The technical support is good, but there is a time delay between the support and attacks.
Firewalls Support Reviews
Showing reviews of the top ranking products in Firewalls, containing the term Support
Juniper SRX: Support
The technical support is good. The engineers help support our customers day-to-day.
Sometimes, it is difficult to contact the Juniper support because we did not purchase the support package, as it was too expensive. We are using a local reseller instead. Sometimes, when we have had issues, it can take one to three hours for resolution, which is not good at all based on our company standard. However, once we have the right thing connected on the device, then it's very fast.
I would rate the technical support as a seven out of ten. The support is skilled, but the cost is expensive.
Technical support is good. They seem to understand our customer's requirements. When they troubleshoot or support our customers, they seem to know what they are doing. They seem to be very helpful. But customers need support right away, and this has been an issue. It can take two to three days to get help some times just because of the volume of ticket request.
In terms of improvement, it could use more on the security side. It's a good stable firewall, but it's nowhere near what it needs to be for a next-generation type firewall.
They also need to improve their documentation. With Cisco, you can find lots of examples, but with Juniper, it is not always the case. One area that needs more focus is instruction on how to interoperate with other vendor's products. I would like to see documentation on running IPsec tables between Fortinet and Juniper or Cisco and Juniper because the information is not there.
Their technical support also needs improvement, as they are lagging behind Cisco.
Since we have deployed, there have been maybe two or three minor issues. Our local support helped us to clear these.
This is a product on the customer side, not in our services. What I have identified so far is that, considering the complex deployment that the customer wanted to make, the scalability with the feature support that they already have, and its functionality provided, Juniper SRX was one of the better products available. It helped us to scale well with that product customer requirement because they wanted the IT side on a virtual router, with a firewall so it was integrated to work. Such a complex setup cannot be easily accomplished by just using a firewall. SRX actually helps us scale and integrate the product according to customer requirements. It also helped us with its routing capabilities which eased the cost, because otherwise I would have had to take a router and firewall, and then integrate it. With this, however, it was an integration of firewall and routing services all together in a single product. That was one thing that I loved about it.
We have more than one hundred users for this solution. They range from non-technical, Level 1 users, up to administrators, technical support staff, and expert-level users.
Due to sanctions, we haven't used the technical support of the original company so the maintenance and everything is done by us.
When we first tested the serial interface on our model, it did not work.
It should be easier to escalate support tickets.
There are a lot of features that customers do not know about and I think that better documentation would help when it comes to learning how to use the product.
Technical support could be improved by adding local engineers.
Juniper support is very good. But more than the technical support, their documentation is awesome. You can just Google a solution right now by stating your problem. You get into the juniper.net and there is wonderful documentation. As a technical person, I have never seen any technical documentation that is as good. I would say it is awesome. Any person who has an interest to learn, who has the interest to scale his capability with the product, just has to go to the Juniper site and they will get all the information on every one of their products. I think that it is written well enough for a non-technical person to become technical.
They have different levels of training available. They make it very easy and available for anybody to explore the solution. There are knowledgeable people available in the technical community. It is a very good solution overall.
McAfee StoneGate [EOL]: Support
I can't comment on technical support, because we really did not use it other than for downloading new versions or for upgrading. We personally do our own application updates.
Check Point UTM-1 [EOL]: Support
Technical support is good
As we don't have a representative of Check Point supplier in our country, this makes it very difficult when we have some issues to resolve. I can say for the VPN implementation, we had some trouble and some support from the local Check Point technical team (Supplier).
With the Supplier as a bridge between the vendors and the clients, we can solve this quickly. So I think this kind of solution must have strong suppliers or representation, in Africa especially in Southern Africa, they need to have close representatives for the kind of situations that we cannot solve by ourselves.
Southern Africa is facing cybersecurity concerns because of a lack of expertise.
They are in line with the rest of the on firewall vendors these days. Because you have to implement a software blade or a hardware blade and then if you go beyond a certain range you have to replace the blade with the solution that comes after. It is supported by them and goes from the advanced layer to the intermediate layer.
I would rate the technical support eight out of ten. Sometimes the support is not really easy in this part of the world. When you need to connect it usually takes time. Within one day, two days, you'll get support, so that somebody can take over your solution and try to help you out. If you have some issues, you want to Google it. It is really not easy like Cisco and others. Because with Cisco, even if you get an issue, you can see a lot of forums that will help you find answers. But with Check Point, you will not find too many forums that can help you solve your issue.
The licensing could be improved. It restricted us to maybe 55 connections per license, so anything less than 55 VPN connections. But when you grow and have 100 clients coming in, you have to upgrade. I'd prefer to get something which is a one case scenario.
I think in the future they should also overhaul how all the functionalities work. I tried to gauge what I expected it to do after the setup, but as much as I tried to use it, I still had issues, still had problems with it. And OEM wasn't very supportive. Maybe it works for some setups, but not for what I set it up for.
Check Point VPN-1 [EOL]: Support
The reporting from the file or reporting from mobile access needs improvement. The solution, in general, could use better reporting tools.
I've had issues in the past with one bug, but it has since been resolved with the help of technical support.
Check Point Virtual Systems: Support
I would rate it a nine out of ten and I would recommend this solution. Their support team should be faster because sometimes when we need support their responses are late.
We are a solution reseller, and we also assist our clients with support. This is one of the solutions that we provide to our customers.
This solution can be deployed in many ways. It is available in the cloud on AWS and Azure. You can install it in a virtual machine, you can have it as a hybrid, and you can have it on-premises.
The technical support is excellent and they always responded when we had an issue.
The solution's technical support is good. If we have problems, we can speak directly to Check Point, or we can speak to one of their partners or a local partner. The solution has a great community that surrounds it.
If I were rating technical support out of ten, I would give it a seven. They're inconsistent. Sometimes you do get guys from Check Point to help you out and then sometimes you don't. Sometimes it's hard getting a hold of them.
Up until now, we have not had to register with technical support from Check Point. If we needed help we got support with the presale technical support team from our region. He was able to help us internally. The team helps us to get products stable. Up until now, we did not contact them. It is not very transparent. They approach resolutions through a partner and the partner solves the case. They seem to mostly depend on partners for the resolution of issues.
If you compare the GUI with the Palo Alto and Cisco, they're very easy. Check Point, due to its design, is a little bit complex. They should make the GUI easy to use so that anyone can understand it, like Fortinet's GUI. Many companies end up using Fortinet because the GUI is very easy, and there's no need for training. They just deploy the box and do the configuration.
Also, we have to inform customers that with Check Point there's no need to purchase any routing device. Check Point can do that routing as well as the Firewall and the IPS. The marketing should be stronger, to show that customers only need one box to handle all the features. It will be cost-effective and enhance the performance and value, but because of their poor marketing, customers don't realize this.
In the future, a color string would be powerful. Sandboxing should also be offered. Many people want the Trend Sandbox but not on the cloud. In the Middle East, there is a policy for Sandboxing that states it should be on Trend as per the government law. They have Sandboxing solutions on the cloud, but they have to bring the solution onto Trend also. Palo Alto has Wildfire, Cisco has Talos, and Forcepoint has one available as well.
In the future, routing protocols should be more supported like OSPF and BGP. There needs to be integration with the SDN. I don't know if SDN is there or not in Check Point, but SDN is one of the major requirements nowadays.
The most valuable feature for us is the cluster support. We have been using this for a long time, so it is not a feature from the latest version.
As an administrator, I can say that among all of the Check Point products I have been working with so far, the Virtual Systems solution is one of the most difficult. You need to understand a lot of the underlying concepts to configure it, like the virtual switches and routers it uses underneath. That leads to additional time needed for the initial configuration if you don't have previous experience.
In addition, there is a list of limitations connected specifically with the virtual systems, like the inability to work with the VTI interfaces in a VPN blade, or an unsupported DLP software blade.
WatchGuard XTM [EOL]: Support
We have used technical support for WatchGuard many times and overall, we are satisfied with it. They are always listening and there is a good reaction time to our findings. When there are issues, they really try to resolve them.
Technical support with WatchGuard XTM is handled by my team.
Cisco ASA Firewall: Support
It is a scalable product. We have a lot of demand. But, it supports any additional network that we add. It expands easily.
Yes, we use the technical support maybe twice a year. We received a very fast response time.
I have not used the technical support for Cisco ASA.
If I were to rank the tech support, I would give it an eight or a nine. They have not been able to resolve all of my problems. I had to find my solutions on the web myself. I found other users with similar issues to what I had experienced. Then, I resolved the issues by myself.
During the mitigation process, I used tech support. But, I still have not had a completely clean migration process.
I would rate the technical support a rating of seven out of ten.
Its technical support is the main reason why we selected the product.
When I need support, Cisco has provided quality support. I like working with them because of their support system.
- Easy to deploy for staff to use VPNs
- Ease of setup
- Integrated threat defence
- Great flow-based inspection device
- Easy ACLs
- Failover support
- Each virtual appliance is separate so you get great granular control
- Has own memory allocation
- Multiple types of devices: 100 Mbps, 1 Gbps, 2 Gbps
- License control
- SSH or RESTful API
This solution has good security and it's a good product. You can trust Cisco, and there's support as well, which is really good.
I would rate this solution an eight out of ten.
I haven't had any major problems so I haven't had to open a ticket with technical support.
Their support is good and helpful but sometimes it takes them a while to respond. We have been stuck in critical situations so we opened a critical ticket but it took them a while to respond.
We mainly use this solution for our firewall and it's one layer of our security. From the time that we've used it, the organization as a whole got a sense of security because Cisco is a known product. When we do need support locally or online, we get it instantaneously. We use this solution for a couple of things: for security, for their technical support, and in terms of the knowledge and skills of the team here that gave us a good grip and confidence in the use of the product.
I don't have much experience with technical support since contacting tech support incurs additional costs. I have been relying on my technical knowledge and experience so far.
The technical support of Cisco is very good. Nowadays, you can get anything over the Internet. They provide help over the Internet. There is a very full forum, which is manually supported.
I've been exploring the technical support for Cisco ASA. I haven't had any problems with it.
The scalability is based on module support. We have a stand-alone version. It is not 100% applicable to talk about scalability at this point.
There is another Cisco ASA module available that is more scalable than ours. For the module I have, the stand-alone, the scalability is not as good as on the higher model.
The 5585 model, allocated for data center security, can be facilitated into the switching spot or the working spot in our data center. We can recommend the scalability there.
For the module I have, I'm using it as a stand-alone. I don't think it is scalable too much at this point.
I'm using Cisco ASA in my organization to support about 150 staff. For maintenance, I do all of the work myself.
We installed a Cisco path a month ago. There was a new update for the Cisco firewall and there were security issues.
We like Cisco filtering as a firewall, but in the current market, Cisco's passive firewall is not unique. We don't have any warranty problems with Cisco.
I asked our carrier several times to provide the exact gap code for me, but there is no Cisco dealer in our region. There is also no software accessibility with Cisco ASA NGFW. You can't always access the product that way. I also tried pfSense.
There is no support here in Georgia. If something goes wrong, support is not always very helpful with the other firewalls or other products.
Cisco products are more supported by lots of companies who are producing technical services for cloud platforms. The certification is very easy in Georgia now. There are lots of people using Cisco in Georgia because their accessibility is better than the other products on the market. I also talked to several guys about the Barracuda firewall.
The Barracuda firewall is very expensive. You need to pay three or four thousand dollars every three months, so it's very expensive for us. We are not a big company.
The technical support from Cisco is excellent.
Customer support was decent, although we definitely don't feel like you get the value of the mandatory support/maintenance fees.
The few times I've had to call in technical support, the service was excellent. I've had no issues.
For technical support, I have little experience with Cisco, unless they patch some issues. I raised a ticket and got the response immediately. They are very supportive.
We bought it from a supplier and they supplied the support, as well, and that's been fine.
My opinion is that the new direction Cisco is taking to improve its product is not correct. They want to make the old ASA firewall into a next-generation firewall. FirePower is a next-generation firewall and they want to combine the two solutions into one device. I think that this combination — and I know that even my colleagues who work with ASA and have more experience than me agree — everybody says that it's not a good combination.
They shouldn't try to upgrade the older ASA solution from the older type Layer 4 firewall. It was not designed to be a next-generation firewall. As it is, it is good for simple purposes and it has a place in the market. If Cisco wants to offer a more sophisticated Layer 7 next-generation firewall, they should build it from scratch and not try to extend the capabilities of ASA.
Several versions ago they added support for BGP (Border Gateway Protocol). Many engineers' thought that their networks needed to have BGP on ASA. It was a very good move from Cisco to add support for that option because it was desired on the market. Right now, I don't think there are other features needed and desired for ASA.
I would prefer that they do not add new features but just continue to make stable software for this equipment. For me, and for this solution, it's enough.
Technical support is good. The only thing is that Cisco cannot support you unless you have a contract with them. You have to go through the reseller in Africa. I don't see why Cisco cannot communicate directly with the customer, especially when I can prove that I have the device. They should allow customers to talk to them directly instead of having to go through the reseller.
The technical support is good and the response time quick. We had some firewalls down and gave them a call. They helped resolve the issue and it was all positive.
Technical support for this solution is really good. We had an issue with a firewall and it was a good turnaround that was quick.
There was an error in the configuration, related to our uplink switches, that caused us to contact technical support, and it took a very long time to resolve the issue.
Some of the features should be baked-in by default.
Technical support for this solution is good. The response times meet our expectations and we have not had any issues.
I haven't dealt with technical support. We just check online, and if we have to contact Cisco about major issues, it's an internal department dealing with that. I don't know how technical support is, because our technical support team is located in Sofia, and I am in the Netherlands, so I don't have any view on that.
They have pretty good customer support. The solution's technical support is great.
I have not had direct experience with technical support for the firewall. I contacted support for the switching. For the firewall, I have not had to contact them at all.
I haven't had to deal with technical support, so I don't have much to say.
