Check Point NGFW vs pfSense comparison

Cancel
You must select at least 2 products to compare!
Cisco Logo
98,494 views|66,440 comparisons
Check Point Logo
26,639 views|18,533 comparisons
Netgate Logo
118,369 views|100,663 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Check Point NGFW and pfSense based on real PeerSpot user reviews.

Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Check Point NGFW vs. pfSense Report (Updated: November 2022).
653,522 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"It just works for us.""The management aspect of the product is very straightforward.""The Inline Mode configuration works really well, and ASA works very impressively.""I'm a big fan of SecureX, Cisco's platform for tying together all the different security tools. It has a lot of flexibility and even a lot of third-party or non-Cisco integration. I feel like that's a really valuable tool.""If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.""The initial setup was not complex.""The solution is excellent for enterprise-level networks.""I like the IPS feature, it is the most valuable."

More Cisco Secure Firewall Pros →

"The threat emulation blade and user identity awareness feature has helped us a lot in terms of perimeter security and have given us granular visibility of user access.""Check Point has a really cool GUI.""The small business hardware device was powerful and easy to set up.""My customers cite performance and ease of configuration as two of the solution's most valuable features.""Check Point NGFW generates very helpful reports based on the logs of the activated features.""It is giving us a greater reach for greater prevention and is proactively protecting our employees.""The product is very scalable.""Policy configuration has been consistent over the years, so there is not much of a learning curve as upgrades are released."

More Check Point NGFW Pros →

"The initial setup was simple and fast.""I especially like the VPN part. It works like a charm.""Some of the terminologies were more familiar to me than it was when I first encountered Cisco.""The built-in open VPN and the VPN Client Export are the solution's most valuable aspects.""Great extensibility of the platform.""The intrusion detection feature is the most valuable. It is an open-source firewall, so there is a lot of material on it. I also find the open VPN capability very nice. It is pretty customizable. The clustering and the high availability are the two biggest things to be able to get out of a firewall.""The main features of this solution are customization and ease to use.""The solution has good customization abilities and plenty of features."

More pfSense Pros →

Cons
"Cisco should work on ASDM. One of the biggest drawbacks of Cisco ASA is ASDM GUI. Cisco should improve the ASDM GUI. The configuration through ASDM is really difficult as compared to CLI. Sometimes when you are doing the configuration in ASDM, it suddenly crashes. It also crashes while pushing a policy. Cisco should really work on this.""In terms of what could be improved, I would say the UTM part should be more integrated for one price, because if you buy ASA from Cisco, you need to buy another contract service from Cisco as a filter for the dictionary of attacks. In Fortinet, you buy a firewall and you have it all.""Cisco Firepower NGFW Firewall can be more secure.""It lacks management. For me, it still doesn't have a proper management tool or GUI for configuration, logging, and visualization. Its management is not that easy. It is also not very flexible and easy to configure. They used to have a product called CSM, but it is no longer being developed. FortiGate is better than this solution in terms of GUI, flexibility, and user-friendliness.""An area for improvement is the graphical user interface. That is something that is coming up now. They could make the product more user-friendly. A better GUI is something that would make life much easier.""I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement.""On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it.""When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance."

More Cisco Secure Firewall Cons →

"There are some GUI features in Check Point's SmartConsole that are still from the old versions and are in separate/duplicated interfaces; it would be most useful if it is integrated and not on different menus.""The upgrade is something we would like to be improved in the future as the frequency of hotfixes is too much, and by the time we finish the one round, we already have the new version released and are required to upgrade.""Debugging could be improved when compared to the competition.""The firewall throughput or performance reduces drastically after enabling each module/blade.""Their technical support can be better. In addition, when we need to use it in a government environment, we face a lot of legal issues related to different types of certifications. It would be better to improve it for these issues. Check Point doesn't have a SOAR system. They work with Siemplify, but it is an integration with another vendor. It would be great if Check Point has an integrated SOAR system.""In terms of what could be improved, we have a cluster with two nodes and usually we have some problems when process gets really high and it has to choose which services it keeps going. I would like to have a better solution here, like if instead of just one we could use both at the same time. It would be good if it could work together. Then when one has a failure or something like that, the other one is there to transfer, to take all the services and keep working.""Of the areas of improvement that I want to see in this product, without a doubt, one is the technical support. In this time of globalization, with so many cyberattacks and risks, the Check Point support staff take a long time to attend to incidents due to the high demand.""The API support is good. However, Check Point needs to focus on more prepared scripts for some tiresome actions."

