Comments from our firewall evaluation done a while ago, mostly feelings and impressions so donít take too seriously. Investigate and test yourself, that's the best way.

Fortigate
-UTM/home box ideology pushes through in UI, logic and terms they use
-NAT configuration is straight from the dark middle ages
-cli not on par with Juniper, no Linux shell available
-web ui is not the best, but doable
+virtualization is logical and easy to setup
+good performance due to solid asic technology
+40G interfaces at decent price

Check Point
-CPU architecture raises questions about performance and SAM module is not on par with competitors circuit acceleration technologies
-massive to minor problems with every version upgrade (on tonightís menu, new reserved words BOOYA!)
-same bugs follow you from version to version
+management and logging tools crush the competition
+solid high availability mechanism and failover logic
+runs solid once you get all issues sorted

Juniper
-no viable graphical management, Junos Space is barely usable.
-no logging product until the very latest release of Junos Space (they bought some external component for logging)
+probably the best cli
+robust routing and multicast capabilities
+hardware architecture looks solid

Palo Alto
-more focused on enterprise side, instead of datacenter/operator environment
-aggressive sales guys are super annoying
-performance in on the lower side on paper, raises question how they perform in real life
+hardware architecture looks solid
+port independent application control