Check Point NGFW vs OPNsense comparison

Comparison Buyer's Guide

Executive SummaryUpdated on Jul 11, 2023

We performed a comparison between Check Point NGFW and OPNsense based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.

Features: Check Point NGFW is highly regarded for its extensive security functions, centralized control, and ability to virtualize. OPNsense is appreciated for its ability to scale, provide guest access, offer user-friendly dashboards, and provide a free version for users. Check Point NGFW needs enhancements in integration, hardware upgrades, cost, stability, load balancing, technical support, and reporting capabilities. OPNsense, on the other hand, requires improvements in its interface, bandwidth management, multi-provider internet protection, integration with Azure, a timeline for new features and updates, IPS solution, reporting capabilities, SSL inspection, and learning curve.

Service and Support: The service for Check Point NGFW has varying feedback, with certain customers appreciating its assistance and quick response, while others believe there is room for improvement. OPNsense boasts an exceptional community support network, although a few users encounter challenges in directly accessing support.

Ease of Deployment: The setup process for Check Point NGFW can be complex and challenging, especially for those who are unfamiliar with the product. It requires expertise and experience for certain configurations and migrations. The initial setup of OPNsense is described as straightforward and easy, even for clients without IT experience. It can be completed within a few hours, with slight variations depending on individual circumstances.

Pricing: The cost of setting up Check Point NGFW is deemed to be expensive, whereas OPNsense falls into the moderate range. Check Point provides flexible licensing choices, although some individuals find the procedure complex. OPNsense is a license-free open-source solution. In addition to the basic expenses, OPNsense requires additional costs for hardware, installation, and training.

ROI: Check Point NGFW provides cost savings, simplicity, and reliable security enforcement, resulting in a favorable return on investment. OPNsense achieves a return on investment in less than three months and eliminates recurring fees.

Comparison Results: Check Point NGFW is the preferred choice over OPNsense. Users appreciate its comprehensive security features, centralized management, and virtualization capabilities. It is known for its stability, ease of use, and scalability. Check Point NGFW is considered worth the price due to its superior security and reliability.

To learn more, read our detailed Check Point NGFW vs. OPNsense Report (Updated: July 2024).

Buyer's Guide

Check Point NGFW vs. OPNsense

July 2024

Download the complete report

Helped 793,295 peers since 2012

Categories and Ranking

Fortinet FortiGate

Mindshare comparison

As of July 2024, in the Firewalls category, the mindshare of Fortinet FortiGate is 22.6%, up from 18.8% compared to the previous year. The mindshare of Check Point NGFW is 2.9%, down from 3.9% compared to the previous year. The mindshare of OPNsense is 11.5%, down from 16.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Firewalls

Unique Categories:

Software Defined WAN (SD-WAN) Solutions

19.7%

WAN Edge

21.4%

Unified Threat Management (UTM)

16.8%

No other categories found

Featured Reviews

Anand Navik

Technical Specialist at a tech services company with 201-500 employees

Apr 25, 2023

Good threat prevention capabilities, good price, and very easy to deploy and manage

I have deployed it for a bank at a core level. On the perimeter, there was a Palo Alto firewall, and at the core level, we deployed the FortiGate firewall at DC and DR locations. After that, we deployed SD-WAN. We replaced the MPLS switch with the Fortinet SD-WAN device, so the whole branch traffic comes to the SD-WAN box, and from there, it comes to the FortiGate firewall, and then it goes to the Palo Alto firewall for the internet access and resource access. While migrating branches from MPLS to SD-WAN, we did require a maintenance window. There was no difficulty. It was very user-friendly. I have had many difficulties with the Check Point firewall. I have deployed major projects on the FortiGate firewall. I migrated more than a thousand branches on Fortinet SD-WAN and implemented FortiGate super massive firewalls at DC and DR locations. There were no complexities. Only at one location, I had an issue related to SD-WAN, but my query was resolved by Fortinet's local team. It's an on-premises firewall for the DC and DR locations. I have never worked on cloud projects, but if there is any opportunity to deploy it on the cloud, I will do it. I have only done on-premises deployment.

