We just raised a $30M Series A: Read our story

Compare Check Point CloudGuard Network Security vs. Palo Alto Networks NG Firewalls

Cancel
You must select at least 2 products to compare!
Featured Review
Find out what your peers are saying about Check Point CloudGuard Network Security vs. Palo Alto Networks NG Firewalls and other solutions. Updated: November 2021.
552,695 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.""Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to improve their end to end firewall functionality.""Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches.""When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well.""The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control.""The most valuable features of this solution are the integrations and IPS throughput.""I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection.""We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."

More Cisco Firepower NGFW Firewall Pros »

"The most valuable features are the VPN Blade, IPS Blade, the URL filtering, and the Applications Control Blade.""The main benefit of the Check Point Virtual Systems solution is its ability to split up the hardware appliances that we have into several logical, virtual devices with separate traffic handling policies, as well as the switching and routing.""It's possible to sync the Check Point Management with the cloud portal, therefore allowing automated rules to be set in place whenever creating a new VM.""What's most valuable to me is that it's a contiguous solution that aligns well with the components that we've relied on and trusted from a traditional hardware, firewall, and unified threat management system. My engineers and analysts don't have to learn another platform. We have already entrusted our security controls to Check Point for perimeter and physical security, and now we can do so at the virtual layer as well, which is key to us.""The features of the solution which I have found most valuable are its flexibility and agility. It's a fully scalable solution, from our perspective. We can define scaling groups and, based on the load, it will create new instances. It's truly a product which is oriented toward the cloud mindset, cloud agility, and this is a great feature.""Check Point CloudGuard technical support is good.""The solution has been quite stable.""We have complete visibility of attacks originating from email including spear-phishing, spoofing, etc."

More Check Point CloudGuard Network Security Pros »

"The feature that I like the most is its IPS model, the WildFire model. I really like how the whole threat protection model functions, including the vulnerability and anti-spyware aspects. That is really awesome.""The scalability is very good.""I like the architecture because it separates the management plan process and the data plan process.""Some of the valuable features in this solution are traffic monitoring, GUI functionality, and it very easy to troubleshoot if there is any problem that happens.""They have a good system operator in the firewalls and it provides many tools that they can use to protect their networks.""Mechanically, all firewalls work in a similar fashion, but what makes Palo Alto different is that it also has some of the threat hunt capabilities. It is a little bit better than other vendors.""Provision of quality training material and the reporting is very good.""You just need a web browser to manage it, unlike Cisco, which requires another management system."

More Palo Alto Networks NG Firewalls Pros »

Cons
"The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second.""The performance should be improved.""The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team.""When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance.""Implementations require the use of a console. It would help if the console was embedded.""FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively.""We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve.""I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement."

More Cisco Firepower NGFW Firewall Cons »

"I would like to see a step-by-step initial installation of the firewall. That would be really helpful. Like in Oracle appliances, when you start it asks you, what's your current IP address? An initial setup should be a step by step and intuitive process. You click on "begin," it asks you some simple questions. You fill in the blanks - your current IP address, what you want to do, you want to set up a site to site VPN, for example, that kind of thing. That would be the smartest thing to have.""As an administrator, I can say that among all of the Check Point products I have been working with so far, the Virtual Systems solution is one of the most difficult.""The API integration is complex, which is an area that should be improved.""The solution lacks the capability to scale effectively.""The documentation has been rough. Being able to do it yourself can be hit or miss given the constraints of the documentation.""This application can be more integrated with web application firewalls. Better integrations would provide more granularity, which would be helpful for focusing on the application itself and preventing attacks. It would be good to include the cross-domain search. If you have multiple firewalls that are managed on the same platform and you want to check who is using some particular objects or where a specific ID is being used, it should provide an option for this kind of search instead of having to check one by one on each firewall.""Most clients nowadays tend to move to the cloud and their data security is key. If CloudGuard could be able to give the client that full visibility of how their data is protected on the cloud, then that would be a great selling point for Check Point.""The memory and hard disk capability could be strengthened."

More Check Point CloudGuard Network Security Cons »

"Interface could be improved visually and simplified.""Its scalability for on-prem deployments can be better. For an on-prem deployment, the hardware has to be replaced if the volume goes up to a certain level.""The SD-WAN product is fairly new. They could probably improve that in terms of customizing it and making the configuration a little bit easier.""I think visibility can be improved.""The solution would benefit from having a dashboard.""For an upcoming release, they could improve on the way to build security rules per user.""It would be better to have more tools to control Palo Alto Networks NG Firewalls. We don't have too many tools to access Palo Alto. For example, the IT team doesn't have access to it. We can see it physically and see if it's running or not. We need to contact a special team to receive that information. I would also like to see more reporting in the next release.""The solution could offer better pricing. We'd like it if it could be a bit more affordable for us."

More Palo Alto Networks NG Firewalls Cons »

Pricing and Cost Advice
"When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis.""The price of Firepower is not bad compared to other products.""I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way.""Pricing is the same as other competitors. It is comparable. The licensing has gotten better. It has been easier with Smart Licensing.""Cisco pricing is premium. However, they gave us a 50 to 60 percent discount.""For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive.""Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain.""Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees."

