We're trying to choose between Fortinet or Checkpoint UTM firewalls. Can you help?

  • 20
  • 298
PeerSpot user

17 Answers

it_user195018 - PeerSpot reviewer
Dec 16, 2015

more advantages with Fortigate :
Fortitoken for two factor AUTH . FortiAp accespoints managed thru Fortigate . Forticloud for audit& reporting .IPS&DOS limit thresholds , etc

Product comparison that may be of interest to you
Real User
May 1, 2015


I've been working with gateprotect UTM recently. It's cost effective and much easy to work with compared to Fortinet and Checkpoint UTM.

With the quick guide packed with screen shots, and clear simple instructions, you'll get to know how easy and simple it is to get the gateprotect UTM up and running in no time.

Also note gateprotect UTM has been identified as a top choice for SMB in Gartner UTM firewall survey, which makes it a reliable product/solution.

Apr 28, 2015

Go for checkpoint
kapil yadav

it_user226620 - PeerSpot reviewer
Apr 28, 2015


Both options are good but i would recommend the Cyberaom as i have had a
chance to work with it before.

Other options is Cisco Ironport .



Real User
Apr 28, 2015

Hi Russell,

I advise you to go with Sophos if not I advise you to go with Fortinet.

Did you ask your team to check Sophos demo I sent?


Maroun Jean Abboud

Mobile : 00961 70943122

Skype :maroun_abboud1

Real User
Apr 28, 2015

Both devices are good. Checkpoint is one of the market leader who gives a
good UTM solution. Fortinet is cheaper when compare to checkpoint and

You may try the Paloalto which gives more attention on zero day attacks.

Thanks & Regards /*Ramesh M*

Find out what your peers are saying about Fortinet, Netgate, OPNsense and others in Firewalls. Updated: December 2023.
746,723 professionals have used our research since 2012.
it_user221883 - PeerSpot reviewer
Apr 28, 2015

At this point in time all of the major firewall vendors marketing Next-Gen firewalls provides similar features. I recently participated in a 2 day meeting with sales and engineers with Fortinet. I have to say Fortinet has come a long way in the last few years and am beginning to like their product more and more. In terms of feature set the two products are nearly identical.

When comparing the two vendors there a clear separation in which product focus is clear. Fortinet is a major winner in their smaller units and provide the most bang for your buck. When central management with datacenter and enterprise sized firewalls are required you will find Checkpoint is the leader. In your question you mention CheckPoint UTM. When mentioning this I immediately think of the UTM-1N (old Model) or 620 (New Model). This is a standalone unit and is in the $500.00 - $800.00 range. A comparable unit would be a Fortinet FG-30D. These are the lower end units and I would not recommend them for a solution involving the number of product blades/features you have listed. I have a FotiWifi-60D for my home and it works quite well. I have all the blades configured and enabled. In my home we have 3 sometimes 4 occupants running games and/or streaming video constantly. We average 90GB of internet traffic a month. I have found the FortiWifi-60D able to keep up with the load but at times does peak in CPU and Memory.

A major difference between Fortinet and Checkpoint is their GUI. I find the Checkpoint GUI to be much more intuitive and easier adapt to for new users. Fortinet on the other hand, excels in the CLI with a Cisco/Avaya mixed interface and help structure. Checkpoint is Linux based and almost any Linux command functions on their systems, however, there is limited tab completion and no mid command assistance.

In regards to the firewall blade aka port based firewall I do not see one vendor being better than the other. I would leave this as a preference for what you are used to and what works best for you.

I am going to lump Web Filtering, Layer7- App Filtering together. Both Fortinet and Checkpoint have powerful next-gen capabilities. Both vendors approach web filtering application filtering in a similar way. Utilizing category based URLs and Applications with recommended risk levels. Fortinet published their application/web catalogs at http://www.fortiguard.com. Checkpoint published their URL categorization at https://www.checkpoint.com/urlcat/main.htm and Application Catalog at http://appwiki.checkpoint.com/appwikisdb/public.htm. At this time I can confirm Checkpoint has 6,578 applications identified while Fortinet has roughly 3,500 (Please confirm with your sales rep on this number as I got it from their catalog’s last displayed number of applications and it could have been a display limit rather than the total identified).

I do not have experience with Checkpoint’s IPS and Antivirus in an implemented production use so I can’t provide am accurate comparison. Based on Fortinet’s demos and my experience I would say that it is a comprehensive product. Due to Fortinet’s market (Non-enterprise businesses) and their licensing model (comprehensive of all features) they have a higher rate of discovery, writing a signature, and deploying it than Checkpoint. Also if you purchase the FortiSandbox (enterprise class product) you will have a good result for zero-day attacks.

In the VPN space I currently have a preference for CheckPoint. I find that their approach is very simple, easy to understand, and reliable. Fortinet provides a Wizard based configuration for their VPN tunnels as well as a manual creation process. I find the approach to be more complicated than it needs to be.

Note on Sizing… When it comes to FortiGate if you can afford it start your specs at FG-100D. I have found the lower models to have some quirks. If you are looking for a centrally managed solution Checkpoint includes base central management with all of their models starting at 1100. If you are going to centrally manage your firewalls I would suggest purchasing a VM based Open Server for management and logging. The equivalent would be a FortiManager.

I hope this helps,

Christopher L. Butler

Christopher L. Butler CCP-Network, CCA-Netscaler

it_user125364 - PeerSpot reviewer
Apr 28, 2015

We have chosen Fortinet after a long evaluation effort, while CheckPoint was our next best option. So you can't go terribly wrong with either. The reason we chose Fortinet is that it provided us a better bang for the buck. Be careful, however, with the advertized throughput of Fortinet devices as you often get only 50-70% of the advertized value, so size your devices accordingly.

