I am making the assumptions that you have someone on staff to take care of the firewall as much as it needs to be. Also, you should have internal security checking with IDS's and systems integrity checking with something like tripwire. The two systems should be more or less equalent in these terms. Where you do see the difference is checkpoints more exotic firewall functions like authentication services and more importantly, they have a much more entrenched application layer support suite. We have to look externally to handle app protocols. For them, much of it is built in. That is on the purely security standpoint. There are other advantages here and there between Comercial and netfilter firewalls. Personally, I find the difference in PRICE to be the most distinctive difference.
