We performed a comparison between Check Point NGFW and Palo Alto Networks NG Firewalls based on our users’ reviews in four categories. Our conclusion is presented below.
Comparison Results: Our users feel Check Point NGFW is the better choice for NG Firewalls. Users appreciate its unique multi-layer, multi-blade approach. Additionally, the central management station allows users to manage everything in one place, helping to improve overall performance. The great price, support, and performance make this a great choice.
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"The solution offers very easy configurations."
"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."
"The deep packet inspection is useful, but the most useful feature is application awareness. You can filter on the app rather than on a static TCP port."
"They are easy to maintain."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"I like all of the features."
"Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch."
"The ease of configuring VPNs can be very useful especially for companies with lots of remote locations."
"Check Point has a really cool GUI."
"My customers cite performance and ease of configuration as two of the solution's most valuable features."
"The Check Point architecture and packet are very good."
"The solution offers very good central management, which saves time and is hassle-free."
"The QoS blade is very good for controlling traffic such as Windows patches, mail traffic and other stuff."
"In the four years I have worked on the five firewalls we have not had any downtime caused by stability issues."
"One ability that Check Point has is that it is the first to provide us with the ability to use identities instead of using the traditional IP-based format, which allows way more flexibility in what we can do with the rule base."
"DNS Security is a good feature because, in the real world with web threats, you can block all web threats and bad sites. DNS Security helps to prevent those threats. It's also very helpful with Zero-day attacks because DNS Security blocks all DNS requests before any antivirus would know that such requests contain a virus or a threat to your PC or your network."
"The management options are good."
"Mechanically, all firewalls work in a similar fashion, but what makes Palo Alto different is that it also has some of the threat hunt capabilities. It is a little bit better than other vendors."
"The configuration is very simple."
"The most valuable features include the different security zones and the ability to identify applications not only by port numbers but by the applications themselves... And with the single-pass architecture, it provides a good trade-off between security and network performance. It provides good security and good network throughput."
"When we put it on the border, it was blocking everything that we were getting ahead of time, and we weren't getting any hits. This includes URL filtering, spam prevention, and anti-virus."
"Flexible and integrates well with apps and other security tools."
"Palo Alto NGFW’s unified platform has helped our customers eliminate security holes. With a unified platform, customers can deploy the NG Firewall both in the data center edge, inside the data center, and in the product/public cloud environments. They have the same user interfaces and platform, so they can be maintained by a single unified platform called Panorama. Customers can use Palo Alto Network NG Firewalls in all the places where they need to protect their environments. This helps to decrease security holes."
"The initial setup could be simplified, as it can be complex for new users."
"It can be improved when it comes to monitoring. Today, the logs from the firewalls could be improved a bit more without integrating with other devices."
"Comparing Cisco solution to others, it is expensive, it would be better for it to be cheaper."
"The user interface is a little clunky and difficult to work with. Some things aren't as easy as they should be."
"One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically."
"It would be good if Cisco made sure that the solution supports all routing protocols. Sometimes it doesn't."
"On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it."
"Cisco still has a lot of work to do. You can convert an ASA over to a Firepower, but the competitors, like Palo Alto and Juniper, are coming in. And believe it or not, they are a little bit more intuitive. Cisco has a little bit more work to do. They're playing catch up."
"It would be ideal to manage everything from one central place."
"The quality of the console should be improved in terms of aesthetics."
"The smart consoles could be improved."
"The routing rules and some more network settings should be listed on the Check Point Smart Console instead of GAIA Web GUI."
"If you have a long ruleset, you may experience performance issues on the GUI, and installing rule changes on gateways can take a comparatively long time."
"I would like to see Check Point add more cloud management features and better integration with LAN software-defined networking."
"Technical support could be improved."
"The predefined reports are few and it would be nice to increase them since the logs are excellent."
"Its stability can be better. Their technical response from the support side can also be better."
"When it comes to their support, we have to select every single component that we want to include in a particular bundle. That is a very tedious process. T"
"I think automation and machine learning can be improved to make bulk configurations simpler, easier, and faster"
"In the cloud, the HA could be a lot better. Its price could also be better. It is very expensive."
"There are some advanced features that we aren't able to use, which include active IP authentication and app ID. We are facing challenges with implementing those two features."
"Its price can be better. They should also provide some more examples of configurations online."
"In Mexico, Palo Alto's discounts are significantly lower than Cisco's. They are also more expensive – about 15% or 20% – than Cisco, but their platforms are very similar."
