Check Point NGFW vs Fortinet FortiGate comparison

Cancel
You must select at least 2 products to compare!
Cisco Logo
98,383 views|65,159 comparisons
Check Point Logo
27,632 views|19,121 comparisons
Fortinet Logo
164,508 views|128,317 comparisons
Comparison Buyer's Guide
Executive Summary
Updated on Jan 2, 2023

We performed a comparison between Check Point NGFW and Fortinet Fortigate based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Users of both solutions agree that their initial setup is straightforward.
  • Features: Users of both products are happy with their stability and scalability.

    Check Point users like its interface and threat management feature, and say it has good virtualization and anti-spoofing abilities. Users also like the ability to deploy multiple firewalls instantly. Some users say that the VPN is difficult to integrate.

    Fortinet Fortigate users are happy with its VPN, web filtering, and intrusion protection system. Users note that they are missing the ability to create multiple virtual firewalls.
  • Pricing: Most users of both solutions say that they are fairly priced.

  • ROI: Users of both solutions report being satisfied with the ROI.
  • Service and Support: Some Check Point users feel that the support should be more responsive. Fortinet Fortigate users report being satisfied with the level of support they receive.

Comparison Results: Fortinet’s lack of an option to deploy firewalls on multiple endpoints is a definite downside. Although Fortinet received better feedback for its support, Check Point is the winner in this comparison.

To learn more, read our detailed Check Point NGFW vs. Fortinet FortiGate Report (Updated: January 2023).
670,080 professionals have used our research since 2012.
Q&A Highlights
Question: How does Check Point NGFW compare with Fortinet Fortigate?
Answer: I have worked for several years with the Check Point platform (NGFW) and it is by far more stable in hardware and software. It is a very friendly platform and easy to configure. It is true that it is a bit expensive according to the required blades but it is a platform that is worth having as security in a corporate.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control.""The Packet Tracer is a really good tool. If someone calls because they're having problems, you can easily create fake traffic without having to do an extended packet capture. You can see, straight away, if there's a firewall rule allowing that traffic in the direction you're trying to troubleshoot.""It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS.""It's very scalable. You can go to different models of the ASAs and they scale up to as big as you want to go.""I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection.""The content filtering is good.""So far, it has been very stable.""The CLI is the most valuable feature. This solution is very flexible and offers different functionality including firewalls and VPN connectivity."

More Cisco Secure Firewall Pros →

"From the logs, you can trace back to the rule with a click, which makes it easy to investigate cases.""While not being cheap, their pricing models are competitive.""Check Point's most useful feature is threat prevention and extraction. It was tough to manage seven firewalls and a perimeter solution for IPS, anti-malware, anti-bot, and sandboxing.""One ability that Check Point has is that it is the first to provide us with the ability to use identities instead of using the traditional IP-based format, which allows way more flexibility in what we can do with the rule base.""The security posture assessment with two-factor authentication has saved more time and commercial costs by avoiding deploying having to deploy another solution.""Objects search and tracker logs are useful.""Check Point has strong security features as well as some decent monitoring and management capabilities.""The initial setup is straightforward."

More Check Point NGFW Pros →

"FortiGate is very simple to manage and easy to use.""The dashboard I have found the most valuable in Fortinet FortiGate.""FortiGate has a strong security topic which allows all of the Fortinet devices to communicate and share information which makes their security more powerful.""Overall security features and performance routing is good.""Initial setup is straightforward. There weren't too many issues with setting it up. It takes one hour or so.""It's very easy to configure.""The base firewall features are quite valuable to us.""The simplicity of the configuration and the stability of the product are most valuable. The VPN concentrator is very useful."

More Fortinet FortiGate Pros →

Cons
"The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area.""We are replacing ASA with FTD which offers many new features not available using ASA.""It would be good if Cisco made sure that the solution supports all routing protocols. Sometimes it doesn't.""The application detection feature of this solution could be improved as well as its integration with other solutions.""The user interface is a little clunky and difficult to work with. Some things aren't as easy as they should be.""The solution is overcomplicated in some senses. Simplifying it would be an improvement.""The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough.""The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second."

More Cisco Secure Firewall Cons →

"The predefined reports are few and it would be nice to increase them since the logs are excellent.""The only reasons we are looking at other solutions are price and integration.""The client for the central tools is very big - maybe using web access in future releases, similar to other vendors should be possible.""In the future, some of the features that I would like to see would be the ability to integrate environmental solutions such as the metaverse or blockchain so that we can see them also in applications directly and on mobile devices or natively.""They have few predefined reports and it would be nice to increase them since the logs are excellent.""The anti-spam needs improvement.""The pricing could always be more competitive.""Internet load balancing provides either active/passive or active/active load balancing, however, I would like to see more options that provide SD-WAN capabilities while also allowing for more than two links."

