We performed a comparison between Check Point NGFW and KerioControl based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable features are SD-WAN, application control, IPS control, and FortiSandbox."
"The IPsec tunnels are very easily created, and quite interoperable with devices from other vendors."
"Fortigate's most valuable feature is that it doesn't need a push policy when writing rules."
"Fortinet FortiGate is scalable for our users. Right now, we have almost 70 users. We do not have any plan to increase our usage of FortiGate. For maintaining the firewall solution, one staff member is enough."
"We can detect any attack of viruses or malware at the first point of contact."
"Layer-3 firewall and routing are the most valuable features."
"Fortinet FortiGate protects against internet-based threats, both internal and external. It is scalable, stable, easy to use, and easy to install."
"The solution is stable."
"We have between five and ten firewalls on-premises, and if we want to configure or push the same configuration to all of the firewalls, then the centralized management system is very helpful."
"It provides end-to-end resolution."
"I use it as well as a VM. We use it a lot because we have all fiber optic connections, so we could use almost all of that. The federation is beautiful because I can transfer all traffic to my main site where I can use just one link to the internet, and I can use it as a proxy as well. It is good to keep control and security."
"Check Point has a centralized console that makes it possible to manage all the deployed equipment. It also has a built-in VPN service that lets users connect through VPN to our organization, which facilitates teleworking while cutting off unauthorized access to the organization's internal network."
"The most valuable feature is the highly integrated NGFW features such as the IPS or Check Point Identity Awareness, which makes Check Point the best choice on the market."
"The IPS is frequently updated so the rules are always new and in place."
"The most valuable features for us are identity awareness, IDS and IPS, and application control."
"The VPN tunnels are very effective in terms of stability and quick connection."
"The most valuable feature is the reliability of VPN capabilities. The VPN has been very reliable and secure. The security has been very good and the VPN connections are reliable in that they stay up. We don't have a lot of problems with downtime and that type of thing."
"Setup is simple. The Kerio interface is very intuitive."
"The comprehensiveness of the security features that Kerio Control provides us with is good. Before GFI had it, they would have more updates. The updates have been slower, but I like the things that they keep adding like the ability to block by country. I use pretty much every feature."
"The top features are ones that we're not using yet but we soon will be because we've just had broadband upgraded in Australia. We've got something called the National Broadband Network, which is forced onto you, so you have to take it when it arrives. We'll be trying the high availability out soon. We tried that with some load balancing, it didn't quite work as we expected, but I think that was more of a configuration thing rather than a product thing."
"The firewall and intrusion detection features are good. It has blocked certain things. We have a lot of blocked sites that the staff or anyone using it, the public, etc., can't go on. It works for that. I get quite a few messages every now and again, saying that a virus has been detected and I can go in and block the user who's causing the problem."
"I like intrusion detection and prevention and bandwidth management. The routing part is also awesome. It is a good firewall. We never had a major breach from outside. We've never been impacted by ransomware, and our systems have never been infiltrated."
"The solution’s firewall and intrusion detection features are quite good because you can see exactly who is attacking you and who is getting blocked."
"All of the features of Kerio Control are equally good. Most valuable to us are the firewall rules, the intrusion detection system, and IP address features."
"To some degree, it's almost a question as to why some of this stuff isn't simpler. For example, for an AP deployment, while it's integrated, the number of steps that you have to go through in order to get the AP up, seems like a lot."
"Its reporting and pricing need improvement."
"Technical support for this solution can be improved."
"They need to improve their technical support."
"The inability to scale the FortiAnalyzer to match our growth necessitates the purchase of new hardware."
"I would like reporting to be improved and should offer a lot more tools to monitor the products."
"The stability of Fortinet FortiGate could improve."
"My only complaint about FortiGate is a lack of QinQ VLAN tunneling. I haven't found this feature in any Fortinet product. You can do this on all Cisco routers, including the smaller models. However, QinQ isn't available on the biggest, most expensive Fortinet units. They still don't have that. I think now we're on software version 6.0, and they still haven't found a solution for QinQ. It isn't a dealbreaker, but that's my main complaint."
"Unfortunately, as is the case with many big companies, new features seem to always be more important than fixing the last little bugs that affect only a minor customer base."
"The interface can be more user-friendly in terms of design and the location of critical and commonly used icons."
"If you have a long ruleset, you may experience performance issues on the GUI, and installing rule changes on gateways can take a comparatively long time."
"It's too expensive for mid-market companies."
"Unfortunately, the API is not fully complete and also it is not an API which I would refer to as a RESTful API as there are different endpoints for the same entity."
"When it comes to Check Point's small business gateway series, there might be a need for hardware upgrades, as configuring them can sometimes be a bit challenging."
"The smart consoles could be improved."
"I primarily work on the network side, so my expertise lies in configuring and working with firewalls. I have experience in firewall policies and know how to configure them within CheckPoint, including blocking URLs and specific website categories. However, I acknowledge that there's room for improvement, particularly in areas related to application-level control within the firewall. While I can't pinpoint a specific area for improvement, I am trying open to enhancing my skills and knowledge in various aspects of firewall management."
"The comprehensiveness of the security features could be improved upon. However, for the most part, it is pretty good. They could add more logs. I would like to see more detailed reporting, custom reporting from the logs, and more of a streamlined interface for certain aspects."
"The one thing that did put me off of the solution was that, after they were taken over by GFI, the licensing and a few other items have gotten very complicated."
"I can no longer renew my subscription directly with GFI but we have to go through third-party resellers like CDW. The first time I did it with CDW. I went to CDW and it was almost like they didn't even know anything. They didn't know what package I was supposed to get. Then after I got it, it took almost five days to get everything working."
"There's also room for improvement in the Traffic Rules. We define networks to use a specific outgoing interface, say VSAT, shore, or marine WiFi, which is okay. But then all we have is a checkbox that says "Use other internet interfaces if this one is unavailable." What we would prefer would be to have a priority list. So if VSAT is unavailable, try to use 4G, etc. We haven't really found a reliable way of doing that in the current release."
"The solution can be improved to create the capability for larger bandwidths that support our business needs."
"The product's technical support is not good as it used to be."
"After the takeover by GFI, one of the things that Kerio built was MyKerio environment. This has not been very reliable because I get many messages that MyKerio is not functioning. For some reason, there are things that they changed and it is not very reliable at this moment, instead I have to connect to the firewall to see what is happening."
"I would like for them to add more security features."
Check Point NGFW is ranked 5th in Firewalls with 279 reviews while KerioControl is ranked 29th in Firewalls with 54 reviews. Check Point NGFW is rated 8.8, while KerioControl is rated 8.0. The top reviewer of Check Point NGFW writes "Good antivirus protection and URL filtering with very good user identification capabilities". On the other hand, the top reviewer of KerioControl writes "With VPN, any of our guys can log in to the system and effectively be on board; helps with our customers all over the world". Check Point NGFW is most compared with Palo Alto Networks NG Firewalls, Sophos XG, Cisco Secure Firewall and Netgate pfSense, whereas KerioControl is most compared with Netgate pfSense, OPNsense, Sophos UTM, Sophos XG and Splunk User Behavior Analytics. See our Check Point NGFW vs. KerioControl report.
See our list of best Firewalls vendors and best Unified Threat Management (UTM) vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.