We have used technical support quite a bit and always contact them if we have an issue. They will always respond as soon as possible. So I think the support is great. We don't have any issue with them being unresponsive or providing bad solutions. I like to check with them on solutions sometimes and they respond as soon as possible. It saves time and helps me to be sure I am doing the right thing before I go in the wrong direction.
Their technical support is good. We have a maintenance contract with them for two years and we plan to renew the contract.
The technical support from the company is very good. They are always available when we have problems.
We only contacted technical support during initial implementation and that was all handled by the consultant. I have a lot of other Cisco related tickets open, so we're used to the process.
I would say, however, that we're also using Meraki, and the Meraki support is way better, in my opinion.
Cisco support tends to take longer, and I mean really long given the fact that subject matter is sometimes also more complicated, so it really depends. When you compare that directly to Meraki, Meraki answers the same day, and I cannot say that about the legacy Cisco support items. I can understand that the market for the legacy service is so much bigger for Cisco, so I can see why it takes longer.
Technical support for this solution is good. Most of the technicians are technical people that have certifications such as CCNA, CCNP, CCIE, and CCISP. I think that they are well knowledged and well educated about the Cisco culture, industry, and products.
The Cisco distributors are everywhere, even if I'm speaking about the Middle East. I can find distributors everywhere in Dubai. Here in Dubai, the support is great, including for firmware updates, and even replacing the hardware when the firewalls crash.
Cisco has a very good team for support. They are always available, and they give you a flexible solution. It is not just about getting a solution. We are learning, as well, when we request assistance. They also have a knowledge base that we can access in order to find resolutions for problems.
The primary use case is to protect our departments. We have sub-departments or sites categorized by the number of users and types of applications. We categorize the latter in terms of small, medium, or large. Based on that, we select a firewall in terms of throughput and the number of concurrent sessions it can handle. We then deploy the firewall with a predefined set of rules which we require for inbound and outbound traffic.
We are in operations delivery and we need to support multiple clients. We have different departments where our primary responsibility is to protect our organization's assets and data and to store them in a centralized data center. Apart from that, we have responsibility to support our clients in terms of infrastructure.
All the devices are on-premise. Nothing is on the cloud or is virtualized.
Tech support is good. We have an exceptional sales rep or project manager. Jenny Phelps is the person we work with and if we have any questions or anything that needs to be escalated, we send it to her and it's usually done very quickly. That relationship is a huge value. Jenny is worth her weight in gold.
We've seen, for a while, that the upcoming revisions are not supported on some of 5506 firewalls, which had some impact on our environment as some of our remote sites, with a handful of users, have them.
We were also not too thrilled when Cisco announced that in the upcoming new-gen ASA, iOS was not going to be supported, or if you install them, they will not be able to be managed through the Sourcefire. However, it seems like Cisco is moving away from the ASA iOS to the Sourcefire FireSIGHT firmware for the ASA. We haven't had a chance to test it out. I would like to test it out and see what kind of improvements in performance it has, or at least what capabilities the Sourcefire FireSIGHT firmware is on the ASA and how well it works.
We had a situation where our network was down and the telecom providers at Cisco support helped us to resolve those issues. The downtime was brought down to a minimum.
We are getting the best support from Cisco and we are not getting the best support from Palo Alto.
All the features are very valuable.
Among them is the integration for remote users, with AnyConnect, to the infrastructure. All the security through that is wonderful and it's very easy. You connect and you are inside your company network via VPN. Everything is encrypted and it's a very good solution. This is a wonderful feature. You need to make sure your machine has the profile requested by the company. That means having the patches updated. Optionally, you should have the antivirus updated, but you can decide whatever you would like in order to enable acceptance of the end-device in the enterprise network. That can be done with AnyConnect for remote/satellite users, or with ISE for local users.
The intrusion prevention system, the intrusion detection, is perfect. But you can also integrate Cisco with an IPS solution from another vendor, and just use the ASA with AnyConnect and as a firewall. You can choose from among many other vendors' products that the ASA will integrate with. Now, with Cisco SecureX, it's much easier than before. Cisco used to be completely blocked from other vendors but with SecureX they are open to other vendors. That was a massive improvement that Cisco probably should have made 10 years ago or seven years ago. They only released SecureX three or four months ago.
Cisco ASA also provides application control. You can block or prevent people from going to certain applications or certain content. But the ASA only acts as a "bodyguard." It doesn't provide full visibility of the network. For that, there are other solutions from Cisco, such as ISE, although that is more for identity. Stealthwatch or TrustSec is what you need for visibility. They are both for monitoring and providing full visibility of the network, and they integrate with ASA.
Also, all of Cisco's security products are supported with Talos. Talos is in the background, handling all the improvements, all the updates. If something happens in Australia, for example, Talos will be aware of it and it will update the worldwide Talos network for all Cisco products. Within two minutes or three minutes, worldwide, Cisco products will be aware of that threat. Talos belongs to Cisco. It's like a Cisco research center.
Technical support is a very strong point in Cisco's favor. I would rate it very highly. The support is excellent.
When it comes to Cisco, the price of everything is higher.
Cisco firewalls are expensive, but we get support from Cisco, and that support is very active. When I hit an issue when I was configuring an FTD, as soon as I raised a ticket the guy called me and supported me. Cisco is very proactive.
I had the same kind of issue when I was configuring a FortiGate, but those guys took two or three days to call me. I fixed the issue before they even called me.
Given that we have been upgrading with Cisco firewalls, I would say that our company has seen a return on investment with Cisco. We would have changed to a different product if we were not happy.
The response time from the tech and the support we get from our partner is quite good. We have never struggled with anything along those lines, even hardware RMAs. Cisco is always there to support its customers.
I haven't worked with Cisco's technical support. We haven't had real issues with these firewalls.
We are satisfied with technical support. They are good.
We have contacted technical support for some issues outside our technical expertise, mostly for updating the license.
We have a team that handles our issues.
We've been in contact with technical support on multiple occasions and each time we've had a good experience. We're satisfied with their level of support. They are fairly good.
Cisco's support is great.
For experienced users, they are pretty much able do anything they want in the interface with few restrictions.
The command-line interface is really useful for us. We script basic installations and modifications through the command-line, which is considered sort of old school, and yet it allows us to fully document the changes that we're making due to the fact that we can save the exact script that was applied and say, "Here are the changes that we made."
We can have less experienced people do initial takes on an install. They can edit a template, and we can have a more experienced person review the template, and then apply it, and we don't have to worry about whether anyone inexperienced went into certain corners of the interface and made changes or whatever.
Everything is all documented in the file or in the command line script that gets uploaded to the device. It gives us great visibility.
The security the solution offers is very good. Security-wise, it's the top in the world.
The product has excellent technical support.
The user interface is easy to navigate.
Everything is user friendly.
McAfee Firewall Enterprise MFE [EOL]: Support
They should let the users configure more of the options, like with the blacklists and the whitelisting configuration. We didn't have that much control over what we could whitelist and blacklist, and it was complicated and hard to implement in their solution.
Customer support and AV are both lacking and are really hard to come to you when the product is installed. Those are the two major points that they need to work on.
Fortinet FortiGate: Support
Partner support is very good.
FortiGuard Service is also good with the push method update.
Good VPN, both IPSEC and SSL (web-mode, tunnel-mode). An engineer/network administrator has tools to debug VPN issues that can occur during tunnel setup with other vendors' equipment.
SD-WAN feature at no cost. This is really great feature for remote locations (branch offices) and HQ, application steering between many ISP links becomes a simple task. Steering can be done dynamically by measuring link quality (latency, jitter, packet loss, available bandwidth).
Wi-Fi and Switch controller at no cost. FortiSwitch and FortiAP can become a kind of port extender of the firewall, all its ports can be referenced in firewall policies. When you have such management plane consolidation it gives you a simpler way to operate.
Security Fabric Framework is helping in analyzing sudden and rapid changes in whole infrastructure, and gives the ability to simplify daily operations (e.g. address objects synchronization between all firewalls in Fabric, estimating overall security rating, single-sign-on for admin access and many more)
Single Sign On support with deep LDAP integration (several variants for environments with different scales), RADIUS authentication.
Can work as transparent and explicit web-proxy, the last option supports Kerberos authentication which requires no agents installed on any windows server.
Human readable firewall policies with editable security policies and
addresses in single page. This is very useful and time saving feature.
Firmware upgrade process is very simple, even for cluster configurations it is fully automated by default.
Straightforward SNAT and DNAT; you may work in two ways: with Central NAT rules configuration and by applying translation directly inside firewall policies.
Bulk CLI commands are uploaded via gui in script file (portions of config file).
VDOMs are very useful when you need to grant admin role to clients separately. VDOMs in FortiGate can be represented in FortiAnalyzer's ADOMs (administrative domain), which can have different log storage policies, event handling and alerting configurations. You can create one VDOM working in NAT/Route mode, and another VDOM working in Transparent mode.
If you don't want to create and use second VDOM you can still transparently inspect traffic at layer 2 level while having only one VDOM in NAT/Route mode. This is achived by configuring Virtual Wire Pair ports that work like a separate bridge.
Ability to capture packets going through any interface of device (and VM too). You can set number of packets, filter out packets by IP and port number for particular troubleshooting purposes, then download a .pcap file from web gui and analyze it in your favorite programm.
Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.
IPS, AV, Web Filter, AppControl profiles are working very well.
SSL Inspection and CASI (Cloud Access Security Inspection) profiles.
Rich logging options allow you troubleshoot most problems.
Straightforward HA with different redundancy schemas.
Our experience with technical support has been very positive.
We have good technical support from the vendor.
For Fortinet Fortigate,I have to have a Fortigate access point. In my opinion, it should have been a universal access, which supported the universal access point. At this point, our campus is large with some 10 thousand students and staff on board at any given time. Every time I have to use Fortigate, the access point portal has to be a universal type. It would be nice if I did not have to "marry" Fortigate for everything.
If someone is considering this solution, they should do their homework to learn about the product. A user should make sure they compare between a short list of products. The choice should be made after considering price, support, ease of access, and evaluation of integration with other products the organization still uses. Due diligence is the key to integrating a solution.
The support is very good, and we have had no issues.
We do not use a lot of tech support. It is not readily available in our area.
Their technical support is excellent.
My technical support experience has been very poor. I think the technical support personnel isn't experienced in Bangladesh. They have much less technical experience and aren't as able to handle the work, as I am.
They need to improve their technical support.
I recently saw the new updates that are coming, such as the ability to quarantine a user's machine. Once done, you have the ability to connect to it from the FortiManager Console and you can bring it back online, out of quarantine. This is all very good news.
One of the areas that I feel need improvement is on the DLP (Data Leak Prevention) side of things. Compared to some other products, the DLP is not at par for the moment.
Also, if in the next few years this solution can be made to support HE between models, it would be better.
I feel that improvements can be made on the security side. Sometimes the product does a good job, but sometimes not.
We are a reseller of Fortinet products. We use FortiGate for Intrusion Prevention System (IPS) support. This is the most important reason that we use Fortinet FortiGate.
We didn't need Fortinet customer support because FortiGate was already configured.
We are very well satisfied with the Fortinet technical support.
The Fortinet technical support is very good.
FortiGate is a very scalable tool. They have an app to manage the access points, switches, and other solutions.
For our project, now we're over a hundred users at the headquarters. The other branch supports about 20 persons.
The technical support with Fortinet is good. We have our engineers required to have certification in Fortinet products. We provide training classes for our engineers.
Their technical support is very good.
The technical support is excellent.
I found the technical support team to be careful and committed to delivering what we needed.
This is a quality product with ok support, and it is better than the competition we've tried.
FortiWAN was supposed to help in doing intersite linking, but we've realized that most of the ISPs use BGP. FortiWAN supports OSPF but does not support the BGP protocol. This is a problem for us because without BGP they are not doing anything, and we've had to pack them up. I would like to see the BGP protocol supported on FortiWAN.
Technical support for this solution can be improved.
We are managing FortiGate using a FortiManager and it needs improvement with respect to the ease of administration tasks.
There is a lot of improvement needed with SSL-VPN.
Technical support could be improved.
To the best of my knowledge, Fortinet does not have a CASB solution and Fortinet does not have a Zero trust solution. Fortinet claims to do everything Zscaler is capable of and I'm looking for a comparison between the supported features.
Barracuda CloudGen Firewall: Support
The technical support is good.
I have called in a few times to the tech support, and they have been on top of it. If I have a problem, they respond immediately to help. Whomever I speak with is very knowledgeable about the product. Therefore, I have not had any issues with the technical support.
The most valuable feature for us is the ability to offer firewall support to our clients.
The technical manuals, at times, have images that don't match the actual screens and are not always as clear as they could be on the configuration. This requires a call to their very good support department.
My advice to others would be to get familiar with firewalls logic. My rating for this program is 9.5 out of ten. Not a ten because I would like better technical support and a better interface.
Technical support is quite poor, similar to Cisco. Technical staff are usually people that they've hired who are generally inexperienced.
There is always room for improvement on the solution.
Their client VPN is not always working that well, so on computers specifically that could be something to change.
It is pretty expensive, but I think all of the solutions are, so it's something that's expected.
There are some bugs that are in the program. Occasionally when there are updates, there's a bug or two that you might find that cause issues. There was a major issue for a while, and I don't know if it's fixed yet with a third-party VPN provider.
If you have another brand of VPN where you have to put an SSL VPN between two devices, Barracuda doesn't support that at a certain point. You can't actually build the VPN between Barracuda and a different device of a different brand.
Technical support could be more reliable and more professional.
I would like to see better support for switching between internet devices.
What I like best about this product are the support and the features.
I've used the technical support and they do a great job.
For the cost and what's included, you can't beat it, no way no how. If you're worried about enterprise solutions, the only thing you need to do then is to purchase a support contract, and you have an enterprise solution. You can even purchase hardware from the vendor if you choose.
