Coming October 25: PeerSpot Awards will be announced! Learn more
Buyer's Guide
Firewalls
September 2022
Get our free report covering Microsoft, Cisco, Fortinet, and other competitors of Palo Alto Networks VM-Series. Updated: September 2022.
634,775 professionals have used our research since 2012.

Read reviews of Palo Alto Networks VM-Series alternatives and competitors

User
Top 20
Scalable with seamless failover capabilities and excellent logging functionality
Pros and Cons
  • "The failover from one device to the other has been seamless and we find that we do not lose ongoing SIP calls or Teams chats."
  • "We find the GUI to be wrong and the CLI doesn't always show all of the connections."

What is our primary use case?

We needed to replace our external firewall solution as we were having issues with the HTTPS inspection on our previous solution and the level of support being provided was terrible, leaving us with an issue that could not be fixed for over six months. 

We had already deployed a new internal firewall solution but needed something that would protect that from external factors. We also needed a new solution to replace our client VPN solution. The Check Point solution gave us that as one whole solution instead of having to manage multiple services.

How has it helped my organization?

Our policy is to deny all outbound traffic unless we allow it, which can generate a lot of work to build a rule base that allows everything we need to get out. 

This solution has made managing connections out to the web much better due to the categorisation and app control that is available. Being able to say certain apps and services are allowed out, instead of finding all the relevant IPs, has massively reduced the workload. The ability to manage the Client VPN and relevant rules for that in the same location has also improved the way we work. Having links into AD for group membership recognition and having rules based around this has been very useful in improving the way remote users can access the network.

What is most valuable?

Logging has been excellent. Being able to see all logs from all the various firewalls at different sites in one window has made fault finding much easier. We can see how the traffic is moving through the sites and on which firewall. 

It has also been easy to see machines that may have had infections as we can report easily on devices trying to talk out to sites and services that are known to be dangerous. We have these set up as an HA pair on our main site and we have a lot of audio and video services that go out over the web. 

The failover from one device to the other has been seamless and we find that we do not lose ongoing SIP calls or Teams chats. 

What needs improvement?

The functionality of the S2S VPN service has been temperamental for us at times and is not always simple to manage or check the state of. 

We find the GUI to be wrong and the CLI doesn't always show all of the connections. 

From a general usability point of view, if you have not used Check Point before, the learning curve is steep. Perhaps managing and configuring the devices could be streamlined for people with less experience so that they can pick it up quicker. There needs to be extra wizards for the out-of-the-box builds.

For how long have I used the solution?

I've used the solution for six months.

What do I think about the stability of the solution?

On the firewall side and content filtering side of the solution, it has been faultless. There has been no real downtime to note and the access to the web via relevant rules has always worked as expected.

What do I think about the scalability of the solution?

We have a fairly small setup in the grand scheme of things, however, from what we have seen, the ability to add in new firewalls or increase the hardware spec seems very good and it would be easy to transition from older to newer hardware when the time comes.

How are customer service and support?

Due to the support model we signed up for, we don't deal directly with Check Point support. We deal with the vendor first and they will deal with any 1st/2nd and even most 3rd priority issues. They would then go to Check Point if they need more assistance on our behalf. The level of support and responsiveness of their support has been excellent. We're always getting at least a response within a few hours, even on a P3/P4 issue.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did have another solution, but due to an issue with the HTTPS inspection that the manufacturer was not able to properly rectify or fix for 6 months, we lost faith in their ability to provide adequate support going forward for any issues we might come across. 

How was the initial setup?

The setup was complex due to the nature of the Check Point firewalls and us having to make some config setup in one portal and others on the CLI. We also had to arrange the rule base via the management console. There could be 3 different places you need to make various changes. We also used private microwave links as redundancy for VPN connections and that had caused significant issues in getting set up as the link selection did not cooperate at first.

What about the implementation team?

We implemented via a vendor and I have to say their level of expertise was brilliant. Every question we threw at them, they were able to provide an answer to. 

What was our ROI?

It was not the cheapest solution to go for, but the amount of admin time that has been saved by the use of Check Point firewalls has definitely given us a great return, giving us more time to work on other aspects of our network. Also, being able to consolidate 2 solutions (Firewall and Client VPN) into one solution has saved more money and admin time. 

What's my experience with pricing, setup cost, and licensing?