One thing to consider is that UTMs are often not as good as a dedicated product, especially when it comes to web proxies. You should carefully consider your requirements and compare them with the capabilities of the UTMs you are considering. One tricky issue we are facing is web proxies for mobile devices, and there we are considering a cloud-based web proxy solution.

it_user165153 - PeerSpot reviewer
Apr 27, 2015

As far as dollars per protection, I would say Fortinet is your solution. I found this article pretty helpful: http://www.itgweb.com/blog/the-top-10-reasons-to-choose-a-fortinet-next-generation-firewall

it_user207945 - PeerSpot reviewer
Apr 27, 2015

I would recommend either sonicwall or fortigate, but you have to allocate for size and high availability for the solution to be fully functional.

it_user229419 - PeerSpot reviewer
Apr 27, 2015


First and foremost kindly let me know what exactly the strength of your
network is and what exactly you are trying to secure. The products which
you are going for are state of the art and also come at a price point which
might make some people think otherwise.

Some info about UTM

Typically a UTM will have these features

· Traditional Fire Wall/ Next Generation Firewall

· Intrusion detection and prevention System (IDS/IPS )

· Virtual Private Networking ( VPN )

· Content Filtering

· Gateway Malware Filtering

· Spam Filtering

· Data loss Prevention

· Vulnerability Management

The above are some of the common features which are included in almost all
the UTM devices.

Since you have already short listed Fortinet and checkpoint below are my
view points on both the companies.

Both are market leaders and have a strong presence globally. They have a
range of products from small to mid-size to enterprises networks.

Add to the fact that both of them have App for IOS and Android for VPN and
also have software’s for windows and MAC OS. (Check point only has windows



My Personal Experience with these products says that these products are as
good as your network performance. You may buy a niche product but if your
network performance fails then it’s of no use. Also check point offer a 15
day evaluation for it latest OS called Gaia version R77. You can use it in
a virtualized environment to get the hang of it. Or you can download the
Smart Console and use it in the Demo mode to see it in action (limited
features are enabled) . Which I did not find it on the fortinet website.

Hope this helps

Thank you


it_user146268 - PeerSpot reviewer
Apr 27, 2015

I dont have sufficient knowledge on checkpoint as far i concerned the checkpoint is very expensive compared to FG.

Advantages of fortigate:

1. The FortiGate can be deployed to be a NGFW, a traditional firewall, a Virtual Private Network (VPN) Terminator, and/or a Next Generation Intrusion Protection System (NGIPS).

2.Administration is very easy and straight forward via GUI or CLI.
3. UTM features are good, but a little complex since we need to be careful with the protocols and policies and there is an ON/OFF button to enable the features which comes in handy
4.All these features comes in same appliance and you dont need to go for extra slots or price.
5. VDOM which is an advantage, we can segregate different domains (eg.core or perimeter) and allocate feature separately and easy to manage.
6. Separate reports can be generated on individual VDOMS
7.Overall fortigate has very good feature and performance for the price.

The only downside is the support which is kind of slow and unavailable of engineers on the right time.

it_user106689 - PeerSpot reviewer
Apr 27, 2015


Both OEM carried similar level feature sets and manageability options. One need to be check here is on support level you are taking from both this OEM, that should be critical part.
Another point one should keep in mind that pricing, there is the huge difference in pricing amongst both OEM. It’s something like comparing AUDI with Hyundai.

When we are talking about features such as IPS, FW, AV URL & App control and lastly IPSEC , both this support in their unique way. However when you really trying to enable IPS, look for good throughput supported for TCP protocol layer.

Thanks & Regards
Ankit Shah

Apr 27, 2015


Checkpoints are the best in the terms pure firewall functionality, however if you need full fledged UTM in terms of features and modules, Forigate UTMs have many modules and enhanced features' set.

But be ware of the throughput of Fortigate as it get reduced by 75% when you turn all modules ON. So get a bit bigger box in terms of sizing.


it_user154449 - PeerSpot reviewer
Apr 27, 2015

Checkpoint has a powerful solution. However, they have more of a piece mill approach to the multiple responsibilities of a NGFW or UTM. Fortinet has a very cohesive and easy to learn solution. Fortinet also clouts one the fastest Datacenter firewalls on the market due to their onboard acceleration. Fortinet has a full suite of addition components that can sure up your security posture as well. For example, they have a DDOS appliance as well as a Sandbox appliance.

I like Checkpoint, but for the price we were able to get a lot more for the money from Fortinet.

As a side note. If you are pricing Checkpoint, you may want to consider PaloAlto as well.

it_user201144 - PeerSpot reviewer
Apr 27, 2015

You should evaluate watchguard UTM
Includes websesnse as url filtering, same categories

it_user195018 - PeerSpot reviewer
Apr 27, 2015

I recommend to choose Fortigate Firewall.

A firewall is a device used for network security. It monitors network traffic (both incoming and outgoing) and then, based on a set of security rules, either permits or blocks data packets.
Download Firewalls ReportRead more

Related Q&As

Firewalls experts

Adriamcam - PeerSpot reviewer
Diana Alvarado - PeerSpot reviewer
Jonathan Ramos G. - PeerSpot reviewer
Sachin Vinay - PeerSpot reviewer
Nagendra Nekkala - PeerSpot reviewer
Hugo Alexis Espinoza Naranjo - PeerSpot reviewer
Edwin Solano Salmeron - PeerSpot reviewer
Nadeem Syed - PeerSpot reviewer