This video was based on the 2018 NSS Labs Report. A viewer has alerted me that the check point device suffered a bug that caused it to fail miserably in the security effectiveness testing. I will release a new video once I am able to get my hands on a 2020 NSS labs and Gartner report. Remember ladies and gents, always do your own discovery and research before purchasing anything. Even if the Fortinet is the best decision, you need to come to those terms yourself based on facts you are able to gather.
Also, why didn't you used the NGFW 2019 report (again you should use the BPS report, but in case you still want to use a basic report, why didn't you used 2019 if this is a 2020 video?) in 2019 NGFW Check Point had a Security Effectiveness of 97.4% and fortinet just 93%. You are making a Fotinet vs Check Point comparison and taking as reference a basic and old report where check point doesn't looks good? very convenient.
@@FortinetGuru Checkpoint is way more easy to configure. In the other hand Checkpoint does not have the full web feature as Fortinet. On this point with Checkpoint you have to go with windows (not cross platform as Fortinet).
The ease of configuration may be tied to familiarity? I have had some folks claim Juniper SRX devices are easier to configure and I find them to be a nightmare :-/
I've worked with Checkpoint, Cisco, Juniper and Fortinet. I must say after only working in the CLI with ASA's it was a learning curve with Fortinet. The fact you don't have to pay for those VPN licenses with FortiGate sold me!! Plus I've learned to use the GUI with FG, so I give the lead to FG.
Can you please share your sources about security effectiveness rating? The NSS Labs report for 2019 I found rates Fortinet with 93% security effectiveness, whereas Checkpoint is rated with 97.4%. Also, you are right about your review being biased but I don't want to start debating which vendor is better because I know each one is different. I just want to shed some light upon your presented data. P.S. I deploy appliances from both vendors ;) Edit: you forgot to mention the wide security vulnerabilities Fortinet is exposing its customers to, not to mention how long it takes to get the patches for them. Also, when you present that huge price gap between them, are you referring to list prices? Because if so, then you are not doing the right comparison. CP has a different business model than Fortinet, but at the end of the day, I had similar pricing quotes from both vendors. It all comes down to the deal you're making.
My information came from the 2018 NSS Lab report. Perhaps that was a bad year for Checkpoint or an event skewed the data. Will be happy to do a revised video once I am able to dig through the 2019 report. I may wait for the 2020 one to hit though (if it hasn’t already) and just do the most current. Thanks so much for the insight. Everything on this channel has a bias. I can’t hide it and try to out it as much as possible. That’s what I love about this platform though. We can have discussions like this and show each other faults in our thoughts or expand ideas and perspectives.
@@FortinetGuru lol 😂. Ok, I can't find anywhere a 2018 report that shows Checkpoint that low on the NSS ratings, Except a file available on Fortinet.com 🤔 . What I find interesting is that this is the 3rd time I am hearing such stories from 'Fortinet' people. Last year I heard a story from someone at Fortinet where he 'protected' a checkpoint cluster against perimeter attacks with Forti OS 6.0.2. I asked which version of checkpoint was that. He replied R71 🤣💀. It's these heavily biased stories from Fortinet that make me rofl and not take them too seriously. As a side comparison, CP is only interested in the competition against Force Point for whatever reason.
The 2018 report is referenced on NSS Labs site. They show the report had a range of from 25% up. I don’t work for Fortinet. I compete with them. I just happen to be decent at their hardware. The 2018 NSS Labs report shows them having a security effectiveness of 25%. Tied for last with Sophos. I didn’t make the report. I didn’t carry out the testing. If the numbers on that report are different than 2019 and 2020 and it is in Fortinet’s favor then that explains why Fortinet would openly reference it on their documentation. Either way, I’ll happily do another video once I see the 2020.
@@FortinetGuru fair enough 👍. Like I mentioned earlier, I am not interested in a debate because there is no point in that. I just wanted to straighten out the facts.
Dude, I like Forti and I've worked with Check Point and Fortigate firewalls for over 10 years. It's not just a matter of price. It's the quality of the development of the whole solution what takes the price up to 13usd per mb as you said. So as an honest recommendation, next time, instead of doing some weird faces and making pauses while talking/dramatizing about how awful and out of the picture a brand is, try to excel on the content of the video so it's informative for thousands of people watching you and tell the complete whole story! It's more than a price to performance comparison. Just a few ones.. How about vulnerabilities detected on each platform over the past years? I think that chapter was missing, how about the response times for those vulnerabilities? Let's not talk about that one either! But just don't forget that the main task of a firewall is to secure your internal network and protect it from external threats. I'm not a Check Point employee, nor check enthusiast.. in fact, I've been using Forti at home since FGT??Cs (currently FGT60E). I like your channel man and I use to watch your content every time I have to quickly refresh something in Forti, but like others said, Forti is great for SMB.
