Check Point NGFW vs Palo Alto Networks NG Firewalls comparison

You must select at least 2 products to compare!
Fortinet Logo
120,425 views|88,209 comparisons
90% willing to recommend
Check Point Software Technologies Logo
27,173 views|16,714 comparisons
96% willing to recommend
Palo Alto Networks Logo
25,488 views|16,293 comparisons
96% willing to recommend
Comparison Buyer's Guide
Executive Summary
Updated on May 15, 2022

We performed a comparison between Check Point NGFW and Palo Alto Networks NG Firewalls based on our users’ reviews in four categories. Our conclusion is presented below.

  • Ease of Deployment: Checkpoint offers wizards to help make the process easier. However, users of both solutions indicate the installation and deployment of the firewalls can be complicated for the novice.
  • Features: Check Point NGFW offers zero-day protection and provides absolute in-depth visibility with a multi-layer, multi-blade approach. This solution allows users to manage all firewalls from one single location and has very good antivirus protection. Users feel Check Point does a great job with automatization. However, they tell us debugging can be difficult and makes the solution seem less stable than other solutions.

    Palo Alto Networks NG Firewall offers a parallel processing data plan, which makes the overall processes more efficient. This solution embeds machine learning in the firewall's core to provide inline, real-time attack prevention. Additionally, Palo Alto offers blocking of undesirable URLs and also offers threat hunt capabilities, which makes it better than other vendors. Users tell us that new releases can be very buggy. They also feel that documentation needs improvement.
  • Pricing: Checkpoint NGFW users tell us the solution is of good value and is generally cheaper than other solutions. Palo Alto Networks NG Firewalls are considered a very high-end product and very expensive.
  • Service and Support: Users of both solutions are satisfied with the service and response they receive.

Comparison Results: Our users feel Check Point NGFW is the better choice for NG Firewalls. Users appreciate its unique multi-layer, multi-blade approach. Additionally, the central management station allows users to manage everything in one place, helping to improve overall performance. The great price, support, and performance make this a great choice.

To learn more, read our detailed Check Point NGFW vs. Palo Alto Networks NG Firewalls Report (Updated: May 2024).
771,946 professionals have used our research since 2012.
Q&A Highlights
Question: Is Palo Alto Networks NG Firewalls better than Check Point NGFW?
Answer: Both of them are expensive when it comes to hardware or support. For me, Check Point is more focused on Cyber Security threats, IPS, application visibility, and malware detection. The interface really gives more insights when it comes to cybersecurity than Palo Alto, however when it comes to Network capability in the Environment "Routing, Switching, VRF, NAT" Check Point can't compare with Palo Alto, Palo Alto has more routing and design flexibility than checkpoint. So to Wrap up: Check Point- more threats and prevention-focused but for Network Capability it doesn't exceed a Linux server capability. Palo Alto- also has good threats and prevention capability "Less Than Checkpoint". But provide more Network Flexibility than Check Point.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"We are using the FortiGate 100D series. VPN, firewall, anti-malware, OTM, and intrusion prevention are useful features.""One of the valuable features is a standardized OS.""The web tutor and automatic rules by schedule are good features.""It works very well. It has a lot of different functionalities. Its cost is also fine for our customers.""I am "headache free" that I don't have to categorize all the websites and that security has been pre categorized by the people, and that the services are getting updated. At least one part of my problem is over.""Fortinet FortiGate is easy to use.""Anti-Spam web content filterinG.""It has very easy management and an amazing ETM configuration."

More Fortinet FortiGate Pros →

"The characteristics on offer have come to give an added value under a single investment, thus offering many advantages.""There is a lot of legacy traffic from other vendors that has been migrated to Check Point which has resulted in a lot of stability in our environment.""The features that I have found most valuable are its flexibility and user interface. This is already a well-established product in the market for quite a long time, more than 20 years. They've got a huge customer base.""There are several ways to implement it.""The firewall and IPS are the most valuable features of the solution.""I think that the most valuable feature is the prevention of known and zero-day threats because they are constantly trying to access your company and compromise its data.""The uncomplicated configuration ensures that mistakes are avoided and rules are easily audited.""The sales, pre-sales, professional services, and tech support are all very nice."

