We performed a comparison between Check Point NGFW, Fortinet FortiGate, and WatchGuard XTM [EOL] based on real PeerSpot user reviews.
Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls."The simplicity of the access control is the most valuable feature for us. It gives us the ability to easily identify traffic that is either being allowed or denied to our network."
"I like the GUI."
"The dashboard provides a quick overview of the security status, including key metrics, alerts, and recent events."
"The overall security of the environment has been greatly improved by the Check Point NGFWs. Before implementing this solution we have to rely on the Cisco ACLs and Zone-Based firewall that we had configured on switches and routers, which in fact a simple stateful firewall, and currently not an efficient for protecting from advanced threats."
"The user interface is very cool and easy to use."
"We can build the new firewalls with minimum efforts."
"The scalability is very good."
"Check Point has a lot of features. The ones I love are the antivirus, intrusion prevention, and data loss prevention. Apart from that, there is central management through which we can integrate all the firewalls and support them. It makes it easy to manage all the firewalls."
"FortiGate firewalls are easy to manage through a user-friendly web interface. They also have advanced features like DDoS and DLP. However, I wouldn't recommend enabling all of these features on one device because it can cause performance issues."
"The Fortinet FortiGate local partners were good. I did not have direct contact with Fortinet support."
"The pricing is great and very reasonable."
"The CLI is robust and powerful, enabling rapid, consistent changes via SSH."
"Its stability is the most valuable."
"Easy to implement, and it is also reliable."
"Fortinet FortiGate's ease of management is the most valuable feature."
"Fortigate's most valuable feature is that it doesn't need a push policy when writing rules."
"It is stable and does not require you to reboot all the time."
"SNMP status monitoring and the Central Management Software."
"WatchGuard XTM is fairly basic. We use it as the perimeter firewall. The main point is to protect from attack software and hacking."
"They have a reporting system which can store data over a very long period of time. Not many other firewall vendors provide a reporting system, but if they do, like Fortinet does, then you've got buy that as an additional product and that can be more than twice as expensive as the initial investment in the firewall. And without reporting over a long-term period, you're just about wasting your time."
"We have used technical support for WatchGuard many times and overall, we are satisfied with it. They are always listening and there is a good reaction time to our findings. When there are issues, they really try to resolve them."
"There is a site-to-site VPN configuration between others people."
"It configures in all-in-one place."
"I like the hostwatch because I can see what traffic uses the most bandwidth and I can block that site."
"The area it needs improvement is the SandBlast Agent. It receives a file, or if it detects a Zero-day attack, it takes the file and analyzes it, either on-premise or in the Check Point Cloud, and then it reports back whether the file is secure or non-secure, or is unknown. That particular area definitely needs a bit more improvement, because there is a delay... where it needs improvement is where [SandBlast is] an appliance-based solution rather than a software or cloud-based solution."
"I'd like to see more use of applications and URLs in security policies moving forwards."
"It should be user-friendly from an implementation point of view. Its setup is a little bit difficult."
"The product could provide an easier user interface and management, by combining all functions (network and policy configuration) into one single application rather than split it into different applications."
"The area where Check Point can improve is the antivirus, as it only provides a small number of updates for it. Updates should be more frequent."
"Stability issues. I built out this firewall in a cluster, and I had stability issues day one. Needs to be rebooted frequently. Tunnels need to be bounced frequently. Their hardware compatibility guide, when I built out the servers to host them on, was not accurate."
"Error logs can be more specific."
"The virtual infrastructure of the central management requires a huge amount of resources to work properly and manage all the logs without problems."
"The room for improvement is about the global delivery time period. Usually I need to wait for almost one month to deliver it overseas. So if you can shorten the deliver time it'd be great."
"Fortinet FortiGate could improve by having more capabilities for troubleshooting VPN connections. For example, I do get some feedback about the current status, but I could use some history and logging of important events. The information is logged in our Syslog server, but I could use that information from the device. If they could provide a GUI to have some more insight on what's going with my VPN would be useful."
"Vulnerability scanning could be improved."
"Fortinet FortiGate could improve by having more storage in the hardware for log data."
"They should improve the interface to make it more user-friendly."
"We were not able to build a full-mesh VPN; however, I am not sure if this was the fault of Fortinet FortiGate."
"Currently, FortiGate is providing SSL VPN. But they're missing some features that are available in Palo Alto's SSL VPN."
"The support we receive when we need to upgrade is not satisfactory and has room for improvement."
"Sometimes we have had issues with stability of the product."
"Syslog (Dimension) is focused on presentation, but needs more focus on utility like SonicWall syslog (GMS/Analyzer)."
"I would like them to improve the product's overall protections. This would be good for all product users."
"The VPN errors are not helpful when troubleshooting."
"The initial setup is neither simple nor complex. If you know the base in networking and how the firewall works, you will be able to figure it out."
"One huge issue with WatchGuard XTM is that I'm not getting reports in a readable format. Readable means, I don't want Excel online. We repeat auditing when we trigger the report or setup calendar. That functionality is what we are looking for from WatchGuard XTM here."
"WatchGuard doesn't have a product that allows them to get into the data center. And that's just because there is no hardware to do the job. The software could do it, but there's no hardware that allows that to happen at the moment. So it doesn't scale as well as some other products, that's for sure."
"The setting policies need improvement. It needs an easier way to do static NAT and check on what policy is being used for that specific traffic."
Earn 20 points