We just raised a $30M Series A: Read our story

Palo Alto Networks K2-Series Competitors and Alternatives

Competitor
# Comparisons
Rating
Get our free report covering , and other competitors of Palo Alto Networks K2-Series. Updated: November 2021.
552,695 professionals have used our research since 2012.

Read reviews of Palo Alto Networks K2-Series competitors and alternatives

TonyMoore
President at www.virtualtechsolutionsusa.com
Real User
Top 5Leaderboard
Prevent unauthorized use of network resources and integrate branch offices with reliability

Pros and Cons

  • "Completely integrates branch offices with perimeter security."
  • "The capabilities for scalability with this product are huge"
  • "Cisco is head-and-shoulders above all of the competition when it comes to technical support."
  • "The pricing is the only con for this product."

What is our primary use case?

Some of our uses for this product are on-premise-based and then some are cloud-based. Mostly, we are cloud-based right now because we are getting away from physical architecture moving forward into the cloud as is Cisco. It allows going from considering CapEx (Capital Expenditure) to OpEx (Operating Expense, Operating Expenditure). That is one of the important things that it allows us to do. It is easier to have solutions cloud-based when it makes sense. All the updates and maintenance get taken care of on their side which is a benefit.  

On the cloud, we have both public and private services. It depends on what we are doing. If we have a client that is a hospital, they have got to be HIPAA (Health Insurance Portability and Accountability Act) compliant. We also recommend private cloud services for some huge retailers that have to be PCI (Payment Card Industry) compliant.  

We use it mostly just for prevention. Basically to prevent unauthorized use of network resources. They use it for routing capabilities, threat mitigation, worms, and viruses. A lot of times, it is used for the network application layer threat.  

How has it helped my organization?

The solution does not do anything for us directly as we use it with other clients. We are a large IT company. We hear from clients who tell us what they want. We just find solutions for what they tell us they need. Everyone has a different flavor of what they are looking for and what they are looking to fix.  

The Cisco IOS (Internetwork Operating System) firewalls are mostly set up for branch offices in small to medium business environments or for managed services. Those are the clients we usually use this solution for. It is usually only used for a specific thing to fill a specific need. It might be NAT (Network Address Translation), it might be a guideline or restrictions, it might be that they can have the option to make a solution work on cloud or on-premises. It could be deployed so they have the option to either use CapEx or OpEx. It helps to create options for those types of things.  

What is most valuable?

I would say that the most valuable thing is probably the Application Visibility and Control which is how it controls the application traffic on the network. I like the IPS (Intrusion Prevention System), the IOS content filtering, and the NAT network translation. I like the way it completely integrates branch offices in our perimeter security.  

What needs improvement?

A few things have room for improvement in your opinion. That would start with cost. Cisco products are more expensive than the competition, but the additional cost usually gets absorbed by the name recognition. Most people have Cisco or have familiarity with it, so they go with it. If they want the top quality product, they immediately feel comfortable with the Cisco name brand. That is where we come in as consultants. We bend over backward to make product comparisons and framing for solving the needs posed by an organization. I see something is a better fit for them that they could use. It would reduce their CapEx, their expenses, and it would fit them better all at the same time. The client may still want Cisco despite the recommendation that we make. But usually, that is what it is. Cisco fits, and if they want to spend the money, we make sure that it is within their budget. They feel more comfortable with Cisco, and they have had Cisco in the past, so we go with Cisco then.  

Cisco is great. A lot of the tech companies are doing really well. But Cisco is still in the forefront. They are on top of this category of products. I can not think of anything else they could do because they cover pretty much everything that you would need a firewall for. Then you get Cisco's support behind the products.  

I would think it would be a lot better for us and we could make more money if we try to recommend that clients put drop-in boxes at every location. But we do not choose to do that unless there is a purpose for it. In most cases, we would prefer clients to go the OpEx route. It takes a lot to offset the cost of Cisco so if they are going to do a cloud solution, their costs are metered per month by whatever solution they have. That is a lot better for projecting costs, and then there is the benefit of everything being upgraded in the cloud for them. They do not have to worry about anything. It just works.  