Read full review

reviewer2335599

Chief Information Security Officer at a consultancy with 1-10 employees

Jan 23, 2024

Safeguards networks against a wide range of cyber threats with its robust security features, advanced threat prevention and centralized management

It can function as either a standalone appliance or as part of a clustered solution, offering flexibility to suit the needs of various customers, ranging from small businesses to large enterprises. We have experience working with a diverse clientele across different industries, leveraging Check…

Read full review

YaserAljohani

OT/ICS Information Security Specialist at SANS

Jun 25, 2020

A solution that detects and blocks malicious content with good reporting and visibility, but the reliability needs improvement

I have some issues with OPNsense. I have created a virtual machine that I've lost connection at times and I am not able to connect to the gateway or ping the internet. When I started with OPNsense, it worked right away. It may be an issue with the virtual machine itself. I am currently setting up the protection on all of the virtual machines so they will connect to OPNsense and the internet, or anywhere they need to access. I have tried to download some malicious files or a virus and it should dump the files and prevent the download, but I don't seem to get any notification or warnings. It may be an issue with the configuration but I am not sure. I would like to see improvements made to connectivity and alerting. I wanted to deploy this solution in our organization and some of the workstations from remote sites but it's not reliable enough to do that yet. In the next release, I would like to see real traffic monitoring and more visibility. Also, for the antivirus, I would like to see the files protected by ClamAV. I would like to see intelligence in OPNsense and have the option to apply it or not. They need a threat intelligence tool similar to the one they would find with Cisco. It will show you the file hashes, all of the IFCs, the niches, the address information, and more. With all of this information, you can be proactive and block the malicious file hashes, all of the malicious IP addresses, and the public IP addresses. It should help you be proactive. It would be helpful to have OPNsense be one of the plugins, and they should include traffic capturing. With Palo Alto, you can monitor and specify which interface you want to monitor, the source IP, or you can specify the network and see the traffic that is coming from the VLAN, the destination, and any files being transferred over the network. If you apply security profiles you can see the signatures.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Its performance in fulfilling our requirements has been satisfactory."

"Its administrative panel is very intuitive and simple. It is simpler than the other solutions that we had. As an administrator, we are always looking for the easiest solution to manage network policies. We are able to filter everything on our network and also use the VPN feature, which is important these days when people are working remotely during COVID."

"The most valuable features are the possibility of having one fabric for switching on security."

"We were looking for the VPN feature and controlling the inflow and outflow of all the traffic within the site and across the sites. We are also using it for the VPN and VLANs."

"The most valuable features of Fortinet FortiGate are remote access, web filtering, and IPS."

"The base firewall features are quite valuable to us."

"This is an easy solution to deploy."

"Virtual Domains (VDOMs) are a feature that we found valuable."

More Fortinet FortiGate pros

"As with any firewall, IPSEC VPN is the critical functionality. Not every organization has the budget to implement MPLS or SD-WAN, which makes IPSEC the go-to for site-to-site connectivity."

"The product offers a robust and intuitive experience, catering to the essential needs of users."

"With the new SmartTask offered in R80.40, we will be happy to configure some automatic control-functions."

"The configuration is one of the best features of this product."

"Check Point provides dedicated blades to monitor network traffic, which helps while troubleshooting network and packet-related issues."

"The packet inspection capabilities are great."

"They utilize various gateway features, including Identity as a Service (IDaaS), anti-spam, antivirus, and other security measures, effectively creating a robust defense against a wide range of potential risks."

