We performed a comparison between Check Point NGFW and Cisco Secure Firewall based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Check Point users are happier with its VPN and with its pricing. However, Cisco Secure users are happier with its service and support.
"What I like the most is the configuration and that it's simple, and straightforward to maintain."
"It's a firewall that secures our internal network. I have been using it since 2013, and I find that most of the features are advanced, and very user friendly."
"It is very flexible to use."
"It performs very well."
"The scalability of Fortinet FortiGate is good."
"The license management is very valuable. You can get a new license each year, or you can enroll every two to four years. You can get the logs, and you will get the information on the risk in your network and the entire organization. With this information, you can take action on your actives, computers, or devices. You can bring your own device as an SSE."
"Initial setup is straightforward. There weren't too many issues with setting it up. It takes one hour or so."
"Fortinet has a very good solution for Secure SD-WAN. One very good feature is that they have robust and simple FortiOS through which they provide all solutions. That's their strength. There's not much complexity involved with the Secure SD-WAN solution of Fortinet as compared to Cisco's solution, which has a lot of flexibility but complexity also comes with that flexibility."
"With the outstanding capabilities of Check Point, we managed to have stable site-to-site VPNs with all our partners and with every other vendor's devices."
"From the logs, you can trace back to the rule with a click, which makes it easy to investigate cases."
"We have between five and ten firewalls on-premises, and if we want to configure or push the same configuration to all of the firewalls, then the centralized management system is very helpful."
"It's quite a stable solution."
"Check Point firewalls have significantly improved our ability to detect and prevent threats."
"I like the GUI."
"We can precisely determine who has access rights and who is granted permission, regardless of their connection point."
"The event logs are relatively informative and can provide information on why traffic was accepted or rejected."
"Clustering architecture which offers zero downtime upgrades, keeping uptime close to 99.999%."
"I like its integration with the AnyConnect client. I also like how modular it is. For example, I can easily integrate the Umbrella add-on into it. We are planning on adding Umbrella. We haven't added it yet, but we have researched."
"One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses."
"Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch."
"The most valuable features are the flexibility and level of security that this solution provides."
"All the features except IPS are valuable. IPS is not a part of my job."
"I like the way Firepower presents the data. It gives you two classifications for the evidence, something based on the priority of the evidence and another classification based on the impact of the evidence in your environment. This makes it very easy to spot the evidence that is most impactful to my environment. Instead of having to go through all the evidence based on that priority, I can focus on the evidence that has the most impact on my environment."
"A good intrusion prevention system and filtering."
"Fortinet needs to overhaul its documentation."
"The reports are very basic."
"Fortinet FortiGate needs to improve the protection, it did not prevent us from being attacked. Additionally, Fortinet FortiGate could provide more features for WAF devices. I should not have to purchase two solutions, it would be a benefit to combine these features into one solution."
"It can be a little bit more user-friendly in terms of policy definition and implementation. It seems a little bit complicated, and it could be simplified."
"The stability of Fortinet FortiGate could improve."
"The reporting in Fortinet FortiGate could improve. Customers are having to purchase additional reporting components. When I have used the Sophos solution it is a complete solution, in Fortinet FortiGate you have to use additional tools to have the features needed."
"With FortiGate, the main complaint that I have heard is about the technical support."
"I would like to see more advanced developments of a wireless controller in the future."
"It's too expensive for mid-market companies."
"The web UI for VSX could be better."
"The policy installation length is still too long. It was promised that the time would be severely reduced in newer versions, but it is still too long."
"We have run into an interface expansion limitation, and thus it would be helpful if products lower in the stack would offer more interface expansion options."
"The need to offer scheduled policy pushes in Smart Console."
"The firewall throughput or performance reduces drastically after enabling each module/blade."
"This product has room for improvement in technical support for Africa."
"It should allow more than two internet providers in its configuration of "ISP Redundancy"."
"If Cisco could stop rebranding, combine all the CLIs/GUIs, and give a consistent experience, this would be great."
"It's not unexpected, but it's a common scenario where customers request dual layers of security. For instance, when dealing with regulatory compliance, especially in financial sectors regulated by entities like the Central Bank, having two distinct units is often mandated. If a client predominantly uses a solution like Palo Alto, they may need to incorporate another vendor such as Cisco or Forti. Importantly, there's a significant disparity in interfaces and management platforms between these vendors, necessitating careful consideration when integrating them into the overall security architecture"
"The solution has not had any layer upgrades. It does not have layer five and upwards, it only has up to layer four. This has caused some problems for us."
"I would like to see the inclusion of more advanced antivirus features in the next release of this solution."
"The main problem we have is that things work okay until we upgrade the firmware, at which point, everything changes, and the net stops working."
"As it’s a GenX firewall, expertise for both implementation and troubleshooting the pain points can be a challenge. This could be a concern when companies are thinking about buying this product."
"The service could use a little more web filtering. If I compare it to Cyberoam, Cyberoam has more the web filtering, so if you want to block a website, it's easier in other solutions than in Cisco."
"Critical bugs need to be addressed before releasing the version."
Check Point NGFW is ranked 5th in Firewalls with 275 reviews while Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews. Check Point NGFW is rated 8.8, while Cisco Secure Firewall is rated 8.2. The top reviewer of Check Point NGFW writes "Good antivirus protection and URL filtering with very good user identification capabilities". On the other hand, the top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". Check Point NGFW is most compared with Palo Alto Networks NG Firewalls, Sophos XG, Netgate pfSense, Azure Firewall and OPNsense, whereas Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and OPNsense. See our Check Point NGFW vs. Cisco Secure Firewall report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.