We found that Check Point was very flexible with its pricing. We were looking at a spec of hardware in other solutions. We found that Check Point did not have a direct competitor, but to help with the bid, they managed to reduce the costs of their higher-spec hardware to make it competitive with the other solutions we were looking at. It's not our fault they did not produce the hardware of a similar spec. It's up to them to try and provide a solution that would make it a competitive solution. 

Which other solutions did I evaluate?

We looked at several other solutions in including Palo Alto at the top of the market and Sophos XG further down.

What other advice do I have?

I would say as good as the solution is, if you are looking to get the most out of it, you should look to get a company or consultant who knows the Check Point solution inside out to assist with the setup. We found a partner who specialized in Check Point and we would not have been able to get it to the stage we have without them.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manuel Gellida - PeerSpot reviewer
Owner at Dinamica en Microsistemas de Informatica, S.A. de C.V.
Reseller
Top 5
Easy to use and deploy with an improved pricing structure in place
Pros and Cons
  • "The initial setup is pretty easy."
  • "They need to allow their solution to integrate with other products and not just other Sophos solutions."

What is our primary use case?

My clients are mostly based in the government. They are my core clients. I install the solution for my clients.

What is most valuable?

The solution is very easy to use. 

Of course, we have the skills, however, it's very easy for us to deploy the solution. That's one of the valuable features. 

They have a communication between the endpoint and the firewall which is very, very useful for security purposes.

Pricing is now pretty good. They changed the pricing structure a few months ago.

The initial setup is pretty easy.

What needs improvement?

The integration could be a bit better. They need to allow their solution to integrate with other products and not just other Sophos solutions.

Sophos has a feature that in my opinion is very limited. They don't have enough VPNs on their models. They have the XG 750, which is a sizeable appliance. On those models, they used to have not enough VPNs. They always were short on that area. 

Pricing used to be very bad, however, they've adjusted their strategy recently. 

The product needs to improve its marketing in Mexico. It's not a well-recognized product in our country.

The solution's technical support is very bad.

There is an overall lack of documentation in relation to features and capabilities. We need these to help explain aspects of the solution to our clients. 

For how long have I used the solution?

I've used the solution since around 2014. I have about six years of experience at this point. It's been a while. I've definitely worked with the product in the last 12 months.

What do I think about the stability of the solution?

The solution is quite stable. There are no bugs and glitches. It doesn't crash and freeze. It's quite reliable. We don't have problems with it.

What do I think about the scalability of the solution?

The solution is very scalable. It is not a problem. Sometimes we have issues when we are trying to do something with a different traditional version of hardware as sometimes the new hardware has more ports. However, if we are talking about scalability in a huge customer, we can do it very easily. 

Mexico is very different than other countries and continents as here, when we say it's a big customer, we are talking about 2,000 to maybe 3,000 users. There aren't too many large-scale operations in the country. However, in general, for our area, we tend to deal with large-scale companies.

For a company that has maybe 1,000 users, Sophos seems to work very well. We have one operation with 10,000 endpoints and it is working quite well.

How are customer service and technical support?

Technical support from Sophos is very bad.

Sometimes we lose a project due to the fact that we need to solve some issues or answer questions. Things that may be technical but also involve the administrative side. I'm talking about licensing and the capabilities of the feature. We need some documentation, something we can show clients. They can better in those cases. They can either help us or supply us with what we need. 

In response time, they are terrible. In the area of technical knowledge, they are getting better, however, they aren't where they need to be. Right now, we are not satisfied with the level of support provided.

How was the initial setup?

The initial setup is not complex. However, here in Mexico, it's very complex to sell the product. The brand is not as well known.

That said, the process is pretty straightforward. 

The deployment times vary. It depends on the end-user and what they need. Sometimes, it's easy as they don't have too many policies. The more policies they have, the longer it takes.

In other cases, clients may have a lot of VPNs. We have to work on those VPNs, and we have to do a lot of routing. However, that depends on the customer. Not all are like that.

For one appliance, you just need one person for deployment and maintenance. If we are working a lot of VPNs, we would have to use more people. We need to involve maybe two or three individuals and re-apply the configuration in that case. 

What about the implementation team?

We handle the installation process ourselves. We do not need the assistance of consultants.

What's my experience with pricing, setup cost, and licensing?

