Check Point NGFW vs Palo Alto Networks NG Firewalls comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on May 15, 2022

We performed a comparison between Check Point NGFW and Palo Alto Networks NG Firewalls based on our users’ reviews in four categories. Our conclusion is presented below.

  • Ease of Deployment: Checkpoint offers wizards to help make the process easier. However, users of both solutions indicate the installation and deployment of the firewalls can be complicated for the novice.
  • Features: Check Point NGFW offers zero-day protection and provides absolute in-depth visibility with a multi-layer, multi-blade approach. This solution allows users to manage all firewalls from one single location and has very good antivirus protection. Users feel Check Point does a great job with automatization. However, they tell us debugging can be difficult and makes the solution seem less stable than other solutions.

    Palo Alto Networks NG Firewall offers a parallel processing data plan, which makes the overall processes more efficient. This solution embeds machine learning in the firewall's core to provide inline, real-time attack prevention. Additionally, Palo Alto offers blocking of undesirable URLs and also offers threat hunt capabilities, which makes it better than other vendors. Users tell us that new releases can be very buggy. They also feel that documentation needs improvement.
  • Pricing: Checkpoint NGFW users tell us the solution is of good value and is generally cheaper than other solutions. Palo Alto Networks NG Firewalls are considered a very high-end product and very expensive.
  • Service and Support: Users of both solutions are satisfied with the service and response they receive.

Comparison Results: Our users feel Check Point NGFW is the better choice for NG Firewalls. Users appreciate its unique multi-layer, multi-blade approach. Additionally, the central management station allows users to manage everything in one place, helping to improve overall performance. The great price, support, and performance make this a great choice.

To learn more, read our detailed Check Point NGFW vs. Palo Alto Networks NG Firewalls Report (Updated: November 2022).
655,711 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.""The solution offers very easy configurations.""We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government.""The deep packet inspection is useful, but the most useful feature is application awareness. You can filter on the app rather than on a static TCP port.""They are easy to maintain.""One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful.""I like all of the features.""Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch."

More Cisco Secure Firewall Pros →

"The ease of configuring VPNs can be very useful especially for companies with lots of remote locations.""Check Point has a really cool GUI.""My customers cite performance and ease of configuration as two of the solution's most valuable features.""The Check Point architecture and packet are very good.""The solution offers very good central management, which saves time and is hassle-free.""The QoS blade is very good for controlling traffic such as Windows patches, mail traffic and other stuff.""In the four years I have worked on the five firewalls we have not had any downtime caused by stability issues.""One ability that Check Point has is that it is the first to provide us with the ability to use identities instead of using the traditional IP-based format, which allows way more flexibility in what we can do with the rule base."

More Check Point NGFW Pros →

"DNS Security is a good feature because, in the real world with web threats, you can block all web threats and bad sites. DNS Security helps to prevent those threats. It's also very helpful with Zero-day attacks because DNS Security blocks all DNS requests before any antivirus would know that such requests contain a virus or a threat to your PC or your network.""The management options are good.""Mechanically, all firewalls work in a similar fashion, but what makes Palo Alto different is that it also has some of the threat hunt capabilities. It is a little bit better than other vendors.""The configuration is very simple.""The most valuable features include the different security zones and the ability to identify applications not only by port numbers but by the applications themselves... And with the single-pass architecture, it provides a good trade-off between security and network performance. It provides good security and good network throughput.""When we put it on the border, it was blocking everything that we were getting ahead of time, and we weren't getting any hits. This includes URL filtering, spam prevention, and anti-virus.""Flexible and integrates well with apps and other security tools.""Palo Alto NGFW’s unified platform has helped our customers eliminate security holes. With a unified platform, customers can deploy the NG Firewall both in the data center edge, inside the data center, and in the product/public cloud environments. They have the same user interfaces and platform, so they can be maintained by a single unified platform called Panorama. Customers can use Palo Alto Network NG Firewalls in all the places where they need to protect their environments. This helps to decrease security holes."

