We performed a comparison between Check Point CloudGuard Network Security and pfSense based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Check Point CloudGuard Network Security provides valuable features like VPN Blade, IPS Blade, URL filtering, and Applications Control Blade. pfSense is appreciated for its capacity to block IP addresses, user-friendly dashboards, and open-source nature.
Check Point could enhance its support system, cluster creation on AWS, data protection visibility, DLP feature, user interface, integration with other security solutions, cost reduction, documentation, and on-prem deployment flexibility. pfSense could improve instructional videos, stability, mobile application, GUI usability, updates, threat handling, FIPs compliance, log analysis, VPN capacity, documentation, user-friendliness, configuration processes, and SD-WAN integration.
Service and Support: Some customers appreciate the technical support provided by Check Point, while others express dissatisfaction with response time and global support. pfSense's customer service garners both positive and negative reviews. Some users commend the technical support they receive, while others rely on community resources for assistance.
Ease of Deployment: Check Point CloudGuard Network Security is praised for its easy, simple, and straightforward initial setup. Users find it interactive, user-friendly, and effortless to configure. However, it may require technical expertise and proper guidelines from customer support. pfSense is generally regarded as easy and straightforward to set up, with a simple installation process. The timeframe for completion varies from as little as 15 minutes to a few days, depending on the user's familiarity with firewall and network concepts.
Pricing: Check Point CloudGuard Network Security is recognized for its high price, however, it provides strong security measures and good value. pfSense is an open-source option that offers reasonable pricing and no extra expenses. However, there is a lack of available information concerning the exact costs associated with pfSense's licensing.
ROI: Check Point CloudGuard Network Security provides improved performance and benefits for organizations, resulting in a higher ROI range of 80% to 85%. pfSense is highly regarded for its cost-effectiveness and affordability, enabling substantial savings.
Comparison Results: Check Point CloudGuard Network Security is the preferred option when compared to pfSense. Users find the initial setup of Check Point CloudGuard Network Security to be straightforward, and user-friendly. Check Point CloudGuard Network Security offers more valuable features including VPN, IPS, URL filtering, and Applications Control Blade, which are highly appreciated for their compliance, intrusion protection, and productivity enhancement.
"Using this product makes the VPN seamless and almost invisible to me in the sense that I don't have to think about it."
"It's a firewall that secures our internal network. I have been using it since 2013, and I find that most of the features are advanced, and very user friendly."
"The ability to set up remote systems is the most valuable feature."
"It increases security posture and is helpful for firewall reporting, intrusion protection, web filtering, and SD-WAN implementation."
"The most valuable feature is the ease of use."
"Fortinet FortiGate's reliability is valuable."
"It is a one box solution, which covers most of the edge device’s requirements."
"It is very flexible to use."
"I like the firewall and the virtual machine. I also like that it's compatible with Amazon Web Services and Azure."
"The tool's most valuable features are threat prevention and protection mechanisms."
"The most valuable features are the VPN Blade, IPS Blade, the URL filtering, and the Applications Control Blade."
"The most valuable feature I have found in CloudGuard Network Security is the flexibility to rebuild the firewall as needed."
"CloudGuard's intelligent tools help us automate many manual security tasks, guaranteeing our customers' environments will be secure."
"Its blades and VSLS (Virtual System Load Sharing) work fine."
"The Identity Awareness blade and dynamic tagging in Azure are valuable because they make access management automatic. Instead of manually setting up access for each new resource, it happens automatically based on the same access policy. This dynamic setup is scalable."
"The tool's most valuable features for us are threat prevention, HTTPS inspection, and the Anti-Bot blade. Threat prevention helps to protect our assets from threats. HTTPS inspection ensures secure communication, and the Anti-Bot blade is particularly helpful in detecting C2 servers, enhancing our ability to identify malicious activities and protect our network."
"Centralized administration with multiple services, which allows for execution in several important functionalities of information security."
"Content protection, content inspection, and the application level firewall."
"What I found most valuable is the cost of the platform, the flexibility of the platform, and the fact that the ongoing fees are not there as they are with the competitor. Some people may think you're taking a risk with using Opensource. I think it just provides the end user, specifically for us small, medium business providers of services, the flexibility we need at the right cost to provide them a higher end, almost enterprise type service."
"The ability to perform packet captures on the command line and via the GUI is useful for diagnosing problems."
"For everyday tasks, we just get alerts. It's anything that's suspicious, including from our Netgate. So, it's part of how we maintain cybersecurity in our school. This is working alongside our endpoint security solution."
"The most valuable features are the VPN and the capture photo."
"We've found the stability to be very good overall."
