We are trying to choose between Fortinet and Checkpoint UTM firewalls and we're looking for information on these products. We plan to replace Websense with either solution.
We are looking for info regarding manageability of features and support. We plan to turn on IPS, FW, anti-virus, URL filtering and application control. We also will have a need for VPN features like site to site and SSL as well as IPSec.
Thanks.
Update on this posting
We went with Fortinet based on features and price. The SSL VPN was more flexible than the other solutions. We also went with the FortiSandbox appliance to mitigate zero day viruses
more advantages with Fortigate :
Fortitoken for two factor AUTH . FortiAp accespoints managed thru Fortigate . Forticloud for audit& reporting .IPS&DOS limit thresholds , etc
Hi,
I've been working with gateprotect UTM recently. It's cost effective and much easy to work with compared to Fortinet and Checkpoint UTM.
http://www.gateprotect.com/en/Products/easy-use-eGUI
With the quick guide packed with screen shots, and clear simple instructions, you'll get to know how easy and simple it is to get the gateprotect UTM up and running in no time.
http://www.gateprotect.de/landing/start/start-en.html
Also note gateprotect UTM has been identified as a top choice for SMB in Gartner UTM firewall survey, which makes it a reliable product/solution.
http://www.gateprotect.com/en/gateprotect-identified-top-choice-small-medium-sized-businesses-gartner-utm-firewall-survey-0
http://www.gateprotect.com/en/gateprotects-positioning-gartner-magic-quadrant
Go for checkpoint
regards
kapil yadav
Hi
Both options are good but i would recommend the Cyberaom as i have had a
chance to work with it before.
Other options is Cisco Ironport .
Regards
Brian
Hi Russell,
I advise you to go with Sophos if not I advise you to go with Fortinet.
Did you ask your team to check Sophos demo I sent?
Regard
Maroun Jean Abboud
Mobile : 00961 70943122
Skype :maroun_abboud1
Both devices are good. Checkpoint is one of the market leader who gives a
good UTM solution. Fortinet is cheaper when compare to checkpoint and
flexible.
You may try the Paloalto which gives more attention on zero day attacks.
Thanks & Regards /*Ramesh M*
At this point in time all of the major firewall vendors marketing Next-Gen firewalls provides similar features. I recently participated in a 2 day meeting with sales and engineers with Fortinet. I have to say Fortinet has come a long way in the last few years and am beginning to like their product more and more. In terms of feature set the two products are nearly identical.
When comparing the two vendors there a clear separation in which product focus is clear. Fortinet is a major winner in their smaller units and provide the most bang for your buck. When central management with datacenter and enterprise sized firewalls are required you will find Checkpoint is the leader. In your question you mention CheckPoint UTM. When mentioning this I immediately think of the UTM-1N (old Model) or 620 (New Model). This is a standalone unit and is in the $500.00 - $800.00 range. A comparable unit would be a Fortinet FG-30D. These are the lower end units and I would not recommend them for a solution involving the number of product blades/features you have listed. I have a FotiWifi-60D for my home and it works quite well. I have all the blades configured and enabled. In my home we have 3 sometimes 4 occupants running games and/or streaming video constantly. We average 90GB of internet traffic a month. I have found the FortiWifi-60D able to keep up with the load but at times does peak in CPU and Memory.
A major difference between Fortinet and Checkpoint is their GUI. I find the Checkpoint GUI to be much more intuitive and easier adapt to for new users. Fortinet on the other hand, excels in the CLI with a Cisco/Avaya mixed interface and help structure. Checkpoint is Linux based and almost any Linux command functions on their systems, however, there is limited tab completion and no mid command assistance.
In regards to the firewall blade aka port based firewall I do not see one vendor being better than the other. I would leave this as a preference for what you are used to and what works best for you.
I am going to lump Web Filtering, Layer7- App Filtering together. Both Fortinet and Checkpoint have powerful next-gen capabilities. Both vendors approach web filtering application filtering in a similar way. Utilizing category based URLs and Applications with recommended risk levels. Fortinet published their application/web catalogs at http://www.fortiguard.com. Checkpoint published their URL categorization at https://www.checkpoint.com/urlcat/main.htm and Application Catalog at http://appwiki.checkpoint.com/appwikisdb/public.htm. At this time I can confirm Checkpoint has 6,578 applications identified while Fortinet has roughly 3,500 (Please confirm with your sales rep on this number as I got it from their catalog’s last displayed number of applications and it could have been a display limit rather than the total identified).
I do not have experience with Checkpoint’s IPS and Antivirus in an implemented production use so I can’t provide am accurate comparison. Based on Fortinet’s demos and my experience I would say that it is a comprehensive product. Due to Fortinet’s market (Non-enterprise businesses) and their licensing model (comprehensive of all features) they have a higher rate of discovery, writing a signature, and deploying it than Checkpoint. Also if you purchase the FortiSandbox (enterprise class product) you will have a good result for zero-day attacks.
In the VPN space I currently have a preference for CheckPoint. I find that their approach is very simple, easy to understand, and reliable. Fortinet provides a Wizard based configuration for their VPN tunnels as well as a manual creation process. I find the approach to be more complicated than it needs to be.
