Firewalls Features

Read what people say are the most valuable features of the solutions they use.
Jeff Berndsen uses Sophos UTM
Network Engineer II at a legal firm with 1,001-5,000 employees
* Firewall * NAT * Intrusion prevention * Site-to-Site VPN * Web filter * Anti-virus View full review »
Cesar Nieves uses Fortinet FortiGate
Technical Services Manager with 501-1,000 employees
It's a complete solution. You can purchase switches and you don't need to do anything with them. You just put in the firewall and the switches get all the policies and rules that you already have in the firewall. That's a very nice feature because with, for example, Cisco, you need to set the switch, you need to set the firewall, and you need to test it. With Fortinet, you just connect the FortiSwitch to the Fortinet and that's it. It's very easy. In the last version of the FortiOS - the operating system of the firewall - they put a lot of new features to support communications in a firewall. Whatever the communication that you have, you can put that in the firewall, and that's great. View full review »
CMEDRANO uses pfSense
student at a university with 51-200 employees
* The part of the firewall and aliases * The content filter in non-transparent mode and transparent mode with Squid and SquidGuard * The possibility of adding packages to perform network analysis * Creation of certificates * The facility to administer services View full review »
Ersin Bostanc─▒ uses Sophos Cyberoam UTM
Director Of Information Technology at a hospitality company with 1,001-5,000 employees
The performance and security are the best features. The security options are great. We never had an attack, which is pretty good. We use it from a standard location, and they are connected to each other. View full review »
reviewer32902 uses Fortinet FortiGate
Owner at a tech services company
* The prompt and knowledgeable support behind them. * Their reliability and their policy of pre-shipping replacements when a unit has failed. * The simplicity and clarity of their user interface and documentation. * Their 'cookbooks' that walk you through the most common installation scenarios. View full review »
Vikas-Gupta uses Sophos XG
Mr with 51-200 employees
* Internet security, where we have one single point of console; where I can manage my endpoint and my gateway. * Any messages coming in, I am getting the intermission immediately. * If my endpoint is getting infected, I get to know. * If my file is getting infected, I get to know from a single pane point of view. View full review »
reviewer963351 uses pfSense
IT Manager & Sr. Application Programmer
There are so many packages you can install which extends pfSense's capabilities including consuming from lists such as FireHOL, Pi-Hole, etc. Here are a few packages we use: * IPSec: pfSense allows for both v1 and v2 IPSec configurations to secure your connections. * IPS: You can use Snort or Suricata along with Snort packages, even subscribe to commercial packages if you wish. This alone starts making pfSense on par with Cisco. * Proxy/content filtering: You can install Squid and SquidGuard to act as a proxy and content filter. Yes, it does filter HTTPS, and there's a number of ways you can do it out of the box. pfSense also reformatted their logs so that they're compliant and standardized. We have our logs shipped to our SIEM and Logstash servers. View full review »
Reviewer3147 uses Fortinet FortiGate
Network Engineer at a tech services company with 201-500 employees
The most valuable feature is the policy routing and application control. In addition, the firewall will act as a call-switch. So, the performance within the LAN is good. View full review »
Diana Nongera uses Fortinet FortiGate
Senior I.T. Administrator at a agriculture with 201-500 employees
* DHCP functionality: The object tab where we manage our IP addresses and static. The DHCP monitors them. * FortiClient: You can easily connect when you are home, check out what you want to do, and connect to your network when you are not at work. You can switch on servers and you can check what is wrong. View full review »
Reinhardt Jansen uses pfSense
Senior Systems Administrator at a non-tech company with 51-200 employees
I have not had one issue with pfSense at all, which is amazing. View full review »
Koen Van Cauwenberghe uses pfSense
Network and Office Manager with 11-50 employees
* I can manage it easily by myself. * The interaction between the same firewalls is good. We can connect VPNs over the same firewall easily. * It is an open source solution. Therefore, the price is good. * OPNsense. * The performance and functionality are good. View full review »
Neil McFadyen uses Cisco ASA
Supervisor of Computer Operations at a university