More Check Point NGFW Cons →

"The support system could be improved.""The stability of Fortinet FortiGate could improve.""The scalability could be better.""When we cluster the two Fortinet FortiGate boxes together we have some issues.""I'm not sure if it's something that they already have or are developing something, however, we need some dedicated features for container security.""This product needs to have an analysis feature, rather than having the analysis done through the integration of a different product.""The initial setup and configuration are not intuitive and require training.""It would be ideal if they had some sort of GUI interface for troubleshooting and diagnostics."

More Fortinet FortiGate Cons →

Pricing and Cost Advice
  • "The price is comparable."
  • "We sell Cisco ASA Firewall as a bundle — the price is very cheap. If a customer were to go for renewal direct from Cisco, then the price would be quite high."
  • "It definitely competes with the other vendors in the market."
  • "The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
  • "I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
  • "It is affordable. The hardware is not that expensive anymore. It is a matter of licensing these days."
  • "Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain."
  • "I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
  • More Cisco Secure Firewall Pricing and Cost Advice →

  • "The cost of the pricing and licensing are okay. They are giving me a good product as far as I know. It is more expensive than Cisco, but cheaper than Palo Alto, which is fine. It has many good features, so it deserves a good price as well."
  • "They sell it in one box. In that one box, they sell Antivirus and Threat Prevention. They have everything, so we are not required to purchase additional IPS hardware for it."
  • "It is more expensive than Cisco ASA but cheaper than Palo Alto."
  • "Each blade requires that you have a license."
  • "The price of Check Point is lower than Palo Alto but higher than Cisco ASA."
  • "The price of this product is not too costly and you do not need to pay for all of the features."
  • "The vendor has a very flexible licensing approach."
  • "Check Point should provide some basic license for mobile access VPN by default, for at least five to ten users."
  • More Check Point NGFW Pricing and Cost Advice →

  • "The pricing of the solution is very competitive."
  • "Pricing and licensing is a little bit complicated in FortiGate. They are always on the higher side. This is one issue that we always raise with the company that they should reduce the price according to Indian market requirements. There are no costs in addition to the standard licensing fees."
  • "The price of the license and warranty can be better because it is very expensive."
  • "It's expensive, but compared to the competition it's okay."
  • "In terms of the market, it's not a cheap product, but it's cost-effective."
  • "Fortinet Secure SD-WAN delivered the lowest total cost of ownership (TCO) per Mbps among all other vendors."
  • "I had to pay for the license for the firewall, but it is guaranteed to have updates. I expect a good service for it. It was about €1000 for a year, and there was no additional cost."
  • "It is more expensive than Sophos. Fortinet is overall more expensive than Sophos. The small range of Fortinet, such as 60F and 80F, is more expensive than the small range of Sophos. Sophos is cheaper. In addition, if you jump from 80F Series to 100F Series, the price doubles."
  • More Fortinet FortiGate Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    670,080 professionals have used our research since 2012.
    Answers from the Community
    Netanya Carmi
    reviewer1854093 - PeerSpot reviewerreviewer1854093 (User)
    User

    First of all, Check Point checks the rules to be configured before installing them in the firewall and this prevents the user from making mistakes and putting the company at risk.


    Check Point is no longer expensive. It has many models and competes in performance and price vs. Fortinet.

    Now web interfaces, like Fortinet, may have more bugs per top 10 OWASP.

    reviewer1853481 - PeerSpot reviewerreviewer1853481 (User at Experis US, Inc.)
    Real User

    We are using both but the GUI and clustering on the FortiGate side look better/easier/more comfortable.


    And I do agree with others - Check Point is expensive and Fortinet FortiGate has many models offering less expensive implementation.

    Greg Plante - PeerSpot reviewerGreg Plante
    Real User

    We had this same discussion recently with my organization. It came down to the security of the platform. 


    Fortinet has had a number of breaches over the last 2 years and this was a key factor in our decision. 


    The challenge with Check Point will be the transition from our existing firewall and taking advantage of the various features across our organization. 

