We performed a comparison between Check Point CloudGuard Network Security and Cisco Secure Firewall based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Check Point CloudGuard Network Security provides useful features including VPN Blade, IPS Blade, URL filtering, and Applications Control Blade. Cisco Secure Firewall offers features such as threat defense, dashboard visibility, and application visibility and control.
For the Check Point CloudGuard Network Security, users suggest enhancing their support system, adding features like cluster creation on AWS and a managed web portal. They also recommend providing more visibility on data protection and improving documentation and support services. As for Cisco Secure Firewall, improvements are needed in network performance, policy administration, customization options, web filtering, user-friendly management interface, performance for IPS, and functionality in public clouds.
Service and Support: While some customers have praised the technical support of Check Point, others have faced response delays. Cisco Secure Firewall's customer service has garnered mixed review. Some customers appreciate the immediate solutions provided by their technical support, while others have mentioned delays and difficulties, particularly with Firepower.
Ease of Deployment: Check Point CloudGuard Network Security is generally considered easy and user-friendly for setup. However, it can be complex for some users and may require technical expertise. The deployment time varies depending on the number of customers or websites. Cisco Secure Firewall's initial setup reviews are mixed. Some find it difficult, while others find it straightforward. Cisco offers resources and documentation for assistance, yet the complexity can vary depending on the user's experience.
Pricing: The cost of setting up Check Point CloudGuard Network Security is perceived as high by most. There are, however, flexible pricing options with various discount models. Opinions on the pricing of Cisco Secure Firewall differ, with some finding it expensive and others considering it moderate.
ROI: Check Point CloudGuard Network Security consistently delivers a strong ROI of 80% to 85%, offering improved advantages and simplified administration. Cisco Secure Firewall exhibits fluctuating ROI, with some positive returns observed.
Comparison Results: Check Point CloudGuard Network Security is the preferred choice when compared to Cisco Secure Firewall. Users find the initial setup of Check Point CloudGuard Network Security to be easy, straightforward, and user-friendly. Check Point CloudGuard Network Security is highly praised for its valuable features such as VPN Blade, IPS Blade, URL filtering, and Applications Control Blade.
"The notable features that I have found most valuable are that it includes the antivirus, and also IPS, and even SD-WAN."
"The most valuable features of Fortinet FortiGate are the ease of use and there are several operating systems that can include the hardware capacities. In the newer releases, the resources were more useful because they were included in the operating system."
"Easy to implement, and it is also reliable."
"FortiGate Secure SD-WAN includes best-of-breed next-generation firewall (NGFW) security, SD-WAN, advanced routing, and WAN optimization capabilities, delivering a security-driven networking WAN edge transformation in a unified offering."
"There are lots of features and most of them are deployed for internet security. Users are protected if they accidentally go to some malicious sites."
"Fortinet FortiGate is a security device. It can optimize security on the networks of a company. It actually protects the company from attacks from outside. With FortiGate, you can categorize the users. You can create a group of users that can access all of the websites for their work. You can limit other users' access."
"Fortigate represents a really scalable way of delivering perimeter network security, some level of layer 7 security, WAF, and also a way to create a meshed ADVPN solution."
"The solution has very good threat and content filtering switches."
"The program is very stable."
"Customers appreciate the CME plugin for automatically understanding assets within the cloud. This information appears in the manager, allowing users to tag the assets and adjust policies and rules accordingly."
"Auto Scaling is one of the features that make me want to choose CloudGuard over actual HW."
"The VPN features in CloudGuard Network Security have been the most valuable for us."
"Its integration and use of features, such as advanced threat prevention, have helped us a lot with malware prevention and also with avoiding exposure to false positives."
"The product has allowed us to develop applications from the cloud - even with large environments and well-segmented security lines."
"We consolidated from three management consoles and three clusters to only one, which is a big improvement."
"The solution is reliable."
"The most valuable feature we have found to be the VPN because we use it often."
"Very good as a stateful inspection firewall."
"Firepower has reduced our firewall operational costs by about 25 percent."
