We performed a comparison between Check Point NGFW, Cisco Secure Firewall, and Fortinet FortiGate based on real PeerSpot user reviews.
Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls."The ability to split single hardware into multiple virtuals along with support for dynamic routing using BGP is very useful for our environment."
"We can decipher the activity of each connection and see what is inside it."
"Its most significant strength lies in its superior threat detection engines."
"It also gives us a single console for everything. Rather than having one device for URL filtering and a different device as a firewall, this gives us everything in one place."
"The only area that Check Point still seems to excel in is their logging."
"In R80.10 and above, you can view logs in SmartConsole. You don't have to open another smart tracker to view logs. That is the improvement Check Point has done which makes it better because it is much easier to find logs. This saves time, approximately 40 to 50 a day in one shift."
"The overall security of the environment has been greatly improved by the Check Point NGFWs. Before implementing this solution we have to rely on the Cisco ACLs and Zone-Based firewall that we had configured on switches and routers, which in fact a simple stateful firewall, and currently not an efficient for protecting from advanced threats."
"We have found the solution to be scalable."
"The most valuable feature is IPS. It's a feature that's very interesting for tackling the most current attacks."
"Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening."
"It is very stable compared to other firewall products."
"Logging is great. It will show when it reaches its capacity before it is too late, unless you have bursts of traffic."
"Signature-based detection; user-defined signatures with regular expressions; integrated URL and content filtering; custom URL categories filtering."
"VPN and firewall are good features."
"It is easy to create interfaces and routing, which all can be done at the GUI level."
"It's very scalable. You can go to different models of the ASAs and they scale up to as big as you want to go."
"There are great templates, so you don't have to customize them if you don't want to. You do have the option to custom create some folders and some reports, however, with what is there, you don't really need to go through extra effort, as they already give you a lot of predefined views of reports and so forth."
"Unified Threat Management (UTM) features."
"It is quite easy to handle."
"Mainly the FortiGate reporting system is very good. It guides us through all the expectations of security. Fortinet provides us all that we need for security. Also, Fortinet FortiGate is a next-generation firewall. It is much more advanced than others."
"Initial setup is easy to configure."
"We use the FortiGate Sandbox to detect zero-day vulnerabilities, such as anomalies or malware, that are unknown and have not yet been discovered."
"It is simple to manage, and there are a lot of functionalities in the same box."
"The next-generation firewall is great."
"The Check Point TAC support has, in recent years, deteriorated."
"The pricing for the Check Point products should be reconsidered - we found it to be quite expensive to purchase, and to maintain (the licenses and the support services need to be prolonged regularly)."
"It could be easier to access the installation of the Hostfix for VSX solutions. The CLI commands help us understand how virtual firewalls behave in terms of processor, memory, and other aspects. More graphic visualizations of CPUSE commands would be a welcome improvement, and Check Point could expand scripts to run within the solution for multiple tasks."
"Management: Check Point should move away from its current architecture wherein it mandatorily requires a management server to manage the gateways. They should develop A feature in the gateway itself so that no management server is needed for policy and gateway management."
"I would like the graphic user interface to be easier to use. For example, the NAT policy should be easier to use. Check Point's NAT policy is somewhat confused compared to other competitors."
"The initial setup is a bit complex."
"Check Point should quickly update and expand its application database to have what Palo Alto has."
"The anti-spam needs improvement."
"REST API stability needs improvement in order for customizing resource allocation available to the user rather than just being there transparently. This way users can customize REST API and tailor it to their needs."
"The artificial intelligence and machine learning (behavioral based threat detection), which I can this will be coming out in another year, these are what we need now."
"The user interface is too complex for people who are not trained to or certified to engage with the product. The interface should be easier to use."
"In my experience, a number of engineers get tunnel vision with devices. This is exacerbated by vendors fostering a silo mentality in disciplines."
"The installation and integration of Cisco ASA with FirePOWER can be improved. The management with Fortigate is easier than Cisco ASA on FirePOWER. The management side of Cisco ASA can be improved so it can be more easily configured and used."
"I would like the ability to drill down into certain reports because currently, that cannot be done."
"It lacks management. For me, it still doesn't have a proper management tool or GUI for configuration, logging, and visualization. Its management is not that easy. It is also not very flexible and easy to configure. They used to have a product called CSM, but it is no longer being developed. FortiGate is better than this solution in terms of GUI, flexibility, and user-friendliness."
"There are some limitations with SSL. Regarding the security assessment for the ISO 27000 standard, there are certain features that Cisco needs to scale up. Not all products support it, so you need to be slightly careful, especially on the site track."
"It needs to improve its ISP load balancing."
"Fortinet should focus on enhancing the capabilities of FortiGate by consolidating its various products, such as FortiGate Cloud, FortiManager, and FortiAnalyzer."
"We'd like more management across other integrations."
"To some degree, it's almost a question as to why some of this stuff isn't simpler. For example, for an AP deployment, while it's integrated, the number of steps that you have to go through in order to get the AP up, seems like a lot."
"I think they need to improve more in order to be a competitor with the leaders of the field."
"It would be a benefit if Fortinet would release a one-stop solution that is better integrated with other products and an automated emergency response system."
"Difficult to add or define, and not that easy to configure and manage."
"The feedback that I have received is that the performance could be better, and the user experience is not as good compared to a previous solution we used. It could be more user-friendly. Of course, it still works fine for our operations."
