Firewalls Features

Read what people say are the most valuable features of the solutions they use.
Jeff Berndsen says in a Sophos UTM review
Network Engineer II at a legal firm with 1,001-5,000 employees
* Firewall * NAT * Intrusion prevention * Site-to-Site VPN * Web filter * Anti-virus View full review »
Cesar Nieves says in a Fortinet FortiGate review
Technical Services Manager with 501-1,000 employees
It's a complete solution. You can purchase switches and you don't need to do anything with them. You just put in the firewall and the switches get all the policies and rules that you already have in the firewall. That's a very nice feature because with, for example, Cisco, you need to set the switch, you need to set the firewall, and you need to test it. With Fortinet, you just connect the FortiSwitch to the Fortinet and that's it. It's very easy. In the last version of the FortiOS - the operating system of the firewall - they put a lot of new features to support communications in a firewall. Whatever the communication that you have, you can put that in the firewall, and that's great. View full review »
CMEDRANO says in a pfSense review
student at a university with 51-200 employees
* The part of the firewall and aliases * The content filter in non-transparent mode and transparent mode with Squid and SquidGuard * The possibility of adding packages to perform network analysis * Creation of certificates * The facility to administer services View full review »
Ersin Bostanc─▒ says in a Sophos Cyberoam UTM review
Director Of Information Technology at a hospitality company with 1,001-5,000 employees
The performance and security are the best features. The security options are great. We never had an attack, which is pretty good. We use it from a standard location, and they are connected to each other. View full review »
reviewer32902 says in a Fortinet FortiGate review
Owner at a tech services company
* The prompt and knowledgeable support behind them. * Their reliability and their policy of pre-shipping replacements when a unit has failed. * The simplicity and clarity of their user interface and documentation. * Their 'cookbooks' that walk you through the most common installation scenarios. View full review »
Vikas-Gupta says in a Sophos XG review
Mr with 51-200 employees
* Internet security, where we have one single point of console; where I can manage my endpoint and my gateway. * Any messages coming in, I am getting the intermission immediately. * If my endpoint is getting infected, I get to know. * If my file is getting infected, I get to know from a single pane point of view. View full review »
reviewer963351 says in a pfSense review
IT Manager & Sr. Application Programmer with 11-50 employees
There are so many packages you can install which extends pfSense's capabilities including consuming from lists such as FireHOL, Pi-Hole, etc. Here are a few packages we use: * IPSec: pfSense allows for both v1 and v2 IPSec configurations to secure your connections. * IPS: You can use Snort or Suricata along with Snort packages, even subscribe to commercial packages if you wish. This alone starts making pfSense on par with Cisco. * Proxy/content filtering: You can install Squid and SquidGuard to act as a proxy and content filter. Yes, it does filter HTTPS, and there's a number of ways you can do it out of the box. pfSense also reformatted their logs so that they're compliant and standardized. We have our logs shipped to our SIEM and Logstash servers. View full review »
Reviewer3147 says in a Fortinet FortiGate review
Network Engineer at a tech services company with 201-500 employees
The most valuable feature is the policy routing and application control. In addition, the firewall will act as a call-switch. So, the performance within the LAN is good. View full review »
reviewer690582 says in a WatchGuard XTM review
COO/CTO at a pharma/biotech company with 11-50 employees
Default set-ups found on the WatchGuard site and via YouTube are very helpful - the screen for set-up and adding additional features are lists with checkboxes. Understand what you click before you do so. View full review »
Andrew S. Baker (ASB) says in a Fortinet FortiGate review
Cybersecurity & IT Professional (VirtualCIO) at a tech services company with 1-10 employees
* The CLI is robust and powerful, enabling rapid, consistent changes via SSH. The device identification is very flexible, facilitating the creation of rules to regulate all sorts of devices that might spring up on a network, especially via WiFi. * The IPsec tunnels are very easily created, and quite interoperable with devices from other vendors. * WAN load-balancing has improved, but needs some refinement. You can set up a different DDNS config for each WAN link. It is great to be able largely use the same OS features across the family of devices. View full review »
Diana Nongera says in a Fortinet FortiGate review
Senior I.T. Administrator at a agriculture with 201-500 employees
* DHCP functionality: The object tab where we manage our IP addresses and static. The DHCP monitors them. * FortiClient: You can easily connect when you are home, check out what you want to do, and connect to your network when you are not at work. You can switch on servers and you can check what is wrong. View full review »
Reinhardt Jansen says in a pfSense review
Senior Systems Administrator at a non-tech company with 51-200 employees