* Most of same old ASA 5520 config could be used for the new 5516-X model. The ASDM interface is improved and can also be configured to the Firepower settings. * I am used to the ASA syntax, therefore it is quite easy to make up new rules. I have found that DNS doctoring rules are useful, and I am not sure how other firewalls handle the issue of internal versus external DNS, so this was a reason to keep the same type of firewall. * Customizing logging event of syslog to feed into Splunk is very useful for management and monitoring just for the importance events instead of a huge stream of thousands of unneeded events. * I found it quite easy to block computers from the internet, e.g, in a computer lab with students doing an exam using software for the course when needed. * I use access to a list to block IPs which have attacked our web servers on the outside interface, since I do not have IPS. * I found that setting up rules for HTTPS and SSH access to the management interface are straightforward, including setting the cypher type. * It is very useful to use the command line interface for modifying or adding to the config because sometimes the ASDM interface is hard to find when the setting is more complicated. * The text config file is great to have, to know what is in the config, instead of having to check every setting in the GUI. * While the CLI is used the most, sometimes the ASDM is faster and easier to use to set some settings. View full review »
MnG32 uses Fortinet FortiGate
Manager and General Attorney with 51-200 employees
The filtering that you can do with the firewall. View full review »
SecMgr5390 uses Sophos XG
Senior IT Infrastructure Solutions Engineer at a tech services company with 51-200 employees
* The ease of setting up the VPN connection. * The fact they have the cloud management option, I can manage it on a cloud platform. So anywhere I am, I can always manage the firewall. * The user interface is very user-friendly, so it's very easy for the administrator to make any policy changes. View full review »
Hesham Sakr uses Sophos XG
IT Infrastructure & Security Manager at a university with 1,001-5,000 employees
The most valuable feature, according to the setup we have at our work place here, is the flexibility of the system or the firmware that's running the appliance. It's so flexible, performing multiple rules with different configurations. According to the set up here, we need to implement several firewalls with different access levels, because we have a variety of users. For this requirement, it's very flexible and very easy to use. View full review »
Adrian Larsen uses Zscaler Web Security
Chief Executive Officer at a tech services company with 1-10 employees
Zscaler provides a lot of features in terms of control (URL filtering, cloud app control, etc.), which can be found in other solutions as well, but in terms of security, it is quite unique. SSL inspection, Advanced Threat Security, and Cloud Sandbox are probably the most valuable. * SSL inspection is easy to implement and the performance is great (it is the responsibility of Zscaler to provide it). * Advanced Threat Security protects you from most threats that can bypass the classic anti-malware solution. * Cloud Sandbox completes the stack of security requirements stopping zero-day malware. View full review »
reviewer831174 uses pfSense
Stateful packet inspection. It works quite well for an open source product. View full review »
Taradutt Pant uses Barracuda CloudGen Firewall
Founder at let's-ConnectIndia
Live monitoring of what is happening inside and with the interfaces, either ingress or egress - this is a good feature of the device. Secondly, most people use enterprise applications remotely, and there is no license for SSL VPN, or in other words point-to-site. There is no limit. On other devices there is a specific limit and you have to pay per use for SSL VPN. Single sign-on is also good. If you are accessing your corporate firewall from your home, during that time there is an integration with the AD. You can use your AD's password to access your SSL VPN. It's not like if you buy a traditional SSL VPN. You have to define a specific password for your remote client application but there is no requirement of defining a specific password - which you would have to request from your admin - or to buy a token which can generate a password for your integration. You can directly integrate with your AD. If you change your password on the AD side, your client-to-VPN password also gets changed. You can integrate all your passwords from a single console. The admin doesn't has to change your password, it's a single sign-on. View full review »
Israel Caravantes uses Barracuda CloudGen Firewall
COO at i-Track Systems Development, S.A. de C.V.
