We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands."
"Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
"The most valuable feature is stability."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"The feature set is fine and is rarely a problem."
"The most valuable features of this solution are the integrations and IPS throughput."
"One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now."
"They wanted to leverage something which is equivalent that can give them the next gen features like application awareness and intrusion protection. So that is a major reason they were looking forward to this. The original ASA firewall did not have these features. This was the major reason the customer moved on to Cisco Firepower Threat Defense (FTD). Now they can go ahead and leverage those functionalities."
"Check Point is very administrator-friendly and the SmartDashboard is easy to use."
"We are delighted with the powerful management console and diagnostic tools."
"It's really simple to set up."
"Provides very good performance."
"One of the most valuable features is the data center object integration with Azure. We are using Azure a lot and there is very nice synchronization between the objects in Azure, and it's very easy to implement rules using this feature."
"The sales, pre-sales, professional services, and tech support are all very nice."
"The most valuable feature is that we are protected against zero-day threats."
"Check Point has a really cool GUI."
"The features that are most valuable within the firewall are the IPS as well as the Unified Communications. We also really like the dynamic grouping."
"The product is quite robust and durable."
"I like the IPS feature, it is the most valuable."
"I like all of the features."
"I have found the stability of this solution really good. This is why I use it."
"The most important feature is the VPN connection."
"The user interface is easy to navigate."
"The user interface, the UI, is excellent on the solution."
"It would be great if some of the load times were faster."
"The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough."
"One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"One feature I would like to see, that Firepower doesn't have, is email security. Perhaps in the future, Cisco will integrate Cisco Umbrella with Firepower. I don't see why we should have to pay for two separate products when both could be integrated in one box."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard."
"Check Point's support, at all levels, needs a complete overhaul."
"The antivirus is not as effective as it could be because updates are not that frequent."
"The debugging of VPN tunnels is very stressful."
"Although the GUI is simple to use and fairly comprehensive, more support via CLI would be beneficial for bulk operations."
"Check Point should quickly update and expand its application database to have what Palo Alto has."
"The study material for Check Point needs to be improved, as well as the cost for certification."
"Internet load balancing provides either active/passive or active/active load balancing, however, I would like to see more options that provide SD-WAN capabilities while also allowing for more than two links."
"There should be better integration with our current NAC solution to increase the granularity of policies that we implement."
"The configuration is an area that needs improvement."
"The annual subscription cost is a bit high. They should try to make it comparable to other offerings. We have a number of Chinese products here in Pakistan, which are already, very cheap and have less annual maintenance costs compared to Cisco."
"The graphical interface could be improved. From what I have seen, Fortinet, for example, has a nicer GUI."
"The solution needs to have better logging features."
"I would like the ability to drill down into certain reports because currently, that cannot be done."
"It lacks management. For me, it still doesn't have a proper management tool or GUI for configuration, logging, and visualization. Its management is not that easy. It is also not very flexible and easy to configure. They used to have a product called CSM, but it is no longer being developed. FortiGate is better than this solution in terms of GUI, flexibility, and user-friendliness."
"Other products are becoming easier to access and configure. They are providing UI interfaces to configure, take backup, synchronize redundant machines, and so on. It is very easy to take backup and upgrade the images in those products. Cisco ASA should have such features. If one redundant machine is getting upgraded, the technology and support should be there to upgrade other redundant machines. In a single window, we should be able to do more in terms of backups, restores, and upgrades."
"In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline."
"This solution is expensive and other solutions, such as FortiGate, are cheaper."
"I am happy with the product in general, including the pricing."
"When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today."
"This product is expensive."
"The price of Firepower is not bad compared to other products."
"Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain."
"We normally license on a yearly basis. The hardware procurement cost should be considered. If you're virtual maybe that cost is eradicated and just the licensing cost is applied. If you have hardware the cost must be covered by you. All the shipping charges will be paid by you also. I don't thing there are any other hidden charges though."
"This product requires licenses for advanced features including Snort, IPS, and malware detection."
