We performed a comparison between Check Point CloudGuard Network Security and Cisco Secure Firewall based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Check Point CloudGuard Network Security provides useful features including VPN Blade, IPS Blade, URL filtering, and Applications Control Blade. Cisco Secure Firewall offers features such as threat defense, dashboard visibility, and application visibility and control.
For the Check Point CloudGuard Network Security, users suggest enhancing their support system, adding features like cluster creation on AWS and a managed web portal. They also recommend providing more visibility on data protection and improving documentation and support services. As for Cisco Secure Firewall, improvements are needed in network performance, policy administration, customization options, web filtering, user-friendly management interface, performance for IPS, and functionality in public clouds.
Service and Support: While some customers have praised the technical support of Check Point, others have faced response delays. Cisco Secure Firewall's customer service has garnered mixed review. Some customers appreciate the immediate solutions provided by their technical support, while others have mentioned delays and difficulties, particularly with Firepower.
Ease of Deployment: Check Point CloudGuard Network Security is generally considered easy and user-friendly for setup. However, it can be complex for some users and may require technical expertise. The deployment time varies depending on the number of customers or websites. Cisco Secure Firewall's initial setup reviews are mixed. Some find it difficult, while others find it straightforward. Cisco offers resources and documentation for assistance, yet the complexity can vary depending on the user's experience.
Pricing: The cost of setting up Check Point CloudGuard Network Security is perceived as high by most. There are, however, flexible pricing options with various discount models. Opinions on the pricing of Cisco Secure Firewall differ, with some finding it expensive and others considering it moderate.
ROI: Check Point CloudGuard Network Security consistently delivers a strong ROI of 80% to 85%, offering improved advantages and simplified administration. Cisco Secure Firewall exhibits fluctuating ROI, with some positive returns observed.
Comparison Results: Check Point CloudGuard Network Security is the preferred choice when compared to Cisco Secure Firewall. Users find the initial setup of Check Point CloudGuard Network Security to be easy, straightforward, and user-friendly. Check Point CloudGuard Network Security is highly praised for its valuable features such as VPN Blade, IPS Blade, URL filtering, and Applications Control Blade.
"It enables our organization to become more productive. Also, it protects our NEtWare from viruses and malware."
"Offers good security and filtering."
"The features that prevent internet connections, the filtering are the most valuable because we did not have any internet protection before."
"The most valuable feature is the web filter."
"The most valuable feature of this solution is the analytics."
"It's user-friendly and easy to operate."
"The product is easy to use and is stable. The SV1 functionality is a benefit."
"FortiGate is flexible and easy to use."
"The solution has been quite stable."
"The features of the solution which I have found most valuable are its flexibility and agility. It's a fully scalable solution, from our perspective. We can define scaling groups and, based on the load, it will create new instances. It's truly a product which is oriented toward the cloud mindset, cloud agility, and this is a great feature."
"The most valuable feature of this solution is that you can start off with a simple firewall and expand it to UTM."
"All the features that we subscribe to from CloudGuard NGTP are valuable. All the threat prevention and access control features give us the network security that we expect."
"The most valuable feature is threat prevention."
"Its centralized control, ease of use, and flexibility are the most valuable for our data center security."
"It was very easy to install the solution, and the architecture meant we didn't have to worry about exceeding the solution's capacity."
"The product has allowed us to develop applications from the cloud - even with large environments and well-segmented security lines."
"This solution has good security, and it's a good product. You can trust Cisco, and there's support as well, which is really good."
"The features I've found most valuable are the packet captures and packet traces because they help me debug connections. I like the logs because they help me see what's going on."
"The AnyConnect remote access VPN gives us an easy way to deploy remote working for our users."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"Implementing Cisco Secure Firewall has saved us time because we rely on most of the out-of-the-box signatures. It has reduced the time and effort spent in configuration within the security network."
"Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to improve their end to end firewall functionality."
"They wanted to leverage something which is equivalent that can give them the next gen features like application awareness and intrusion protection. So that is a major reason they were looking forward to this. The original ASA firewall did not have these features. This was the major reason the customer moved on to Cisco Firepower Threat Defense (FTD). Now they can go ahead and leverage those functionalities."
"The most valuable feature is the anti-malware protection. It protects the endpoints on my network."
"Web security solutions can be improved."