More Palo Alto Networks NG Firewalls Pros →

Cons
"The initial setup could be simplified, as it can be complex for new users.""It can be improved when it comes to monitoring. Today, the logs from the firewalls could be improved a bit more without integrating with other devices.""Comparing Cisco solution to others, it is expensive, it would be better for it to be cheaper.""The user interface is a little clunky and difficult to work with. Some things aren't as easy as they should be.""One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically.""It would be good if Cisco made sure that the solution supports all routing protocols. Sometimes it doesn't.""On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it.""Cisco still has a lot of work to do. You can convert an ASA over to a Firepower, but the competitors, like Palo Alto and Juniper, are coming in. And believe it or not, they are a little bit more intuitive. Cisco has a little bit more work to do. They're playing catch up."

More Cisco Secure Firewall Cons →

"It would be ideal to manage everything from one central place.""The quality of the console should be improved in terms of aesthetics.""The smart consoles could be improved.""The routing rules and some more network settings should be listed on the Check Point Smart Console instead of GAIA Web GUI.""If you have a long ruleset, you may experience performance issues on the GUI, and installing rule changes on gateways can take a comparatively long time.""I would like to see Check Point add more cloud management features and better integration with LAN software-defined networking.""Technical support could be improved.""The predefined reports are few and it would be nice to increase them since the logs are excellent."

More Check Point NGFW Cons →

"Its stability can be better. Their technical response from the support side can also be better.""When it comes to their support, we have to select every single component that we want to include in a particular bundle. That is a very tedious process. T""I think automation and machine learning can be improved to make bulk configurations simpler, easier, and faster""In the cloud, the HA could be a lot better. Its price could also be better. It is very expensive.""There are some advanced features that we aren't able to use, which include active IP authentication and app ID. We are facing challenges with implementing those two features.""Its price can be better. They should also provide some more examples of configurations online.""In Mexico, Palo Alto's discounts are significantly lower than Cisco's. They are also more expensive – about 15% or 20% – than Cisco, but their platforms are very similar.""For an upcoming release, they could improve on the way to build security rules per user."

More Palo Alto Networks NG Firewalls Cons →

Pricing and Cost Advice
  • "If we compare it with FortiGate and the co-existing ASA, FortiGate is better in price."
  • "They seem to be at the top end in terms of pricing, but they are worth the price. They are probably a little bit lower than Palo Alto. If the customers are relying on Cisco products and they are thinking more in terms of scaling to another layer in a year, it is pretty much in a good price range."
  • "We're using the smart license for this firewall. The models that we have require licensing for remote access."
  • "There are licensing costs."
  • "I just bought it off the shelf, and I'm using it with my previous one, so I have not spent that much."
  • "The price is fair. It's not the cheapest, but it's not bad."
  • "For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
  • "The product is very expensive."
  • More Cisco Secure Firewall Pricing and Cost Advice →

  • "The pricing is good. It is less than Palo Alto's firewalls. Check Point has the same features as Palo Alto, but the licensing and cost of these firewalls are not too expensive. It is one of the best firewalls in the market in this range."
  • "I think that the pricing is different for every organization."
  • "The cost of the pricing and licensing are okay. They are giving me a good product as far as I know. It is more expensive than Cisco, but cheaper than Palo Alto, which is fine. It has many good features, so it deserves a good price as well."
  • "They sell it in one box. In that one box, they sell Antivirus and Threat Prevention. They have everything, so we are not required to purchase additional IPS hardware for it."
  • "It is more expensive than Cisco ASA but cheaper than Palo Alto."
  • "Each blade requires that you have a license."
  • "The price of Check Point is lower than Palo Alto but higher than Cisco ASA."
  • "The price of this product is not too costly and you do not need to pay for all of the features."
  • More Check Point NGFW Pricing and Cost Advice →

  • "The NG firewall is an expensive solution."
  • "This is an expensive product and there is a subscription cost."
  • "Its price can be better. Licensing is on a yearly basis."
  • "The pricing is very high."
  • "The device is very expensive compared to Cisco and Fortinet."
  • "It's an expensive product."
  • "It is an expensive solution."
  • "Paul Alto is the most expensive solution in this category."
  • More Palo Alto Networks NG Firewalls Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    655,711 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer:One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer:I have experience on both from Disti and channel experience. Please find below my comments (nothing new as such)… more »
    Top Answer:Azure Firewall is easy to use and provides excellent support. Valuable features include integration into the overall… more »
    Top Answer:The central management console has helped with segregation, where planned interventions with management consoles do not… more »
    Top Answer:Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure… more »
    Top Answer:In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
    Top Answer:Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat… more »
    Comparisons
    Also Known As
    Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
    Check Point NG Firewall, Check Point Next Generation Firewall
    Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall, Palo Alto Networks PA-Series
    Learn More
    Overview

    The Cisco Secure Firewall portfolio delivers greater protections for your network against an increasingly evolving and complex set of threats. With Cisco, you’re investing in a foundation for security that is both agile and integrated- leading to the strongest security posture available today and tomorrow.