I have not had one issue with pfSense at all, which is amazing. View full review »
Koen Van Cauwenberghe says in a pfSense review
Network and Office Manager with 11-50 employees
* I can manage it easily by myself. * The interaction between the same firewalls is good. We can connect VPNs over the same firewall easily. * It is an open source solution. Therefore, the price is good. * OPNsense. * The performance and functionality are good. View full review »
Neil McFadyen says in a Cisco ASA NGFW review
Supervisor of Computer Operations at a university
* Most of same old ASA 5520 config could be used for the new 5516-X model. The ASDM interface is improved and can also be configured to the Firepower settings. * I am used to the ASA syntax, therefore it is quite easy to make up new rules. I have found that DNS doctoring rules are useful, and I am not sure how other firewalls handle the issue of internal versus external DNS, so this was a reason to keep the same type of firewall. * Customizing logging event of syslog to feed into Splunk is very useful for management and monitoring just for the importance events instead of a huge stream of thousands of unneeded events. * I found it quite easy to block computers from the internet, e.g, in a computer lab with students doing an exam using software for the course when needed. * I use access to a list to block IPs which have attacked our web servers on the outside interface, since I do not have IPS. * I found that setting up rules for HTTPS and SSH access to the management interface are straightforward, including setting the cypher type. * It is very useful to use the command line interface for modifying or adding to the config because sometimes the ASDM interface is hard to find when the setting is more complicated. * The text config file is great to have, to know what is in the config, instead of having to check every setting in the GUI. * While the CLI is used the most, sometimes the ASDM is faster and easier to use to set some settings. View full review »
Manager and General Attorney with 51-200 employees
The filtering that you can do with the firewall. View full review »
SecMgr5390 says in a Sophos XG review
Senior IT Infrastructure Solutions Engineer at a tech services company with 51-200 employees
* The ease of setting up the VPN connection. * The fact they have the cloud management option, I can manage it on a cloud platform. So anywhere I am, I can always manage the firewall. * The user interface is very user-friendly, so it's very easy for the administrator to make any policy changes. View full review »
Hesham Sakr says in a Sophos XG review
IT Infrastructure & Security Manager at a university with 1,001-5,000 employees
The most valuable feature, according to the setup we have at our work place here, is the flexibility of the system or the firmware that's running the appliance. It's so flexible, performing multiple rules with different configurations. According to the set up here, we need to implement several firewalls with different access levels, because we have a variety of users. For this requirement, it's very flexible and very easy to use. View full review »
Adrian Larsen says in a Zscaler Web Security review
Chief Executive Officer at a tech services company with 1-10 employees
Zscaler provides a lot of features in terms of control (URL filtering, cloud app control, etc.), which can be found in other solutions as well, but in terms of security, it is quite unique. SSL inspection, Advanced Threat Security, and Cloud Sandbox are probably the most valuable. * SSL inspection is easy to implement and the performance is great (it is the responsibility of Zscaler to provide it). * Advanced Threat Security protects you from most threats that can bypass the classic anti-malware solution. * Cloud Sandbox completes the stack of security requirements stopping zero-day malware. View full review »
reviewer831174 says in a pfSense review
Stateful packet inspection. It works quite well for an open source product. View full review »
Taradutt Pant says in a Barracuda CloudGen Firewall review
Founder at let's-ConnectIndia
Live monitoring of what is happening inside and with the interfaces, either ingress or egress - this is a good feature of the device. Secondly, most people use enterprise applications remotely, and there is no license for SSL VPN, or in other words point-to-site. There is no limit. On other devices there is a specific limit and you have to pay per use for SSL VPN. Single sign-on is also good. If you are accessing your corporate firewall from your home, during that time there is an integration with the AD. You can use your AD's password to access your SSL VPN. It's not like if you buy a traditional SSL VPN. You have to define a specific password for your remote client application but there is no requirement of defining a specific password - which you would have to request from your admin - or to buy a token which can generate a password for your integration. You can directly integrate with your AD. If you change your password on the AD side, your client-to-VPN password also gets changed. You can integrate all your passwords from a single console. The admin doesn't has to change your password, it's a single sign-on. View full review »
Israel Caravantes says in a Barracuda CloudGen Firewall review
COO at i-Track Systems Development, S.A. de C.V.