More Check Point NGFW Pros →

"The best feature is the packet inspection; compared to solutions like Cisco and FortiGate, Palo Alto's packet inspection is much less CPU intensive, allowing it to detect threats embedded within packages more quickly and efficiently.""The most valuable features are the threat prevention and policy-based routing features.""Provision of quality training material and the reporting is very good.""The solution is user-friendly. It's secure and easy to understand your network visibility, control the network, and prevent attacks.""Innovative, advanced threat protection is the most valuable feature.""When we put it on the border, it was blocking everything that we were getting ahead of time, and we weren't getting any hits. This includes URL filtering, spam prevention, and anti-virus.""The basic configuration will only take 15 minutes to set up""It's a next-generation firewall and it's pretty stable. You don't have to worry about if you restart it for some maintenance. It will just come back."

More Palo Alto Networks NG Firewalls Pros →

"It should provide better visibility over the network and more information in the form of reports for the end users. Its installation should also be easier.""It can be a little bit more user-friendly in terms of policy definition and implementation. It seems a little bit complicated, and it could be simplified.""Fortigate's hardware capacities could be improved.""With FortiGate, the main complaint that I have heard is about the technical support.""There could be more integration between the logging and analytical platforms to make it more seamless and integrated.""The support is the main thing that needs to be improved.""There were quite a few problems with the stability of the system.""The central management for the FortiGate Fortinet Firewall needs improvement. They have the manager to do the essential management for both SD-WAN and for the security policy. They should also improve the SD-WAN function."

More Fortinet FortiGate Cons →

"If you have a long ruleset, you may experience performance issues on the GUI, and installing rule changes on gateways can take a comparatively long time.""Finding support is a little bit hard.""The only thing that we've seen is instances where console and administrative interfaces get locked up or freeze, and we have to get the machine rebooted.""In terms of new features, maybe it would help if we could start to manage all the stuff in the cloud and not in the on-prem servers. The management side could also be faster when you install policies. But other than that, I'm satisfied.""The frequency of the antivirus updates which we get for Check Point firewalls should increase. They should be of good quality compared to the competitive firewalls on the market. They should give us stable antivirus signatures. That is an area in which they can improve.""One thing to improve is the VSX gateway. It is quite complex to work with VSX and they are quite easy to break if you aren't familiar with them.""The interface can be more user-friendly in terms of design and the location of critical and commonly used icons.""One of the main features that need improvement is the rule filter export."

More Check Point NGFW Cons →

"I don't deal with it from a day-to-day perspective, but I can say that the evidence that I typically need is there, but sometimes, it's a task to actually get it and pull it out. They can make it easier to gather that evidence.""Interface could be improved visually and simplified.""The analysis of the ITS ID by Palo Alto Networks NG Firewalls could be improved.""The price of the solution is very high.""The support could be improved.""Unfortunately, Palo Alto Networks products aren't cheap, but you have to pay the price for good security technology. I don't know the exact price, but it's about $10,000 to $15,000 without a subscription. Cisco is priced similarly. FortiGate is inexpensive in Poland, so a lot of customers prefer that.""With new features and applications you get bugs.""I am in GCC in the Middle East. The support that we are getting from Palo Alto is disastrous. The problem is that the support ticket is opened through the distributor channel. Before opening a ticket, we already do a lot of troubleshooting, and when we open a ticket, it goes to a distributor channel. They end up wasting our time again doing what we have already done. They execute the same things and waste time. The distributor channel's engineer tries to troubleshoot, and after spending hours, they forward the ticket to Palo Alto. It is a very time-consuming process. The distributor channels also do not operate 24/7, and they are very lazy in responding to the calls."