Note on Sizing… When it comes to FortiGate if you can afford it start your specs at FG-100D. I have found the lower models to have some quirks. If you are looking for a centrally managed solution Checkpoint includes base central management with all of their models starting at 1100. If you are going to centrally manage your firewalls I would suggest purchasing a VM based Open Server for management and logging. The equivalent would be a FortiManager.
I hope this helps,
Christopher L. Butler
Christopher L. Butler CCP-Network, CCA-Netscaler
We have chosen Fortinet after a long evaluation effort, while CheckPoint was our next best option. So you can't go terribly wrong with either. The reason we chose Fortinet is that it provided us a better bang for the buck. Be careful, however, with the advertized throughput of Fortinet devices as you often get only 50-70% of the advertized value, so size your devices accordingly.
One thing to consider is that UTMs are often not as good as a dedicated product, especially when it comes to web proxies. You should carefully consider your requirements and compare them with the capabilities of the UTMs you are considering. One tricky issue we are facing is web proxies for mobile devices, and there we are considering a cloud-based web proxy solution.
As far as dollars per protection, I would say Fortinet is your solution. I found this article pretty helpful: http://www.itgweb.com/blog/the-top-10-reasons-to-choose-a-fortinet-next-generation-firewall
I would recommend either sonicwall or fortigate, but you have to allocate for size and high availability for the solution to be fully functional.
Sir,
First and foremost kindly let me know what exactly the strength of your
network is and what exactly you are trying to secure. The products which
you are going for are state of the art and also come at a price point which
might make some people think otherwise.
Some info about UTM
Typically a UTM will have these features
· Traditional Fire Wall/ Next Generation Firewall
· Intrusion detection and prevention System (IDS/IPS )
· Virtual Private Networking ( VPN )
· Content Filtering
· Gateway Malware Filtering
· Spam Filtering
· Data loss Prevention
· Vulnerability Management
The above are some of the common features which are included in almost all
the UTM devices.
Since you have already short listed Fortinet and checkpoint below are my
view points on both the companies.
Both are market leaders and have a strong presence globally. They have a
range of products from small to mid-size to enterprises networks.
Add to the fact that both of them have App for IOS and Android for VPN and
also have software’s for windows and MAC OS. (Check point only has windows
support)
https://play.google.com/store/apps/details?id=com.checkpoint.VPN
https://play.google.com/store/apps/details?id=com.fortinet.forticlient
My Personal Experience with these products says that these products are as
good as your network performance. You may buy a niche product but if your
network performance fails then it’s of no use. Also check point offer a 15
day evaluation for it latest OS called Gaia version R77. You can use it in
a virtualized environment to get the hang of it. Or you can download the
Smart Console and use it in the Demo mode to see it in action (limited
features are enabled) . Which I did not find it on the fortinet website.
Hope this helps
Thank you
Avadhoot
I dont have sufficient knowledge on checkpoint as far i concerned the checkpoint is very expensive compared to FG.
Advantages of fortigate:
1. The FortiGate can be deployed to be a NGFW, a traditional firewall, a Virtual Private Network (VPN) Terminator, and/or a Next Generation Intrusion Protection System (NGIPS).
2.Administration is very easy and straight forward via GUI or CLI.
3. UTM features are good, but a little complex since we need to be careful with the protocols and policies and there is an ON/OFF button to enable the features which comes in handy
4.All these features comes in same appliance and you dont need to go for extra slots or price.
5. VDOM which is an advantage, we can segregate different domains (eg.core or perimeter) and allocate feature separately and easy to manage.
6. Separate reports can be generated on individual VDOMS
7.Overall fortigate has very good feature and performance for the price.
The only downside is the support which is kind of slow and unavailable of engineers on the right time.
Hi,
Both OEM carried similar level feature sets and manageability options. One need to be check here is on support level you are taking from both this OEM, that should be critical part.
Another point one should keep in mind that pricing, there is the huge difference in pricing amongst both OEM. It’s something like comparing AUDI with Hyundai.
When we are talking about features such as IPS, FW, AV URL & App control and lastly IPSEC , both this support in their unique way. However when you really trying to enable IPS, look for good throughput supported for TCP protocol layer.
Thanks & Regards
Ankit Shah
Hello,
Checkpoints are the best in the terms pure firewall functionality, however if you need full fledged UTM in terms of features and modules, Forigate UTMs have many modules and enhanced features' set.
But be ware of the throughput of Fortigate as it get reduced by 75% when you turn all modules ON. So get a bit bigger box in terms of sizing.
Best,
Ayman
Checkpoint has a powerful solution. However, they have more of a piece mill approach to the multiple responsibilities of a NGFW or UTM. Fortinet has a very cohesive and easy to learn solution. Fortinet also clouts one the fastest Datacenter firewalls on the market due to their onboard acceleration. Fortinet has a full suite of addition components that can sure up your security posture as well. For example, they have a DDOS appliance as well as a Sandbox appliance.
I like Checkpoint, but for the price we were able to get a lot more for the money from Fortinet.
As a side note. If you are pricing Checkpoint, you may want to consider PaloAlto as well.
You should evaluate watchguard UTM
Includes websesnse as url filtering, same categories
I recommend to choose Fortigate Firewall.