We changed our name from IT Central Station: Here's why

Check Point NGFW vs pfSense comparison

Cancel
You must select at least 2 products to compare!
Check Point NGFW Logo
18,039 views|12,642 comparisons
pfSense Logo
79,984 views|64,227 comparisons
Featured Review
Find out what your peers are saying about Check Point NGFW vs. pfSense and other solutions. Updated: January 2022.
563,327 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS).""It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS.""Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches.""It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective.""Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be.""I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection.""The most valuable features of this solution are the integrations and IPS throughput.""When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well."

More Cisco Firepower NGFW Firewall Pros →

"Policy configuration has been consistent over the years, so there is not much of a learning curve as upgrades are released.""The most valuable features are application control, regulation, and threat prevention.""Check Point provides dedicated blades to monitor network traffic, which helps while troubleshooting network and packet-related issues.""Check Point helps a lot with automatization which definitely reduces the effort to maintain the environment.""What gives me the most value is undoubtedly the security that the anti-bot and anti-virus blades provide.""In R80.10 and above, you can view logs in SmartConsole. You don't have to open another smart tracker to view logs. That is the improvement Check Point has done which makes it better because it is much easier to find logs. This saves time, approximately 40 to 50 a day in one shift.""On the firewall side, the security efficacy is good.""My customers cite performance and ease of configuration as two of the solution's most valuable features."

More Check Point NGFW Pros →

"The main features of this solution are customization and ease to use.""The solution is very easy to use and configure.""I especially like the VPN part. It works like a charm.""Some of the terminologies were more familiar to me than it was when I first encountered Cisco.""The solution has good customization abilities and plenty of features.""It is a stable solution. It is also easy to install and can be deployed and maintained by one team member.""The interface is straightforward and easy to use.""I'm the expert when it comes to Linux systems, however, with the pfSense, due to the web interface, the rest of the staff can actually make changes to it as required without me worrying about whether they've opened up ports incorrectly or not. The ease of use for non-expert staff is very good."

More pfSense Pros →

Cons
"When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance.""An area of improvement for this solution is the console visualization.""Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment.""My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement.""The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution.""We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond.""The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough.""The initial setup can be a bit complex for those unfamiliar with the solution."

More Cisco Firepower NGFW Firewall Cons →

"The equipment is complex, so you need guidance from specialized people or those who constantly work with Check Point. Better forums and information manuals could be provided so that users from different institutions can have more access to the information.""The level and availability of training should be improved.""For the next release, we would like to have better ruleset cleanup tools that are already included.""The improvement could come from better monitoring of traffic data in and out of the firewall.""The area it needs improvement is the SandBlast Agent. It receives a file, or if it detects a Zero-day attack, it takes the file and analyzes it, either on-premise or in the Check Point Cloud, and then it reports back whether the file is secure or non-secure, or is unknown. That particular area definitely needs a bit more improvement, because there is a delay... where it needs improvement is where [SandBlast is] an appliance-based solution rather than a software or cloud-based solution.""Sometimes we need to find a resolution by ourselves as the solution's knowledge base is not enough.""Integration with a third-party authentication mechanism is tricky and needs to be planned well.""The exterior of the physical device can be improved with the use of a display and not just simple lights."

More Check Point NGFW Cons →

"They can improve the dynamic of the input of IPs from outside.""In terms of areas of improvement, the interface seemed like it had a lot. The GUI interface that I had gotten into was rather elaborate. I don't know if they could zero in on some markets and potentially for small, medium businesses specifically, give them a stripped-down version of the GUI for pfSense.""The technical support needs to be improved.""We are at the moment looking to use it as a proxy service so that we can limit what websites people go and view and that sort of thing. That's an area I've struggled with a little bit at the moment and it could be a bit easier to set up.""The user interface can be improved to make it easier to add more features. And pfSense could be better integrated with other solutions, like antivirus.""If a user doesn't have a large amount of experience in Linux systems, they will have problems using this solution. Users need to be highly skilled in troubleshooting competency. Users who do not have such skills will find the product difficult to use.""In an upcoming release, the reporting could be more user-friendly. For example, the reporting in graphs and charts for the host can be cumbersome.""The VPN feature of the solution could improve by adding better functionality and providing easier configure ability."