More Palo Alto Networks NG Firewalls Cons →

Pricing and Cost Advice
  • "Fortinet has one or two license types, and the VPN numbers are only limited by the hardware chassis make."
  • "These boxes are not that expensive compared to what they can do, their functionality, and the reporting you receive. Fortinet licensing is straightforward and less confusing compared to Cisco."
  • "Go for long term pricing negotiated at the time of purchase."
  • "Work through partners for the best pricing."
  • "The value is the capability of having multiple services with one unique license, not having the limitation per user licensing schema, like other vendors."
  • "Easy to understand licensing requirements."
  • "​We saved a bundle by not needing all the past appliances from an NGFW.​"
  • "The cost is too high... They have to focus on more features with less cost for the customer. If you see the market, where it's going, there are a lot of players offering more features for less cost."
  • More Fortinet FortiGate Pricing and Cost Advice →

  • "I don't think the product's pricing is a good value. I feel it's very overpriced. I feel a lot of the features for a next gen firewall are there. But I feel it's overpriced, because of the stability issues. As far as support goes, I really can't speak to direct Check Point support, but the third-party was pretty terrible... As far as the licensing goes, it's pretty complex. If anybody was to purchase the Check Point product, definitely make sure they have an account rep come on site, and explain it line by line, what each thing is. It's not straightforward. It's very convoluted. There's no way you could just figure it out by looking at it."
  • "Check Point solutions are very expensive here. They're good, but they're expensive... Check Point is only useful for customers that have a big IT budget."
  • "The price is high in comparison to other solutions."
  • "We pay $5,000-$6,000 a year."
  • "Maybe the pricing is a bit high but you get the durability and the duration."
  • "Licensing issues may be confusing at times."
  • "It is quite an expensive product, although security is a top priority."
  • "This product is not cheap and there are additional costs that depend on what model or package that you buy."
  • More Check Point NGFW Pricing and Cost Advice →

  • "Annually, the licensing costs are too much."
  • "Pricing is yearly, but it depends. You could pay on a yearly basis, or every three years. If you want to add a device or two, there would be an additional cost. Also, if you want to do an assessment, or other similar add-on, you have to pay accordingly for the additional service."
  • "It will be worth your time to hire a contractor to set it up and configure it for you, especially if you are not very knowledgeable with PA firewalls."
  • "Don't buy a device with more power than you really need, because licensing depends on the cost of the box you have."
  • "The licensing is annual, and there aren't any additional fees on top of that."
  • "The price of this product should be reduced."
  • "The pricing is competitive in the market."
  • "This is an expensive product, which is why some of our customers don't adopt it."
  • More Palo Alto Networks NG Firewalls Pricing and Cost Advice →

    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    771,946 professionals have used our research since 2012.
    Answers from the Community
    Mashrur Sakib
    Val Valenleo - PeerSpot reviewerVal Valenleo

    Hi, I would suggest going for Checkpoint, the suitability depends on your specific security needs, budget constraints, network infrastructure, Integration capabilities, cloud integration, compliance and reporting, user-friendly interface but the support and the specific behavior for some solutions for routing, networking balance or specific connectivity is better known constraints, Checkpoint Multiplatform support (Open Servers Solutions)                                                The advantages in Palo Alto (SSL Decryption, Wildfire SandBox Integration, Scalability)

    Ajenthan Aiyathurai - PeerSpot reviewerAjenthan Aiyathurai
    Real User

    Hi, I would suggest going for Check Point.
    I'm with Check Point now, for more than 2 years. IPS, threat prevention, antibot identification, and antivirus notification are up to the mark. Moreover, it has a friendly user interface where anyone can create policies and work on it. 

    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and usage at… more »
    Top Answer:From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know… more »
    Top Answer:As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite… more »
    Top Answer:I have experience on both from Disti and channel experience. Please find below my comments (nothing new as such)… more »
    Top Answer:Azure Firewall is easy to use and provides excellent support. Valuable features include integration into the overall… more »
    Top Answer:Check Point NGFW provides essential security, featuring no-obligation access for secure connections, strong intrusion… more »
    Top Answer:Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure… more »
    Top Answer:In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
    Top Answer:Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat… more »
    Also Known As
    FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
    Check Point NG Firewall, Check Point Next Generation Firewall
    Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall
    Learn More

    Fortinet FortiGate enhances network security, prevents unauthorized access, and offers robust firewall protection. Valued features include advanced threat protection, reliable performance, and a user-friendly interface. It improves efficiency, streamlines processes, and boosts collaboration, providing valuable insights for informed decision-making and growth.