The pricing has recently changed on Sophos. Their licensing and cost structures are much more clear now. It's much better than it was.

Which other solutions did I evaluate?

Clients, in many cases, evaluate for Check Point, Forcepoint, and sometimes Fortinet. Occasionally, they may look at SonicWall, or Palo Alto however, the others are the main big competitors. 

Palo Alto is very expensive as are Check Point and Forcepoint. That's why we sometimes win the projects. We find Fortinet, is very, very hard to beat as they have a lot of market share, have a lot of marketing. Sophos doesn't have that presence, that marketing. Also, when you have to think about prices, Fortinet gives customers everything and it's hard to beat.

The biggest issue I've found with Sophos is the small number of VPNs that we can do compared to a similar appliance with Fortinet or in the same level center. In fact, many other brands offer more VPNs than Sophos.

What other advice do I have?

I'm a Sophos reseller.

We use multiple versions. We have worked with XG 460 and XG 135 and some others -such as XG 230. In those cases, sometimes it has been Rev 1 and in other cases Rev 2 in terms of the hardware versions.

I mostly work with on-premise deployments. The only item I have installed in the cloud is an email solution by Sophos.

I'd recommend the solution to other organizations. Overall, I would rate it at a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Amar Patil - PeerSpot reviewer
Security Engineer at Hitachi Systems, Ltd.
Real User
Top 20
Secure, performs well and easy to manage
Pros and Cons
  • "The management console is pretty simple, so anyone who understands networking can initially deploy the solution."
  • "Currently, FortiGate is providing SSL VPN. But they're missing some features that are available in Palo Alto's SSL VPN."

What is our primary use case?

Most organizations use the Fortinet firewall as perimeter security at the gateway level.

How has it helped my organization?

FortiGate has threat protection, antivirus, and even SSL encryption and decryption. So FortiGate is primarily used for security purposes. And a few customers also use this firewall for web filtering and application control. So these are the two features for which people use FortiGate.

What is most valuable?

FortiGate is primarily a gateway,  but customers also use web filter threat protection and application control. And some people use it as a special VPN for remote access. I recently deployed one virtual firewall where they're only using the FortiGate firewall for VPN. I can't say one feature is the most valuable because it's a bundle solution. So no one uses FortiGate for just one single feature. 

What needs improvement?

Currently, FortiGate is providing SSL VPN. But they're missing some features that are available in Palo Alto's SSL VPN. Palo Alto provides a compliance check along with the VPN, and they have a very broad checklist. So Palo Alto's global protection can scan and check multiple things, and we can choose what access users can have based on compliance with policies. So I think this is one area where FortiGate can improve. Also, multi-factor authentication isn't native to FortiGate. If you want to incorporate multi-factor authentication, you have to add a secondary or third-party solution. 

For how long have I used the solution?

I've been using FortiGate for around five years.

What do I think about the stability of the solution?

Before version 6.0, FortiGate's firewall performed well enough, but lately, they've introduced so many features. After that, its stability has been somewhat lacking. This is because they're constantly updating their firmware. So it was pretty stable, but nowadays, it's not that stable.

What do I think about the scalability of the solution?

I haven't worked on the scalability side because most of the time, the pre-sales tools are relatively bigger devices. So right now, I haven't faced any issues with scalability. They have some larger devices for the data center. So if we talk about their hardware, I think they're capable of handling around 10,000 to 15,000 people on a single device. But if you go with the virtual environment, I don't think there is a problem. Fortinet has a single OS that we can deploy on whatever hardware capacity we want to configure over there or through virtualization.

How are customer service and support?

Fortinet support is good. They resolve tickets relatively fast. So we've had no issues with that. And I don't know about other regions, but in my region, the salespeople working with Fortinet are strong. They're aggressively working on the sales part. So in the Pune region and the rest of Maharashtra, they're winning more contracts, and people are using FortiGate Firewall.

How was the initial setup?

The management console is pretty simple, so anyone who understands networking can initially deploy the solution. But you need some good hands-on experience for advanced configuration. The amount of time required to deploy depends upon the project and also the organization. So it takes around four to five days to deploy a smaller device. And for the largest device, it takes around a maximum of two months. We do the deployment on our own. So we have a sales team, a pre-sales team, and a deployment team. Our sales team gets this and handles the sales end. After that, we come into the picture. So we do the whole migration, as well as the new implementation and everything. It should take no more than two people to deploy. If we want to migrate from one Fortinet device to another, then we use the command line. They have some script in their firmware, and we can migrate the script directly from the older firewall to the new one. So it isn't too complex.

