We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands."
"If configured, Firepower provides us with application visibility and control."
"Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity."
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"We have not had to deal with stability issues."
"The implementation is pretty straightforward."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"The most valuable features in OPNsense are reporting and visibility."
"The VPN server feature is the most valuable. It is integrated with Radius and AAA for doing accounting and authentication. Insight view is also an important feature for me at this time. It allows me to assess our network traffic. I also like the firewall feature. The BSD kernel has a packet filter. It is one of the most solid frameworks for firewalls. Its user interface is one of the best interfaces I have used."
"I have found the solution has some great features overall, such as guest access capabilities, dashboards, and ease of use. There is plenty of documentation and support and it has the plugins that I needed."
"The most valuable features are reporting, the Sensei plugin, and firewall capabilities."
"The interface and the dashboard are the most valuable features of this solution."
"The graphic user interface is very good and it is user-friendly which makes the product easy-to-use."
"The initial implementation process is simple."
"The solution is good for a basic firewall for a small business or for home use."
"Overall, this is a very simple and very effective firewall, and I am satisfied with it."
"Palo Alto has an approach that makes the configuration easier not only for the customers but also for the IT help for the customers."
"Palo Alto has a unique solution for DNS security, which is very good."
"The most valuable features are the virtualization of the firewall and the antivirus."
"Simple integrations with the domain controllers and other inventories"
"One of the most valuable features is Palo Alto's firewall management. We find it easier to manage the firewall centrally."
"Palo Alto has better and finer controls than, say, Cisco or Check Point."
"As long as the solution is kept updated, it's pretty stable."
"Cisco makes horrible UIs, so the interface is something that should be improved."
"Implementations require the use of a console. It would help if the console was embedded."
"The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area."
"In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"Report generation is an area that should be improved."
"My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement."
"The price and SD-WAN capabilities are the areas that need improvement."
"The only thing that I would like to see improved is the Insight or the NetFlow analysis part. It would be good to have the possibility to dig down on the Insight platform. Right now, we can easily do only a few analyses. If this page becomes more powerful, it surely will be a well-adopted platform."
"While they do have paid options that actually gives better features, for most of the clients, if they tend to take a paid option will instead opt for Fortinet."
"The interface isn't so friendly user. But we have some technicians here who are quite confident with this tool. OPNSense could maybe add sets of rules so it's simpler to manage different groups with particular needs."
"The logging could improve in OPNsense."
"The ability to set the VPN IP address would be a welcome addition."
"I would like to see better SD-WAN performance."
"The interface needs to be simplified. It is not user-friendly."
"The solution would not be suitable for anything large-scale."
"The ease of management and configuration should be improved."
"They should implement the features that the other firewalls have."
"The technical support, and how they provide it to the client, needs to be improved."
"The licensing cost is a typical complaint with many clients. The solution is expensive."
"The URL Filtering module needs to have more categories added to it."
"I would like to see the threat intelligence capability integrated with other vendors such as Cisco and Forcepoint."
"It would be nice if it could easily be integrated with Elasticsearch or Nagios."
"I'd like to see more data protection on the system."
"There are additional implementation and validation costs."
"This product requires licenses for advanced features including Snort, IPS, and malware detection."
"The price of Firepower is not bad compared to other products."
"The solution was chosen because of its price compared to other similar solutions."
"The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
"I am happy with the product in general, including the pricing."
"When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today."
"Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain."
"OPNsense is a well known open-source tool."
"OPNsense is an open-source solution and it is free to use."
"As an appliance, it's in the medium price range."
"OPNsense is open source software so at this time it is free for us to use."
"The solution is not expensive."
"It is not an expensive product. Basically, I deployed it because it was the fastest solution to satisfy our needs in open source."
"The price of this solution is too high."
"Pricing is a sensitive issue because the cost is high in this market."
"It would be nice if they lowered their prices for small businesses."
"The price of the solution is expensive."
"This is an expensive solution, although you will get value for the price."
"Palo Alto firewalls are very expensive."
"Products by the leader in the field are justifiably a bit more expensive compared to other vendors."
"This solution is expensive compared to other, similar products."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.
Designed to handle growing throughput needs due to increasing amounts of application-, user-, and device-generated data, the K2-Series offers amazing performance and threat prevention capabilities to stop advanced cyberattacks and secure mobile network infrastructure, subscribers, and services.
OPNsense is ranked 12th in Firewalls with 11 reviews while Palo Alto Networks K2-Series is ranked 15th in Firewalls with 18 reviews. OPNsense is rated 8.0, while Palo Alto Networks K2-Series is rated 8.6. The top reviewer of OPNsense writes "A solution that detects and blocks malicious content with good reporting and visibility, but the reliability needs improvement". On the other hand, the top reviewer of Palo Alto Networks K2-Series writes "IPS system is the strongest you can get and it has good decryption". OPNsense is most compared with pfSense, Untangle NG Firewall, Sophos XG, Sophos UTM and Fortinet FortiGate, whereas Palo Alto Networks K2-Series is most compared with . See our OPNsense vs. Palo Alto Networks K2-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.