    Check Point NGFW is a next generation firewall that enables safe usage of internet applications by blocking malicious applications and unblocking safe applications. Check Point NGFW, which uses deep packet inspection to identify and control applications, has features such as application and user control and integrated intrusion prevention (IPS), as well as more advanced malware prevention capabilities like sandboxing.

    Check Point NGFW includes 23 firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance.

    Benefits of Check Point's Next Generation Firewall

    • Robust security: Check Point NGFW delivers the best possible threat prevention with SandBlast Zero Day protection. The SandBlast protection agent constantly inspects passing network traffic for exploits and vulnerabilities. Suspicious files are then emulated in a virtual sandbox in order to detect and report malicious behavior.

    • Security at hyperscale: On-demand hyperscale threat prevention performance provides cloud level expansion and resiliency on premises.

    • Unified management: Check Point's SmartConsole makes it easy to manage and configure network security environments and policies. With the SmartConsole, users can manage all the firewall gateways and access logs and install databases from one location. Unified management control across the network increases the efficiency of security operations and reduces IT costs.
    • Continuous logging: Check Point NGFW’s Threat Management feature detects vulnerabilities and logs them. Using the logged data, users can easily create and implement efficient security policies.

    • Remote access: The remote access VPN provides a seamless connection for remote users.

    Check Point NGFW is suitable for organizations of all sizes, from small businesses to larger enterprises.

    Reviews from Real Users

    Check Point NGFW stands out among its competitors for a number of reasons. Two major ones are its intrusion prevention feature as well as its centralized management, which makes it very easy to deploy firewall policies to many firewalls with one click.

    Shivani J., a network security administrator, writes, "Check Point has a lot of features. The ones I love are the antivirus, intrusion prevention, and data loss prevention."

    G., a network administrator at Secretaría de Finanzas de Aguascalientes, writes, “Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution. The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters.”

    Arun J., a senior network engineer, notes, “The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them.”

    Palo Alto Networks NG Firewalls are next-generation firewalls used for security to protect networks from threats and attacks. It is used for perimeter security, data center protection, and managing secure access to environments. Users highlight the NGFW's effectiveness in providing comprehensive security without impacting network performance. Users appreciate its ease of use, particularly in setup and ongoing management, making it a favored choice for businesses looking to secure their cloud environments.

    The firewall provides application control, malware protection, scalability, stability, user-friendly interface, threat hunt capabilities, application visibility and awareness, URL filtering, traffic monitoring, machine learning for attack prevention, a unified platform for all security capabilities, DNS security, VPN, and embedded machine learning. Palo Alto Networks NG Firewalls is easy to manage, reliable, and balances security and network performance well. It also provides complete visibility through logs and alerting.

    Palo Alto Networks NG Firewalls Features

    Palo Alto Networks NG Firewalls has many valuable key features. Some of the most useful ones include:

    • Secure Application Enablement (App-ID, User-ID, Content-ID)
    • Malware Detection and Prevention (threat prevention service, buffer overflows and port scans, anti-malware capabilities, command-and-control protection, and WildFire)
    • DNS Security (URL filtering, predict and block malicious domains, signature-based protection, extensible cloud-based architecture)
    • Panorama Security Management (including graphical views and analytics, manage rules and dynamic updates, customizable application command center (ACC), log collection mode, physical or virtual appliance)
    • Threat Intelligence (high-fidelity threat intelligence, priority alerts, automatic extraction and sharing of prevention indicators, native integration with Palo Alto Networks products)

    Palo Alto Networks NG Firewalls Benefits

    There are several benefits to implementing Palo Alto Networks NG Firewalls. Some of the biggest advantages the solution offers include:

    • Dedicated management interface for managing and initial configuration of the device
    • Regular threat signatures and updates
    • Import addresses and URL objects from the external server
    • Configure and manage with REST API integration
    • Great throughput and connection speed is fair even in high traffic load
    • Deep visibility into the network activity through Application and Command Control
    • Easy to manage and very user friendly

    Reviews from Real Users

    Below are some reviews and helpful feedback written by Palo Alto Networks NG Firewalls users.

