Compare Cisco Firepower NGFW vs. Kerio Control

Cisco Firepower NGFW is ranked 8th in Firewalls with 21 reviews while Kerio Control is ranked 15th in Firewalls with 11 reviews. Cisco Firepower NGFW is rated 8.0, while Kerio Control is rated 8.2. The top reviewer of Cisco Firepower NGFW writes "Highlights and helps us catch Zero-day vulnerabilities traveling across our network". On the other hand, the top reviewer of Kerio Control writes "Provides users with the ability to log in to the portal page, keep track of their data usage and perform bandwidth management". Cisco Firepower NGFW is most compared with Fortinet FortiGate, Cisco ASA NGFW and Palo Alto Networks WildFire, whereas Kerio Control is most compared with pfSense, Fortinet FortiGate and Sophos UTM. See our Cisco Firepower NGFW vs. Kerio Control report.
Cancel
You must select at least 2 products to compare!
Cisco ASA NGFW Logo
70,004 views|52,209 comparisons
Cisco Firepower NGFW Logo
24,274 views|20,051 comparisons
Kerio Control Logo
12,434 views|8,990 comparisons
Most Helpful Review
Find out what your peers are saying about Cisco Firepower NGFW vs. Kerio Control and other solutions. Updated: November 2019.
377,029 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
For us, the most valuable features are the IPX and the Sourcefire Defense Center module. That gives us visibility into the traffic coming in and going out, and gives us the heads-up if there is a potential outbreak or potential malicious user who is trying to access the site. It also helps us see traffic generated by an end device trying to reach out to the world.The information coming from Talos does a good job... I like the fact that Cisco is working with them and getting the information from them and updating the firewall.The firepower sensors have been great; they do a good job of dropping unwanted traffic.Unfortunately in Cisco, only the hardware was good.The most important point is the detection engine which is now part of the next-generation firewalls and which is supported by Cisco Talos.The most valuable features are the flexibility and level of security that this solution provides.Integration with all the other Cisco tools is valuable.We moved from a legacy firewall to the ASA with FirePOWER, increasing our Internet Edge defense dramatically.

Read more »

The protection and security features, like URL filtering, the inspection, and the IPS feature, are also very valuable for us. We don't have IT staff at most of the sites so for us it's important to have a robust firewall at those sitesThe IPS, as well as the malware features, are the two things that we use the most and they're very valuable.The most valuable features of Cisco firewalls are the IPS and IDS items. We find them very helpful. Those are the biggest things because we have some odd, custom-made products in our environment. What we've found through their IPS and IDS is that their vulnerability engines have caught things that are near-Zero-day items, inside of our network.Once you add Firepower onto to it and you start enabling some of its features, you get some IDS/IPS involved with it and you can even do web filtering.The most valuable feature of the Firepower solution is FireSIGHT, which can be easily managed and is user-friendly.I like the way Firepower presents the data. It gives you two classifications for the evidence, something based on the priority of the evidence and another classification based on the impact of the evidence in your environment. This makes it very easy to spot the evidence that is most impactful to my environment. Instead of having to go through all the evidence based on that priority, I can focus on the evidence that has the most impact on my environment.They wanted to leverage something which is equivalent that can give them the next gen features like application awareness and intrusion protection. So that is a major reason they were looking forward to this. The original ASA firewall did not have these features. This was the major reason the customer moved on to Cisco Firepower Threat Defense (FTD). Now they can go ahead and leverage those functionalities.Cisco Firepower NGFW is really easy to use right now to determine when my file requires a shift from primary to secondary status, and it can be done with automation. Earlier we used to do this with patching.

Read more »

It prevents people from visiting undesirable sites and ensures that they use the internet for their designated jobs.What I like the most about Kerio is that I can use the software appliance as a solution, so if the hardware fails for any reason then I can quickly replace it with hardware that I have in stock.All of the features of Kerio Control are equally good. Most valuable to us are the firewall rules, the intrusion detection system, and IP address features.The most valuable feature is to provide users with the ability to log in to the portal page, keep track of their data usage and perform bandwidth management.The flexibility of the system, the capacity to provide the right level of security, and the ability to be integrated into different kinds of infrastructures are the most valuable features.The statistic feature enables us to better use bandwidth management. We monitored the use by mobile, type of application, department, and by users. The bandwidth was solid. Our internet speed is optimized for our research.Kerio has improved my organization's security.Technical support is good. They respond right away.

