We just raised a $30M Series A: Read our story

Compare Check Point NGFW vs. Palo Alto Networks NG Firewalls

Cancel
You must select at least 2 products to compare!
Featured Review
Find out what your peers are saying about Check Point NGFW vs. Palo Alto Networks NG Firewalls and other solutions. Updated: November 2021.
552,305 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now.""The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable.""The feature set is fine and is rarely a problem.""A good intrusion prevention system and filtering.""The most valuable feature is the access control list (ACL).""The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate.""If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.""Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."

More Cisco Firepower NGFW Firewall Pros »

"The firewall and IPS are the most valuable features of the solution.""The firewalling feature and the VPN functionality are excellent.""The pricing is okay.""Check Point NGFW is easy to use, flexible and provides good performance. The security of the product is excellent, we do not have to do a lot of patching or upgrades because of vulnerabilities.""The QoS blade is very good for controlling traffic such as Windows patches, mail traffic and other stuff.""The firewall feature and DDoS Protector, when turned on, keep away attacks from the outside. They also prevent users from accessing things on the Internet that they are not supposed to access.""Check Point is very administrator-friendly and the SmartDashboard is easy to use.""The most valuable feature of the firewall is the packet inspection. That is an amazing feature from Check Point."

More Check Point NGFW Pros »

"The most valuable features are the IPS/IDS subscriptions.""The most valuable features of this solution are all of the services it provides.""I love the Policy Optimizer feature. I am also completely happy with its stability.""I like that it has high security.""Identifying applications is very easy with this solution.""It's a next-generation firewall and it's pretty stable. You don't have to worry about if you restart it for some maintenance. It will just come back.""The scalability is very good.""This solution not only provides better security than flat VLAN segments but allows easy movement through the lifecycle of the server."

More Palo Alto Networks NG Firewalls Pros »

Cons
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore.""The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution.""The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second.""There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility.""Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment.""The solution could offer better control that would allow the ability to restrictions certain features from a website.""On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it.""The initial setup could be simplified, as it can be complex for new users."

More Cisco Firepower NGFW Firewall Cons »

"I would rate the technical support as a seven out of 10. Sometimes, it's difficult to get them to understand what the issue is. Sometimes, the issue is not resolved, then we solve it by ourselves with Check Point's documentation, which can be useful. When you open a case with Check Point, they can be a little slow. Sometimes, they don't solve things.""I would like the user interface to be more user-friendly. I want the UI to be easier to use than Check Point's competitors.""There have been a few requests/issues about the Identity Awareness feature.""The number of physical network ports on the device should be increased to allow for greater capacity.""I have had some issues in the past with the desktop client being slow to come up for logging in, and then slow to respond to screen changes, however, overall, it really hasn't been too bad.""Debugging is very complex when compared to Fortinet, for example. That's the worst thing about Check Point. The deployment of the solution is harder than it is with the competitors. But after you've deployed it, the operation is easy.""They should integrate all blades to use a single policy rather than multiple.""Some features, like the VPN, antispam, data loss prevention, etc., are managed in an external console. In the future, I'd like all features in the same console, in one place, where we can see and configure all features."

More Check Point NGFW Cons »

"This is a difficult product to manage, so the administrator needs to have a good knowledge of it, otherwise, they will not be able to handle it properly.""The machine learning in Palo Alto NG Firewalls for securing networks against threats that are able to evolve and morph rapidly is good, in general. But there have been some cases where we get false positives and Palo Alto has denied traffic when there have been new updates and signature releases. Valid traffic gets blocked. We have had some bad experiences with this. If there were an ability, before it denies traffic, to get some kind of notification that some traffic is going to be blocked, that would be good.""I would like to see better integration with IoT technologies.""The solution could be simplified.""Its scalability for on-prem deployments can be better. For an on-prem deployment, the hardware has to be replaced if the volume goes up to a certain level.""Having a better pricing model would make this product more competitive, and more affordable for our customers.""I would like the option to be able to block the traffic from a specific country in a few clicks.""This solution cannot be implemented on-premises; it's only a cloud solution. The price is high as well."

More Palo Alto Networks NG Firewalls Cons »

Pricing and Cost Advice
"The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case.""I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way.""When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis.""For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive.""This solution is expensive and other solutions, such as FortiGate, are cheaper.""Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed.""The price is comparable.""There are additional implementation and validation costs."

More Cisco Firepower NGFW Firewall Pricing and Cost Advice »

"We had to get separate licenses for the different blades. It would be nice to have a feature where we can get the multiple licenses all-in-one instead.""The price of this product is not too costly and you do not need to pay for all of the features.""You get licensing bundles, so depending on which features you want to activate, your license is going to be more expensive. Some things, like Threat Extraction and Threat Emulation, require subscriptions.""The price of Check Point is lower than Palo Alto but higher than Cisco ASA.""I think that the pricing is different for every organization.""Comparatively, Check Point pricing is a little high. However, if you have that budget, I would recommend anybody to go with Check Point.""Licensing is on a yearly basis and I am happy with the pricing.""The price could be decreased, because the competitors of Check Point Firewall are giving lower prices in comparison."

