We performed a comparison between Cisco Secure Firewall and WatchGuard Firebox based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: The two solutions are very comparable. WatchGuard Firebox received slightly better ratings because it is easier to deploy than Cisco Secure Firewall.
"It's quite comfortable to handle the FortiGate firewall."
"The initial installation is very straightforward."
"In terms of security, we have not experienced any security flaws or loopholes, and it has proven to be quite stable."
"FortiGate has a very strong unified threat management system."
"The security features are about the best that I've seen anywhere."
"We have found it to be very reliable and that's why our teams and various users in our company use it as our main firewall every day."
"Our security improved from being able to put in rules and close off unwanted traffic."
"We are a visual effects company, and there have been a number of high profile security issues in our industry. This has brought us to a higher standard of security, which our clients are very keen on these days."
"I would say the Firepower module is most valuable. I'm trying more to transition to this kind firewall. I had to study a little on Palo Alto Networks equipment. There is a lot I have to learn about the difference."
"The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos."
"VPN, firewall, and IDS/IPS allow us to deliver services to meet client needs across various industry verticals."
"A powerful enterprise security solution that is dependible."
"If only a Layer 4 FW is needed, this is a good solution."
"The product offers good scalability."
"The customer service/technical support is very good with this solution."
"There are no issues that we are aware of. It does its job silently in the background."
"It has everything we need in terms of functionality."
"The Dimension control, the one-spot reporting and control, has been nice. It's been easy to go in and make sure people are doing what they're supposed to be doing and that only the right stuff is getting in."
"The solution has increased productivity with our outside salespeople being able to connect into their computers and use those remotely."
"After conducting several tests I found the antivirus is working very well. Additionally, they have a very interesting feature, DNS WatchGuard, which is checking DNS requests for phishing, among other things, and it has caught a lot of unwanted attempts and attacks."
"The most valuable features are the VPN and web blocker security."
"It saves us time in the respect that we now have the template built for it so we can get in and get it done. We've had much less problem supporting Voice over IP technologies from different companies. Because our client base has grown over the years, we're probably saving 20 to 30 man-hours a month now that we've got this on a good stable level."
"The most valuable feature of WatchGuard Firebox is the VPN. It's easy to connect to the VPN."
"I could still keep the data rates really high, up near the two gigahertz data speeds, without compromise on the security perimeters being acted simultaneously."
"The room for improvement is about the global delivery time period. Usually I need to wait for almost one month to deliver it overseas. So if you can shorten the deliver time it'd be great."
"Difficult to add or define, and not that easy to configure and manage."
"FortiLink is the interface on the firewall that allows you to extend switch management across all of your switches in the network. The problem with it is that you can't use multiple interfaces unless you set them up in a lag. Only then you can run them. So, it forces you to use a core type of switch to propagate that management out to the rest of the switches, and then it is running the case at 200. It leaves you with 18 ports on the firewall because it is also a layer-three router that could also be used as a switch, but as soon as you do that, you can't really use them. They could do a little bit more clean up in the way the stacking interface works. Some use cases and the documentation on the FortiLink checking interface are a little outdated. I can find stuff on version 5 or more, but it is hard to find information on some of the newer firmware. The biggest thing I would like to see is some improvement in the switch management feature. I would like to be able to relegate some of the ports, which are on the firewall itself, to act as a switch to take advantage of those ports. Some of these firewalls have clarity ports on them. If I can use those, it would mean that I need to buy two less switches, which saves time. I get why they don't, but I would still like to see it because it would save a little bit of space in the server rack."
"Fortinet FortiGate is a stable solution. However, my issue is the performance only. When I use all the profiles, this affects the performance. From the beginning, I should have had a better sizing of the box."
"Some of the web policy reports could be improved."
"The solution lacks sufficient filtering."
"I would prefer to have more detailed logs within the FortiGate products themselves rather than relying on a separate tool."
"The support costs and licensing are sometimes so expensive."
"The user interface is too complex for people who are not trained to or certified to engage with the product. The interface should be easier to use."
"One area where the ASA could be improved is that it doesn't have AMP. When you get an ASA with the Firepower model, ASA with FTD, then you have advanced malware protection."
"The stability could be better because we have a lot of issues with the stability of Cisco Firepower."
"Most users do not have awareness of this product's functionality and features. Cisco should do something to make them aware of them. That would be quite excellent and useful to organizations that are still using legacy data-center-security products."
"You have to know the ASA command line very well because not all operations are available in the graphical interface"
"There was an error in the configuration, related to our uplink switches, that caused us to contact technical support, and it took a very long time to resolve the issue."
"It should have an additional “operating mode”, like a “candidate configuration mode”, where you would have the possibility to test the changes you are going to implement and also the possibility to validate these changes."
"The ASAs are being replaced with the new Firepowers and they have a different type of structure in the configuration to be able to migrate from one to the other."
"The solution's pricing could be improved."
"There is room for improvement in the threat protection, data packet inspection, and performance of the solution. Generally, it's just a lower-end product. It does the job but doesn't do it very well."
"There is a slight learning curve."
"There could also be better reporting. For example, there should be more out-of-the-box management reports."
"Once you start getting into proxy actions and setting up: "Okay, cool. Once this rule gets triggered, what actions have to happen?" I do know a few people who use WatchGuard and they still have to get assistance when they look at that. So I would file that as a con for WatchGuard. Proxy actions can be a little bit complicated."
"Due to their lack of investment in marketing, channel development, and certifications, WatchGuard faces challenges in gaining visibility and market share, especially in regions like Pakistan."
"The documentation for the System Manager/Dimension configuration, could be a little bit clearer... The use case where you have multiple sites with multiple firewalls, and one site that has the System Manager server and the Dimension server, wasn't really well defined. It took me a little bit of digging to get that to actually work."
"Sometimes, the writing rules are a little confusing in how am I doing them."
Cisco Secure Firewall is ranked 4th in Firewalls with 404 reviews while WatchGuard Firebox is ranked 13th in Firewalls with 78 reviews. Cisco Secure Firewall is rated 8.2, while WatchGuard Firebox is rated 8.6. The top reviewer of Cisco Secure Firewall writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of WatchGuard Firebox writes "Offers a streamlined deployment, intuitive interface and robust security features". Cisco Secure Firewall is most compared with Palo Alto Networks WildFire, Netgate pfSense, Meraki MX, Sophos XG and Sophos UTM, whereas WatchGuard Firebox is most compared with Netgate pfSense, Sophos XG, OPNsense, SonicWall TZ and Sophos UTM. See our Cisco Secure Firewall vs. WatchGuard Firebox report.
See our list of best Firewalls vendors and best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.