We just raised a $30M Series A: Read our story

Check Point NGFW Competitors and Alternatives

Get our free report covering Fortinet, Microsoft, Palo Alto Networks, and other competitors of Check Point NGFW. Updated: November 2021.
554,529 professionals have used our research since 2012.

Read reviews of Check Point NGFW competitors and alternatives

Chris Booyens
IT Manager at Thyme IT
Real User
Top 20
A rock-solid and sensible product that works very well, comes at a fair price, and requires minimal handling

Pros and Cons

  • "There are many features. VPN, firewalling, and intrusion detection are the main features that are most useful for us at this time."
  • "Their support is fairly good, and they come back to me. I've had an issue once or twice where I couldn't understand what the support person was saying because those calls were probably routed to India. They were a bit difficult to understand, but it is generally not an issue."

What is our primary use case?

We use it for firewalling. Lately, we are also using it for remote access or VPN access for the users to the firewall and then onto the local network for people working from home. We've seen a huge jump in work from home. Everybody is working from home, so we need a secure connection to the office.

I am not using its latest version. I normally wait for a couple of months before upgrading the unit to make sure there are no bugs or issues. I check on the forums to see what other people are saying and whether there are any issues. 

What is most valuable?

There are many features. VPN, firewalling, and intrusion detection are the main features that are most useful for us at this time.

What needs improvement?

Their support is fairly good, and they come back to me. I've had an issue once or twice where I couldn't understand what the support person was saying because those calls were probably routed to India. They were a bit difficult to understand, but it is generally not an issue.

For how long have I used the solution?

I have been using this solution for seven years.

What do I think about the stability of the solution?

It is stable. We've been dealing with it for such a long time. We know exactly how to set it up. Sometimes, clients have got funny ideas, and I just say to them, "You tell me what you need, and I'll do the config and set it up." I've got two clients who have got technical skills. One of them is fairly proficient on Sophos, so he does the work as well, but for most of our other clients, we set it up, and there are no issues. It just works.

What do I think about the scalability of the solution?

It is scalable provided you purchase the correct product. We do a bit of homework. We don't just sell you the first device on the list because that's not always suitable. We do a scope of the client's business. They may be a startup with just five users, but they might have a plan to have 100 or 200 users. We need to just size according to what they anticipate to be. It is no good if we sell them an entry-level device now, and two months later, it is too small. We purchase according to a client's requirements.

We've got clients with four users, and the number can go up to hundreds. I'm currently busy setting one up for 150 users, and obviously, there is much more work involved in doing the remote VPN setups.

How are customer service and technical support?

I use the local support in South Africa. If they can't help me, then I log a case with their international support. They're fairly good, and they come back to me. 

I've had an issue once or twice where I couldn't understand what the support person was saying because those calls were probably routed to India. They were a bit difficult to understand. They spoke so fast, and I could not hear what they were saying, but it is generally not an issue. It is not a showstopper, and we manage to work. If I don't understand, I say to them, "Can we rather chat by email?", which makes it a lot easier.

Which solution did I use previously and why did I switch?

There some other firewalls that my company is using, but they're way below in terms of specs and what they can do. Sophos XG is a layer 7 firewall, and most of the others are only layer 2 firewalls. Sophos is far superior. 

I do not have any knowledge about Cisco, Juniper, or other firewalls. I don't really use them. I use some open-source firewalls, but they're also a lot lighter. I've got one or two very small clients or non-profits where we run an open-source firewall, but the feature set is way limited compared to Sophos.

Sophos XG comes in at a fair price as compared to some of the other products out there. Its learning curve wasn't that steep. It makes sense, and it is a sensible product. It is not like some of the other products.

How was the initial setup?

It is simple for me. I've done so many setups. I can probably do these things in my sleep. In fact, I have got one in front of me now that I need to configure and install. I'm fairly proficient in the use of these devices. I'm happy with it.

The deployment duration depends on the setup. Some simple setups can be up and running within two hours. Complex ones most probably will take four to six hours. It also depends on the client's needs. Some of them have simple requirements, and they just want firewalling and one or two remote-access VPNs. Others have got a complex setup where we need to set up cameras and VoIP telephone systems. It all depends on a client's requirements.