"It is easy to control from the central management system. For example, if we have 10 firewalls, and we want to push that same configuration among them, we can use this solution's central management system to do that simultaneously. So, there is time saving in that way. The time savings does depend on the situation. For example, if I am running half an hour of work on each firewall, that will take around 300 minutes. However, if I do this work from the central management system, then it will only take 30 minutes to push the same configuration to those same 10 devices."

More Check Point NGFW pros

"It's open source."

"The tool's integration is more like a button press."

"URL blocking, Wireguard, Tail Scale, Engine Blocker, and VPN are the most valuable features for me."

"It's more secure and more reliable."

"The graphic user interface is very good and it is user-friendly which makes the product easy-to-use."

"The most valuable feature is the Dual WAN in OPNSense, which offers advanced capabilities."

"I find the solution to be user-friendly. It has a lot of reports and easy settings."

"The most valuable features of OPNsense are the GUI and frequent updates."

More OPNsense pros

Cons

"They should offer special pricing to premium partners and customers."

"Currently, without the additional reporting module, we only have access to basic reporting."

"I think they need to improve more in order to be a competitor with the leaders of the field."

"The solution could be more user friendly."

"The Wi-Fi controller needs a lot of improvement."

"I don't like that anything more than very basic reporting is not included."

"One area for improvement is the performance on bandwidth demands for smaller devices, as well as better web filtering."

"Reporting is limited to providing an external appliance for improving the reporting capabilities of the FortiAnalyzer. It does not offer a central management and is also sold separably as an appliance."

More Fortinet FortiGate cons

"Management: Check Point should move away from its current architecture wherein it mandatorily requires a management server to manage the gateways. They should develop A feature in the gateway itself so that no management server is needed for policy and gateway management."

"With the version we're on, it's a bit time-consuming if you have multiple IP addresses to add. But in the later versions, which we're moving to, it makes it a lot easier to add IP addresses with dynamic objects, as they call it."

"It depends whether the problem is known to Check Point. If they are aware there is a problem, quite often it will then depend on which tech you finally land on if it's easier or harder to get to the root cause. The last issue was in India so that was pretty bad. It's easier if you get directly through to Tel Aviv or Ottawa, but you can't choose. Once they know what the issue is, it's pretty good. It pretty much depends on the engineer that you get. There are pretty good engineers and there are many engineers who are at just the starter level at Check Point who are not really into the stuff. Sometimes it's hard, sometimes it's easy, depending on the problem and the tech engineer you get."

"You need to merge all the old consoles into one new one and make the interface more convenient for the novice administrator."

"The network automation and security automation could be better."

"Although very efficient, the product could be developed in a way that does not take a lot more system resources."

"The API support is good. However, Check Point needs to focus on more prepared scripts for some tiresome actions."

"They could make the licensing a bit easier to deal with, especially for enterprise-level options."

More Check Point NGFW cons

"OPNsense showed me some problems when using it in different environments. The problem is integration with a virtual server."

"On the customer-side, because I'm a small business, I need a cheaper or free solution option."

"There are a few weaknesses. For example, there is a lack of some features that I have in certain commercial products."

"The logging could improve in OPNsense."

"The reporting part could be better."

"OPNsense could improve by making the configuration more web-based rather than shell or command-line-based."

"An area for improvement in OPNsense is the hardware, which needs to be updated more frequently. DNS blocking is another good feature I want to be added to the solution. pfSense has a peer-blocking feature that I also want to see in OPNsense."

"The support for OPNsense is good because we have documents available on the internet. The support could improve a little."

More OPNsense cons

Pricing and Cost Advice

"The pricing is flexible."

"Its price is normal. If I compare it with other vendors, such as Palo Alto, it's normal. Palo Alto is expensive."

"Go for long term pricing negotiated at the time of purchase."

"It was probably about $2,500 per firewall. It was all included. It included support, services, threat management software, and 24/7 FortiCare on it. Cisco products are more expensive."

"The license of Fortinet FortiGate should be reduced."

"The price is high compared to some of the other solutions."

