Check Point NGFW vs OPNsense comparison

Cancel
You must select at least 2 products to compare!
Cisco Logo
99,561 views|66,518 comparisons
Check Point Logo
27,159 views|18,906 comparisons
OPNsense Logo
80,006 views|69,785 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Check Point NGFW and OPNsense based on real PeerSpot user reviews.

Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Check Point NGFW vs. OPNsense Report (Updated: November 2022).
657,849 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable.""The remote access, VPN, and ACL features are valuable. We are using role-based access for individuals.""I love the ASDM (Adaptive Security Device Manager) which is the management suite. It's a GUI and you're able to see everything at a glance without using the command line. There are those who love the CLI, but with ASDM it is easier to see where everything is going and where the problems are.""ASA integrates with FirePOWER, IPS functionality, malware filtering, etc. This functionality wasn't there in the past. With its cloud architecture, Cisco can filter traffic at the engine layer. Evasive encryptions can be entered into the application, like BitTorrent or Skype. This wasn't possible to control through a traditional firewall.""The CLI is the most valuable feature. This solution is very flexible and offers different functionality including firewalls and VPN connectivity.""The technical support is excellent. I would rate it as 10 out of 10. When there has been an issue, we have had a good response from them.""The ASDM (Adaptive Security Device Manager) which is the graphical user interface, works out, and Cisco keeps it current.""I like all of the features."

More Cisco Secure Firewall Pros →

"I have not had an infected machine behind the firewall since I first installed and started using NGFW.""The solution offers very good central management, which saves time and is hassle-free.""Check Point is awesome from a security standpoint. Based on our experience and also the experience of the other customers, it is a very stable appliance.""We have all the features we want or need in this appliance. It's been good so far.""The most valuable feature of Check Point NGFW is the unparalleled distribution of the network traffic. The central management station they have allows you to manage everything from one place.""One of the most valuable features is performance improvement, wherewith ClusterXL and CoreXL, you can improve performance.""The online documentation is complete and easy to read and understand.""The packet inspection capabilities are great."

More Check Point NGFW Pros →

"The system in general is quite flexible.""The technical support is very good.""The IDS and IPS features are valuable. From the usability perspective, there is a lot of good documentation. As IT professionals, we found it very easy to configure the firewall. It was easy to configure and use.""It has an open license. It works very well, and there is an update every month.""The initial implementation process is simple.""OPNsense is highly stable.""We have found pretty much all the features of the solution to be valuable.""It's more secure and more reliable."

More OPNsense Pros →

Cons
"Licensing is complex, and I'd like it to be simplified. This is an area for improvement.""Sometimes, it is not easy to troubleshoot. You need to know where to go. It took me quite awhile. It's like, "Okay, if it doesn't go smoothly here, then go find the documentation." Once you do it, it is not so bad. However, it is sometimes a steep learning curve on the troubleshooting part of it.""The one thing that the ASAs don't have is a central management point. We have a lot of our environments on FTD right now. So, we are using a Firewall Management Center (FMC) to manage all those. The ASAs don't really have that, but they are easy to use if you physically go into them and manage them.""The main problem we have is that things work okay until we upgrade the firmware, at which point, everything changes, and the net stops working.""I would like to see the inclusion of a protocol that can be used to protect databases.""It doesn't have Layer 7 security.""I think they need to review their whole UI because it feels like it was created by a whole bunch of different teams of developers who didn't fully talk to each other. The net policy screen is just a mess. It should look like the firewall policy screen, and they should both act the same, but they don't. I feel like it's two different buildings or programming, who don't talk to each other, and that really annoys me.""One of the challenges we've had with the Cisco ASA is the lack of a strong controller or central management console that is dependable and reliable all the time."

More Cisco Secure Firewall Cons →

"There is room for improvement in application-based filtering, as with other firewalls available in the market today.""The predefined reports are limited and should provide more information. Check Point should provide a greater number of defined reports and produce reports for each division of the organization.""It would be ideal to manage everything from one central place.""If you have a long ruleset, you may experience performance issues on the GUI, and installing rule changes on gateways can take a comparatively long time.""Check Point can improve a little better in their technical services, especially in the Indian market.""I have had some issues in the past with the desktop client being slow to come up for logging in, and then slow to respond to screen changes, however, overall, it really hasn't been too bad.""The upgrade is something we would like to be improved in the future as the frequency of hotfixes is too much, and by the time we finish the one round, we already have the new version released and are required to upgrade.""The interface can be more user-friendly in terms of design and the location of critical and commonly used icons."