It doesn't require any maintenance because the definitions are auto-updated. I've got a dashboard where I can manage all of the firewall devices from one dashboard. If I want to upgrade the software on 20 of them, I'll log onto the dashboard and upgrade the software just by selecting it and saying upgrade the software, and it is done. It requires very minimal handling on a day-to-day basis. Antivirus definitions, scanning definitions, and all those things are auto-updated anyway.

What's my experience with pricing, setup cost, and licensing?

It comes at a fair price as compared to some of the other products out there. Its price is in the middle. It is not the cheapest, and it is also not as expensive as Juniper, Check Point, and definitely Cisco. Nowadays, everybody is very cost-sensitive, and people don't want to spend unnecessary money, but even before that, it was a fairly priced product.

You've got your choice of what license you want. There are basically two types of licenses, and it depends on what you need to do, and everything is included in that license. There is no cost for VPN and DMZ. You purchase the license, and you know upfront what you're getting or what you're not getting, and that's it. It is one license fee and done and dusted.

What other advice do I have?

I would definitely recommend this solution to others. I recommend it to all my clients. I'm using it at home as well, and it works great. I'm fairly proficient in it, so I'm very confident. I can recommend it to anybody and everybody. It is a great product, and I've got no issue with it.

I would rate Sophos XG a ten out of ten. It is a rock-solid product that works. We've so many deployments of this solution. I'm just happy with it. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Rauf Mahmudlu
Network Engineer at a energy/utilities company with 10,001+ employees
Real User
Top 20
Capable of handling a lot of traffic, never had any downtime, and very easy to configure

Pros and Cons

  • "The configuration was kind of straightforward from the command line and also from the ASDM. It was very easy to manage by using their software in Java."
  • "One thing that we really would have loved to have was policy-based routing. We had a lot of connections, and sometimes, we would have liked to change the routing depending on the policies, but it was lacking this capability. We also wanted application filtering and DNS filtering."

What is our primary use case?

We were using ASA 5585 without firepower. We were using it just as a stateful firewall. We also had an IPS module on it. So, we were also using it for network segmentation and network address translations for hosting some of the services or giving access to the internet for our end users.

How has it helped my organization?

Initially, it was good. At the time we bought it, usually, IPS was in a different solution, and the firewall was in a different solution. You had to kind of correlate between the events to find the attacks or unwanted behavior in the network, but it had everything in a kind of single platform. So, the integration was great.

Our bandwidth was increasing, and the number of services that we were hosting was increasing. Our old solutions couldn't catch up with that. Cisco ASA was able to handle a lot of traffic or concurrent connections at that time. We had almost 5 million per week. We didn't have to worry about it not having enough memory and stuff like that. It was a powerful machine.

What is most valuable?

The configuration was kind of straightforward from the command line and also from the ASDM. It was very easy to manage by using their software in Java. 

High throughput, high concurrent connections, easy site-to-site VPN were also valuable. It also had the capability to do double network translations, which is really useful when you are integrating with other vendors for site-to-site VPN.

What needs improvement?

When we bought it, it was really powerful, but with the emerging next-generation firewalls, it started to lack in capabilities. We couldn't put application filtering, and the IPS model was kind of outdated and wasn't as useful as the new one. For the current state of the network security, it was not enough.

One thing that we really would have loved to have was policy-based routing. We had a lot of connections, and sometimes, we would have liked to change the routing depending on the policies, but it was lacking this capability. We also wanted application filtering and DNS filtering.

For how long have I used the solution?

We have been using it for around eight years.

What do I think about the stability of the solution?

Its stability is really great. It is very stable. We didn't have to worry about it. In the IT world, every time you go on holiday, you think that something might break down, but that was not the case with Cisco ASA.

Initially, we had just a single firewall, and then we moved to high availability. Even when it was just one hardware without high availability, we didn't have any problems. Apart from the planned maintenance, we never had any downtime.

What do I think about the scalability of the solution?

We feel we didn't even try to make it scalable. We had 30,000 end users.

