Try our new research platform with insights from 80,000+ expert users

Check Point CloudGuard Network Security vs Cisco Secure Firewall comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 16, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiGate
Sponsored
Ranking in Firewalls
2nd
Average Rating
8.4
Reviews Sentiment
7.2
Number of Reviews
317
Ranking in other categories
Software Defined WAN (SD-WAN) Solutions (1st), WAN Edge (1st)
Check Point CloudGuard Netw...
Ranking in Firewalls
8th
Average Rating
8.6
Reviews Sentiment
7.5
Number of Reviews
127
Ranking in other categories
Managed Security Services Providers (MSSP) (2nd), Software Defined WAN (SD-WAN) Solutions (3rd), Cloud and Data Center Security (7th), WAN Edge (3rd), Unified Threat Management (UTM) (6th)
Cisco Secure Firewall
Ranking in Firewalls
5th
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
409
Ranking in other categories
Cisco Security Portfolio (3rd)
 

Mindshare comparison

As of January 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 20.3%, up from 17.4% compared to the previous year. The mindshare of Check Point CloudGuard Network Security is 0.3%, up from 0.3% compared to the previous year. The mindshare of Cisco Secure Firewall is 5.8%, up from 5.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Firewalls
 

Featured Reviews

EhabAli - PeerSpot reviewer
Efficient, user-friendly, and affordable
In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.
PRASHANT GARJE - PeerSpot reviewer
Cost-effective, supports automation, and provides good security
We have done a lot of automation with the firewall, but sometimes, there are some failures because of some bugs. The fixes for them are still not available. We have daily or weekly communication with the Check Point people giving support in the India region, but we have not seen much improvement or response to our requests for some additional features. We are moving to infra as a code, so we are expecting more advancements in this product. Just installing the patches is not going to help us. They need to focus on this area. I expect Check Point CloudGuard to come up with some AI/ML integration. A firewall is the first L3 security device available to you. It is the single point that manages or processes the traffic for an organization. There is a possibility that the device goes down or gets rebooted for any reason. The integration of artificial intelligence with the devices can help us to know in advance that there might be a surge in traffic. There might be a spike in the traffic, so we can have some additional firewalls integrated. This predictive analysis has to be there. This way, if required, a second, third, or fourth firewall can come into the picture. All the firewalls will process the traffic simultaneously. I am expecting such capability. This sort of feature is available with AWS. We are deploying all the firewalls on AWS, but it would be easy if, in the future, such a feature is available from the OEM or Check Point itself. It will be very helpful for the organization. We have had a couple of outages because of some misconfiguration. They were human errors but there were no prior indications that if we were making these sorts of changes, this would happen. People making the changes on the firewall were not aware of this, and that is the reason why the outage happened. In a financial organization, an outage of even five minutes can cost a lot.
Jordan De Sousa - PeerSpot reviewer
Helped with the consolidation of tools and has a great dashboard
We have used different types of solutions. We had Cisco ASA for about 10 years, and then we switched to an on-site firewall to MX from Meraki, Cisco. For our cloud, we have Cisco Services Routers. The migration to the cloud has been a lot of work. Not all of our systems were compliant with being on the cloud so we had to work on some applications and delete some of them. For the old systems, we had to do extra work but for the newer systems, it was fine. The migration took around 18 months to migrate 99%. We had more than 2,000 on-prem firewall sites. Cisco helped with the migration to the cloud with the migration tool. Migrating MX was really easy and the tools helped us to migrate from the old ASA we had to the new MX. The cloud, firewalling, and CSR helped us from the data center on-premise approach to the cloud because at the time we didn't have a lot of experience with the cloud. It was easy to use the Cisco appliances in that space. I think that this solution has saved our IT staff time because of the ease of deployment. When I first started as a network engineer, it took a whole day to configure a firewall because of all the particularities you could potentially have at a site. I think that this solution saved our organization's time because security saves money because. At the end of the day, firewalls block threats. This solution helped with the consolidation of tools as we had all the observability tools in the solutions. Some 10 years ago we all had third-party solutions doing the observability. Now, we have the whole package and not only the firewall. We choose Cisco 10 or 20 years ago mostly because it was a market-leading solution. I also think it's because of MX's user-friendly solution that you can get on board easily. As far as CSA goes, I believe it's because you have a lot of features on the firewalls and it's the stability of course.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"FortiGate is on the cheaper end, and it offers good value."
"Fortinet FortiGate's reliability is valuable."
"The product offers very good security."
"The most valuable feature of Fortinet FortiGate is load balancing. It can provide central management and VPNA. Additionally, it has enhanced our security environment."
"It can expand easily."
"The initial setup is easy."
"Its performance in fulfilling our requirements has been satisfactory."
"We use a lot of function on the IPS and it works well for us."
"The tool's most valuable features are IPS and blades. These features are valuable for security."
"The most valuable feature is the centralized dashboard, which is used for managing all of the Check Point Security Gateways."
"Auto-scaling and zero touch are valuable features."
"The most valuable features are the VPN Blade, IPS Blade, the URL filtering, and the Applications Control Blade."
"One of the main characteristics that Check Point CloudGuard Network Security has given us is granularity and visibility."
"The most valuable features are the ease of administration with the cloud management extension and the cloud licensing model."
"It's a high-performance device. The network performance is also really good. We check how much time it takes for the servers. Our network performance has increased since using this solution."
"The router's anti-bot feature and network security for detecting malware and preventing its spread are critical components. Additionally, there are other features like antivirus, anti-malware, and a firewall. T"
"Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches."
"The best solutions for our company are those we have yet to implement so it will be even better in the future for us than it already is."
"The most valuable feature is the access control list (ACL)."
"Strong in NAT and access-lists."
"The most valuable feature is that it has the ability to divide the network into three parts; internal, external, and DMZ."
"What I like about Cisco is the security zone. By default when you configure it, it gives you a security zone, which other firewalls don't have."
"For our very specific use case, for remote access for VPN, ASAs are very good."
"I found that setting up rules for HTTPS and SSH access to the management interface are straightforward, including setting the cypher type."
 

