We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity."
"I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete."
"The customer service/technical support is very good with this solution."
"The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
"The implementation is pretty straightforward."
"Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch."
"Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening."
"By deploying Check Point, it has made it easier to manage everything from a single interface. The management dashboard and policies are on its single pane of glass."
"Check Point definitely has a great architecture, where you can just enable the software blades and deploy a secure service. Overall, it provides ease of deployment and ease of use."
"The different hardware models focus on a wide spectrum of the market, so any company can choose a model that makes sense for them from the range."
"It is easy to deploy or upgrade. There is no need to do this manually with commands. This solution can be set up online."
"The features that are important include: IPS, sandbox, SandBlast, Anti-Bot, and URL filtering."
"SmartCenter and SmartLog are the best platforms to manage firewall rules. SandBlast Zero-Day is very useful when encountering any security leaks."
"The biggest thing is the central management. It is quite good and allows us to manage the different firewalls from it. We can implement and configure many firewalls and push our policies to them as well."
"The online documentation is complete and easy to read and understand."
"We also like the security. We can control what sites users can go to and we can make sure that where they're going is appropriate and that it's work-related."
"The solution is easy to manage. Kerio Control is unique compared to other firewalls because it has been around since 2000 when we switched and the name it started with was WinRoute, and then later became Kerio Control. It evolved over time and it is more of a proprietary firewall on its own and has been developed through open source."
"The interface control manager where we can allocate LAN connections to certain VLANs is the most valuable feature. The other feature that's important for us is because obviously everything is remote with MyKerio, as long as the boat has an internet connection, we can log onto the Kerio and get statistics, as well as provide support."
"The ease of use in the GUI itself is the most valuable feature. The GUI is really the best part of it. We like the traffic rules so we can control who can get to what. It's easy to determine the flow of the traffic itself so we aren't having to guess through command lines and reading out basically command-driven output. It's just a very easy-to-use interface. The interface is the best part of the product."
"The firewall appliance itself is the most valuable feature."
"Instead of using a cloud-based product for accessing information, and putting my data at risk in the cloud and in someone else's hands, it has allowed me to use a VPN and access my data directly from a laptop when I am out in the field. That has made my life a lot easier, where I'm able to access any information I need to be able access, basically on demand, with an Internet connection. That alone has been great."
"The comprehensiveness of the security features that Kerio Control provides us with is good. Before GFI had it, they would have more updates. The updates have been slower, but I like the things that they keep adding like the ability to block by country. I use pretty much every feature."
"The routing of the multiple internet physical routers I have is the most valuable feature of this solution. Instead of me physically unplugging a cable from one router to the server, if one connection goes down, it automatically switches for me. So I can have all three of them plugged in. If one goes down, it just picks up the other one automatically. There's no physical cable swapping."
"It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."
"The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second."
"One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically."
"Report generation is an area that should be improved."
"I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."
"One of the most complicated aspects is the VPN Configuration, which should be simplified in future releases."
"Reporting has to be improved."
"Although Check Point provides annual updates to the Gaia platform, integration with other OEMs is difficult."
"The policy installation length is still too long. It was promised that the time would be severely reduced in newer versions, but it is still too long."
"The number of physical network ports on the device should be increased to allow for greater capacity."
"Identity Awareness has been a massive source of problems for our deployment and the ability to debug it has been lacking."
"The management of memory in the hardware needs to improve. They have had a lot of issues with memory leakage."
"If you have the standard support level, sometimes they take a long time to understand or even give you a solution or good workaround to a problematic situation."
"I find it a bit costly to pay for the products that I am not using. They need to change their model in such a way that you don't have to pay for the products that you are not using. Its local support and scalability are also not good. I am looking forward to a more scalable product that will be able to grow with time and technology."
"My experience with the solutions technical support is fine but they could be faster in responding."
"The comprehensiveness of the security features could be improved upon. However, for the most part, it is pretty good. They could add more logs. I would like to see more detailed reporting, custom reporting from the logs, and more of a streamlined interface for certain aspects."
"The solution should offer more dashboards."
"The denial of service could also be improved. There recently was a big issue with denial of service attacks and it was a bit laborious."