Why don't you use a real test like BPS? NGFW is to basic and today none deploys just a NGFW but a more advanced device that includes prevention against know and unknown threats.
What i hate mostly about Check Point, is that you have to log into the devices to create static routes. Dunno if it's still the case, but i used to do this double on a HA configuration.
With R80.30 and R80.40 you can deploy configuration scripts from the manager. This works well. Basically, all cli commands can be centrally deployed on to the clusters.
I'm reluctant to blindly trust the NSS ratings, especially because Fortinet only seems to reference them in regards to external ratings. Makes me weary to only look at that rating. P.S. Go Fortinet!
I get that. The big G (Gartner) ratings I ignore because I feel they are pay to play. That being said, I strongly suggest that people do full research based on their needs and use cases. My opinions and comparisons are based on third party reviews but just like you mentioned, there are more than the sources I use. I’m always open to expanding my perspective though.
Yeah. I have been doing some reading on sophos. I have lots of experience with Sonic Wall. I will make some videos for those I am sure. Working on architecting some more training specific ones for now :P
Wrong, 0:48 checkpoint does still make firewall, do you even know who made the first Stateful firewall? 1:11 fortinet firewalls are fast. Wrong, lets compare a SMB product Fortigate 51E UTP 24x7 with similiar model checkpoint 750 NGTX. Prices for both are almost same, CP is bit cheaper. so Threat Prevention/Protection throughput CP wins with 200/160Mbps also with NGFW throughput CP wins by 490/220Mbps. Fortinet has a very messy interface compared to Checkpoint, Fortinet is expensive when you buy, FortiGate, fortiManager, FortiAnalyser, to get what you get for Checkpoints Smartconsole. You are making a video based on results of 2018, but according to the August 7, 2019 NSS report security effectiveness is 98.4%. Im NSE certifed and certified in CP also, i have deployed multiple CP's and FGTS, both are really good products.
Spot on. Mike wrote he will redo this video. Recently I had quite some issues with Fortinet. Meanwhile R80.40 works very well. Must say checkpoint made a comeback and i am starting to prefer their products over Fortinet. The MDM is years ahead of the FMG.
I’m in the market looking for a firewall and CP or Fotigate are my last two. I love Cisco but not their NGFW. I’m leaning towards CP over fortigate. This is a large deployment.
From what I see Checkpoint only have market share from historical installed bases, these bases have such a lot of it it would be a massive cost to move away. Checkpoint were the market leader for a long time, before Fortinet/Palo were on the scene it was Checkpoint and Cisco with a few others picking up the pieces. Regarding support, Checkpoint use to be good but software is so buggy now unless your ticket is with Israel the level of knowledge is poor.
@@FortinetGuru got it! I know why. Checkpoint sent out an EA Version that had a bug. This backfired immensely, but NSS accepted to redo the test. blog.checkpoint.com/2018/09/06/check-point-is-a-leader-in-2018-next-generation-firewall-nfgw-test-by-nss-labs/
This video was based on the 2018 NSS Labs Report. A viewer has alerted me that the check point device suffered a bug that caused it to fail miserably in the security effectiveness testing. I will release a new video once I am able to get my hands on a 2020 NSS labs and Gartner report. Remember ladies and gents, always do your own discovery and research before purchasing anything. Even if the Fortinet is the best decision, you need to come to those terms yourself based on facts you are able to gather.
Sounds like a sales video. Came in with an open mind and left at the beginning laughing at how much bias there was.
I felt exactly the same , this guys does not know the power of Checkpoint yet...
Also, why didn't you used the NGFW 2019 report (again you should use the BPS report, but in case you still want to use a basic report, why didn't you used 2019 if this is a 2020 video?) in 2019 NGFW Check Point had a Security Effectiveness of 97.4% and fortinet just 93%. You are making a Fotinet vs Check Point comparison and taking as reference a basic and old report where check point doesn't looks good? very convenient.
I love Checkpoint.I've used the 5200,5600 and 5800 models and the old 2900.
Nice. Everyone has their preference. I despise them personally but if they work for you that is all you can ask for.
@@FortinetGuru Checkpoint is way more easy to configure.
In the other hand Checkpoint does not have the full web feature as Fortinet.
On this point with Checkpoint you have to go with windows (not cross platform as Fortinet).
The ease of configuration may be tied to familiarity? I have had some folks claim Juniper SRX devices are easier to configure and I find them to be a nightmare :-/
At least checkpoint doesn’t have conserve mode issues that fortigate notorious with
touche`
I used to be checkpoint but now moving to fortigate. Pricing and support is ridiculous now.