Barracuda has a very simple interface, very good security, all the features of the best firewalls in the market, but with a very friendly interface. Something that we've seen that Barracuda, and some other brands also, have. When you program the firewall to detect certain kinds of attacks, Barracuda can detect that kind of attack and automatically insulate, or remove, or encapsulate the very specific IP, if it's internal. And if it's external it just blocks any kind of communication with that specific IP. If you want, Barracuda will warn the security team. If you allow, or release, that IP, it will continue communication. If not, it will block it forever, or until you release it. Internally, we'll remove it until you release also, but we allow the IT team to review what is happening with that particular piece of equipment, a computer, a laptop, a server, any kind of device into which a "back door" can be opened or through which they're trying to get some information. Barracuda can help with that. That is one of the most important features we've seen with Barracuda. I cannot mention the name, due to the NDA that we have signed with a financial company, a financial entity. But we implemented Barracuda with them. Right now they are monitoring all the information that their employees are managing. If an employee tries to get or move a file that is not permitted to them - for example if he wants to copy it to a USB - he will not have the right to do that, because Barracuda manages who has the right to copy, and what you copy to a USB. The USB is encrypted with a specific code from Barracuda and will only be decrypted into any other laptop in the company if they allow it to see it. Even in the network, a feature of Windows is to see how you are sharing files. Barracuda can help you to monitor how you are moving files. When you are sending information to an external email address, Barracuda can warn you when you are trying to access a private or personal email, or trying to upload information; it's not allowing you to do that. That was the biggest feature that that financial entity admired in Barracuda, among others. Easy integration with some other systems like LDAP or Active Directory to manage other permissions and the division of external access and internal access. View full review »
Mervin Sosa says in a pfSense review
Centralized administration with multiple services, which allows for execution in several important functionalities of information security. View full review »
MarcosMedina says in a pfSense review
Analista Senior at a tech services company
Security and stability. The pfSense server acts as "IPSec VPN Server" for a small financial institution, but regardless of the company size, interruptions would cause significant financial impact. View full review »
Ryan Pealer says in a Sophos UTM review
Network Administrator at a government with 11-50 employees
To me it is the Web Server Protection, it is not an easy task to protect your web servers from the big bad internet. This solution does it elegantly and, if configured correctly, even hides the server's base system from prying eyes. View full review »
Javier Jaime says in a Meraki MX Firewalls review
* Managed centrally over the web: You can manages all your Meraki devices in a single account. * Site to Site VPN: The device can establish a VPN connection to multiple sites in a mesh environment in seconds, and without complex VPN knowledge. * Traffic Shaping: The device lets you decide how you want to use your internet services. Due to the fact that Meraki can accept dual WAN, you can decide the way you balance the data traffic. * Content Filtering: Excellent, and very easy to use. You can establish rules over specific content, what is allowed to be used, and assign them to a single device or a group. * Intrusion detection and prevention (IDS/IPS): The best feature. It can detect malware, even a virus, and warn you by email about the device that has it. When the Meraki detects that something is wrong, it automatically blocks the connection or the intrusion, delivering a graphic report with all the necessary content. View full review »

Sign Up with Email