    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer:One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer:I have experience on both from Disti and channel experience. Please find below my comments (nothing new as such)… more »
    Top Answer:Azure Firewall is easy to use and provides excellent support. Valuable features include integration into the overall… more »
    Top Answer:The central management console has helped with segregation, where planned interventions with management consoles do not… more »
    Top Answer:From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know… more »
    Top Answer:As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite… more »
    Top Answer:We have Meraki Mx devices now, we are looking to replace them. But that is because the Meraki MX platform lacks SSL… more »
    Comparisons
    Also Known As
    Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
    Check Point NG Firewall, Check Point Next Generation Firewall
    FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
    Learn More
    Overview

    The Cisco Secure Firewall portfolio delivers greater protections for your network against an increasingly evolving and complex set of threats. With Cisco, you’re investing in a foundation for security that is both agile and integrated- leading to the strongest security posture available today and tomorrow.

      From your data center, branch offices, cloud environments, and everywhere in between, you can leverage the power of Cisco to turn your existing network infrastructure into an extension of your firewall solution, resulting in world class security controls everywhere you need them.

      Investing in a Secure Firewall appliance today gives you robust protections against even the most sophisticated threats without compromising performance when inspecting encrypted traffic. Further, integrations with other Cisco and 3rd party solutions provides you with a broad and deep portfolio of security products, all working together to correlate previously disconnected events, eliminate noise, and stop threats faster.

      Check Point NGFW is a next generation firewall that enables safe usage of internet applications by blocking malicious applications and unblocking safe applications. Check Point NGFW, which uses deep packet inspection to identify and control applications, has features such as application and user control and integrated intrusion prevention (IPS), as well as more advanced malware prevention capabilities like sandboxing.

      Check Point NGFW includes 23 firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance.

      Benefits of Check Point's Next Generation Firewall

      • Robust security: Check Point NGFW delivers the best possible threat prevention with SandBlast Zero Day protection. The SandBlast protection agent constantly inspects passing network traffic for exploits and vulnerabilities. Suspicious files are then emulated in a virtual sandbox in order to detect and report malicious behavior.

      • Security at hyperscale: On-demand hyperscale threat prevention performance provides cloud level expansion and resiliency on premises.

      • Unified management: Check Point's SmartConsole makes it easy to manage and configure network security environments and policies. With the SmartConsole, users can manage all the firewall gateways and access logs and install databases from one location. Unified management control across the network increases the efficiency of security operations and reduces IT costs.
      • Continuous logging: Check Point NGFW’s Threat Management feature detects vulnerabilities and logs them. Using the logged data, users can easily create and implement efficient security policies.

      • Remote access: The remote access VPN provides a seamless connection for remote users.

      Check Point NGFW is suitable for organizations of all sizes, from small businesses to larger enterprises.

      Reviews from Real Users

      Check Point NGFW stands out among its competitors for a number of reasons. Two major ones are its intrusion prevention feature as well as its centralized management, which makes it very easy to deploy firewall policies to many firewalls with one click.

      Shivani J., a network security administrator, writes, "Check Point has a lot of features. The ones I love are the antivirus, intrusion prevention, and data loss prevention."

      G., a network administrator at Secretaría de Finanzas de Aguascalientes, writes, “Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution. The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters.”

      Arun J., a senior network engineer, notes, “The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them.”

      Fortinet FortiGate is an innovative line of firewalls that aim to protect organizations from all types of web-based network threats. They come in a wide variety of product types. Fortinet FortiGate’s solutions are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.

      Fortinet FortiGate provides users with next-generation firewall solutions that provide proven protection with unmatched performance across the network, from internal segments to data centers to cloud environments. You can protect every part of your network without exception. Additionally, your protections can be managed from a single central location. This ensures that the task of protecting your network is infinitely easier to accomplish.

      Benefits of Fortinet FortiGate

      Some of the benefits of using Fortinet FortiGate include:

      • The ability to manage your firewalls from a centralized automated control console. Fortinet FortiGate’s FortiManager enables administrators to exercise control of their firewalls in a streamlined manner. Administrators have full visibility and control over their system from a single location. It utilizes automation that collects information in real time, which greatly simplifies and reduces the cost of running various types of workflows. Administrators can free up resources by automating the most basic tasks.
      • The ability to produce uniform, appropriate, and coordinated responses to threats across networks. Fortinet FortiGate’s FortiGuard feature generates system protections in near real time. This allows administrators to address threats to the system with custom-made solutions that can be uniformly enforced.
      • The ability to scale up your security to fit your changing security needs. Fortinet FortiGate’s design allows users to accelerate the transfer of data between users and escalate the number of users that are covered without compromising security of performance. This means that users can grow their networks and continue to collaborate without worrying about the system slowing down or coming under attack.