Yeah, Checkpoint is high as giraffe......well...parts
I've worked with Checkpoint, Cisco, Juniper and Fortinet. I must say after only working in the CLI with ASA's it was a learning curve with Fortinet. The fact you don't have to pay for those VPN licenses with FortiGate sold me!! Plus I've learned to use the GUI with FG, so I give the lead to FG.
Not having to pay for VPN licenses is a huge benefit for me.
How suitable is the FG VPN for Medium businesses and upwards?
Can you please share your sources about security effectiveness rating? The NSS Labs report for 2019 I found rates Fortinet with 93% security effectiveness, whereas Checkpoint is rated with 97.4%. Also, you are right about your review being biased but I don't want to start debating which vendor is better because I know each one is different. I just want to shed some light upon your presented data. P.S. I deploy appliances from both vendors ;)
Edit: you forgot to mention the wide security vulnerabilities Fortinet is exposing its customers to, not to mention how long it takes to get the patches for them. Also, when you present that huge price gap between them, are you referring to list prices? Because if so, then you are not doing the right comparison. CP has a different business model than Fortinet, but at the end of the day, I had similar pricing quotes from both vendors. It all comes down to the deal you're making.
My information came from the 2018 NSS Lab report. Perhaps that was a bad year for Checkpoint or an event skewed the data. Will be happy to do a revised video once I am able to dig through the 2019 report. I may wait for the 2020 one to hit though (if it hasn’t already) and just do the most current.
Thanks so much for the insight. Everything on this channel has a bias. I can’t hide it and try to out it as much as possible. That’s what I love about this platform though. We can have discussions like this and show each other faults in our thoughts or expand ideas and perspectives.
@@FortinetGuru lol 😂. Ok, I can't find anywhere a 2018 report that shows Checkpoint that low on the NSS ratings, Except a file available on Fortinet.com 🤔 . What I find interesting is that this is the 3rd time I am hearing such stories from 'Fortinet' people. Last year I heard a story from someone at Fortinet where he 'protected' a checkpoint cluster against perimeter attacks with Forti OS 6.0.2. I asked which version of checkpoint was that. He replied R71 🤣💀. It's these heavily biased stories from Fortinet that make me rofl and not take them too seriously. As a side comparison, CP is only interested in the competition against Force Point for whatever reason.
The 2018 report is referenced on NSS Labs site. They show the report had a range of from 25% up. I don’t work for Fortinet. I compete with them. I just happen to be decent at their hardware. The 2018 NSS Labs report shows them having a security effectiveness of 25%. Tied for last with Sophos. I didn’t make the report. I didn’t carry out the testing. If the numbers on that report are different than 2019 and 2020 and it is in Fortinet’s favor then that explains why Fortinet would openly reference it on their documentation. Either way, I’ll happily do another video once I see the 2020.
@@FortinetGuru fair enough 👍. Like I mentioned earlier, I am not interested in a debate because there is no point in that. I just wanted to straighten out the facts.
Great channel. Love your candid perspectives. Much appreciated. Is the 2020 NSS Labs firewall report out yet? Have you heard anything? Thx amigo!
Fortinet is good for small business. Checkpoint and Palo are the big boys. Go back to your sandbox Forti
Fortinet is used in 10/10 top 10 telcos and countless other large businesses.
@@FortinetGuru LOL that isn't true.
How about Fortinet vs Watchguard? Can you make a quick video? Thanks!
Watch guard is not powerful firewall friend & no comparison with fortinet & checkpoint
Arshad Shaikh Any specifics as on why? We have quite a few watchguards deployed and they seem to do a pretty good job.
@@Traumatree Can't seem to get specifics as to why. I'd like to know.
Dude, I like Forti and I've worked with Check Point and Fortigate firewalls for over 10 years. It's not just a matter of price. It's the quality of the development of the whole solution what takes the price up to 13usd per mb as you said. So as an honest recommendation, next time, instead of doing some weird faces and making pauses while talking/dramatizing about how awful and out of the picture a brand is, try to excel on the content of the video so it's informative for thousands of people watching you and tell the complete whole story! It's more than a price to performance comparison. Just a few ones.. How about vulnerabilities detected on each platform over the past years? I think that chapter was missing, how about the response times for those vulnerabilities? Let's not talk about that one either! But just don't forget that the main task of a firewall is to secure your internal network and protect it from external threats.
I'm not a Check Point employee, nor check enthusiast.. in fact, I've been using Forti at home since FGT??Cs (currently FGT60E). I like your channel man and I use to watch your content every time I have to quickly refresh something in Forti, but like others said, Forti is great for SMB.
