We just raised a $30M Series A: Read our story

Compare Check Point NGFW vs. Palo Alto Networks VM-Series

Cancel
You must select at least 2 products to compare!
Featured Review
Find out what your peers are saying about Check Point NGFW vs. Palo Alto Networks VM-Series and other solutions. Updated: November 2021.
553,954 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable.""It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS.""The most valuable features of this solution are advanced malware protection, IPS, and IDS.""I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable.""I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection.""Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening.""It's got the capabilities of amassing a lot of throughput with remote access and VPNs.""Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch."

More Cisco Firepower NGFW Firewall Pros »

"The only area that Check Point still seems to excel in is their logging.""The most valuable features are application control, regulation, and threat prevention.""Check Point has a really cool GUI.""The central management console has helped with segregation, where planned interventions with management consoles do not have any impact on production or critical business traffic.""The scalability is very good.""Check Point has strong security features as well as some decent monitoring and management capabilities.""Check Point has a centralized console that makes it possible to manage all the deployed equipment. It also has a built-in VPN service that lets users connect through VPN to our organization, which facilitates teleworking while cutting off unauthorized access to the organization's internal network.""We found a very successful implementation of the virtual private network client, since, for some time now, everyone has been working from home."

More Check Point NGFW Pros »

"The most valuable aspects of this solution are that it's simple and stable. It has better security aspects compared to other similar solutions.""The most valuable feature is that you can control your traffic flowing out and coming it, allowing you to apply malware and threat protection, as well as vulnerability checks.""The most valuable feature is that you can launch it in a very short time. You don't have to wait for the hardware to arrive and get it staged and installed. From that perspective, it is easy to launch. It is also scalable.""In Palo Alto the most important feature is the App-ID.""The feature that I have found the most useful is that it meets all our requirements technically.""Palo Alto Networks VM-Series is very easy to use.""Using Palo Alto Networks Panorama, we were able to deploy a single point of management and visualization of the firewall infrastructure in cloud, on-premise and integrated with Azure to automate scale up. Its security features, i.e. anti-malware, threat prevention, URL Filtering, VPN, and antivirus are the most valuable. The ID-User integrated with AD and 2FA features are also very useful to provide secure access to servers and some users in the company. ""The initial setup was straightforward."

More Palo Alto Networks VM-Series Pros »

Cons
"The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough.""The price and SD-WAN capabilities are the areas that need improvement.""This product is managed using the Firepower Management Center (FMC), but it would be better if it also supported the command-line interface (CLI).""The solution could offer better control that would allow the ability to restrictions certain features from a website.""I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here.""In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard.""FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively.""Cisco makes horrible UIs, so the interface is something that should be improved."

More Cisco Firepower NGFW Firewall Cons »

"The VPN part was actually one of the most complex parts for us. It was not easy for us to switch from Cisco, because of one particular part of the integration: connecting the Check Point device to an Entrust server. Entrust is a solution that provides two-factor authentication. We got around it by using another server, a solution called RADIUS.""The training for Check Point Firewall should increase, including the number of Training Centers. For most new people in our organization, we have to provide them training from our end, as they are not trained in Check Point Firewalls. So, we have to do the training, from our point of view, to make our engineers able to use Check Point Firewalls. However, with other firewalls, they are already trained, so we are not require to provide them training. This could be improved by the Check Point Community.""I have had some issues in the past with the desktop client being slow to come up for logging in, and then slow to respond to screen changes, however, overall, it really hasn't been too bad.""There are issues with stability while upgrading devices with hotfixes.""For the next release, we would like to have better ruleset cleanup tools that are already included.""When I was creating the VPN on it and the client side through the portal, that feature was very annoying. I could not use it. It was much more usable after downloading it to the laptop. That was very good compared to using it directly from the browser.""In a VPN setup, we have Internet connection via Check Point. The connectivity is not turnkey like competing devices. We have not yet terminated our site-to-site VPN because things are fluctuating right now and Check Point needs to be upgraded. Also, their troubleshooting needs to be improved for this.""Check Point products have many places that need to be improved, but they are constantly upgrading."

More Check Point NGFW Cons »

"It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities. There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments. It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity.""The one issue that I didn't like is that the SNMP integration with interfaces didn't record the interface counters.""In the next release, I would like for them to develop an anti-malware functionality in which it checks for malicious files like Cisco has.""Integrative capabilities with other solutions should be addressed.""The implementation should be simplified.""There should be an option for direct integration with the Azure platform.""In the next release, I would like to see better integration between the endpoints and the firewalls.""Its web interface is a bit outdated, and it needs to be updated. They can also improve the NAT functionality. We have had issues with the NAT setup."

