FortiGate are horrible, stay away , run ;)
Hey this is forum for FTNT so nobody going to tell you any thing bad 
. Okay here's my thoughts since I work with both platforms and almost daily or weekly
My opinion for OP and anybody looking at the two platforms ;
"none are better than the other it like saying is a toyota better than a honda "
CHKP
[ul]
support is going slowly downhill, and that is from me working with their support and products for 20+ years the security manager/mds is excellent in tracing or searching objects, & it really the 1st security manager from historical , so it has improved over the course of decades. It's simple to use and laid out fairly good. They did a good job in that area. hardware is reliable even though in my day-job we have 50/50 real appliance and virtual we have not seeing any hardware failure nor have I heard of any thing failing CHKP ha-cluster and failover is just a mess, Just as bad as junos or actually worst. I have nothing positive to say in those areas. Just expect some reboots if you actually failover anything vpn diagnose is simple and pcap generate is excellent for assistance in troubleshooting as you should know licensing in anything with regards to CHKP is a price-tag $$$$ and like clustering is a mess to manage or understand if you do not do it regularly A lot change to the security-manager system are scripts and file modification that can be intimidating ( forcepoint SMC is done in the same fashion & by many local-host files that you have to edit ) logging and analysis can be a breeze , but you need add-on to fully achieve anything in that area centralize nat table and object or a mix of the two can cause issues if you do not know what's going onAlso checkpoint solution documents are write probably slightly better than fortinet but just my opinion others might disagree[/ul]
FTNT
[ul] support is fair, RMA process sucks in general. Also hand off to another engineer and the process is poor to say the least application control works and works very goodsoftware upgrade are simple as 1 2 3 SDWAN is a big feature that a lot of sml to medium org are moving to, it's a strong point webGUI is good and the fortimanager if you have a wide deployments is a great management solution IDS/IDP rules management is much simple than CHKP IDS/IDP updates are also much simpler and reliable to execute clustering|failover is breeze to manage ( see my above bold complaint ) DoS flood mitigation is simple , but like anything if your over--ran you will have problem. Does not matter if it a FTNT CHKP PANW JNPR , flood control is a royal PITA. NAT and VIP management is much simple also in FTNTif you have a hardware failure it's almost effortlessly to restore if you have last-saved cfg, can not say the same to CHKP-sg. You have a lot of minor steps you have todo to restore a CHKP[/ul]
Summary. Both are great platform. If your looking at NSS lab you will see both are great in all areas. CHKP is still the leader or the big dog to beat, but it comes at a price tag. I love both platform but for many many different reasons.
I would ask for a demo and run a device in a lab or test-env before committing down that path. But you can't go wrong with a fortigate. Also CHKP is loosing market shares at a steady beat & for decades now. I stay in touch with my old fortigate partner, and for every bid|proposal losted out to chkp, these can be count on one hand.
I favor fortinet most of the time over checkpoint. Palo would be also a better platform to look but again comes with a price tag. They have improvement in a lot of areas that CHKP just does a C grade in.
Ken Felix