More Check Point NGFW Cons →

"The integration of pfSense with EPS and EDS could be better. Also, it should be easier to get reports on how many users are connecting simultaneously and how sections connect in real-time.""The user interface can be improved to make it easier to add more features. And pfSense could be better integrated with other solutions, like antivirus.""They can improve the dynamic of the input of IPs from outside.""Web interface could be enhanced and more user friendly.""The product could offer more integrated plugins.""The solution could always work at being more secure. It's a good idea to continue to work on security features and capabilities in order to ensure they can keep clients safe.""This solution is good for small businesses but it is not as stable as other competitors such as Fortinet.""The integration should be improved."

More pfSense Cons →

Pricing and Cost Advice
  • "This product is expensive."
  • "If we compare it with FortiGate and the co-existing ASA, FortiGate is better in price."
  • "They seem to be at the top end in terms of pricing, but they are worth the price. They are probably a little bit lower than Palo Alto. If the customers are relying on Cisco products and they are thinking more in terms of scaling to another layer in a year, it is pretty much in a good price range."
  • "We're using the smart license for this firewall. The models that we have require licensing for remote access."
  • "There are licensing costs."
  • "I just bought it off the shelf, and I'm using it with my previous one, so I have not spent that much."
  • "The price is fair. It's not the cheapest, but it's not bad."
  • "For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
  • More Cisco Secure Firewall Pricing and Cost Advice →

  • "The pricing is good. It is less than Palo Alto's firewalls. Check Point has the same features as Palo Alto, but the licensing and cost of these firewalls are not too expensive. It is one of the best firewalls in the market in this range."
  • "I think that the pricing is different for every organization."
  • "The cost of the pricing and licensing are okay. They are giving me a good product as far as I know. It is more expensive than Cisco, but cheaper than Palo Alto, which is fine. It has many good features, so it deserves a good price as well."
  • "They sell it in one box. In that one box, they sell Antivirus and Threat Prevention. They have everything, so we are not required to purchase additional IPS hardware for it."
  • "It is more expensive than Cisco ASA but cheaper than Palo Alto."
  • "Each blade requires that you have a license."
  • "The price of Check Point is lower than Palo Alto but higher than Cisco ASA."
  • "The price of this product is not too costly and you do not need to pay for all of the features."
  • More Check Point NGFW Pricing and Cost Advice →

  • "I spent a couple of $1,000 on hardware, and the OS was free. A comparable firewall would cost me probably 20 grand. It saved a lot of money."
  • "I like the fact that it is open-source."
  • "The pricing is lower than some of its competitors."
  • "pfSense is open-source."
  • "We are using the open-source version which is free. We are testing the solution to see if we are going to go to the enterprise version which requires a license and is not free."
  • "There is no license. You don't have to pay anything. It's completely free."
  • "It's open-source and it's free. Anything for free is good."
  • "pfSense is a free solution."
  • More pfSense Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    653,522 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer:One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet… more »
    Top Answer:It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer:I have experience on both from Disti and channel experience. Please find below my comments (nothing new as such)… more »
    Top Answer:Azure Firewall is easy to use and provides excellent support. Valuable features include integration into the overall… more »
    Top Answer:The central management console has helped with segregation, where planned interventions with management consoles do not… more »
    Top Answer:You don't really specify what type of router you are looking for but if you are talking about a gateway router I… more »
    Top Answer:Fortinet’s Fortigate is a firewall solution we use and are very much satisfied with its performance. We find Fortigate… more »
    Top Answer:Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and… more »
    Comparisons
    Also Known As
    Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
    Check Point NG Firewall, Check Point Next Generation Firewall
    Learn More
    Cisco
    Video Not Available
    Netgate
    Video Not Available
    Overview

    Cisco Secure Firewall is a suite of Cisco ASA Firewall and Cisco Firepower NGFW Firewall among other Cisco products. 

    Anticipate, act, and simplify with Secure Firewall

    With workers, data, and offices located all over, your firewall must be ready for anything. Secure Firewall helps you plan, prioritize, close gaps, and recover from disaster—stronger.

    Turn intent into action

    Unify policy across your environment and prioritize what’s important. Having security resilience is about shoring up your architecture against threats and using automation to save time.

    Achieve superior visibility

    Regain visibility and control of your encrypted traffic and application environments. See more and detect more with Cisco Talos, while leveraging billions of signals across your infrastructure with security resilience.