"I would like it if the interface section had multiple failovers. Although I do have three connections, just in case our physical cables get disconnected, I can only set up one failover as a backup. So, if for some reason our fiber and our AFM went down together, I would have to have it search for our 4G modem. I'd love to have extra backups running."
"The Kerio hardware devices look cheap and could be improved. Some of our clients are switching to Sophos because their hardware has a more sleek design."
"The reporting needs to be improved. It is hard to get a domain."
"When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today."
"The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
"The solution was chosen because of its price compared to other similar solutions."
"It definitely competes with the other vendors in the market."
"The price is comparable."
"This product is expensive."
"Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees."
"Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
"Check Point Firewall costs more compared to the other firewalls in the markets, as pricing is little high. However, it is easy to take the license and use it in the firewall."
"The vendor has a very flexible licensing approach."
"The cost of the pricing and licensing are okay. They are giving me a good product as far as I know. It is more expensive than Cisco, but cheaper than Palo Alto, which is fine. It has many good features, so it deserves a good price as well."
"This product is not cheap and there are additional costs that depend on what model or package that you buy."
"The price of Check Point is lower than Palo Alto but higher than Cisco ASA."
"Use the basic sizing tool to do the correct sizing so you don't waste too much money, because it's not a very cheap solution when compared to other vendors."
"The licensing is straightforward; there are only three types of licenses that include NGFW, NGTP, and SNBT, so the organization can choose its license according to their requirements."
"Each blade requires that you have a license."
"It is a good fit for SMBs because of its maintainability. When you want to keep your costs low, then Kerio Control is a very good solution. It's not an expensive product that is well integrated. It has a complete set of features within it that make it a very strong product."
"Its initial cost is less as compared to other products. It becomes a bit costly when you pay for the products that you don't use. We paid for almost all the products through subscription, but we are using only a few products. We use EndPointSecurity, Kerio Connect, WebMonitor, and LanGuard. We don't use the rest of the products."
"The price of Kerio Control could be better, it is a bit overpriced compared to other solutions."
"The yearly maintenance fee is a bit high for the Kerio Control Boxes. The end of life for the devices is kind of short. It seems like they're making you upgrade within a short period of time. They should at least allow five years, but it seems like they are changing their end of life to be shorter to generate revenue."
"I think it is a bit on the pricey side, but it's okay. I've got 50 licenses which I think is $250 a year or something like that."
"On the low-end device that I use, it has unlimited IP addresses. So, they have a subscription model where, on the higher models, you pay X dollars for 10 IP addresses. Then, if you want any more, you have to pay more on the model. On the low-end model, it has unlimited IP addresses, because if you have too many users, the thing will just slow you down and stop working. At some point, you need to say, "Okay, I've grown to a point where performance is impacted. I need to get some bigger hardware." If I get to that stage, I will possibly look at using one of the virtual appliances and putting it on some bigger hardware."
"It gives us a lot. It does prove to be a very robust product for the cost."
"I am living in Iran and we cannot buy the product from Kerio because of sanctions."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Offered via the Check Point Infinity architecture, Check Point’s NGFW includes 23 Firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance. Learn More about Next Generation Firewall and What is Firewall?
Kerio Control brings together next-generation firewall capabilities -- including a network firewall and router, intrusion detection and prevention (IPS), gateway anti-virus, VPN, and web content and application filtering. These comprehensive capabilities and unmatched deployment flexibility make Kerio Control the ideal choice for small and mid-sized businesses.
Check Point NGFW is ranked 2nd in Firewalls with 149 reviews while Kerio Control is ranked 9th in Firewalls with 30 reviews. Check Point NGFW is rated 8.8, while Kerio Control is rated 8.0. The top reviewer of Check Point NGFW writes "Central architecture means we can see an end-to-end picture of attacks". On the other hand, the top reviewer of Kerio Control writes "Through the ease of how quickly we could roll out the VPN to everybody, we had whole companies remotely working overnight". Check Point NGFW is most compared with Fortinet FortiGate, Azure Firewall, Palo Alto Networks NG Firewalls, Meraki MX and Stormshield Network Security, whereas Kerio Control is most compared with pfSense, Fortinet FortiGate, Sophos UTM, Sophos XG and SonicWall NSa. See our Check Point NGFW vs. Kerio Control report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.