We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The ease of configuring VPNs can be very useful especially for companies with lots of remote locations."
"The uncomplicated configuration ensures that mistakes are avoided and rules are easily audited."
"It is easy to deploy or upgrade. There is no need to do this manually with commands. This solution can be set up online."
"The support offers the best services I have experienced. It's better than any other IT vendor."
"The management platform and the dashboard, the graphical user interface, is one of the best, if not the best, in the business. It's the most intuitive and it's really user-friendly in day-to-day operations."
"All of the features are very valuable, but the most valuable features are the sandboxing and the advanced IPS/IDS."
"It's enabled us to move away from basic LAN to LAN segmentation to a more powerful user separation approach."
"The most valuable feature is the central management system through the Security Management Server. Apart from that, the graphical user interface helps us to do things easily."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to improve their end to end firewall functionality."
"The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands."
"The feature set is fine and is rarely a problem."
"Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening."
"I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete."
"The implementation is pretty straightforward."
"We have not had to deal with stability issues."
"It would be ideal to manage everything from one central place."
"Potential improvements could be made around simplifying VPN functionality and configuration."
"While not being cheap, their pricing models are competitive. In the pricing structure, however, they need improvement."
"The policy installation length is still too long. It was promised that the time would be severely reduced in newer versions, but it is still too long."
"The anti-spam needs improvement."
"In terms of what could be improved, I would say the application control and the visibility. I'd like granularity where you can have all the levels of policies that are defined, including the intel threat. It depends on what kind of intel threat the company has."
"The VPN part was actually one of the most complex parts for us. It was not easy for us to switch from Cisco, because of one particular part of the integration: connecting the Check Point device to an Entrust server. Entrust is a solution that provides two-factor authentication. We got around it by using another server, a solution called RADIUS."
"Compliance and centralized management can be improved."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"An area of improvement for this solution is the console visualization."
"One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically."
"The initial setup could be simplified, as it can be complex for new users."
"The initial setup can be a bit complex for those unfamiliar with the solution."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it."
"The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area."
"It is quite an expensive product, although security is a top priority."
"The licensing includes the cost of support."
"We had to get separate licenses for the different blades. It would be nice to have a feature where we can get the multiple licenses all-in-one instead."
"Palo Alto is somehow not as good as Check Point, budget-wise and performance-wise. Palo Alto is more costly than Check Point."
"There is an annual license required for this solution."
"An annual technical support fee is paid to maintain the equipment with the most updated licenses and versions and thus avoid vulnerabilities"
"The licensing is straightforward; there are only three types of licenses that include NGFW, NGTP, and SNBT, so the organization can choose its license according to their requirements."
"The cost of the pricing and licensing are okay. They are giving me a good product as far as I know. It is more expensive than Cisco, but cheaper than Palo Alto, which is fine. It has many good features, so it deserves a good price as well."
"It definitely competes with the other vendors in the market."
"The solution was chosen because of its price compared to other similar solutions."
"The price is comparable."
"There are additional implementation and validation costs."
"I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
"I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
"When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis."
"The price of Firepower is not bad compared to other products."
Offered via the Check Point Infinity architecture, Check Point’s NGFW includes 23 Firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance. Learn More about Next Generation Firewall and What is Firewall?
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Check Point NGFW is ranked 2nd in Firewalls with 149 reviews while Cisco Firepower NGFW Firewall is ranked 4th in Firewalls with 41 reviews. Check Point NGFW is rated 8.8, while Cisco Firepower NGFW Firewall is rated 8.4. The top reviewer of Check Point NGFW writes "Central architecture means we can see an end-to-end picture of attacks". On the other hand, the top reviewer of Cisco Firepower NGFW Firewall writes "The ability to implement dynamic policies for dynamic environments is important, given the fluidity in the world of security". Check Point NGFW is most compared with Fortinet FortiGate, Azure Firewall, Palo Alto Networks NG Firewalls, Meraki MX and Juniper SRX, whereas Cisco Firepower NGFW Firewall is most compared with Fortinet FortiGate, Cisco ASA Firewall, Palo Alto Networks WildFire, Meraki MX and Check Point CloudGuard Network Security. See our Check Point NGFW vs. Cisco Firepower NGFW Firewall report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.