"FortiGate's pricing falls within the mid-range when compared to other leading firewall solutions."

"The solution requires a license annually, it is not a user license, you can have as many users as your want. I must renew the license regularly per device."

More Fortinet FortiGate pricing and cost advice

"I don't see that Check Point is very high, but it is geared more towards enterprises."

"Check Point needs to lower its price drastically, and the licensing model is very complex."

"Though we did not take issue with the price of Check Point NGFW, we felt that it was providing us with inadequate support here in Uganda."

"Licensing is pretty straightforward and is based on the blades available, such as NGFW, NGTP, and NGTX."

"Cisco pushes clients to purchase their hardware, and this is not the case with Check Point. This helps to easily manage costs."

"Comparatively, Check Point pricing is a little high. However, if you have that budget, I would recommend anybody to go with Check Point."

"Check Point Firewall costs more compared to the other firewalls in the markets, as pricing is little high. However, it is easy to take the license and use it in the firewall."

"The licensing is straightforward; there are only three types of licenses that include NGFW, NGTP, and SNBT, so the organization can choose its license according to their requirements."

More Check Point NGFW pricing and cost advice

"The solution is not expensive."

"It's a free solution."

"We are using the paid version."

"OPNsense is a well known open-source tool."

"It's not expensive."

"Its pricing is unbeatable in comparison to other firewalls. You can have a small instance that could be €80 a month with the hardware underneath. Azure Firewall and FortiGate are out of the question at this price. If you are on a public cloud, you need the underlying infrastructure. Other than that, there is no additional cost. If you have it on-prem, you have to buy the server or the appliance. The hardware cost is replaced with the infrastructure cost in the cloud. You also have costs for the public IPs and underlying VMs, but that's not related to OPNsense. It would be the same for a FortiGate deployment on Azure. You need a FortiGate license, and you need the underlying infrastructure that scales up depending on your needs."

"It is free."

"The price of OPNsense is good."

More OPNsense pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Firewalls solutions are best for your needs.

See recommendations

793,295 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

21%

Computer Software Company

15%

Manufacturing Company

Comms Service Provider

Educational Organization

54%

Computer Software Company

Financial Services Firm

Government

Computer Software Company

16%

Comms Service Provider

10%

Government

Educational Organization

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?

When you compare these firewalls you can identify them with different features, advantages, practices and usage a...

See all answers

What is the biggest difference between Sophos XG and FortiGate?

From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...

See all answers

What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?

As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...

See all answers

How does Check Point NGFW compare with Fortinet Fortigate?

I have experience on both from Disti and channel experience. Please find below my comments (nothing new as such). -Ch...

See all answers

Which would you recommend - Azure Firewall or Check Point NGFW?

Azure Firewall is easy to use and provides excellent support. Valuable features include integration into the overall ...

See all answers

What do you like most about Check Point NGFW?

Check Point NGFW provides essential security, featuring no-obligation access for secure connections, strong intrusion...

See all answers

What is the difference between PfSense and OPNsense?

Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and cl...

See all answers

What do you like most about OPNsense?

What I like the most about OPNsense is that it offers an easy-to-use dashboard for device management and control.

See all answers

What is your experience regarding pricing and costs for OPNsense?

I've used the free version. My computer with two network cards at home allows me to try as many different software op...