"For an upcoming release, they could improve on the way to build security rules per user."
The Cisco Secure Firewall portfolio delivers greater protections for your network against an increasingly evolving and complex set of threats. With Cisco, you’re investing in a foundation for security that is both agile and integrated- leading to the strongest security posture available today and tomorrow.
From your data center, branch offices, cloud environments, and everywhere in between, you can leverage the power of Cisco to turn your existing network infrastructure into an extension of your firewall solution, resulting in world class security controls everywhere you need them.
Investing in a Secure Firewall appliance today gives you robust protections against even the most sophisticated threats without compromising performance when inspecting encrypted traffic. Further, integrations with other Cisco and 3rd party solutions provides you with a broad and deep portfolio of security products, all working together to correlate previously disconnected events, eliminate noise, and stop threats faster.
Check Point NGFW is a next generation firewall that enables safe usage of internet applications by blocking malicious applications and unblocking safe applications. Check Point NGFW, which uses deep packet inspection to identify and control applications, has features such as application and user control and integrated intrusion prevention (IPS), as well as more advanced malware prevention capabilities like sandboxing.
Check Point NGFW includes 23 firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance.
Benefits of Check Point's Next Generation Firewall
Check Point NGFW is suitable for organizations of all sizes, from small businesses to larger enterprises.
Reviews from Real Users
Check Point NGFW stands out among its competitors for a number of reasons. Two major ones are its intrusion prevention feature as well as its centralized management, which makes it very easy to deploy firewall policies to many firewalls with one click.
Shivani J., a network security administrator, writes, "Check Point has a lot of features. The ones I love are the antivirus, intrusion prevention, and data loss prevention."
G., a network administrator at Secretaría de Finanzas de Aguascalientes, writes, “Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution. The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters.”
Arun J., a senior network engineer, notes, “The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them.”
Palo Alto Networks NG Firewalls is a firewall solution designed for security teams that provides them with full visibility and control over all networks via powerful traffic identification, malware prevention, and threat intelligence technologies. In order to determine which applications, users, and content traversing the network are safe, the solution offers companies a variety of advanced security tools and strategies.
Palo Alto Networks NG Firewalls Features
Palo Alto Networks NG Firewalls has many valuable key features. Some of the most useful ones include:
Palo Alto Networks NG Firewalls Benefits
There are several benefits to implementing Palo Alto Networks NG Firewalls. Some of the biggest advantages the solution offers include:
Reviews from Real Users
Below are some reviews and helpful feedback written by Palo Alto Networks NG Firewalls users.
A Solutions Architect at a communications service provider says, “The product stability and level of security are second to none in the industry. We value the security of our client's infrastructure so these features are valuable to us. An example of a very valuable feature behind Palo Alto is the application-aware identifiers that help the firewall know what its users are trying to do. It can block specific activities instead of just blocking categories. For example, you can block an application, or all unknown applications.”
PeerSpot user Gerry H., CyberSecurity Network Engineer at a university, mentions that the solution has a “Nice user interface, good support, is stable, and has extensive logging capabilities.” He also adds, “Wildfire has been a very good feature. This solution provides a unified platform that natively integrates all security capabilities, which is 100% important to us. This is a great feature.”
Eric S., Network Analyst at a recreational facilities/services company, states, "With its single pane of glass, it makes monitoring and troubleshooting a bit more homogeneous. We are not looking at multiple platforms and monitoring management tools. It is more efficient from that perspective. It is more of a common monitoring and control system for multiple aspects of what used to be different systems. It provides efficiency and time savings."
Check Point NGFW is ranked 4th in Firewalls with 160 reviews while Palo Alto Networks NG Firewalls is ranked 5th in Firewalls with 78 reviews. Check Point NGFW is rated 9.0, while Palo Alto Networks NG Firewalls is rated 8.6. The top reviewer of Check Point NGFW writes "Centrally managed, good antivirus and attack prevention capabilities, knowledgeable support". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "Provides zero trust implementation, more visibility, and eliminated security holes". Check Point NGFW is most compared with Fortinet FortiGate, Azure Firewall, pfSense, OPNsense and Juniper SRX, whereas Palo Alto Networks NG Firewalls is most compared with Azure Firewall, Fortinet FortiGate, Meraki MX, Sophos XG and Sophos UTM. See our Check Point NGFW vs. Palo Alto Networks NG Firewalls report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.