For how long have I used the solution?

We have been using Cisco for as long as Cisco has been around. It is hard to answer the question of when, exactly, we started using this product because they have been upgrading or changing the product as it evolved over the years. It is basically the same foundation and they build upon that over time. I can just say that we have been either using this product or something very similar for a long time.  

What do I think about the stability of the solution?

Cisco IOS Security is stable, very stable.  

What do I think about the scalability of the solution?

The capabilities for scalability with this product are huge. It is very scalable.  

A lot of our clients have a small main office with accounting and human resources that are headquarter-based. Most of them have other remote sites and branch offices. Whether it is a bank or a finance company, it is easy for employees in those particular roles to be able to pull applications down. It takes a lot of stuff off what would have to be handled by the network firewall. They do not have to worry about so many threats when they are bringing up applications to use and if there are compliance or regulating issues that they have to be aligned with. But that is the type of environment where this product can be used to scale effectively.  

How are customer service and technical support?

Cisco's technical support is very good. There are a couple of competing products that I know do not have support that is as good. Palo Alto does not have particularly good technical support, for example, but most of the rest of them do. Even so, Cisco is head-and-shoulders above all of them.  

For tech support, independent of the cost of the product, I would definitely give Cisco a ten-out-of-ten.  

Which solution did I use previously and why did I switch?

We just had a client go with Cisco Meraki and we put a couple of those in. Then we had a Cisco Nexus installation and they topped that by integrating it with perimeter firewalls for their remote locations or branches.  

We currently use really any brand of product in consideration for our consultations. There is not any particular brand we are married to, and we have used them all, pretty much. We do not use all the solutions ourselves. We get feedback from our clients and the companies we do work for. All the clients that we get give us pretty good feedback on the recommendations and the products that they end up using. Otherwise, they would be angry with us. What we recommend has to fit their particular niche and that is what we have to be good at identifying.  

For instance, if a client comes to me and describes how their organization is set up, we react to that. If they say they are a finance company and they have accounting and finance concerns, there are some pain points that they are going to have solved. One of those is application-specific. Then you have to layer that with your regulatory concerns. HIPAA compliance is something I encounter with finance companies, banks, and medical facilities. Those types of companies do very well with CloudGenix because CloudGenix is application-specific. If you put their firewalls in place, those would be a good fit for that type of client. For everything else — manufacturing and all the others and things like that — Cisco would be number one. They outweigh the competition in terms of different companies that they fit niches for better because of the range and flexibility of the solutions.  

If the client's needs are application-based, then we start looking at another way with another solution. But Cisco does great with being PCI and HIPAA compliant and all that, but if you only consider Cisco for every installation, that means you are pulling everything from one pool. You are not looking closely at the specifics.  

How was the initial setup?

I think that the initial setup is very straightforward. Most of the firewalls are straightforward and not too complex. When you are setting up a network with something like Merakis, or if you are looking at working with CloudGenix, then that is where you start to get a separation of difficulty in installation and will notice that it becomes a little bit harder to set up.  

What other advice do I have?

My advice to people and companies considering this solution is to just do the research. Do compatibility research to compare with the other solutions that are out there. Definitely make sure that the firewall you choose is designed for your network architecture, application-layer attacks, and virus and worm protection. If that coverage is what you are looking for and you have an analog phone system. You might not be ready to go to VoIP (Voice over Internet Protocol) yet because you do not want to lose the phones that you have got. Some people add to that base as they scale. We can use something called SIPs (Session Initiation Protocol), for connecting all those analog phones to the VoIP. That is a good indicator that a Cisco firewall will be a good solution for you because it protects the unified communication and guards the SIPs, endpoints, and call-control resources.  