      From your data center, branch offices, cloud environments, and everywhere in between, you can leverage the power of Cisco to turn your existing network infrastructure into an extension of your firewall solution, resulting in world class security controls everywhere you need them.

      Investing in a Secure Firewall appliance today gives you robust protections against even the most sophisticated threats without compromising performance when inspecting encrypted traffic. Further, integrations with other Cisco and 3rd party solutions provides you with a broad and deep portfolio of security products, all working together to correlate previously disconnected events, eliminate noise, and stop threats faster.

      Check Point NGFW is a next generation firewall that enables safe usage of internet applications by blocking malicious applications and unblocking safe applications. Check Point NGFW, which uses deep packet inspection to identify and control applications, has features such as application and user control and integrated intrusion prevention (IPS), as well as more advanced malware prevention capabilities like sandboxing.

      Check Point NGFW includes 23 firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance.

      Benefits of Check Point's Next Generation Firewall

      • Robust security: Check Point NGFW delivers the best possible threat prevention with SandBlast Zero Day protection. The SandBlast protection agent constantly inspects passing network traffic for exploits and vulnerabilities. Suspicious files are then emulated in a virtual sandbox in order to detect and report malicious behavior.

      • Security at hyperscale: On-demand hyperscale threat prevention performance provides cloud level expansion and resiliency on premises.

      • Unified management: Check Point's SmartConsole makes it easy to manage and configure network security environments and policies. With the SmartConsole, users can manage all the firewall gateways and access logs and install databases from one location. Unified management control across the network increases the efficiency of security operations and reduces IT costs.
      • Continuous logging: Check Point NGFW’s Threat Management feature detects vulnerabilities and logs them. Using the logged data, users can easily create and implement efficient security policies.

      • Remote access: The remote access VPN provides a seamless connection for remote users.

      Check Point NGFW is suitable for organizations of all sizes, from small businesses to larger enterprises.

      Reviews from Real Users

      Check Point NGFW stands out among its competitors for a number of reasons. Two major ones are its intrusion prevention feature as well as its centralized management, which makes it very easy to deploy firewall policies to many firewalls with one click.

      Shivani J., a network security administrator, writes, "Check Point has a lot of features. The ones I love are the antivirus, intrusion prevention, and data loss prevention."

      G., a network administrator at Secretaría de Finanzas de Aguascalientes, writes, “Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution. The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters.”

      Arun J., a senior network engineer, notes, “The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them.”

      Palo Alto Networks NG Firewalls is a firewall solution designed for security teams that provides them with full visibility and control over all networks via powerful traffic identification, malware prevention, and threat intelligence technologies. In order to determine which applications, users, and content traversing the network are safe, the solution offers companies a variety of advanced security tools and strategies.

      Palo Alto Networks NG Firewalls Features

      Palo Alto Networks NG Firewalls has many valuable key features. Some of the most useful ones include:

      • Secure Application Enablement (App-ID, User-ID, Content-ID)
      • Malware Detection and Prevention (threat prevention service, buffer overflows and port scans, anti-malware capabilities, command-and-control protection, and WildFire)
      • DNS Security (URL filtering, predict and block malicious domains, signature-based protection, extensible cloud-based architecture)
      • Panorama Security Management (including graphical views and analytics, manage rules and dynamic updates, customizable application command center (ACC), log collection mode, physical or virtual appliance)
      • Threat Intelligence (high-fidelity threat intelligence, priority alerts, automatic extraction and sharing of prevention indicators, native integration with Palo Alto Networks products)

      Palo Alto Networks NG Firewalls Benefits

      There are several benefits to implementing Palo Alto Networks NG Firewalls. Some of the biggest advantages the solution offers include:

      • Dedicated management interface for managing and initial configuration of the device
      • Regular threat signatures and updates
      • Import addresses and URL objects from the external server
      • Configure and manage with REST API integration
      • Great throughput and connection speed is fair even in high traffic load
      • Deep visibility into the network activity through Application and Command Control
      • Easy to manage and very user friendly

      Reviews from Real Users

      Below are some reviews and helpful feedback written by Palo Alto Networks NG Firewalls users.

