We performed a comparison between Check Point NGFW and Palo Alto Networks NG Firewalls based on our users’ reviews in four categories. Our conclusion is presented below.
Comparison Results: Our users feel Check Point NGFW is the better choice for NG Firewalls. Users appreciate its unique multi-layer, multi-blade approach. Additionally, the central management station allows users to manage everything in one place, helping to improve overall performance. The great price, support, and performance make this a great choice.
"Fortinet FortiGate is a stable solution."
"We purchased Fortinet because of the pricing, its functionality, because it met our requirements, and the total cost of ownership over five years was quite reasonable. In the market, Fortinet is rated quite well."
"It is easy to manage, and it doesn't need much knowledge from the team. It is a stable device, and there are many features that are included out of the box."
"The most valuable features of Fortinet FortiGate are the rules and quality of service."
"Offers good security and filtering."
"It's very easy to configure."
"Secure, user-friendly, stable, and scalable network security solution. Installation is straightforward."
"Fortinet FortiGate's ease of management is the most valuable feature."
"We used Check Point for implementation, and they are top-notch. They know the hardware and software better than anyone."
"While not being cheap, their pricing models are competitive."
"The performance has been very good."
"It's really simple to set up."
"The user interface is very cool and easy to use."
"The initial setup is straightforward."
"It provides end-to-end resolution."
"The Check Point architecture and packet are very good."
"The most important thing is that it's really user-friendly. I have almost stopped using the CLI because I like the graphical interface. You can do whatever you want on a single screen, including all the configuration and implementation, using Panorama. You don't have to switch from one place to another."
"It is pretty important to have embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, because all these different attacks and threats are constantly evolving. So, you want to have something beyond just hard pass rules. You want it to learn as it is going along. Its machine learning seems pretty good. It seems like it is catching quite a few things."
"The solution's most valuable feature is the robust firewall, which we can also use as a UTM device."
"Security is the biggest thing nowadays, including threat response, incident response, and root cause. We found that a lot of the logging and dashboard capabilities offered by Palo Alto fill the missing skill gap that you run up against. It makes it easier for our tier-two staff to get involved in some of the deeper root cause analysis. The dashboards, logs, and reports make it easier for our staff to dive right in and not get lost in what tools they should use. It's easy because they're all right there."
"The most important feature is the firewall. We can make rules to filter the application layer of traffic. It's a very helpful feature."
"The user experience is good and the configuration is very easy."
"Palo Alto Networks NG Firewalls provide a unified platform that natively integrates all security capabilities."
"The trackability is most valuable. When a port is open for a protocol, such as port 443 for HTTPS, it can look inside the traffic and identify or verify the applications that are using the port, which was previously not possible with traditional firewalls."
"If they could extend their fabric towards other vendor environments for integration, that would be great."
"Fortinet FortiGate could improve by having better visibility. Palo Alto has better visibility."
"It would be ideal if they had some sort of GUI interface for troubleshooting and diagnostics."
"Fortinet FortiGate could improve by adding FortiAnalyzer to its solution, we should not have to use another solution. FortiAnalyzer can provide more detailed information."
"It would be good if they had fewer updates."
"There are some tiny bugs that sometimes affect the operations. In the past revision of it, there was a bug. Because of the bug, we had to downgrade the version. It happened only with the last revision."
"I would like to see improvements with the antivirus and IPS as they are not working properly all the time."
"Performance and technical support are the main issues with this solution."
"I really want to see geo-blocking as a feature of NGFW."
"Support for customers really needs to improve."
"The software licensing model is too complicated with all the various tiers of SKUs (i.e. per software blade). They need to simplify this for easier purchasing and renewing."
"Although there is a lot of automation and pattern that can be classified automatically, the IPS systems are sometimes a little bit complicated, and doing the fine-tuning in over 20,000 patterns is hard to do."
"The only thing that we've seen is instances where console and administrative interfaces get locked up or freeze, and we have to get the machine rebooted."
"Some features, like the VPN, antispam, data loss prevention, etc., are managed in an external console. In the future, I'd like all features in the same console, in one place, where we can see and configure all features."
"Sometimes debugging is a hassle."
"I would like to see Check Point add more cloud management features and better integration with LAN software-defined networking."
"When we looked at it originally, we needed to host the Panorama environment ourselves. I would prefer it if we could take this as a service. It might be that it is available, but for some reason we didn't choose it. The downsides of hosting are that we need to feed and water the machines. We are trying to move to a more SaaS environment where we have less things in our data centers, whether they be in our cloud data centers or physical data centers, which can reduce our physical data center footprint."
"We are not happy with Palo Alto at all. It would be better if they provided more support for the firewall. We have a few pending issues with the configuration for each application. We cannot deploy them yet due to some support-related problems in the firewall. We have deployed a few policies for DNS spoofing and DNS attacks, but we could only block a few IP addresses through the policy. That's DNS security, and we have configured a few policies for DNS spoofing and more. URL categorization and URL filtering are not yet adequately maintained. For example, if you created a few rules in the rule-based configuration and made some rules downstairs, you will lose some of them if you give access upstairs. It's not giving us a proper solution for which route it is using. We need to apply the application-based policies and URL filtering-based policies. It creates more issues because we are not getting good support from the team."
"Palo Alto should improve their support. It's sometimes difficult to get the right technician or engineer to fix the problem as soon as possible."
"Palo Alto needs to provide more support during the design phase and with proposals. They need to be more proactive, try to anticipate issues, and then help us to implement the transformation quickly."
"As part of our internet filtering, we integrate heavily with Active Directory, and we use security groups to separate staff into two groups: those who should have full access to the internet and those who should have limited access. It may be just the way the topology is for our domain controllers and that infrastructure, but at peak usage, there seems to be a delay in reading back against the security group to find out what group the user is in."
"Palo Alto Networks NG Firewalls don't provide a unified platform that natively integrates all security capabilities. It's missing some features for geofencing and understanding locations."
"The performance of the Panorama interface needs to be improved. It tends to be very sluggish at times."
"There is a web-based GUI to do management, but you need to know how the machine or firewall operates. There are hundreds of different menus and options. I have used other firewalls before. Just implementing or designing a policy with Palo Alto, if you want a certain port to be open to different IP addresses, then that could take 20 to 25 clicks. That is just testing it out. It is quite complex to do. Whereas, with other places, you tell it, "Okay, I want this specific port open and this IP address to have access to it." That was it. However, not with Palo Alto, which is definitely more complex."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Check Point NGFW is ranked 5th in Firewalls with 110 reviews while Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 79 reviews. Check Point NGFW is rated 9.0, while Palo Alto Networks NG Firewalls is rated 8.8. The top reviewer of Check Point NGFW writes "Scalable with seamless failover capabilities and excellent logging functionality". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "Provides zero trust implementation, more visibility, and eliminated security holes". Check Point NGFW is most compared with Netgate pfSense, Cisco Secure Firewall, Azure Firewall, Sophos XG and OPNsense, whereas Palo Alto Networks NG Firewalls is most compared with Azure Firewall, Meraki MX, Sophos XG, Netgate pfSense and Cisco Secure Firewall. See our Check Point NGFW vs. Palo Alto Networks NG Firewalls report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi, I would suggest going for Check Point.
I'm with Check Point now, for more than 2 years. IPS, threat prevention, antibot identification, and antivirus notification are up to the mark. Moreover, it has a friendly user interface where anyone can create policies and work on it.