It has everything I need, but the main drawback of pfSense is that it's not user-friendly. I hope to have something to make the interfaces more user-friendly. I would also like to see some documentation that can help with use cases or that has advice and tips. I have found some documentation available but it's usually from an earlier version. If they develop this, pfSense will be the best. The only thing that Fortigate is better than pfSense is that they have 24/7 support. pfSense also needs improvements in the intrusion detection area.
I had an appliance that died six months ago. Then I didn't want that hardware anymore, so I bought two new servers. A single power supply but dual on a network with three times four network cards. On that, I installed the pfSense (Community Edition).
From inside to outside, I have about 15 to 20 node servers and users going outside. From outside to inside, I have only three tech support people, myself and two other ones. With regard to clients using the platform from outside to inside, on the servers inside, I have about 1000.
We provide technical support for our clients so we don't use a third party company for the support, we do the support in-house.
I haven't experienced many problems when dealing with the solution, so I don't know if there are areas that need improvement.
If a user doesn't have a large amount of experience in Linux systems, they will have problems using this solution. Users need to be highly skilled in troubleshooting competency. Users who do not have such skills will find the product difficult to use.
Sometimes if your network goes down, you might experience an issue on the captive portal. This may require a restart and it also may require that you load it again. I'm used to the system, so I know what to do, but it can happen from time to time.
It can be really easy to deal with Technical support. Technical support is avaible every time I call . But sometime if Technical support do not privide you the solution, so you should double check and solve the issue by your self.
The most valuable features are ease of installation and support.
Although the solution offers a lot of documentation, has a large knowledge base, and has a support forum, when it comes to actually contacting technical support directly, we didn't have access to that level of attention. Everything, therefore, was really on the team. We had to figure out how to troubleshoot on our own and tried to use documentation to guide us.
We've never used technical support but we're looking into it now and I think it's very comparable to SonicWall.
Given that the solution is a free and open source product, it doesn't have any technical support center. We just have the online documentation which is not one of the best, but it's good.
SonicWall TZ: Support
Their technical support is excellent.
The support for this product has to be improved.
With what I use, I don't really require any other features.
I haven't tried technical support yet, so I haven't needed support yet on anything.
The technical support for the end user was reduced because the wipe action was already controlled. Also, the gateway antivirus prevented any virus from getting onto PCs or laptops. The administration of our network is very efficient.
I would rate technical support a seven out of ten.
This product has room for improvement in the cloud version. Also, the support could be better. Otherwise, SonicWall TZ is good for us.
The additional feature I would like to see included in the next release of SonicWall is a better analyzer. That would be more helpful. Then people will stay with SonicWall.
I don't get the support that I need from SonicWall.
Most of the features are valuable. They give good protection to my network and support it. It has a good facility with side to side VPN and everything. I use it in all my offices.
We don't need any technical support. We don't have any tickets. We don't have any calls. Customer support is not a problem.
I've had a good experience with technical support.
It was chosen by an IT support company.
The most valuable features are security and technical support.
Sonic has been very progressive, continually updating their product-line and service offerings to stay current with, and ahead of the evolving security landscape. Again, they have consistently developed great solutions for both the SMB and enterprise market which has enable our support team to leverage their expertise with Sonicwall across our entire client base.
We are very much happy with the support.
We do not often need technical support, but it is available from the local distributor or through the SonicWall portal.
Once we moved the units up to the Gen 6 platform, they could support SSL-DPI. We are huge fans of the DPI. That piece is incredibly easy to implement. I'd say probably the most powerful thing about the solution is that coupled with the captured functionality.
We've never dealt with technical support. We've managed to handle any issues ourselves, in-house. I can't speak to the kind of service they provide.
Their technical support is good. For technical support, sometimes we write directly to SonicWall, and they provide the solution. We sometimes also contact our vendor for support.
SonicWall NSA: Support
During the Dell years, support was terrible. It has since improved.
We have had no interaction with their technical support.
Support services are categorized by the criticality level. We had a few critical events, but each was attended quickly and efficiently.
Over time, this solution is becoming more complicated, and when I need support it often is not available. I would like U.S.-based technical support.
VPN functionality needs to be improved. As it is now, I need to combine another SSL VPN with my firewall. I want it to be done very easily.
We've never contacted technical support in the past. We go through our vendor. We don't call SonicWall.
Having to deal with too many lower-level people in technical support means that it takes longer to resolve issues, so escalating support tickets should be faster.
We are a solution provider and SonicWall NSA is one of the firewalls that we implement for our clients. I have implemented it for many companies and currently, I have four or five clients that we are supporting.
I have never called support. I only called when we first purchased it, if I had a question. I have not found any difficulties when contacting them, or just because I contacted only lower support. Then since it is a user-friendly solution, I didn't experience any problems with the device.
The technical support is great. I've never had an issue where I've needed to wait more than a few minutes for them to fix it.
Technical support is good and it is available online as well as offline.
The support that I get from SonicWall is good. They have supported us for more than ten years and we haven't faced any issues with them to this point.
Technical support is excellent.
The technical support is great.
Vendor support needs improvement. The frequency of time and support should be increased.
From a vendor perspective, we were expecting more support.
When we experience a technical issue, it should be rectified immediately. We are facing a delay with response and resolution.
I had to call support when one of my VPNs was failing. The VPN tunnel between two sites wouldn't stay up and they had us use a different security protocol.
They were very helpful. I found them to be quite responsive and knowledgeable. I don't think the problem with the VPN should have been there in the first place, however, that said, they did help us. I'd rate them, overall, at a nine out of ten.
Sophos XG: Support
I am not sure why Sophos suggested using the XG 210 model after doing a site check, but we are facing issues and they suggested that we replace the model.
When I call, I have to wait for at least one to two hours to reach them. Sometimes they will pick up the call immediately, but most of the time they will not. I usually have to wait one hour before they pick up the phone.
When a ticket is created we have to wait three days before getting a reply from them. When they create a ticket for a critical issue, the response is delayed. This is a new device, and we expect support from Sophos. At least the partner should support the product, but the partners are always looking for money. Even if they deploy the device, for example, the XG 450, then they only offer support for one day. After that, there is no support.
I'll give Sophos XG technical support an eight out of ten for their service.
Once you've bought the specific version, you are locked into the limitations of that plan. You can't exceed the number of VPNs, connections, etc. There's no way to increase that capacity, per se. You do have options where you can increase the port count and so on. However, in terms of scalability, you have to buy the capacity you require.
On the system I have now, it's not fully populated, but we have about 100 users. The plan is to eventually support about 1,400 users.
Sometimes we experience difficulties with our server and that is usually due to a bug. Somehow bugs seem to find their way through Sophos' security. The issue is usually resolved when we contact technical support. In the next version, I would like to see an improvement in this. The developers should test everything after any update to ensure that bugs don't come though with the update.
At the moment, we haven't had a reason to contact technical support.
I've never had to deal directly with technical support.
Technical support can be improved upon. There are times that I've had some issues that I've tried escalating in technical support and it takes a while before we really get it resolved.
Once I was getting a particular malware from an unknown source on one of my servers which was behind the firewall. I asked their support why. Later they advised that I should install Intercept X for servers on that particular device. I was confused about how it was behind a firewall; the firewall should be able to detect which system is getting infected. The system doesn't really go to the internet and nobody browses on it. The only thing I could imagine that could cause it was a Windows update. If it was from an update they least it should have been able to say, "Okay, it was from this particular update that this malware was filtered in."
Out of ten, I would give their service a five.
They should expand their DDoS feature. It's basic. They need to enhance it.
Technical support needs to be improved.
The solution needs a mobile application for the administrator. Today, as an administrator, you cannot manage the solution from your tablet or from your mobile. You can only go through a web console. Other vendors have mobile apps. Some vendors also have the ability to manage and check the chart report and change some settings from a mobile application. This would be an excellent add-on for administrators who are traveling. It could help a lot.
The solution's technical support is not the best. When I take a step to open a case with Sophos support I can't understand them at all; I can't understand their accent. I always appreciate if they can communicate with me through e-mail instead, which makes it much easier.
Many cases take a long time to be resolved. Some cases they seem to ignore or don't reply to for a long time so I have to remind them that the case is still open before they will respond.
Their technical support needs improvement. I've been on hold with them for hours waiting for their support.
The cloud support needs to be improved. As it is, they only have support for Microsoft Azure. They should expand it to include providers like Amazon and Alibaba.
The main area that needs improvement is the documentation.
Sophos needs to be a little better at communicating with partners about changes, issues, patches, and so forth.
The weakest point is the technical support because they are difficult to get into contact with.
The technical support is awesome.
Our primary use case is as a firewall, failover management of the internet lines. We have over 50 people using the product on 200 devices and we use it on a daily basis. I'm an IT support executive and we're a customer of Sophos.
The technical support from Sophos is excellent.
The interface is great and easy to understand. Any firewall engineer who has medium to moderate experience on bylaws, can easily understand the UI. The language presented on various features and the in-built help, is very intuitive. If you have a problem you can figure it out there and then. As a result, there is less probability that we'll call tech support.
Kerio Control: Support
Technical support is good. They respond right away.
Technical support is good.
In terms of scalability, it's actually more for a small to medium-sized business. It's not very scalable.
We currently have over 50 users. The users are in different departments. It's a whole network; we have the admin department, accounting department, finance, technical department, and support department. Everyone is using it. It's the main UTM of the network.
It's the main UTM of the network so it's the internet firewall. We use it every day, every minute.
Their technical support is very good. We haven't had any problems with them.
The technical support used to be great. However, it's gone way downhill. I used to speak directly to the person writing the code, and he would walk you through when you need help. Now, I can barely get a hold of him.
Thankfully, now that I know the software inside and out, I don't really need them.
Kerio Control has just improved on their biggest problem, which was to introduce better support for high-availability requirements in production.
Their support is getting better but still needs improvement. I had been using Kerio products for quite a few years before GFI purchased them. What liked about the support was that the people you contacted were actually using the product in their homes, they played with the product and broke it and fixed so understood it well. GFI support folks at the first level are script readers and point you to documents you can find on the support website. For me, I have gone down that path already when I opened a ticket.
I see they have phone support now, but I have not used it.
I cannot think of any features that are needed at this time.
I have it in customers that have four users. The largest site that we've had (with a single box) is probably 150 users, including guests, and it scaled right up and I'm sure I could have pushed it much farther. Again the nice part about the product is they have a software-only version where you could put it on your own hardware, where you can slap it in a Xeon server if you really needed to, and I'd have no fears that the product could actually filter a whole school campus.
In our company, it's mainly our techs who work with this solution. The roles are usually customer-facing techs and support techs. We call them technology specialists, but it would be equal to a tech support type person. Everybody in the company dealing with customers knows how to manage the product because it's so simple. There's no reason to have a firewall engineer. We have a senior person for a really complex setup, but every tech can work on the product and set it up for the average company. Every tech can make changes that the customer requests right then and there when they call.
The interface control manager where we can allocate LAN connections to certain VLANs is the most valuable feature. The other feature that's important for us is because everything is remote with MyKerio, as long as the boat has an internet connection, we can log onto the Kerio and get statistics, as well as provide support.
It's important because unlike a company where a company has an IT person on-site because these are yachts, they have a boat crew that is not necessarily "IT," so they rely upon us to provide them with their IT services. This is a platform that allows us to control and troubleshoot as necessary.
I would say about 95% to 97% of all of our support is managed remotely because of the nature of superyachts, where they're located, and the importance of the people that own them.
I have not run into any issues or complaints with regard to the firewall and intrusion detection features. I find that in this industry, the fact that those are services that are included is important. But I can't speak to the operability of it.
Because I interface the most with the boats and the crews, I've never run into an issue with the comprehensiveness of the security features.
In terms of the ease of use, if you took 15 different network professionals and told them to configure a Kerio Control, you would get 15 different configurations. Having said that, within our specific business segment, we have learned the configuration that works best for us and works best for our customers. The way that we have set it up is to not put the onus on the boat to make any changes, but if they need to make any changes they allow us to go in there and make changes.
From my experience, I don't necessarily do the configuration on them, but I do manage them. If there's a boat that has a problem, I'm the first phone call. Most of the time I can figure it out, but what we provide as a service is that we refer to it as a virtual ETO which is an electronics and technology officer. That would be an actual IT person, but for the most part, we just encourage our customers to defer their technical queries to us and allow us to manage it for them.
It has saved time for the members of our team who manage security based on how they're using it. It has saved time in the sense that they have an integrated security solution. I think the maritime industry is moving towards a standardized security initiative because the problem is that everything within the maritime industry is based on international, not national standards. So where and how the Kerio Control will fit into that is undetermined because the IMO, International Maritime Organization, has not yet determined what those standards are going to be. It's still a work in process.
It has a VPN back to our data center but I don't think it has increased the number of VPN clients extended to those outside our environment
It is scalable up to a point that then you might have to use a user faster, bigger one, but on the whole, it is scalable. It's because based most installations I have are over 300. Whereas if they start to get really big, you'll need to increase the model to the next model up.
In my company, it's me that manages and installs them all. We install, manage, and offer basic management and support.
The environments we've installed for can go from three to 50 users.
We've never had any problems with it not being able to manage the traffic.
I've never contacted technical support because I just call the people that I contract to fix things and if they're not quite sure how to fix something, they'd probably contact GFI.
The scalability is awesome.
For our big corporate clients, the solution gets used a lot. We have one client with about 200 users and about 10 to 12 servers.
We have five to six support technicians who work with Kerio Control.
I use it as a service for my customers. My primary target is to help my customers in the best way to protect them from the dangerous things from the Internet. As a solution, it's easy to maintain. The product is a good solver that also depends on good support and its availability of engineers.
I am using the latest version of Kerio Control. It is an old type of configuration with VPN connections. I still like the product very much.
It is mostly installed on the Linux software appliance. That's what I mostly use for my customers.
I'm a one-person team, and Kerio Control has saved me time. When I looked at the comparison between how much time I spend supporting a business installation of Kerio versus a FortiGate installation, just with the implementation, I have saved a few weeks of time. On a yearly basis, I have saved around 30 to 40 hours on one customer because they're bigger customers.
