We performed a comparison between Cisco Secure Firewall and WatchGuard XTM [EOL] based on real PeerSpot user reviews.
Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls."The web tutor and automatic rules by schedule are good features."
"The CLI is robust and powerful, enabling rapid, consistent changes via SSH."
"The most valuable feature of Fortinet FortiGate is load balancing. It can provide central management and VPNA. Additionally, it has enhanced our security environment."
"I like how we can achieve total integration."
"Fortinet has a very good solution for Secure SD-WAN. One very good feature is that they have robust and simple FortiOS through which they provide all solutions. That's their strength. There's not much complexity involved with the Secure SD-WAN solution of Fortinet as compared to Cisco's solution, which has a lot of flexibility but complexity also comes with that flexibility."
"The most valuable features are the enterprise modeling and the simple interface."
"The most important feature, normally for small business customers, is link load balancing."
"FortiGate's web and URL filtering are unlike any other firewall I've used. The functionality of URL filtering in those solutions is problematic because everything is encrypted, and firewalls can't break that encryption protocol. Fortinet has an SSL proxy, so the encryption is done before the packet ever leaves the FortiGate. The URL filter is definitely one of the most helpful features."
"Cisco Secure Firewall has improved our customers' security posture because it offers Next-Gen features, granularity, and reporting on the back of it. You can see the amount of users accessing Office 365, for example, and whether they're having a good or bad experience. You can see the threats that are coming into your network. You can see anyone who is compromised from within your network."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"The TAC is always very helpful. We pay for Tier 1 support, so we get whatever we need from them. They always give us a solution. If they can't give us an answer that day, they get back to us within at least 24 hours with a solution or fix. I have never had a problem with the TAC. I would rate them as 10 out of 10."
"The solution is pretty easy to deploy."
"The most valuable feature for the customers is that they can control what communication is allowed and what is not allowed. That is, they can allow or deny client traffic."
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"Netting is one of the best features. We can modify it in different ways. Site-to-site VPN is also an awesome feature of Cisco ASA. The biggest advantage of Cisco products is technical support. They provide the best technical support."
"The most beneficial aspect of the Cisco Secure Firewall is the AnyConnect component within the firewall package, which we selected specifically for VPN usage due to its exceptional integration with various third-party devices and applications."
"Application Control is fantastic with over 2,500 applications and the granularity that we can either allow people to view but not be able to log on to Facebook; or view it and log onto it if they're in the marketing department, but not play Facebook games. There are all sorts of different options like that. So it's highly granular."
"They have a reporting system which can store data over a very long period of time. Not many other firewall vendors provide a reporting system, but if they do, like Fortinet does, then you've got buy that as an additional product and that can be more than twice as expensive as the initial investment in the firewall. And without reporting over a long-term period, you're just about wasting your time."
"There is a site-to-site VPN configuration between others people."
"Monitoring of network activity is included in the box."
"After installing the product, we achieved awareness of our data protection needs and email misuse."
"It is stable and does not require you to reboot all the time."
"It configures in all-in-one place."
"I like the hostwatch because I can see what traffic uses the most bandwidth and I can block that site."
"FortiGate support could do some improvements on their IPv6 configuration. Right now it's still in the very early stage for utilizing in an enterprise level network environment."
"Technical support needs to be improved."
"In the next release, maybe the documentation on how to use this solution could be improved."
"Technical support is good but the response time could be faster."
"I need user-behavior analytics, to find threat scenarios from inside the organization, insider attacks. That would be very helpful for us. In addition, I would like next-generation features for small and medium businesses. These businesses require UTM, all in one product. Fortinet must include it."
"There are a lot of bugs I have found in the solution and it is difficult to upgrade. These areas need improvement."
"They need faster serviceability and more security features."
"As far as wanting more scalability or things in the network diagram, it's going to cost you."
"The SSL VPN is, and always has been, painful to configure and the Java plugin does not guarantee a uniform deployment."
"The only improvement that we could make is maybe [regarding] the roadmap, to have better visibility as to what we are targeting ahead in the next few quarters."
"There is huge scope for improvement in URL filtering. The database that they have is not accurate. Their content awareness and categorization for URL filtering are not that great. We faced many challenges with their categorization and content awareness. They should improve these categorization issues."
"I wish the Cisco interface was not so granular. Check Point was easier to create specific rules than with ASAv."
"UTM features would be nice or some NextGen features."
"The ASA has become a bit old and needs updating."
"There's a little bit of a disconnect between Firepower’s management and the rest of the products, like DNA and Prime. The solution should have fewer admin portals for network, security, and firewalls."
"Cisco should work on ASDM. One of the biggest drawbacks of Cisco ASA is ASDM GUI. Cisco should improve the ASDM GUI. The configuration through ASDM is really difficult as compared to CLI. Sometimes when you are doing the configuration in ASDM, it suddenly crashes. It also crashes while pushing a policy. Cisco should really work on this."
"Sometimes we have had issues with stability of the product."
"The VPN errors are not helpful when troubleshooting."
"I would like them to improve the product's overall protections. This would be good for all product users."
"Syslog (Dimension) is focused on presentation, but needs more focus on utility like SonicWall syslog (GMS/Analyzer)."
"One huge issue with WatchGuard XTM is that I'm not getting reports in a readable format. Readable means, I don't want Excel online. We repeat auditing when we trigger the report or setup calendar. That functionality is what we are looking for from WatchGuard XTM here."
"The initial setup is neither simple nor complex. If you know the base in networking and how the firewall works, you will be able to figure it out."
"The setting policies need improvement. It needs an easier way to do static NAT and check on what policy is being used for that specific traffic."
"WatchGuard doesn't have a product that allows them to get into the data center. And that's just because there is no hardware to do the job. The software could do it, but there's no hardware that allows that to happen at the moment. So it doesn't scale as well as some other products, that's for sure."
Earn 20 points
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while WatchGuard XTM [EOL] doesn't meet the minimum requirements to be ranked in Firewalls. Cisco Secure Firewall is rated 8.2, while WatchGuard XTM [EOL] is rated 8.0. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of WatchGuard XTM [EOL] writes "The multi-layer security of the products are the primary reason we use these appliances, however, the gateway wireless functionality for managing access points leaves much to be desired". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Palo Alto Networks NG Firewalls, whereas WatchGuard XTM [EOL] is most compared with .
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.