We changed our name from IT Central Station: Here's why

Check Point NGFW vs Fortinet FortiGate comparison

Cancel
You must select at least 2 products to compare!
Comparison Summary
Question: How does Check Point NGFW compare with Fortinet Fortigate?
Answer: I have worked for several years with the Check Point platform (NGFW) and it is by far more stable in hardware and software. It is a very friendly platform and easy to configure. It is true that it is a bit expensive according to the required blades but it is a platform that is worth having as security in a corporate.
Featured Review
Find out what your peers are saying about Check Point NGFW vs. Fortinet FortiGate and other solutions. Updated: January 2022.
563,148 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"We have not had to deal with stability issues.""The most valuable features of this solution are the integrations and IPS throughput.""The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate.""I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable.""I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection.""If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.""The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands.""The Adversity Malware Protection (AMP) feature is the most valuable. It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard."

More Cisco Firepower NGFW Firewall Pros →

"Check Point has a centralized console that makes it possible to manage all the deployed equipment. It also has a built-in VPN service that lets users connect through VPN to our organization, which facilitates teleworking while cutting off unauthorized access to the organization's internal network.""The packet inspection capabilities are great.""It has various features, like Threat Prevention and Antivirus. It is easier to use and have knowledge of a single device rather than multiple devices/technologies when doing an installation. It is also easy to use because of having Antivirus and Threat Prevention features within the same firewall.""As a system administrator my favourite part of Check Point is the smart view tracker. This alone is a must-have tool for tracking all traffic traversing the Check Point appliance.""The initial setup is very straightforward.""The rules are very easy to deploy and can be optimized pretty quickly.""By deploying Check Point, it has made it easier to manage everything from a single interface. The management dashboard and policies are on its single pane of glass.""The most valuable features for us are identity awareness, IDS and IPS, and application control."

More Check Point NGFW Pros →

"The solution is scalable.""The simplicity of the product is great. It's very easy to use, which is a compliment we get all the time in terms of feedback.""The most valuable feature of this solution is the analytics.""There are great templates, so you don't have to customize them if you don't want to. You do have the option to custom create some folders and some reports, however, with what is there, you don't really need to go through extra effort, as they already give you a lot of predefined views of reports and so forth.""The most valuable features are that it is very simple to configure and to manage.""I think that the UTM features are the most value, as it truly protects my infrastructure.""Its user interface is good, and it is always working fine.""The main reason why I purchased the particular unit was that it had good reviews and what other people were saying as far as its completeness and its leading capabilities in terms of endpoint security was very good."

More Fortinet FortiGate Pros →

Cons
"On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it.""FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it.""When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance.""We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve.""There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility.""I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device.""We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond.""Implementations require the use of a console. It would help if the console was embedded."

More Cisco Firepower NGFW Firewall Cons →

"The product or services can be improved from the cost and the pricing perspective.""While not being cheap, their pricing models are competitive. In the pricing structure, however, they need improvement.""Several of the security modules including IPS, URL Filtering, and Anti-Virus, are based on HTTPS inspection, losing relevant security capabilities if you don't implement it in your network.""The predefined reports are few and it would be nice to increase them since the logs are excellent.""There should be better integration with our current NAC solution to increase the granularity of policies that we implement.""The upgrading process takes too much time.""Potential improvements could be made around simplifying VPN functionality and configuration.""Identity Awareness has been a massive source of problems for our deployment and the ability to debug it has been lacking."

More Check Point NGFW Cons →

"The logs need to be better. They need to be more visible and easier to access.""The pricing could be reduced or include the first year warranty.""The product does need better support in the cloud environment. It's not exactly cloud-native right now.""They sometimes hide some features and if you want to enable them, you have to go in the CLI, enable the feature and configure it through the CLI. Customers, typically, like everything to be done by the GUI.""There are a lot of bugs I have found in the solution and it is difficult to upgrade. These areas need improvement.""If they had better integration with security products, such as Cisco ISE or Rapid Threat Containment, then it would be an improvement.""The performance and speed are aspects of the solution that could always be improved upon.""Some of the features in the graphical user interface do not work, which requires that we used the command-line-interface."

More Fortinet FortiGate Cons →

Pricing and Cost Advice
  • "Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
  • "There are additional implementation and validation costs."
  • "Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
  • "This product requires licenses for advanced features including Snort, IPS, and malware detection."
  • "This product is expensive."
  • "For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
  • "The price of Firepower is not bad compared to other products."
  • "The solution was chosen because of its price compared to other similar solutions."
  • More Cisco Firepower NGFW Firewall Pricing and Cost Advice →

  • "Maybe the pricing is a bit high but you get the durability and the duration."
  • "Licensing issues may be confusing at times."
  • "It is quite an expensive product, although security is a top priority."
  • "This product is not cheap and there are additional costs that depend on what model or package that you buy."
  • "Palo Alto is somehow not as good as Check Point, budget-wise and performance-wise. Palo Alto is more costly than Check Point."
  • "Comparatively, Check Point pricing is a little high. However, if you have that budget, I would recommend anybody to go with Check Point."
  • "The pricing and licensing are expensive. If you compare it with Fortinet, then it is cheaper on a yearly basis. However, Check Point is the most expensive firewall right now in terms of licenses and its appliance. My recommendation is if you want a long-term investment, then you should use an open server. If you use an open server, then the latency is really low. If you pay for a full appliance, it's more expensive."
  • "Use the basic sizing tool to do the correct sizing so you don't waste too much money, because it's not a very cheap solution when compared to other vendors."
  • More Check Point NGFW Pricing and Cost Advice →

