We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"There are no issues that we are aware of. It does its job silently in the background."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening."
"Provides good integrations and reporting."
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
"The most valuable feature is the access control list (ACL)."
"The Adversity Malware Protection (AMP) feature is the most valuable. It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard."
"We have not had to deal with stability issues."
"The software upgrade procedure is very easy; it just needs few clicks & we are done."
"The firewalling feature and the VPN functionality are excellent."
"The way in which it manages the nodes within a cluster architecture is excellent, offering fault tolerance which is, in my experience, practically imperceptible when one of the nodes fails."
"The application authentication feature of Check Point is the most valuable as it helps us keep users secure."
"It's quite a stable solution."
"The AntiSpam/Mail blade was also one of the main reasons we went with this product since we hosted our email server locally. This was an extra layer of protection on top of the existing solution."
"The ability to split single hardware into multiple virtuals along with support for dynamic routing using BGP is very useful for our environment."
"The Threat Management feature makes it very easy to detect the vulnerabilities and other factors. We can make new policy according to it. Policy creation is very simple in Check Point. Because the logs are very good in Check Point Firewall, this reduces our work with the reports that we are getting from the Threat Management. It is very convenient for us to use the reports to make new policies for security and other things."
"They have a command center that makes it easy to log into and see all of your appliances nationwide."
"All features are useful. We are using premium features such as bandwidth sharing, failover, web filters, SSL controls, antivirus, and VPN. We use these features to the fullest. These features are available in the paid firewall license, not the free one."
"The most valuable features are IPS, MAPI, NAT, and VPN."
"Easy to set up and easy to integrate."
"Its detection, antivirus, and filtering features are the most valuable. The facility to connect by using the VPN connection is also a very valuable feature. It is very strong, secure, and reliable. We have implemented the Untangle solution in all hardware. It is also a user-friendly solution. It is easy to learn and easy to configure."
"My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement."
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility."
"The performance should be improved."
"I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device."
"Implementations require the use of a console. It would help if the console was embedded."
"Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment."
"The solution could offer better control that would allow the ability to restrictions certain features from a website."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"It would be ideal to manage everything from one central place."
"There is room for improvement in application-based filtering, as with other firewalls available in the market today."
"The pricing for the Check Point products should be reconsidered - we found it to be quite expensive to purchase, and to maintain (the licenses and the support services need to be prolonged regularly)."
"Debugging is very complex when compared to Fortinet, for example. That's the worst thing about Check Point. The deployment of the solution is harder than it is with the competitors. But after you've deployed it, the operation is easy."
"The one thing I have been continually asking for is a more robust certification process including self-paced study material similar to Cisco's Security certification track."
"The only downside to Check Point, is, due to the vast expanse of configurable options, it does become easily overwhelming."
"The frequency of the antivirus updates which we get for Check Point firewalls should increase. They should be of good quality compared to the competitive firewalls on the market. They should give us stable antivirus signatures. That is an area in which they can improve."
"While the logs are very good and easy to understand, when you want to download these customized logs, they don't have as many features compared to competitive firewalls."
"The common center facility that Untangle provides should be available on-premises. There are great corporations here in Mexico that like the Untangle solution, but they don't like the fact that the monitoring and access to the appliance are in the cloud. They request for the common center facility to be available and installed on-premises."
"The pricing should be reduced because it is expensive."
"Web-filtering policies could be improved."
"They don't have any feature that allows you to drop the session."
"We seek the availability of the hardware in our region. The hardware-based firewall from Untangle is currently not available in our region. It should have threat protection on a real-time basis. This feature, available in Check Point and Sandstorm kind of scenario, is currently missing in Untangle NG Firewall."
"The solution was chosen because of its price compared to other similar solutions."
"I am happy with the product in general, including the pricing."
"Its pricing is good and competitive. There is a maintenance cost. It includes SecureX that makes it cost-effective as compared to the other solutions where you have to pay for XDR and SOAR capabilities."
"The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
"Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain."
"For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
"I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
"This product requires licenses for advanced features including Snort, IPS, and malware detection."
"You get licensing bundles, so depending on which features you want to activate, your license is going to be more expensive. Some things, like Threat Extraction and Threat Emulation, require subscriptions."
"Though we did not take issue with the price of Check Point NGFW, we felt that it was providing us with inadequate support here in Uganda."
"For the firewall, there is a limitation on the license. We are facing some problems with mobile access. We have a license for 450 licenses of VPN users. We would like Check Point to have more than that, e.g., if the organization gets bigger and there are more users, then that will be a problem."
"One of the main reasons that we went with Check Point is that they provide a good solution for a firewall but at an affordable price. As a state agency, we can't afford Cisco Firepower. It's just out of our budget to be able to pay for something where licensing and hardware are so expensive. Check Point has really met our needs for a budget-friendly solution."
"Check Point should provide some basic license for mobile access VPN by default, for at least five to ten users."
"Use the basic sizing tool to do the correct sizing so you don't waste too much money, because it's not a very cheap solution when compared to other vendors."
"We had to get separate licenses for the different blades. It would be nice to have a feature where we can get the multiple licenses all-in-one instead."
"The price is too high."
"It is not expensive. The best part is that it is based on the pay-per-use kind of scenario. An increase or decrease in the number of people doesn't make any difference. We are really happy about using this particular scenario."
"It is not expensive. It is cheaper than Fortinet."
"The pricing model is better than with SonicWall."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Offered via the Check Point Infinity architecture, Check Point’s NGFW includes 23 Firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance. Learn More about Next Generation Firewall and What is Firewall?
Untangle NG Firewall takes the complexity out of network security—saving you time, money and frustration. Get everything you need in a single, modular platform that fits the evolving needs of your organization without the headaches of multiple point solutions.
Enjoy the flexibility to deploy Untangle’s award-winning NG Firewall software on third party hardware, as a virtual machine, or as a turnkey appliance.
Rest assured that the browser-based, responsive and intuitive interface will enable you to create policies quickly and easily. Then, drill down into database-driven reports—the most comprehensive and detailed in the industry—to get visibility into exactly what’s happening on your network.
Check Point NGFW is ranked 2nd in Firewalls with 147 reviews while Untangle NG Firewall is ranked 21st in Firewalls with 5 reviews. Check Point NGFW is rated 8.8, while Untangle NG Firewall is rated 9.4. The top reviewer of Check Point NGFW writes "Central architecture means we can see an end-to-end picture of attacks". On the other hand, the top reviewer of Untangle NG Firewall writes "Good VPN features, helpful reporting and alerting, built-in content filtering, and excellent support". Check Point NGFW is most compared with Fortinet FortiGate, Azure Firewall, Palo Alto Networks NG Firewalls, Meraki MX and Huawei NGFW, whereas Untangle NG Firewall is most compared with OPNsense, pfSense, Sophos UTM and Sophos XG. See our Check Point NGFW vs. Untangle NG Firewall report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.