      Reviews from Real Users

      Fortinet FortiGate’s firewall solutions are cutting edge. They stand out from competitors for a number of reasons. Two major ones are the robustness and power of their firewalls. Fortinet FortiGate’s firewall provides users with many valuable features that allow them to maximize what they can do with the solution. These firewalls enable users to use a single piece of software to accomplish tasks that often require the use of multiple pieces of software.

      PeerSpot user Eric S., a Solutions Engineer and Consultant at a tech-services company, notes the robustness of this solution when he writes, "One of the nice things about FortiGate is that it can be deployed on the cloud or on-premises. You can actually do both. That's the biggest reason why I stick with this solution as opposed to something like Cisco Meraki. Another nice thing is that I can log directly into a FortiGate or get to it through their FortiCloud access products. They're pretty reliable and consistent. One of the reasons why I started using the product was their single pane of management. I can deploy their line of firewalls in conjunction with their switching and access points, and I can manage the entire network from one interface.”

      PeerSpot user Jim M., a network admin at Penobscot Valley Hospital, notes the power of Fortinet FortiGate’s security software when he writes, "It does a lot for you for intrusion protection and as an antivirus. The threat management bundle is worth the money. You don't need another company to monitor your web traffic for you. You can do everything yourself on the firewall. You restrict your own black list for people on the firewall.”

      Offer
      Learn more about Cisco Secure Firewall
      Learn more about Check Point NGFW
      Learn more about Fortinet FortiGate
      Sample Customers
      There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
      Control Southern, Optimal Media
      Pittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona State University, Levi Strauss & Co. Whitepaper and case studies here
      Top Industries
      REVIEWERS
      Financial Services Firm16%
      Comms Service Provider13%
      Computer Software Company9%
      Government8%
      VISITORS READING REVIEWS
      Computer Software Company19%
      Comms Service Provider18%
      Government7%
      Educational Organization5%
      REVIEWERS
      Financial Services Firm25%
      Computer Software Company15%
      Comms Service Provider7%
      Government7%
      VISITORS READING REVIEWS
      Computer Software Company19%
      Comms Service Provider16%
      Financial Services Firm8%
      Government7%
      REVIEWERS
      Comms Service Provider17%
      Financial Services Firm10%
      Computer Software Company9%
      Manufacturing Company7%
      VISITORS READING REVIEWS
      Comms Service Provider20%
      Computer Software Company19%
      Government6%
      Educational Organization5%
      Company Size
      REVIEWERS
      Small Business35%
      Midsize Enterprise25%
      Large Enterprise40%
      VISITORS READING REVIEWS
      Small Business28%
      Midsize Enterprise18%
      Large Enterprise53%
      REVIEWERS
      Small Business28%
      Midsize Enterprise18%
      Large Enterprise54%
      VISITORS READING REVIEWS
      Small Business25%
      Midsize Enterprise19%
      Large Enterprise56%
      REVIEWERS
      Small Business47%
      Midsize Enterprise24%
      Large Enterprise29%
      VISITORS READING REVIEWS
      Small Business30%
      Midsize Enterprise20%
      Large Enterprise50%
      Buyer's Guide
      Check Point NGFW vs. Fortinet FortiGate
      January 2023
      Find out what your peers are saying about Check Point NGFW vs. Fortinet FortiGate and other solutions. Updated: January 2023.
      670,080 professionals have used our research since 2012.

      Check Point NGFW is ranked 4th in Firewalls with 161 reviews while Fortinet FortiGate is ranked 1st in Firewalls with 92 reviews. Check Point NGFW is rated 9.0, while Fortinet FortiGate is rated 8.4. The top reviewer of Check Point NGFW writes "Centrally managed, good antivirus and attack prevention capabilities, knowledgeable support". On the other hand, the top reviewer of Fortinet FortiGate writes "SSL proxy makes URL filtering easier because the encryption is done before the packet ever leaves ". Check Point NGFW is most compared with Palo Alto Networks NG Firewalls, Azure Firewall, pfSense, OPNsense and Juniper SRX, whereas Fortinet FortiGate is most compared with pfSense, Sophos XG, Meraki MX, WatchGuard Firebox and SonicWall TZ. See our Check Point NGFW vs. Fortinet FortiGate report.

      See our list of best Firewalls vendors.

      We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.