See all answers

Comparisons

Sophos XG vs Fortinet FortiGate

Compared 20% of the time

Cisco Secure Firewall vs Fortinet FortiGate

Compared 13% of the time

Netgate pfSense vs Fortinet FortiGate

Compared 12% of the time

Meraki MX vs Fortinet FortiGate

Compared 7% of the time

Fortinet FortiOS vs Fortinet FortiGate

Compared 2% of the time

More Fortinet FortiGate Competitors

Palo Alto Networks NG Firewalls vs Check Point NGFW

Compared 20% of the time

Sophos XG vs Check Point NGFW

Compared 9% of the time

Cisco Secure Firewall vs Check Point NGFW

Compared 7% of the time

Netgate pfSense vs Check Point NGFW

Compared 6% of the time

Juniper SRX Series Firewall vs Check Point NGFW

Compared 3% of the time

More Check Point NGFW Competitors

Netgate pfSense vs OPNsense

Compared 76% of the time

Sophos XG vs OPNsense

Compared 5% of the time

Untangle NG Firewall vs OPNsense

Compared 2% of the time

Sophos UTM vs OPNsense

Compared 2% of the time

Zyxel Unified Security Gateway vs OPNsense

Compared 1% of the time

More OPNsense Competitors

Product Reports

Buyer's Guide

Fortinet FortiGate

July 2024

Download Fortinet FortiGate product report

Buyer's Guide

Check Point NGFW

July 2024

Download Check Point NGFW product report

Buyer's Guide

OPNsense

July 2024

Download OPNsense product report

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate

Check Point NG Firewall, Check Point Next Generation Firewall

No data available

Learn More

Fortinet

Check Point Software Technologies

Video not available

OPNsense

Overview

Fortinet FortiGate enhances network security, prevents unauthorized access, and offers robust firewall protection. Valued features include advanced threat protection, reliable performance, and a user-friendly interface. It improves efficiency, streamlines processes, and boosts collaboration, providing valuable insights for informed decision-making and growth.

Check Point NGFW is a next generation firewall that enables safe usage of internet applications by blocking malicious applications and unblocking safe applications. Check Point NGFW, which uses deep packet inspection to identify and control applications, has features such as application and user control and integrated intrusion prevention (IPS), as well as more advanced malware prevention capabilities like sandboxing.

Check Point NGFW includes 23 firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance.

Benefits of Check Point's Next Generation Firewall

Robust security: Check Point NGFW delivers the best possible threat prevention with SandBlast Zero Day protection. The SandBlast protection agent constantly inspects passing network traffic for exploits and vulnerabilities. Suspicious files are then emulated in a virtual sandbox in order to detect and report malicious behavior.
Security at hyperscale: On-demand hyperscale threat prevention performance provides cloud level expansion and resiliency on premises.
Unified management: Check Point's SmartConsole makes it easy to manage and configure network security environments and policies. With the SmartConsole, users can manage all the firewall gateways and access logs and install databases from one location. Unified management control across the network increases the efficiency of security operations and reduces IT costs.
Continuous logging: Check Point NGFW’s Threat Management feature detects vulnerabilities and logs them. Using the logged data, users can easily create and implement efficient security policies.
Remote access: The remote access VPN provides a seamless connection for remote users.

Check Point NGFW is suitable for organizations of all sizes, from small businesses to larger enterprises.

Reviews from Real Users

Check Point NGFW stands out among its competitors for a number of reasons. Two major ones are its intrusion prevention feature as well as its centralized management, which makes it very easy to deploy firewall policies to many firewalls with one click.

Shivani J., a network security administrator, writes, "Check Point has a lot of features. The ones I love are the antivirus, intrusion prevention, and data loss prevention."

G., a network administrator at Secretaría de Finanzas de Aguascalientes, writes, “Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution. The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters.”

Arun J., a senior network engineer, notes, “The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them.”

OPNsense is a user-friendly, fast-track, open-source FreeBSD-based firewall and routing platform. This software offers features that are generally available from costly commercial firewalls, with the added benefit of open and verifiable sources. The firewall provides users, developers, and organizations with an advantageous environment through transparency. The development of this project is driven by a strong focus on security and code quality.

The solution offers a variety of components, such as:

Weekly security updates. These updates provide the user with the ability to reach new emerging threats in a timely manner through small increments.
Two major releases every year. These yearly releases are on a fixed release cycle and provide organizations with the ability to plan ahead of an upcoming upgrade.
A roadmap of instructions. Each major release provides a guide and a set of clear goals.