      A Solutions Architect at a communications service provider says, “The product stability and level of security are second to none in the industry. We value the security of our client's infrastructure so these features are valuable to us. An example of a very valuable feature behind Palo Alto is the application-aware identifiers that help the firewall know what its users are trying to do. It can block specific activities instead of just blocking categories. For example, you can block an application, or all unknown applications.”

      PeerSpot user Gerry H., CyberSecurity Network Engineer at a university, mentions that the solution has a “Nice user interface, good support, is stable, and has extensive logging capabilities.” He also adds, “Wildfire has been a very good feature. This solution provides a unified platform that natively integrates all security capabilities, which is 100% important to us. This is a great feature.”

      Eric S., Network Analyst at a recreational facilities/services company, states, "With its single pane of glass, it makes monitoring and troubleshooting a bit more homogeneous. We are not looking at multiple platforms and monitoring management tools. It is more efficient from that perspective. It is more of a common monitoring and control system for multiple aspects of what used to be different systems. It provides efficiency and time savings."

      Offer
      Learn more about Cisco Secure Firewall
      Learn more about Check Point NGFW
      Learn more about Palo Alto Networks NG Firewalls
      Sample Customers
      There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
      Control Southern, Optimal Media
      SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments
      Top Industries
      REVIEWERS
      Financial Services Firm16%
      Comms Service Provider13%
      Computer Software Company9%
      Government8%
      VISITORS READING REVIEWS
      Comms Service Provider20%
      Computer Software Company19%
      Government7%
      Educational Organization5%
      REVIEWERS
      Financial Services Firm25%
      Computer Software Company15%
      Comms Service Provider8%
      Government6%
      VISITORS READING REVIEWS
      Computer Software Company19%
      Comms Service Provider18%
      Financial Services Firm8%
      Government7%
      REVIEWERS
      Comms Service Provider18%
      Computer Software Company18%
      Financial Services Firm13%
      Educational Organization10%
      VISITORS READING REVIEWS
      Computer Software Company20%
      Comms Service Provider13%
      Government7%
      Financial Services Firm6%
      Company Size
      REVIEWERS
      Small Business36%
      Midsize Enterprise24%
      Large Enterprise40%
      VISITORS READING REVIEWS
      Small Business28%
      Midsize Enterprise19%
      Large Enterprise53%
      REVIEWERS
      Small Business28%
      Midsize Enterprise19%
      Large Enterprise53%
      VISITORS READING REVIEWS
      Small Business24%
      Midsize Enterprise20%
      Large Enterprise56%
      REVIEWERS
      Small Business35%
      Midsize Enterprise28%
      Large Enterprise37%
      VISITORS READING REVIEWS
      Small Business25%
      Midsize Enterprise17%
      Large Enterprise58%
      Buyer's Guide
      Check Point NGFW vs. Palo Alto Networks NG Firewalls
      November 2022
      Find out what your peers are saying about Check Point NGFW vs. Palo Alto Networks NG Firewalls and other solutions. Updated: November 2022.
      655,711 professionals have used our research since 2012.

      Check Point NGFW is ranked 4th in Firewalls with 160 reviews while Palo Alto Networks NG Firewalls is ranked 5th in Firewalls with 78 reviews. Check Point NGFW is rated 9.0, while Palo Alto Networks NG Firewalls is rated 8.6. The top reviewer of Check Point NGFW writes "Centrally managed, good antivirus and attack prevention capabilities, knowledgeable support". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "Provides zero trust implementation, more visibility, and eliminated security holes". Check Point NGFW is most compared with Fortinet FortiGate, Azure Firewall, pfSense, OPNsense and Juniper SRX, whereas Palo Alto Networks NG Firewalls is most compared with Azure Firewall, Fortinet FortiGate, Meraki MX, Sophos XG and Sophos UTM. See our Check Point NGFW vs. Palo Alto Networks NG Firewalls report.

      See our list of best Firewalls vendors.

      We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.