On a scale from one to ten (where one is the worst and ten is the best), I would rate this product overall as a ten, for sure, if you consider its advantages over the competition. If you add in pricing, I would have to lower that to a nine-out-of-ten. Price is the only place that I figure Cisco could do something. Or if they could offset the cost of their boxes using a cloud solution. We had a client do that. They had boxes, but they were trying to figure a better way to scale. I suggested to them that they just move the areas that they were scaling to the cloud. They did it with the new branches they have added, and now they are waiting to phase out their boxes. They will eventually move over to a complete cloud-based firewall solution.  

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Robert Allino
Owner at L3GNL LLC
Real User
Top 5
Notifies me whenever there's a problem so we don't have to constantly watch the screen

Pros and Cons

  • "The comprehensiveness of the security features that Kerio Control provides us with is good. Before GFI had it, they would have more updates. The updates have been slower, but I like the things that they keep adding like the ability to block by country. I use pretty much every feature."
  • "I can no longer renew my subscription directly with GFI but we have to go through third-party resellers like CDW. The first time I did it with CDW. I went to CDW and it was almost like they didn't even know anything. They didn't know what package I was supposed to get. Then after I got it, it took almost five days to get everything working."

What is our primary use case?

I use Kerio Control is several different places. I use it at home. I also have a firewall at my grocery store. I have a server on the internet that uses Kerio Connect, and I have Kerio Control in front of it.

How has it helped my organization?

It has improved my organization because I am able to back the mail server through the tunnel to my house. All the video cameras at the store get copied and backed up to my house as well. For example, if I had a break-in and someone took the video server, I would still have copies of all the videos.

Kerio has saved time for those who manage security. It notifies me whenever there's a problem or when something goes wrong so we don't have to constantly watch the screen. It saves us 20 to 30 man-hours a week. 

What is most valuable?

The custom firewalling is pretty intuitive. You don't have to sit there and learn a new language or anything like that. You can just block this, open that, allow this, just allow that. With a lot of firewalls nowadays, you have to know a language. You have to sit there at the keyboard and type in special commands, and those commands are not used anywhere, just for that particular brand of firewall. Connecting the two up in two different locations for a tunnel is easy.

The comprehensiveness of the security features that Kerio Control provides us with is good. Before GFI had it, they would have more updates. The updates have been slower, but I like the things that they keep adding like the ability to block by country. I use pretty much every feature.

Kerio Control gives us everything in one solution.

The firewall and intrusion detection features are pretty good. I haven't had an issue that I know of. I hope no one's gotten any. I think it's good.

I also like the malware and antivirus features. It's sitting in front of my email server and the email server has antivirus too. The firewall catches it before the email server even catches it, so they work pretty well.

I like the VPN but I don't use content filtering that much. It works pretty well but a lot of times kids can get around that kind of stuff. I don't have kids that age anymore, so I don't have to worry about it. I don't use the content filtering that much.

Kerio is easy to use. If you don't know tech, you can't just get up and do it. Nothing can be that easy, but you don't have to be a rocket scientist to do it. `

What needs improvement?

The only thing that I have a problem with is not so much the product itself, but back when Kerio had it, I could call up Kerio or send an email and do an upgrade online. I could renew my subscription online. But now, I have to go through a third-party, and it seems clumsy. 

I can no longer renew my subscription directly with GFI but we have to go through third-party resellers like CDW. The first time I did it with CDW. I went to CDW and it was almost like they didn't even know anything. They didn't know what package I was supposed to get. Then after I got it, it took almost five days to get everything working. I used to be able to go to Kerio's website and then add the stuff to my cart, use my credit card, and it would bill me. Everything would be working in a few minutes. But now, if your subscription is getting ready to expire, you better give it a week or two.

For how long have I used the solution?

I have been using Kerio Control since the late nineties when it was called WinRoute Firewall.

What do I think about the stability of the solution?

The stability is really good. I haven't had any issues whatsoever. 

What do I think about the scalability of the solution?

