We just raised a $30M Series A: Read our story

Compare Check Point NGFW vs. Cisco Firepower NGFW Firewall

Cancel
You must select at least 2 products to compare!
Featured Review
Find out what your peers are saying about Check Point NGFW vs. Cisco Firepower NGFW Firewall and other solutions. Updated: November 2021.
552,695 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"The ease of configuring VPNs can be very useful especially for companies with lots of remote locations.""The uncomplicated configuration ensures that mistakes are avoided and rules are easily audited.""It is easy to deploy or upgrade. There is no need to do this manually with commands. This solution can be set up online.""The support offers the best services I have experienced. It's better than any other IT vendor.""The management platform and the dashboard, the graphical user interface, is one of the best, if not the best, in the business. It's the most intuitive and it's really user-friendly in day-to-day operations.""All of the features are very valuable, but the most valuable features are the sandboxing and the advanced IPS/IDS.""It's enabled us to move away from basic LAN to LAN segmentation to a more powerful user separation approach.""The most valuable feature is the central management system through the Security Management Server. Apart from that, the graphical user interface helps us to do things easily."

More Check Point NGFW Pros »

"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic.""Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to improve their end to end firewall functionality.""The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands.""The feature set is fine and is rarely a problem.""Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening.""I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete.""The implementation is pretty straightforward.""We have not had to deal with stability issues."

More Cisco Firepower NGFW Firewall Pros »

Cons
"It would be ideal to manage everything from one central place.""Potential improvements could be made around simplifying VPN functionality and configuration.""While not being cheap, their pricing models are competitive. In the pricing structure, however, they need improvement.""The policy installation length is still too long. It was promised that the time would be severely reduced in newer versions, but it is still too long.""The anti-spam needs improvement.""In terms of what could be improved, I would say the application control and the visibility. I'd like granularity where you can have all the levels of policies that are defined, including the intel threat. It depends on what kind of intel threat the company has.""The VPN part was actually one of the most complex parts for us. It was not easy for us to switch from Cisco, because of one particular part of the integration: connecting the Check Point device to an Entrust server. Entrust is a solution that provides two-factor authentication. We got around it by using another server, a solution called RADIUS.""Compliance and centralized management can be improved."

More Check Point NGFW Cons »

"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team.""An area of improvement for this solution is the console visualization.""One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically.""The initial setup could be simplified, as it can be complex for new users.""The initial setup can be a bit complex for those unfamiliar with the solution.""FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it.""On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it.""The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area."

More Cisco Firepower NGFW Firewall Cons »

Pricing and Cost Advice
"It is quite an expensive product, although security is a top priority.""The licensing includes the cost of support.""We had to get separate licenses for the different blades. It would be nice to have a feature where we can get the multiple licenses all-in-one instead.""Palo Alto is somehow not as good as Check Point, budget-wise and performance-wise. Palo Alto is more costly than Check Point.""There is an annual license required for this solution.""An annual technical support fee is paid to maintain the equipment with the most updated licenses and versions and thus avoid vulnerabilities""The licensing is straightforward; there are only three types of licenses that include NGFW, NGTP, and SNBT, so the organization can choose its license according to their requirements.""The cost of the pricing and licensing are okay. They are giving me a good product as far as I know. It is more expensive than Cisco, but cheaper than Palo Alto, which is fine. It has many good features, so it deserves a good price as well."

More Check Point NGFW Pricing and Cost Advice »

"It definitely competes with the other vendors in the market.""The solution was chosen because of its price compared to other similar solutions.""The price is comparable.""There are additional implementation and validation costs.""I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way.""I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs.""When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis.""The price of Firepower is not bad compared to other products."

More Cisco Firepower NGFW Firewall Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
552,695 professionals have used our research since 2012.
Questions from the Community
Top Answer: I have experience on both from Disti and channel experience. Please find below my comments (nothing new as such). -Check Point GUI is a bit complicated,  -Application and Web filtering are better… more »
Top Answer: Azure Firewall is easy to use and provides excellent support. Valuable features include integration into the overall cloud platform, autoscaling, and the ability for users to create virtual IP… more »
Top Answer: The central management console has helped with segregation, where planned interventions with management consoles do not have any impact on production or critical business traffic.
Top Answer:  When you compare these firewalls you can identify them with different features, advantages, practices and usage at large. In my opinion, Fortinet would be the best option and l use… more »
Top Answer:  The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers that fact, it is all the more impressive that the setup is a fairly… more »
Top Answer: It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco ecosystem, it is very simple to handle. This solution has traffic inspection and… more »
Ranking
2nd
out of 47 in Firewalls
Views
15,983
Comparisons
11,435
Reviews
121
Average Words per Review
704
Rating
8.8
4th
out of 47 in Firewalls
Views
42,775
Comparisons
30,725
Reviews
43
Average Words per Review
1,164
Rating
8.4
Comparisons
Also Known As
Check Point NG Firewall, Check Point Next Generation Firewall
Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
Learn More
Overview

Offered via the Check Point Infinity architecture, Check Point’s NGFW includes 23 Firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance. Learn More about Next Generation Firewall and What is Firewall?

Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

Offer
Learn more about Check Point NGFW
Learn more about Cisco Firepower NGFW Firewall
Sample Customers
Control Southern, Optimal Media
Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
Top Industries
REVIEWERS
Financial Services Firm25%
Computer Software Company13%
Comms Service Provider8%
Retailer6%
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company22%
Government6%
Financial Services Firm6%
REVIEWERS
Comms Service Provider22%
Financial Services Firm16%
Manufacturing Company8%
Non Profit8%
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company21%
Government7%
Manufacturing Company4%
Company Size
REVIEWERS
Small Business23%
Midsize Enterprise20%
Large Enterprise57%
VISITORS READING REVIEWS
Small Business18%
Midsize Enterprise25%
Large Enterprise56%
REVIEWERS
Small Business43%
Midsize Enterprise28%
Large Enterprise29%
VISITORS READING REVIEWS
Small Business21%
Midsize Enterprise13%
Large Enterprise66%
Find out what your peers are saying about Check Point NGFW vs. Cisco Firepower NGFW Firewall and other solutions. Updated: November 2021.
552,695 professionals have used our research since 2012.

Check Point NGFW is ranked 2nd in Firewalls with 149 reviews while Cisco Firepower NGFW Firewall is ranked 4th in Firewalls with 41 reviews. Check Point NGFW is rated 8.8, while Cisco Firepower NGFW Firewall is rated 8.4. The top reviewer of Check Point NGFW writes "Central architecture means we can see an end-to-end picture of attacks". On the other hand, the top reviewer of Cisco Firepower NGFW Firewall writes "The ability to implement dynamic policies for dynamic environments is important, given the fluidity in the world of security". Check Point NGFW is most compared with Fortinet FortiGate, Azure Firewall, Palo Alto Networks NG Firewalls, Meraki MX and Juniper SRX, whereas Cisco Firepower NGFW Firewall is most compared with Fortinet FortiGate, Cisco ASA Firewall, Palo Alto Networks WildFire, Meraki MX and Check Point CloudGuard Network Security. See our Check Point NGFW vs. Cisco Firepower NGFW Firewall report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.