Firewalls Features

Read what people say are the most valuable features of the solutions they use.
Cesar Nieves says in a Fortinet FortiGate review
Technical Services Manager with 501-1,000 employees
It's a complete solution. You can purchase switches and you don't need to do anything with them. You just put in the firewall and the switches get all the policies and rules that you already have in the firewall. That's a very nice feature because with, for example, Cisco, you need to set the switch, you need to set the firewall, and you need to test it. With Fortinet, you just connect the FortiSwitch to the Fortinet and that's it. It's very easy. In the last version of the FortiOS - the operating system of the firewall - they put a lot of new features to support communications in a firewall. Whatever the communication that you have, you can put that in the firewall, and that's great. View full review »
Kofi Osei-Appaw says in a Fortinet FortiGate review
Consultant at WorldNet ICT Solutions Limited
This solution has many good features. The security features are about the best that I've seen anywhere. I really like the fact that I am able to generate FortiCloud reports. View full review »
Andrew S. Baker (ASB) says in a Fortinet FortiGate review
Cybersecurity & IT Operations Professional (VirtualCxO) at a tech services company with 1-10 employees
* The CLI is robust and powerful, enabling rapid, consistent changes via SSH. The device identification is very flexible, facilitating the creation of rules to regulate all sorts of devices that might spring up on a network, especially via WiFi. * The IPsec tunnels are very easily created, and quite interoperable with devices from other vendors. * WAN load-balancing has improved, but needs some refinement. You can set up a different DDNS config for each WAN link. It is great to be able largely use the same OS features across the family of devices. View full review »
CMEDRANO says in a pfSense review
student at a university with 51-200 employees
* The part of the firewall and aliases * The content filter in non-transparent mode and transparent mode with Squid and SquidGuard * The possibility of adding packages to perform network analysis * Creation of certificates * The facility to administer services View full review »
MohammadRauf says in a Cisco ASA NGFW review
Security Officer at a government
For us, the most valuable features are the IPX and the Sourcefire Defense Center module. That gives us visibility into the traffic coming in and going out and gives us the heads-up if there is a potential outbreak or potential malicious user who is trying to access the site. It also helps us see traffic generated by an end device trying to reach out to the world. Sourcefire is coupled with Talos and that provides us good insight. It gives us a pretty good heads-up. Talos is tied to the Sourcefire Defense Center. Sourcefire Defense Center, which is also known as the management console, periodically checks all the packets that come and go with the Talos, to make sure traffic coming and going from IP addresses, or anything coming from email, is not coming from something that has already been tagged in Talos. We also use ESA and IronPort firewalls. The integration between those on the Next-Gen Firewalls is good. They are coupled together. If the client reports that there is a potential for a file or something trying to access the internet to download content, there are mediation steps that are in place. We don't have anything in the cloud so we're not looking for Umbrella at this point. View full review »
Ersin Bostanc─▒ says in a Sophos Cyberoam UTM review
Director Of Information Technology at a hospitality company with 1,001-5,000 employees
The performance and security are the best features. The security options are great. We never had an attack, which is pretty good. We use it from a standard location, and they are connected to each other. View full review »
Narendra Singh says in a Fortinet FortiGate review
Solution Architect at a marketing services firm with 11-50 employees
The most valuable feature is the VDOM, which allows the customer to have multiple firewalls in a single campus. Using the FortiGate security solution provides comprehensive visibility and advanced layer 7 security, including threat protection, intrusion prevention, web filtering, and application control. They face a major complexity hurdle managing these point products with no integration and lack of visibility. Thie solution provides a high-performance inspection of clear-text and encrypted traffic. The FortiOS Operating system is robust, and the WAN load-balancing very much transparent. View full review »
JoelStech says in a Cisco ASA NGFW review
Senior Network Engineer at Orvis Company, Inc