It's been a while since we contacted support, but back when we did it was pretty hard to get a hold of someone. We didn't get a lot of feedback. Most of the time, it was, "Look at the documentation." It was hard to get someone to look over our shoulder and help us with the problem. I think that was before GFI took over.
The problems I've had with Kerio, when I wanted to change something, have always been solved by consulting the Knowledge Base.
We are located in Holland and there is supposed to be Dutch tech support, and there is an American tech support, as far as I know. The bad thing about the American tech support is that reaching them by phone is difficult and by mail there's a certain turnaround. So, I'd rather rely on the Knowledge Base so that I'm not really dependent on the person on the other side.
They have an extensive Knowledge Base and, if you can't find something there, you can check the internet and there's enough available.
The GFI technical support can be very time-consuming to get down to the root of the problem, but they are very helpful when you do have an issue. It just takes some time to get to it. It sometimes can be communication that's the issue. Sometimes it can be the complexity of the problem.
It doesn't seem to be a lack of knowledge on the technical support side of things. Some of it comes down to whether the product can currently do what we needed to do or not. We were trying to determine if there was something that we could do to get better performance out of the appliance, and the response from the GFI support team was that it wasn't able to do some of the things that we wanted it to do, but it was something that they were looking at with rewriting some of the functionality. There is the possibility that some of those can be overcome easier.
I haven't contacted technical support in the past, to be honest. I'm the kind of person that I would rather look things up online. The beauty of working in IT is that a lot of problems you come across have already been witnessed. Someone else has come across them and has already posted solutions online for you to find. I'm not one of these people that tends to call help desks. I used to work on help desks quite a lot myself, so I am well versed in troubleshooting.
The support the solution offers needs a lot of improvement. GFI took over the product and since the takeover, the support, the backups, the after-sales support, etc., has basically dropped off quite a bit.
When it comes to dealing with updates, there are often bugs on the solution. They should do a lot more testing before they release new versions.
GFI's technical support is improving but at the very beginning, it was very bad. There was no way to contact them. When you did call, you didn't get returned messages. It is improving, but it's still not at a level where we're happy with it.
I haven't used GFI, but back when Kerio had it, they were very good.
They were very responsive. A lot of times you call the company tech support and they want to treat you like you don't know what you're doing. It's a "Is the power plugged into the wall" kind of a thing. They're very fast to understand that it's not the user that they're talking to on the phone. That the user they're talking to on the phone knows what they're doing to an extent and needs some extra help. It saves time. But I haven't had to call GFI yet, other than when my key wasn't working. It was an email. When I renewed my subscription, the keys didn't update. They had a problem with their update process, so the person had to go and manually update all my subscriptions. It took a few days.
At first, they didn't understand, because they said it's just automatic. Which it's supposed to be. The next day I told them that it didn't update. Then finally looked and they did one subscription, and then I told them that my other subscriptions didn't update.
At first, I was supposed to read a manual on how to do it. But I was doing everything that was shown, it just that their process behind the scene wasn't working. It's the online thing, so it was updated. However, my server wouldn't get the notification that it was updated. They thought I was not doing the website properly because they would tell me to go to the website and hit update. It first started as if I was a user that didn't know how to do anything and then they realized we had a problem. I fixed it. It should have been a lot faster.
The way it improves the way our company functions is through the VPN, because we offer support services. Normally, we would have to rely on TeamViewer to a computer on board, or to get on the phone and tell somebody to take pictures or press buttons, where we can't see what's going on.
In the last year or two, after setting up the VPN, any of our guys can log straight in to the system and they are effectively on board. That is a big help because our customers are all over the world. They could be in Ibiza one day, but then they're heading to the South of France and then they're going off to Greece or crossing the Atlantic. Sometimes it's difficult to send somebody out to them quickly. They might not want to pay for somebody to come out. It could be two or three days of round-trip travel for a half-hour job. The VPN makes it more efficient. We can jump in and see what's going on. We can mimic our engineer's being on board the vessel via the VPN. That's the biggest benefit. And it's instant. Someone rings me up and I've got a single VPN connection and I can get to their networks.
There were certain things I didn't know about it, but I've always been able to just contact our IT company. They've been able to walk me through certain things. It was quite a monumental task to set up a public site. Support really had to help me with setting up the VLANs and walk me through it. It was not possible for me to figure that out on my own, but that's what they're here for. That could have been a little bit easier laid out.
There are some pros and cons to its performance when dealing with malware and antivirus features. Maybe once a month, I have gone to a website and it's being blocked. This is because it's a known malware site. So, I feel confident that those filters are doing their job. On the down side, occasionally when iOS devices go to the App Store to do their application updates, it will pick that up as a possible virus in a file: a false positive. This only happens on the iOS updates and the antivirus signatures.
One area that confused me a bit when I was building my current network. I use VLANs to have separate functionality on the network, and the appliance I got was the WiFi model, but I discovered that you can't assign WiFi channels to the VLAN. So, you can have WiFi, but its own subnet. You can't run that over the VLAN. Effectively, I can't use the WiFi facility in the appliance and had to purchase a separate web that supports VLANs. In the end, I had to go to GFI support. They confirmed this is just a limited functionality of that device, as it is a low-end device. I don't know if any of their high-end models have a better facility or not.
I used support once or twice when I hit the first license ceiling. I did log a support ticket in. They were fine. There were no complaints from that. They offer 24/7 support, via email. I don't think I actually phoned them up. It's pretty good. There are no real issues there.
I haven't contacted their technical support. If there are any issues then I get a network engineer guy first and see if he can take care of it.
GFI's technical support is way too slow in terms of response times. Their knowledge is okay. They should know their products. Even though they bought Kerio, they were able to update the software with their developers and build some new routines in it.
But regarding the support, if I send out a solution or a request today, it's taking too long to get a proper answer. You should have an answer the same day, at least, and if possible a quick response via email. That would be preferable in our cases. I know that is not always possible. And that's for software issues.
But if you have a hardware issue it's even worse because we are not able to get hardware maintenance on the firewalls. Ideally, within two hours of going down, a mechanic would come with a new firewall to replace it and to restore your saved configuration from the cloud. They don't have that. If a hardware issue arises with a firewall, then it takes at least a week, maybe a week-and-a-half, to get a new firewall sent by GFI. That's really not acceptable. If we have a hardware issue and we order something from some companies here in The Netherlands, we have it the next day. That would be acceptable.
We deal with that by having a spare NG500 lying around that we can use. We've never used it, so it's already three years old, doing nothing. But it's there.
I've never used their technical support.
I find it a bit costly to pay for the products that I am not using. They need to change their model in such a way that you don't have to pay for the products that you are not using.
The GFI features that come with Kerio are stated below. When paying for the licenses we pay for license for everything yet we only use 5 products.
GFI Endpoint Security
GFI Mail Essentials
Not in use
Not in use
GFI Fax Maker
Not In use
GFI Lan Guard
GFI Web Monitor
Not in use
GFI Events Manager
Not in use
We only use 5 products out of the 10 we’ve paid for. We should have the option for paying for what we use not a blanket cost for everything
Internet aggregation and SDWAN Technology: The firewall should allow growth in terms of allowing connectivity to SDWAN technology available in other firewall appliances.Link aggregation and SD-WAN (Software-defined Wide Area Network) are great features for businesses who need multiple links to the internet. They’re also useful where you are using multiple links and would like to connect to other sites, such as branch offices or cloud services.
Its local support and scalability is also not good. I am looking forward to a more scalable product that will be able to grow with time and technology.
Cloud Support: The Firewall should have cloud support especially hybrid cloud support.
It should allow device identification without just stating that the devices are unrecognized-"unrecognized devices"
Sandboxing is one of those important firewall features that end users don’t even know is there. It takes a file or executable as you’re downloading it and opens it in a completely isolated and separate “test” environment.This is missing.
A10 Networks Thunder CFW: Support
The technical support is excellent. It's 24/7 and you'll have direct access to the engineers. It's not like support where they will ask you to just restart the box and see what happens. They will get the file from you, and they will replicate the configuration, and they will come back very quickly with answers.
Cisco Firepower NGFW Firewall: Support
This solution has improved my organization. I'm a solution provider and so I deploy in many different companies that are my customers right now. Before Firepower, we had some problems with the architecture of the firewall. Firepower can support two types of intelligence identity: it can support the application visibility and control, and it has a great deep inspection in the packet. Before this solution, we had some problems with malware detection. Right now, we can easily detect and filter all the applications. Before this solution, we never had any file trajectory, but right now we do, according to the file trajectory of Firepower that we have after attack solutions.
We never had any solution or any workaround for after an attack. We never had any clue what the source of an attack was or how the attack could affect the company. Right now, because of the file trajectory and the great monitoring that FMC does, we know what's happened so we can analyze it after an attack.
Their technical support is good. I opened a ticket when we did the installation. We didn't have any issues with them.
Our primary use case is to support a security environment. It has performed well.
I've only had to use their technical support once. Otherwise, I haven't had to use them.
Cisco has a new general firewall: the Firepower NGFW. If you take a look at the Cisco Firepower product line, they have three models available:
- A low-scale model: the 2000 series
- A high-end model: the 4000 series
- The carrier-grade model: the 9000 series
We have already used the 4000 and 2000 series over here. We've been using this solution in Bangladesh for some customers over the last eight months.
We've been using FPR 2110, 2120, 2130, & 2140. We also employ the FPR 4130 and 4140. We have been using this equipment on our last few projects. We used it as a transfer and for firewalling. The most recent one we are using for firewall support as well.
From a stability diagnosis, once I did the deployment it did not give me any issue for at least six to eight months. Once it went to a stable support, I did not see major problems. I don't think there were issues with stability.
However, the core upgrades frequently come in, so you need to be carefully devising that support management. From a stability perspective, if you are happy with your current stuff and you do not require past updates it would be very stable. If you're using an IPS, the only challenge would be past management. With Cisco having cloud integration and just firing one command and getting things done, it is still okay. It is a good stable product.
There are quite a few things that can be improved. Firepower is an acquisition from another company, Cisco's trying to put it together. Their previous ASA code with the source file code that they have acquired a few years ago still has some features that are not fully supported.
Also, they have a Firepower source file that I can work on the ASA device and on Firepower devices. A problem here lies in the way that you manage these devices. Some devices do not support the FMC, and some devices have to be managed through ASDM, and others have to be managed through FMC.
Most of the high-end devices do not support Onboard management. The Onboard management is only supported on the 2100 IP at the 1050 Firepower and on select ASA devices that bear the Firepower image.
It would be very nice if the Onboard management integrated with all the devices. Log key loading for the evidence at the logs, because clearly you only have loading on the remote on the FMP, you cannot store the logs located on the device.
Technical support is ok, and we have had no problem with them.
I've always liked Cisco support. We're a pretty big Cisco shop, so you're not going to hear a lot of complaints from me about support. And not only that, but if I do have a problem with Cisco support, we get ahold of somebody - our customer-success people and the salespeople from Cisco who are focused on our organization - and we get help. It's very good.
Sometimes, I'll have to contact the first tier of tech support. I'll still open up a case. But in case that, for whatever reason, is not going to our satisfaction, at least we have a chain of command we can go through and talk to some different people. We might get it escalated if we're just not getting something fixed on time. But Cisco has very top-notch support.
Cisco's technical support is very good, overall. I've only run into one or two instances in the last 20 years where I came away with a negative experience. Those were generally unknown bugs but I didn't appreciate the way they handled some of those situations. But overall, Cisco's technical support is better than most companies'.
We've got a little history with tech support. We have very good knowledge within our team about the product now. We have a lab here in Montreal where we test and assess all the new versions and the devices. Sometimes we try to bypass level-one tech support because they are not of help. Now, we've have someone dedicated to work with us on complex issues. We use them a lot for RMAs to return defective products.
Tech support is able to resolve 70 percent of the issues. In case of an emergency, we can open a case because we have a contract for Smart Net support on the devices. In case of an issue, we open a case and we get assistance.
Currently, we have 16 remote sites. Some of them are sales offices and some of them are industrial plants. And we have a centralized IT department here in Brazil. The business asked me to support those remote sites. We started using the Firepower Threat Defense, which is one of the versions of next-gen firewalls from Cisco, at some of the sites. We have them operating at five sites, and we are deploying at a sixth site, in Mexico, with the same architecture. That architecture has the firewall running on the site's router, and we manage them all from here in Brazil.
The scalability is awesome. That's one of those features that this product adds. Not only does it scale so that we can add more firewalls and have more areas of deployment and get more functionality done, but we have the ability that we could replace a small-to-medium, enterprise firewall with a large enterprise firewall, with very little pain and effort. That's because that code is re-appliable across multiple FirePOWER solutions. So should a need for more bandwidth arise, we could easily replace the products and deploy the same rulesets. The protections we have in place would carry forward.
We hairpin all of our internet traffic through the data centers. Our branch offices have Cisco's Meraki product and use the firewall for things that we allow outbound at that location. Most of that is member WiFi traffic which goes out through the local connections and out through those firewalls. We don't really want all of the member Facebook traffic coming through our main firewalls. I don't foresee that changing. I don't see us moving to a scenario where we're not hairpinning all of our business-relevant internet traffic through the data centers.
I don't foresee us adding another data center in the near future, but that is always an option. I do foresee us increasing our bandwidth requirements and, potentially, requiring an additional device or an increase in the device size. We have FirePOWER 2100s and we might have to go to something bigger to support our bandwidth requirements.
We use their support a lot. In my view, they need a lot of improvement. A lot of the representatives are far away and they don't have a lot of knowledge. You need to get to level two or three for them to be able to help. My team is very experienced so it takes a lot for us to make a call to technical support. We need to talk to the right person to work out the issue. The support structure is not able to reach the right level right away. This is a problem that Cisco needs to work a lot to improve one.
