We performed a comparison between Check Point NGFW and Cisco Secure Firewall based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Check Point users are happier with its VPN and with its pricing. However, Cisco Secure users are happier with its service and support.
"We can detect any attack of viruses or malware at the first point of contact."
"Fortigate is very scalable to serve our customers' needs. We have scaled already from fifty to more than a hundred instances of Fortinet FortiGate. Around 20 staff are required for deployment and maintenance, mostly engineers."
"Web filtering and two-factor authentication are great features."
"It's a user-friendly firewall. Most of the tasks are very simple. It's simple to configure and troubleshoot this firewall."
"The most valuable features of the solution are SD-WAN, filtering testing applications, web filtering, and the new VPN."
"The product is easy to use and is stable. The SV1 functionality is a benefit."
"The most valuable feature is the policy routing and application control."
"The security features that they have are quite good. On top of that, their licensing model is quite nice where they don't charge you anything for the SD-WAN functionality for the firewall."
"It provides a central station where it is very easy to deploy our firewall policy in one click to many firewalls. This is one of the leading perks. It saves time by having one central station because I can deploy the same kind of policy to many firewalls at once."
"Check Point is very administrator-friendly and the SmartDashboard is easy to use."
"The features that are important include: IPS, sandbox, SandBlast, Anti-Bot, and URL filtering."
"It is giving us a greater reach for greater prevention and is proactively protecting our employees."
"Check Point firewalls have significantly improved our ability to detect and prevent threats."
"Apart from it having very good features, I personally like the vulnerability assistance via report management which detects host and network vulnerability."
"Configuration and deploying are easy."
"There is a lot of legacy traffic from other vendors that has been migrated to Check Point which has resulted in a lot of stability in our environment."
"VPN and firewall are good features."
"Unfortunately in Cisco, only the hardware was good."
"The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy."
"The setup was straightforward. I was happy with the configuration and deployment of the solution, as it was quick."
"We find all of its features very useful. Its main features are policies and access lists. We use both of them, and we also use routing."
"The most valuable feature would be ASDM. The ability to go in, visualize and see the world base in a clear and consistent manner is very powerful."
"For us, the most valuable features are the IPX and the Sourcefire Defense Center module. That gives us visibility into the traffic coming in and going out, and gives us the heads-up if there is a potential outbreak or potential malicious user who is trying to access the site. It also helps us see traffic generated by an end device trying to reach out to the world."
"ASA integrates with FirePOWER, IPS functionality, malware filtering, etc. This functionality wasn't there in the past. With its cloud architecture, Cisco can filter traffic at the engine layer. Evasive encryptions can be entered into the application, like BitTorrent or Skype. This wasn't possible to control through a traditional firewall."
"One issue that I have had is that sometimes I need to monitor the traffic, so I need to filter it according to the user and which user is using it the most. I experience a bottleneck most of the time, particularly at the peak time when the number of contracts and users are at maximum."
"The setup is pretty complex and not easy to implement."
"Some configuration elements cannot be easily altered once created."
"The feature which gives us a lot of pain is ASIC architecture."
"It would be ideal if they had some sort of GUI interface for troubleshooting and diagnostics."
"It's my understanding that more of the current generation features could be brought in. There could be more integration with EDRs, for example."
"They need to improve their technical support."
"Reporting is limited to providing an external appliance for improving the reporting capabilities of the FortiAnalyzer. It does not offer a central management and is also sold separably as an appliance."
"It should allow more than two internet providers in its configuration of "ISP Redundancy"."
"A lot of things need to be improved in Check Point NGFW. One, their support team isn't very efficient and useful."
"We would like to see constant improvement in anti-malware functionality and anti-threat protection."
"The equipment is complex, so you need guidance from specialized people or those who constantly work with Check Point. Better forums and information manuals could be provided so that users from different institutions can have more access to the information."
"Error logs can be more specific."
"Support for customers really needs to improve."
"The Check Point TAC support has, in recent years, deteriorated."
"I hope for product simplification. It would be better to use one security console, instead of many of them (for licensing and monitoring). The solution is hard for newcomers and takes much time to deep in. Also, I want a historical graph for throughput and system resources usage. Maybe it will be great to make easy step-by-step installation and configuration cookbooks as Fortinet did, and integrate the documentation within the solution."
"Cisco provides us with application visibility and control, although it's not a complete solution compared to other vendors. Cisco needs to work on the application behavior side of things, in particular when it comes to the behavior of SSL traffic."
"I would like it to be easier to work with and have a better user interface. It is not straightforward. You need to know the Cisco command-line interface."
"It is expensive."
"There used to be information displayed about the packets in a module called Packet Flow, but it is no longer there."
"The solution could offer better control that would allow the ability to restrictions certain features from a website."
"Changes you make in the GUI sometimes do not reflect in the command line and vice versa."
"The configuration is an area that needs improvement."
"In terms of what could be improved, I would say the UTM part should be more integrated for one price, because if you buy ASA from Cisco, you need to buy another contract service from Cisco as a filter for the dictionary of attacks. In Fortinet, you buy a firewall and you have it all."
Check Point NGFW is ranked 5th in Firewalls with 275 reviews while Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews. Check Point NGFW is rated 8.8, while Cisco Secure Firewall is rated 8.2. The top reviewer of Check Point NGFW writes "Good antivirus protection and URL filtering with very good user identification capabilities". On the other hand, the top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". Check Point NGFW is most compared with Palo Alto Networks NG Firewalls, Sophos XG, Netgate pfSense, Azure Firewall and OPNsense, whereas Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and OPNsense. See our Check Point NGFW vs. Cisco Secure Firewall report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.