More Palo Alto Networks VM-Series Cons »

Pricing and Cost Advice
"This product requires licenses for advanced features including Snort, IPS, and malware detection.""Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees.""Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed.""The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case.""It definitely competes with the other vendors in the market.""The solution was chosen because of its price compared to other similar solutions.""For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive.""This product is expensive."

More Cisco Firepower NGFW Firewall Pricing and Cost Advice »

"Check Point is a little more expensive than FortiGate.""The pricing and licensing part is something that could be improved. Check Point license and pricing are a bit higher compared to competing firewalls. I think they can work on that.""The price is too high.""Check Point brings good value for the money and is competitive in the market.""The licensing fees are paid on a monthly basis and I am happy with the pricing.""Its price is reasonable. If we compare its TCO for three years, it is more reasonable than some of the other vendors such as Fortinet, Palo Alto, etc.""Each blade requires that you have a license.""Check Point Firewall costs more compared to the other firewalls in the markets, as pricing is little high. However, it is easy to take the license and use it in the firewall."

More Check Point NGFW Pricing and Cost Advice »

"Because I work for a university and the URL is for the institution, it's a free license for us.""The price of this solution is very high for some parts of Africa, which makes it a challenge.""The cost of this product varies from customer to customer and the relationship with IBM, including how many offerings from IBM are already being used.""The VM series is licensed annually.""Palo Alto can be as much as two times the price of competing products that have twice the capabilities.""It is not the cheapest on the market. The total cost for two firewall instances is $75,000. This includes licenses, deployment fees, and support for two years."

More Palo Alto Networks VM-Series Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
553,954 professionals have used our research since 2012.
Questions from the Community
Top Answer:  When you compare these firewalls you can identify them with different features, advantages, practices and… more »
Top Answer:  The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
Top Answer: It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
Top Answer: I have experience on both from Disti and channel experience. Please find below my comments (nothing new as such)… more »
Top Answer: Azure Firewall is easy to use and provides excellent support. Valuable features include integration into the overall… more »
Top Answer: The central management console has helped with segregation, where planned interventions with management consoles do not… more »
Top Answer: In the best tradition of these questions, Feature-wise both are quite similar, but each has things it's better at, it… more »
Top Answer: Both products are very stable and easily scalable. The setup of Azure Firewall is easy and very user-friendly and the… more »
Top Answer: The initial setup was straightforward.
Comparisons
Also Known As
Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
Check Point NG Firewall, Check Point Next Generation Firewall
Learn More
Overview

Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

Offered via the Check Point Infinity architecture, Check Point’s NGFW includes 23 Firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance. Learn More about Next Generation Firewall and What is Firewall?

The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM.

The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports.

In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.

Offer
Learn more about Cisco Firepower NGFW Firewall
Learn more about Check Point NGFW
Learn more about Palo Alto Networks VM-Series
Sample Customers
Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
Control Southern, Optimal Media
Warren Rogers Associates
Top Industries
REVIEWERS
Comms Service Provider22%
Financial Services Firm16%
Manufacturing Company8%
Non Profit8%
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company21%
Government7%
Manufacturing Company4%
REVIEWERS
Financial Services Firm26%
Computer Software Company13%
Comms Service Provider8%
Retailer6%
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company22%
Government6%
Financial Services Firm6%
REVIEWERS
Financial Services Firm23%
Manufacturing Company15%
Government15%
University8%
VISITORS READING REVIEWS
Computer Software Company30%
Comms Service Provider19%
Financial Services Firm5%
Government5%
Company Size
REVIEWERS
Small Business43%
Midsize Enterprise28%
Large Enterprise29%
VISITORS READING REVIEWS
Small Business21%
Midsize Enterprise13%
Large Enterprise66%
REVIEWERS
Small Business23%
Midsize Enterprise20%
Large Enterprise57%
VISITORS READING REVIEWS
Small Business19%
Midsize Enterprise25%
Large Enterprise56%
REVIEWERS
Small Business38%
Midsize Enterprise31%
Large Enterprise31%
Find out what your peers are saying about Check Point NGFW vs. Palo Alto Networks VM-Series and other solutions. Updated: November 2021.
553,954 professionals have used our research since 2012.

Check Point NGFW is ranked 2nd in Firewalls with 151 reviews while Palo Alto Networks VM-Series is ranked 11th in Firewalls with 16 reviews. Check Point NGFW is rated 8.8, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Check Point NGFW writes "Central architecture means we can see an end-to-end picture of attacks". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "An excellent solution for the right situations and businesses". Check Point NGFW is most compared with Fortinet FortiGate, Azure Firewall, Palo Alto Networks NG Firewalls, Meraki MX and OPNsense, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate, Cisco ASA Firewall, Juniper SRX and Check Point CloudGuard Network Security. See our Check Point NGFW vs. Palo Alto Networks VM-Series report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.