We performed a comparison between Check Point CloudGuard Network Security and Fortinet FortiGate based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Check Point is notable for its VPN Blade, IPS Blade, URL filtering, and Applications Control Blade. It provides advanced threat prevention, centralized management, and a focus on cloud security. Fortinet FortiGate is commended for its all-inclusive bundle solution, user-friendly interface, and robust security capabilities.
For Check Point, there are areas that could be improved including cluster creation on AWS, data protection visibility, DLP feature, user interface, integration, cost reduction, documentation, and flexibility in deployment. Fortinet FortiGate could benefit from enhancements in SSL VPN, multi-factor authentication, reporting capabilities, GUI interface, software support, scalability, user interface, web application firewall and DDoS protection, troubleshooting of VPN connections, and protection against attacks and ransomware.
Service and Support: CloudGuard Network Security's customer service has received mixed feedback, with some customers expressing satisfaction with the technical support, while others have mentioned concerns regarding response time. Some Fortinet customers have found the support to be good, while others have felt the need for improvement.
Ease of Deployment: Check Point offers an initial setup that is straightforward and simple, although it may require technical expertise. The deployment time for this solution can range from one day to a few days. Fortinet FortiGate's setup is generally not too complex and straightforward, with deployment times varying from a few hours to two months.
Pricing: Check Point CloudGuard is known for its high setup cost, however, it provides excellent security and value. Fortinet FortiGate offers a reasonably priced and competitive setup cost, with a good balance between price and performance. That said, some users have mentioned that the renewal price for FortiGate is often higher than the initial purchase price.
ROI: CloudGuard Network Security has demonstrated a return on investment (ROI) ranging from 80% to 85%. Users have experienced increased benefits and found that management is easier compared to other options. Fortinet FortiGate has proven to be cost-effective, resulting in savings. Additionally, it has enhanced security measures, delivering positive outcomes.
Comparison Results: Check Point CloudGuard is the preferred choice when compared to Fortinet FortiGate. Users appreciate CloudGuard's user-friendly interface, ease of use, and comprehensive security features like VPN, IPS, URL filtering, and Applications Control Blade. CloudGuard also offers scalability, stability, and a focus on cloud security.
"It is scalable. It's a cloud solution, so it's easy to implement and manage."
"The ease of deployment has been nice. It is like managing any of our on-prem firewalls."
"Now, we can filter which websites users can access and block categories that are a risk. For example, we can block social media and gambling sites. This has helped to decrease the risk of access to malicious content on the internet."
"Advanced check prevention is a great feature that provides threat intelligence at speed."
"It is dynamic and agile, and its features and utilities continuously improve and evolve."
"The installation process doesn't take very long."
"Some retail customers find the scale-up and scale-down features valuable, particularly with scale sets. This is useful for handling increased loads on devices and utilizing firewalls, similar to on-premises setups with active standby configurations."
"I like the firewall and the virtual machine. I also like that it's compatible with Amazon Web Services and Azure."
"Fortinet FortiGate protects against internet-based threats, both internal and external. It is scalable, stable, easy to use, and easy to install."
"The most valuable features are the policies, filtering, and configuration."
"Fortinet FortiGate is user-friendly and affordable."
"The most valuable features are simplicity, management, and that it's constantly evolving."
"The web filtering feature and the intrusion protection system are the most valuable. It is a resilient appliance. I never had an issue with it in terms of any security breaches."
"Fortigate is very scalable to serve our customers' needs. We have scaled already from fifty to more than a hundred instances of Fortinet FortiGate. Around 20 staff are required for deployment and maintenance, mostly engineers."
"We are using the FortiGate 100D series. VPN, firewall, anti-malware, OTM, and intrusion prevention are useful features."
"The scalability is good in Fortinet FortiGate."
"I want the upgrades of their CloudGuard solution to major versions to be easier. We have had a few small hiccups. They have different types of cloud clusters called Geo Clusters, and those just cannot be upgraded past a certain point, which is a hurdle that we are currently experiencing."
"It's meeting our needs at this time. If I could make it better, it would be by making it more standalone. That would be beneficial to us. I say that because our current platform for virtualization is VMware. The issue isn't any fault of Check Point, it's more how the virtualization platform partners allow for that partnership and integration. There has to be close ties and partnerships between the vendors to ensure interoperability and sup-portability. There is only so far that Check Point, or any security vendor technology can go without the partnership and enablement of the virtualization platform vendor as it relies on "Service Insertion" to maintain optimal performance."
