We performed a comparison between Cisco Secure Firewall and Trellix Network Detection and Response based on real PeerSpot user reviews.
Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls."We are using the FortiGate 100D series. VPN, firewall, anti-malware, OTM, and intrusion prevention are useful features."
"The main benefit is the grouping of our security monitoring."
"Security management tool that's easy to integrate and easy to work with. No issues found with its stability and scalability."
"I'm pretty happy with its reliability. It is also very scalable."
"I like how we can achieve total integration."
"Fortinet FortiGate is a stable solution."
"The most valuable feature is the policy routing and application control."
"It's very fast and easy to configure."
"Cisco Secure Firewall is robust and reliable."
"I haven't had any major problems so I haven't had to open a ticket with technical support."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"The stability of the solution is very good. We can see that it gets even better with every release."
"I like the ASDM for the firewall because it is visual. With the command line, it is harder to visualize what is going on. A picture is worth a thousand words."
"The deep packet inspection is useful, but the most useful feature is application awareness. You can filter on the app rather than on a static TCP port."
"I like that it is easy to change the settings."
"The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands."
"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."
"It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us."
"The product is very easy to configure."
"The most valuable feature is the network security module."
"Over the thirteen years of using the product, we have not experienced a single compromise in our environment. During the COVID period, we faced numerous DDoS attacks, and the tool proved highly effective in mitigating these threats."
"Its ability to find zero-day threats, malware and anything malicious has greatly improved my customer's organization, especially for protecting the users' browser."
"The most valuable feature is the view into the application."
"Before FireEye, most of the times that an incident would happen nobody would be able to find out where or why the incident occurred and that the system is compromised. FireEye is a better product because if the incident already happened I know that the breach is there and that the system is compromised so we can take appropriate action to prevent anything from happening."
"Their software support needs improvement. I would prefer to have better support for bug fixes. Sometimes, we open a ticket, and it is very difficult to get a solution. Specifically, we are not at all happy with their support for load balancing."
"To some degree, it's almost a question as to why some of this stuff isn't simpler. For example, for an AP deployment, while it's integrated, the number of steps that you have to go through in order to get the AP up, seems like a lot."
"Technical support could be better. You don't always get the level of help you need right away."
"There are just some services that aren't available. For example, the Ethernet or point-to-point protocols. They could add these services to their product offering - especially services for ISPs."
"It could use more templates for third-party site-to-site VPN setups other than FortiGate and Cisco."
"The graphical user interface of Fortinet's FortiGate product does not function well with text-based interfaces."
"I'm not sure if it's something that they already have or are developing something, however, we need some dedicated features for container security."
"Price, of course, can always be more competitive or better."
"One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically."
"Cisco still has a lot of work to do. You can convert an ASA over to a Firepower, but the competitors, like Palo Alto and Juniper, are coming in. And believe it or not, they are a little bit more intuitive. Cisco has a little bit more work to do. They're playing catch up."
"Comparing Cisco solution to others, it is expensive, it would be better for it to be cheaper."
"It could use a web-based portal for VPN. Earlier they had it in the ASA model, but currently they don't have it."
"I would like to see the inclusion of more advanced antivirus features in the next release of this solution."
"I would like to see them update the GUI so that it doesn't look like it was made in 1995."
"The installation and integration of Cisco ASA with FirePOWER can be improved. The management with Fortigate is easier than Cisco ASA on FirePOWER. The management side of Cisco ASA can be improved so it can be more easily configured and used."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment."
"Based on what we deployed, they should emphasize the application filtering and the web center. We need to look deeper into the SSM inspection. If we get the full solution with that module, we don't need to get the SSM database from another supplier."
"It is an expensive solution."
"Its documentation can be improved. The main problem that I see with FireEye is the documentation. We are an official distributor and partner of FireEye, and we have access to complete documentation about how to configure or implement this technology, but for customers, very limited documentation is available openly. This is the area in which FireEye should evolve. All documents should be easily available for everyone."
"Cybersecurity posture has room for improvement."
"There is a lot of room for Improvement in the offering, from cost to functionality. It is pretty straightforward to implement which is an advantage. However, it falls short in pricing, detection capabilities, and, most importantly, reporting and policy management."
"We'd like the potential for better scaling."
"It would be very helpful if there were better integration with other solutions from other vendors, such as Fortinet and Palo Alto."
More Trellix Network Detection and Response Pricing and Cost Advice →
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while Trellix Network Detection and Response is ranked 9th in Advanced Threat Protection (ATP) with 35 reviews. Cisco Secure Firewall is rated 8.2, while Trellix Network Detection and Response is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Trellix Network Detection and Response writes "Blocks traffic and DDoS attacks ". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Palo Alto Networks NG Firewalls, whereas Trellix Network Detection and Response is most compared with Fortinet FortiSandbox, Palo Alto Networks WildFire, Zscaler Internet Access, Vectra AI and Zabbix.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.