I'm not a large enterprise, so I don't know how well it scales. But I imagine if you were to throw bigger hardware at it, it would scale really well.

I'm the owner, so nobody else touches Kerio except for me. Everybody else uses it as part of their job. They don't really know it's there.

My company is small-sized and Kerio is good for it. It's good for small and medium businesses. I've never used it on a large or an extra-large enterprise, so I couldn't give my opinion on that. I would imagine it could, I just don't have any experience.

How are customer service and technical support?

I haven't used GFI, but back when Kerio had it, they were very good.

They were very responsive. A lot of times you call the company tech support and they want to treat you like you don't know what you're doing. It's a "Is the power plugged into the wall" kind of a thing. They're very fast to understand that it's not the user that they're talking to on the phone. That the user they're talking to on the phone knows what they're doing to an extent and needs some extra help. It saves time. But I haven't had to call GFI yet, other than when my key wasn't working. It was an email. When I renewed my subscription, the keys didn't update. They had a problem with their update process, so the person had to go and manually update all my subscriptions. It took a few days. 

At first, they didn't understand, because they said it's just automatic. Which it's supposed to be. The next day I told them that it didn't update. Then finally looked and they did one subscription, and then I told them that my other subscriptions didn't update. 

At first, I was supposed to read a manual on how to do it. But I was doing everything that was shown, it just that their process behind the scene wasn't working. It's the online thing, so it was updated. However, my server wouldn't get the notification that it was updated. They thought I was not doing the website properly because they would tell me to go to the website and hit update. It first started as if I was a user that didn't know how to do anything and then they realized we had a problem. I fixed it. It should have been a lot faster.

Which solution did I use previously and why did I switch?

I did try out another solution called Unify but it wouldn't work very well. I couldn't get the VPN tunneling to work. The GUI was not intuitive and it was all over the place. Things were not all in the same spot. 

I actually bought several of them. I was going to go away from Kerio. I didn't like the way Unify worked. You had to have a gateway key in order for it to work. You took two devices to make one device work. I ended up scrapping that project and kept Kerio.

How was the initial setup?

For the initial setup, it walks you through a wizard. I've just never used that. But the wizard can set up a very basic bare bones, don't let anything in kind of a setup, which works. My setup is more complex. I have VPNs and tunnels. Any IP on my network has to be logged in, in order to get out. Mine is more of a complex setup. The ease of setup is pretty easy if you use the wizard. It just asks you a few questions and that's it. It's a bit more complex when you do it yourself. 

The deployment took a couple of hours. 

What was our ROI?

I have seen ROI. All the attacks, malware, and viruses that have been stopped are nonstop. The people out there are attacking all the time. It's nonstop, it never stops.

We have peace of mind that our solution stops all those attacks.

What's my experience with pricing, setup cost, and licensing?

Get the GFI unlimited, unless you're only going to have it at one spot. The pricing for the unlimited is a pretty good deal.

Which other solutions did I evaluate?

I looked into Palo Alto, that had a lot of features and everything else. But when I tried to contact them to get a price, they didn't give me the time of day. They wouldn't even return my call. At the time I was a director for a very large company and they still ignored me.

What other advice do I have?

Make sure the person that's doing it knows what they're doing. If you're not getting overly complicated, pretty much anybody can do it. But if you're going to get complex, you'll need to have somebody that knows their way around or else you might make yourself vulnerable.

If you have a tunnel and you have to change certificates because they expired, you do it in the right order, or else you might have to travel long ways to accept the key on the other side. If you create a new key for the tunnel and apply it, the tunnel is down until the other side accepts the key. If going through the tunnel was your only way there, then you're now traveling unnecessarily or long ways. Luckily for me, it was not too far away. But if you have city to city and you have no one on the other end that has the ability to log in and accept the key, then you're going there.

I would rate Kerio Control an eight out of ten. 

I haven't had a lot of experience with the new owners and I'm worried that they're going to sunset it or not give it the attention it needs. That's just my thought, I have no proof or anything like that. 