Read more »

Cons
We were also not too thrilled when Cisco announced that in the upcoming new-gen ASA, iOS was not going to be supported, or if you install them, they will not be able to be managed through the Sourcefire. However, it seems like Cisco is moving away from the ASA iOS to the Sourcefire FireSIGHT firmware for the ASA. We haven't had a chance to test it out.Our latest experience with a code upgrade included a number of bugs and issues that we ran into. So more testing with their code, before it hits us, would help.The software was very buggy, to the point it had to be removed.In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline.Most users do not have awareness of this product's functionality and features. Cisco should do something to make them aware of them. That would be quite excellent and useful to organizations that are still using legacy data-center-security products.There was an error in the configuration, related to our uplink switches, that caused us to contact technical support, and it took a very long time to resolve the issue.With regards to stability, we had a critical bug come out during our evaluation... not good.The product would be improved if the GUI could be brought into the 21st Century.

Read more »

The user interface for the FirePOWER management console is a little bit different from traditional Cisco management tools. If you look at products we already use, like Cisco Prime or other products that are cloud-based, they have a more modern user interface for managing the products. For FirePOWER, the user interface is not very user-friendly. It's a little bit confusing sometimes.For the new line of FTDs, the performance could be improved. We sometimes have issues with the 41 series, depending what we activate. If we activate too many intrusion policies, it affects the CPU.The worst part of the entire solution, and this is kind of trivial at times, is that management of the solution is difficult. You manage FireSIGHT through an internet browser. I've had Cisco tell me to manage it through Firefox because that's how they develop it. The problem is, depending on the page you're on, they don't function in the same way. The pages can be very buggy, or you can't resize columns in this one, or you can't do certain things in that one. It causes a headache in managing it.In Firepower, there is an ability to search and dig into a search, which is nice. However, I'm not a super fan of the way it scrolls. If you want to look at something live, it's a lot different. You're almost waiting. With the ASDM, where it just flows, you can really see it. The second someone clicks something or does something, you'll see it. The refresh rate on the events in Firepower is not as smooth.I would like to see the inclusion of more advanced antivirus features in the next release of this solution.Also, they have a Firepower source file that I can work on the ASA device and on Firepower devices. A problem here lies in the way that you manage these devices. Some devices do not support the FMC, and some devices have to be managed through ASDM, and others have to be managed through FMC.I was just trying to learn how this product actually operates and one thing that I see from internal processing is it does fire-walling and then sends it to the IPS model and any other model that needs to be performed. For example, content checking or filtering will be done in a field processing manner. That is something that causes delays in the network, from a security perspective. That is something that can be improved upon. Palo Alto already has implemented this as a pilot passed processing. So they put the same stream of data across multiple modules at the same time and see if it is giving a positive result by using an XR function. So, something similar can be done in the Cisco Firepower. Instead of single processing or in a sequential manner, they can do something similar to pile processing. Internal function that is something that they can improve upon.One feature lacking is superior anti-virus protection, which must be added.

Read more »

Improvements are needed to the Next Generation Firewall Protection, specifically with user-level protection.Their support is getting better but still needs improvement.Kerio Control has just improved on their biggest problem, which was to introduce better support for high-availability requirements in production.I would like to be able to inspect https packets for the purpose of virus scanning.The improvement that we are looking for is for when decide to move some part of our application to the cloud.I would like for them to add more security features.They should add wireless features.I would like to see them develop a bit more flexibility creating VLANs.

Read more »

Pricing and Cost Advice
Pricing varies on the model and the features we are using. It could be anywhere from $600 to $1000 to up to $7,000 per year, depending on what model and what feature sets are available to us.We used Check Point and the two are comparable. Cost was really what put us onto the ASAs... the price tag for Check Point was exorbitantly more than what it is for the ASA solution.Always consider what you might need to reduce your wasted time and invest it in other solutions.Watch out for hidden licensing and incredibly high annual maintenance costs.We paid about $7,000 for the Cisco firewall, plus another small Cisco router and the lead switch. It was under the combined license. It's a final agreement.The cost is a big factor for us. This is why we are using it only in our restricted area. They are very much higher than their competitors in the market.Licensing is expensive compared to other solutions.Pricing is high, but it is essentially a corporate decision.

