We performed a comparison between Check Point CloudGuard Network Security and Fortinet FortiGate based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"IPS and Snort are very important because they also differentiate Cisco from other vendors and competitors."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands."
"Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch."
"The features I've found most valuable are the packet captures and packet traces because they help me debug connections. I like the logs because they help me see what's going on."
"Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."
"It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."
"The most valuable feature is the access control list (ACL)."
"Advanced check prevention is a great feature that provides threat intelligence at speed."
"The solution has been quite stable."
"The features of the solution which I have found most valuable are its flexibility and agility. It's a fully scalable solution, from our perspective. We can define scaling groups and, based on the load, it will create new instances. It's truly a product which is oriented toward the cloud mindset, cloud agility, and this is a great feature."
"The most valuable feature is the centralized dashboard, which is used for managing all of the Check Point Security Gateways."
"Check Point has pretty simple solutions, like the virtual appliance which you just download and it is imported into VMware and you just start using it."
"It's possible to sync the Check Point Management with the cloud portal, therefore allowing automated rules to be set in place whenever creating a new VM."
"Auto Scaling is one of the features that make me want to choose CloudGuard over actual HW."
"The most valuable feature of Check Point CloudGuard Network Security is the increased mail protection including spam."
"We've found the solution to be pretty stable."
"It's super reliable. I don't think I've ever had a reliability issue with it."
"The customization potential is quite impressive."
"The most valuable features are the enterprise modeling and the simple interface."
"I like that they have given me a solution at a fair price."
"From the firewall perspective, the rules and policies are very sufficient and easy to use."
"The solution can scale well."
"The scalability is good in Fortinet FortiGate."
"I'm not a big fan of the FDM (Firepower Device Manager) that comes with Firepower. I found out that you need to use the Firepower Management Center, the FMC, to manage the firewalls a lot better. You can get a lot more granular with the configuration in the FMC, versus the FDM that comes out-of-the-box with it. FDM is like Firepower for dummies."
"It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."
"Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment."
"An area of improvement for this solution is the console visualization."
"We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."
"Implementations require the use of a console. It would help if the console was embedded."
"The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough."
"It would be great if some of the load times were faster."
"The business and product development team should introduce a high-end feedback collection mechanism and analyze the customer requirements constructively."
"As an administrator, I can say that among all of the Check Point products I have been working with so far, the Virtual Systems solution is one of the most difficult."
"Check Point support, beyond CloudGuard, does need some improvement."
"I would like to see a step-by-step initial installation of the firewall. That would be really helpful. Like in Oracle appliances, when you start it asks you, what's your current IP address? An initial setup should be a step by step and intuitive process. You click on "begin," it asks you some simple questions. You fill in the blanks - your current IP address, what you want to do, you want to set up a site to site VPN, for example, that kind of thing. That would be the smartest thing to have."
"The solution is not that flexible when deploying on-prem."
"The documentation has been rough. Being able to do it yourself can be hit or miss given the constraints of the documentation."
"The initial setup is complex and could be made simpler."
"At the cost level, the solution is somewhat expensive."
"Fortinet FortiGate could improve by adding enhancements to FortiMail, FortiSOAR, and FortiDeceptor."
"Fortinet FortiGate is a stable solution. However, my issue is the performance only. When I use all the profiles, this affects the performance. From the beginning, I should have had a better sizing of the box."
"The firmware needs improvement because there are bugs when a new release comes through. Sometimes, the configuration changes, and it's a bit harder to see where the fail is. The first time that you have the firmware, it tends to have some issues, and it's better to wait a bit to update the equipment."
"You do need some IT knowledge in order to effectively work with the solution."
"In terms of what could be improved, the SD-WAN is quite difficult, because if you install the new box, 15 is okay, but if you change from an old configuration, if there is already configuration and a policy when you change to SD-WAN, you must change the whole policy that you see in the interface."
"Lacks training for new features."
"The stability of Fortinet FortiGate could improve."
"If I had any criticism that I would give FortiGate, it would be that they need to stop changing their logging format. Every time we do a firmware upgrade, it is a massive issue on the SIM. Parsers have to be rebuilt. Even the FortiGate guys came in and said that they don't play well in the sandbox."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
More Check Point CloudGuard Network Security Pricing and Cost Advice →
Check Point CloudGuard Network Security is ranked 8th in Firewalls with 32 reviews while Fortinet FortiGate is ranked 1st in Firewalls with 168 reviews. Check Point CloudGuard Network Security is rated 8.4, while Fortinet FortiGate is rated 8.4. The top reviewer of Check Point CloudGuard Network Security writes "You can have everything under a single pane of glass". On the other hand, the top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". Check Point CloudGuard Network Security is most compared with Azure Firewall, VMware NSX, Palo Alto Networks VM-Series, Sophos XG and Barracuda CloudGen Firewall, whereas Fortinet FortiGate is most compared with pfSense, Cisco ASA Firewall, Sophos XG, Check Point NGFW and WatchGuard Firebox. See our Check Point CloudGuard Network Security vs. Fortinet FortiGate report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi,
I've been working with gateprotect UTM recently. It's cost effective and much easy to work with compared to Fortinet and Checkpoint UTM.
http://www.gateprotect.com/en/Products/easy-use-eGUI
With the quick guide packed with screen shots, and clear simple instructions, you'll get to know how easy and simple it is to get the gateprotect UTM up and running in no time.
http://www.gateprotect.de/landing/start/start-en.html
Also note gateprotect UTM has been identified as a top choice for SMB in Gartner UTM firewall survey, which makes it a reliable product/solution.
http://www.gateprotect.com/en/gateprotect-identified-top-choice-small-medium-sized-businesses-gartner-utm-firewall-survey-0
http://www.gateprotect.com/en/gateprotects-positioning-gartner-magic-quadrant
Go for checkpoint
regards
kapil yadav
Hi
Both options are good but i would recommend the Cyberaom as i have had a
chance to work with it before.