More pfSense Cons →

Pricing and Cost Advice
  • "Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
  • "There are additional implementation and validation costs."
  • "Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
  • "This product requires licenses for advanced features including Snort, IPS, and malware detection."
  • "This product is expensive."
  • "For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
  • "The price of Firepower is not bad compared to other products."
  • "The solution was chosen because of its price compared to other similar solutions."
  • More Cisco Firepower NGFW Firewall Pricing and Cost Advice →

  • "Maybe the pricing is a bit high but you get the durability and the duration."
  • "Licensing issues may be confusing at times."
  • "It is quite an expensive product, although security is a top priority."
  • "This product is not cheap and there are additional costs that depend on what model or package that you buy."
  • "Palo Alto is somehow not as good as Check Point, budget-wise and performance-wise. Palo Alto is more costly than Check Point."
  • "Comparatively, Check Point pricing is a little high. However, if you have that budget, I would recommend anybody to go with Check Point."
  • "The pricing and licensing are expensive. If you compare it with Fortinet, then it is cheaper on a yearly basis. However, Check Point is the most expensive firewall right now in terms of licenses and its appliance. My recommendation is if you want a long-term investment, then you should use an open server. If you use an open server, then the latency is really low. If you pay for a full appliance, it's more expensive."
  • "Use the basic sizing tool to do the correct sizing so you don't waste too much money, because it's not a very cheap solution when compared to other vendors."
  • More Check Point NGFW Pricing and Cost Advice →

  • "This solution provides enterprise-level features at a fraction of the cost of an enterprise firewall."
  • "It is an open source firewall."
  • "We are using the open-source version, not the commercial one."
  • "It has almost zero cost, and it is open to us. It runs on a small appliance just for a couple of 100 bucks, and I've never had an appliance burn out on me yet."
  • "It is open source."
  • "I spent a couple of $1,000 on hardware, and the OS was free. A comparable firewall would cost me probably 20 grand. It saved a lot of money."
  • "I like the fact that it is open-source."
  • "pfSense is open-source, but the support is something that the customer pays for."
  • More pfSense Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    563,327 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: 
    When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer: 
    The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
    Top Answer: 
    It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer: 
    I have experience on both from Disti and channel experience. Please find below my comments (nothing new as such)… more »
    Top Answer: 
    Azure Firewall is easy to use and provides excellent support. Valuable features include integration into the overall… more »
    Top Answer: 
    The central management console has helped with segregation, where planned interventions with management consoles do not… more »
    Top Answer: 
    Fortinet’s Fortigate is a firewall solution we use and are very much satisfied with its performance. We find Fortigate… more »
    Top Answer: 
    Two of the most common and well recognized firewalls, PfSense and OPNsense both support site-to-site IPsec VPN and… more »
    Top Answer: 
    pfSense is a nice product, and I find that there's a lot of information out there. There are some good tutorials on… more »
    Comparisons
    Also Known As
    Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
    Check Point NG Firewall, Check Point Next Generation Firewall
    Learn More
    Netgate
    Video Not Available
    Overview

    Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
    small/branch offices to high performance data centers and service providers. Available in a wide
    range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
    defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
    Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
    features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
    volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
    for increased performance, high availability configurations, and more.
    Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
    deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
    the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
    can deliver micro-segmentation to protect east-west network traffic.
    Cisco firewalls provide consistent security policies, enforcement, and protection across all your
    environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
    delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
    SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
    greater simplicity, visibility, and efficiency.
    Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

    Offered via the Check Point Infinity architecture, Check Point’s NGFW includes 23 Firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance. Learn More about Next Generation Firewall and What is Firewall?