More Check Point NGFW Cons →

"The solution could be more secure.""The interface needs to be simplified. It is not user-friendly.""We did not like the fact that you have to configure everything with the graphic user interface. We have used other firewalls, such as FortiGate, that you can configure via code. OPNsense is not easy to integrate. When you are deploying via GitHub or another source repository, this is not possible. That's one thing we didn't like much.""OPNsense could improve by making the configuration more web-based rather than shell or command-line-based.""The IPS solution could be more reliable.""The logging could improve in OPNsense.""They should improve IPEs for security in the future.""I would like to see better SD-WAN performance."

More OPNsense Cons →

Pricing and Cost Advice
  • "They seem to be at the top end in terms of pricing, but they are worth the price. They are probably a little bit lower than Palo Alto. If the customers are relying on Cisco products and they are thinking more in terms of scaling to another layer in a year, it is pretty much in a good price range."
  • "We're using the smart license for this firewall. The models that we have require licensing for remote access."
  • "There are licensing costs."
  • "I just bought it off the shelf, and I'm using it with my previous one, so I have not spent that much."
  • "The price is fair. It's not the cheapest, but it's not bad."
  • "For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
  • "The product is very expensive."
  • "This is an expensive product, although when you buy this solution, you can do many things so it provides good value for the investment."
  • More Cisco Secure Firewall Pricing and Cost Advice →

  • "The pricing is good. It is less than Palo Alto's firewalls. Check Point has the same features as Palo Alto, but the licensing and cost of these firewalls are not too expensive. It is one of the best firewalls in the market in this range."
  • "I think that the pricing is different for every organization."
  • "The cost of the pricing and licensing are okay. They are giving me a good product as far as I know. It is more expensive than Cisco, but cheaper than Palo Alto, which is fine. It has many good features, so it deserves a good price as well."
  • "They sell it in one box. In that one box, they sell Antivirus and Threat Prevention. They have everything, so we are not required to purchase additional IPS hardware for it."
  • "It is more expensive than Cisco ASA but cheaper than Palo Alto."
  • "Each blade requires that you have a license."
  • "The price of Check Point is lower than Palo Alto but higher than Cisco ASA."
  • "The price of this product is not too costly and you do not need to pay for all of the features."
  • More Check Point NGFW Pricing and Cost Advice →

  • "OPNsense is an open-source solution and it is free to use."
  • "The solution is not expensive."
  • "As an appliance, it's in the medium price range."
  • "Its pricing is unbeatable in comparison to other firewalls. You can have a small instance that could be €80 a month with the hardware underneath. Azure Firewall and FortiGate are out of the question at this price. If you are on a public cloud, you need the underlying infrastructure. Other than that, there is no additional cost. If you have it on-prem, you have to buy the server or the appliance. The hardware cost is replaced with the infrastructure cost in the cloud. You also have costs for the public IPs and underlying VMs, but that's not related to OPNsense. It would be the same for a FortiGate deployment on Azure. You need a FortiGate license, and you need the underlying infrastructure that scales up depending on your needs."
  • "It is open source and free."
  • "The price of OPNsense is good."
  • More OPNsense Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    657,849 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer:One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer:I have experience on both from Disti and channel experience. Please find below my comments (nothing new as such)… more »
    Top Answer:Azure Firewall is easy to use and provides excellent support. Valuable features include integration into the overall… more »
    Top Answer:The central management console has helped with segregation, where planned interventions with management consoles do not… more »
    Top Answer:Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and… more »
    Top Answer:It's more secure and more reliable.
    Top Answer:The price is good and is better than other computer solutions. The licensing cost is zero because you only have to buy… more »
    Comparisons
    Also Known As
    Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
    Check Point NG Firewall, Check Point Next Generation Firewall
    Learn More
    OPNsense
    Video Not Available
    Overview

    The Cisco Secure Firewall portfolio delivers greater protections for your network against an increasingly evolving and complex set of threats. With Cisco, you’re investing in a foundation for security that is both agile and integrated- leading to the strongest security posture available today and tomorrow.

