Check Point Quantum Firewalls and Security Gateways vs. Cisco Firepower 2100 Series

1) For huge DC environments and complex networks 2) Where clients were consistent up-time like FSI and healthcare 3) Application-aware client req. and preventing day 0 cyber attacks. 4) Securing East-West traffic, hyper-scaling capabilities 5)Some advantages - Best Security meets Ultimate Hardware and SandBlast Zero Day Protection out of the box, Modular hardware 6) High Performance CPUs

Incentivized

The Cisco [Firepower] 2100 [Series] is an easy sell for anyone looking. You already know Cisco excels in the security department, but now that firepower lives right on the box and inline with the rest of the firewall data flow you can save yourself a lot of time and headaches. Unless you cant quite afford Cisco's 2100 line, there's not much reason to go with the competition.

Incentivized

• SSL inspection provides more effective mitigation of threat and data leakage with the ability to inspect and analyze encrypted traffic.
• Threat emulation and extraction provides protection against zero-day threats without compromising the data of infected files.
• 'Office mode' VPN provides a seamless connected experience for remotely connected individuals.
• Application control features provide granular restrictions to the type of application traffic than can pass through the network.

Incentivized

• Advanced threat protection
• Secure VPN connectivity
• Visibility and control (if connected to FMC)
• Regulatory compliacnce with ISO 27001, NIS2, etc.

• HTTPS Inspection -- The firewall has troubles re-packaging the packet in a way that some websites are able to interpret correctly
• Support -- Even getting support directly from Check Point isn't the easiest of experiences. They are more concerned about how fast they can close a ticket out, rather than fixing the problem.
• Custom reports -- Custom reporting is extremely limited

Incentivized

• Career-wise very familiar with the ASAs, you know, the previous gen firewalls, Pyxis, ASAs, the CHA. As far as being intuitive, those seem to be far more intuitive to learn and figure out what the features and changes and config management, all that stuff is. With Firepower, it's a learning curve and I feel like I have quite a bit of experience with it, and so does my team, but feels like it's not as intuitive, and trying to make changes just always seems harder for some reason. We've gone to some Cisco security training and all that, but even then it's just harder to work with. The other big thing is, and this is a big gripe of mine, I suppose, that on any other firewall, when we have various different manufacturers, if you make a change, you know, a simple change object, object name gets changed or object is deleted or whatever the simplest of change is, it gets implemented instantly.
• With the Firepower system, you have to deploy the change and it'll take about six or seven minutes for the change to actually take, which is insanely different than any other platform where that change is instantaneous. So let's say if I'm making seven different changes for a troubleshooting job I don't know which one of the seven is gonna fix it, I do one by one by one. I'm like, oh, let me try one change, one second, change, third change, four changes. It's going to take seven deploys. And seven deploys mean it's gonna take an hour of just deploy time. So that is a big, big gripe

Incentivized

Security Gateways are coming with a Hyperscale solution that provides maximum usability in production.

Incentivized

There are three main problems with this platform: - short EoL time - it is really missery because this platform was overrated from cisco sales and after shor time they accepted on EoL - sometimes problems with upgrades paths, because of strange behaviour between FXOS and ASA image on the top of it - not good performance when comparing to newer 1k platform

Check Point has a variety of support options that can be used to optimize your investment in the product. Companies with a larger information security and certified checkpoint engineer employee base can benefit from a standard SLA, while companies with a smaller security engineering footprint or more critical implementations can opt for premium, elite or diamond packages that even include the ability to provide on-site engineers for major security incidents. Check Point PRO support also provides the ability to outsource maintenance concerns by automating case creation and follow up when application components fail.

Incentivized

In a heterogeneous environment, we wanted to keep multiple vendors for multiple purposes. CP was found very good in handling basic Next generation firewalls features along with handling of VPNs.

Incentivized

In the days of purchase of Cisco Firepower 2100 series it was new platform and Cisco aimed their sailsmains to force selling this platfrom. It was one of the first platform with FXOS with full support of ASA images. It was cheper then 4k series and would be better than ASA 5500-x series (but regarding all problems with upgrades and EoL , it is not).

• Although there are better alternatives out there, Check Point delivers results for the price we paid for the system.
• Since implementation, we have not have any major issues with the product, minor issues were resolved in a timely fashion.
• Check Point currently fulfills our need for an outside facing firewall, when our organization grows larger, we will be looking at higher level enterprise solutions.

Incentivized

• Simplifying our lives by reducing our time spent in a console
• Being comfortable knowing the full might of Cisco is safeguarding your network
• A good excuse to bump up the IT budget in the next fiscal year!

Incentivized