    A Solutions Architect at a communications service provider says, “The product stability and level of security are second to none in the industry. We value the security of our client's infrastructure so these features are valuable to us. An example of a very valuable feature behind Palo Alto is the application-aware identifiers that help the firewall know what its users are trying to do. It can block specific activities instead of just blocking categories. For example, you can block an application, or all unknown applications.”

    PeerSpot user Gerry H., CyberSecurity Network Engineer at a university, mentions that the solution has a “Nice user interface, good support, is stable, and has extensive logging capabilities.” He also adds, “Wildfire has been a very good feature. This solution provides a unified platform that natively integrates all security capabilities, which is 100% important to us. This is a great feature.”

    Eric S., Network Analyst at a recreational facilities/services company, states, "With its single pane of glass, it makes monitoring and troubleshooting a bit more homogeneous. We are not looking at multiple platforms and monitoring management tools. It is more efficient from that perspective. It is more of a common monitoring and control system for multiple aspects of what used to be different systems. It provides efficiency and time savings."

    Sample Customers
    1. Amazon Web Services 2. Microsoft 3. IBM 4. Cisco 5. Dell 6. HP 7. Oracle 8. Verizon 9. AT&T 10. T-Mobile 11. Sprint 12. Vodafone 13. Orange 14. BT Group 15. Telstra 16. Deutsche Telekom 17. Comcast 18. Time Warner Cable 19. CenturyLink 20. NTT Communications 21. Tata Communications 22. SoftBank 23. China Mobile 24. Singtel 25. Telus 26. Rogers Communications 27. Bell Canada 28. Telkom Indonesia 29. Telkom South Africa 30. Telmex 31. Telia Company 32. Telkom Kenya
    Control Southern, Optimal Media
    SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments
    Top Industries
    Comms Service Provider16%
    Computer Software Company9%
    Financial Services Firm8%
    Manufacturing Company7%
    Educational Organization20%
    Computer Software Company15%
    Comms Service Provider8%
    Manufacturing Company6%
    Financial Services Firm22%
    Computer Software Company15%
    Comms Service Provider7%
    Manufacturing Company6%
    Educational Organization51%
    Computer Software Company8%
    Financial Services Firm5%
    Comms Service Provider15%
    Financial Services Firm14%
    Computer Software Company13%
    Educational Organization9%
    Computer Software Company16%
    Financial Services Firm9%
    Manufacturing Company7%
    Company Size
    Small Business48%
    Midsize Enterprise23%
    Large Enterprise30%
    Small Business27%
    Midsize Enterprise32%
    Large Enterprise40%
    Small Business32%
    Midsize Enterprise19%
    Large Enterprise49%
    Small Business14%
    Midsize Enterprise59%
    Large Enterprise27%
    Small Business36%
    Midsize Enterprise27%
    Large Enterprise38%
    Small Business25%
    Midsize Enterprise17%
    Large Enterprise58%
    Buyer's Guide
    Check Point NGFW vs. Palo Alto Networks NG Firewalls
    May 2024
    Find out what your peers are saying about Check Point NGFW vs. Palo Alto Networks NG Firewalls and other solutions. Updated: May 2024.
    771,946 professionals have used our research since 2012.

    Check Point NGFW is ranked 5th in Firewalls with 277 reviews while Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 163 reviews. Check Point NGFW is rated 8.8, while Palo Alto Networks NG Firewalls is rated 8.6. The top reviewer of Check Point NGFW writes "Good antivirus protection and URL filtering with very good user identification capabilities". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". Check Point NGFW is most compared with Sophos XG, Cisco Secure Firewall, Netgate pfSense, Azure Firewall and OPNsense, whereas Palo Alto Networks NG Firewalls is most compared with Azure Firewall, Meraki MX, Sophos XG, Netgate pfSense and Cisco Secure Firewall. See our Check Point NGFW vs. Palo Alto Networks NG Firewalls report.

    See our list of best Firewalls vendors.

    We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.