. Due to Fortinet’s market (Non-enterprise businesses) and their licensing model (comprehensive of all features) they have a higher rate of discovery, writing a signature, and deploying it than Checkpoint. Also if you purchase the FortiSandbox (enterprise class product) you will have a good result for zero-day attacks.

    In the VPN space I currently have a preference for CheckPoint. I find that their approach is very simple, easy to understand, and reliable. Fortinet provides a Wizard based configuration for their VPN tunnels as well as a manual creation process. I find the approach to be more complicated than it needs to be.

    Note on Sizing… When it comes to FortiGate if you can afford it start your specs at FG-100D. I have found the lower models to have some quirks. If you are looking for a centrally managed solution Checkpoint includes base central management with all of their models starting at 1100. If you are going to centrally manage your firewalls I would suggest purchasing a VM based Open Server for management and logging. The equivalent would be a FortiManager.

    I hope this helps,

    Christopher L. Butler

    Christopher L. Butler CCP-Network, CCA-Netscaler

    it_user125364 - PeerSpot reviewerit_user125364 (CTO at a legal firm with 501-1,000 employees)
    Vendor

    We have chosen Fortinet after a long evaluation effort, while CheckPoint was our next best option. So you can't go terribly wrong with either. The reason we chose Fortinet is that it provided us a better bang for the buck. Be careful, however, with the advertized throughput of Fortinet devices as you often get only 50-70% of the advertized value, so size your devices accordingly.

    One thing to consider is that UTMs are often not as good as a dedicated product, especially when it comes to web proxies. You should carefully consider your requirements and compare them with the capabilities of the UTMs you are considering. One tricky issue we are facing is web proxies for mobile devices, and there we are considering a cloud-based web proxy solution.

    it_user165153 - PeerSpot reviewerit_user165153 (Editor/Writer at a media company with 501-1,000 employees)
    Vendor

    As far as dollars per protection, I would say Fortinet is your solution. I found this article pretty helpful: http://www.itgweb.com/blog/the-top-10-reasons-to-choose-a-fortinet-next-generation-firewall

    Questions from the Community
    Top Answer:The central management feature is a big plus, allowing us to manage both local and cloud gateways from one platform.
    Top Answer:The pricing is okay. I know the cost for the competitors and CloudGuard pricing is fine. It is cheaper than other firewalls.
    Top Answer:There is room for improvement in addressing bugs and support issues. Communication with support, particularly with certain teams, can sometimes be challenging and slow, impacting problem resolution.
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and usage at large. In my opinion, Fortinet would be the best option and l use Fortinet too.… more »
    Top Answer:From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know the firewalls change every 5 to 7 years as stated but you really do need to… more »
    Top Answer:As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite good. The most valuable features for me are their web and email filtering. I would… more »
    Ranking
    7th
    out of 26 in WAN Edge
    Views
    575
    Comparisons
    323
    Reviews
    28
    Average Words per Review
    514
    Rating
    8.5
    1st
    out of 26 in WAN Edge
    Views
    16,034
    Comparisons
    11,918
    Reviews
    64
    Average Words per Review
    574
    Rating
    8.4
    Comparisons
    Also Known As
    CloudGuard IaaS, Check Point vSEC, CloudGuard IaaS, Check Point Virtual Systems, Check Point CloudGuard Network Security
    FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
    Learn More
    Overview

    CloudGuard Network Security is a firewall solution that provides network security for cloud environments. It protects against cyber threats with multi-layered security for public, private, and hybrid clouds. 

    CloudGuard Network Security offers advanced threat prevention, firewall, VPN, and application security services, designed to secure cloud infrastructure, virtual networks, and cloud-based applications and workloads.

    CloudGuard Network Security Features

    CloudGuard Network Security has many valuable key features. Some of the most useful ones include:

    • Advanced threat prevention: The solution Includes anti-virus, anti-bot, and intrusion prevention to defend against known and unknown threats.
    • Firewall: It has a stateful inspection firewall and network address translation (NAT) to secure traffic flow between cloud resources and the internet.
    • VPN: CloudGuard Network Security offers secure and encrypted connectivity for remote users and between cloud resources.
    • Application security: It includes a web application firewall (WAF) and SSL inspection to secure web applications and protect against cyber attacks.
    • Cloud-native architecture: The solution is designed specifically for cloud environments and integrates with cloud-native services like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).
    • Compliance and governance: It helps organizations comply with regulations such as PCI DSS, HIPAA, and GDPR by providing detailed reporting and auditing capabilities.
    • Multi-layered security: CloudGuard Network Security provides a comprehensive security solution with multiple layers of defense for maximum protection.