"There is an annual license required for this solution."
"Pricing is a little high compared to competitive firewalls, but it is easy to go through the licensing steps."
"For the firewall, there is a limitation on the license. We are facing some problems with mobile access. We have a license for 450 licenses of VPN users. We would like Check Point to have more than that, e.g., if the organization gets bigger and there are more users, then that will be a problem."
"There are three types of licensing: Threat Prevention, NGTP, and Next Generation Threat Extraction. Before, it used to be you would just enable the license of whatever blade you wanted to buy. Nowadays, Threat Prevention would be sufficient for most clients, so I would think people would go for the NGTP, license which includes all the blades."
"Comparatively, Check Point pricing is a little high. However, if you have that budget, I would recommend anybody to go with Check Point."
"Check Point Firewall costs more compared to the other firewalls in the markets, as pricing is little high. However, it is easy to take the license and use it in the firewall."
"Check Point brings good value for the money and is competitive in the market."
"The pricing and licensing are expensive. If you compare it with Fortinet, then it is cheaper on a yearly basis. However, Check Point is the most expensive firewall right now in terms of licenses and its appliance. My recommendation is if you want a long-term investment, then you should use an open server. If you use an open server, then the latency is really low. If you pay for a full appliance, it's more expensive."
"I'd say it's probably well-priced."
"It is affordable. The hardware is not that expensive anymore. It is a matter of licensing these days."
"When we bought it, it was really expensive. I'm not aware of the current pricing. We had problems with licensing. After our IPS subscription ended, we couldn't renew it because Cisco was moving to the next-generation firewall platform. So, they didn't provide us with the new license."
"They have a lot of different models but most of them are really expensive."
"We pay about $200 yearly and we have two firewalls."
"We are happy with its price. Licensing is on a yearly basis for technical support. There is one license for technical support. There is another license for IP Version 2 VPN and IPS."
"We sell Cisco ASA Firewall as a bundle — the price is very cheap. If a customer were to go for renewal direct from Cisco, then the price would be quite high."
"Always consider what you might need to reduce your wasted time and invest it in other solutions."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Offered via the Check Point Infinity architecture, Check Point’s NGFW includes 23 Firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance. Learn More about Next Generation Firewall and What is Firewall?
Cisco ASA firewalls deliver enterprise-class firewall functionality with highly scalable and flexible VPN capabilities to meet diverse needs, from small/branch offices to high performance data centers and service providers. Available in a wide range of models, Cisco ASA can be deployed as a physical or virtual appliance. Flexible VPN capabilities include support for remote access, site-to-site, and clientless VPN. Also, select appliances support clustering for increased performance, VPN load balancing to optimize available resources, advanced high availability configurations, and more.
Cisco ASAv is the virtualized version of the Cisco ASA firewall. Widely deployed in leading private and public clouds, Cisco ASAv is ideal for remote worker and multi-tenant environments. The solution scales up/down to meet performance requirements and high availability provides resilience. Also, Cisco ASAv can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables greater simplicity, visibility, and efficiency.
Check Point NGFW is ranked 2nd in Firewalls with 147 reviews while Cisco ASA Firewall is ranked 5th in Firewalls with 62 reviews. Check Point NGFW is rated 8.8, while Cisco ASA Firewall is rated 8.0. The top reviewer of Check Point NGFW writes "Central architecture means we can see an end-to-end picture of attacks". On the other hand, the top reviewer of Cisco ASA Firewall writes "Robust solution that integrates well with both Cisco products and products from other vendors". Check Point NGFW is most compared with Fortinet FortiGate, Azure Firewall, Palo Alto Networks NG Firewalls, Meraki MX and Palo Alto Networks VM-Series, whereas Cisco ASA Firewall is most compared with Fortinet FortiGate, Palo Alto Networks WildFire, Meraki MX, Juniper SRX and SonicWall TZ. See our Check Point NGFW vs. Cisco ASA Firewall report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.