We performed a comparison between Check Point NGFW and Palo Alto Networks NG Firewalls based on our users’ reviews in four categories. Our conclusion is presented below.
Comparison Results: Our users feel Check Point NGFW is the better choice for NG Firewalls. Users appreciate its unique multi-layer, multi-blade approach. Additionally, the central management station allows users to manage everything in one place, helping to improve overall performance. The great price, support, and performance make this a great choice.
"Fortinet has a very good solution for Secure SD-WAN. One very good feature is that they have robust and simple FortiOS through which they provide all solutions. That's their strength. There's not much complexity involved with the Secure SD-WAN solution of Fortinet as compared to Cisco's solution, which has a lot of flexibility but complexity also comes with that flexibility."
"The payment function for applications is good."
"We can detect any attack of viruses or malware at the first point of contact."
"It is quite easy to handle."
"The next-gen features, the unified threat management capabilities are something that just about everybody is interested in at this point."
"The management console is pretty simple, so anyone who understands networking can initially deploy the solution."
"The security features are about the best that I've seen anywhere."
"Good load balancing feature."
"The management in Check Point is exceptional."
"I like the dashboard, redundancy, log analysis, threat prevention and ISP, and VPN."
"I think the VSX has been the most valuable feature for us."
"The product is flexible."
"When applying application control, we can ensure user access to the internet in accordance with company policy and easy implementation if some users need exception access."
"We used Check Point for implementation, and they are top-notch. They know the hardware and software better than anyone."
"The Check Point firewall features for Next Generation Firewalls are excellent."
"The interface and the IPS intrusion prevention are the most valuable features of this solution."
"It's quite nice. It's very user-friendly, powerful, and there are barely any bugs."
"The solution's most valuable feature is the robust firewall, which we can also use as a UTM device."
"The solution is very stable."
"We standardized on the product and got rid of several other types of firewalls from different vendors."
"The centralization capability is the most valuable feature of this solution as it enables us to monitor our systems efficiently."
"The key aspect of this solution that provides the most value is its next-gen capabilities, which represented a significant change for us."
"The most valuable aspect of this solution is pre-sales and post-sales because of the support and relationship building."
"I'm using most of its features such as antivirus, anti-spam, and WAF. I'm also using its DNS Security and DNS sinkhole features, as well as the URL filtering and application security features."
"It would be nice if FortiGate incorporated some built-in endpoint protection features. I would also like a built-in SOC dashboard for managing multiple Fortinet firewalls."
"The license renewal process, annual renewal price, and the web application firewall features should be improved."
"The stability of Fortinet FortiGate could improve."
"Sometimes you do need to know some CLI commands, so it's a bit harder for technicians or new people that don't know it."
"The pricing could always be better."
"My only complaint about FortiGate is a lack of QinQ VLAN tunneling. I haven't found this feature in any Fortinet product. You can do this on all Cisco routers, including the smaller models. However, QinQ isn't available on the biggest, most expensive Fortinet units. They still don't have that. I think now we're on software version 6.0, and they still haven't found a solution for QinQ. It isn't a dealbreaker, but that's my main complaint."
"It can be a little bit more user-friendly in terms of policy definition and implementation. It seems a little bit complicated, and it could be simplified."
"It needs to improve its ISP load balancing."
"Check Point products have many places that need to be improved, but they are constantly upgrading."
"There is room for improvement in application-based filtering, as with other firewalls available in the market today."
"The training for Check Point Firewall should increase, including the number of Training Centers. For most new people in our organization, we have to provide them training from our end, as they are not trained in Check Point Firewalls. So, we have to do the training, from our point of view, to make our engineers able to use Check Point Firewalls. However, with other firewalls, they are already trained, so we are not require to provide them training. This could be improved by the Check Point Community."
"In the past year, we faced severe downtime that lasted many days due to a misconfiguration."
"It would help if they were easier to deploy, without needing more technical people. It would be nice if we could just give basic information, how to connect, and that would be all, while the rest of the setup could be done remotely."
"Currently, upgrades are quite cumbersome."
"When you want to open the gateway by double-clicking on the interface, sometimes it can cause silly problems such as freezing."
"The firewall throughput or performance reduces drastically after enabling each module/blade."
"PA-220 Next-Generation Firewall would be perfect if it has spam filtering."
"The areas that need to improve are network protection and user identification."
"Personally, I feel that their dashboards for reporting and things like that need some improvement."
"I would like a collaboration system and reporting ASA policy needs to be smarter."
"Enhancements could potentially be made to the firmware to improve its inspectability."
"When you delete and add a new rule, because of the one hundred rule limit, if the new rule has an ID that is greater than one hundred, even though you have fewer than that, it will not work."
"Its price can be better. They should also provide some more examples of configurations online."
"A major concern is making the licensing more accessible to enable small municipalities to afford and manage their own systems independently."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Check Point NGFW is ranked 5th in Firewalls with 276 reviews while Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 162 reviews. Check Point NGFW is rated 8.8, while Palo Alto Networks NG Firewalls is rated 8.6. The top reviewer of Check Point NGFW writes "Good antivirus protection and URL filtering with very good user identification capabilities". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". Check Point NGFW is most compared with Sophos XG, Cisco Secure Firewall, Netgate pfSense, Azure Firewall and OPNsense, whereas Palo Alto Networks NG Firewalls is most compared with Azure Firewall, Meraki MX, Sophos XG, Netgate pfSense and Cisco Secure Firewall. See our Check Point NGFW vs. Palo Alto Networks NG Firewalls report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi, I would suggest going for Checkpoint, the suitability depends on your specific security needs, budget constraints, network infrastructure, Integration capabilities, cloud integration, compliance and reporting, user-friendly interface but the support and the specific behavior for some solutions for routing, networking balance or specific connectivity is better known constraints, Checkpoint Multiplatform support (Open Servers Solutions) The advantages in Palo Alto (SSL Decryption, Wildfire SandBox Integration, Scalability)
Hi, I would suggest going for Check Point.
I'm with Check Point now, for more than 2 years. IPS, threat prevention, antibot identification, and antivirus notification are up to the mark. Moreover, it has a friendly user interface where anyone can create policies and work on it.