Read more »

Cisco's pricing is high, at times, for what they provide.Our subscription costs, just for the firewalls, is between $400,000 and $500,000 a year.The Firepower series of appliances is not cheap. I just got a quote recently for six firewalls that was in the range of over half-a-million dollars. That's what could push us to look to other vendors...The price of this solution is not good or bad.We normally license on a yearly basis. The hardware procurement cost should be considered. If you're virtual maybe that cost is eradicated and just the licensing cost is applied. If you have hardware the cost must be covered by you. All the shipping charges will be paid by you also. I don't thing there are any other hidden charges though.The Cisco licensing agreement in Bangladesh is different than the one in India and in Dubai. It is not a problem, but if you want to subscribe to the yearly subscription, the original cost is really high. Also, if you go for an anti-virus, you pay for an additional yearly subscription.It's more expensive than Fortinet and Juniper. The price is high compared to other vendors. In general, for the license, it's not that expensive.Based on the services that you will get, especially the AMP license, the price is very reasonable.

Read more »

My advice is to use your own hardware, and do not use theirs.There is a yearly upkeep fee.The pricing is in-line with our expectations in terms of the quality that we get for it.It's very affordable.The price is inexpensive.Pricing is good, but the licensing took a lot of time.Search and compare.

Read more »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
377,029 professionals have used our research since 2012.
Top Comparisons
Compared 39% of the time.
Compared 41% of the time.
Compared 15% of the time.
Compared 12% of the time.
Also Known As
Cisco ASA, Adaptive Security Appliance, ASACisco Firepower Next-Generation Firewall, FirePOWER
Learn
Cisco
Cisco
GFI
Overview

Adaptive Security Appliance (ASA) is Cisco's end-to-end software solution and core operating system that powers the Cisco ASA product series. This software solution provides enterprise-level firewall capabilities for all types of ASA products, including blades, standalone appliances and virtual devices. Adaptive Security Appliance provides protection to organizations of all sizes, and allows end-users to access information securely anywhere, at any time, and through any device.

Adaptive Security Appliance is also fully compatible with other key security technologies, and so provides organizations with an all-encompassing security solution.

Block more threats and quickly mitigate those that do breach your defenses with the industry’s first threat-focused NGFW.

The Cisco Firepower Next Generation Firewall (NGFW) prevents breaches, and can quickly detect and mitigate stealthy attacks using deep visibility and the most advanced security capabilities of any firewall available today - all while maintaining optimal network performance and uptime. With Cisco NGFW you can automate operations to save time, reduce complexity, and work smarter.

Kerio Control brings together next-generation firewall capabilities -- including a network firewall and router, intrusion detection and prevention (IPS), gateway anti-virus, VPN, and web content and application filtering. These comprehensive capabilities and unmatched deployment flexibility make Kerio Control the ideal choice for small and mid-sized businesses.

Offer
Learn more about Cisco ASA NGFW
Learn more about Cisco Firepower NGFW
Learn more about Kerio Control
Sample Customers
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, WestfieldTriton Technical, McDonald's
Top Industries
REVIEWERS
Financial Services Firm17%
Comms Service Provider11%
Manufacturing Company11%
University8%
VISITORS READING REVIEWS
Software R&D Company29%
Comms Service Provider16%
Media Company8%
Retailer5%
REVIEWERS
Financial Services Firm42%
Comms Service Provider25%
Transportation Company17%
Manufacturing Company17%
VISITORS READING REVIEWS
Software R&D Company25%
Comms Service Provider19%
Financial Services Firm6%
Government6%
VISITORS READING REVIEWS
Comms Service Provider26%
Software R&D Company17%
Healthcare Company15%
Media Company9%
Company Size
REVIEWERS
Small Business36%
Midsize Enterprise25%
Large Enterprise38%
VISITORS READING REVIEWS
Small Business36%
Midsize Enterprise20%
Large Enterprise44%
REVIEWERS
Small Business44%
Midsize Enterprise28%
Large Enterprise28%
REVIEWERS
Small Business80%
Midsize Enterprise20%
Find out what your peers are saying about Cisco Firepower NGFW vs. Kerio Control and other solutions. Updated: November 2019.
377,029 professionals have used our research since 2012.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Sign Up with Email