2015-04-23T04:44:00Z
BM
Sr. ISS at a government with 11-50 employees
  • 20
  • 254

We're trying to choose between Fortinet or Checkpoint UTM firewalls. Can you help?

We are trying to choose between Fortinet and Checkpoint UTM firewalls and we're looking for information on these products. We plan to replace Websense with either solution.

We are looking for info regarding manageability of features and support. We plan to turn on IPS, FW, anti-virus, URL filtering and application control. We also will have a need for VPN features like site to site and SSL as well as IPSec.

Thanks.

Update on this posting

We went with Fortinet based on features and price.  The SSL VPN was more flexible than the other solutions. We also went with the FortiSandbox appliance to mitigate zero day viruses

17
PeerSpot user
17 Answers
it_user195018 - PeerSpot reviewer
CEO with 51-200 employees
Vendor
2015-12-16T12:54:36Z
Dec 16, 2015

more advantages with Fortigate :
Fortitoken for two factor AUTH . FortiAp accespoints managed thru Fortigate . Forticloud for audit& reporting .IPS&DOS limit thresholds , etc

Product comparison that may be of interest to you
SB
Pre-Sales / Technical Account Manager at a tech services company with 1-10 employees
Real User
2015-05-01T09:35:54Z
May 1, 2015

Hi,

I've been working with gateprotect UTM recently. It's cost effective and much easy to work with compared to Fortinet and Checkpoint UTM.
http://www.gateprotect.com/en/Products/easy-use-eGUI

With the quick guide packed with screen shots, and clear simple instructions, you'll get to know how easy and simple it is to get the gateprotect UTM up and running in no time.
http://www.gateprotect.de/landing/start/start-en.html

Also note gateprotect UTM has been identified as a top choice for SMB in Gartner UTM firewall survey, which makes it a reliable product/solution.
http://www.gateprotect.com/en/gateprotect-identified-top-choice-small-medium-sized-businesses-gartner-utm-firewall-survey-0
http://www.gateprotect.com/en/gateprotects-positioning-gartner-magic-quadrant

Vendor
2015-04-28T10:15:47Z
Apr 28, 2015

Go for checkpoint
regards 
kapil yadav

it_user226620 - PeerSpot reviewer
Systems Engineer at a tech services company
Consultant
2015-04-28T08:36:15Z
Apr 28, 2015

Hi

Both options are good but i would recommend the Cyberaom as i have had a
chance to work with it before.

Other options is Cisco Ironport .

Regards

Brian

Maroun Abboud - PeerSpot reviewer
Data Department Manager at BTC Networks
Real User
2015-04-28T06:22:10Z
Apr 28, 2015

Hi Russell,

I advise you to go with Sophos if not I advise you to go with Fortinet.

Did you ask your team to check Sophos demo I sent?

Regard

Maroun Jean Abboud

Mobile : 00961 70943122

Skype :maroun_abboud1

ramesh1923 - PeerSpot reviewer
Technical Specialist at Tata Communications
Real User
2015-04-28T04:55:06Z
Apr 28, 2015

Both devices are good. Checkpoint is one of the market leader who gives a
good UTM solution. Fortinet is cheaper when compare to checkpoint and
flexible.

You may try the Paloalto which gives more attention on zero day attacks.

Thanks & Regards /*Ramesh M*

Find out what your peers are saying about Check Point CloudGuard Network Security vs. Fortinet FortiGate and other solutions. Updated: January 2023.
670,331 professionals have used our research since 2012.
it_user221883 - PeerSpot reviewer
Network Systems Manager with 51-200 employees
MSP
2015-04-28T02:01:29Z
Apr 28, 2015

At this point in time all of the major firewall vendors marketing Next-Gen firewalls provides similar features. I recently participated in a 2 day meeting with sales and engineers with Fortinet. I have to say Fortinet has come a long way in the last few years and am beginning to like their product more and more. In terms of feature set the two products are nearly identical.

When comparing the two vendors there a clear separation in which product focus is clear. Fortinet is a major winner in their smaller units and provide the most bang for your buck. When central management with datacenter and enterprise sized firewalls are required you will find Checkpoint is the leader. In your question you mention CheckPoint UTM. When mentioning this I immediately think of the UTM-1N (old Model) or 620 (New Model). This is a standalone unit and is in the $500.00 - $800.00 range. A comparable unit would be a Fortinet FG-30D. These are the lower end units and I would not recommend them for a solution involving the number of product blades/features you have listed. I have a FotiWifi-60D for my home and it works quite well. I have all the blades configured and enabled. In my home we have 3 sometimes 4 occupants running games and/or streaming video constantly. We average 90GB of internet traffic a month. I have found the FortiWifi-60D able to keep up with the load but at times does peak in CPU and Memory.