The majority of what I use is the policy ruleset. We have another company that deals with the IPS and the IDS. That's helpful, but I can't necessarily speak to that because that's not the majority of what I do. The majority of what I do is create rules and work with the customers to make sure that things are getting in and out of the environment. I work with our e-commerce team to make sure that new servers that are spun up have the appropriate access to other DMZ servers. I also make sure that they have access to the internet. I make sure they have a NAT so that something can come into them if need be. We use Umbrella, Cisco's DNS, which used to be OpenDNS. We use that to help with security so that we're not going to sites that are known to be bad. They work well together. They're two different things. One is monitoring DS and doing web URLs, while the firewall I'm doing is traffic in and out, based on source destination and ports protocols. One of the things I like is that the upgrades are relatively seamless, as far as packet loss is concerned. If you have a firewall pair, upgrading is relatively painless, which is really nice. That's one of the key features. We do them off-hours, but we could almost do them during the day. We only lose a few packets when we do an upgrade. That's a bonus and if they keep that up that would be great. Check Point does a reasonably good job at it as well, but some of the other ones I've dealt with don't. I've heard from people with other firewalls and they don't have as good an experience as we do. I've heard other people complain about doing upgrades. View full review »
JoshuaThums says in a Cisco Firepower NGFW review
Network Administration Lead at Forest County Potawatomi Community
The most valuable features of Cisco firewalls are the IPS and IDS items. We find them very helpful. Those are the biggest things because we have some odd, custom-made products in our environment. What we've found through the IPS and IDS is that their vulnerability engines have caught things that are near-Zero-day items, inside of our network. Those items are capable being exploited although they were not actually being exploited. Being able to see what those exploits are, the potential for vulnerabilities and exploits, is critical for us. View full review »
Imad Awwad says in a Cisco ASA NGFW review
Group IT Manager at Malia Group
Unfortunately in Cisco, only the hardware was good. As for the features and services it was less than the others. Having all of the features means higher specs of hardware and intelligence processing so that it can handle all the logs proactively. Now, what is needed from the Information security, is to be proactively aware of any threat that might expose our data and at the same time have full visibility over our information sharing endpoints. View full review »
WalterShelver says in a Comodo Dome Firewall review
Managing Director at CableWeb
The setup, the configuration, and the security are the most valuable features. This solution is user-friendly. View full review »
KevinTafuro says in a Fortinet FortiOS review
IT Manager at Cloudjet
FortiVPN I think is the only one vpn that can be shared with customers and employees, however another features is FortiVM that allow us to have onne solution from Onpremise datacenter to cloud datacenters. View full review »
Ibrahim El Sayed says in a Fortinet FortiGate review
Network & Hardware Administrator with 1,001-5,000 employees
The most valuable feature is the SD-WAN because I can manage many lines and load balance them all. View full review »
MXfirew677 says in a Meraki MX Firewalls review
CEO at ITSG SA
One of the things I found very important for us is for our sites to have a new device. Another was to be able to have two solutions with the ease of firewalls to control everything. We use Meraki MX firewalls remote for small to bigger sites. One also was to have integration with have physical DC. We work also with domain control (DC) from Microsoft or Amazon. We use a whole virtual appliance with Meraki. One aspect of the problem is that we need to have the ability to do connections that are fully integrated, i.e. between one solution at home and at the data center. The short box epicenter is from Microsoft Azure in the future. View full review »
Luis Mendes says in a Meraki MX Firewalls review
Network Security Engineer at Techbase
The feature I find most valuable is the auto VPN. That is because it is really easy to configure and it's really reliable. The way we do traffic shaping and the way we block trafficking, it's very easy to configure. It is also easy for clients to maintain even without IT employees. View full review »
Rias Majeed says in a SonicWall TZ review
Software CIO at Exceed NetSec LLC
The most valuable features are the UTM, site-to-site VPN, and client-to-site VPN. The site-to-site VPN allows us to connect between the branches. We also use the global VPN client and the local VPN client. I find most of the features are useful. View full review »
Jeff Nduva Nduva says in an Untangle NG Firewall review
Technical Operations Manager at COSEKE
The features I have found the most useful are the web filter, the captive portal, the SSL inspector, and the ad-blocker. They're awesome. View full review »
Dave Winkel says in a Fortinet FortiGate review
President with 1-10 employees
Security Fabric makes VLANs a breeze. It impresses customers, as well as saves them money over the long run when comparing apples to apples. View full review »