How are customer service and support?

We haven't interacted a lot with them because we have our own network department. We were just handling all the problem-solving. So, there were only a couple of cases. Initially, when one of the first devices came, we had some problems with RAM. So, we opened the ticket. It took a bit of time, and then they changed it. I would rate them an eight out of 10.

Which solution did I use previously and why did I switch?

Our bandwidth was increasing, and the number of services that we were hosting was increasing. Our old solutions couldn't catch up with that. We had some really old D-link firewalls. They were not enterprise-level firewalls.

After our IPS subscription ended, we couldn't renew it because Cisco was moving to the next-generation firewall platform. They didn't provide us with the new license. Therefore, we decided to move to Palo Alto. The procurement process is taking time, and we are waiting for them to arrive.

How was the initial setup?

It was straightforward. Cisco is still leading in the network area. So, there are lots of resources where you can find information. There are community forums and Cisco forums, where you can find answers to any questions. You don't even have to ask. You can just Google, and you will find the solution. Apart from that, Cisco provides a lot of certification that helps our main engineers in learning how to use it. So, the availability of their resources was great, and we just followed their best-case scenarios. We could easily configure it.

The deployment took around two or three weeks because we had different firewalls. We had a couple of them, and we migrated all to Cisco. We also had around 30,000 rules. So, the data input part took a lot of time, but the initial installation and the initial configuration were done in a matter of days.

It took us one week to set up the management plane. It had different ports for management and for the data. After finishing with the management part, we slowly moved segments to Cisco. We consolidated the rules from other firewalls for one zone. After Cisco verified that it was okay, we then moved on to the next segment.

What about the implementation team?

We did it ourselves. We had about five network admins for deployment and maintenance.

What was our ROI?

We definitely got a return on investment with Cisco ASA. We have been using it for eight years, which is a long time for IT. We only had one capital expenditure. Apart from that, there were no other costs or unexpected failures. It supported us for a long time.

What's my experience with pricing, setup cost, and licensing?

When we bought it, it was really expensive. I'm not aware of the current pricing.

We had problems with licensing. After our IPS subscription ended, we couldn't renew it because Cisco was moving to the next-generation firewall platform. So, they didn't provide us with the new license.

Which other solutions did I evaluate?

I am not sure about it because back then, I was just an engineer. I didn't have decision-making authority, so I wasn't involved with it.

We recently have done pilots with Check Point and FortiGate for a couple of months. They were next-generation firewalls. So, they had much more capability than ASA, but because of being a pilot, we didn't get full-scale throughput like big enterprise-level firewalls. The throughput was not enough, and their memory cache was always filling up. They were smaller models, but both of them had the features that ASA was lacking. Traffic shaping in ASA is not as good, but these two had good traffic shaping.

What other advice do I have?

I wouldn't recommend this solution because it is already considered to be a legacy firewall.

I would rate Cisco ASA Firewall a strong eight out of 10. It is powerful, but it lacks some of the capabilities.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Maharajan S
CISO / Associate Vice President - IT Infrastructure at a pharma/biotech company with 501-1,000 employees
Real User
Top 5
Gives us more visibility into the inbound/outbound traffic being managed

Pros and Cons

  • "Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening."
  • "The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."

What is our primary use case?

We have an offshore development center with around 1,400 users (in one location) where we have deployed this firewall.

The maturity of our organization’s security implementation is a four out of five (with five being high). We do have NOC and SOC environments along with in-built access to our systems. 

We use Acunetix as one of our major tools. We do have some open source. There are a couple of networks where we are using the Tenable tool. We have implemented an SIEM along with a Kaspersky at the cloud level. In the Cisco firewall, we installed Kaspersky in the firewall logs which upload to Kaspersky for us to review back.

How has it helped my organization?

Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening.

What is most valuable?

The advance malware protection (AMP) is valuable because we didn't previously have this when we had an enterprise gateway. Depending on the end user, they could have EDR or antivirus. Now, we have enabled Cisco AMP, which give us more protection at the gateway level. 

