We performed a comparison between Check Point UTM-1 [EOL] and Fortinet FortiGate based on real PeerSpot user reviews.
Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls."It safeguards against cyber attacks."
"We can create a domain to separate and segregate some functions, some services."
"The solution is very robust."
"Firewalls help us a lot in controlling traffic on our network and preventing unauthorized access."
"The most valuable feature for us was to implement negligent functionality, to direct functionality to viewer control and application control so we could disconnect, and at the same time, we installed checkpoints. We disconnected our proxy."
"The filtering was very good."
"It provides visibility and drives organizational security."
"The databases and its signatures are its most important features."
"We have been able to offer several services to customers in a single box."
"It is easy to use. We chose this product for the possibility to have virtual domains (VDOMs). We are building another company in the group, and we would like to split the firewalling rules and policies between these two companies. Each company would be able to manage its own policies and security rules, which is an advantage of Fortinet FortiGate. We can define VDOMs, and every company can manage its own VDOM as if it has its own physical firewall, but in fact, we would be using the same physical appliance because we are also using the same internet lines. So, it allows us to reuse the existing resources without the disadvantage of having to compromise on policies and security. Each company can choose its own way of working."
"The web filtering facility and application control are the most valuable features from the point of view of our clients. The VPN feature is also quite popular amongst our clients. Two-factor authentication is one of the good features in Fortinet. These features are important for the current scenario of security. Security has become a necessity nowadays. With cyber-attacks becoming more common, protecting an organization's data is one of the major tasks. It is also very stable and scalable, and it is very straightforward to configure. Their technical support is also good."
"The most valuable feature of Fortinet FortiGate is security. They are known for efficiency and are on the top of Gartner Quadrant reviews. Fortinet FortiGate has an easy-to-use platform with a good graphical interface. The configuration is simple and the solution provides an overall good layer of security."
"The application control features, such as Facebook blocking and Spotify blocking, are the most valuable."
"One of the nice things about FortiGate is that it can be deployed on the cloud or on-premises. You can actually do both. That's the biggest reason why I stick with this solution as opposed to something like Cisco Meraki. Another nice thing is that I can log directly into a FortiGate or get to it through their FortiCloud access products. They're pretty reliable and consistent. One of the reasons why I started using the product was their single pane of management. I can deploy their line of firewalls in conjunction with their switching and access points, and I can manage the entire network from one interface. I don't have to log into one interface for the firewall, another one for the access points, and another one for the switches. These firewalls have access point controller functionality built right into the system, so I don't even have to purchase additional devices to manage them."
"The user interface (UI) is very, very good."
"The simplicity of the configuration and the stability of the product are most valuable. The VPN concentrator is very useful."
"Specifically on the user experience, sometimes the set up of things, such as the VPN SSL, takes a lot of time to load and a lot of time to get up and running on every session."
"I am not able to see a demo."
"The solution should be more user-friendly."
"The solution could be improved if there was a better way to report. The reporting functionality is not really good. Even though it's not the major function. Maybe adding a way to make a custom report."
"Some features that could be improved are advanced threat protection, sandboxing, and vulnerability management."
"As we don't have a representative of Check Point in Mozambique, this makes it very difficult when we have some issues to resolve."
"Technical support was very bad because the supplier who sold it to us, wasn't very supportive, and he wouldn't giving us direct links to the OEM."
"While the technical support is good, the Indian level technical support could use an upgrade."
"If I had any criticism that I would give FortiGate, it would be that they need to stop changing their logging format. Every time we do a firmware upgrade, it is a massive issue on the SIM. Parsers have to be rebuilt. Even the FortiGate guys came in and said that they don't play well in the sandbox."
"The solution could be more secure and stable."
"It would be nice if backups could more easily migrate between different models."
"The customization could be improved. Cisco, for example, is much better at this. They need to work to be at least as good as they are."
"The support costs and licensing are sometimes so expensive."
"Their software support needs improvement. I would prefer to have better support for bug fixes. Sometimes, we open a ticket, and it is very difficult to get a solution. Specifically, we are not at all happy with their support for load balancing."
"I would like to have logs, monitoring, and reporting for a month without extra fees."
"There are a lot of bugs I have found in the solution and it is difficult to upgrade. These areas need improvement."
Earn 20 points
Check Point UTM-1 [EOL] doesn't meet the minimum requirements to be ranked in Firewalls with 19 reviews while Fortinet FortiGate is ranked 2nd in Firewalls with 306 reviews. Check Point UTM-1 [EOL] is rated 8.2, while Fortinet FortiGate is rated 8.4. The top reviewer of Check Point UTM-1 [EOL] writes "Great firewalls, VPN, and Intrusion prevention capabilities". On the other hand, the top reviewer of Fortinet FortiGate writes "It's a reliable solution that's easy to install and cheaper than competitors ". Check Point UTM-1 [EOL] is most compared with , whereas Fortinet FortiGate is most compared with Sophos XG, Cisco Secure Firewall, Netgate pfSense, Meraki MX and Check Point NGFW.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Are you limiting the results are a specific reason?
The larger question here is what do they need? There is no one best, each one has a good pro and con list to compare. (do they need web filtering, geo ip blocking, layer 7 filtering, detail qos control, redundant link fail over, load balancing, client access, reports, automated reports, etc) There are a lot of open questions that can help anyone tailor what would be best to use.