What's my experience with pricing, setup cost, and licensing?

I'm somewhat aware of the pricing, but most of the time, the pre-sales staff only defines their requirements. And we get the licenses at the time of implementation, then register and activate them. But I think Fortinet has multiple packages. They sell licenses for a period of one, three, or five years. They also have special add-on licenses for various things. So, for example, if you want to get a security rating for the firmware configuration and everything, you need to purchase an additional security license. And if you want to do some IoT-related security, you also need to purchase separate licenses. 

What other advice do I have?

I rate FortiGate eight out of 10 based on the performance, stability, performance, management, rights, and features. So most people lack SSL encryption and the certificate part. Those servers are running behind the FortiGate firewall. And most of the people I've seen are not using SSL encryption over there. And even for internet purposes, they're not using deep scanning.  So my suggestion to people thinking about using FortiGate is to prepare a plan before implementation and implement those things in inbound inspection and outbound inspection. This is recommended. And also, if you have multiple band links, then you must use SD-WAN. They have SD-WAN options in the FortiGate firewall. It's a pretty good feature. So you can use that to improve your stability and performance.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
CEO and SISO at IONBAY Consulting Servises
Real User
Easy to manage with good web filtering and good security
Pros and Cons
  • "For ten to 12 years it has been quite secure."
  • "Real-time threat monitoring is not there."

What is our primary use case?

We primarily use the solution for basic access, filtering, and more. 

We have set up the IPsec VPN through that. It's a UTM device.

What is most valuable?

It's easy to manage, actually. It's a UTM device rather than a normal firewall as compared to Cisco PIX, or Juniper. 

The web filtering is a key feature of almost every firewall. However, this appliance is more secure, reliable, and stable. We haven't had any problems, so far.

For ten to 12 years it has been quite secure.

It's scalable.

Policy management is very easy, and configuration is very easy as well. 

The support is also good.

What needs improvement?

Real-time threat monitoring is not there. The traffic hitting the firewall needs to be improved to have real-time monitoring. Traffic should be more visible and should be available on the dashboard. Even if something is blocked, we should be able to see the traffic. We need a security posture showing the organization's security posture to see the traffic hitting the firewall, the user or entity behavior, et cetera. If there's an abnormality, it should be reported. We need to be able to generate multiple reports and see everything in the logs. Logs are only available for a week; we should have them visible for up to three or six months or even a year.  

It can be a bit expensive.

If you have an emergency and need support immediately, it can be hard to reach them as they don't have a direct number to call. 

For how long have I used the solution?

I've been working with the solution since 2007.

What do I think about the stability of the solution?

This is reliable, stable, and problem-free. There are no bugs or glitches. It doesn't crash or freeze. I'd rate the product five out of five in terms of stability.

What do I think about the scalability of the solution?

It is a scalable solution. It's easy to expand. That said, appliance to appliance, there is a limitation. However, I would rate it four out of five in terms of scaling capability. 

Our organization has 400 to 500 people on the solution right now. There's another organization as well that has 300 people using it. Overall, 10,000 or more people are likely using it across 2,000 locations. Every location has one or two firewalls to make it redundant in a failover mode. If one fails or one stops working, the other will take over. That never happens, however, it ensures we're safe and covered.  

How are customer service and support?

Technical support is great. They are helpful and responsive. 

We have to send emails to get assistance. The response time is good, however, if something is an emergency, then it is difficult to reach people. There is no number to call to get help right away. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

I have previous experience with Palo Alto and Juniper. We also have used Cisco.

I didn't choose Fortinet. It was already being used when I came along. It was a standard practice to use Fortinet across locations worldwide. 

How was the initial setup?

The initial setup is not complex. It's very straightforward and quite simple. 

It has an easy initial setup process. Three people we involved in the setup process.

We first set up the basic policy, and then we did an IPsec VPN, and then, based on the access requirement of each business vertical, we manage the setup. We define the access website URLs that will be restricted or allowed, including port blocking, et cetera.

The time it takes to set up varies. Sometimes it's a night or a few hours, sometimes it's up to ten days. A basic setup will not take one or two hours.