The application visibility is also valuable. Previously, with each application, we would prepare and develop a report based on our knowledge. E.g., there are a couple business units using the SAS application, but we lacked visibility into the application layer and usage. We use to have to configure the IP or URL to give us information about usage. Now, we have visibility into concurrent SAS/Oracle sessions. This solution gives us more visibility into the inbound/outbound traffic being managed. This application visibility is something new for us and very effective because we are using Office 365 predominantly as our productivity tool. Therefore, when users are accessing any of the Office 365 apps, this is directly identified and we can see the usage pattern. It gives us more visibility into our operations, as I can see information in real-time on the dashboards.

What needs improvement?

The solution has positively affected our organization’s security posture. I would rate the effects as an eight (out of 10). There is still concern about the engagement between Cisco Firepower and Cisco ASA, which we have in other offices. We are missing the visibility between these two products.

We would like more application visibility and an anti-malware protection system, because we don't have this at the enterprise level.

The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team.

For how long have I used the solution?

Nearly a year.

What do I think about the stability of the solution?

So far, it has been stable.

We have around 32 people for maintenance. Our NOC team works 24/7. They are the team who manages the solution.

What do I think about the scalability of the solution?

Scalability is one of our major business requirements. We are seeing 20 percent growth year-over-year. The plan is to keep this product for another four years.

How are customer service and technical support?

We contacted Cisco directly when issues happened during the implementation, e.g., the management console was hacked.

Which solution did I use previously and why did I switch?

We used Fortinet and that product was coming to end of life. We had been using it continuously for seven years, then we started to experience maintenance issues.

Also, we previously struggled to determine who were all our active users, especially since many were VPN users. We would have to manually determine who was an inactive user, where now the process is more automated. It also had difficult handling our load.

How was the initial setup?

The initial setup was complex. We engaged NTT Dimension Data as there were a couple things that needed to be done for our requirements and validation. This took time to get signed off on by quality team. However, the configuration/implementation of the system did not take much time. It was a vanilla implementation.

We did face performance issues with the console during implementation. The console was hacked and we needed to reinstall the console in the virtual environment. 

What about the implementation team?

We were engaged with a local vendor, NTT Dimension Data, who is a Cisco partner. They were more involved on the implementation and migration of the firewall. Some channels were reconfigured, along with some URL filtering and other policies that we used for configuration or migration to the new server.

Our experience with NTT Dimension Data has been good. We have been using them these past four to five years.

What was our ROI?

We have seen ROI. Our productivity has increased.

The change to Cisco Firepower has reduced the time it takes for our network guy to generate our monthly report. It use to take him many hours where he can now have it done in an hour.

What's my experience with pricing, setup cost, and licensing?

Cisco pricing is premium. However, they gave us a 50 to 60 percent discount.

There are additional implementation and validation costs.

Which other solutions did I evaluate?

We also evaluated Check Point, Palo Alto, Sophos, and Cisco ASA. In the beginning, we thought about going for Cisco ASA but were told that Firepower was the newest solution. We met with Cisco and they told us that they were giving more attention going forward to Firepower than the ASA product.

We did a small POC running in parallel with Fortinet. We evaluated reports, capability, and the people involved. Palo Alto was one of the closest competitors because they have threat intelligence report in their dashboard. However, we decided not to go with Palo Alto because of the price and support.

What other advice do I have?

We are using Cisco at a global level. We have internally integrated this solution with Cisco Unified Communications Manager in a master and slave type of environment that we built. It uses a country code for each extension. Also, there is Jabber, which our laptop users utilize when connecting from home. They call through Jabber to connect with customers. Another tool that we use is Cisco Meraki. This is our all time favorite product for the office WiFi environment. However, we are not currently integrating our entire stack because then we would have to change everything. We may integrate the Cisco stack in the future. It should not be difficult to integrate since everything is a Cisco product. The only issue may be compliance since we have offices in the US and Europe.

We are now using a NGFW which helps us deep dive versus using a normal firewall.

Overall, I would rate Cisco Firepower as an eight (out of 10).