Cons

"Maybe they could make some features more accessible, such as a way to translate directions between two networks that share the same subnets."
"Some of the software stability could improve."
"For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial."
"There is room for improvement related to the logging and reporting aspect."
"Some of the web policy reports could be improved."
"We would like to see better pricing."
"The improvement is related to logs. Instead of the CLI, we should be able to have more insights into the logs of the firewall in the GUI."
"The web-cache feature which was previously on the FortiGate device, but was deleted with the recent upgrade should be returned. It was a very valuable feature for us."
"There is room for improvement in the integration with PaaS services from the public cloud. It would be very helpful."
"Regarding CloudGuard Network Security's integration with various resources like application gateways and application-based security groups, there's room for exploring dynamic access in those areas. A significant concern is the upgrade process. Unlike an in-place upgrade, upgrading the tool in Azure requires deploying a new resource, which can be hectic and less reliable. We have to spend something new to have the tool's latest version."
"The migration to TerraForm is a little more complicated, but we made it work."
"A threat categorization system can be added to give users the authority to define vulnerable attacks and classify areas that can threaten the workflow system."
"Check Point Virtual Systems is a complete solution, but pricing can be better."
"From the policy optimization point of view, they can do better. This is not just for CloudGuard. CloudGuard is one little piece managed by Check Point. They can also integrate a third-party policy management solution to improve that. For example, Tufin is focused on policy optimization and management."
"The solution’s technical support, DNS security and training could be improved."
"The product can still grow."
"The throughput highlighted on the datasheet (10Gbps) should be reviewed. This throughput is only for a UDP running environment, which you will never find in the real world. Rather consider a multiprotocol throughput."
"My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement."
"They need a user-friendly interface that we could easily configure."
"The worst part of the entire solution, and this is kind of trivial at times, is that management of the solution is difficult. You manage FireSIGHT through an internet browser. I've had Cisco tell me to manage it through Firefox because that's how they develop it. The problem is, depending on the page you're on, they don't function in the same way. The pages can be very buggy, or you can't resize columns in this one, or you can't do certain things in that one. It causes a headache in managing it."
"We are still running the original ASAs. The software that you are running for the ASDM software and Java application has never been a lot of fun to operate. It would have been nice to see that change update be redesigned with modern systems, which don't play nicely with Java sometimes. Cybersecurity doesn't seem to love how that operates. For us, a fresher application, taking advantage of the hardware, would have been a better approach."
"There used to be information displayed about the packets in a module called Packet Flow, but it is no longer there."
"One thing that we really would have loved to have was policy-based routing. We had a lot of connections, and sometimes, we would have liked to change the routing depending on the policies, but it was lacking this capability. We also wanted application filtering and DNS filtering."
"We have more than one Cisco firewall and it is difficult for me to integrate both on the single UI."
 