Would love to see a video about Fortinet recent breach
😂Checkpoint down checkpoint down!!! We have checkpoint down!!! 🤣
Cisco vs fortinet should definitely be next!!!
Why don't you use a real test like BPS? NGFW is to basic and today none deploys just a NGFW but a more advanced device that includes prevention against know and unknown threats.
Love that T-shirt! Did you make it yourself?
My wife made me a white one and a black one
@@FortinetGuru You should use it as merchandise on your channel :-)
What i hate mostly about Check Point, is that you have to log into the devices to create static routes. Dunno if it's still the case, but i used to do this double on a HA configuration.
With R80.30 and R80.40 you can deploy configuration scripts from the manager. This works well. Basically, all cli commands can be centrally deployed on to the clusters.
for normal gateways its done via CLI / GUI or API.
for VSX is done via smartconsole (the gui where you create the rules)
I'm reluctant to blindly trust the NSS ratings, especially because Fortinet only seems to reference them in regards to external ratings. Makes me weary to only look at that rating.
P.S. Go Fortinet!
I get that. The big G (Gartner) ratings I ignore because I feel they are pay to play. That being said, I strongly suggest that people do full research based on their needs and use cases. My opinions and comparisons are based on third party reviews but just like you mentioned, there are more than the sources I use. I’m always open to expanding my perspective though.
I would run Linksys before choosing Checkpoint......... ugh bah......
someone could get this NSS Labs Reports on products evaluated ? i m interested about those on Fortinet, Palo Alto and Checkpoint
Thanks Mike.
No problem
You need to do a video on your opinion of Sonicwall and Sophos ;-)
Yeah. I have been doing some reading on sophos. I have lots of experience with Sonic Wall. I will make some videos for those I am sure. Working on architecting some more training specific ones for now :P
@@FortinetGuru you can get full experience with it using a bare metal PC with two NICs or a VM and Sophos XG Home JFYI
Fortinet vs sophos vs palo alto
Brou, it seems you were able to issue only theses, where are the facts and arguments?
Hey, how did you get your fortinet training?not related to video though!
Lots and lots of experience and “wtf?” Moments
it's Check Point : )
Wrong, 0:48 checkpoint does still make firewall, do you even know who made the first Stateful firewall? 1:11 fortinet firewalls are fast. Wrong, lets compare a SMB product Fortigate 51E UTP 24x7 with similiar model checkpoint 750 NGTX. Prices for both are almost same, CP is bit cheaper. so Threat Prevention/Protection throughput CP wins with 200/160Mbps also with NGFW throughput CP wins by 490/220Mbps. Fortinet has a very messy interface compared to Checkpoint, Fortinet is expensive when you buy, FortiGate, fortiManager, FortiAnalyser, to get what you get for Checkpoints Smartconsole. You are making a video based on results of 2018, but according to the August 7, 2019 NSS report security effectiveness is 98.4%. Im NSE certifed and certified in CP also, i have deployed multiple CP's and FGTS, both are really good products.
Spot on. Mike wrote he will redo this video. Recently I had quite some issues with Fortinet. Meanwhile R80.40 works very well. Must say checkpoint made a comeback and i am starting to prefer their products over Fortinet. The MDM is years ahead of the FMG.
I’m in the market looking for a firewall and CP or Fotigate are my last two. I love Cisco but not their NGFW.
I’m leaning towards CP over fortigate. This is a large deployment.
Fuck the checkpoint.
Other vendors do same and better with less pain in the ass
@@AJ-jf7cl dont blame the game.. learn to do it
From what I see Checkpoint only have market share from historical installed bases, these bases have such a lot of it it would be a massive cost to move away. Checkpoint were the market leader for a long time, before Fortinet/Palo were on the scene it was Checkpoint and Cisco with a few others picking up the pieces. Regarding support, Checkpoint use to be good but software is so buggy now unless your ticket is with Israel the level of knowledge is poor.
oh boy, my beloved Check Point colleagues ain't gonna like this
😂😂
They shouldn't because the information can't be confirmed. It's like stating something and not having any facts to prove it. ;)
As stated, 2018 NSS Labs report. Go find the full report. I wouldn’t reference a report as a source if it didn’t exist.
@@FortinetGuru got it! I know why. Checkpoint sent out an EA Version that had a bug. This backfired immensely, but NSS accepted to redo the test. blog.checkpoint.com/2018/09/06/check-point-is-a-leader-in-2018-next-generation-firewall-nfgw-test-by-nss-labs/
Excellent. Looks like I have another video coming soon :)
You should speak for yourself, don’t infiltrate people’s interest
Yeah until then you just let your video mislead everyone. Good job man, good job