    Providing comprehensive network security solutions for the enterprise, large business and SOHO, pfSense solutions bring together the most advanced technology available to make protecting your network easier than ever before. Our products are built on the most reliable platforms and are engineered to provide the highest levels of performance, stability and confidence.
    Offer
    Learn more about Cisco Firepower NGFW Firewall
    Learn more about Check Point NGFW
    Learn more about pfSense
    Sample Customers
    Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
    Control Southern, Optimal Media
    Nerds On Site Inc., RKC Development Inc., Expertech, Fisher's Technology, Ncisive, Consulting, CPURX, Vaughn's Computer House Calls, Imeretech LLC, Digital Crisis, Carolina Digital Phone, Technigogo Technology Services, The Simple Solution, SwiftecITInc, Rocky Mountain Tech Team, Free Range Geeks, Alaska Computer Geeks, Lark Information Technology, Renaissance Systems Inc., Cutting Edge Computers, Caretech LLC, GoVanguard, Network Touch Ltd, P.C. Solutions.Net, Vision Voice and Data Systems LLC, Montgomery Technologies, Techforce, Concero Networks, ASONInc, CPS Electronics and Consulting, Darkwire.net LLC, IT Specialists, MBS-Net Inc., VOICE1 LLC, Advantage Networking Inc., Powerhouse Systems, Doxa Multimedia Inc., Pro Computer Service, Virtual IT Services, A&J Computers Inc., Envision IT LLC, CommunicaONE Inc., Bone Computer Inc., Amax Engineering Corporation, QPG Ltd. Co., IT 101 Inc., Perfect Cloud Solutions, Applied Technology Group Inc., The Digital Sun Group LLC, Firespring
    Top Industries
    REVIEWERS
    Comms Service Provider22%
    Financial Services Firm16%
    Manufacturing Company8%
    Non Profit8%
    VISITORS READING REVIEWS
    Comms Service Provider33%
    Computer Software Company21%
    Government7%
    Manufacturing Company4%
    REVIEWERS
    Financial Services Firm26%
    Computer Software Company15%
    Comms Service Provider8%
    Retailer6%
    VISITORS READING REVIEWS
    Comms Service Provider33%
    Computer Software Company22%
    Government6%
    Financial Services Firm6%
    REVIEWERS
    University10%
    Comms Service Provider10%
    Marketing Services Firm8%
    Energy/Utilities Company6%
    VISITORS READING REVIEWS
    Comms Service Provider44%
    Computer Software Company15%
    Government6%
    Media Company4%
    Company Size
    REVIEWERS
    Small Business43%
    Midsize Enterprise28%
    Large Enterprise29%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise13%
    Large Enterprise66%
    REVIEWERS
    Small Business23%
    Midsize Enterprise19%
    Large Enterprise57%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise24%
    Large Enterprise56%
    REVIEWERS
    Small Business70%
    Midsize Enterprise17%
    Large Enterprise13%
    VISITORS READING REVIEWS
    Small Business56%
    Midsize Enterprise14%
    Large Enterprise30%
    Find out what your peers are saying about Check Point NGFW vs. pfSense and other solutions. Updated: January 2022.
    563,327 professionals have used our research since 2012.

    Check Point NGFW is ranked 2nd in Firewalls with 160 reviews while pfSense is ranked 3rd in Firewalls with 60 reviews. Check Point NGFW is rated 8.8, while pfSense is rated 8.6. The top reviewer of Check Point NGFW writes "Central architecture means we can see an end-to-end picture of attacks". On the other hand, the top reviewer of pfSense writes "Feature-rich, well documented, and there is good support available online". Check Point NGFW is most compared with Fortinet FortiGate, Azure Firewall, Palo Alto Networks NG Firewalls, Meraki MX and Forcepoint Next Generation Firewall, whereas pfSense is most compared with OPNsense, Fortinet FortiGate, Sophos UTM, Sophos XG and Zyxel Unified Security Gateway. See our Check Point NGFW vs. pfSense report.

    See our list of best Firewalls vendors.

    We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.