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Bojan Oremuz
CEO at In.sist d.o.o.
Real User
Top 5
Feature-rich, well documented, and there is good support available online

Pros and Cons

  • "The classic features such as content inspection, content protection, and the application-level firewall, are the most important."
  • "Ease of use is a problem for a user who is unfamiliar with this product because, in the interface, everything has to be set manually."

What is our primary use case?

We are solution providers and this is one of the products that we deploy for our customers. This is not a product that we use ourselves.

How has it helped my organization?

pfSense prevents unwanted access. If you configured things properly then you'll be protected to some level. There is still a need for products like a SIEM, but the UTMs like pfSense or Sophos, prevent most of the problems.

What is most valuable?

The classic features such as content inspection, content protection, and the application-level firewall, are the most important.

This is a feature-rich product.

The documentation is good.

What needs improvement?

Ease of use is a problem for a user who is unfamiliar with this product because, in the interface, everything has to be set manually. It would be more user-friendly if things were set automatically. 

The drop in performance can be drastic when you use more advanced techniques. There is some trade-off between having a certain level of security and maintaining acceptable performance.

One of the things that are usually outside of the UTM, or system on the gateway, is the SIEM. It is an advanced system for managing the possibility of threats. It is not normally part of such devices but it would be nice if the pfSense interface were integrated with it.

For how long have I used the solution?

We have more than a year of experience with pfSense.

What do I think about the stability of the solution?

The stability of pfSense is standard. It is rated as one of the good solutions in this area.

What do I think about the scalability of the solution?

This product is scalable to some point, although we have never used it for large companies. We use it for small to medium-sized organizations. For big companies, we more often implement Palo Alto.

In our company, we have a data center and some of our clients are hooked to it. This is something that we have on-premises for our customers.

We have plans to increase our usage with pfSense because we have had good feedback from our customers. In fact, with the good experience we have had, our sales have been slightly increasing. Our sales are shifting from Sophos to pfSense.

How are customer service and technical support?

The technical support is organized well. We do most of the technical support for our customers in-house but there is a second level of outside support available. It is okay. 

Which solution did I use previously and why did I switch?

We currently resell products from both pfSense and Sophos. In some areas, pfSense is better than Sophos. I have been a bit disappointed with Sophos because I know their history, and I don't think that they have advanced as well as they should have in that time. Also, they have two different products, being XG and UTM. This is another reason that I prefer pfSense, at least a little bit, over Sophos.

In the past, we were the developers of a product called Network Defender, but it has reached end-of-life. We were pioneers in the area and were one of the first who was making UTMs. The name "UTM" didn't exist at that point. We were partners with Cobalt, who was the first appliance creator. Their appliances include web servers and email servers. When Cobalt was bought by Sun, we made our first Network Defender line. That became the first appliance, which had firewall content inspection, content protection, intrusion prevention, intrusion detection, antivirus, and email and web servers at that time, all in one box.

From that point on, we had our line, which was distributed all over the Middle East, Asia, and some parts of Europe. We then worked with Palo Alto, we were a Cisco partner the entire time, and we worked with both Sophos and pfSense.

In our organization, with have Cisco ASA for certain things, and we have a firewall by Palo Alto.

How was the initial setup?

The initial setup is complex. If you have a straightforward setup then you will have straightforward, basic protection and nothing else.

It takes a few months to adjust where you start by setting it up, and then you have to monitor it and see what's happening. It's ongoing work because, after this, you have to keep monitoring and adjusting to the situation. This is part of the service that we perform for our customers.

What about the implementation team?

We are the integrators for our customers and deploy with our in-house team. We have people in the company who are specialized in this area.

What was our ROI?

The return on investment depends on the predicted cost of failures of the system, or intrusion of the system, which is hard to give a straight answer on. In part, this is because different companies put a different value on their data.

