We performed a comparison between Check Point NGFW and Fortinet Fortigate based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Fortinet’s lack of an option to deploy firewalls on multiple endpoints is a definite downside. Although Fortinet received better feedback for its support, Check Point is the winner in this comparison.
"The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
"The Packet Tracer is a really good tool. If someone calls because they're having problems, you can easily create fake traffic without having to do an extended packet capture. You can see, straight away, if there's a firewall rule allowing that traffic in the direction you're trying to troubleshoot."
"It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS."
"It's very scalable. You can go to different models of the ASAs and they scale up to as big as you want to go."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"The content filtering is good."
"So far, it has been very stable."
"The CLI is the most valuable feature. This solution is very flexible and offers different functionality including firewalls and VPN connectivity."
"From the logs, you can trace back to the rule with a click, which makes it easy to investigate cases."
"While not being cheap, their pricing models are competitive."
"Check Point's most useful feature is threat prevention and extraction. It was tough to manage seven firewalls and a perimeter solution for IPS, anti-malware, anti-bot, and sandboxing."
"One ability that Check Point has is that it is the first to provide us with the ability to use identities instead of using the traditional IP-based format, which allows way more flexibility in what we can do with the rule base."
"The security posture assessment with two-factor authentication has saved more time and commercial costs by avoiding deploying having to deploy another solution."
"Objects search and tracker logs are useful."
"Check Point has strong security features as well as some decent monitoring and management capabilities."
"The initial setup is straightforward."
"FortiGate is very simple to manage and easy to use."
"The dashboard I have found the most valuable in Fortinet FortiGate."
"FortiGate has a strong security topic which allows all of the Fortinet devices to communicate and share information which makes their security more powerful."
"Overall security features and performance routing is good."
"Initial setup is straightforward. There weren't too many issues with setting it up. It takes one hour or so."
"It's very easy to configure."
"The base firewall features are quite valuable to us."
"The simplicity of the configuration and the stability of the product are most valuable. The VPN concentrator is very useful."
"The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area."
"We are replacing ASA with FTD which offers many new features not available using ASA."
"It would be good if Cisco made sure that the solution supports all routing protocols. Sometimes it doesn't."
"The application detection feature of this solution could be improved as well as its integration with other solutions."
"The user interface is a little clunky and difficult to work with. Some things aren't as easy as they should be."
"The solution is overcomplicated in some senses. Simplifying it would be an improvement."
"The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough."
"The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second."
"The predefined reports are few and it would be nice to increase them since the logs are excellent."
"The only reasons we are looking at other solutions are price and integration."
"The client for the central tools is very big - maybe using web access in future releases, similar to other vendors should be possible."
"In the future, some of the features that I would like to see would be the ability to integrate environmental solutions such as the metaverse or blockchain so that we can see them also in applications directly and on mobile devices or natively."
"They have few predefined reports and it would be nice to increase them since the logs are excellent."
"The anti-spam needs improvement."
"The pricing could always be more competitive."
"Internet load balancing provides either active/passive or active/active load balancing, however, I would like to see more options that provide SD-WAN capabilities while also allowing for more than two links."
"The support system could be improved."
"The stability of Fortinet FortiGate could improve."
"The scalability could be better."
"When we cluster the two Fortinet FortiGate boxes together we have some issues."
"I'm not sure if it's something that they already have or are developing something, however, we need some dedicated features for container security."
"This product needs to have an analysis feature, rather than having the analysis done through the integration of a different product."
"The initial setup and configuration are not intuitive and require training."
"It would be ideal if they had some sort of GUI interface for troubleshooting and diagnostics."
Check Point NGFW is ranked 4th in Firewalls with 161 reviews while Fortinet FortiGate is ranked 1st in Firewalls with 92 reviews. Check Point NGFW is rated 9.0, while Fortinet FortiGate is rated 8.4. The top reviewer of Check Point NGFW writes "Centrally managed, good antivirus and attack prevention capabilities, knowledgeable support". On the other hand, the top reviewer of Fortinet FortiGate writes "SSL proxy makes URL filtering easier because the encryption is done before the packet ever leaves ". Check Point NGFW is most compared with Palo Alto Networks NG Firewalls, Azure Firewall, pfSense, OPNsense and Juniper SRX, whereas Fortinet FortiGate is most compared with pfSense, Sophos XG, Meraki MX, WatchGuard Firebox and SonicWall TZ. See our Check Point NGFW vs. Fortinet FortiGate report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
First of all, Check Point checks the rules to be configured before installing them in the firewall and this prevents the user from making mistakes and putting the company at risk.
Check Point is no longer expensive. It has many models and competes in performance and price vs. Fortinet.
Now web interfaces, like Fortinet, may have more bugs per top 10 OWASP.
We are using both but the GUI and clustering on the FortiGate side look better/easier/more comfortable.
And I do agree with others - Check Point is expensive and Fortinet FortiGate has many models offering less expensive implementation.
I have experience on both from Disti and channel experience. Please find below my comments (nothing new as such).
-Check Point GUI is a bit complicated,
-Application and Web filtering are better than Fortigate.
-IPS and AV are more effective than Fortigate. Overall more stable than any other firewall
Support: not up to the level like Fortigate and lack of trained resources (in the gulf).
Check Point is expensive.
Fortinet has many models and is more affordable than Check Point. It also provides outstanding support. GUI is more user-friendly.
We had this same discussion recently with my organization. It came down to the security of the platform.
Fortinet has had a number of breaches over the last 2 years and this was a key factor in our decision.
The challenge with Check Point will be the transition from our existing firewall and taking advantage of the various features across our organization.