We performed a comparison between Check Point NGFW and Palo Alto Networks NG Firewalls based on our users’ reviews in four categories. Our conclusion is presented below.
Comparison Results: Our users feel Check Point NGFW is the better choice for NG Firewalls. Users appreciate its unique multi-layer, multi-blade approach. Additionally, the central management station allows users to manage everything in one place, helping to improve overall performance. The great price, support, and performance make this a great choice.
"The most valuable feature of this solution is Quota."
"It blocks the vulnerabilities that can negatively impact us."
"The most valuable features are simplicity, management, and that it's constantly evolving."
"In terms of security, we have not experienced any security flaws or loopholes, and it has proven to be quite stable."
"We have been able to offer several services to customers in a single box."
"It's user-friendly and easy to operate."
"The most valuable feature is the policy routing and application control."
"The solution has very good threat and content filtering switches."
"The most valuable feature is that we are protected against zero-day threats."
"The Check Point API let me make 100 net rules in just 10 minutes, which saved us time."
"We never had an outage of the appliances or the consoles. Stability is very strong. I never had a problem related to stability."
"All of the features are very valuable, but the most valuable features are the sandboxing and the advanced IPS/IDS."
"Check Point provides dedicated blades to monitor network traffic, which helps while troubleshooting network and packet-related issues."
"The product is flexible."
"We use Check Point to complete the network compliance rules."
"The Next Generation Firewalls, the 64000 and 44000 series, provide us with support for large data centers and telco environments. They're quite reliable and provide great performance."
"The basic configuration will only take 15 minutes to set up"
"This solution not only provides better security than flat VLAN segments but allows easy movement through the lifecycle of the server."
"The management options are good."
"Palo Alto Networks NG Firewalls enabled us to have better visibility overall."
"The solution's most valuable feature is the robust firewall, which we can also use as a UTM device."
"IoT security is most valuable in the current version. Content IDs, DDoS protection, zone protection, and DLP are the most prominent features in Palo Alto Networks NG Firewall. It is easier to configure than other solutions."
"From my experience, comparing it to other products, the granularity you can have in the application is very good. The application detection is excellent. It's certainly one of the best."
"All the features are valuable, but my main one is the straightforward and well-designed GUI. I'm over 50 and have been in this business since the internet started. I'm not a GUI guy; I prefer using the command line. The product's GUI is excellent, and so is the threat intelligence. It's also straightforward to configure and flexible. The solution even has good networking, such as VLAN and subinterfaces, which is great because, in my experience, if the firewall is good, then the router usually isn't and vice-versa, but Palo Alto has both."
"The way everything is set up could be easier. Currently, people need a lot of experience and knowledge to administer it and to link it to devices."
"It could use more templates for third-party site-to-site VPN setups other than FortiGate and Cisco."
"It's my understanding that more of the current generation features could be brought in. There could be more integration with EDRs, for example."
"It can be a little bit more user-friendly in terms of policy definition and implementation. It seems a little bit complicated, and it could be simplified."
"Fortinet FortiGate could improve by having better visibility. Palo Alto has better visibility."
"Improvement is needed in the Web Filter quotas to restrict users with allocated quotas."
"Fortinet FortiGate could improve by having more capabilities for troubleshooting VPN connections. For example, I do get some feedback about the current status, but I could use some history and logging of important events. The information is logged in our Syslog server, but I could use that information from the device. If they could provide a GUI to have some more insight on what's going with my VPN would be useful."
"One of the features that I would like to have is to do with endpoint production, it should be integrated. For example, the firewall gets notified of any kind of forensic event that needs to be done, such as if there is a ransomware attack and how it originated, all those records have to be available from the firewall, which is not."
"One of my issues with Check Point is the stability. There have been too many bugs, over the years, when I compare them with other vendors. Their QA team should do better work before releasing their GA versions."
"The technical support is really poor. We have to wait for approximately 48 hours sometimes for a simple solution."
"The area it needs improvement is the SandBlast Agent. It receives a file, or if it detects a Zero-day attack, it takes the file and analyzes it, either on-premise or in the Check Point Cloud, and then it reports back whether the file is secure or non-secure, or is unknown. That particular area definitely needs a bit more improvement, because there is a delay... where it needs improvement is where [SandBlast is] an appliance-based solution rather than a software or cloud-based solution."
"One area for improvement in Check Point NGFW is the support process."
"One thing to improve is the VSX gateway. It is quite complex to work with VSX and they are quite easy to break if you aren't familiar with them."
"The NAT services part needs improvement. It's not sophisticated. It needs functions like range assignment for NATing. The way you assign a list of IPs for NATing is too simple. It just allows you to use pools."
"Although there is a lot of automation and pattern that can be classified automatically, the IPS systems are sometimes a little bit complicated, and doing the fine-tuning in over 20,000 patterns is hard to do."
"The API support is good. However, Check Point needs to focus on more prepared scripts for some tiresome actions."
"The data loss prevention (DLP) capabilities need to be beefed up."
"Palo Alto could do better with integrating the Palo Alto Next-Gen Firewall with SD-WAN. The biggest issue with Palo Alto is that they are expensive. They are very expensive for what they offer. They should improve their pricing."
"Its software updates can be improved. It sometimes becomes very slow with the software updates for different features. It should have an External Dynamic List of data. The malicious IP is not frequently getting updated in Palo Alto, and this should be done."
"Its price can be better. They should also provide some more examples of configurations online."
"The user interface is a bit clumsy and not very user-friendly."
"The level of control and granularity in terms of rule customization could be enhanced. However, compared to our previous solution, Palo Alto provides much better drill-down capabilities."
"The solution would benefit from having a dashboard."
"They can work on the price. They are a little bit expensive, and not all customers are able to afford this solution. Taking into consideration that there is huge competition in the market and there are multiple firewall companies that are much cheaper than them and offer almost the same features, it would be good to improve the price."
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Check Point NGFW is ranked 5th in Firewalls with 275 reviews while Palo Alto Networks NG Firewalls is ranked 6th in Firewalls with 162 reviews. Check Point NGFW is rated 8.8, while Palo Alto Networks NG Firewalls is rated 8.6. The top reviewer of Check Point NGFW writes "Good antivirus protection and URL filtering with very good user identification capabilities". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "We get reports back from WildFire on a minute-by-minute basis". Check Point NGFW is most compared with Sophos XG, Cisco Secure Firewall, Netgate pfSense, Azure Firewall and OPNsense, whereas Palo Alto Networks NG Firewalls is most compared with Azure Firewall, Meraki MX, Sophos XG, Netgate pfSense and Cisco Secure Firewall. See our Check Point NGFW vs. Palo Alto Networks NG Firewalls report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi, I would suggest going for Checkpoint, the suitability depends on your specific security needs, budget constraints, network infrastructure, Integration capabilities, cloud integration, compliance and reporting, user-friendly interface but the support and the specific behavior for some solutions for routing, networking balance or specific connectivity is better known constraints, Checkpoint Multiplatform support (Open Servers Solutions) The advantages in Palo Alto (SSL Decryption, Wildfire SandBox Integration, Scalability)
Hi, I would suggest going for Check Point.
I'm with Check Point now, for more than 2 years. IPS, threat prevention, antibot identification, and antivirus notification are up to the mark. Moreover, it has a friendly user interface where anyone can create policies and work on it.