For example, with medicine, if somebody were to steal the data related to the latest CORONA vaccine then the cost would be tremendous. On the other hand, if there is a company that is making chairs, stealing the design of the chair probably wouldn't be as high when compared to an application in medicine. So, there is not a straight answer for that.

Return on investment, in any case, I think for every company, this is a must. Put in a straightforward way, they can count just the possibilities of having an attack on their system with a cryptovirus. If they can save their data from attackers then it would save them at least two days of not working plus the cost of recovery, which would be much more than the cost of the system and maintenance.

What's my experience with pricing, setup cost, and licensing?

The price of the licensing depends on the size of the deployment. pfSense is open-source, but the support is something that the customer pays for. We charge them for the first line of support and if they want, they can purchase the second line of support. Typically, they take the first-line option.

The term of licensing also depends on the contract. The firewall doesn't always have a contract but rather, there is a contract in place for the network, which includes UTM.

In addition to the licensing fees, there are costs for hardware, installation, and maintenance. We use HPE servers, and the cost depends on how large the installation is. The price of setup is approximately €500 to €800, which also includes the initial monitoring.

The maintenance cost isn't really included in the network fees.

For smaller companies, we charge them a few hours a month for monitoring. It takes longer if the client is bigger.

What other advice do I have?

It is important to remember that you can't just leave the device to do everything. You still have to know what you're doing.

I recommend the product. It's well-balanced and one with a long history, so it doesn't have child's diseases. There is a lot of online support available online, which they can consult themselves. But, in the case that they need support, they can hire a professional support line and that is highly recommended.

I say this because usually, people look at the UTM as something that should be put in the system, set up, and left alone. But, this is not the case with this type of solution. Therefore, I strongly suggest making an outside agreement with a specialized company that will take care of their security from that point on.

The biggest lesson that I have learned from using this kind of product is that you can't assume that the internet is a big place and nobody will find you. There is always a good possibility that robots will search your system for holes, and they are probably doing so this instant. This means that users should be aware and have decent protection.

In summary, this is a good product but there is always room for improvement.

I would rate this solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Oscar Bashford
Network Operations Support at EOS IT Management Solutions Ltd
MSP
Top 10
Fast with good usability and fairly scalable

Pros and Cons

  • "I'm told the solution is the fastest, and, so far, I do find that to be the case."
  • "It could use more tutorials."

What is our primary use case?

I primarily use the solution for experimentation. I just wanted to create a site to site VPN. I was hoping that you can make the SRX like a hub, so if I had a site here and then I had a new site, I could just create another VPN from that new site to the virtual X in the cloud. I don't know if it works like that. I'm skeptical if it can. Maybe there is a roundabout with the actual Azure AWS, however, I'm not so sure about that part. That's why I'm learning about Azure, and how that works in connecting to the cloud.

What is most valuable?

I'm told the solution is the fastest, and, so far, I do find that to be the case. 

I'm familiar with the solution, so I'm pretty comfortable with the processes. There's pretty good usability.

What needs improvement?

Largely the solution seems fine to me.

It could use more tutorials.

I think there's a step missing or the use cases are missing information. I'm not sure why you have to connect from the descendant to another SRX. The why part, why would I do that and what's practical, is not really answered in any documentation I have access to. At my last job, we used to hook up a VPN to the data center, and then at each site we would have a device connecting to that data center. Now that project is not 100% right now, I'm still wondering if I were to go and do that project, how would I do it? Should I make it cloud-based?

If I want to use it virtually in the cloud as a hub, I want to see if that's possible, and, if it's possible, they should have documentation on that.

I looked at the config. I played around with the config and then I say, "Okay, I see what they're doing, with the actual Azure part, and yet, on AWS, I'm having the same problem." It's something to do with the public IP. It's only functioning on the management side, on the virtual firewall. I can't get the other side, the other network interface to connect out. I don't have a connection out technically. I could ping, but through management and that's not how it's supposed to work. It's just through the management. I'm not seeing the departments.