A major difference between Fortinet and Checkpoint is their GUI. I find the Checkpoint GUI to be much more intuitive and easier adapt to for new users. Fortinet on the other hand, excels in the CLI with a Cisco/Avaya mixed interface and help structure. Checkpoint is Linux based and almost any Linux command functions on their systems, however, there is limited tab completion and no mid command assistance.

In regards to the firewall blade aka port based firewall I do not see one vendor being better than the other. I would leave this as a preference for what you are used to and what works best for you.

I am going to lump Web Filtering, Layer7- App Filtering together. Both Fortinet and Checkpoint have powerful next-gen capabilities. Both vendors approach web filtering application filtering in a similar way. Utilizing category based URLs and Applications with recommended risk levels. Fortinet published their application/web catalogs at http://www.fortiguard.com. Checkpoint published their URL categorization at https://www.checkpoint.com/urlcat/main.htm and Application Catalog at http://appwiki.checkpoint.com/appwikisdb/public.htm. At this time I can confirm Checkpoint has 6,578 applications identified while Fortinet has roughly 3,500 (Please confirm with your sales rep on this number as I got it from their catalog’s last displayed number of applications and it could have been a display limit rather than the total identified).

I do not have experience with Checkpoint’s IPS and Antivirus in an implemented production use so I can’t provide am accurate comparison. Based on Fortinet’s demos and my experience I would say that it is a comprehensive product. Due to Fortinet’s market (Non-enterprise businesses) and their licensing model (comprehensive of all features) they have a higher rate of discovery, writing a signature, and deploying it than Checkpoint. Also if you purchase the FortiSandbox (enterprise class product) you will have a good result for zero-day attacks.

In the VPN space I currently have a preference for CheckPoint. I find that their approach is very simple, easy to understand, and reliable. Fortinet provides a Wizard based configuration for their VPN tunnels as well as a manual creation process. I find the approach to be more complicated than it needs to be.

Note on Sizing… When it comes to FortiGate if you can afford it start your specs at FG-100D. I have found the lower models to have some quirks. If you are looking for a centrally managed solution Checkpoint includes base central management with all of their models starting at 1100. If you are going to centrally manage your firewalls I would suggest purchasing a VM based Open Server for management and logging. The equivalent would be a FortiManager.

I hope this helps,

Christopher L. Butler

Christopher L. Butler CCP-Network, CCA-Netscaler

it_user125364 - PeerSpot reviewer
CTO at a legal firm with 501-1,000 employees
Vendor
2015-04-28T00:39:29Z
Apr 28, 2015

We have chosen Fortinet after a long evaluation effort, while CheckPoint was our next best option. So you can't go terribly wrong with either. The reason we chose Fortinet is that it provided us a better bang for the buck. Be careful, however, with the advertized throughput of Fortinet devices as you often get only 50-70% of the advertized value, so size your devices accordingly.

One thing to consider is that UTMs are often not as good as a dedicated product, especially when it comes to web proxies. You should carefully consider your requirements and compare them with the capabilities of the UTMs you are considering. One tricky issue we are facing is web proxies for mobile devices, and there we are considering a cloud-based web proxy solution.

it_user165153 - PeerSpot reviewer
Editor/Writer at a media company with 501-1,000 employees
Vendor
2015-04-27T17:31:55Z
Apr 27, 2015

As far as dollars per protection, I would say Fortinet is your solution. I found this article pretty helpful: http://www.itgweb.com/blog/the-top-10-reasons-to-choose-a-fortinet-next-generation-firewall

it_user207945 - PeerSpot reviewer
Product Manager at a tech services company
Consultant
2015-04-27T17:18:45Z
Apr 27, 2015

I would recommend either sonicwall or fortigate, but you have to allocate for size and high availability for the solution to be fully functional.

it_user229419 - PeerSpot reviewer
User at a tech company with 51-200 employees
Vendor
2015-04-27T15:55:42Z
Apr 27, 2015

Sir,

First and foremost kindly let me know what exactly the strength of your
network is and what exactly you are trying to secure. The products which
you are going for are state of the art and also come at a price point which
might make some people think otherwise.