Barracuda has a very simple interface, very good security, all the features of the best firewalls in the market, but with a very friendly interface. Something that we've seen that Barracuda, and some other brands also, have. When you program the firewall to detect certain kinds of attacks, Barracuda can detect that kind of attack and automatically insulate, or remove, or encapsulate the very specific IP, if it's internal. And if it's external it just blocks any kind of communication with that specific IP. If you want, Barracuda will warn the security team. If you allow, or release, that IP, it will continue communication. If not, it will block it forever, or until you release it. Internally, we'll remove it until you release also, but we allow the IT team to review what is happening with that particular piece of equipment, a computer, a laptop, a server, any kind of device into which a "back door" can be opened or through which they're trying to get some information. Barracuda can help with that. That is one of the most important features we've seen with Barracuda. I cannot mention the name, due to the NDA that we have signed with a financial company, a financial entity. But we implemented Barracuda with them. Right now they are monitoring all the information that their employees are managing. If an employee tries to get or move a file that is not permitted to them - for example if he wants to copy it to a USB - he will not have the right to do that, because Barracuda manages who has the right to copy, and what you copy to a USB. The USB is encrypted with a specific code from Barracuda and will only be decrypted into any other laptop in the company if they allow it to see it. Even in the network, a feature of Windows is to see how you are sharing files. Barracuda can help you to monitor how you are moving files. When you are sending information to an external email address, Barracuda can warn you when you are trying to access a private or personal email, or trying to upload information; it's not allowing you to do that. That was the biggest feature that that financial entity admired in Barracuda, among others. Easy integration with some other systems like LDAP or Active Directory to manage other permissions and the division of external access and internal access. View full review »
Mervin Sosa uses pfSense
Centralized administration with multiple services, which allows for execution in several important functionalities of information security. View full review »
MarcosMedina uses pfSense
Analista Senior at a tech services company
Security and stability. The pfSense server acts as "IPSec VPN Server" for a small financial institution, but regardless of the company size, interruptions would cause significant financial impact. View full review »
Ryan Pealer uses Sophos UTM
Network Administrator at a government with 11-50 employees
To me it is the Web Server Protection, it is not an easy task to protect your web servers from the big bad internet. This solution does it elegantly and, if configured correctly, even hides the server's base system from prying eyes. View full review »
Jijish Gopi uses Cisco ASA
Security Engineer at a tech services company with 201-500 employees
If you compare it with other products, other firewall products in the market, at this moment, it doesn't have that many features, no impressive feature in it, in fact. The one thing I like about the product is the logging features, the way it logs, the way it forwards the logs in Syslog. It generates the particular Syslog. Compared to other products, that is the only feature, I feel, that is good. I have worked with other firewall products, so I know it very well. The logs are pretty good. Then it forwards. When it forwards the logs to a third-party syslog server, it then writes the Syslog very well. That is the only feature I like about it. View full review »
Steven SL. uses SonicWall NSA
Senior IT Consultant at a tech consulting company with 51-200 employees
Application control: It allows us to block applications, i.e., websites by application type category. It is far more capable than content filtering alone. View full review »
Chingiz Abdukarimov uses Fortinet FortiGate
Senior Network & Security Engineer at a cloud provider with 51-200 employees
Good VPN, both IPSEC and SSL (web-mode, tunnel-mode). An engineer/network administrator has tools to debug VPN issues that can occur during tunnel setup with other vendors' equipment. VDOMs are very useful when you need to grant admin role to clients separately. VDOMs in FortiGate can be represented in FortiAnalyzer's ADOMs (administrative domain), which can have different log storage policy, event handling and alerting configuration. Ability to capture packets going through any interface of device (and VM too). You can set number of packets, filter out packets by IP and port number for particular troubleshooting purposes, then download a .pcap file from web gui and analyze it in your favorite programm. Human readable firewall policies with editable security policies and addresses in single page. This is very useful and time saving feature. Bulk CLI commands are uploaded via gui in script file (portions of config file). Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network. IPS and AV are working very well. SSL Inspection and CASI (Cloud Access Security Inspection) profiles. Straightforward SNAT and DNAT. Rich logging options. LDAP integration variants for any case (scalable approach). Can work as explicit web-proxy and supports web-caching. Straightforward HA with different redundancy schemas. View full review »

Sign Up with Email