    CloudGuard Network Security Benefits

    There are many benefits to implementing CloudGuard Network Security. Some of the biggest advantages the solution offers include:

    • Scalability and flexibility: The solution supports dynamic scaling and flexible deployment options to meet the changing needs of cloud environments.
    • Automated deployment and management: CloudGuard Network Security enables fast and efficient deployment and management of security services through a centralized, cloud-based management console.
    • Future-proof: Designed for the cloud and integrated with cloud-native services, CloudGuard Network Security helps organizations prepare for future cloud requirements and advancements.

    Reviews from Real Users

    CloudGuard Network Security is a solution that stands out when compared to many of its competitors. Some of its major advantages are that it has good cloud security, is cost-effective, has no false positives, improves productivity, and much more.

    Bernard O., Technical Engineer at Harnssen Group Limited, says, "Check Point is one of the few solutions that pay attention to cloud security. Many others mostly focus on providing on-premises solutions."

    Another PeerSpot reviewer, Shrinkhala S., Senior Manager at Agriculture Skill Council of India appreciates the solution for many reasons: “There are no security lapses and 100% restriction of threat entrants in the system or server. It's a cost-effective solution with no false positive cases. The product helps in bringing productivity and enhanced customer experience for users.

    We have a happy workforce and more workforce retention and increased IT environment sustainability. There is 100% proactive detection of root causes and root sources. It is dynamic and agile, and its features and utilities continuously improve and evolve. It's the best-unified endpoint management solution for IT systems globally. The product is available for all kinds of business users.”

    "One of the main characteristics that CloudGuard Network Security has given us isgranularity and visibility,” explains Adriamcam, Consultant at ITQS.

    Fortinet FortiGate enhances network security, prevents unauthorized access, and offers robust firewall protection. Valued features include advanced threat protection, reliable performance, and a user-friendly interface. It improves efficiency, streamlines processes, and boosts collaboration, providing valuable insights for informed decision-making and growth.

    Sample Customers
    Physicians Choice Laboratory Services, Helvetica Insurance
    1. Amazon Web Services 2. Microsoft 3. IBM 4. Cisco 5. Dell 6. HP 7. Oracle 8. Verizon 9. AT&T 10. T-Mobile 11. Sprint 12. Vodafone 13. Orange 14. BT Group 15. Telstra 16. Deutsche Telekom 17. Comcast 18. Time Warner Cable 19. CenturyLink 20. NTT Communications 21. Tata Communications 22. SoftBank 23. China Mobile 24. Singtel 25. Telus 26. Rogers Communications 27. Bell Canada 28. Telkom Indonesia 29. Telkom South Africa 30. Telmex 31. Telia Company 32. Telkom Kenya
    Top Industries
    REVIEWERS
    Computer Software Company15%
    Manufacturing Company14%
    Financial Services Firm10%
    Security Firm10%
    VISITORS READING REVIEWS
    Computer Software Company14%
    Financial Services Firm13%
    Manufacturing Company7%
    Comms Service Provider7%
    REVIEWERS
    Comms Service Provider16%
    Computer Software Company9%
    Financial Services Firm8%
    Manufacturing Company7%
    VISITORS READING REVIEWS
    Educational Organization20%
    Computer Software Company15%
    Comms Service Provider8%
    Manufacturing Company6%
    Company Size
    REVIEWERS
    Small Business36%
    Midsize Enterprise20%
    Large Enterprise44%
    VISITORS READING REVIEWS
    Small Business27%
    Midsize Enterprise14%
    Large Enterprise59%
    REVIEWERS
    Small Business48%
    Midsize Enterprise23%
    Large Enterprise30%
    VISITORS READING REVIEWS
    Small Business27%
    Midsize Enterprise32%
    Large Enterprise41%
    Buyer's Guide
    Check Point CloudGuard Network Security vs. Fortinet FortiGate
    March 2024
    Find out what your peers are saying about Check Point CloudGuard Network Security vs. Fortinet FortiGate and other solutions. Updated: March 2024.
    765,234 professionals have used our research since 2012.

    Check Point CloudGuard Network Security is ranked 7th in WAN Edge with 112 reviews while Fortinet FortiGate is ranked 1st in WAN Edge with 306 reviews. Check Point CloudGuard Network Security is rated 8.6, while Fortinet FortiGate is rated 8.4. The top reviewer of Check Point CloudGuard Network Security writes "The solution has good threat emulation, threat extraction, and reporting features". On the other hand, the top reviewer of Fortinet FortiGate writes "It's a reliable solution that's easy to install and cheaper than competitors ". Check Point CloudGuard Network Security is most compared with Azure Firewall, VMware NSX, Cisco Secure Firewall, Palo Alto Networks VM-Series and Akamai Guardicore Segmentation, whereas Fortinet FortiGate is most compared with Sophos XG, Cisco Secure Firewall, Netgate pfSense, Meraki MX and Check Point NGFW. See our Check Point CloudGuard Network Security vs. Fortinet FortiGate report.

    See our list of best Software Defined WAN (SD-WAN) Solutions vendors, best WAN Edge vendors, and best Firewalls vendors.

    We monitor all WAN Edge reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.