    Drive efficiency at scale

    Only Secure Firewall includes license entitlement for Cisco SecureX, our open orchestration and XDR platform. The combination increases productivity across your teams and hybrid environments, while reducing threat dwell times.

    Make zero trust practical

    Secure Firewall makes a zero-trust posture achievable and cost-effective with network, microsegmentation, and app security integrations. Automate access and anticipate what comes next.

    Check Point NGFW is a next generation firewall that enables safe usage of internet applications by blocking malicious applications and unblocking safe applications. Check Point NGFW, which uses deep packet inspection to identify and control applications, has features such as application and user control and integrated intrusion prevention (IPS), as well as more advanced malware prevention capabilities like sandboxing.

    Check Point NGFW includes 23 firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance.

    Benefits of Check Point's Next Generation Firewall

    • Robust security: Check Point NGFW delivers the best possible threat prevention with SandBlast Zero Day protection. The SandBlast protection agent constantly inspects passing network traffic for exploits and vulnerabilities. Suspicious files are then emulated in a virtual sandbox in order to detect and report malicious behavior.

    • Security at hyperscale: On-demand hyperscale threat prevention performance provides cloud level expansion and resiliency on premises.

    • Unified management: Check Point's SmartConsole makes it easy to manage and configure network security environments and policies. With the SmartConsole, users can manage all the firewall gateways and access logs and install databases from one location. Unified management control across the network increases the efficiency of security operations and reduces IT costs.
    • Continuous logging: Check Point NGFW’s Threat Management feature detects vulnerabilities and logs them. Using the logged data, users can easily create and implement efficient security policies.

    • Remote access: The remote access VPN provides a seamless connection for remote users.

    Check Point NGFW is suitable for organizations of all sizes, from small businesses to larger enterprises.

    Reviews from Real Users

    Check Point NGFW stands out among its competitors for a number of reasons. Two major ones are its intrusion prevention feature as well as its centralized management, which makes it very easy to deploy firewall policies to many firewalls with one click.

    Shivani J., a network security administrator, writes, "Check Point has a lot of features. The ones I love are the antivirus, intrusion prevention, and data loss prevention."

    G., a network administrator at Secretaría de Finanzas de Aguascalientes, writes, “Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution. The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters.”

    Arun J., a senior network engineer, notes, “The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them.”

    pfSense is a free and open-source operating system for routers and firewalls, and is typically configured as DHCP server, DNS server, WiFi access point, VPN server, all running on the same hardware device. It is operated through a user-friendly web interface, making administration easy even for users with limited networking knowledge.

    In addition, pfSense is feature-rich, has a mature platform, is customizable, is flexible by design, and can be used on a small home router as well as run the entire network of a large corporation. pfSense puts you in control of your networking, is regularly updated, and works to promptly patch security issues. pfSense has recently become the favored alternative to the industry leader, Cisco.

    pfSense is:

    • Robust
    • Powerful
    • Easy to use
    • Secure
    • Scalable

    pfSense Key Features

    pfSense has many key features and capabilities, including:

    • Strength and accuracy: pfSense is able to always follow either default or custom rules, making it a stronger firewall than some of its competitors. It also filters traffic separately, whether it’s coming from your internal network of devices or the open internet, allowing you to set different rules and policies for each.

    • Flexibility: pfSense can work both as a basic firewall and as a complete security system because it gives you the flexibility to integrate additional features as code where necessary.

    • Open-source: Because it is open-source, not only is pfSense free to use, but community members can contribute to the code to make it a better software.

    • User-friendly: Usually firewall products are not user-friendly because they often include complex settings, options, and features that require fine-tuning. pfSense’s interface is simple, direct, and easy to use.

    • WireGuard Support: Instead of building your own VPN using pfSense, or settling for a commercial VPN provider, you can directly integrate WireGuard with the pfSense firewall.

    • Speed Management and Fault Tolerance: pfSense’s multi-WAN feature allows your system to continue operating in case components fail.

    • Well-supported: pfSense regularly has security and feature updates. It also has a documentation site and a well-informed and knowledgeable support forum.

    Reviews from Real Users

    Below is some feedback from PeerSpot Users who are currently using the solution.

    Bojan O., CEO at In.sist d.o.o., says, “The classic features, such as content inspection, content protection, and the application-level firewall, are the most important."