We also evaluated Check Point, Palo Alto, Sophos, and Cisco ASA. In the beginning, we thought about going for Cisco ASA but were told that Firepower was the newest solution. We met with Cisco and they told us that they were giving more attention going forward to Firepower than the ASA product.
We did a small POC running in parallel with Fortinet. We evaluated reports, capability, and the people involved. Palo Alto was one of the closest competitors because they have threat intelligence report in their dashboard. However, we decided not to go with Palo Alto because of the price and support.
Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed. In some cases, this may save you a lot of money or stress, which is why everyone who uses Cisco solutions loves them.
Hillstone E-Series: Support
I am not sure if this solution offers active directory integration. Adding that feature will definitely be an advantage. Adding support to the interface will also help. If they can have reporting built into the solution, one can actually integrate into a call-center system.
Untangle NG Firewall: Support
In terms of customer support, so far I've not needed to contact them because I've not had any issues with the solution.
In terms of technical support, the service is excellent. Considering that there is a command center where you can actually just draw a ticket and they get in through the command and will be able to assist you even on the appliances, remotely, and be able to resolve the issues is great. I would say the only major issue is only the time difference between us in Zimbabwe and America because we are on different time zones. Generally, the support is very good.
We've never had to reach out to technical support, as we have yet to face any issues using the solution.
We never had to use technical support. We had engineers in-house who could keep it running without needing external help. As we've never used support for Untangle, I would not be able to comment on any general experience with them.
I initially had difficulty getting device license to appear in command center and had to log a support call. The issue was literally sorted the same day with no hassle. I have not had any other issues since.
Palo Alto Networks VM-Series: Support
Technical support is good.
The technical support is really good. It is usually one phone call to get everything done if we are having an issue.
We have big team which can support Palo Alto on-premise. We have engineers which are familiar with Palo Alto products. Our customers are perfectly suited for our use case. They wanted to get onto AWS or be on the hybrid cloud. They want to keep the technology consistent across the board. Therefore, Palo Alto makes sure that they are a leader in this space. We are able to support them, and customers can take advantage of using these products, both on-premise and cloud.
We have in-house experts and a good relationship with the Palo Alto technical support team.
We have hardly any issues. We have had some patches of data needing some help, but that was it, and the technical support has been spot on.
It's very easy to get the documentation so we have not needed a lot of help from the support team. We have a three-year subscription for necessary support for any issues.
The most valuable features are security and support.
The packet routing speed is very good.
The technical support is great. This is a brand and they have to protect it, so they make sure that the users get what they need.
I would like to have automatic daily reporting, such as how many users have connected via SSL VPN. As it is now, we have to manually look at the logs, which is tedious. There are no ready-made reports on that level and the information is not easily available.
I really need more advanced features that support the correlation of log files.
I've had to reach out to technical support many times. Sometimes, I find that it can take a while to reach support, or for them to get back to us. This is especially true on weekends and holidays. Other than that, it's been pretty good. We're pretty satisfied with the level of support we get.
Technical support is okay. It's the same across the board, you have good techs and you have bad techs.
At times, it's a little slow in getting back to us, but nothing out of the norm.
The most valuable feature is that you can control your traffic flowing out and coming out, allowing you to apply malware and threat protection, as well as vulnerability checks.
It has an advanced engine that does parallel processing for packet and deep packet inspection. It also supports user authentication.
My experience with Palo Alto is that it is really bad when it comes to technical support. When we have a situation where we have to call them, we should be able to call them up, say, "I have a problem," and they should ask a series of questions to determine the severity and the nature of the problem. If you start with the question "Is the network down?" you are at least approaching prioritizing the call. If it is not down, they should be asking questions to determine how important the issue is. They need to know if it is high, medium, or low priority. Then we can get a callback from the appropriate technician.
Do you want to know who does the vetting of priority really, well? Cisco. Cisco wins hands down when it comes to support. I do not understand that, for whatever reason, Palo Alto feels that they do not have a need to answer questions, or they just do not want to.
It is not only that the support does not seem dedicated to resolving issues efficiently. I am a consultant, so I have a lot of clients. When I call up and talk to Palo Alto and ask something like, "What is the client's password?" That is a general question. Or it might be something even less sensitive like "Can you send me instructions on how to configure [XYZ — whatever that XYZ is]?" Their response will be something like, "Well, we need your customer number." They could just look it up because they know who I am. Then if I do not know my client's number, I have got to go back to the client and ask them. It is just terribly inefficient. Then depending on the customer number, I might get redirected to talk to Danny over there because I can not talk to Lisa or Ed over here.
The tedium in the steps to get a simple answer just make it too complicated. When the question is as easy as: "Is the sky sunny in San Diego today?" they should not be worried about your customer representative, your customer number, or a whole bunch of information that they really do not use anyway. They know me, who I am, and the companies I deal with. I have been representing them for seven or eight years. I have a firewall right here, a PA-500. I got it about 11 years ago. They could easily be a lot more efficient.
I have been in contact with technical support and find that they are great.
I would advise getting very well prepared by defining the scope and testing it in advance. Make sure that you understand the performance implications and that the core features are supported on the VM, and they are tested before the implementation or migration.
I would rate Palo Alto Networks VM-Series a nine out of ten.
Fortinet FortiGate-VM: Support
We do not use the tech support. We have another source for tech support.
In terms of what features should be improved with Fortinet, I feel it should give better reports. They provide some basic reports in the entry-level and middleware products but I would love this product if they gave more reports, including more MIS from the traffic because they capture everything in the UTM. They don't produce a team value report. They don't produce a usable report where the IT manager, IT head or CTO can analyze where the attack happened or figure out where the bridge is down, etc. The reports are basic. There are engines which make everything on the GUI. All the user can potentially access for the risky function in the Fortinet but it should be on the GUI, it should not be behind the command line. They could definitely provide the FortiAnalyzer with the basic UTM in a bundle pack.
People should not have to ask for another FortiAnalyzer. It's an entry-level product. I understand that FortiAnalyzer is an expert level product but the functionality should be available at the entry-level as well. Fortinet should think about the entry-level and give it managing capabilities. That's why I selected Sophos because, for a small or medium office, all the reports are available there.
Secondly, Sophos is cost-effective. It is comparatively much cheaper. Sophos is available for a much cheaper price than Fortinet. Also, they have some other functions like sandboxing and others. FortiGate should be more customer-friendly and budgeted better. If I am a buyer, I do not want multiple appliances to manage. It should be one box, one appliance. One mobile should do everything. Multiple products require IT to create a workaround. You have to buy two products and then there is actually another one with that, one plus one, and then there is multiple management, so the product is definitely cumbersome. The beauty of the product is implementation and maintenance without it.
I have my own team to maintain this product. We are very happy as a Sophos user, as we get whatever we want from the reporting point of view. There are no glitches. There is no one issue in particular. When I ask, or my team asks, how the network is working and why there is network latency there are reports about where the traffic is going and I do not have the input after moving or switching to Sophos. I can get the support regarding which IP is working where and which IPs are making traffic, and more.
Their support is very good. Fortinet has a good support base here who has been working closely with us. Whenever there is an issue that needs to be addressed to our end clients, we have received very good support.
The product is quite user-friendly so we didn't have a lot of issues that needed to be addressed.
The pricing structure is also flexible.
The technical support has been very helpful. We've been satisfied with the level of the support we get.
We have contacted technical support at times when the appliance was not working well and they were ok. We have no issues with support.
We have very rarely had to contact Fortinet about anything. When we have a problem then we have local support with our vendor. They will send their technical people if we need help on-site. We are very satisfied with our local experts.
We have not been in contact with technical support.
I have not contacted technical support.
I'd rate the solution seven out of ten. I only really use the solution for communication and ordering support.
We don't have a business relationship with Fortigate. We're just a customer.
I personally have never been in touch with technical support for Fortigate. I can't speak to any kind of experience. I have heard good reviews from other people, however.
We have yet to contact technical support, as we've just started to use the product and haven't had any issues to speak of so far.
The customer support for Fortigate is fine. Compared to Cisco, however, I would say Cisco's response might be a bit faster. If a device fails, they'll be onsite to replace it themselves. In my region, in terms of Fortigate's response to a similar event, users would have to go through the distributor and not directly to Fortigate. That's why it takes longer. It could be a bit easier, and if they did it a bit more like Cisco, I think it would be better. However, Fortigate's response isn't bad.
We've never had to contact Fortigate's technical support, so I can't speak to their quality of service. If we have any issues on the solution, we tend to handle the problem internally.
I haven't used technical support.
The Fortinet technical support is generally good. There are times when we don't get an immediate response and it requires escalation but that's all.
We don't use technical support from Fortinet. Rather, we get it from a local company. They are okay. They aren't terrible, however, they could be better. Their service is average at best.
We've never had any technical issues on the solution and have never had to reach out to technical support. However, I've heard that they are quite helpful. I just can't personally speak to the quality or responsiveness of their services.
For those trying to troubleshoot on their own, the solution doesn't really need or have tutorials, however, you can find so much information online, it's not necessary. It would be nice it newly released features had a bit more information. It doesn't happen often, so it's not too big of an issue.
The virtual and hardware versions of the solution are mostly the same.
The VM it's very quick for deployment. If we need to have a POC for a customer, if we don't have any hardware physically at our premises, at our store, in our office, we can download the VM from Fortinet and install all the VM to their environment in order to run it. If we have a customer that says "let's start tomorrow" we are able to do that in a way that's not possible with a hardware version.
Normally Fortinet is very flexible that it supports almost all environments.
The solution is user friendly.
The cost of the solution is pretty fair.
The documentation is very good.
The SD-WAN is very good, as compared to, for example, Citrix SD-WAN which has an overall lack of security and needs to leverage other devices, like Palo Alto, to cover this.
Technical support is good. We work through a distributor and it's just a matter of a phone call to explain what needs to be done or a feature that we need to enable, and within an hour or two they come back to explain what has to be done.
They also give advice going forward with what to deploy.
We did not require any help from the support team.
I don't contact technical support. I don't need to.
Our primary use case of this solution is for VPN connections. We are currently supporting an SAP company, which has many customers, and most customers need a site-to-site active set connection for maintaining the SAP systems. We currently have round about 200 VPNs.
We haven't had to contact technical support. If we have questions, we're typically able to find answers via the website.
Our experience with technical support has been good. We have a few issues, and if we do we have been satisfied with the support.
I've never reached out to technical support. If I run into problems, I tend to Google queries in order to find solutions.
I am satisfied with the technical support.
We have not explored the scalability. We are only a small lab with two to three workstations.
I have a colleague working with me, together. We meet weekly to share the progress we have.
I use the enterprise version daily. It's scalable, stable, they have proper documentation and support. We get daily updates from the vendor.
OPNsense is a great tool but it lacks information that you need before deploying it.
Check Point NGFW: Support
Check Point Smart Dashboard does not support my Apple MacBook Air. It only supports Windows versions. Checkpoint does not support captive portal in IPv6. We had a big issue. Not solved yet by Checkpoint experts.
We are a utility company, so we need efficient antivirus protocols. The firewall support is extremely important to our organization. Checkpoint helps us protect our company from outside threats.
We have good support from Check Point. They always send us information about new products, new technologies, and new attacks worldwide. We are looking for endpoint protection and Check Point is one of the brands that could provide that technology to us.
Their support is completely useless. They need to improve that and the stability. The main reason we are moving on from Checkpoint is because of their stability and their support. There are way too many bugs. You just can't get things to work properly.
They don't need to bring any more features. They need to focus on stability. They should stop trying to be funky and stop trying to develop new things to catch people's attention. Just focus on what they already have and make it work. It would be a good product. Just make sure it works.
Right now, the agreement we have is elaborate enterprise support. That means we are entitled to an engineer within 48 hours if we have issues that can't be resolved remotely. I've been satisfied with technical support so far.
This product has room for improvement in technical support for Africa. There are some problems with African countries. We also need to provide excellent services.
The additional feature I would most like to see included in the next release of this solution is removal management.
We are happy with Check Point technology and support.
The technical support is very good.
The Check Point support needs a lot of improvement. We spend a lot of time troubleshooting issues ourselves, create good ticket descriptions, and try to explain in detail what has already been tested. Even so, it takes at least three ticket-updates before support really understands the issue. If you manage to reach the third-level support, you are still forced to be really critical of what kind of suggestions Check Point support is offering you. Running debugs on a test environment is quite different than running them in a heavily used production environment.
The SmartUpdate interface is a little bit crowded if your company has a lot of software items.
As an administrator, one should know how to troubleshoot by issuing related CLI commands before or after upgrading gateways, or the management server, in case of a problem.
Hardware problems on Check Point devices, such as those related to NIC or disk problems, may occur at times. In cases such as this, the support team is available and does what is needed, including the RMA process if necessary.
Our in-house team does the installation for our clients. We also handle support, depending on what level of support the client has. Sometimes, they go directly to the OEM.
Technical support is located in Prague, Israel, and America. The support is good and they are quick.
The speed of technical support is very slow and is something that should be improved.
The user interface for management could be improved.
In the future, I would like to see support for SD-WAN capabilities.
We are an IBM OEM company who received installation support from that vendor. They provided all the network connectivity.
For our implementation, we:
- Started with an initial diagram of the configurations and what we want to see after the installation.
- Segregated the SonicWall and Check Point tools for the migration since we used automation.
- Checked the mode of installation. We went with transparent mode.
- Collected the IPs for the firewall. It required multiple IPs because with we have cluster nodes.
- Assessed the feasibility of Check Point in our environment.
For our strategy, we looked at:
- How many users are in all our offices? For example, is it a small office, mid-size office, or data center?
- Using high-end versus lower-end devices, e.g., lower-end devices means a smaller price tag.
A smaller office of less than 500 people would get a 4000 Series. Whereas, a larger office would get a 5600 or 7000 Series. We have to be focused on the natural topology.
I've used the technical support. They're very responsive, we usually get a response the same day. The advice they've given has been very good and the knowledge base articles that they send are also very good.