For how long have I used the solution?

I haven't been using the solution for that long. Basically it's just this year. I've been tinkering with it since March.

What do I think about the stability of the solution?

The solution is stable. It seemed very good. I'm just trying to learn everything right now, however, from what I've experienced, I'd say it's reliable.

What do I think about the scalability of the solution?

Scalability is very good. I'm not an expert yet, however, I would recommend it to anybody who needs to expand.

There's hundreds, if not thousands, or users on the solution currently.

How are customer service and technical support?

I believe there is something on Amazon and you can ask questions about the solution. I was trying to go through something like that, and maybe they can help. I didn't really follow through, due to the fact that I didn't get an email, so I don't know who could contact me. With Azure, I didn't really go that far in depth.

Mostly I just do my own research and try to troubleshoot issues on my own. I'm figuring out everything from scratch.

Which solution did I use previously and why did I switch?

I'm kind of familiar with ASA firewalls from Cisco. I've worked with SonicWall a lot and Pablo Alto a little bit, however, I'm not 100% familiar with it. I've worked on it, but not every day. For Palo Alto, I just worked on it once. I know the interface. I know some other firewalls as well, however, I don't think they need to be mentioned, as they're not that popular. ASA firewall, I would say, is the most popular one.

How was the initial setup?

At first the implementation was straightforward. I got around quickly. I was able to, after a week, feel like I had the hang of everything. I can move around in Azure and AWS. That said, it's just the part with the elastic IP. I don't know if it's a Juniper issue or it's on there and there's another connection, and that's the part I'm not getting.

I was able to deploy the solution in days. It's just getting it to work properly, however. In that sense, it took weeks, or, at least a week and a half. I had to say "Okay, let me give up this for now" before I really got anywhere.

There isn't really maintenance per se. It's just running. There's 24/7 support. When it goes down, I guess, we're there.

What about the implementation team?

I did the implementation myself, however, I have a lot of tutorials and documentation on hand. I use YouTube as well. I even got Pluralsight the other day. I have IME. I have CBT Nuggets. Anything I can use to find out more about the product I will look at. What has really helped me was I got a lot of PDF files from Juniper and it had some stuff about AWS.

Which other solutions did I evaluate?

I would say this solution was the default selection, however, I know that ASA is up there too. That said, the virtual SRX is what's most popular now.

What other advice do I have?

Our organization is partners with Juniper. We have a business relationship with them.

At work I see it a lot, however, a lot of tasks are automated at work. It's not like you have hands-on from scratch experience. In my position, I'm doing more support or some automation to build the VRX or the virtuals needed for lab equipment. At home and in the labs I am able to learn from scratch, and I'm trying to connect VPNs, etc. I am hoping to get into the cloud in the future.

The version of the solution we use should be the latest. I downloaded it a couple of months ago. It should be the latest, due to the fact that I have a virtual that's a trial. I get it through the partnership through my job. The virtual that I've got is on AWS. Azure is the recommended platform.

I'd recommend the solution. I'd rate it ten out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
reviewer1692963
User
User
Top 20
Scalable with seamless failover capabilities and excellent logging functionality

Pros and Cons

  • "The failover from one device to the other has been seamless and we find that we do not lose ongoing SIP calls or Teams chats."
  • "We find the GUI to be wrong and the CLI doesn't always show all of the connections."

What is our primary use case?

We needed to replace our external firewall solution as we were having issues with the HTTPS inspection on our previous solution and the level of support being provided was terrible, leaving us with an issue that could not be fixed for over six months. 

We had already deployed a new internal firewall solution but needed something that would protect that from external factors. We also needed a new solution to replace our client VPN solution. The Check Point solution gave us that as one whole solution instead of having to manage multiple services.

How has it helped my organization?

Our policy is to deny all outbound traffic unless we allow it, which can generate a lot of work to build a rule base that allows everything we need to get out. 