Other options is Cisco Ironport .
Regards
Brian
Hi Russell,
I advise you to go with Sophos if not I advise you to go with Fortinet.
Did you ask your team to check Sophos demo I sent?
Regard
Maroun Jean Abboud
Mobile : 00961 70943122
Skype :maroun_abboud1
Both devices are good. Checkpoint is one of the market leader who gives a
good UTM solution. Fortinet is cheaper when compare to checkpoint and
flexible.
You may try the Paloalto which gives more attention on zero day attacks.
Thanks & Regards /*Ramesh M*
At this point in time all of the major firewall vendors marketing Next-Gen firewalls provides similar features. I recently participated in a 2 day meeting with sales and engineers with Fortinet. I have to say Fortinet has come a long way in the last few years and am beginning to like their product more and more. In terms of feature set the two products are nearly identical.
When comparing the two vendors there a clear separation in which product focus is clear. Fortinet is a major winner in their smaller units and provide the most bang for your buck. When central management with datacenter and enterprise sized firewalls are required you will find Checkpoint is the leader. In your question you mention CheckPoint UTM. When mentioning this I immediately think of the UTM-1N (old Model) or 620 (New Model). This is a standalone unit and is in the $500.00 - $800.00 range. A comparable unit would be a Fortinet FG-30D. These are the lower end units and I would not recommend them for a solution involving the number of product blades/features you have listed. I have a FotiWifi-60D for my home and it works quite well. I have all the blades configured and enabled. In my home we have 3 sometimes 4 occupants running games and/or streaming video constantly. We average 90GB of internet traffic a month. I have found the FortiWifi-60D able to keep up with the load but at times does peak in CPU and Memory.
A major difference between Fortinet and Checkpoint is their GUI. I find the Checkpoint GUI to be much more intuitive and easier adapt to for new users. Fortinet on the other hand, excels in the CLI with a Cisco/Avaya mixed interface and help structure. Checkpoint is Linux based and almost any Linux command functions on their systems, however, there is limited tab completion and no mid command assistance.
In regards to the firewall blade aka port based firewall I do not see one vendor being better than the other. I would leave this as a preference for what you are used to and what works best for you.
I am going to lump Web Filtering, Layer7- App Filtering together. Both Fortinet and Checkpoint have powerful next-gen capabilities. Both vendors approach web filtering application filtering in a similar way. Utilizing category based URLs and Applications with recommended risk levels. Fortinet published their application/web catalogs at http://www.fortiguard.com. Checkpoint published their URL categorization at https://www.checkpoint.com/urlcat/main.htm and Application Catalog at http://appwiki.checkpoint.com/appwikisdb/public.htm. At this time I can confirm Checkpoint has 6,578 applications identified while Fortinet has roughly 3,500 (Please confirm with your sales rep on this number as I got it from their catalog’s last displayed number of applications and it could have been a display limit rather than the total identified).
I do not have experience with Checkpoint’s IPS and Antivirus in an implemented production use so I can’t provide am accurate comparison. Based on Fortinet’s demos and my experience I would say that it is a comprehensive product. Due to Fortinet’s market (Non-enterprise businesses) and their licensing model (comprehensive of all features) they have a higher rate of discovery, writing a signature, and deploying it than Checkpoint. Also if you purchase the FortiSandbox (enterprise class product) you will have a good result for zero-day attacks.
In the VPN space I currently have a preference for CheckPoint. I find that their approach is very simple, easy to understand, and reliable. Fortinet provides a Wizard based configuration for their VPN tunnels as well as a manual creation process. I find the approach to be more complicated than it needs to be.
Note on Sizing… When it comes to FortiGate if you can afford it start your specs at FG-100D. I have found the lower models to have some quirks. If you are looking for a centrally managed solution Checkpoint includes base central management with all of their models starting at 1100. If you are going to centrally manage your firewalls I would suggest purchasing a VM based Open Server for management and logging. The equivalent would be a FortiManager.
I hope this helps,
Christopher L. Butler
Christopher L. Butler CCP-Network, CCA-Netscaler
We have chosen Fortinet after a long evaluation effort, while CheckPoint was our next best option. So you can't go terribly wrong with either. The reason we chose Fortinet is that it provided us a better bang for the buck. Be careful, however, with the advertized throughput of Fortinet devices as you often get only 50-70% of the advertized value, so size your devices accordingly.
One thing to consider is that UTMs are often not as good as a dedicated product, especially when it comes to web proxies. You should carefully consider your requirements and compare them with the capabilities of the UTMs you are considering. One tricky issue we are facing is web proxies for mobile devices, and there we are considering a cloud-based web proxy solution.
As far as dollars per protection, I would say Fortinet is your solution. I found this article pretty helpful: http://www.itgweb.com/blog/the-top-10-reasons-to-choose-a-fortinet-next-generation-firewall