Fortinet FortiGate vs. Check Point NGFW: Top Next-Gen Firewalls Compared

Firewalls appeared around three decades ago as a much-needed solution to manage the network sprawl and monitor incoming and outgoing network traffic. Your network firewall is what guards network access points to servers, web applications, and endpoints. The traditional firewalls packed these core capabilities — packet filtering, VPN and stateful inspection/stateless inspection of incoming and outgoing traffic. And this was all that was needed to close the network security loop until pure-play cybersecurity vendor Palo Alto Networks gave the standard firewalls a refresh by creating a market for next-generation firewalls (NGFW). The cybersecurity major debuted application awareness in firewalls that kick-started the new era for NGFWs.98

The next-gen firewalls packed deeper capabilities — such as user-based access control, IPS filtering, applications awareness and control, data leakage protection (DLP), secure web gateway and can integrate with other software that maps IP addresses to actual users on the network, defines Palo Alto Networks. Of note — Unified Threat Management (UTM) solutions are also referred to as NGFW. Today, cybersecurity vendors of all sizes deliver physical, cloud-based and virtual NGFWs for small and mid-sized businesses and large enterprises.

There are other market shifts afoot too — firewall deployments are moving to the cloud and the rapid surge in endpoints will accelerate the growth of firewall-as-a-service (FWaaS) to secure cloud environmentsOpens a new window . Gartner predicts over the next four years, 20% of new distributed branch office firewall deployments will switch to FWaaS. Meanwhile, the FWaaS market dominated by Palo Alto Networks, Check Point Software, Fortinet, Sophos, Forcepoint and Barracuda Networks, is expected to hit $2.5 billionOpens a new window by 2024.

In this article, we look at next-gen firewall solutions from two pure-play cybersecurity vendors — Israel-headquartered Check Point and Sunnyvale-headquartered Fortinet, one of the leading providers of security software and hardware. Big names in the cybersecurity vendor landscape, both companies deliver firewall, cloud, and endpoint security. Check Point pioneered the stateful inspection firewall technology, known as FireWall-1 until it was upended by the new wave of NGFW. On the other hand is NGFW vendor Fortinet with FortiGate that has found a formidable SMB fan base in the market as compared to the pricier version from other vendors.

The comparison draws on insights from NSS Labs, a leading cybersecurity product testing company and user reviews. In this article, we compare Fortinet’s FortiGate-500E NGFW and CheckPoint’s Quantum Security Gateways on key features, security effectiveness, TOC, and find out which network security device is top of the mind of mid-sized and enterprise users.

Learn More: Top 10 Firewall Hardware Devices in 2021

Fortinet FortiGate vs. Check Point NGFW: Which Network Security Device Works Smarter

FortiGate NGFW

Overview: FortiGate scores very high in user reviews and emerges as a top choice in forums. Over the years, Fortinet has built a strong competitive pricing model and boasts of broad features including intrusion prevention, web filtering, anti-malware, application control and SSL/TLS inspection capabilities. And despite the breadth of its features, the firewall appliance does not impact network performance.

Features: FortiGate NGFW combines key features such as intrusion prevention system (IPS), web filtering, secure sockets layer (SSL) inspection, and automated threat protection. Firewalls only work if they inspect all traffic for new forms of attack and encrypted traffic masks threats. A downside of much-talked-about encryption technologies such as the new industry standard transport layer security (TLS) and secure sockets layer (SSL) is that it masks around 50%Opens a new window of cyberattacks. And to counter that, FortiGate NGFW packs AI capabilities that can detect encrypted traffic and this includes the latest encryption standard TLS 1.3, Fortinet indicates.

Security Effectiveness: The solution has won high marks for delivering integrated and automated security against new threats. As per NSS Labs 2019 report, Fortinet’s FortiGate-500E NGFW delivered an overall 98.96% exploit block rate, and stopped 100% of all live exploits. The solution also demonstrated deeper inspection capabilities with high SSL/TLS performance and detects threats in encrypted flows as well. The report indicates Fortinet NGFW delivered the best SSL performance with the least degradation.

Total Cost of Ownership (TCO): FortiGate NGFW promises a significant price-performance advantage with NSS Labs scoring the solution high on low TCO — pegged at $2 per protected Mbps. This means that it packs maximum performance and manageability at a low cost.