Sherif Fouad says in a Sophos XG review
Project Manager at a mining and metals company with 1,001-5,000 employees
The application filters available with Sophos XG are brilliant. The sandboxing and the way the firewall or the UTM integrates with the installed endpoint antivirus clients on the user machines is brilliant. You get the chance to isolate network threats before they become active or become distributed on your network. With the cloud version of Sophos XG, you get the proper visibility of your network and the user machines. With the cloud versions of the antivirus, i.e. the cloud central management of the antivirus, you get high visibility. With the application between the installed Sophos UTM, you get a high level of visibility of what's happening on your network or on your client machines. You get protected against threats. You get proper visibility. That solves a major issue. View full review »
Panos Kre says in a Fortinet FortiGate review
User
The features that we have found most valuable are the SSL VPN and the user Portal. View full review »
Alfredo Cornell says in a pfSense review
Chief Technology Officer at Xpro Networks
We generally use it because it's cheap. When we need something more robust we use Barracuda and Sony Wireless Routers. For certain clients, we use pfSense because it's compatible with the VoIP platform. View full review »
Akhtarul Islam says in a WatchGuard XTM [EOL] review
CEO at Aveata Limited
* Data loss protection * Spam protection * User email protection View full review »
Branden Emia says in a ShieldX review
Senior Systems Engineer at Larry H. Miller Management Corporation
* It is good for its cost. * It is very easy to use. * It is very easy to scale. * It is easy to implement and doesn't take long. * They have a good support team with training and videos on different things. I create CIDR groups or workload names for either IPs or servers. In the CIDR groups, I have either multiple IP addresses or I am just doing it by the IP range. If I create a CIDR group type, then I tie an ACL control to what devices I want. This is where I am spending most of my time, creating these groups and tying them down to where they only talks to certain servers. I am also finding out that there are more things talking to each other than I originally thought, which is good. I thought one server was only speaking to these set of IPs, but they are actually talking to quite a bit of IPs. What I like about it now is that it has a single pane of glass to view our networks and groups. Also, in Vmware, it creates its own distributed switches instead of using my current VLAN distributed switches. View full review »
Brian Talbert says in a ShieldX review
Director of Network and Connectivity Solutions at a transportation company with 10,001+ employees
The primary features are being able to isolate and segment workloads, both within our data center and in the cloud, and to get visibility into what the applications are doing. The application visibility is the most important feature for us at the moment. The reason that it is so important is that we are migrating a lot of workloads from a legacy data center to a new data center, and that ability to have visibility into the application flows allows us to build the rules and policies for the newer data center. The Adaptive Intention Engine is fantastic. It allows us to develop security policies using the language of our internal customers. It's machine-learning applied to security workflows. That allows us to much more easily construct the policies that will protect those workflows. ShieldX also enables us to migrate to cloud environments faster. That is an important part of it for sure because it takes the exact same policies that we would apply to our on-premise environment and enables us to simply apply them to the cloud. It becomes one policy for both on-prem and for the cloud. It gives us a lower dollar-per-protected-megabyte than a traditional firewall, but it's also consuming fewer resources in our network environment because we're not having to send our traffic out of the virtual environment just to send it back in. It also helps with lower maintenance costs. View full review »
reviewer963351 says in a pfSense review
IT Manager & Sr. Application Programmer with 11-50 employees
There are so many packages you can install which extends pfSense's capabilities including consuming from lists such as FireHOL, Pi-Hole, etc. Here are a few packages we use: * IPSec: pfSense allows for both v1 and v2 IPSec configurations to secure your connections. * IPS: You can use Snort or Suricata along with Snort packages, even subscribe to commercial packages if you wish. This alone starts making pfSense on par with Cisco. * Proxy/content filtering: You can install Squid and SquidGuard to act as a proxy and content filter. Yes, it does filter HTTPS, and there's a number of ways you can do it out of the box. pfSense also reformatted their logs so that they're compliant and standardized. We have our logs shipped to our SIEM and Logstash servers. View full review »