They should improve the support a bit. Though they have expert engineers in tech, sometimes the amount of time to get back a solution for an issue is more than what is acceptable, even though it is a high priority.
During a scheduled activity or an implementation, they find their highest level of support. During an implementation, I never faced an issue with the support. I would rate them a nine out of ten for this.
1. Advanced logging capabilities - our support team on duty constantly monitors the security logs in the SmartConsole, and notifies the security team in case of major alerts.
2. Advanced networking and routing features - we use Proxy ARP to announced virtual IPs to ISP and bing domain names to it; BGP for dynamic routing over IPSec VPN tunnels to other environments, and Policy-Based Routing for connecting to two ISPs.
3. The new Policy Layers feature for building up the Access Control policy - the rules are now more understandable and efficient.
The Check Point Next-Generation is a firewall that provides security to our inside network from the outside with next-gen features like Blocking Antibot, Antivirus, IPS, etc.
Other than that, Check Point supports threat prevention for zero-day attacks.
With the addition to that Check Point firewall, it also provides a VPN. We can configure Star and Mesh IPSec VPN as well as SSL VPN.
Logging and reporting is one more important aspect when we talk about firewalls and Check Point did a great job in that.
As we vendor, we deployed the Check Point firewall in many organizations and they are renewing its license as they trust the product and support.
Whatever feature they want is possible with Check Point and 80.20 later versions are coming in, that feature set was previously not available. Customers are satisfied.
- Offline Sandblast solution, which should send malicious sources to other security solutions.
- TAC Support level to be enhanced
- More details to be included while VPN troubleshooting, using GUI representation
- Integrate all blades to use a single policy rather than multiple.
Check Point is able to satisfy almost any security tool for enterprise clients. This allows us to deploy complex changes from a single management interface, get better visibility, and significantly reduce operational complexity.
I have to emphasize the value of Diamond support here where most senior engineers can provide great support with any challenges. Thinking out of the box, sense of responsibility, professionalism and much more - such an attitude helps to provide resolution to any crisis in the shortest term
They are very cooperative and supportive in nature.
I would say not much exp and not lower, average technical support. We are struggling in most of the cases.
Support is great, we solved cases with solution integrations easily.
The scalability of the firewall depends on the model. In terms of the implementation, it's really easy.
We have about 25 users for the entire solution. We have two engineers who work on deployments and implementation. We have another 18 engineers who do support and operations. They have responsibility to monitor the firewall 24/7.
It protects the core network and ISP: the routing, switching, and APM backbone. This is around 8,000 pieces of equipment.
We don't have plans to increase our usage right now.
They have a very extensive Knowledge Base on their website, which is very helpful. But if you contact their technical support, not all of them have all the skills. If you open a ticket it may take a while to be resolved. It can take more than a month until they finally escalate it several times internally and then, finally, find a solution. But the first tier is not too technical.
It gives us centralized management for multiple firewalls. For example, if I want to push the same configuration to 10 firewalls, I can push it all at once with the help of the centralized management system.
It is easy to use because it supports Linux language in the CLI. This is a good for someone who already knows Linux language.
We use it to provide security in our organization. Check Point Next Generation Firewalls are designed to support large networks, like a telco environment.
One of the main reasons that we went with Check Point is that they provide a good solution for a firewall but at an affordable price. As a state agency, we can't afford a Cisco FirePOWER. It's just out of our budget to be able to pay for something where licensing and hardware are so expensive. Check Point has really met our needs for a budget-friendly solution.
We pay a yearly support fee in addition to the standard licensing fees with Check Point.
Check Point's technical support is a seven out of 10. Sometimes it takes a lot of time to get the right people on TAC issues. And to buy time, they just use generic questions, which is really time-consuming and doesn't relate to the problem at all.
There are no issues with scalability.
In Hitachi Systems in Mumbai, there are around 10 to 12 clients who are using Check Point Firewall. There are around 40 network security engineers who support Check Point Firewall in our organization for the Mumbai location, and there are multiple locations.
I had 3200 appliances deployed in my company where we had two CMSs. We had multiple VSXs on those appliances due to the main firewall that we had on the VLAN. We also had an external firewall on the VLAN, which were used to monitor and allow the traffic within the network. That is how we were using it.
They have a new R81 in place. Currently, they also have R75 deployed in the environment, but they are planning to upgrade to R80.20 because that particular firewall has very high CPU utilization and there is no more support for R75.
Check Point support is a very difficult question because not so long ago I had a major complaint with Check Point about their support. Now, they give us much better support because we have the highest level of partnership. They recognize that the people from our team, in particular, are very skilled, so we don't go to first-level support anymore. The moment we open a ticket, we get tier-three support, and that is good.
But we haven't had this privilege for that long and, in the past, support could be a bit tricky. If we got a tier-one engineer it could be okay for support that wasn't urgent but if we were doing an implementation, especially since we had a lot of experience, they were mostly asking questions about things that we had already checked. Often, we had more knowledge than they did.
For us, it's great that we now immediately get access to tier-three. I just wrote an email to the support manager this morning about an issue we had last night, and I told him the support was great; no complaints anymore. It took a while, but now it's good. I can't complain anymore.
It depends on the partnership you have with Check Point. If you're a lower-level partner, you have to go through the steps and it takes a bit of time. If you're working in a company that has a good partnership and you can negotiate some things, then support is good and you get very good people on the line.
The primary use of the firewall is to allow or block some traffic. Mainly, it is the perimeter firewall for the Internet. It filters the traffic from external to internal, e.g., to secure the traffic.
Some of our customers have been demanding Check Point as their firewall product.
I do the installation, support, firewalls, etc.
We've not used technical support. We asked our questions of the vendor that deployed and he was quite free and open in providing solutions. Anytime we call him we can ask. He was like our own local support.
There is also a Check Point community, although we've not really been active there, but you can go and ask questions there too, apart from support.
I have used technical support a couple of times, when it was required, for hardware replacements. Of course, once or twice I contacted them for active devices when we had some glitches. But that turned out to have nothing to do with Check Point.
Overall, technical support has been good. They understand the situation and what part needs to be replaced or what needs troubleshooting through remote support tools.
They are very stable. We usually deploy them in clusters, in front of the node. We always have the other one functioning and we have never had an occasion in which one failed and the other also failed. We also have support for the hardware. But regarding their functioning, we are very satisfied. We have never had a big outage because the two members of a cluster went down. They are very good in terms of stability.
One of the most valuable features is the data center object integration with Azure. We are using Azure a lot and there is very nice synchronization between the objects in Azure, and it's very easy to implement rules using this feature.
Other valuable features include:
- the VPN — it's quite easy to configure it and it provides us with an easy way to interconnect our sites.
- the CLI, for automating things
- it is very easy to manage, to make backups, and to configure
- the support and the graphical user interface.
One of the most valuable features is the antivirus. It's very good.
We also now support cascading objects. We didn't support this previously, but on Check Point we do.
The dashboard is quite good, you can explore a lot of features there and it's easy to understand.
It also gives us SSL inspection, which provides more effective mitigation of defects and data leakage.
We recommend to clients who are installing applications that they can work with Check Point Next Generation Firewalls. Our role is to support our customers in terms of their migration, firewall room cleanups, and implementing all the security features that the firewall has.
Our clients have branch offices in Mexico and Bermuda. Check Point is one of the top names in these areas.
Since we are trying to get our customers to do more self-service, we should see more inbound traffic. So, the usage will increase in the next two years.
We get more attacks from the outside these days, so it has become more important to use systems like Check Point. When I started with security 25 years ago, it was still something not everybody was aware they needed. Today, it's common sense that everybody needs to protect their perimeter.
Plan first, implement last. You should first be aware of what assets you want to protect and what are your traffic patterns. You should plan your policy and network topology ahead of time, then start to implement a firewall. If you just place it there without any plan of what it's supposed to do, it doesn't make too much sense. I think planning is 80 percent of the implementation.
I would rate this solution as an eight out of 10. It would be better if the support was quicker in the cases we had. Apart from that, we are happy with the functionality.
I support multiple clients within the UK, the EMEA region, the US, and now in Asia Pacific as well. I specialize in Check Point firewalls. I design and secure their data centers, their on-premises solutions, or their businesses security.
The firewalls are mostly on-premise because most of our clients are financial organizations and they have strict compliance requirements. They feel more secure and have more control when things are on-premise in the data center. However, there are use cases where I have helped them to deploy Check Point solutions in the cloud: AWS, Azure, and in Google as well. But cloud deployments are very much in the early stages for these clients, on a development or testing basis. Most of the production workloads are still on-premise in data centers.
Most of my customers are still using R77.30, and they are on track to upgrade from that to R80, which is the current proposed version by Check Point.
Sometimes, when I have gotten stuck, I have reached out to support and it's okay. They have helped me very quickly.
Support is very customer-oriented and you are always in good hands.(customer wishes are often implemented in the next hotfix)
Most Support engineers are located in Israel. (Very good spoken english)
Very fast response from R&D Team
I have used the technical support very frequently. I would give them around a nine out of 10. They have very good support. In critical scenarios, they provide us very quick solutions, are very well-trained, and have a good knowledge about the product. That is what we expect from them. I am deducting one mark to allow room for improvement.
I would rate the support as a three out of 10. It seems like they are all Tier 2 guys. If there is a problem, you search everything and read all the articles, then you contact their support center who forward you to the same articles. It is very difficult to work with their support guys, unless you work with the guys in Israel.
From my last job, I had a web UI issue on one of my firewalls. It's been a year now, and it's not been resolved. Although it's been to the Israel as well, It's still been delayed. We couldn't live with the issue, so we decided we would buy a new open server, as the previous open server was quite old, then we did a fresh install of R.30 on it.
if you buy the appliances or licenses through partners, they will try to resolve your issue or talk in a way that makes sense.
We have had a good experience with the Check Point support guys. The solutions they provide are very straightforward and are provided quickly.
The Next Generation Firewalls, the 64000 and 44000 series, provide us with support for large data centers and telco environments. They're quite reliable and provide great performance.
Mixed experience, mostly satisfactory. Some support engineers are quite helpful and efficient, others required more patience working through support incidents. ATAM support has been high quality, and as previously mentioned, local support has been key to resolving some cases much more quickly. If we were giving their support a letter grade, it would be in the B range.
It is always a good experience to work with their technical support. They are knowledgeable, always finding a solution. If we send them a bug, they fix it as soon as they can.
Palo Alto Networks NG Firewalls: Support
We have had that many problems, so we haven't had to engage with their tech support.
Technical support is good. Once you call up with your issue, it takes around one or two hours for them to contact and give you a solution accordingly.
Our solution is now based on clustering and load balancing. We can add more nodes to our environment to accommodate the new load within our company.
We have about 2,000 to 2,300 users on Palo Alto NG firewall support.
Palo Alto has a line of products for different customers. If you do the sizing it from the beginning, considering that you are a growing company, it is fine.
You need to plan for the future, which means that you have to pay in advance through investment. With Palo Alto NG Firewalls, the cost will be higher.
The support in our country can be slow sometimes. It's a slow website. It could also use better customer support.
For technical support, we have a contract with some local suppliers. It depends on our partner, so it's probably different from location to location, but as long as they are certified with Palo Alto, normally they should have a one or two experts in their organization. So you just need to find a good person to work with.
I am the customer's technical support. If a customer has issues, they would call me.
The support needs improvement. Also, better reporting of errors would be good.
(Malware) On-prime scanning should be considered.
Endpoint management (traps) better to be on-prime than cloud.
QoS, It should be more sophisticated than it is now.
TAC support should cover meddle east area by Arabic support, such as in France, Germany, Italy and Japanese.
I have to support many vendors. We are a system integrator.
The initial configuration is complicated to set up. You really have to know what you're doing. I attribute that to all of the features and functions that are built into the product. Luckily, Palo Alto has a great support site and you can find contractors who are knowledgeable in the technology.
The solution is very stable, but I think the local providers have no sufficient products. We are looking for more support.
The support could be improved.
The next release could use more configuration monitoring on this one, and additional features on auditing.
Palo Alto is easy to use, feature-rich, and it has good technical support. You can fetch users, so you have visibility by username, IP address, destination, application, and you can even define a custom application.
In the GUI, you can easily find blocked traffic and the reason for it.
As a solutions architect group, we are what you would call "vendor-agnostic." We evaluate any solution that seems like it may be viable to provide clients with some advantages. I will never go to a customer and say that these are the only products that we are going to support. However, if there is something that a client wants to use which I feel would be detrimental to their business or that doesn't fit their needs, I will encourage them to look at other solutions and explain why the choice they were leaning towards may not be the best. When a solution they want to use means that no matter what we do they are going to get broken into, I'll let them know. It isn't good for their business or ours.
That said, some of the most requested or considered firewall solutions by clients beside Palo Alto are Fortinet, Firepower, and Meraki. Looking at each provides a background into how we look at solutions and how we evaluate options for clients. You have to look at the benefits and disadvantages.
Cisco Firepower NGFW (Next-Generation Firewall)
I think that Firepower can be simplified and can be made into a more viable product in the Cisco line. I think that Cisco has the ability to get into the Firepower management platform and trim it, doing so by breaking down all of the different areas of concern and configuration and categorizing them into overviews, implementation across the board, and steady-state management. If they were to do that, then users could start at the top layer and drill down more as they see fit to customize to their needs. I believe that Cisco can do that with Firepower and make it a much better security tool.
Firepower is not just a firewall, it is an SD-WAN. It is an application that Cisco sells that gets loaded onto an ASA 5500 series appliance (the appliance has to be the X platform). It is not a bad solution. I can use it to get into your network and protect a lot of your customers who will be running traffic through it. But a problem that you are going to get into as a result of using Firepower is that it is extremely difficult to configure. Security engineers that I have handed the setup after a sale came back from the service and asked me never to sell it again because it was very difficult for them to set up. However, it is also very secure. The difficulty is in using the GUI, which is the console that you would log into to set up your rules and applications. It can take about 10 times as long as Meraki to set up, and that is no exaggeration. Palo Alto is easier to set up than Firepower, but not as easy to set up as Meraki. But, the security in Palo Alto is phenomenal compared to Meraki. Firepower is pretty secure. If it was a little easier to operate, I'd be recommending it up one side and down the next, but ease-of-use also comes into play when it comes to recommending products.