Some info about UTM

Typically a UTM will have these features

· Traditional Fire Wall/ Next Generation Firewall

· Intrusion detection and prevention System (IDS/IPS )

· Virtual Private Networking ( VPN )

· Content Filtering

· Gateway Malware Filtering

· Spam Filtering

· Data loss Prevention

· Vulnerability Management

The above are some of the common features which are included in almost all
the UTM devices.

Since you have already short listed Fortinet and checkpoint below are my
view points on both the companies.

Both are market leaders and have a strong presence globally. They have a
range of products from small to mid-size to enterprises networks.

Add to the fact that both of them have App for IOS and Android for VPN and
also have software’s for windows and MAC OS. (Check point only has windows
support)

https://play.google.com/store/apps/details?id=com.checkpoint.VPN

https://play.google.com/store/apps/details?id=com.fortinet.forticlient

My Personal Experience with these products says that these products are as
good as your network performance. You may buy a niche product but if your
network performance fails then it’s of no use. Also check point offer a 15
day evaluation for it latest OS called Gaia version R77. You can use it in
a virtualized environment to get the hang of it. Or you can download the
Smart Console and use it in the Demo mode to see it in action (limited
features are enabled) . Which I did not find it on the fortinet website.

Hope this helps

Thank you

Avadhoot

it_user146268 - PeerSpot reviewer
Senior Security Consultant at a integrator with 501-1,000 employees
Consultant
2015-04-27T14:08:38Z
Apr 27, 2015

I dont have sufficient knowledge on checkpoint as far i concerned the checkpoint is very expensive compared to FG.

Advantages of fortigate:

1. The FortiGate can be deployed to be a NGFW, a traditional firewall, a Virtual Private Network (VPN) Terminator, and/or a Next Generation Intrusion Protection System (NGIPS).

2.Administration is very easy and straight forward via GUI or CLI.
3. UTM features are good, but a little complex since we need to be careful with the protocols and policies and there is an ON/OFF button to enable the features which comes in handy
4.All these features comes in same appliance and you dont need to go for extra slots or price.
5. VDOM which is an advantage, we can segregate different domains (eg.core or perimeter) and allocate feature separately and easy to manage.
6. Separate reports can be generated on individual VDOMS
7.Overall fortigate has very good feature and performance for the price.

The only downside is the support which is kind of slow and unavailable of engineers on the right time.

it_user106689 - PeerSpot reviewer
Manager of Infrastructure with 51-200 employees
Vendor
2015-04-27T13:31:45Z
Apr 27, 2015

Hi,

Both OEM carried similar level feature sets and manageability options. One need to be check here is on support level you are taking from both this OEM, that should be critical part.
Another point one should keep in mind that pricing, there is the huge difference in pricing amongst both OEM. It’s something like comparing AUDI with Hyundai.

When we are talking about features such as IPS, FW, AV URL & App control and lastly IPSEC , both this support in their unique way. However when you really trying to enable IPS, look for good throughput supported for TCP protocol layer.

Thanks & Regards
Ankit Shah

Vendor
2015-04-27T12:55:57Z
Apr 27, 2015

Hello,

Checkpoints are the best in the terms pure firewall functionality, however if you need full fledged UTM in terms of features and modules, Forigate UTMs have many modules and enhanced features' set.

But be ware of the throughput of Fortigate as it get reduced by 75% when you turn all modules ON. So get a bit bigger box in terms of sizing.

Best,
Ayman

it_user154449 - PeerSpot reviewer
User at a government
Vendor
2015-04-27T12:37:34Z
Apr 27, 2015

Checkpoint has a powerful solution. However, they have more of a piece mill approach to the multiple responsibilities of a NGFW or UTM. Fortinet has a very cohesive and easy to learn solution. Fortinet also clouts one the fastest Datacenter firewalls on the market due to their onboard acceleration. Fortinet has a full suite of addition components that can sure up your security posture as well. For example, they have a DDOS appliance as well as a Sandbox appliance.

I like Checkpoint, but for the price we were able to get a lot more for the money from Fortinet.

