We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."
"One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses."
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"If configured, Firepower provides us with application visibility and control."
"Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
"The most valuable feature is stability."
"The Adversity Malware Protection (AMP) feature is the most valuable. It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard."
"Check Point helps a lot with automatization which definitely reduces the effort to maintain the environment."
"The Check Point API let me make 100 net rules in just 10 minutes, which saved us time."
"The packet inspections have been a strong point."
"It is easy to control from the central management system. For example, if we have 10 firewalls, and we want to push that same configuration among them, we can use this solution's central management system to do that simultaneously. So, there is time saving in that way. The time savings does depend on the situation. For example, if I am running half an hour of work on each firewall, that will take around 300 minutes. However, if I do this work from the central management system, then it will only take 30 minutes to push the same configuration to those same 10 devices."
"We are delighted with the powerful management console and diagnostic tools."
"We used Check Point for implementation, and they are top-notch. They know the hardware and software better than anyone."
"As a system administrator my favourite part of Check Point is the smart view tracker. This alone is a must-have tool for tracking all traffic traversing the Check Point appliance."
"The threat emulation blade and user identity awareness feature has helped us a lot in terms of perimeter security and have given us granular visibility of user access."
"I like how you can configure the rules. There is the task for the rules and a task for the network configuration. It also provides SMD filtering, and it can be integrated with the active directory for the users, their mission, and the VPN configuration. We are here in Sudan, and Stormshield didn't work in Sudan for more than a decade. Stormshield is a very strong firewall and very easy to configure and maintain. I am just working with the firewall solution, and we don't have any other solutions like endpoint solutions or something like that."
"I like that it works fine. Stormshield is a very good solution."
"Easily manageable in a variety of environments."
"A very robust product."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution."
"Implementations require the use of a console. It would help if the console was embedded."
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility."
"The initial setup could be simplified, as it can be complex for new users."
"An area of improvement for this solution is the console visualization."
"Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment."
"With the version we're on, it's a bit time-consuming if you have multiple IP addresses to add. But in the later versions, which we're moving to, it makes it a lot easier to add IP addresses with dynamic objects, as they call it."
"One of my issues with Check Point is the stability. There have been too many bugs, over the years, when I compare them with other vendors. Their QA team should do better work before releasing their GA versions."
"The only thing which I think should be improved is that training should be increased. In my position I also interview potential employees and I haven't found many people in the market, nowadays, who are familiar with the Check Point firewall. They are more familiar with Palo Alto and Cisco ASA and they are more comfortable with them."
"The area it needs improvement is the SandBlast Agent. It receives a file, or if it detects a Zero-day attack, it takes the file and analyzes it, either on-premise or in the Check Point Cloud, and then it reports back whether the file is secure or non-secure, or is unknown. That particular area definitely needs a bit more improvement, because there is a delay... where it needs improvement is where [SandBlast is] an appliance-based solution rather than a software or cloud-based solution."
"The antivirus is not as effective as it could be because updates are not that frequent."
"Check Point's study materials should be provided by the company directly and be of very good quality. This is not provided right now and something that the company can improve."
"Although there is a lot of automation and pattern that can be classified automatically, the IPS systems are sometimes a little bit complicated, and doing the fine-tuning in over 20,000 patterns is hard to do."
"Sometimes when they bring on new upgrades, they affect something else."
"Improvement is needed in terms of the technical support of the manufacturer."
"The SD card could be more secure."
"It could be better if it were more user-friendly. It's too complicated for us to use it. The price could be better as well."
"The filtering configuration could be better. We have some difficulties with the filtering configuration and the filter extension. It's not that easy. It's not that straightforward. In the next release, I would like to see a reporting system. Stormshield doesn't have any tutorials on how to do the configuration and things like that. They just have documentation on the website. If you want to configure, for example, Cisco or Fortinet, you can find tutorials on YouTube. They show you how to configure the features, and so on. In Stormshield, there is nothing on social media or the internet on how to configure different things. The lack of documentation or the lack of material makes it difficult for others to adopt this solution."
"The solution was chosen because of its price compared to other similar solutions."
"This product requires licenses for advanced features including Snort, IPS, and malware detection."
"It definitely competes with the other vendors in the market."
"I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
"The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
"Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
"There are additional implementation and validation costs."
"When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today."
"There are three types of licensing: Threat Prevention, NGTP, and Next Generation Threat Extraction. Before, it used to be you would just enable the license of whatever blade you wanted to buy. Nowadays, Threat Prevention would be sufficient for most clients, so I would think people would go for the NGTP, license which includes all the blades."
"Check Point is competitively priced; however, there is an additional charge for the Annual Maintenance Contract (AMC) and it is easy to understand."
"It is quite an expensive product, although security is a top priority."
"You get licensing bundles, so depending on which features you want to activate, your license is going to be more expensive. Some things, like Threat Extraction and Threat Emulation, require subscriptions."
"The price could be decreased, because the competitors of Check Point Firewall are giving lower prices in comparison."
"They offered more features for a lower cost than competitors, and the licensing model was easy to understand."
"The pricing is good. It is less than Palo Alto's firewalls. Check Point has the same features as Palo Alto, but the licensing and cost of these firewalls are not too expensive. It is one of the best firewalls in the market in this range."
"The price of the appliance should be decreased."
"We bought a three-year license, and we renew it whenever it expires. The price could be better. It's always very expensive."
"I think the price is good."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Offered via the Check Point Infinity architecture, Check Point’s NGFW includes 23 Firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance. Learn More about Next Generation Firewall and What is Firewall?
Check Point NGFW is ranked 2nd in Firewalls with 152 reviews while Stormshield Network Security is ranked 8th in Unified Threat Management (UTM) with 4 reviews. Check Point NGFW is rated 8.8, while Stormshield Network Security is rated 8.4. The top reviewer of Check Point NGFW writes "Central architecture means we can see an end-to-end picture of attacks". On the other hand, the top reviewer of Stormshield Network Security writes "Robust, provides a high level of security at a reasonable cost". Check Point NGFW is most compared with Fortinet FortiGate, Azure Firewall, Palo Alto Networks NG Firewalls, Meraki MX and Kerio Control, whereas Stormshield Network Security is most compared with Fortinet FortiGate, pfSense, Cisco ASA Firewall, Palo Alto Networks NG Firewalls and OPNsense. See our Check Point NGFW vs. Stormshield Network Security report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.