"I could not configure sFlow from the FortiGate graphical user interface. I realized that the sFlow configuration is available only from the CLI, and discovered that sFlow is not supported on virtual interfaces, such as VDOM links, IPsec, or GRE."
"We had a minor problem where there was a major system upgrade on the hardware platfrom and the Mac client was not available as soon as it might have been. The PC client was available immediately, but we had to wait a month or so, before there was a mac client. I was slightly irritated that it was not ready on time, but it was eventually resolved."
"With the addition of some features, it is possible that FortiGate can be used in all verticals."
"Due to its higher cost, Fortinet FortiGate can lead to increased operational expenses."
"The price of FortiGate should be reduced because there are some other leading products that are cheaper."
"Fortinet FortiGate is a stable solution. However, my issue is the performance only. When I use all the profiles, this affects the performance. From the beginning, I should have had a better sizing of the box."
"Tunnel flapping was one of the major things I had seen wherein your internet link remains but your VPN tunnel is down. However, since I got a fix from the TAC team, I have not noticed it, but the customer complained a few times that they couldn't access the internet because of this problem."
"Check Point support, beyond CloudGuard, does need some improvement."
"There are some usability issues we'd like to see improved."
"In case the device is inaccessible due to some issue such as CPU or memory, there is no separate port or hardware partition provided for troubleshooting purposes."
"We have the product deployed on Azure China. One crucial concern is the version limitation; unfortunately, in Azure China, we are restricted to running version R80. Our architecture has a Load Balancer, VMSS CloudGuard, etc. The duplication in this setup prevents the application from seeing the original client IP. This poses a problem for certain applications that require the original IP for login purposes. Although we managed a workaround with a different architecture involving a WAF, it is not as straightforward as the standard Azure setup."
"The only pain points we have had with it were when we did major version upgrades. Rather than being able to do incremental upgrades on those, we had to completely redeploy. I know that has changed recently, but we had some hiccups when we did the upgrades. This is the only issue we have had."
"CloudGuard Network Security needs to include new features. One specific feature I would like to see is the ability to protect external resources using single sign-on integration with various identity providers, including custom identity providers. Its pricing could also be cheaper."
"The user interface can be improved."
"I would like to see a step-by-step initial installation of the firewall. That would be really helpful. Like in Oracle appliances, when you start it asks you, what's your current IP address? An initial setup should be a step by step and intuitive process. You click on "begin," it asks you some simple questions. You fill in the blanks - your current IP address, what you want to do, you want to set up a site to site VPN, for example, that kind of thing. That would be the smartest thing to have."
"Bandwidth allocation needs improvement."
"Recently, we have been having an issue with the ASA firewall. We haven't found the root cause yet and are still working on it. We failed over the firewall from active to passive and suddenly that resolved the issue. We are now working to find the root cause."
"ASDM needs to be able to customize applets."
"Cisco Firepower is not completely integrated with Active Directory. We are trying to use Active Directory to restrict users by using some security groups that are not integrated within the Cisco Firepower module. This is the main issue that we are facing."
"It has poor performance."
"The inclusion of an autofill feature would improve the ease of commands."
"I'm not very familiar with the largest Firepower models, but competitors like Palo Alto seem to have a more capable engine to do, for instance, TLS/SSL decryption. As I understand, Firepower doesn't let you export the decrypted traffic so that, for instance, the security department can look at the traffic or inspect traffic. It's all in the box. I've heard rumors that this is something Cisco is working on, but it isn't yet available."
"The cloud does not precisely mimic what is on-premises."
More Check Point CloudGuard Network Security Pricing and Cost Advice →
Check Point CloudGuard Network Security is ranked 8th in Firewalls with 121 reviews while Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews. Check Point CloudGuard Network Security is rated 8.6, while Cisco Secure Firewall is rated 8.2. The top reviewer of Check Point CloudGuard Network Security writes "Highly reliable, great visibility, and centralized management". On the other hand, the top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". Check Point CloudGuard Network Security is most compared with Azure Firewall, VMware NSX, Akamai Guardicore Segmentation, Fortinet FortiGate-VM and Palo Alto Networks VM-Series, whereas Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Palo Alto Networks NG Firewalls. See our Check Point CloudGuard Network Security vs. Cisco Secure Firewall report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.