    Another PeerSpot user, a chef at a media company, explains what he finds most valuable about pfSense: "The plugins or add-ons are most valuable. Sometimes, they are free of charge, and sometimes, you have to pay for them, but you can purchase or download very valuable plugins or add-ons to perform internal testing of your network and simulate a denial-of-service attack or whichever attack you want to simulate. You can also remote and monitor your network and see where the gap is."

    T.O., a VP of Business Development at a tech services company, mentions, "What I found most valuable is the cost of the platform, the flexibility of the platform, and the fact that the ongoing fees are not there as they are with the competitor."



    Offer
    Learn more about Cisco Secure Firewall
    Learn more about Check Point NGFW
    Learn more about pfSense
    Sample Customers
    There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
    Control Southern, Optimal Media
    Nerds On Site Inc., RKC Development Inc., Expertech, Fisher's Technology, Ncisive, Consulting, CPURX, Vaughn's Computer House Calls, Imeretech LLC, Digital Crisis, Carolina Digital Phone, Technigogo Technology Services, The Simple Solution, SwiftecITInc, Rocky Mountain Tech Team, Free Range Geeks, Alaska Computer Geeks, Lark Information Technology, Renaissance Systems Inc., Cutting Edge Computers, Caretech LLC, GoVanguard, Network Touch Ltd, P.C. Solutions.Net, Vision Voice and Data Systems LLC, Montgomery Technologies, Techforce, Concero Networks, ASONInc, CPS Electronics and Consulting, Darkwire.net LLC, IT Specialists, MBS-Net Inc., VOICE1 LLC, Advantage Networking Inc., Powerhouse Systems, Doxa Multimedia Inc., Pro Computer Service, Virtual IT Services, A&J Computers Inc., Envision IT LLC, CommunicaONE Inc., Bone Computer Inc., Amax Engineering Corporation, QPG Ltd. Co., IT 101 Inc., Perfect Cloud Solutions, Applied Technology Group Inc., The Digital Sun Group LLC, Firespring
    Top Industries
    REVIEWERS
    Financial Services Firm16%
    Comms Service Provider13%
    Computer Software Company9%
    Government8%
    VISITORS READING REVIEWS
    Comms Service Provider21%
    Computer Software Company19%
    Government7%
    Educational Organization5%
    REVIEWERS
    Financial Services Firm25%
    Computer Software Company15%
    Comms Service Provider8%
    Government6%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Comms Service Provider19%
    Financial Services Firm8%
    Government7%
    REVIEWERS
    University12%
    Marketing Services Firm10%
    Comms Service Provider10%
    Manufacturing Company6%
    VISITORS READING REVIEWS
    Comms Service Provider27%
    Computer Software Company15%
    Government8%
    Educational Organization5%
    Company Size
    REVIEWERS
    Small Business36%
    Midsize Enterprise24%
    Large Enterprise40%
    VISITORS READING REVIEWS
    Small Business28%
    Midsize Enterprise19%
    Large Enterprise53%
    REVIEWERS
    Small Business28%
    Midsize Enterprise19%
    Large Enterprise53%
    VISITORS READING REVIEWS
    Small Business24%
    Midsize Enterprise20%
    Large Enterprise56%
    REVIEWERS
    Small Business70%
    Midsize Enterprise17%
    Large Enterprise13%
    VISITORS READING REVIEWS
    Small Business29%
    Midsize Enterprise21%
    Large Enterprise51%
    Buyer's Guide
    Check Point NGFW vs. pfSense
    November 2022
    Find out what your peers are saying about Check Point NGFW vs. pfSense and other solutions. Updated: November 2022.
    653,522 professionals have used our research since 2012.

    Check Point NGFW is ranked 4th in Firewalls with 160 reviews while pfSense is ranked 3rd in Firewalls with 54 reviews. Check Point NGFW is rated 9.0, while pfSense is rated 8.6. The top reviewer of Check Point NGFW writes "Centrally managed, good antivirus and attack prevention capabilities, knowledgeable support". On the other hand, the top reviewer of pfSense writes "Feature-rich, well documented, and there is good support available online". Check Point NGFW is most compared with Fortinet FortiGate, Palo Alto Networks NG Firewalls, Azure Firewall, OPNsense and Juniper SRX, whereas pfSense is most compared with OPNsense, Fortinet FortiGate, Sophos XG, Untangle NG Firewall and Juniper SRX. See our Check Point NGFW vs. pfSense report.

    See our list of best Firewalls vendors.

    We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.