Firewalls Firmware Reviews

Showing reviews of the top ranking products in Firewalls, containing the term Firmware
Cisco ASA Firewall: Firmware
SherifNour says in a Cisco ASA Firewall review
IT Manager, Infrastructure, Solution Architecture at ADCI Group

Technical support for this solution is good. Most of the technicians are technical people that have certifications such as CCNA, CCNP, CCIE, and CCISP. I think that they are well knowledged and well educated about the Cisco culture, industry, and products.

The Cisco distributors are everywhere, even if I'm speaking about the Middle East. I can find distributors everywhere in Dubai. Here in Dubai, the support is great, including for firmware updates, and even replacing the hardware when the firewalls crash.

View full review »
MohammadRauf says in a Cisco ASA Firewall review
Security Officer at a government

We've seen, for a while, that the upcoming revisions are not supported on some of 5506 firewalls, which had some impact on our environment as some of our remote sites, with a handful of users, have them. 

We were also not too thrilled when Cisco announced that in the upcoming new-gen ASA, iOS was not going to be supported, or if you install them, they will not be able to be managed through the Sourcefire. However, it seems like Cisco is moving away from the ASA iOS to the Sourcefire FireSIGHT firmware for the ASA. We haven't had a chance to test it out. I would like to test it out and see what kind of improvements in performance it has, or at least what capabilities the Sourcefire FireSIGHT firmware is on the ASA and how well it works.

View full review »
Fortinet FortiGate: Firmware
Chingiz Abdukarimov says in a Fortinet FortiGate review
Director at a integrator with 11-50 employees

Good VPN, both IPSEC and SSL (web-mode, tunnel-mode). An engineer/network administrator has tools to debug VPN issues that can occur during tunnel setup with other vendors' equipment.

SD-WAN feature at no cost. This is really great feature for remote locations (branch offices) and HQ, application steering between many ISP links becomes a simple task. Steering can be done dynamically by measuring link quality (latency, jitter, packet loss, available bandwidth).

Wi-Fi and Switch controller at no cost. FortiSwitch and FortiAP can become a kind of port extender of the firewall, all its ports can be referenced in firewall policies. When you have such management plane consolidation it gives you a simpler way to operate.

Security Fabric Framework is helping in analyzing sudden and rapid changes in whole infrastructure, and gives the ability to simplify daily operations (e.g. address objects synchronization between all firewalls in Fabric, estimating overall security rating, single-sign-on for admin access and many more)

Single Sign On support with deep LDAP integration (several variants for environments with different scales), RADIUS authentication.

Can work as transparent and explicit web-proxy, the last option supports Kerberos authentication which requires no agents installed on any windows server.

Human readable firewall policies with editable security policies and
addresses in single page. This is very useful and time saving feature.

Firmware upgrade process is very simple, even for cluster configurations it is fully automated by default.

Straightforward SNAT and DNAT; you may work in two ways: with Central NAT rules configuration and by applying translation directly inside firewall policies.

Bulk CLI commands are uploaded via gui in script file (portions of config file).

VDOMs are very useful when you need to grant admin role to clients separately. VDOMs in FortiGate can be represented in FortiAnalyzer's ADOMs (administrative domain), which can have different log storage policies, event handling and alerting configurations. You can create one VDOM working in NAT/Route mode, and another VDOM working in Transparent mode.

If you don't want to create and use second VDOM you can still transparently inspect traffic at layer 2 level while having only one VDOM in NAT/Route mode. This is achived by configuring Virtual Wire Pair ports that work like a separate bridge.

Ability to capture packets going through any interface of device (and VM too). You can set number of packets, filter out packets by IP and port number for particular troubleshooting purposes, then download a .pcap file from web gui and analyze it in your favorite programm.

Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.

IPS, AV, Web Filter, AppControl profiles are working very well.

SSL Inspection and CASI (Cloud Access Security Inspection) profiles.

Rich logging options allow you troubleshoot most problems.

Straightforward HA with different redundancy schemas.

IPv6 support.