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Kshitij Singhai
Owner at Computech Associates
Real User
Top 5
Good web filtering facility and application control, very stable and scalable, and easy to deploy

Pros and Cons

  • "The web filtering facility and application control are the most valuable features from the point of view of our clients. The VPN feature is also quite popular amongst our clients. Two-factor authentication is one of the good features in Fortinet. These features are important for the current scenario of security. Security has become a necessity nowadays. With cyber-attacks becoming more common, protecting an organization's data is one of the major tasks. It is also very stable and scalable, and it is very straightforward to configure. Their technical support is also good."
  • "Security is a continuous process. In every product, there is a requirement for improvement. Its pricing should also be improved according to Indian market requirements. They must also improve on the reporting part. Its reporting can be more precise. If we can get a real-time report in a specific format, it will be helpful for customers to know about the current status of their security."

What is our primary use case?

We are basically system integrators. We design and implement firewall solutions for our customers. We also provide after-sales services. 

We have deployed this firewall for different types of clients. We are providing solutions starting with FG-30E, which is the lowest model in the FortiGate series, and up to 1000 series.

How has it helped my organization?

We understand a customer's requirement of current internet users. After that, we design a perfect solution through which they can not only protect their network but also have load balancing between multiple internet service providers. They can also have secure connectivity from a remote office by using a single box device.

What is most valuable?

The web filtering facility and application control are the most valuable features from the point of view of our clients. The VPN feature is also quite popular amongst our clients. Two-factor authentication is one of the good features in Fortinet. These features are important for the current scenario of security. Security has become a necessity nowadays. With cyber-attacks becoming more common, protecting an organization's data is one of the major tasks. 

It is also very stable and scalable, and it is very straightforward to configure. Their technical support is also good.

What needs improvement?

Security is a continuous process. In every product, there is a requirement for improvement. Its pricing should also be improved according to Indian market requirements.

They must also improve on the reporting part. Its reporting can be more precise. If we can get a real-time report in a specific format, it will be helpful for customers to know about the current status of their security.

For how long have I used the solution?

I have been working with this solution for the last 12 to 13 years.

What do I think about the stability of the solution?

It is very stable. We have been working with this solution for a long time, and we found it to be stable.

What do I think about the scalability of the solution?

It is a scalable solution, and you can also upgrade. They come up with a new feature every time. Whenever you're updating your firewall firmware, it is ready to mitigate threats available in the fiber scenario.

Our clients are small, medium, and large businesses. We have deployed it for small offices or retail stores as well as for big manufacturing units. We also have clients from Education and Healthcare. Some of the large companies have between 800 to 1,000-plus devices protected through this firewall.

How are customer service and technical support?

Their technical support is good.

Which solution did I use previously and why did I switch?

I have a little bit of experience with other firewalls such as Sophos and Check Point. There are some basic differences in the features and their functionality, but I cannot say that this one is the best, or this one is not good. I have more confidence in Fortinet FortiGate, so we are focusing only on this.

In terms of support, we had purchased a Check Point product for a customer, and we were trying to get support from the team, but it was very difficult. Sophos is okay in terms of support.

How was the initial setup?

Its initial setup is very straightforward. It is very easy if one knows the basic concepts. It has a graphical user interface, which makes it straightforward to configure. You can configure it step by step. The basic implementation of this firewall can be done in a very simple way. There could be some complexity at the Enterprise level, but at a basic level, it is very straightforward.

The deployment duration depends on the complexity level. A simple deployment can be completed in a few hours. A complex deployment can take one to two days depending upon the requirements. This is because, in addition to implementation, we also have to test the solution as per a customer's requirements to see whether it is fulfilling the given task or not.

What about the implementation team?

We are a very small company with seven to eight people. We have a total of three people working with firewalls. They're network and support engineers.

What was our ROI?

Our clients definitely get a return on investment. It is a really good product, and the stability of the product is a very important factor for our clients.

What's my experience with pricing, setup cost, and licensing?

Pricing and licensing is a little bit complicated in FortiGate. They are always on the higher side. This is one issue that we always raise with the company that they should reduce the price according to Indian market requirements. There are no costs in addition to the standard licensing fees.