More Cisco Firepower NGFW Firewall Pricing and Cost Advice »

"Licensing is available on a monthly or yearly basis.""Pricing of CloudGuard is pretty fair when you have a single account. It's comparable with other cloud providers. But for our use case, it got really pricey when we had to deploy multiple CloudGuards on multiple accounts in different regions, because you can't have CloudGuard protecting multiple regions. That's the big thing.""There is flexibility in the different licensing models that are offered.""You get charged only for what resources you choose and how much traffic actually passes through the firewall, which in turn saves a lot of money.""The cost is on the higher side, as it is based on workload, hence we need to decide which VPC or workload needs to be part of CloudGuard.""Licensing is simply by the number of hosts that you are looking to protect within your environment. It makes it much easier to ensure that you are covering your environment.""The pricing and licensing have been good. We just had to do a license increase for our portion of it. We had that done within a couple of days. Given the fact that it's purely a software-based license, it ends up being even quicker than doing it for an on-prem firewall.""The pricing is pretty high, not just for your capital, for what you have to pay upfront, but for what you pay for your annual software renewals as well, compared to a lot of other vendors. Check Point is near the top, as far as how much it's going to cost you."

More Check Point CloudGuard Network Security Pricing and Cost Advice »

"The price of this product should be reduced.""The product is expensive compared to competing products but uses a similar type of pricing model based on hardware, software and maintenance.""This solution is quite expensive.""It is expensive as compared to other brands.""Palo Alto is not a cheap solution but it is competitive when it comes to subscriptions.""It is very expensive. You pay for a year.""We were very happy when they released the PA-440s. Previously, we had been looking at the PA-820s, which were a bit of overkill for us. Price-wise and capability-wise, the PA-820s hit the nail on the head for us.""After the hardware and software are procured, it is the AMC support that has to be renewed yearly."

More Palo Alto Networks NG Firewalls Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
552,695 professionals have used our research since 2012.
Questions from the Community
Top Answer:  When you compare these firewalls you can identify them with different features, advantages, practices and… more »
Top Answer:  The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
Top Answer: It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
Top Answer: Check Point has pretty simple solutions, like the virtual appliance which you just download and it is imported into… more »
Top Answer: The cost is on the higher side, as it is based on workload, hence we need to decide which VPC or workload needs to be… more »
Top Answer: In terms of what could be improved, we have no support with the current Check Point environment. It ended maybe three or… more »
Top Answer: Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure… more »
Top Answer: In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
Top Answer: Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat… more »
Comparisons
Also Known As
Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
CloudGuard IaaS, Check Point vSEC, CloudGuard IaaS, Check Point Virtual Systems, Check Point CloudGuard Network Security
Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall, Palo Alto Networks PA-Series
Learn More
Overview

Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

Check Point CloudGuard provides unified cloud native security for all your assets and workloads, giving you the confidence to automate security, prevent threats, and manage posture – everywhere – across your multi-cloud environment.

Palo Alto Networks' next-generation firewalls secure your business with a prevention-focused architecture and integrated innovations that are easy to deploy and use. Now, you can accelerate growth and eliminate risks at the same time.

Offer
Learn more about Cisco Firepower NGFW Firewall
Learn more about Check Point CloudGuard Network Security
Learn more about Palo Alto Networks NG Firewalls
Sample Customers
Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
Physicians Choice Laboratory Services, Helvetica Insurance
SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments
Top Industries
REVIEWERS
Comms Service Provider22%
Financial Services Firm16%
Manufacturing Company8%
Non Profit8%
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company21%
Government7%
Manufacturing Company4%
REVIEWERS
Financial Services Firm19%
Government11%
Computer Software Company11%
Program Development Consultancy7%
VISITORS READING REVIEWS
Comms Service Provider30%
Computer Software Company26%
Government5%
Energy/Utilities Company5%
REVIEWERS
Comms Service Provider21%
Computer Software Company19%
Financial Services Firm12%
Healthcare Company7%
VISITORS READING REVIEWS
Comms Service Provider26%
Computer Software Company24%
Government6%
Energy/Utilities Company4%
Company Size
REVIEWERS
Small Business43%
Midsize Enterprise28%
Large Enterprise29%
VISITORS READING REVIEWS
Small Business21%
Midsize Enterprise13%
Large Enterprise66%
REVIEWERS
Small Business38%
Midsize Enterprise27%
Large Enterprise35%
VISITORS READING REVIEWS
Small Business8%
Midsize Enterprise55%
Large Enterprise37%
REVIEWERS
Small Business40%
Midsize Enterprise31%
Large Enterprise29%
VISITORS READING REVIEWS
Small Business35%
Midsize Enterprise15%
Large Enterprise50%
Find out what your peers are saying about Check Point CloudGuard Network Security vs. Palo Alto Networks NG Firewalls and other solutions. Updated: November 2021.
552,695 professionals have used our research since 2012.

Check Point CloudGuard Network Security is ranked 8th in Firewalls with 25 reviews while Palo Alto Networks NG Firewalls is ranked 7th in Firewalls with 67 reviews. Check Point CloudGuard Network Security is rated 8.6, while Palo Alto Networks NG Firewalls is rated 8.4. The top reviewer of Check Point CloudGuard Network Security writes "Unified Security Management has enabled us to combine our on-prem appliances and cloud environments". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "The product stability and level of security are second to none in the industry". Check Point CloudGuard Network Security is most compared with Fortinet FortiGate, Cisco ASA Firewall, Azure Firewall, VMware NSX and pfSense, whereas Palo Alto Networks NG Firewalls is most compared with Fortinet FortiGate, Azure Firewall, Sophos XG, Meraki MX and Sophos UTM. See our Check Point CloudGuard Network Security vs. Palo Alto Networks NG Firewalls report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.