"The product needs to improve technical support."
"I haven't used CloudGuard Network Security in the past couple of years as I moved out of the network security role. However, based on my previous experience, there were improvements, especially in in-place upgrades. Regarding cost, it might be potentially cheaper considering resource utilization in Azure and VM costs, but licensing could be improved, possibly moving towards a simpler model."
"With the incorporation of a lot of AI and machine learning, they can build some sort of a matrix for low-level threats or low-level things that require attention. There can be automation of those tasks so that we don't have to take more time and effort. There should be machine learning to eliminate level-one types of tasks."
"CloudGuard Network Security needs to include new features. One specific feature I would like to see is the ability to protect external resources using single sign-on integration with various identity providers, including custom identity providers. Its pricing could also be cheaper."
"Clustering in Azure is a bit different, not using the Check Point cluster but relying on load balancing. It's not as instant as I'm used to; in Azure, it might take around half a minute to a minute, and during this time, services could be down. The delay is attributed to Azure using its load balancing mechanisms instead of the Check Point cluster."
"The challenge mainly revolves around the slower functionality of virtual IP switching in Azure Virtual Network compared to on-premise solutions. On-premise, switching between clusters is faster, taking only a few seconds, while in Azure, it can extend up to five minutes. The downtime is a concern for us."
"Scalability for Fortinet FortiGate needs to be improved. SD-WAN security for this solution also needs some improvement."
"They should improve high CPU and memory usage that occurs."
"Stability and technical support are the two major issues I have found with Fortinet."
"Fortinet doesn't provide multiple virtual firewalls which would facilitate end users and customers."
"The debugging and troubleshooting has room for improvement."
"The scalability could be better."
"I don't like that anything more than very basic reporting is not included."
"The Wi-Fi controller needs a lot of improvement."
More Check Point CloudGuard Network Security Pricing and Cost Advice →
Check Point CloudGuard Network Security is ranked 4th in WAN Edge with 119 reviews while Fortinet FortiGate is ranked 1st in WAN Edge with 306 reviews. Check Point CloudGuard Network Security is rated 8.6, while Fortinet FortiGate is rated 8.4. The top reviewer of Check Point CloudGuard Network Security writes "The solution has good threat emulation, threat extraction, and reporting features". On the other hand, the top reviewer of Fortinet FortiGate writes "It's a reliable solution that's easy to install and cheaper than competitors ". Check Point CloudGuard Network Security is most compared with Azure Firewall, VMware NSX, Cisco Secure Firewall, Akamai Guardicore Segmentation and Palo Alto Networks VM-Series, whereas Fortinet FortiGate is most compared with Sophos XG, Cisco Secure Firewall, Netgate pfSense, Meraki MX and Check Point NGFW. See our Check Point CloudGuard Network Security vs. Fortinet FortiGate report.
See our list of best Software Defined WAN (SD-WAN) Solutions vendors, best WAN Edge vendors, and best Firewalls vendors.
We monitor all WAN Edge reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Hi,
I've been working with gateprotect UTM recently. It's cost effective and much easy to work with compared to Fortinet and Checkpoint UTM.
www.gateprotect.com
With the quick guide packed with screen shots, and clear simple instructions, you'll get to know how easy and simple it is to get the gateprotect UTM up and running in no time.
www.gateprotect.de
Also note gateprotect UTM has been identified as a top choice for SMB in Gartner UTM firewall survey, which makes it a reliable product/solution.
www.gateprotect.com
www.gateprotect.com
Go for checkpoint
regards
kapil yadav
Hi
Both options are good but i would recommend the Cyberaom as i have had a
chance to work with it before.
Other options is Cisco Ironport .
Regards
Brian
Hi Russell,
I advise you to go with Sophos if not I advise you to go with Fortinet.
Did you ask your team to check Sophos demo I sent?
Regard
Maroun Jean Abboud
Mobile : 00961 70943122
Skype :maroun_abboud1
Both devices are good. Checkpoint is one of the market leader who gives a
good UTM solution. Fortinet is cheaper when compare to checkpoint and
flexible.