My personal experience with those mentioned is to go with Palo Alto. It has a good rock solid and stable OS and can be configured to most anything your client would need.
Fortinet's: The OS has many issues with memory even when you over spec the unit. You will find yourself having to restart it pretty often. It does have a decent configuration gui. (My personal opinion unless it's a OS/Firmware upgrade the unit should never need rebooted).
Check Point: At least the units I have had the wonderful time working with, have been very "finicky", granted the last one I seen was about two years ago now, which imo is a good thing. I was not impressed.
Firewalls I did not see mentioned Cisco ASA/Firepower, Cisco Meraki, SonicWall, PFSense, Adtran.
I do like the Cisco Units, though not for the faint of heart. Even the new ones you will find yourself in the shell often. That said there is a reason that most Datacenters use them, they have been around a long time and know how to build a good product.
Meraki: These have surprised me. They are as good as the Palo Alto FWs and the recent (time is relative) acquisition of OpenDNS/Umbrella into their security stack is a good blend. Easy to configure, A good option if the client will be in the FW making changes. When Paired with other Meraki units the Single Pane of Glass configuration is a plus. The Reporting is a nice feature with the ability to alert on. The Layer 7 Filtering and QOS is super well thought out. Really, really easy to configure. I can walk most anyone through a setup.
SonicWall: Just mentioning their name gives me headaches. Even after Dell purchased them the product isn't any better again just my opinion. They are easy to setup, and that is all I will give them.
PFSense: I love OpenSource products, PFSense has a good plugin list and is easy to make your own. It is not for everyone. The recent last few firmware/OS upgrades introduced a better gui interface. Rock Solid (as long as you have good hardware.) They just work. You will however need to know the product well. Some configuration places can be confusing. Such as setting up Traffic Shaping is not as simple as in the others, "in a click of a button".
Adtran: Adtran does not get mentioned enough. These units are good and do exactly what they are told. Never have to be rebooted unless you upgrading the firmware/os on the units. They are fast and as the phrase goes "they just work". The GUI is still a little dated when compared to others in the market, Once you get use to it though your golden. The Shell is near identical to the Cisco, so for Cisco guys it's an easy go between. They started out as a Voice vendor product, as you know voice is never allowed to go down and that is how their switches, routers, etc are.
So to recap: It depends on what you want to do.
In your original list, The Palo Alto is the winner.
If you want to Expand it to the larger list I would say the Meraki if you want a good gui experience and support.
If you just want it to work with a ton of no extra cost add-ons the PFSense is the next option if you're willing to put the effort into learning it inside and out, which only the hardcore guys seem to do.
I have worked on PA, CP, & Fortinet. I found Fortinet to be the most capable and best common interface for overall usage. As stated above, I found PA's to be overpriced for what they give you. Based on my monitoring this sector, CP & PA are trying ot catch up to Fortinet's and Cisco's ecosystem approaches. Cisco's Ecosystem, since I brought it up, still requires a user to know too many different interfaces and leads to configuration issues.
My recommendation is Fortinet.
I have experience is all flavors mentioned here.
If you are thinking about the cost of the product , then go with Fortinet. Fortinet products are cheep when compare to PA or Checkpoint. Whereas the performance of the box is not mentioned on the datasheet. You have to rethink the value based real world traffic.
For stable network m opinion is PA or checkpoint. Both devices have certain their own features which may not be replace by other device.
I would you to consult with the SE who can understand your requirement and unique features required to your organization.
my opinión : i think all vendors in security are great but i prefer FORTINET
My opinion about firewalls --> FORTI (FortiGate) is the best out of those 3:Fortinet, Palo Alto, Check Point.
Why? 1. Price (TCO), 2. Wide and complex functionality, 3. More userfriendly interface than ChPoint. Check Point is too expensive (my private opinion) compared with its functionality (the brand costs).
I haven’t got any experience with Palo Alto.
Having worked for Nokia and Check Point for eight years as a Senior S.E., and SonicWALL, and also being very familiar with Palo, Fortinet, Cisco & Sophos, I'd say it all comes to the customer's requirements.
When I was Director of Engineering at Intel for their FW/VPN, I asked marketing for the numbers of how much of our customer base was using the FW component of our product which was called and marketed a VPN. An astounding 48 per cent used the FW. I immediately had our gateway rebranded "Intel FW/VPN".
According to IDC we were number 2 of market share at 14% behind Bottle at 20%.
Unfortunately Intel bought our product as a "BB" (buy and bury). They took our code and put it on an ASIC chip and stamped it onto their NICks (network interface cards).
Being the director of engineering I was responsible for a good portion of that.
I can support on Fortinet Firewalls and its integration.
Best is subjective and I think there are many factors that could influence a decision.
Fortinet are generally less expensive but I have found their management and product splintering to be cumbersome, support is hit and miss and depends on the partner you work with. That said if you are on a budget it could be a good choice.
Palo have a good management platform, excellent firewalls and with the release of their new firewalls (820/50) have some cost effective solutions at the lower end, support is very good.
Checkpoint have a very good management platform, average firewalls with sometimes over complex configuration and from experience I would have to say awful support.
As always I would try to figure out what requirements and capabilities you are looking for, where the strengths and weaknesses of your security team lie and work from there. The solution should be built to fit your business requirements and budget.