We performed a comparison between Cisco Secure Firewall, Fortinet FortiGate, and Sophos XG based on real PeerSpot user reviews.
Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls."Even in very big environments, Cisco comes in handy with configuration and offers reliability when it comes to managing multiple items on one platform."
"The features I found most valuable in this solution, are the overall security features."
"Protecting our landscape in general and being able to see logging when things aren't going as set out in policies are valuable features. Our security department is keen on seeing the logging."
"If we look at the Cisco ASA without Firepower, then one of the most valuable features is the URL filtering."
"The product offers good scalability."
"We can easily track unauthorized users and see where traffic is going."
"The features I have found most valuable are the ASA firewalls. I like to have features like most integrated systems in ACI."
"The features that are most valuable within the firewall are the IPS as well as the Unified Communications. We also really like the dynamic grouping."
"The UTM feature is quite good. FortiAP is easy to deploy because both Fortigate and FortiAP are under the same brand. Otherwise, you need to do more work on the configuration."
"What's most important is the ease of use."
"Whenever we raise a complaint with FortiGate, their response and resolution times are minimal."
"It performs very well."
"FortiGate firewalls are easy to manage through a user-friendly web interface. They also have advanced features like DDoS and DLP. However, I wouldn't recommend enabling all of these features on one device because it can cause performance issues."
"Fortinet FortiGate's most valuable features are ease of use, flexibility, and most of the configuration we can be done using the GUI. When we compare Fortinet FortiGate with other solutions the firewall policy are very easy to understand."
"The IPsec tunnels are very easily created, and quite interoperable with devices from other vendors."
"We purchased Fortinet because of the pricing, its functionality, because it met our requirements, and the total cost of ownership over five years was quite reasonable. In the market, Fortinet is rated quite well."
"I like the functionality and the user interface."
"It's a good security tool and it aligns with the rest of our security stack."
"The VPN feature is the most valuable. It has come in handy during this period when people are working from home. The filtering feature is also valuable because you can easily filter the sites that you don't want to visit. You can also set timely surfing quotas."
"Reporting is the most valuable feature."
"The most valuable features are its nice interfaces and configuration. The endpoint is also very good."
"This solution does everything and anything a firewall can do."
"The most valuable features are the central management, the user VPN, and communications."
"They really work scalability into the solution at the outset."
"Cisco ASDM is a problem because it is old."
"One of the problems that we have had is the solution requires Java to work. This has caused some problems with the application visibility and control. When the Java works, it is good, but Java wasn't a good choice. I don't like the Java implementation. It can be difficult to work with sometimes."
"Our latest experience with a code upgrade included a number of bugs and issues that we ran into. So more testing with their code, before it hits us, would help."
"There used to be information displayed about the packets in a module called Packet Flow, but it is no longer there."
"One area where the ASA could be improved is that it doesn't have AMP. When you get an ASA with the Firepower model, ASA with FTD, then you have advanced malware protection."
"The scalability has room for improvement."
"I would like for them to develop better integration with other security platforms."
"The installation and integration of Cisco ASA with FirePOWER can be improved. The management with Fortigate is easier than Cisco ASA on FirePOWER. The management side of Cisco ASA can be improved so it can be more easily configured and used."
"I need user-behavior analytics, to find threat scenarios from inside the organization, insider attacks. That would be very helpful for us. In addition, I would like next-generation features for small and medium businesses. These businesses require UTM, all in one product. Fortinet must include it."
"The solution is very expensive."
"The web-cache feature which was previously on the FortiGate device, but was deleted with the recent upgrade should be returned. It was a very valuable feature for us."
"The room for improvement is about the global delivery time period. Usually I need to wait for almost one month to deliver it overseas. So if you can shorten the deliver time it'd be great."
"There are a lot of bugs I have found in the solution and it is difficult to upgrade. These areas need improvement."
"I would like Fortinet to add more automation to FortiGate."
"I feel that the reporting needs to be improved."
"The Web-filter in this solution is not very good."
"I'd like the dashboard to be improved. It could be a bit more customizable."
"Let's say I set up a rule to block users from accessing YouTube or Facebook. The rule will only block the HTTP traffic, which is non-secure traffic... The problem comes when you are trying to block, or allow, similar traffic that uses HTTPS. You have to create a certificate and import it into the users' web browsers, whatever they are using... The problem occurs when you're dealing with roaming users who use laptops and have to move between different sites that have different types of policies applied to them. You have to import all sorts of certificates from each site into their browser. Doing so will most probably conflict with something else that is totally irrelevant and cause a problem."
"When I call, I have to wait at least one to two hours to reach them."
"The SD-WAN could be improved."
"I would like to have remote access to clients using a static IP for a certain period of time."
"I would like to see in future releases a tool to scan for malicious packets and give the location of where they are coming from."
"Sophos XG does not have the ability to disconnect a user."
"There should be web caching to improve bandwidth utilization. It should have a very good caching feature. That's because we are in a very poor continent, and the connectivity cost is very high. We have low bandwidth, and the intensive usage of bandwidth is not easy here in Africa. If they improve services for web caching, it would be better."