A team of professionals developed OPNsense. Other professional and experienced software architects, engineers, and developers are encouraged to join in the development of the solution to make it as successful as possible. OPNsense offers a variety of rich features with each release. Each upgrade is based on FreeBSD for continual, long-term support and utilizes a freshly advanced MVC framework based on Phalcon. OPNsense is committed to helping businesses, school networks, remote offices, hotels, and other markets in keeping their data protected.

OPNsense Core Features

OPNsense continually offers a free, complete, high-end security platform with new releases and features. With each release, OPNsense focuses on providing more unique and better security features in a timely manner. These features include:

Captive Portal
Built-in reporting and monitoring tools including RRD Graphs
Network Flow Monitoring
Traffic Shaper
Support for Plugins
Granular Control Over State Table
Dynamic DNS
Two-factor authentication throughout the system
Netflow Exporter
Encrypted Configuration Backup to Google Drive
Forward Caching Proxy (transparent) with Blacklist Support
Stateful inspection firewall
DNS Server & DNS Forwarder
High Availability & Hardware Failover (with configuration synchronization & synchronized state tables)
DHCP Server and Relay
Virtual Private Network (site to site & road warrior, IPsec, OpenVPN & legacy PPTP support)
Intrusion Detection and Prevention
802.1Q VLAN support

Reviews from Real Users

OPNsense is a favorite security solution among reviewers for a number of reasons. Two of those reasons include the user-friendliness of the solution, which makes it easy to use, and its ability to easily scale.

For many, a user-friendly solution is essential. FiorindoDi A., a system administration specialist at a tech vendor, says, "The graphic user interface is very good and it is user-friendly, which makes the product easy-to-use."

Peerspot reviewers speak of the scalability of the solution. For example, an anonymous cloud and infrastructure manager at a venture capital and private equity firm reviewer notes, "OPNsense is easy to scale when running on the hardware."

Sample Customers

1. Amazon Web Services 2. Microsoft 3. IBM 4. Cisco 5. Dell 6. HP 7. Oracle 8. Verizon 9. AT&T 10. T-Mobile 11. Sprint 12. Vodafone 13. Orange 14. BT Group 15. Telstra 16. Deutsche Telekom 17. Comcast 18. Time Warner Cable 19. CenturyLink 20. NTT Communications 21. Tata Communications 22. SoftBank 23. China Mobile 24. Singtel 25. Telus 26. Rogers Communications 27. Bell Canada 28. Telkom Indonesia 29. Telkom South Africa 30. Telmex 31. Telia Company 32. Telkom Kenya

Control Southern, Optimal Media

1. Deciso B.V. 2. iXsystems, Inc. 3. EuroBSDCon 4. Netgate 5. Claranet 6. Voleatech 7. Open Systems AG 8. Securebit AG 9. Proxmox Server Solutions GmbH 10. AVM Computersysteme Vertriebs GmbH Additional customers include: T-Systems International GmbH, Deutsche Telekom AG, Vodafone GmbH, 1&1 IONOS SE, OVHcloud, Hetzner Online GmbH, Strato AG, PlusServer GmbH, Host Europe GmbH, United Internet AG, 1&1 Versatel Deutschland GmbH, QSC AG, Bechtle AG, Cancom SE, Computacenter AG & Co. oHG, T-Systems Multimedia Solutions GmbH, Atos SE, Capgemini SE, Accenture plc, IBM Corporation, Hewlett Packard Enterprise Company, Cisco Systems, Inc.

Buyer's Guide

Check Point NGFW vs. OPNsense

July 2024

Free Report: Check Point NGFW vs. OPNsense

Find out what your peers are saying about Check Point NGFW vs. OPNsense and other solutions. Updated: July 2024.

DOWNLOAD NOW

793,295 professionals have used our research since 2012.

See our Check Point NGFW vs. OPNsense report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.