We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"The feature set is fine and is rarely a problem."
"It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS."
"One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now."
"We have not had to deal with stability issues."
"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"The solution can scale well."
"The pricing of the solution is good."
"I find the simplicity to be most valuable."
"The most valuable feature is the WAN optimization."
"The user interface is the most valuable aspect of the solution."
"I really like that it's internationally deployable."
"The user interface, stability, and scalability are the most valuable features."
"The support is good. We don't have any issues with the technical support."
"We have utilized all the features. The most valuable are the URL filtering by category, DMZ zoning, load balancing and site-to-site VPN."
"The filtering is excellent."
"The most valuable features are that it is reasonably-priced and works well."
"The technical support is very good."
"Support has improved dramatically since their separation from Dell."
"We like the features, but the main thing is from a commercial and cost perspective it is very good."
"It is able to fulfill my requirements. It protects our network environment. It has control over IPS, signatures, and it can also manage bandwidth and mapping. It is also stable and has good support."
"The most valuable features are flexibility, ease of setup, and it's a good product cost-wise."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here."
"I was just trying to learn how this product actually operates and one thing that I see from internal processing is it does fire-walling and then sends it to the IPS model and any other model that needs to be performed. For example, content checking or filtering will be done in a field processing manner. That is something that causes delays in the network, from a security perspective. That is something that can be improved upon. Palo Alto already has implemented this as a pilot passed processing. So they put the same stream of data across multiple modules at the same time and see if it is giving a positive result by using an XR function. So, something similar can be done in the Cisco Firepower. Instead of single processing or in a sequential manner, they can do something similar to pile processing. Internal function that is something that they can improve upon."
"Report generation is an area that should be improved."
"Deploying configurations takes longer than it should."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement."
"The interface of the solution could be improved."
"They should keep us up to date about the latest version. That's the biggest thing. Currently, we have to go looking for the latest version. We should get notified about what's going on with the versions. I would like to see easier dual-factor authentication."
"The stability could be improved. I find Cisco to be more stable than Fortigate, which is I major differentiator between the two."
"Customization needs improvement."
"The interface needs to be updated and simplified."
"There are certain GUI features that should be present but are not."
"The user interface needs to be improved."
"In the next release, I would like to see integration capability with SIEM tools, such as QRadar, and LogRhythm."
"The content filter needs to be improved."
"The product likely isn't a good fit for a large organization."
"It doesn't require much improvement. The only improvement area is that cloud reporting, assessment reporting, and other reporting features should be available with the subscription. They should provide reporting features with the subscription base, which is currently not there. We bought the reporting tool, but there are some complications. They have made some changes to the application, and now the reporting management is completely on the cloud."
"The ongoing service fees are high."
"It would be useful to have an application firewall that prevents the outside world from seeing your private IPs. You don't need to publicize your private IPs to the outside world, and you can create a barrier, like a proxy server."
"The filter settings are confusing and overly complicated. The user interface can be improved."
"It would help us a lot of SonicWall sent us more information about the latest updates and things that are changing."
"Needs a more detailed reporting feature."
"The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
"This product is expensive."
"We normally license on a yearly basis. The hardware procurement cost should be considered. If you're virtual maybe that cost is eradicated and just the licensing cost is applied. If you have hardware the cost must be covered by you. All the shipping charges will be paid by you also. I don't thing there are any other hidden charges though."
"The price is comparable."
"The solution was chosen because of its price compared to other similar solutions."
"I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
"Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees."
"This solution is expensive and other solutions, such as FortiGate, are cheaper."
"There is a support fee that can be bought on a yearly or two-yearly basis. I don't think they do five years. The best benefit is that the same pricing is guaranteed for that duration. If you can afford it, I would recommend using the longest possible time span."
"There should be a reduction in the setup price and licensing costs."
"The price of this product is great compared to others."
"There is no additional cost. Once you get the licensing fee, you're good."
"The cost of this product is too high."
"At present, the SD-WAN licenses are on an annual basis."
"The price is similar to Symantec Endpoint, but it's more expensive than Forcepoint solutions. Fortinet is better than Forcepoint."
"The price could be lower."
"The pricing and value are good."
"They do have the option to purchase yearly, or two years, and three years renewal."
"SonicWall is a one-time purchase and there is no renewal license."
"You need their analyzer to properly generate reports. This is an expensive, licensed feature, with a complex application or appliance back-end."
"A firewall doing anti-spam might be a low cost solution, but it is not your best strategy."
"When implemented properly, the total cost of operation is very low."
"The pricing is good and we are satisfied with the cost of this solution."
"The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
FortiGate Virtual Appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all of the security and networking services common to traditional hardware-based FortiGate appliances. With the addition of virtual appliances from Fortinet, you can deploy a mix of hardware and virtual appliances, operating together and managed from a common centralized management platform.
Fortinet FortiGate-VM is ranked 12th in Firewalls with 54 reviews while SonicWall NSa is ranked 15th in Firewalls with 35 reviews. Fortinet FortiGate-VM is rated 8.2, while SonicWall NSa is rated 7.6. The top reviewer of Fortinet FortiGate-VM writes "Slightly unstable, needs a better user interface, and lacks good monitoring capabilities ". On the other hand, the top reviewer of SonicWall NSa writes "A rugged solution capable of defeating advanced threats". Fortinet FortiGate-VM is most compared with Azure Firewall, Fortinet FortiGate, Palo Alto Networks VM-Series, OPNsense and Meraki MX, whereas SonicWall NSa is most compared with Meraki MX, Fortinet FortiGate, WatchGuard Firebox, SonicWall TZ and Zyxel Unified Security Gateway. See our Fortinet FortiGate-VM vs. SonicWall NSa report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.