We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"You do not have to do everything through a command line which makes it a lot easier to apply rules."
"The implementation is pretty straightforward."
"Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch."
"Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"We have not had to deal with stability issues."
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
"Provides good integrations and reporting."
"In terms of the reporting, it's beautiful. It integrates with Azure monitoring and with Azure policies. That piece is a big help. You can set governing policies and you can use the application firewall, as well as the Azure Firewall, to enforce those policies."
"The solution should be capable of self-scaling, which is one of the features we like about it."
"I think that one of the best features is definitely the premium version, along with the IDPs in terms of the intrusion detection and prevention system."
"Microsoft's technical support is very good. They're quite knowledgable and responsive."
"Network filtering is valuable. The scalability capability from the cloud-native service helps us a lot because it simplifies our day-to-day maintenance activity."
"The Layer four features are okay and meet my business needs."
"The most valuable feature is the integration into the overall cloud platform."
"I can easily configure it."
"The visibility, the one-pane-of-glass which allows me to see all of my edge protection through one window and one log, is great. Monitoring everything through that one pane of glass is extremely valuable."
"The most valuable features are the VPN Blade, IPS Blade, the URL filtering, and the Applications Control Blade."
"The initial setup is pretty easy."
"SSL/TLS traffic inspection features are used for advanced threat prevention against secure SSL traffic."
"The features of the solution which I have found most valuable are its flexibility and agility. It's a fully scalable solution, from our perspective. We can define scaling groups and, based on the load, it will create new instances. It's truly a product which is oriented toward the cloud mindset, cloud agility, and this is a great feature."
"The installation process doesn't take very long."
"Auto Scaling is one of the features that make me want to choose CloudGuard over actual HW."
"Check Point is one of the few solutions that pay attention to cloud security. Many others mostly focus on providing on-premises solutions."
"This product is managed using the Firepower Management Center (FMC), but it would be better if it also supported the command-line interface (CLI)."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"Implementations require the use of a console. It would help if the console was embedded."
"Deploying configurations takes longer than it should."
"The performance should be improved."
"On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it."
"There are a number of things that need to be simplified, but it's mostly costs. It needs to be simplified because it's pretty expensive."
"We find it's different implementing it region-to-region. It might help if it was universal across all regions."
"They can improve the pricing of Azure Firewall."
"Right now, with Azure Firewall, we cannot have a normal inbound traffic flow. For inbound, Microsoft suggests using application gateways, so the options are very limited. I cannot use this firewall as an intermediate firewall because of the limitations, and I cannot point routing to another firewall. So if I want to use back-to-back firewall architecture in my environment, I cannot use Azure Firewall for that type of configuration either."
"It is a cloud service, but the lending speed for each region is not always the same. For example, in China, the speed is slow. They need to think about how to make sure that the service pace or speed is always the same in all regions. It would be a great improvement if they can provide the same pace worldwide."
"You have to have a defined IP range within your network to associate it with your network. The problem is you have to plan ahead of time if you expect to use the firewall in the future so that you don't have to reconfigure your subnets or that specific IP range. Other than that, I don't any issues. I use it for basic configuration for a single application, so I really don't try to leverage it for multiple applications where I might find some complexity or challenges."
"This solution is not mature when it comes to handling perimeter traffic like internet browsing."
"Azure should be able to work better as a balancer also, instead of just being a firewall. It should have a wider mandate."
"The API integration is complex, which is an area that should be improved."
"The documentation has been rough. Being able to do it yourself can be hit or miss given the constraints of the documentation."
"The initial setup is complex and could be made simpler."
"It's meeting our needs at this time. If I could make it better, it would be by making it more standalone. That would be beneficial to us. I say that because our current platform for virtualization is VMware. The issue isn't any fault of Check Point, it's more how the virtualization platform partners allow for that partnership and integration. There has to be close ties and partnerships between the vendors to ensure interoperability and sup-portability. There is only so far that Check Point, or any security vendor technology can go without the partnership and enablement of the virtualization platform vendor as it relies on "Service Insertion" to maintain optimal performance."
"The memory and hard disk capability could be strengthened."
"Zero touch removes any independence for configuring."
"I hope that Check Point continues to improve its technical documentation regarding the Check Point CloudGuard IaaS gateway and management system."
"Easier optimization techniques can definitely help with better performance of the OS, as using the vanilla software doesn't actually showcase the real capability of the software."
"Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain."
"This product is expensive."
"I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
"Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
"The solution was chosen because of its price compared to other similar solutions."
"It definitely competes with the other vendors in the market."
"I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
"When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis."
"It is pay-as-you-go. So, you pay based on the usage. If I remember it well, there is a basic fee, and there is a traffic fee. It is not per month. It is per hour or something like that. It is not so expensive."
"Azure Firewall is more expensive. If Microsoft can make Azure Firewall cheaper, I can see that all clients will think of using it. One client used FortiGate because it is much cheaper. Some clients ask me for Cisco, but in the cloud estimate, I found its cost is the same as Azure Firewall."
"The licensing module is good."
"Azure Firewall is quite an expensive product."
"The total cost of ownership is much less than Palo Alto, Cisco, or any other brand."
"The pricing is pretty high, not just for your capital, for what you have to pay upfront, but for what you pay for your annual software renewals as well, compared to a lot of other vendors. Check Point is near the top, as far as how much it's going to cost you."
"The cost is on the higher side, as it is based on workload, hence we need to decide which VPC or workload needs to be part of CloudGuard."
"The price could be better."
"Licensing is simply by the number of hosts that you are looking to protect within your environment. It makes it much easier to ensure that you are covering your environment."
"There is flexibility in the different licensing models that are offered."
"The pricing and licensing have been good. We just had to do a license increase for our portion of it. We had that done within a couple of days. Given the fact that it's purely a software-based license, it ends up being even quicker than doing it for an on-prem firewall."
"Although I don't have specifics for pricing, based on my overall experience, I can conclude that Check Point provides the best pricing when comparing to other vendors."
"Pricing of CloudGuard is pretty fair when you have a single account. It's comparable with other cloud providers. But for our use case, it got really pricey when we had to deploy multiple CloudGuards on multiple accounts in different regions, because you can't have CloudGuard protecting multiple regions. That's the big thing."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.
Check Point CloudGuard provides unified cloud native security for all your assets and workloads, giving you the confidence to automate security, prevent threats, and manage posture – everywhere – across your multi-cloud environment.
Azure Firewall is ranked 16th in Firewalls with 19 reviews while Check Point CloudGuard Network Security is ranked 8th in Firewalls with 25 reviews. Azure Firewall is rated 7.4, while Check Point CloudGuard Network Security is rated 8.6. The top reviewer of Azure Firewall writes "Good value for your money, good URL filtering, supports intrusion prevention, and is stable". On the other hand, the top reviewer of Check Point CloudGuard Network Security writes "Unified Security Management has enabled us to combine our on-prem appliances and cloud environments". Azure Firewall is most compared with Palo Alto Networks NG Firewalls, Palo Alto Networks VM-Series, Fortinet FortiGate-VM, Check Point NGFW and pfSense, whereas Check Point CloudGuard Network Security is most compared with Fortinet FortiGate, Palo Alto Networks NG Firewalls, Cisco ASA Firewall, VMware NSX and pfSense. See our Azure Firewall vs. Check Point CloudGuard Network Security report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.