We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The most valuable features of this solution are the integrations and IPS throughput."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS."
"The feature set is fine and is rarely a problem."
"When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well."
"There are no issues that we are aware of. It does its job silently in the background."
"We have not had to deal with stability issues."
"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."
"Policy configuration has been consistent over the years, so there is not much of a learning curve as upgrades are released."
"We are delighted with the powerful management console and diagnostic tools."
"Check Point helps a lot with automatization which definitely reduces the effort to maintain the environment."
"It gives us centralized management for multiple firewalls. For example, if I want to push the same configuration in 10 firewalls, I can push it all at once with the help of the centralized management system."
"The only area that Check Point still seems to excel in is their logging."
"It's quite a stable solution."
"The way in which a computer is immediately isolated if it starts behaving badly and I get a notification of an infected computer is also extremely nice and a great feature."
"Check Point provides dedicated blades to monitor network traffic, which helps while troubleshooting network and packet-related issues."
"The interface and the dashboard are the most valuable features of this solution."
"The graphic user interface is very good and it is user-friendly which makes the product easy-to-use."
"The system in general is quite flexible."
"The initial implementation process is simple."
"The solution is good for a basic firewall for a small business or for home use."
"The VPN server feature is the most valuable. It is integrated with Radius and AAA for doing accounting and authentication. Insight view is also an important feature for me at this time. It allows me to assess our network traffic. I also like the firewall feature. The BSD kernel has a packet filter. It is one of the most solid frameworks for firewalls. Its user interface is one of the best interfaces I have used."
"The most valuable features are reporting, the Sensei plugin, and firewall capabilities."
"I have found the solution has some great features overall, such as guest access capabilities, dashboards, and ease of use. There is plenty of documentation and support and it has the plugins that I needed."
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"Report generation is an area that should be improved."
"The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second."
"The solution could offer better control that would allow the ability to restrictions certain features from a website."
"Implementations require the use of a console. It would help if the console was embedded."
"Although the GUI is simple to use and fairly comprehensive, more support via CLI would be beneficial for bulk operations."
"Check Point solutions have always been more complex to deploy than their competitors."
"The end-user VPN could be improved. It could benefit from some modification."
"The level and availability of training should be improved."
"Potential improvements could be made around simplifying VPN functionality and configuration."
"Reporting has to be improved."
"Check Point needs to work on hardware problems also."
"It would be ideal to manage everything from one central place."
"While they do have paid options that actually gives better features, for most of the clients, if they tend to take a paid option will instead opt for Fortinet."
"The solution could be more secure."
"The solution would not be suitable for anything large-scale."
"The ability to set the VPN IP address would be a welcome addition."
"The interface needs to be simplified. It is not user-friendly."
"The only thing that I would like to see improved is the Insight or the NetFlow analysis part. It would be good to have the possibility to dig down on the Insight platform. Right now, we can easily do only a few analyses. If this page becomes more powerful, it surely will be a well-adopted platform."
"The interface isn't so friendly user. But we have some technicians here who are quite confident with this tool. OPNSense could maybe add sets of rules so it's simpler to manage different groups with particular needs."
"The logging could improve in OPNsense."
"This product requires licenses for advanced features including Snort, IPS, and malware detection."
"The price is comparable."
"Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
"Its pricing is good and competitive. There is a maintenance cost. It includes SecureX that makes it cost-effective as compared to the other solutions where you have to pay for XDR and SOAR capabilities."
"The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
"There are additional implementation and validation costs."
"Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
"When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today."
"Cisco pushes clients to purchase their hardware, and this is not the case with Check Point. This helps to easily manage costs."
"Scaling requires the purchase of additional licenses."
"Use the basic sizing tool to do the correct sizing so you don't waste too much money, because it's not a very cheap solution when compared to other vendors."
"We had to get separate licenses for the different blades. It would be nice to have a feature where we can get the multiple licenses all-in-one instead."
"The vendor has a very flexible licensing approach."
"Each blade requires that you have a license."
"The pricing is a bit high, but obviously it gives you advanced features. If you want to buy the best thing on the market, you have to pay extra money."
"The price could be decreased, because the competitors of Check Point Firewall are giving lower prices in comparison."
"As an appliance, it's in the medium price range."
"The solution is not expensive."
"It is not an expensive product. Basically, I deployed it because it was the fastest solution to satisfy our needs in open source."
"OPNsense is an open-source solution and it is free to use."
"OPNsense is open source software so at this time it is free for us to use."
"OPNsense is a well known open-source tool."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Offered via the Check Point Infinity architecture, Check Point’s NGFW includes 23 Firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance. Learn More about Next Generation Firewall and What is Firewall?
OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.
Check Point NGFW is ranked 2nd in Firewalls with 147 reviews while OPNsense is ranked 19th in Firewalls with 11 reviews. Check Point NGFW is rated 8.8, while OPNsense is rated 8.0. The top reviewer of Check Point NGFW writes "Central architecture means we can see an end-to-end picture of attacks". On the other hand, the top reviewer of OPNsense writes "A solution that detects and blocks malicious content with good reporting and visibility, but the reliability needs improvement". Check Point NGFW is most compared with Fortinet FortiGate, Azure Firewall, Palo Alto Networks NG Firewalls, Meraki MX and Forcepoint Next Generation Firewall, whereas OPNsense is most compared with pfSense, Untangle NG Firewall, Sophos XG and Sophos UTM. See our Check Point NGFW vs. OPNsense report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.