View full review »
SonicWall TZ: Firmware
Bob-Thomas says in a SonicWall TZ review
Virtual CIO/ CISO at Kyber Security

Once you get past all the configuration issues, If you are on a rock-solid GA (Generally Available firmware), I don't know if I want to say it's bulletproof, however, the stability is really, really good. I don't sit and worry, thinking, "Oh, God. We know another one's going to fail today." We never think that way about that type of stuff. It's the odd time where we might get hardware failures or random reboots. We've had a couple of SMA units go sideways. Even SonicWall couldn't solve the problem. However, that said, it's rare.

View full review »
SonicWall NSA: Firmware
SSL says in a SonicWall NSA review
Senior IT Consultant at a tech consulting company with 51-200 employees

SonicWall has weaknesses. During its tenure with Dell, it was severely damaged (its reputation, innovation, etc.).  It is now recovering, but it may take time to get competitive again. They are clueless in some regards, which is unfortunate as they have the potential.

CPU: The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product. Compare with the need to get 1Gbps throughput with full security (common nowadays), you are looking at NSA 5700. 

Wireless: What a disaster this has been historically. The new SonicWall will tell you it has been resolved and improved. It has improved - it actually works now, but performance is substandard. It is a terrible strategy to have a firewall act as an AP controller, in any case. Perhaps for an SMB, the integrated WiFi in their TZ series has a niche.

Anti-spam: Do not even consider it. It leaks like a shower head. What a mess that offering is. It requires a specific Java version on the server side (do not update it, otherwise it will break). In any case, a firewall doing anti-spam might be a low cost solution, but it is not your best strategy.

Logging/reporting: You need their analyzer to properly generate reports. This is an expensive, licensed feature, with a complex application or appliance back-end. 

MSP: They are not ready for managed security services.  Their Cloud GMS product is weak, barely out of beta (buggy).

VPN: Site-to-site is another problem area - Client-based VPN is another hot mess. Global VPN client issues and mobile connect issues. Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably.   If VPN is important for you - look elsewhere.  You have to pay for licenses (most competitive vendors include this by default).  You will have 4 different methods, 3 different clients, 2 licenses and all of this to have a horrible VPN connectivity.  No proper or modern 2FA for additional security.  AVOID!

AGSS / ATP: This is poorly implemented.  A user will click to download a new type of file, and nothing happens.  They have to wait an indeterminate amount of time, and try again to see if it works.  It is so annoying, most clients avoid this capability, just nullifying the whole purpose of it.

App Control:  Be aware that either due to firmware updates, or bugs - app control will behave poorly (cause packet loss, or outright blocking) with normal and legitimate activities.  Resetting and re-configuring it is the work-around (super annoying).

View full review »
Flavio Soares says in a SonicWall NSA review
Senior Systems Administrator at Prodomax

The firmware is very stable and I've never had issues with the stability of the operating system and I was several versions behind until recently. There were some minor bugs but that's because the firmware was not updated. 

View full review »
Kerio Control: Firmware
Arie De Kruijf says in a Kerio Control review
EMP Specialist at Global EPM BV

Where we were using, for example, a VPN solution for 75 users, GFI has now changed the contracts to use the unlimited version, and that is a bit cheaper price-wise, compared to having 75-user account licenses.

But it's pretty expensive in licensing costs, especially if you use the product longer than one or two years. The licensing costs are still high, which I don't think is reasonable for a product like this.

The licensing should really be narrowed down and be at least one-tenth of the price. To give you an idea of costs, an NG500 costs about €3000, and the licensing costs are about €1400 to €1500 a year. They call it "maintenance," but they are not doing anything in terms of maintenance on my firewall. They just supply a little update and those updates really don't cover the price that they calculate for it.

By comparison, if you know what a Windows 10 workstation does on your local computer, you get the updates for free and the price of the installation is something like $100, and you can use it as long as the product is supported. That's a reasonable price, and it also has security. 

With those licensing costs for a little firewall, it's really disturbing because people look for different solutions when the price is too high. You can't make money off of it if you need to pay almost €1500 a year just to get the updates, and those are basically firewall updates. Of course, if there is a system update, like firmware, they will implement that as well. But it doesn't match the cost of what they are doing for us with it. It doesn't explain why these licensing costs are so extremely high.

As long as the product works we use it because we know the product. It's much easier to use an existing product than to swap over to a low-cost product that we are not familiar with. That is one of the reasons we use this product, but mostly because we never had a breach, which is, of course, pretty important now.

