We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now."
"The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable."
"The feature set is fine and is rarely a problem."
"A good intrusion prevention system and filtering."
"The most valuable feature is the access control list (ACL)."
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
"The firewall and IPS are the most valuable features of the solution."
"The firewalling feature and the VPN functionality are excellent."
"The pricing is okay."
"Check Point NGFW is easy to use, flexible and provides good performance. The security of the product is excellent, we do not have to do a lot of patching or upgrades because of vulnerabilities."
"The QoS blade is very good for controlling traffic such as Windows patches, mail traffic and other stuff."
"The firewall feature and DDoS Protector, when turned on, keep away attacks from the outside. They also prevent users from accessing things on the Internet that they are not supposed to access."
"Check Point is very administrator-friendly and the SmartDashboard is easy to use."
"The most valuable feature of the firewall is the packet inspection. That is an amazing feature from Check Point."
"The most valuable features are the IPS/IDS subscriptions."
"The most valuable features of this solution are all of the services it provides."
"I love the Policy Optimizer feature. I am also completely happy with its stability."
"I like that it has high security."
"Identifying applications is very easy with this solution."
"It's a next-generation firewall and it's pretty stable. You don't have to worry about if you restart it for some maintenance. It will just come back."
"The scalability is very good."
"This solution not only provides better security than flat VLAN segments but allows easy movement through the lifecycle of the server."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution."
"The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second."
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility."
"Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment."
"The solution could offer better control that would allow the ability to restrictions certain features from a website."
"On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it."
"The initial setup could be simplified, as it can be complex for new users."
"I would rate the technical support as a seven out of 10. Sometimes, it's difficult to get them to understand what the issue is. Sometimes, the issue is not resolved, then we solve it by ourselves with Check Point's documentation, which can be useful. When you open a case with Check Point, they can be a little slow. Sometimes, they don't solve things."
"I would like the user interface to be more user-friendly. I want the UI to be easier to use than Check Point's competitors."
"There have been a few requests/issues about the Identity Awareness feature."
"The number of physical network ports on the device should be increased to allow for greater capacity."
"I have had some issues in the past with the desktop client being slow to come up for logging in, and then slow to respond to screen changes, however, overall, it really hasn't been too bad."
"Debugging is very complex when compared to Fortinet, for example. That's the worst thing about Check Point. The deployment of the solution is harder than it is with the competitors. But after you've deployed it, the operation is easy."
"They should integrate all blades to use a single policy rather than multiple."
"Some features, like the VPN, antispam, data loss prevention, etc., are managed in an external console. In the future, I'd like all features in the same console, in one place, where we can see and configure all features."
"This is a difficult product to manage, so the administrator needs to have a good knowledge of it, otherwise, they will not be able to handle it properly."
"The machine learning in Palo Alto NG Firewalls for securing networks against threats that are able to evolve and morph rapidly is good, in general. But there have been some cases where we get false positives and Palo Alto has denied traffic when there have been new updates and signature releases. Valid traffic gets blocked. We have had some bad experiences with this. If there were an ability, before it denies traffic, to get some kind of notification that some traffic is going to be blocked, that would be good."
"I would like to see better integration with IoT technologies."
"The solution could be simplified."
"Its scalability for on-prem deployments can be better. For an on-prem deployment, the hardware has to be replaced if the volume goes up to a certain level."
"Having a better pricing model would make this product more competitive, and more affordable for our customers."
"I would like the option to be able to block the traffic from a specific country in a few clicks."
"This solution cannot be implemented on-premises; it's only a cloud solution. The price is high as well."
"The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
"I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
"When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis."
"For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
"This solution is expensive and other solutions, such as FortiGate, are cheaper."
"Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
"The price is comparable."
"There are additional implementation and validation costs."
"We had to get separate licenses for the different blades. It would be nice to have a feature where we can get the multiple licenses all-in-one instead."
"The price of this product is not too costly and you do not need to pay for all of the features."
"You get licensing bundles, so depending on which features you want to activate, your license is going to be more expensive. Some things, like Threat Extraction and Threat Emulation, require subscriptions."
"The price of Check Point is lower than Palo Alto but higher than Cisco ASA."
"I think that the pricing is different for every organization."
"Comparatively, Check Point pricing is a little high. However, if you have that budget, I would recommend anybody to go with Check Point."
"Licensing is on a yearly basis and I am happy with the pricing."
"The price could be decreased, because the competitors of Check Point Firewall are giving lower prices in comparison."
"The NG firewall is an expensive solution."
"Active/Passive mode is very redundant, but they require you to buy all the associated licensing for both firewalls, which is kind of a waste of money because you are really only using the services on one firewall at a time."
"Its price should be improved."
"This solution is quite expensive."
"It has a yearly subscription."
"The price of this product should be reduced."
"You pay based on the kind of license you require, but comparatively, it is not very expensive."
"I am not involved in the commercial side, but I believe that Palo Alto is quite expensive compared to others."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Offered via the Check Point Infinity architecture, Check Point’s NGFW includes 23 Firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance. Learn More about Next Generation Firewall and What is Firewall?
Palo Alto Networks' next-generation firewalls secure your business with a prevention-focused architecture and integrated innovations that are easy to deploy and use. Now, you can accelerate growth and eliminate risks at the same time.
Check Point NGFW is ranked 2nd in Firewalls with 147 reviews while Palo Alto Networks NG Firewalls is ranked 7th in Firewalls with 67 reviews. Check Point NGFW is rated 8.8, while Palo Alto Networks NG Firewalls is rated 8.4. The top reviewer of Check Point NGFW writes "Central architecture means we can see an end-to-end picture of attacks". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "The product stability and level of security are second to none in the industry". Check Point NGFW is most compared with Fortinet FortiGate, Azure Firewall, Meraki MX, Juniper SRX and Cisco ASA Firewall, whereas Palo Alto Networks NG Firewalls is most compared with Fortinet FortiGate, Azure Firewall, Sophos XG, Meraki MX and Check Point CloudGuard Network Security. See our Check Point NGFW vs. Palo Alto Networks NG Firewalls report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.