"The plugins or add-ons are most valuable. Sometimes, they are free of charge, and sometimes, you have to pay for them, but you can purchase or download very valuable plugins or add-ons to perform internal testing of your network and simulate a denial-of-service attack or whichever attack you want to simulate. You can also remote and monitor your network and see where the gap is. Did you forget a printer port? Most attacks at the moment are happening through printers, and they can tell you immediately that you forgot to close the port of the printer. There are more than one million printers that are in danger, and everybody knows that hackers are using them to enter the network. So, you can download plugins to protect your network."
"Its reporting capabilities can be improved. It should have some out-of-the-box reporting capabilities and some degree of customization. The basic reporting that it currently has is not sufficient to create more usable reports. It needs some sort of out-of-the-box reporting. They try to make customers purchase FortiAnalyzer for this kind of reporting, which is an additional cost. Other firewall vendors, such as SonicWall and Sophos, provide this sort of reporting without any additional cost."
"The captive portal could be improved."
"Lacks sufficient security options."
"It is stable, but its stability can be improved."
"I would like Fortinet to add more automation to FortiGate."
"Fortinet FortiGate could improve by having more capabilities for troubleshooting VPN connections. For example, I do get some feedback about the current status, but I could use some history and logging of important events. The information is logged in our Syslog server, but I could use that information from the device. If they could provide a GUI to have some more insight on what's going with my VPN would be useful."
"With the addition of some features, it is possible that FortiGate can be used in all verticals."
"The initial setup is complex."
"The solution is not that flexible when deploying on-prem."
"New features have been introduced recently, but they have not yet been integrated into CloudGuard Vsec."
"At CPX, we heard that we can see all the things on the same platform. That is what we have been asking for, and hopefully, we are going to start seeing it this year."
"I would like to see more focus on east-west traffic inspection and AWS."
"From the policy optimization point of view, they can do better. This is not just for CloudGuard. CloudGuard is one little piece managed by Check Point. They can also integrate a third-party policy management solution to improve that. For example, Tufin is focused on policy optimization and management."
"The management console can be simplified because at the moment, it is a bit of a challenge to use."
"The challenge mainly revolves around the slower functionality of virtual IP switching in Azure Virtual Network compared to on-premise solutions. On-premise, switching between clusters is faster, taking only a few seconds, while in Azure, it can extend up to five minutes. The downtime is a concern for us."
"The operations require skilled manpower with extended experience of working with networking systems for better results."
"I'd like to find something in pfSense that is more specific to URL filtering. We have customers who would like to filter their web traffic. They would like to be able to say to their employees, "You can surf the web, but you cannot get access to Facebook or other social media," or "You can surf the web, but you're not allowed to gamble or watch porn on the web." My technicians say that doing this kind of stuff with pfSense nowadays is not easy. They can implement some filters using IP addresses but not by using the names of the domains and categories. So, we are not able to exclude some categories from the allowed traffic, such as porn, gambling, etc. To do that, we have to use another product and another web filter that uses DNS. I know that there are some third-party products that could work with pfSense, but I'd like the native pfSense solution to do that."
"The user interface can be improved to make it easier to add more features. And pfSense could be better integrated with other solutions, like antivirus."
"The solution could improve by having centralized management and API support online."
"I have been using WireGuard VPN because it is a lot faster and more secure than an open VPN. However, in the latest version of pfSense, they have removed this feature, which is one of the main features that I need. They should include this feature."
"I would like to see SD1 integration into the software. That would be fantastic."
"Their support could be better in terms of the response time."
"The GUI. There are TONS of plugins for pfSense, as such, if a user wants to add quite a bit of functionality, the GUI will feel a little congested."
"pfSense is not user-friendly. I hope to have something to make the interfaces more user-friendly."
More Check Point CloudGuard Network Security Pricing and Cost Advice →
Check Point CloudGuard Network Security is ranked 12th in Firewalls with 112 reviews while Netgate pfSense is ranked 1st in Firewalls with 128 reviews. Check Point CloudGuard Network Security is rated 8.6, while Netgate pfSense is rated 8.6. The top reviewer of Check Point CloudGuard Network Security writes "The solution has good threat emulation, threat extraction, and reporting features". On the other hand, the top reviewer of Netgate pfSense writes "User-friendly, easy to manage the firewall, rule-wise and interface-wise". Check Point CloudGuard Network Security is most compared with Azure Firewall, VMware NSX, Cisco Secure Firewall, Palo Alto Networks VM-Series and Cisco Secure Workload, whereas Netgate pfSense is most compared with OPNsense, Sophos XG, Sophos UTM, Cisco Secure Firewall and KerioControl. See our Check Point CloudGuard Network Security vs. Netgate pfSense report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.