What about the implementation team?

We handled the process of implementation in-house. We did not need outside assistance.

What was our ROI?

We have not done an ROI calculation to see if there is anything there to note. 

What's my experience with pricing, setup cost, and licensing?

We pay a yearly licensing fee, however, in India, you can get licensing for up to two years. It is a bit expensive. That said, I haven't done a comparative analysis with other options on the market.

I'd rate it a four out of five in terms of affordability.

What other advice do I have?

We're Fortinet clients. 

We are using the latest version of the solution. 

We are using Fortinet 60D, 80E, and 100 also.

I'd rate this solution nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Network Administrator at a government with 201-500 employees
Real User
Top 20
The features are so limited that it's pretty much a protocol-filtering product
Pros and Cons
  • "Azure's cost-effectiveness is its major advantage."
  • "Azure Firewall definitely needs a broader feature base. It should be able to go all the way up to layer 7 when looking at applications and things like that."

What is our primary use case?

When we started using Azure Firewall, we learned quickly that it couldn't do much. As I remember, it was essentially a layer 3 or layer 4 firewall that couldn't distinguish recognized applications and things like that. But it was inexpensive compared to the Palo Alto stuff we were looking at, so we wound up staying with the firewall. Mainly it was just inspecting ports between virtual machines.

What needs improvement?

Azure Firewall definitely needs a broader feature base. It should be able to go all the way up to layer 7 when looking at applications and things like that. It needs to be comparable to what you would get from Cisco, Palo Alto, Checkpoint, or any of those guys. If it's going to be a firewall, it needs to be competitive. From a security standpoint, it's not any better than loading an IP table in a Linux box. In fact, Linux may even be better in that sense

For how long have I used the solution?

I've been using Azure Firewall for probably about a year.

What do I think about the scalability of the solution?

Azure Firewall wasn't scalable at all, but it did what it's supposed to do.

How are customer service and support?

I honestly don't remember interfacing a lot with Azure support. I think that we were dealing with a third party, maybe. But I've been dealing with AWS for the last year, and it's a totally different experience in a good way. Their support is outstanding.

How was the initial setup?

Setting up Azure Firewall was easy because all you were doing was configuring source, destination, port, and action. However, there was something weird. You have to number your rules set, and depending on your numbering system, that's how you would have to apply the filtering of the logic of the policy. And in that sense, it's a little bit quirky. I don't think that most firewalls work that way. It just reads the policy, and the algorithm is based on it filtering down through the policies until it hits a truth or a match. And then it makes a decision based on that.

What's my experience with pricing, setup cost, and licensing?

Azure's cost-effectiveness is its major advantage. 

Which other solutions did I evaluate?

Each company will prioritize what it wants to work on. Azure may outperform AWS in some areas, but after working with the two platforms for roughly the same amount of time, I've found AWS friendlier and more sophisticated overall. AWS just seems to be a better platform for me, honestly.

What other advice do I have?

I would rate Azure Firewall one out of 10. I give it the worst rating because security is so important. However, it depends on your security goals. But you have to look at what's out there and what you typically get out of a box. Even for a cheap application for your computer, Azure Firewall just isn't delivering. It doesn't have any personality at all or functionality even. I definitely wouldn't recommend it to anyone, but I would have to go back and visit it because it's been a year now. The features are so limited that it's pretty much a protocol-filtering product. 

Honestly, I think any serious security-minded entity will bypass Azure Firewall and look at some of the images from the third parties. I guess it's suitable for small outfits that aren't serious about security but want some basic protection. By the time I walked away, I  had spent a lot of hours on it, and I spent more time in my job trying to find a solution and pick the right one. I did everything to learn the firewall's feature set. I finally talked with someone at Microsoft who said, "We know what you want and what you're trying to do, but we're just not there yet."

They just told me to stay tuned. I got the impression Azure Firewall is a very immature product that would probably improve over time. But, at that moment, I didn't think it was unready. It's just that products are trying to achieve different things. You can't have all the horses in all places. It's one of those things where I felt like it would have to be some acquisition or complete outsourcing of the security component to somebody specialized in the area who can sell it as a firewall.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Firewalls
September 2022
Get our free report covering Microsoft, Cisco, Fortinet, and other competitors of Palo Alto Networks VM-Series. Updated: September 2022.
634,775 professionals have used our research since 2012.