You may try the Paloalto which gives more attention on zero day attacks.
Thanks & Regards /*Ramesh M*
At this point in time all of the major firewall vendors marketing Next-Gen firewalls provides similar features. I recently participated in a 2 day meeting with sales and engineers with Fortinet. I have to say Fortinet has come a long way in the last few years and am beginning to like their product more and more. In terms of feature set the two products are nearly identical.
When comparing the two vendors there a clear separation in which product focus is clear. Fortinet is a major winner in their smaller units and provide the most bang for your buck. When central management with datacenter and enterprise sized firewalls are required you will find Checkpoint is the leader. In your question you mention CheckPoint UTM. When mentioning this I immediately think of the UTM-1N (old Model) or 620 (New Model). This is a standalone unit and is in the $500.00 - $800.00 range. A comparable unit would be a Fortinet FG-30D. These are the lower end units and I would not recommend them for a solution involving the number of product blades/features you have listed. I have a FotiWifi-60D for my home and it works quite well. I have all the blades configured and enabled. In my home we have 3 sometimes 4 occupants running games and/or streaming video constantly. We average 90GB of internet traffic a month. I have found the FortiWifi-60D able to keep up with the load but at times does peak in CPU and Memory.
A major difference between Fortinet and Checkpoint is their GUI. I find the Checkpoint GUI to be much more intuitive and easier adapt to for new users. Fortinet on the other hand, excels in the CLI with a Cisco/Avaya mixed interface and help structure. Checkpoint is Linux based and almost any Linux command functions on their systems, however, there is limited tab completion and no mid command assistance.
In regards to the firewall blade aka port based firewall I do not see one vendor being better than the other. I would leave this as a preference for what you are used to and what works best for you.
I am going to lump Web Filtering, Layer7- App Filtering together. Both Fortinet and Checkpoint have powerful next-gen capabilities. Both vendors approach web filtering application filtering in a similar way. Utilizing category based URLs and Applications with recommended risk levels. Fortinet published their application/web catalogs at www.fortiguard.com. Checkpoint published their URL categorization at www.checkpoint.com and Application Catalog at appwiki.checkpoint.com At this time I can confirm Checkpoint has 6,578 applications identified while Fortinet has roughly 3,500 (Please confirm with your sales rep on this number as I got it from their catalog’s last displayed number of applications and it could have been a display limit rather than the total identified).
I do not have experience with Checkpoint’s IPS and Antivirus in an implemented production use so I can’t provide am accurate comparison. Based on Fortinet’s demos and my experience I would say that it is a comprehensive product. Due to Fortinet’s market (Non-enterprise businesses) and their licensing model (comprehensive of all features) they have a higher rate of discovery, writing a signature, and deploying it than Checkpoint. Also if you purchase the FortiSandbox (enterprise class product) you will have a good result for zero-day attacks.
In the VPN space I currently have a preference for CheckPoint. I find that their approach is very simple, easy to understand, and reliable. Fortinet provides a Wizard based configuration for their VPN tunnels as well as a manual creation process. I find the approach to be more complicated than it needs to be.
Note on Sizing… When it comes to FortiGate if you can afford it start your specs at FG-100D. I have found the lower models to have some quirks. If you are looking for a centrally managed solution Checkpoint includes base central management with all of their models starting at 1100. If you are going to centrally manage your firewalls I would suggest purchasing a VM based Open Server for management and logging. The equivalent would be a FortiManager.
I hope this helps,
Christopher L. Butler
Christopher L. Butler CCP-Network, CCA-Netscaler
We have chosen Fortinet after a long evaluation effort, while CheckPoint was our next best option. So you can't go terribly wrong with either. The reason we chose Fortinet is that it provided us a better bang for the buck. Be careful, however, with the advertized throughput of Fortinet devices as you often get only 50-70% of the advertized value, so size your devices accordingly.
One thing to consider is that UTMs are often not as good as a dedicated product, especially when it comes to web proxies. You should carefully consider your requirements and compare them with the capabilities of the UTMs you are considering. One tricky issue we are facing is web proxies for mobile devices, and there we are considering a cloud-based web proxy solution.
As far as dollars per protection, I would say Fortinet is your solution. I found this article pretty helpful: www.itgweb.com