Industry Uptake: Fortinet NGFW solution has found a customer base across industries such as manufacturing, healthcare, financial services, education, government and earned top marks for ease of administration, management and strong performance in high traffic networks.

Our View: Overall, Fortinet markets solutions on two key differentiators — strong SSL/TLS inspection capabilities and seamless integration into larger security framework environments. Additionally, the much-touted price-performance advantage has made Fortinet firewalls the best-selling products in its portfolio. Users rate FortiGate firewalls as less expensive as compared to other solutions and rate it high on performance, even in high traffic networks. Price-conscious companies would like to opt for Fortinet’s firewall solution.

Learn More: Top 10 Firewall Security Software in 2021

Check Point Quantum Security Gateways

Overview: An innovator in the enterprise firewall space, Check Point has a solid presence in the cybersecurity market and is an industry-standard when it comes to enterprise firewall deployments. Check Point has put all its might behind its cybersecurity architecture — Check Point Infinity that delivers end-to-end IT infrastructure protection from Gen V cyber-attacks across cloud, networks, and endpoints. The company defines Gen V cyberattacks as large-scale sophisticated cyber attacks that move across different vectors such as cloud, mobile and networks.

Features: Check Point’s NGFW — Quantum Security Gateway is based on Infinity architecture, can scale on demand and delivers up to 1.5 Tbps of threat prevention performance, Check Point indicates. With Infinity architecture as the foundation, Check Point’s firewalls cover the entire attack surface and deliver high-security performance and throughput. Another highlight is that the company also boasts of one of the largest threat research teams that is at the forefront of threat intelligence and unpack the latest cyber attacks.

Security Effectiveness: Check Point has expanded its product portfolio with new quantum gateways — and all the gateways feature Check Point ThreatCloud (its cloud-based security intelligence knowledge base) and the noteworthy SandBlast zero-day protection. They also pack Check Point’s latest security release R80:40 security software which has over 100 new features to extend protection. Some of the key benefits include URL filtering, visibility from multiple attack points, and the ability to be specific in controlling internal networks. And for the first time, to help customers tackle new threats arising from the pandemic, Check Point has bundled the Quantum Security Gateways with SandBlast Zero-Day Protection to keep networks secure.

Total Cost of Ownership (TCO): In terms of price-performance advantage, users rate the pricing is higher than other solutions. While the solution provides end-to-end security, the TCO is higher vis-à-vis other vendors.

Industry Uptake: As compared to other vendors, Check Point has doubled down on vertical-specific offerings with appliances geared for businesses of all sizes — small-to-mid-sized businesses and large enterprises with millions of customers. A pioneer in cybersecurity, Check Point also boasts of a strong partner ecosystem. A large number of Fortune 500 companies, including financial institutions and telecom majors rely on Check Point for network security.

Our View: By and large, enterprises deploy a wide array of firewalls along with IDS and IPS systems to get visibility into incoming traffic. This is an area where Check Point excels by delivering full-spectrum visibility and provides protection from all points of attack. Users from mid and large enterprises emphasize Check Point firewalls have easy configurations and significantly reduce the risk landscape through IPS and HTTPS inspection. However, Check Point firewalls draw a mixed response over technical support and the overall complexity of the solution that makes it difficult to debug as compared to other solutions. This factor may compel users to move to other vendors.

Learn More: What Is a Firewall? Definition, Key Components, and Best Practices

Wrapping up

Check Point firewalls deliver robust security and protection from known threats and zero-day attacks via SandBlast Threat Emulation and SandBlast Threat Extraction. In fact, Check Point SandBlast is what separates it from other vendors in terms of file-size inspection. However, most users rated the solution as best suited for large environments as compared to smaller sites. Another recurring theme is that for Check Point solutions, the learning curve is steep and as compared to Fortinet solutions, there’s no knowledge base or repository to get started with. In terms of advanced features roadmap, Gartner report also indicates that Check Point lacks support for TLS 1.3, something that other cybersecurity vendors, Fortinet and Palo Alto Networks tout in their appliances.

Do you think Fortinet scores over Check Point in terms of pricing or support? Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to hear from you!