"It is very stable compared to other firewall products."
"It has definitely improved our organization. It gives us remote connectivity, helps workers connect remotely, and also gives us good connectivity to our other branches."
"Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches."
"The features I found most valuable in this solution, are the overall security features."
"The ASA 55-x range is a solid and reliable firewall. It secures the traffic for normal purposes."
"Fortinet FortiGate can be integrated with different platforms. They have integrations in place, but I can't say they're 100%."
"My only complaint about FortiGate is a lack of QinQ VLAN tunneling. I haven't found this feature in any Fortinet product. You can do this on all Cisco routers, including the smaller models. However, QinQ isn't available on the biggest, most expensive Fortinet units. They still don't have that. I think now we're on software version 6.0, and they still haven't found a solution for QinQ. It isn't a dealbreaker, but that's my main complaint."
"Monitoring and reporting could be better."
"The initial setup and configuration are not intuitive and require training."
"One of the problems I was having was with user mapping, and it is an issue for which I have escalated tickets with Fortinet support."
"The customization could be improved. Cisco, for example, is much better at this. They need to work to be at least as good as they are."
"The user interface could be improved to make it less confusing and easier to set up."
"It should have a better pricing plan. It is too expensive. It should also have a more granular view of the attack. I don't have FortiAnalyzer, and it is difficult for me to have a complete view when there is an attack on my server."
"Check Point Virtual Systems is a complete solution, but pricing can be better."
"CloudGuard Network Security could be improved in the area of upgrading in place."
"The solution’s technical support, DNS security and training could be improved."
"The solution is not that flexible when deploying on-prem."
"We utilize logging systems, and geolocation is crucial for us as some applications must only be accessible from our country. However, there have been occasional issues with this feature."
"It can be difficult to install properly without prior training"
"I would like to see a step-by-step initial installation of the firewall. That would be really helpful. Like in Oracle appliances, when you start it asks you, what's your current IP address? An initial setup should be a step by step and intuitive process. You click on "begin," it asks you some simple questions. You fill in the blanks - your current IP address, what you want to do, you want to set up a site to site VPN, for example, that kind of thing. That would be the smartest thing to have."
"We have the product deployed on Azure China. One crucial concern is the version limitation; unfortunately, in Azure China, we are restricted to running version R80. Our architecture has a Load Balancer, VMSS CloudGuard, etc. The duplication in this setup prevents the application from seeing the original client IP. This poses a problem for certain applications that require the original IP for login purposes. Although we managed a workaround with a different architecture involving a WAF, it is not as straightforward as the standard Azure setup."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"The management of the firewalls could be improved because there are a lot of bugs."
"When we first got it, we were doing individual configuring. Now, there is a way to manage from one location."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"In Firepower, there is an ability to search and dig into a search, which is nice. However, I'm not a super fan of the way it scrolls. If you want to look at something live, it's a lot different. You're almost waiting. With the ASDM, where it just flows, you can really see it. The second someone clicks something or does something, you'll see it. The refresh rate on the events in Firepower is not as smooth."
"More intuitive support for SIP services are needed. This took a long time to configure properly for the user."
"Cisco wasn't first-to-market with NGFWs... they should look at what other vendors are doing and try not only to be on the same wavelength but a little bit better."
More Check Point CloudGuard Network Security Pricing and Cost Advice →
Check Point CloudGuard Network Security is ranked 12th in Firewalls with 112 reviews while Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews. Check Point CloudGuard Network Security is rated 8.6, while Cisco Secure Firewall is rated 8.2. The top reviewer of Check Point CloudGuard Network Security writes "The solution has good threat emulation, threat extraction, and reporting features". On the other hand, the top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". Check Point CloudGuard Network Security is most compared with Azure Firewall, VMware NSX, Akamai Guardicore Segmentation, Palo Alto Networks VM-Series and Illumio, whereas Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Juniper SRX Series Firewall. See our Check Point CloudGuard Network Security vs. Cisco Secure Firewall report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.