As a side note. If you are pricing Checkpoint, you may want to consider PaloAlto as well.

it_user201144 - PeerSpot reviewer
Gerente de Servicios y Proyectos
Vendor
2015-04-27T12:37:14Z
Apr 27, 2015

You should evaluate watchguard UTM
Includes websesnse as url filtering, same categories

it_user195018 - PeerSpot reviewer
CEO with 51-200 employees
Vendor
2015-04-27T12:36:44Z
Apr 27, 2015

I recommend to choose Fortigate Firewall.

Related Questions
FF
User at PT. Manunggal Integrasi Sejahtera
Jan 27, 2023
Hello peers,  I work at a small tech company and am researching firewalls. Which solution do you prefer: Juniper SRX4200 or FortiGate 1800? Can you please compare the two solutions? Thank you for your help.
See 1 answer
ST
Technical Specialist - Head of Presales at Artha Mitra Interdata
Jan 27, 2023
Hi Fahrorozi,If I have to choose between these two, I will choose FG 1800Reasons:1. More flexible ports to use from 1G to 40G2. Include SSL VPN / client VPN for users3. Have better Web management than SRX.4. From datasheet some of the throughput also larger (IPv4 FW throughput, Max Session, Max Policies, etc)But you need to know what you need for your company.- Maybe you only need 10G interface instead of 1G- Maybe you dont need the SSL VPN / Client VPN- You also don't need a large throughput.Hope this help.
Guillermo Read - PeerSpot reviewer
Advisory Engineer - Telecommunications Solution Design at Claro RD
Jan 20, 2023
Hello community, I am an Advisory Engineer at a large comms services company. I am currently researching Fortinet's firewall solutions. Which Fortinet firewall model is the equivalent of Sophos XG 450? Thank you for your help.
2 out of 3 answers
CR
Director at REDCO
Jan 20, 2023
According to the datasheet, it can be the 400F, but I almost think that with 200F it can work without a problem, the detail is that XG is the previous generation. At the moment, they are the XGS of SOPHOS.
William Yragui - PeerSpot reviewer
President at infobond
Jan 20, 2023
The XG 450 supports 2 10Gb SFP+ slots and 8 GE ports. A Fortinet FG200F supports 4 10Gb SFP+ slots, 8 GE SFP slots, and 18 GE ports. A Fortinet FG400F supports 8 10Gb SFP+ slots, 8 GE SFP slots, and 18 GE ports. Barebones the Sophos XV 450 carries a list price of $11,823, whereas an FG200F costs $5,544, and the FG400F, $11,523.  What I look for is the ability of a firewall to decrypt SSL sessions. Given that 80% or more of your network traffic will be encrypted, the firewall has to be able to decrypt packets to find malware. The Sophos XG 450 can inspect 770 Mbps of SSL traffic. The FG200F will inspect 4 Gbps and the FG400F will inspect 8 Gbps of SSL traffic. The Sophos XG 450 has a threat protection throughput of 3.4 Gbps whereas the FG200F datasheet states 3.5 Gbps and the FG400F,  has 9 Gbps of threat protection throughput.
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own! Trending These are the topics your peers are talking about on PeerSpot this week How do I estimate the requir...
See 1 comment
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers! Also, special thanks to the articles' contributors included in this Community Spotlight: @Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jul 5, 2022
Dear PeerSpot community members, This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.  Check them out! Trending See what your peers are discussing at the moment! What were your main pain points during the SIEM product purchase process? What...
EB
Director of Community at PeerSpot (formerly IT Central Station)
May 30, 2022
Hi peers, This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.  Articles Check the top products and solutions below (selected based on peer reviews) or contribute your own article! Top Security Orchestration Automation and Response (SOAR) Solutions Top 8 Data Loss Prevention (DL...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jul 11, 2022
Hi community members, As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers. Trending See what is trending at the moment and chime in to discuss! Top 8 Extended Detection and Response (XDR) Tools 2022 Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons? What is the...
See 2 comments
RS
Performance and Fault-tolerance Architect with 1,001-5,000 employees
May 30, 2022
Good very informative
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a retailer with 10,001+ employees
Jul 11, 2022
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Product Comparisons
Related Categories
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Community Spotlight #20
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out w...
Download Free Report
Download our FREE report comparing Check Point CloudGuard Network Security and Fortinet FortiGate based on reviews, features, and more! Updated: January 2023.
DOWNLOAD NOW
670,331 professionals have used our research since 2012.