What other advice do I have?

It is a good product, but I would always recommend selecting an implementer partner carefully. The implementor should be able to implement all the features so that you get the best benefits of the firewall. An implementation partner is very important. If you don't have a proper partner, you will probably end up with a mashup, and you won't be able to use all the features. Your performance might also not get optimized.

I would rate Fortinet FortiGate an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Channel Partner
Lipaz Hessel
Country Manager and Solution Architect at Gilat telecom
Real User
Top 5
Good console management, but the interface is not user-friendly and application filtering needs finer granularity

Pros and Cons

  • "The most valuable feature is the console management."
  • "If I want to allow access to Facebook, yet not allow the user to access videos, then I am not able to do it with this product."

What is our primary use case?

We had planned on using this product as our multi-tenant firewall. After one year, we stopped using it because there was a problem with supporting some of the protocols.

What is most valuable?

The most valuable feature is the console management. It is very good and the security was great.

What needs improvement?

The interface is not user-friendly.

We were told that we would receive training but it came late and we had already started to deal with the product, which ultimately caused problems because we did it incorrectly. If the vendor focused more heavily on training as opposed to implementation then it would be a big improvement.

The UTM features are missing.

Application filtering is supported at a high level, but not at a low level. If I want to allow access to Facebook, yet not allow the user to access videos, then I am not able to do it with this product. Essentially, I'm allowed to block but I'm not allowed to limit. With other vendors, I can impose limits.

They need to add support for the Routing Information Protocol, RIP.

There is no support for the Built.io NIC driver.

For how long have I used the solution?

I had been working with the Forcepoint Next Generation Firewall for about one year.

What do I think about the stability of the solution?

We had Forcepoint NGFW running on a virtual machine and it was very stable.

What do I think about the scalability of the solution?

From the design that we took, it had the ability to scale up to 250 clients. That was good for what we needed but we failed with the first customer and could not complete the implementation for the second one.

In our environment, we had ten users.

How are customer service and technical support?

We contacted technical support but it was not the typical support situation where we opened a ticket and they responded. We were in contact with them directly. Because it was irregular, I cannot judge how good or bad the support would normally be.

Which solution did I use previously and why did I switch?

We are currently using three other vendors including Check Point, Fortinet, and Palo Alto. These have always been there but we were hoping to add Forcepoint as another option.

How was the initial setup?

The initial setup is complicated and difficult to do.

By comparison, we have a very large number of products implemented in our environment and we can deploy most of them ourselves.

The deployment took almost seven months and ultimately, we failed. During our work on the deployment, we had two people handling the maintenance.

What about the implementation team?

We received assistance directly from the vendor. There were several people who took part in the implementation including five from our side, one from the vendor, and two from the distributor. The help that we received from them was awesome.

The distributor knows the product more from a theoretical point of view. When it comes to the hands-on experience, they know the basics. When the person from the vendor came, they knew more about the product but had no experience with the multi-tenant aspect. So, for the part that we needed, they were failing. We spent a lot of time and received help from different people, and it was still a failure in the end. We disposed of the product.

What's my experience with pricing, setup cost, and licensing?

We paid for a subscription license, vendor support, and the training.

Which other solutions did I evaluate?

We are a large service provider and we are always looking for new solutions. We had evaluated solutions by Sophos and SonicWall, although we decided that we were going to try Forcepoint.

We would not say No to another try with Forcepoint if, for example, they come back to us with a new version in another year. It would have to have documentation to show that what we want to do is now supported.

What other advice do I have?

We tried a few implementations and we did not have very much success because the interface is not user-friendly and the product is complicated. If we had the training on time then it may have been easy but that wasn't the case.

The biggest lesson that I learned from using this solution is that you can't trust what people tell you. When they say that they will take care of things and support it, that is not included.

My advice for anybody who is implementing this solution is to make sure that the training is completed first, ahead of trying to implement it.

I would rate this solution a four out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Get our free report covering Fortinet, Microsoft, Palo Alto Networks, and other competitors of Check Point NGFW. Updated: November 2021.
554,529 professionals have used our research since 2012.