I'll support what Firepower has to offer considering the quality of the security. But I can't take anyone seriously who is proud of themselves just because they think their firewall is next generation. It might have that capability but it might not be 'next generation' if it is set up wrong. Some vendors who sell firewall solutions that I've spoken to admit to dancing their customers around the 'next generation' promise and they make amazing claims about what it can do. Things like "This firewall will protect the heck out of your network," or "This firewall has built-in SD-WAN and can save you lots of money." These things are true, perhaps, depending on the clients' needs and the likelihood that they will be able to properly manage the product.
Firepower is a capable solution but it is difficult to set up and manage.
Cisco Meraki NGFW (Next-Generation Firewall)
Meraki was a horrible acquisition by Cisco and it is harming their name. All of us who are familiar enough with the firewall know how bad that firewall is and we know that Cisco needs to make changes. The acquisition is almost funny. The logic seemed to be something like "Let's buy an inferior security solution and put our name on it." That is a textbook case on how not to run a company.
If Cisco wanted to improve Meraki, the first thing they need to do is simply activate the ability to block an unknown application. Start with that and then also improve utility by blocking every threat by default like other products so that users can open up traffic only to what they need to. That saves innumerable threats right there.
There are situations where Meraki works very well as is. One example is at a coffee shop. What the coffee shop needed for their firewall solution was to have a firewall at every location for guests. The guests go there to eat their donuts, drink their coffee, and surf the internet. The company's need was simply to blockade a VLAN for guest access to the internet while maintaining a VLAN for corporate access. They need corporate access because they need to process their transactions and communications. All corporate devices can only communicate through a VPN to headquarters or through a VPN to the bank. For example, they need to process transactions when somebody uses their debit card at a POS station. It works great at the coffee shop.
It works great at department stores as well. All employees have a little device on their hip that enables them to find what aisle a product is in when a customer asks them. If the store doesn't have the product on hand, the employee can do a search for another store that does have it in stock right on the device. They can do that right on the spot and use that service for that device. For that reason, they are not going across the internet to find the information they are searching for. They are forced into a secure tunnel for a specific purpose. That is something you can do with Meraki. If you don't let employees surf the web on the device, then Meraki will work.
I can actually give you the methodologies in which hackers are able to completely hack into a Cisco customer's network and steal extremely valuable information. Meraki is the most simple of all firewalls to infiltrate in the industry. It is an extremely dangerous piece of hardware. What comes into play is that Meraki, by default, does the opposite of what all of the other firewalls do. Every firewall not called Meraki will block every means of attack until you start saying to permit things. The Meraki solution is the opposite. Meraki, by default, blocks nothing, and then you have to go in and custom key everything that you want to block. This is dangerous because most people don't know everything in the world that they need to block. With Meraki, you have to get hacked in order to be able to find out. Now, tell me who really wants that.
An example of this is that Meraki cannot block an application it doesn't know about, which means that all unknown applications are forever allowed in by Meraki. If I am a hacker and I know that you are using a Meraki firewall, I can write an application to use for an attack. When I do, it is unknown because I just wrote it today. If I load it up on a website, anybody that goes to that website using a Meraki firewall has this application loaded onto their computer. Meraki can't block it. That application I wrote is designed to copy everything from that person's computer and everything across the network that he or she has access to, up to a server offshore in a non-extradition country. I will have your data. Now I can sell it or I can hold you for ransom on it.
Customers love it because it is simple to configure. I don't even need to be a security architect to sit down at a Meraki console and configure every device across my network. It is an extremely simple device and it's extremely cheap. But you get what you pay for. You are generally going to suffer because of the simplicity. You are going to suffer because of the low cost and "savings."
All I can say about Meraki is that it is cheap and easy to use and fits well in niche situations. If you need broader security capabilities, spend a few bucks on your network and get a better security solution.
Fortinet FortiGate NGFW (Next-Generation Firewall)
I'm supportive of Fortinet because it is a decent next-generation firewall solution. While not as secure as Palo Alto, it is a cost-effective and reasonably reliable product. I have customers choose it over Palo Alto. But if they decide to use this solution, I want to charge them to manage it for them. The reason for that is, if anything goes wrong in the network and they get hacked, my client will likely get fired and replaced. If anything goes wrong in the network and I am paid to manage their firewall, I am the one in trouble if they get hacked — not the client. I apply my services to the network, make sure everything is working as it should and give them my business card. I tell them that they can give the business card to their boss if anything goes wrong because the guy on the card is the one to blame. That way I remain sure that nothing will go wrong because of poor administration, and my client contact sleeps better at night.
Fortinet is sort of middle-of-the-road as a solution. It has a relative simplicity in setup and management, it has a lower price and provides capable security. Fortinet FortiGate still gets some of my respect as a viable alternative to Palo Alto.
Comparing the Complexity of Setup
Firepower is the most complex to set up. The second most complex is Palo Alto. The third is Fortinet. The fourth is Meraki as the simplest.
Rating the Products
On a scale from one to ten with ten being the best, I would rate each of these products like this:
- Meraki is a one out of ten (if I could give it a zero or negative number I would).
- Fortinet is seven out of ten because it is simple but not so secure.
- Firepower is seven out of ten because it is more secure, but not so simple.
- Palo Alto is a ten out of ten because the security side of it is fantastic, and the gui is not a nightmare.
An Aside About Cisco Products
It is interesting to note that the two offerings by Cisco are on completely opposite ends of the spectrum when it comes to the learning curve. Firepower is on one end of the spectrum as the most difficult to configure and having the worst learning curve, and Meraki is on the other as the easiest to configure and learn. Both are owned by Cisco but Cisco did not actually develop either of product. They got them both by acquisition.
The technical support from Palo Alto is good.
Yes, we evaluated other options. Cisco was there, as was FortiGate. We were using Juniper at that time, and then Palo Alto came into picture. We carried out a comparison of pricing, support, features, etc. and then we made our choice. It was really the next generation features and application level security that were key to our decision.
Their support is very good. I've never had any issues with their support. I would say that we've been satisfied with their level of service.
Occasionally there may be a bit of a language issue based on where their support is located.
I'd say that technical support is excellent. They are very helpful. We've quite satisfied with the level of support we got from the company.
We have been in contact with technical support and we are satisfied with the service.
I contact Palo Alto by email or by phone. Their support is good.
The technical support is good. The team is responsive and they gave us the right information at the right time to solve the difficulties and complexities that we were experiencing.
I have contacted their support once. It's very good support. They help me to fix our problem quickly.
I have not been in contact with technical support.
Since the solution is hardware, there are some limitations in terms of scalability.
Usually, in hardware, you can't say it's scalable or not due to the fact that you have the limitations built-in related to the size of the box. The box has a maximum number that it can reach. You can add more hardware, however, the hardware itself is finite.
We usually do a POC first so we can get the figures for performance and we can put in a box that can support 20 or 30 people extra for future expansion.
Cisco IOS Security: Support
I would rate the technical support at eight out of ten. We've had a lot of good feedback.
Cisco's technical support is the best.
Their support was very bad. We have a very bad experience on the support. They take too much time requesting logs, and they are not coming directly online to resolve the issues. They keep asking about a lot of things. And they know that we are not expert in the system. So, we are wasting our time. And it takes time to respond. Sometimes one single issue will stay on the stack for three weeks, just to resolve it. The last ticket for me reached six weeks, not three weeks even. They are not like that in all products. Just this product.
If you ask technical support on how to solve some issues, it does help. We do fine with Cisco support. It comes with the equipment.
We provide our clients with six months of in-house support. We pay Cisco for it. The support is okay.
Technical support is very good.
I haven't used technical support yet.
We have a contract with the representative of DEO support, not just Cisco. So we have local support. If we have any issue, they respond to us directly by phone.
I think we have great support from Cisco for this. I haven't used it personally, but I have heard good things.
The most valuable feature is the support that we get.
The technical support is excellent. We've contacted the tech team a few times and the turnaround time was always almost immediately.
The main reason for going with Cisco is their support. They have very skilled people and a very good support structure as compared to many other companies. They invest heavily in support maintenance.
We are pretty comfortable with Cisco technical support, but with the new acquisitions, they also need to ramp up their support. For the older Cisco IOS and other stuff, they have very mature teams, but with the new acquisitions, sometimes it takes time to do the transition up to that level. For example, when Cisco acquired Sourcefire for the firewall, it took some time for Sourcefire to act like Cisco's other products. So, support is good, but still, there is a learning curve involved with new acquisitions and their support.
The customer support is great. We're quite satisfied with the level of service Cisco provides. They're knowledgeable and responsive.
Overall, we find that they have the best technical support in the business. Their support is quite competent in terms of their technical skills, more so than other competitors. If you face any issues, you can call them at any time and get the answers you need to resolve whatever is going on.
A few things have room for improvement in your opinion. That would start with cost. Cisco products are more expensive than the competition, but the additional cost usually gets absorbed by the name recognition. Most people have Cisco or have familiarity with it, so they go with it. If they want the top quality product, they immediately feel comfortable with the Cisco name brand. That is where we come in as consultants. We bend over backward to make product comparisons and framing for solving the needs posed by an organization. I see something is a better fit for them that they could use. It would reduce their CapEx, their expenses, and it would fit them better all at the same time. The client may still want Cisco despite the recommendation that we make. But usually, that is what it is. Cisco fits, and if they want to spend the money, we make sure that it is within their budget. They feel more comfortable with Cisco, and they have had Cisco in the past, so we go with Cisco then.
Cisco is great. A lot of the tech companies are doing really well. But Cisco is still in the forefront. They are on top of this category of products. I can not think of anything else they could do because they cover pretty much everything that you would need a firewall for. Then you get Cisco's support behind the products.
I would think it would be a lot better for us and we could make more money if we try to recommend that clients put drop-in boxes at every location. But we do not choose to do that unless there is a purpose for it. In most cases, we would prefer clients to go the OpEx route. It takes a lot to offset the cost of Cisco so if they are going to do a cloud solution, their costs are metered per month by whatever solution they have. That is a lot better for projecting costs, and then there is the benefit of everything being upgraded in the cloud for them. They do not have to worry about anything. It just works.
I have used the Cisco technical support and they were okay. Rating them out of ten, I would give them an eight or nine-out-of-ten. They have a pretty good system with decent response time and accuracy. They are good overall and in comparison to other services. They offer 24/7 service, which is a benefit.
Fortinet FortiOS: Support
The complexity of the VPNs should be improved. Certain versions of the operating system don't function with our current Fortinet unit. For instance, we've got a 60D FortiGate at our branch offices and the 60D FortiGate doesn't support the latest version of the 40 OS. Because of this, certain Wi-Fi access points that depend on those operating systems don't function so well. So that has room for improvement. I'd like to see that happen.
We did not have to contact technical support.
The solution is good, but they have poor marketing in Nigeria. They need to market their product better.
They need to work on their support. Cisco has the best technical support. In comparison, Fortinet's support takes too long. If you are paying for SLAs, you should also get value from your SLAs.
Right now, everybody is moving to the cloud. The solution has already worked on that aspect, and they are embedding security to the cloud. However, security can be more enhanced and as long as they continue to offer more protection I'll be happy.
Technical support for the solution is very good.
I think the technical support is not really very good. When we had some issues in the past and sent them to support, we waited a few weeks and in that time we managed to figure out the solution ourselves.
The one issue I am talking about was a very tricky issue, but they should know more about the product than we do even if we are doing the installations. Meanwhile, we had to wait and it was very inconvenient. So I think the process of the way they handle the management of issues could be improved. We managed to get some of the easier issues resolved in part through the support team initially, but when we reached the next level of difficulty, it lasted too long to get a resolution.
Their technical support has its positives and negatives. If you contact them, they are responsive and interactive and they have good solutions to the problem. The issue is with the support documents. When you need to do something advanced, there isn't good documentation for it. For basic tasks, there are plenty of videos and information but for advanced tasks or solutions, there is not.
The customer service is very nice because they answered my questions when I asked them about the program before buying it. The technical support is great too, because they called me back with a solution to my question.
I don't think that we have had any issues with technical support for this solution.
The technical support is very good. The assistance they gave was very good and I learned a lot from them.
My impression of the stability of the solution is good just one support case opened to fortinet, in next firewall update I will choose again fortinet
In terms of what needs improvement, the pricing could be lower. The price is very steep.
I would like to see in the next release that any client, even small ones from a home office, can run on any access point, not just the one that can be used with Fortinet. It should have an appliance that can be used to support and manage other access points. All the products should be uniform and easy to find.
Their technical support needs improvement.
All products have pluses and minuses. It will depend on a client's use case.
I don't often have to contact support. When I do I usually just get help from the online community. I really don't contact their support directly.
Technical support is good. I would rate them nine out of ten.
A firewall is a security appliance. FortiGate also does email filtering and does data loss prevention.
All networks are security-driven, we get throughputs and security. We feel that the people at Fortinet are easy to deal with from a support standpoint. If they need to jump in and help us, they're very willing to do that. Their email filtering, their data loss prevention, their intrusion prevention, type of products in the newest OSs has been outstanding.
Support is very fast and reliable, but it absolutely depends on the ticket, or what it is comprised of or how hard the errors or problems are. Easy questions are dealt with quite quickly, but harder issues might take at least an hour or so before a user would get a reply.
The solution's switches are lacking. They need more features added to them to build them out a bit. The switches are very simple if you compare them with other companies like Cisco or Aruba. Those organizations offer their clients much more.
Technical support could be better. Some competitors have much more responsive support teams.