      From your data center, branch offices, cloud environments, and everywhere in between, you can leverage the power of Cisco to turn your existing network infrastructure into an extension of your firewall solution, resulting in world class security controls everywhere you need them.

      Investing in a Secure Firewall appliance today gives you robust protections against even the most sophisticated threats without compromising performance when inspecting encrypted traffic. Further, integrations with other Cisco and 3rd party solutions provides you with a broad and deep portfolio of security products, all working together to correlate previously disconnected events, eliminate noise, and stop threats faster.

      Check Point NGFW is a next generation firewall that enables safe usage of internet applications by blocking malicious applications and unblocking safe applications. Check Point NGFW, which uses deep packet inspection to identify and control applications, has features such as application and user control and integrated intrusion prevention (IPS), as well as more advanced malware prevention capabilities like sandboxing.

      Check Point NGFW includes 23 firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance.

      Benefits of Check Point's Next Generation Firewall

      • Robust security: Check Point NGFW delivers the best possible threat prevention with SandBlast Zero Day protection. The SandBlast protection agent constantly inspects passing network traffic for exploits and vulnerabilities. Suspicious files are then emulated in a virtual sandbox in order to detect and report malicious behavior.

      • Security at hyperscale: On-demand hyperscale threat prevention performance provides cloud level expansion and resiliency on premises.

      • Unified management: Check Point's SmartConsole makes it easy to manage and configure network security environments and policies. With the SmartConsole, users can manage all the firewall gateways and access logs and install databases from one location. Unified management control across the network increases the efficiency of security operations and reduces IT costs.
      • Continuous logging: Check Point NGFW’s Threat Management feature detects vulnerabilities and logs them. Using the logged data, users can easily create and implement efficient security policies.

      • Remote access: The remote access VPN provides a seamless connection for remote users.

      Check Point NGFW is suitable for organizations of all sizes, from small businesses to larger enterprises.

      Reviews from Real Users

      Check Point NGFW stands out among its competitors for a number of reasons. Two major ones are its intrusion prevention feature as well as its centralized management, which makes it very easy to deploy firewall policies to many firewalls with one click.

      Shivani J., a network security administrator, writes, "Check Point has a lot of features. The ones I love are the antivirus, intrusion prevention, and data loss prevention."

      G., a network administrator at Secretaría de Finanzas de Aguascalientes, writes, “Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution. The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters.”

      Arun J., a senior network engineer, notes, “The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them.”

      OPNsense is a user-friendly, fast-track, open-source FreeBSD-based firewall and routing platform. This software offers features that are generally available from costly commercial firewalls, with the added benefit of open and verifiable sources. The firewall provides users, developers, and organizations with an advantageous environment through transparency. The development of this project is driven by a strong focus on security and code quality.

      The solution offers a variety of components, such as:

      • Weekly security updates. These updates provide the user with the ability to reach new emerging threats in a timely manner through small increments.

      • Two major releases every year. These yearly releases are on a fixed release cycle and provide organizations with the ability to plan ahead of an upcoming upgrade.

      • A roadmap of instructions. Each major release provides a guide and a set of clear goals.

      A team of professionals developed OPNsense. Other professional and experienced software architects, engineers, and developers are encouraged to join in the development of the solution to make it as successful as possible. OPNsense offers a variety of rich features with each release. Each upgrade is based on FreeBSD for continual, long-term support and utilizes a freshly advanced MVC framework based on Phalcon. OPNsense is committed to helping businesses, school networks, remote offices, hotels, and other markets in keeping their data protected.

