We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to improve their end to end firewall functionality."
"Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches."
"When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well."
"The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
"The most valuable features of this solution are the integrations and IPS throughput."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."
"The most valuable features are the VPN Blade, IPS Blade, the URL filtering, and the Applications Control Blade."
"The main benefit of the Check Point Virtual Systems solution is its ability to split up the hardware appliances that we have into several logical, virtual devices with separate traffic handling policies, as well as the switching and routing."
"It's possible to sync the Check Point Management with the cloud portal, therefore allowing automated rules to be set in place whenever creating a new VM."
"What's most valuable to me is that it's a contiguous solution that aligns well with the components that we've relied on and trusted from a traditional hardware, firewall, and unified threat management system. My engineers and analysts don't have to learn another platform. We have already entrusted our security controls to Check Point for perimeter and physical security, and now we can do so at the virtual layer as well, which is key to us."
"The features of the solution which I have found most valuable are its flexibility and agility. It's a fully scalable solution, from our perspective. We can define scaling groups and, based on the load, it will create new instances. It's truly a product which is oriented toward the cloud mindset, cloud agility, and this is a great feature."
"Check Point CloudGuard technical support is good."
"The solution has been quite stable."
"We have complete visibility of attacks originating from email including spear-phishing, spoofing, etc."
"The feature that I like the most is its IPS model, the WildFire model. I really like how the whole threat protection model functions, including the vulnerability and anti-spyware aspects. That is really awesome."
"The scalability is very good."
"I like the architecture because it separates the management plan process and the data plan process."
"Some of the valuable features in this solution are traffic monitoring, GUI functionality, and it very easy to troubleshoot if there is any problem that happens."
"They have a good system operator in the firewalls and it provides many tools that they can use to protect their networks."
"Mechanically, all firewalls work in a similar fashion, but what makes Palo Alto different is that it also has some of the threat hunt capabilities. It is a little bit better than other vendors."
"Provision of quality training material and the reporting is very good."
"You just need a web browser to manage it, unlike Cisco, which requires another management system."
"The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second."
"The performance should be improved."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance."
"Implementations require the use of a console. It would help if the console was embedded."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement."
"I would like to see a step-by-step initial installation of the firewall. That would be really helpful. Like in Oracle appliances, when you start it asks you, what's your current IP address? An initial setup should be a step by step and intuitive process. You click on "begin," it asks you some simple questions. You fill in the blanks - your current IP address, what you want to do, you want to set up a site to site VPN, for example, that kind of thing. That would be the smartest thing to have."
"As an administrator, I can say that among all of the Check Point products I have been working with so far, the Virtual Systems solution is one of the most difficult."
"The API integration is complex, which is an area that should be improved."
"The solution lacks the capability to scale effectively."
"The documentation has been rough. Being able to do it yourself can be hit or miss given the constraints of the documentation."
"This application can be more integrated with web application firewalls. Better integrations would provide more granularity, which would be helpful for focusing on the application itself and preventing attacks. It would be good to include the cross-domain search. If you have multiple firewalls that are managed on the same platform and you want to check who is using some particular objects or where a specific ID is being used, it should provide an option for this kind of search instead of having to check one by one on each firewall."
"Most clients nowadays tend to move to the cloud and their data security is key. If CloudGuard could be able to give the client that full visibility of how their data is protected on the cloud, then that would be a great selling point for Check Point."
"The memory and hard disk capability could be strengthened."
"Interface could be improved visually and simplified."
"Its scalability for on-prem deployments can be better. For an on-prem deployment, the hardware has to be replaced if the volume goes up to a certain level."
"The SD-WAN product is fairly new. They could probably improve that in terms of customizing it and making the configuration a little bit easier."
"I think visibility can be improved."
"The solution would benefit from having a dashboard."
"For an upcoming release, they could improve on the way to build security rules per user."
"It would be better to have more tools to control Palo Alto Networks NG Firewalls. We don't have too many tools to access Palo Alto. For example, the IT team doesn't have access to it. We can see it physically and see if it's running or not. We need to contact a special team to receive that information. I would also like to see more reporting in the next release."
"The solution could offer better pricing. We'd like it if it could be a bit more affordable for us."
"When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis."
"The price of Firepower is not bad compared to other products."
"I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
"Pricing is the same as other competitors. It is comparable. The licensing has gotten better. It has been easier with Smart Licensing."
"Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
"For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
"Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain."
"Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees."
"Licensing is available on a monthly or yearly basis."
"Pricing of CloudGuard is pretty fair when you have a single account. It's comparable with other cloud providers. But for our use case, it got really pricey when we had to deploy multiple CloudGuards on multiple accounts in different regions, because you can't have CloudGuard protecting multiple regions. That's the big thing."
"There is flexibility in the different licensing models that are offered."
"You get charged only for what resources you choose and how much traffic actually passes through the firewall, which in turn saves a lot of money."
"The cost is on the higher side, as it is based on workload, hence we need to decide which VPC or workload needs to be part of CloudGuard."
"Licensing is simply by the number of hosts that you are looking to protect within your environment. It makes it much easier to ensure that you are covering your environment."
"The pricing and licensing have been good. We just had to do a license increase for our portion of it. We had that done within a couple of days. Given the fact that it's purely a software-based license, it ends up being even quicker than doing it for an on-prem firewall."
"The pricing is pretty high, not just for your capital, for what you have to pay upfront, but for what you pay for your annual software renewals as well, compared to a lot of other vendors. Check Point is near the top, as far as how much it's going to cost you."
"The price of this product should be reduced."
"The product is expensive compared to competing products but uses a similar type of pricing model based on hardware, software and maintenance."
"This solution is quite expensive."
"It is expensive as compared to other brands."
"Palo Alto is not a cheap solution but it is competitive when it comes to subscriptions."
"It is very expensive. You pay for a year."
"We were very happy when they released the PA-440s. Previously, we had been looking at the PA-820s, which were a bit of overkill for us. Price-wise and capability-wise, the PA-820s hit the nail on the head for us."
"After the hardware and software are procured, it is the AMC support that has to be renewed yearly."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Check Point CloudGuard provides unified cloud native security for all your assets and workloads, giving you the confidence to automate security, prevent threats, and manage posture – everywhere – across your multi-cloud environment.
Palo Alto Networks' next-generation firewalls secure your business with a prevention-focused architecture and integrated innovations that are easy to deploy and use. Now, you can accelerate growth and eliminate risks at the same time.
Check Point CloudGuard Network Security is ranked 8th in Firewalls with 25 reviews while Palo Alto Networks NG Firewalls is ranked 7th in Firewalls with 67 reviews. Check Point CloudGuard Network Security is rated 8.6, while Palo Alto Networks NG Firewalls is rated 8.4. The top reviewer of Check Point CloudGuard Network Security writes "Unified Security Management has enabled us to combine our on-prem appliances and cloud environments". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "The product stability and level of security are second to none in the industry". Check Point CloudGuard Network Security is most compared with Fortinet FortiGate, Cisco ASA Firewall, Azure Firewall, VMware NSX and pfSense, whereas Palo Alto Networks NG Firewalls is most compared with Fortinet FortiGate, Azure Firewall, Sophos XG, Meraki MX and Sophos UTM. See our Check Point CloudGuard Network Security vs. Palo Alto Networks NG Firewalls report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.