I know the last version had NAC, network access control, added inside the firewall. It's a process, however. There's still work to do. The next version will be better. Right now, you can't authenticate other devices. You only can authenticate Forti devices and not devices from other companies. This could be the next addition to the solution that will make its performance even better.
We have a local supplier that helps us a lot every time we need to open a ticket. So far we haven't had that many issues. The few ones that we have had, we didn't have any problems with opening up tickets and getting support.
So far we are satisfied with the technical support. We have not had a lot of need to use them.
Sangfor NGAF: Support
Whenever you have a problem, you'll get an answer in 30 minutes' time, maximum. Unless it is at a very awkward time, like in the middle of the night. They have a WeChat group on the cloud, so you can communicate there an get an answer within 30 minutes. The support is really good.
These days there are lots of breaches and vulnerabilities which you can see if you do some research. Sangfor has similar issues with one or two products where customers have had problems. The company deaks with these things immediately and quickly brings out new firmware to solve the issue so I'm not aware of any deficiency in the solution. If a customer finds a feature lacking, we open a ticket to support and Sangfor comes up with the appropriate new firmware within 10 days. If you were to do the same with other vendors, it would normally take four to five months to get the new feature.
Huawei NGFW: Support
We have received technical support many times and they are very good. I am very impressed with the support.
I have not had to contact technical support. When I have needed help, I did research online myself and never had to contact Huawei.
The community support is quite good. On the other hand, it is difficult to find documentation online. This is unlike the case with Cisco, where finding the documentation is easy.
The support could be improved. As we've gone along, we've realized the support is not effective due to the contracts we have. They need to offer more support upfront, no matter what contract you have.
The solution requires a more interactive dashboard. That would make it easier than playing with configurations the way we have to now.
It would be better if upgrading the solution was easier.
The solution needs four-way deployments and dashboard confirmation.
The product should be able to integrate with products like Ansible.
Generally, technical support is quite good.
It could be a bit faster in terms of reaction time. Basically, their response is very good. However, sometimes they need lots of logs and information before solving any of our issues. It takes too long occasionally due to this requirement, and our production suffers a loss in services. Sometimes it's very good, and sometimes it's slower. It's not really constant, although I wouldn't say they are bad.
Forcepoint Next Generation Firewall: Support
Technical support is okay. It takes too long to get a response because the support comes directly from the Netherlands, and they may have very limited employees. The engineers are quite technical, but the response is very slow.
Technical support can be better. The support themselves are skilled but when you call for support you have to wait for a long time to get a response. They should improve their call center.
The technical support for this solution is great. We have a support contract and we can create a ticket when required. They have solved our problems.
After three or five years, if you want to change the model with a bigger model because of the network expansion, I think they support that. Our clients are huge enterprise businesses.
The solution's support could use improvement.
I'm in the MENA region so most of the time we were getting support from Europe.
They should include a license watch solution on their back-end.
The support is great. They also have very good categorization. It's very good. It captures a lot of threats.
The most valuable feature of this solution is the support.
There is no support available in Fiji, and it would make it easier to have local support and somebody that we can speak with.
The pricing for this solution should be more competitive.
Forcepoint would be improved if there were more training available.
The vendor should make loaner units available for test and evaluation in test environments.
They should have a local vendor who can provide support. Most of the support is overseas, so the time zones can be a problem.
When we do contact them they are very easy to work with and very helpful.
We had planned on using this product as our multi-tenant firewall. After one year, we stopped using it because there was a problem with supporting some of the protocols.
We've contacted technical support in the past. They are decent. They provide enough support services to cover our needs. We are satisfied with the level of service they've provided us so far.
We've never had a negative experience with customer support. They have always been quickly available. I can't complain, I think they have a pretty good team.
I might have contacted them for some questions related to managing instances. We sometimes had problems with registering or activating licenses on the manufacturer portal. I haven't opened any ticket personally. My colleagues have contacted them for technical support, that is, for problems that go beyond the basics of the Forcepoint configuration, such as for replacing some faulty components. Their experience was good in general.
Azure Firewall: Support
We have not been in contact with technical support.
We deal with technical support on a regular basis. I'd rate the service we've received ten out of most of the support tickets.
I think that their customer support could be improved with a faster response time.
I think the product could be made more customizable, I'd like to see that in the next release.
We provide services to our clients and help them maintain the product.
However, we have contacted technical support several times. We've submitted tickets and dealt with technical support directly. Occasionally, it takes a long period of time for them to get back to us. It does depend on the severity of the issues. In terms of feedback and output they've provided us, we have been very satisfied. They can just be a little slow.
I'm satisfied with the technical support overall. I generally chat with the Microsoft team on the phone.
Currently, it only supports IP addresses, so you have to be specific about the IPs that are in your environment. They could add specific instance names, such as an instance ID to be specified or a resource group.
Tagging is supported but not on the instances, which is something that could be improved.
The selection of the internal resources into the ruleset could be improved.
Support for layer-seven application filtering should be added because it is not there yet, at all.
It is capable of filtering on the fully qualified domain name (FQDN) but it cannot do the more advanced features that Palo Alto or FortiGate can do, where you can grant or limit access to Facebook but you don't need to specify the domain name because it knows about Facebook as an application. You should be able to simply say "Allow Facebook", but also have it block Facebook Chat, for example. Having control over those specific application protocols within the traffic would be an improvement.
The documentation from Microsoft could be slightly improved, although it could be related to the fact that the product is quickly changing. It may be a case that the documentation updates are of a lower priority than the product itself.
The ability to provide better control of the traffic is the solution's most valuable aspect.
The solution is stable.
The solution can autoscale.
The initial setup is pretty easy.
Technical support has been good to us so far.
|Features||Azure Web App |
|OWASP Top 10 Attack||Yes||Yes||Yes||Azure WAF supports only SQL and XSS protection|
|AI-based Machine Learning Threat Detection||No||Yes||NO|
|Deep Integration into the Fortinet Security Fabric and |
|Solving the Challenge of False Threat Detections||No||Yes||No||FortiWeb’s AI-based machine learning addresses false positive and negative threat detections without the need to tediously manage whitelists and fine-tune threat detection policies.|
|Advanced Graphical Analysis and Reporting||No||Yes||Yes|
|Layer 7 server load balancing||Yes||Yes||Yes|
|URL Rewriting||Yes||Yes||Yes||URL rewrite feature is in preview and is available only for Standard_v2 and WAF_v2 SKU of Application Gateway. It is not recommended for use in production environment. |
|File upload scanning with AV and sandbox||No||Yes||Yes|
|Built in Vulnerblity Scanner||No||Yes||No|
|CAPTCHA and Real Browser Enforcement (RBE)||No||Yes||Yes|
|HTTP RFC compliance||Yes||Yes||Yes|
|Zero-day Attack Protection||No||Yes||Yes|
|Security policy creation based on Server Technology||No||Yes||Yes|
|Geo IP analytic||Yes||Yes||Yes|
|HTTP Denial of Service||Yes||yes||Yes|
|Positive Security Model||No||Yes||Yes|
|Mobile API Protection||No||Yes||Yes|
|JSON XML Protection||No||Yes||Yes|
|No TLS 1.3 Support||No||Yes||Yes|
|Azure WAF is not validated and tested by third party analyst like NSS Labs and Gartner.|
|FortiWeb is tested and validated by Gartner and NSS Labs.|
It is the things we haven't tested yet. As we go from a centralized data center approach to a hybrid cloud, we are doing this with a single cloud vendor. We haven't had a chance to try this solution in a multi-cloud environment yet. However, this doesn't speak to their lack of integration. This more on us. Over time, we're going to learn about these capabilities in a multi-cloud environment as we expand into other cloud vendors. like Google and Microsoft.
In terms of how we onboard products, when we have a powerful, solid solution, like ShieldX, we want to be able to take its capabilities and the information that it gathers about threats in the environment, then share it with other products that we use elsewhere and have a consistent intelligence sharing platform within our organization. It's about leveraging what we're learning from their product and pushing it down to other products in our environment.
They need to be consistent in performance and capabilities over time, given the fact that this is new and I want to see where this goes in the next year or so. As the vendor continues to evolve and add future functionality, we want to make sure that we are still keeping up with the integrations, etc. Time will be the key factor here. The proper support for some of the latest technologies, Docker containers, etc. They need to keep up with threat landscape, so we will see how the security get layered. This is what we are going to be keeping an eye on.
We have used their tech support but because of our early adoption we have not been calling an "800" number. We've been calling the CTO.
- It is good for its cost.
- It is very easy to use.
- It is very easy to scale.
- It is easy to implement and doesn't take long.
- They have a good support team with training and videos on different things.
I create CIDR groups or workload names for either IPs or servers. In the CIDR groups, I have either multiple IP addresses or I am just doing it by the IP range. If I create a CIDR group type, then I tie an ACL control to what devices I want. This is where I am spending most of my time, creating these groups and tying them down to where they only talks to certain servers. I am also finding out that there are more things talking to each other than I originally thought, which is good. I thought one server was only speaking to these set of IPs, but they are actually talking to quite a bit of IPs.
What I like about it now is that it has a single pane of glass to view our networks and groups. Also, in Vmware, it creates its own distributed switches instead of using my current VLAN distributed switches.
The times where we used tech support to run through the installation, the setup, the testing, they were first-rate. They really know the product well.
We've contacted them with some "how-to-use" issues or "how-to-view" and how to get reports out of it, but it's an easy-to-use product.
In terms of documentation, we were a very early adopter of ShieldX and we were guided by them.
The one criticism I might have is there should be a bit more customer care, with regular review meetings on it or regular reports. It would be nice to have a quarterly or biannual review of what ShieldX has blocked. Maybe we don't have that because we go through a third-party vendor and maybe they should do it, but one way or the other, it would be helpful.
Zscaler Cloud Firewall: Support
We are establishing IT systems from the customers' routers to the nodes in Zscaler. Once we hand over the traffic to them, we wait for them to claim the full IP packet and we send the traffic back to them along with the destination. From our perspective, Zscaler is a security solution that is implemented in the cloud so it's a cloud supported service solution. We are not specifically working on a specific firewall.
Technical support is generally fine although sometimes there are exceptions. But there's generally a quick response and they're cooperative.
Palo Alto Networks K2-Series: Support
There is not really anything that needs to be improved in the product. It might be nice if it were possible for newer users to get a higher level of support.
The technical support is excellent. There haven't been problems that they couldn't resolve quickly. Pretty much are all cases that we had were dealt with to our satisfaction.
I am satisfied with the technical support.
If I'm going to rate the support of Palo Alto, I would give it an 8 out of ten because they have good engineers, but sometimes I think that they take too long to respond to my queries. But most of them are very good.
Palo Alto support is good, I contact them all the time. They have two kinds of support: Premium, which allows you to contact the vendor directly, they open the case, and you communicate with Palo Alto and they'll help you on the spot. There is also Partner support. I would not recommend that to anyone.
The technical support, and how they provide it to the client, needs to be improved. They take too long to provide answers.
I would like to have a statistical report that shows the number of times that each rule is used.
The technical support is good.
The partner support, which is a local company, is not that good and can be improved.
I would like to see the threat intelligence capability integrated with other vendors such as Cisco and Forcepoint. This would effectively be a multi-threat intelligence solution. Along the same lines, it would be useful to share threat signatures with different vendors.
We are satisfied with the technical support.
We are the first level of support for our customers. If the problem is very complicated and we cannot solve it then we open a case through the distributor, which is the second level. After that, if they cannot solve it, the case is escalated directly to the Palo Alto technical team. Generally, if we cannot solve it then the distributor cannot either.
This company is a leader in the space.
The company is inventive and always adds a lot of great features.
The support on the solution is excellent.
The initial setup is pretty easy.
For me personally, the support, in general, is the feature I have found most valuable.
Palo Alto boasts a lot of great features that cover all markets from small businesses to large enterprises.
It's very easy to see everything on the dashboards.
It would be nice if it could easily be integrated with Elasticsearch or Nagios for monitoring and reporting.
Juniper vSRX: Support
The technical support has been good.
I have not contacted technical support.
The technical support is very good. They are very fast. They are our partners. It's in their benefit to help us work efficiently. They are earning money on it.
We have very close contact with technical support, so if we have a problem we can contact them directly. It's a good relationship. They are very good.
They have good technical support but we very rarely use technical support. We go through vendors.
It seems that most of the problems were the device from management and not from support. We would spend a lot of time with support trying to solve the problems we had. We didn't resolve it because it was a problem from the device and management. The technical support did not seem to help.
I've talked to people that say Juniper now, as a device, can be a solution for a data center, but in the past, I have not seen this as being possible.
Technical support is very bad. They never respond to any ticket you open, although we pay for the support.
The support can be improved.
The GUI needs to be improved, as Cisco is more advanced with their ASDM platform.
In the next release, I would like to see improvements made to the GUI because it isn't very good.
I would like them to discard some of the existing commands because we have to delete them. It should be more practical.
We worked with Cisco's support and Juniper's support and there are some differences, to be honest, Cisco is more available and is more competent at addressing our cases. So that is something negative about Juniper but otherwise, the architecture of Juniper's OS is flexible and scalable and technically Juniper is good.
The GUI is really bad. Cisco's is more advanced with their ASDM platforms. Cisco has more advantages.
At first the implementation was straightforward. I got around quickly. I was able to, after a week, feel like I had the hang of everything. I can move around in Azure and AWS. That said, it's just the part with the elastic IP. I don't know if it's a Juniper issue or it's on there and there's another connection, and that's the part I'm not getting.
I was able to deploy the solution in days. It's just getting it to work properly, however. In that sense, it took weeks, or, at least a week and a half. I had to say "Okay, let me give up this for now" before I really got anywhere.
There isn't really maintenance per se. It's just running. There's 24/7 support. When it goes down, I guess, we're there.
Juniper supplies us with great customer support. We are very satisfied with them.
We have technical experts who have helped us in the past. They were quite supportive. They were both responsive and knowledgable and we've been satisfied with eh level of service provided.