We performed a comparison between Cisco Secure Firewall and WatchGuard Firebox based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. WatchGuard Firebox received slightly better ratings because it is easier to deploy than Cisco Secure Firewall.
"Fortinet FortiGate is stable. It's used across all the countries, this is the way most multinationals run their system."
"What's most important is the ease of use."
"This solution made it very easy to manage our bandwidth."
"The management console is pretty simple, so anyone who understands networking can initially deploy the solution."
"It's very fast and easy to configure."
"Using this product makes the VPN seamless and almost invisible to me in the sense that I don't have to think about it."
"This solution has helped our organization by having strong functions and a reliable firewall."
"The tool is a nice product and easy to handle. The software's user interface is also good. You can easily implement remote access in the solution."
"I found that setting up rules for HTTPS and SSH access to the management interface are straightforward, including setting the cypher type."
"The solution is excellent for enterprise-level networks."
"The CLI is the most valuable feature. This solution is very flexible and offers different functionality including firewalls and VPN connectivity."
"It is scalable and stable."
"It is much better than most of the other firewalls that I have worked with."
"The feature set is fine and is rarely a problem."
"The most valuable features are the flexibility and level of security that this solution provides."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"The solution has many security features. We have an intrusion provision system and filtering and block filtering."
"It is a scalable solution."
"I like the High Availability features of the newest ones I'm using because they allow a firewall to fail and still be up and running."
"After conducting several tests I found the antivirus is working very well. Additionally, they have a very interesting feature, DNS WatchGuard, which is checking DNS requests for phishing, among other things, and it has caught a lot of unwanted attempts and attacks."
"The features that I have found most valuable are the FireWall features. The management side of WatchGuard is quite easy because it supports two ways to manage it - by the web and the other one they call WatchGuard systems manager. I used to be familiar with WSM only, but they improved their GUI in the web browser and now it is much easier to do it within the web browser."
"It also provides us with layered security. It has onboard virus scanning features that allow it to scan before something gets to the host. It will also stop a person from going to a site that is known to be bad."
"I have found the DNS Watch feature for intrusion and prevention response and APT Locker most valuable to me."
"The most valuable feature is the ease of use of the interface."
"Its price could be better."
"It can be a little bit more user-friendly in terms of policy definition and implementation. It seems a little bit complicated, and it could be simplified."
"The performance could be a bit better. Right now, I find it to be lacking. Having good performance is very important for our work."
"This product needs to have an analysis feature, rather than having the analysis done through the integration of a different product."
"Fortinet FortiGate can be integrated with different platforms. They have integrations in place, but I can't say they're 100%."
"The setup is pretty complex and not easy to implement."
"The monitor and the visibility, in this proxy, is very weak."
"It would be nice if FortiGate incorporated some built-in endpoint protection features. I would also like a built-in SOC dashboard for managing multiple Fortinet firewalls."
"Sometimes, it is not easy to troubleshoot. You need to know where to go. It took me quite awhile. It's like, "Okay, if it doesn't go smoothly here, then go find the documentation." Once you do it, it is not so bad. However, it is sometimes a steep learning curve on the troubleshooting part of it."
"The solution is overcomplicated in some senses. Simplifying it would be an improvement."
"The only drawback of the user interface is when it comes to policies. When you open it and click on the policies, you have to move manually left and right if you want to see the whole field within the cell. Checkpoint has a very detailed user interface."
"<p>If there is old hardware, or appliances, it does not necessarily work with the new Cisco generation firewalls."
"The cost is very high. Most organizations cannot afford it."
"It lacks management. For me, it still doesn't have a proper management tool or GUI for configuration, logging, and visualization. Its management is not that easy. It is also not very flexible and easy to configure. They used to have a product called CSM, but it is no longer being developed. FortiGate is better than this solution in terms of GUI, flexibility, and user-friendliness."
"In general, they can make it easier to manage the solutions. They can make it easier in terms of administration and provide a single tool for different firewalling solutions. They have different tools to manage different firewalls, such as Firepower or ASA. Sometimes, both are on the same thing. You have ASA with Firepower modules, so you manage some of the things via HTML, and then you manage some of the things via another management tool. It's not seamless."
"Changes you make in the GUI sometimes do not reflect in the command line and vice versa."
"There could also be better reporting. For example, there should be more out-of-the-box management reports."
"There's always room for improvement, especially if the threats are getting more sophisticated and the IT department cannot sufficiently meet this kind of sophistication with their own knowledge and experience. Knowing that this solution can get up to the level of addressing a lot of these threats is something that everybody wishes for. If we look at the dark web and the lawful web, they are two opposites, and if these two good and bad collide in the world of the internet, you want the best possible product—especially if you cannot get to that point of knowledge. I am just an individual and end user, with limited knowledge of usage. That's why I say there's always room for improvement, from their side and also from mine, because by knowing exactly what they can achieve and the knowledge that they can get on an everyday basis, and the portion that is understandable to me, it's an improvement for them as well."
"The few issues that we have had, such as not knowing where to go, they have been answered quickly."
"One other shortcoming is that there is no backup for it. We really haven't figured out how we might solve that problem. We may want to put a duplicate in... With WatchGuard, we just have the one box. If that were to fail, we'd probably be really hurting."
"There is room for improvement on the education side, regarding what does what, rather than just throwing it at a person and assuming they know everything about it. A lot of times, you have to call WatchGuard support to get the solution that will work, rather than their just having it published so that you can fix the problem on your own."
"Its documentation could be improved. Sometimes, you need to search a bit longer to find what you are looking for."
"I haven’t dug deeply into the reporting features yet or if they are working well. However, I have generated several reports and there was too much unnecessary information, in comparison with the reporting features in the Sophos firewall. Sophos' reporting is more readable and easier to configure."
"This is a great product and offers great protection but they don't hear the customers' needs. They don't make improvements as per the customers' requests."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while WatchGuard Firebox is ranked 13th in Firewalls with 79 reviews. Cisco Secure Firewall is rated 8.2, while WatchGuard Firebox is rated 8.4. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of WatchGuard Firebox writes "Offers a streamlined deployment, intuitive interface and robust security features". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Sophos UTM, whereas WatchGuard Firebox is most compared with Netgate pfSense, Sophos XG, OPNsense, SonicWall TZ and Sophos UTM. See our Cisco Secure Firewall vs. WatchGuard Firebox report.
See our list of best Firewalls vendors and best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.