Pricing and Cost Advice

"I think the price of Fortinet FortiGate is very reasonable."
"Pricing is lower than Cisco."
"Other firewalls are more expensive than Fortinet FortiGate, such as the Azure firewall."
"Here in Brazil, we're going through difficult economic times and the tax on the dollar is high. All the solutions from minor competitors are growing in the market. The prices have come more competitive."
"It was worth the money overall. It's good value."
"Its price is affordable and lesser than Cisco. Cisco is expensive. In terms of licensing, there is only one issue. If a customer's license has expired a month ago and they do the renewal after one month, Fortinet renews the license from the start of the previous month. The activation of the product is done from the previous month, not from the date of renewal. The customers usually shout and complain that because they are paying today, the renewal should start from today. The support contract renewals or licensing should be renewed from the date of renewal, but Fortinet starts from the day it had expired. It is a loss for customers. They might have had some problems because of which they did not take the license one month before. Fortinet should work on this. Cisco doesn't do this. Cisco always starts from the day they apply for the license."
"Fortinet is reasonable in pricing and licensing. Overall, FortiGate is affordable. The licensing fee can be a little high, depending on the budget for your project."
"The price of FortiGate is comparable to that of most other firewall solutions and is more affordable than Cisco."
"The product's licensing costs are yearly."
"The pricing is highly competitive and advantageous, offering great value."
"It is not expensive, but it is a little bit above the middle range. There are other solutions that are a little more expensive than this, but they also have some interesting features."
"I like the flexibility because I am pretty sure you can use the same license on Azure or AWS. I forgot the name of the license, but there is a specific type you can use that lets you interchange them, and that is pretty good. I like that."
"The pricing and licensing have been good. We just had to do a license increase for our portion of it. We had that done within a couple of days. Given the fact that it's purely a software-based license, it ends up being even quicker than doing it for an on-prem firewall."
"It is an expensive product, but when you realize that you need it, it does not feel so expensive. We have had a good experience with them as partners. They have helped us with designing and having good architecture and the best equipment at the best prices. We find it a good deal."
"The solution's licensing is based on the number of users of the VMs. We follow a pay-as-you-go model. Its pricing is competitive."
"The price of Check Point CloudGuard Network Security is very high compared to other solutions, such as Fortinet FortiMail. For the over 2,000 mailboxes we use with the solution it is very expensive."
"The licensing models that are available for Cisco Secure Firewall are okay. You have nearly every option that you need. You can pick filtering, advanced malware protection, or all the available features. It's sufficient. In terms of pricing, there are, for sure, some cheaper vendors, but overall, it's nearly the same. It has a fair price."
"The Firepower series of appliances is not cheap. I just got a quote recently for six firewalls that was in the range of over half-a-million dollars. That's what could push us to look to other vendors..."
"I wish there was an easier way to license the product in closed environments. I have worked in a number of closed environments, then it is a lot of head scratching. I know that we could put servers in these networks and that would help with the licensing. I have never been in a situation where we connected multiple networks, i.e., having an external network as well as an internal network, as those kinds of solutions are not always the best. I think licensing is always a headache for everyone, and I don't know if there is a simple solution."
"They're not too expensive. They're a little more expensive than other products, but you are getting the name, the company, and the support."
"The pricing is fair compared to competitors."
"It's very competitive with other products."
"Cisco devices are for sure costly and budget could be an important constrain on selecting them as our security solution."
"It would be nice if pricing could do more to reflect the economy of the country where the product is being implemented."
report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
831,683 professionals have used our research since 2012.
 

Comparison Review

it_user206346 - PeerSpot reviewer
Mar 11, 2015
Cisco ASA vs. Palo Alto Networks
Cisco ASA vs. Palo Alto: Management Goodies You often have comparisons of both firewalls concerning security components. Of course, a firewall must block attacks, scan for viruses, build VPNs, etc. However, in this post I am discussing the advantages and disadvantages from both vendors concerning…
 

Top Industries

By visitors reading reviews
Educational Organization
22%
Computer Software Company
14%
Comms Service Provider
6%
Manufacturing Company
6%
Computer Software Company
19%
Financial Services Firm
13%
Manufacturing Company
7%
Energy/Utilities Company
6%
Educational Organization
38%
Computer Software Company
14%
Government
5%
Manufacturing Company
4%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?
When you compare these firewalls you can identify them with different features, advantages, practices and usage a...
What is the biggest difference between Sophos XG and FortiGate?
From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...
What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?
As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...
What do you like most about Check Point CloudGuard Network Security?
The tool's most valuable feature is its management console.
What is your experience regarding pricing and costs for Check Point CloudGuard Network Security?
Pricing is high, over $25,000 USD annually. The package offered includes features we may not need, and more flexible ...
What needs improvement with Check Point CloudGuard Network Security?
The pricing is too high. We pay more than twenty-five thousand USD per year, which could be reduced. Moreover, Check ...
Which is better - Fortinet FortiGate or Cisco ASA Firewall?
One of our favorite things about Fortinet Fortigate is that you can deploy on the cloud or on premises. Fortinet Fort...
How does Cisco's ASA firewall compare with the Firepower NGFW?
It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cis...
Which is better - Meraki MX or Cisco ASA Firewall?
Cisco Adaptive Security Appliance (ASA) software is the operating software for the Cisco ASA suite. It supports netw...
 

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall
CloudGuard IaaS, Check Point vSEC, CloudGuard IaaS, Check Point Virtual Systems, Check Point CloudGuard Network Security
Cisco ASA Firewall, Cisco Adaptive Security Appliance (ASA) Firewall, Cisco ASA NGFW, Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls, Cisco ASAv, Cisco Firepower NGFW Firewall
 

Overview

 

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya
Physicians Choice Laboratory Services, Helvetica Insurance
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.
Find out what your peers are saying about Check Point CloudGuard Network Security vs. Cisco Secure Firewall and other solutions. Updated: January 2025.
831,683 professionals have used our research since 2012.