More Check Point NGFW Pricing and Cost Advice »

"The NG firewall is an expensive solution.""Active/Passive mode is very redundant, but they require you to buy all the associated licensing for both firewalls, which is kind of a waste of money because you are really only using the services on one firewall at a time.""Its price should be improved.""This solution is quite expensive.""It has a yearly subscription.""The price of this product should be reduced.""You pay based on the kind of license you require, but comparatively, it is not very expensive.""I am not involved in the commercial side, but I believe that Palo Alto is quite expensive compared to others."

More Palo Alto Networks NG Firewalls Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
552,305 professionals have used our research since 2012.
Questions from the Community
Top Answer:  When you compare these firewalls you can identify them with different features, advantages, practices and… more »
Top Answer:  The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
Top Answer: It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
Top Answer: I have experience on both from Disti and channel experience. Please find below my comments (nothing new as such)… more »
Top Answer: Azure Firewall is easy to use and provides excellent support. Valuable features include integration into the overall… more »
Top Answer: The central management console has helped with segregation, where planned interventions with management consoles do not… more »
Top Answer: Azure Firewall Vs. Palo Alto Network NG Firewalls Both solutions provide stellar stability and security. Azure… more »
Top Answer: In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
Top Answer: Palo Alto Networks NG Firewalls have both great features and performance. I like that Palo Alto has regular threat… more »
Comparisons
Also Known As
Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
Check Point NG Firewall, Check Point Next Generation Firewall
Palo Alto NGFW, Palo Alto Networks Next-Generation Firewall, Palo Alto Networks PA-Series
Learn More
Overview

Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

Offered via the Check Point Infinity architecture, Check Point’s NGFW includes 23 Firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance. Learn More about Next Generation Firewall and What is Firewall?

Palo Alto Networks' next-generation firewalls secure your business with a prevention-focused architecture and integrated innovations that are easy to deploy and use. Now, you can accelerate growth and eliminate risks at the same time.

Offer
Learn more about Cisco Firepower NGFW Firewall
Learn more about Check Point NGFW
Learn more about Palo Alto Networks NG Firewalls
Sample Customers
Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
Control Southern, Optimal Media
SkiStar AB, Ada County, Global IT Services PSF, Southern Cross Hospitals, Verge Health, University of Portsmouth, Austrian Airlines, The Heinz Endowments
Top Industries
REVIEWERS
Comms Service Provider22%
Financial Services Firm16%
Manufacturing Company8%
Non Profit8%
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company21%
Government7%
Manufacturing Company4%
REVIEWERS
Financial Services Firm26%
Computer Software Company12%
Comms Service Provider8%
Retailer6%
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company22%
Government6%
Financial Services Firm6%
REVIEWERS
Comms Service Provider21%
Computer Software Company19%
Financial Services Firm12%
Healthcare Company7%
VISITORS READING REVIEWS
Comms Service Provider26%
Computer Software Company24%
Government6%
Energy/Utilities Company4%
Company Size
REVIEWERS
Small Business43%
Midsize Enterprise28%
Large Enterprise29%
VISITORS READING REVIEWS
Small Business21%
Midsize Enterprise13%
Large Enterprise66%
REVIEWERS
Small Business22%
Midsize Enterprise20%
Large Enterprise58%
VISITORS READING REVIEWS
Small Business18%
Midsize Enterprise25%
Large Enterprise56%
REVIEWERS
Small Business40%
Midsize Enterprise31%
Large Enterprise29%
VISITORS READING REVIEWS
Small Business35%
Midsize Enterprise15%
Large Enterprise50%
Find out what your peers are saying about Check Point NGFW vs. Palo Alto Networks NG Firewalls and other solutions. Updated: November 2021.
552,305 professionals have used our research since 2012.

Check Point NGFW is ranked 2nd in Firewalls with 147 reviews while Palo Alto Networks NG Firewalls is ranked 7th in Firewalls with 67 reviews. Check Point NGFW is rated 8.8, while Palo Alto Networks NG Firewalls is rated 8.4. The top reviewer of Check Point NGFW writes "Central architecture means we can see an end-to-end picture of attacks". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "The product stability and level of security are second to none in the industry". Check Point NGFW is most compared with Fortinet FortiGate, Azure Firewall, Meraki MX, Juniper SRX and Cisco ASA Firewall, whereas Palo Alto Networks NG Firewalls is most compared with Fortinet FortiGate, Azure Firewall, Sophos XG, Meraki MX and Check Point CloudGuard Network Security. See our Check Point NGFW vs. Palo Alto Networks NG Firewalls report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.