      OPNsense Core Features

      OPNsense continually offers a free, complete, high-end security platform with new releases and features. With each release, OPNsense focuses on providing more unique and better security features in a timely manner. These features include:

      • Captive Portal
      • Built-in reporting and monitoring tools including RRD Graphs
      • Network Flow Monitoring
      • Traffic Shaper
      • Support for Plugins
      • Granular Control Over State Table
      • Dynamic DNS
      • Two-factor authentication throughout the system
      • Netflow Exporter
      • Encrypted Configuration Backup to Google Drive
      • Forward Caching Proxy (transparent) with Blacklist Support
      • Stateful inspection firewall
      • DNS Server & DNS Forwarder
      • High Availability & Hardware Failover (with configuration synchronization & synchronized state tables)
      • DHCP Server and Relay
      • Virtual Private Network (site to site & road warrior, IPsec, OpenVPN & legacy PPTP support)
      • Intrusion Detection and Prevention
      • 802.1Q VLAN support

      Reviews from Real Users

      OPNsense is a favorite security solution among reviewers for a number of reasons. Two of those reasons include the user-friendliness of the solution, which makes it easy to use, and its ability to easily scale.

      For many, a user-friendly solution is essential. FiorindoDi A., a system administration specialist at a tech vendor, says, "The graphic user interface is very good and it is user-friendly, which makes the product easy-to-use."

      Peerspot reviewers speak of the scalability of the solution. For example, an anonymous cloud and infrastructure manager at a venture capital and private equity firm reviewer notes, "OPNsense is easy to scale when running on the hardware."

      Offer
      Learn more about Cisco Secure Firewall
      Learn more about Check Point NGFW
      Learn more about OPNsense
      Sample Customers
      There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
      Control Southern, Optimal Media
      CompuNet Systems GmbH,
      Top Industries
      REVIEWERS
      Financial Services Firm16%
      Comms Service Provider13%
      Computer Software Company9%
      Government8%
      VISITORS READING REVIEWS
      Comms Service Provider20%
      Computer Software Company19%
      Government7%
      Educational Organization5%
      REVIEWERS
      Financial Services Firm24%
      Computer Software Company16%
      Comms Service Provider8%
      Government6%
      VISITORS READING REVIEWS
      Computer Software Company19%
      Comms Service Provider18%
      Financial Services Firm8%
      Government7%
      REVIEWERS
      Comms Service Provider30%
      Logistics Company20%
      Financial Services Firm10%
      Renewables & Environment Company10%
      VISITORS READING REVIEWS
      Comms Service Provider27%
      Computer Software Company16%
      Government9%
      Educational Organization5%
      Company Size
      REVIEWERS
      Small Business35%
      Midsize Enterprise24%
      Large Enterprise41%
      VISITORS READING REVIEWS
      Small Business28%
      Midsize Enterprise19%
      Large Enterprise53%
      REVIEWERS
      Small Business28%
      Midsize Enterprise19%
      Large Enterprise53%
      VISITORS READING REVIEWS
      Small Business24%
      Midsize Enterprise19%
      Large Enterprise56%
      REVIEWERS
      Small Business67%
      Midsize Enterprise10%
      Large Enterprise24%
      VISITORS READING REVIEWS
      Small Business26%
      Midsize Enterprise21%
      Large Enterprise53%
      Buyer's Guide
      Check Point NGFW vs. OPNsense
      November 2022
      Find out what your peers are saying about Check Point NGFW vs. OPNsense and other solutions. Updated: November 2022.
      657,849 professionals have used our research since 2012.

      Check Point NGFW is ranked 4th in Firewalls with 162 reviews while OPNsense is ranked 7th in Firewalls with 12 reviews. Check Point NGFW is rated 9.0, while OPNsense is rated 8.2. The top reviewer of Check Point NGFW writes "Centrally managed, good antivirus and attack prevention capabilities, knowledgeable support". On the other hand, the top reviewer of OPNsense writes "Unbeatable pricing and easy to configure and use, but it can be configured only through the GUI, and the integration with Azure cloud is difficult". Check Point NGFW is most compared with Fortinet FortiGate, Palo Alto Networks NG Firewalls, Azure Firewall, pfSense and Juniper SRX, whereas OPNsense is most compared with pfSense, Untangle NG Firewall, Sophos XG, Fortinet FortiGate and KerioControl. See our Check Point NGFW vs. OPNsense report.

      See our list of best Firewalls vendors.

      We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.