  • "Fortinet is the least expensive solution."
  • "It's very affordable."
  • "Setup cost may be not so low, as you expect, because it depends on different factors, but TCO for 5 years may pleasantly surprise you."
  • "The Indian market is different than the European and American markets. When you compare they need to be a bit more aggressive on pricing."
  • "I think that the pricing is fair."
  • "For our organization, the licensing costs are approximately $7,000 per year."
  • "It's an expensive solution."
  • "The price is okay."
  • More Fortinet FortiGate Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    563,148 professionals have used our research since 2012.
    Answers from the Community
    Netanya Carmi
    author avatarGreg Plante
    Real User

    We had this same discussion recently with my organization. It came down to the security of the platform. 


    Fortinet has had a number of breaches over the last 2 years and this was a key factor in our decision. 


    The challenge with Check Point will be the transition from our existing firewall and taking advantage of the various features across our organization. 

    Questions from the Community
    Top Answer: 
    When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer: 
    The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
    Top Answer: 
    It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer: 
    I have experience on both from Disti and channel experience. Please find below my comments (nothing new as such)… more »
    Top Answer: 
    Azure Firewall is easy to use and provides excellent support. Valuable features include integration into the overall… more »
    Top Answer: 
    The central management console has helped with segregation, where planned interventions with management consoles do not… more »
    Top Answer: 
    As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite… more »
    Top Answer: 
    In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
    Top Answer: 
    Fortinet’s Fortigate is a firewall solution we use and are very much satisfied with its performance. We find Fortigate… more »
    Comparisons
    Also Known As
    Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
    Check Point NG Firewall, Check Point Next Generation Firewall
    FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
    Learn More
    Overview

    Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
    small/branch offices to high performance data centers and service providers. Available in a wide
    range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
    defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
    Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
    features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
    volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
    for increased performance, high availability configurations, and more.
    Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
    deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
    the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
    can deliver micro-segmentation to protect east-west network traffic.
    Cisco firewalls provide consistent security policies, enforcement, and protection across all your
    environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
    delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
    SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
    greater simplicity, visibility, and efficiency.
    Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

    Offered via the Check Point Infinity architecture, Check Point’s NGFW includes 23 Firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance. Learn More about Next Generation Firewall and What is Firewall?

    The FortiGate family of NG firewalls provides proven protection with unmatched performance across the network, from internal segments, to data centers, to cloud environments. FortiGates are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.

    Offer
    Learn more about Cisco Firepower NGFW Firewall
    Learn more about Check Point NGFW
    Learn more about Fortinet FortiGate
    Sample Customers
    Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
    Control Southern, Optimal Media
    Pittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona State University, Levi Strauss & Co. Whitepaper and case studies here
    Top Industries
    REVIEWERS
    Comms Service Provider22%
    Financial Services Firm16%
    Manufacturing Company8%
    Non Profit8%
    VISITORS READING REVIEWS
    Comms Service Provider33%
    Computer Software Company21%
    Government7%
    Manufacturing Company4%
    REVIEWERS
    Financial Services Firm26%
    Computer Software Company15%
    Comms Service Provider8%
    Retailer6%
    VISITORS READING REVIEWS
    Comms Service Provider33%
    Computer Software Company22%
    Government6%
    Financial Services Firm6%
    REVIEWERS
    Comms Service Provider14%
    Computer Software Company10%
    Financial Services Firm8%
    Manufacturing Company6%
    VISITORS READING REVIEWS
    Comms Service Provider37%
    Computer Software Company20%
    Government5%
    Educational Organization4%
    Company Size
    REVIEWERS
    Small Business43%
    Midsize Enterprise28%
    Large Enterprise29%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise13%
    Large Enterprise66%
    REVIEWERS
    Small Business23%
    Midsize Enterprise19%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise24%
    Large Enterprise56%
    REVIEWERS
    Small Business48%
    Midsize Enterprise24%
    Large Enterprise27%
    VISITORS READING REVIEWS
    Small Business35%
    Midsize Enterprise25%
    Large Enterprise40%
    Find out what your peers are saying about Check Point NGFW vs. Fortinet FortiGate and other solutions. Updated: January 2022.
    563,148 professionals have used our research since 2012.

    Check Point NGFW is ranked 2nd in Firewalls with 161 reviews while Fortinet FortiGate is ranked 1st in Firewalls with 97 reviews. Check Point NGFW is rated 8.8, while Fortinet FortiGate is rated 8.4. The top reviewer of Check Point NGFW writes "Central architecture means we can see an end-to-end picture of attacks". On the other hand, the top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". Check Point NGFW is most compared with Azure Firewall, Palo Alto Networks NG Firewalls, Meraki MX, Cisco ASA Firewall and Juniper SRX, whereas Fortinet FortiGate is most compared with Cisco ASA Firewall, pfSense, Meraki MX, Sophos XG and SonicWall TZ. See our Check Point NGFW vs. Fortinet FortiGate report.

    See our list of best Firewalls vendors.

    We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.