We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The most valuable features of this solution are advanced malware protection, IPS, and IDS."
"The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
"It's got the capabilities of amassing a lot of throughput with remote access and VPNs."
"The customer service/technical support is very good with this solution."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches."
"The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable."
"Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity."
"Good identity fire walling, malware protection and application control features."
"Its ability to block incoming attacks is valuable. Its logging, traffic monitoring, and VPN capabilities are also valuable."
"Ability to manage multiple firewalls."
"Scalability is good; the company wants to be able to handle large customers."
"Its stability and SD-WAN features are the most valuable."
"Their GPS possibilities and the security that it has, especially the SD-WAN functionality, is very good."
"What I like best about this product are the support and the features."
"The interface is very user-friendly and it is quite easy to use."
"There are many fantastic features."
"The ports that I have assigned appear to be unattainable to outside 'mal-actors,' unless they have an address registered on the internet that this thing is expecting. That's a layer of security."
"The most valuable feature is the NAT-ing, the IP addresses... We can direct the traffic where it needs to go. We can control the traffic."
"It's very easy to use, especially compared to similar products. A lot more users use the WatchGuard appliance now than use the SonicWall appliance because of the ease of usability."
"The set up of the VPN is pretty straightforward. Being able to build VPNs on the fly for certain users, if need be, is also valuable."
"There are no problems with the technical support. If a problem occurs it gets resolved immediately with our technical support partners."
"The most valuable feature is the ease of use of the interface."
"I like that this product has very few issues."
"The price and SD-WAN capabilities are the areas that need improvement."
"When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance."
"The initial setup could be simplified, as it can be complex for new users."
"In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard."
"I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment."
"Report generation is an area that should be improved."
"The analytics are weak."
"If you have another brand of VPN where you have to put an SSL VPN between two devices, Barracuda doesn't support that at a certain point. You can't actually build the VPN between Barracuda and a different device of a different brand."
"The administration UI could be better. It should also have better application detection policies."
"The interface should be more user-friendly and it should be easier to configure."
"Command line could be more user friendly."
"If you experience an attack it can take a very long time to find a solution."
"The biggest issue that I have with this solution is that it is not super intuitive. Once you know what to do, things make sense, but you can't just open the program and start doing things. It would be great if there was a little bit more guided usage inside the program."
"Technical support used to be at a very high level but it is now a bit less so."
"The way Secure Sign-On authentication is happening needs to be improved. When the Secure Sign-On portal is turned on, anybody who comes into the campus, whether he or she is a staff member or a guest, has to go past the initial portal. One of the shortcomings is the username. It shouldn't allow permutations or combinations with upper or lower cases. For example, when there is a username abc, it shouldn't allow ABC or Abc. It should not allow the same username, but currently, two separate people can go in. Therefore, its authentication or validation should be improved, and the case sensitiveness should be picked up. If I have restricted someone to two devices, they shouldn't be able to use different combinations of the same username and get into the third or fourth device. It shouldn't allow different combinations of alphabets to be used to log in."
"There is room for improvement on the education side, regarding what does what, rather than just throwing it at a person and assuming they know everything about it. A lot of times, you have to call WatchGuard support to get the solution that will work, rather than their just having it published so that you can fix the problem on your own."
"The solution can improve by adding a feature to tag a MAC address of a computer system in the policy and more IP configuration settings."
"I would like to have a little more control over access points and the ability to see the bandwidth that is passing through a specific access point. We are not able to see that. We can see what traffic is passing through the Firebox itself, but we can't identify if it is coming from a particular access point or not."
"The few issues that we have had, such as not knowing where to go, they have been answered quickly."
"If they could make the traffic monitoring easier that would be great. I don't use it that frequently, but I would like to see some improvements in the ease of use of that component, so it makes more sense. I know it's a technical component so there's going to be some difficulty trying to make that easier."
"The only downside is that it is missing an API, that you can use to easily collect information from it."
"The pricing could be improved. It is definitely one of the more expensive products."
"This product requires licenses for advanced features including Snort, IPS, and malware detection."
"Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
"Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain."
"This solution is expensive and other solutions, such as FortiGate, are cheaper."
"I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
"When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis."
"Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees."
"I am happy with the product in general, including the pricing."
"The solution costs more than 800 Euros to purchase an F18, which is an entry model, and then another 500 Euros for instant replacement, and 500 Euros for energized updates. The total package would be around 1,900 Euros for five years license and all updates for an entry model."
"The 600 series is about USD $10,000 a year and the 80 is USD $400 a year."
"Its licensing is on a yearly basis. There is an upfront purchase price, and there is also an annual maintenance fee. There are no additional fees."
"They license it. When we buy it, we buy it with a three-year license. That's the most cost-effective way to do it. So, if you're going to buy it, then buy it with the three-year licensing."
"It has a very good price. It is not the most expensive one, and it is also not the cheapest one. It is just spot-on in terms of price."
"I usually tell people that it's really affordable as well, particularly compared to Cisco."
"The cost was somewhere in the vicinity of $2,000 to $3,000 for each one..."
"The pricing of WatchGuard is probably a little higher than the SonicWall, but it makes up for it in dependability. It's worth it to me, especially since it's not much higher. For just a little bit higher price you get the dependability of the firewall with the WatchGuard brand."
"WatchGuard had a very competitive price. It was only 10 to 20 percent more than a single instance device but with that extra cost it provided a second load balancing device... unlike other brands whose method of hardware and software licensing would have doubled our cost."
"The primary reason that we went with Firebox was its cost. It is very economical and it provided us with all the security functions that we were looking for at the time. And the throughput was more than what we required, so it was a very cost-effective device to deploy on our network."
"I find the solution to be very affordable."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Barracuda's Cloud Generation Firewalls redefine the role of the Firewall from a perimeter security solution to a distributed network optimization solution that scales across any number of locations and applications, connects on-premises and cloud infrastructures, and helps organizations transform their business.
WatchGuard's approach to network security focuses on bringing best-in-class, enterprise-grade security to any organization, regardless of size or technical expertise. Ideal for SMBs and distributed enterprise organizations, our award-winning Unified Threat Management (UTM) appliances are designed from the ground up to focus on ease of deployment, use, and ongoing management, in addition to providing the strongest security possible.
Barracuda CloudGen Firewall is ranked 24th in Firewalls with 8 reviews while WatchGuard Firebox is ranked 3rd in Unified Threat Management (UTM) with 26 reviews. Barracuda CloudGen Firewall is rated 7.8, while WatchGuard Firebox is rated 8.6. The top reviewer of Barracuda CloudGen Firewall writes "Good SIEM and a dynamic VPN with good scalability". On the other hand, the top reviewer of WatchGuard Firebox writes "Competent, basic front-end; the ports that I have assigned appear to be unattainable to outsiders". Barracuda CloudGen Firewall is most compared with Fortinet FortiGate, Sophos XG, Cisco ASA Firewall, SonicWall TZ and Sophos UTM, whereas WatchGuard Firebox is most compared with Fortinet FortiGate, Sophos XG, SonicWall NSa and pfSense. See our Barracuda CloudGen Firewall vs. WatchGuard Firebox report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.