This solution has made managing connections out to the web much better due to the categorisation and app control that is available. Being able to say certain apps and services are allowed out, instead of finding all the relevant IPs, has massively reduced the workload. The ability to manage the Client VPN and relevant rules for that in the same location has also improved the way we work. Having links into AD for group membership recognition and having rules based around this has been very useful in improving the way remote users can access the network.

What is most valuable?

Logging has been excellent. Being able to see all logs from all the various firewalls at different sites in one window has made fault finding much easier. We can see how the traffic is moving through the sites and on which firewall. 

It has also been easy to see machines that may have had infections as we can report easily on devices trying to talk out to sites and services that are known to be dangerous. We have these set up as an HA pair on our main site and we have a lot of audio and video services that go out over the web. 

The failover from one device to the other has been seamless and we find that we do not lose ongoing SIP calls or Teams chats. 

What needs improvement?

The functionality of the S2S VPN service has been temperamental for us at times and is not always simple to manage or check the state of. 

We find the GUI to be wrong and the CLI doesn't always show all of the connections. 

From a general usability point of view, if you have not used Check Point before, the learning curve is steep. Perhaps managing and configuring the devices could be streamlined for people with less experience so that they can pick it up quicker. There needs to be extra wizards for the out-of-the-box builds.

For how long have I used the solution?

I've used the solution for six months.

What do I think about the stability of the solution?

On the firewall side and content filtering side of the solution, it has been faultless. There has been no real downtime to note and the access to the web via relevant rules has always worked as expected.

What do I think about the scalability of the solution?

We have a fairly small setup in the grand scheme of things, however, from what we have seen, the ability to add in new firewalls or increase the hardware spec seems very good and it would be easy to transition from older to newer hardware when the time comes.

How are customer service and support?

Due to the support model we signed up for, we don't deal directly with Check Point support. We deal with the vendor first and they will deal with any 1st/2nd and even most 3rd priority issues. They would then go to Check Point if they need more assistance on our behalf. The level of support and responsiveness of their support has been excellent. We're always getting at least a response within a few hours, even on a P3/P4 issue.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did have another solution, but due to an issue with the HTTPS inspection that the manufacturer was not able to properly rectify or fix for 6 months, we lost faith in their ability to provide adequate support going forward for any issues we might come across. 

How was the initial setup?

The setup was complex due to the nature of the Check Point firewalls and us having to make some config setup in one portal and others on the CLI. We also had to arrange the rule base via the management console. There could be 3 different places you need to make various changes. We also used private microwave links as redundancy for VPN connections and that had caused significant issues in getting set up as the link selection did not cooperate at first.

What about the implementation team?

We implemented via a vendor and I have to say their level of expertise was brilliant. Every question we threw at them, they were able to provide an answer to. 

What was our ROI?

It was not the cheapest solution to go for, but the amount of admin time that has been saved by the use of Check Point firewalls has definitely given us a great return, giving us more time to work on other aspects of our network. Also, being able to consolidate 2 solutions (Firewall and Client VPN) into one solution has saved more money and admin time. 

What's my experience with pricing, setup cost, and licensing?

We found that Check Point was very flexible with its pricing. We were looking at a spec of hardware in other solutions. We found that Check Point did not have a direct competitor, but to help with the bid, they managed to reduce the costs of their higher-spec hardware to make it competitive with the other solutions we were looking at. It's not our fault they did not produce the hardware of a similar spec. It's up to them to try and provide a solution that would make it a competitive solution. 

Which other solutions did I evaluate?

We looked at several other solutions in including Palo Alto at the top of the market and Sophos XG further down.

What other advice do I have?

I would say as good as the solution is, if you are looking to get the most out of it, you should look to get a company or consultant who knows the Check Point solution inside out to assist with the setup. We found a partner who specialized in Check Point and we would not have been able to get it to the stage we have without them.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Get our free report covering , and other competitors of Palo Alto Networks K2-Series. Updated: November 2021.
552,695 professionals have used our research since 2012.