Everybody has a price when it comes to security. You can use a simple Windows Firewall on a virtual machine, which costs you almost nothing. And if you put the firewall on there and use it as a router, you can also connect VPN clients to it, but you're using the Microsoft solution for that. Kerio is based on a Linux kernel, which is pretty much free and they are asking a lot of money for a firewall because it's called a firewall and it should protect you. But in fact, they cannot guarantee that nobody will ever get through your firewall. Nobody is giving that guarantee to you, and that is why it's too expensive.

View full review »
Cisco Firepower NGFW Firewall: Firmware
Gerald Zauner says in a Cisco Firepower NGFW Firewall review
Data Center Architect at Fronius International

The stability is getting better but we had some firmware issues. 

View full review »
Al Faruq Ibna Nazim says in a Cisco Firepower NGFW Firewall review
Head of Technology at BDPEER Ltd.

So far we haven't encountered any stability problems. You should have a lot of patches to apply to update the firmware. You can understand the firewall in less than a week.

We had some fraud introduced with our last box when Cisco produced an upgrade. The updated policy agreement was based on the wrong purchase date information. 

The faster integration that is available in our region is pretty smooth for the Cisco firewall right now. I haven't found that much of a limitation to any service. 

I used to have a lot of issues with firewall support. Now, I keep a good state of mind with Cisco. I can expect my capabilities going out of range eventually if we don't upgrade. 

Cisco has its own cloud platform. I am able to see a single dashboard with all of my firewall activities and network performance under diagnostics, which is really helping us out.

View full review »
Fortinet FortiGate-VM: Firmware
Abdul Faheem says in a Fortinet FortiGate-VM review
Sr. ERP Project Consultant (IFS-Complex MRO Process) at a aerospace/defense firm with 201-500 employees

I think one thing we couldn't find in the software console was all of our logs. In the logs themselves, for example, we couldn't find if a user was accessing all of the VPN. We don't get to know or we don't have a report that shows on what date or for how long and from what time he user has logged on. We don't have that particular feature or that kind of visibility. That could be improved. Reporting, therefore, in general, could be improved.

The one thing that could be improved is the integration with the exchange. The gateway level controls can be enhanced a bit more. For example, it's still little here and there. You do get malicious attacks and suspicious emails like spam. It's not like Sophos where we got a lot of spam email, and yet, it's still relatively vulnerable. It can be upgraded, maybe with a fifth-generation firmware that it is ready for unknown threats. 

Especially after this pandemic situation, it requires a little more enhancement. For an SME level organization, it's okay, but when it comes to corporate and banking enterprises it still requires a lot of enhancement. Comparing it to Palo Alto, for example, it's still very behind the curve.

View full review »
reviewer1392801 says in a Fortinet FortiGate-VM review
Solutions Architect at a computer software company with 5,001-10,000 employees

The most valuable features of this solution are the integration within the environment, with centralized reporting. 

One analyzer and the different devices feeding into that environment. 

The firmware is always up-to-date.

View full review »
Check Point NGFW: Firmware
reviewer1402668 says in a Check Point NGFW review
Security and Platforms Engineer at a K-12 educational company or school with 201-500 employees

I am using this solution for perimeter security in the company. Our firewall security is centralized under one management. Also, we use this firewall to manage some of the VPN clients and the employees' access across the company. 

Each firewall is capable of using the VPN client, but we only use two. We have five in total, but we only use two for these issues.

I am using the firmware version for the operating system. The blades are firewalled for IPS and mobile access.

View full review »
Sangfor NGAF: Firmware
reviewer1368798 says in a Sangfor NGAF review
Director Technology & Service Delivery at a tech services company with 11-50 employees

These days there are lots of breaches and vulnerabilities which you can see if you do some research. Sangfor has similar issues with one or two products where customers have had problems. The company deaks with these things immediately and quickly brings out new firmware to solve the issue so I'm not aware of any deficiency in the solution. If a customer finds a feature lacking, we open a ticket to support and Sangfor comes up with the appropriate new firmware within 10 days. If you were to do the same with other vendors, it would normally take four to five months to get the new feature. 

View full review »