Joland Van LondenProject Engineer at Telindus B.V.
Anonymous UserHead of IT Infrastructure at a financial services firm
Anonymous UserExecutive Cyber Security Consultant at a tech services company
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"I like the way Firepower presents the data. It gives you two classifications for the evidence, something based on the priority of the evidence and another classification based on the impact of the evidence in your environment. This makes it very easy to spot the evidence that is most impactful to my environment. Instead of having to go through all the evidence based on that priority, I can focus on the evidence that has the most impact on my environment."
"The most valuable feature of the Firepower solution is FireSIGHT, which can be easily managed and is user-friendly."
"Once you add Firepower onto to it and you start enabling some of its features, you get some IDS/IPS involved with it and you can even do web filtering."
"The most valuable features of Cisco firewalls are the IPS and IDS items. We find them very helpful. Those are the biggest things because we have some odd, custom-made products in our environment. What we've found through their IPS and IDS is that their vulnerability engines have caught things that are near-Zero-day items, inside of our network."
"The IPS, as well as the malware features, are the two things that we use the most and they're very valuable."
"The protection and security features, like URL filtering, the inspection, and the IPS feature, are also very valuable for us. We don't have IT staff at most of the sites so for us it's important to have a robust firewall at those sites"
"We can easily track unauthorized users and see where traffic is going."
"With the FMC and the FirePOWERs, the ability to quickly replace a piece of hardware without having to have a network outage is useful. Also, the ability to replace a piece of equipment and deploy the config that the previous piece of equipment had is pretty useful."
"This solution not only provides better security than flat VLAN segments but allows easy movement through the lifecycle of the server."
"The most valuable features are the IPS/IDS subscriptions."
"Provision of quality training material and the reporting is very good."
"The solution allows us to set parameters on where our users can go. We can block certain sites or ads if we want to."
"The interface and dashboards are good."
"The most valuable feature is the security provided by the ATP."
"I like that it has high security."
"Innovative, advanced threat protection is the most valuable feature."
"The most valuable aspects of this solution are that it's simple and stable. It has better security aspects compared to other similar solutions."
"The most valuable features are security and support."
"The interface with Panorama makes it very easy to use."
"The most valuable features are web control and IPS/IDS."
"In Palo Alto the most important feature is the App-ID."
"The most valuable feature is the Posture Assessment."
"The most valuable feature is that you can control your traffic flowing out and coming it, allowing you to apply malware and threat protection, as well as vulnerability checks."
"The Palo Alto VM-Series is nice because I can move the firewalls easily."
"Also, they have a Firepower source file that I can work on the ASA device and on Firepower devices. A problem here lies in the way that you manage these devices. Some devices do not support the FMC, and some devices have to be managed through ASDM, and others have to be managed through FMC."
"I would like to see the inclusion of more advanced antivirus features in the next release of this solution."
"In Firepower, there is an ability to search and dig into a search, which is nice. However, I'm not a super fan of the way it scrolls. If you want to look at something live, it's a lot different. You're almost waiting. With the ASDM, where it just flows, you can really see it. The second someone clicks something or does something, you'll see it. The refresh rate on the events in Firepower is not as smooth."
"The worst part of the entire solution, and this is kind of trivial at times, is that management of the solution is difficult. You manage FireSIGHT through an internet browser. I've had Cisco tell me to manage it through Firefox because that's how they develop it. The problem is, depending on the page you're on, they don't function in the same way. The pages can be very buggy, or you can't resize columns in this one, or you can't do certain things in that one. It causes a headache in managing it."
"For the new line of FTDs, the performance could be improved. We sometimes have issues with the 41 series, depending what we activate. If we activate too many intrusion policies, it affects the CPU."
"The user interface for the Firepower management console is a little bit different from traditional Cisco management tools. If you look at products we already use, like Cisco Prime or other products that are cloud-based, they have a more modern user interface for managing the products. For Firepower, the user interface is not very user-friendly. It's a little bit confusing sometimes."
"We would like to see improvement in recovery. If there is an issue that forces us to do recovery, we have to restart or reboot. In addition, sometimes we have downtime during the maintenance windows. If Cisco could enhance this, so that upgrades would not necessarily require downtime, that would be helpful."
"We had an event recently where we had inbound traffic for SIP and we experienced an attack against our SIP endpoint, such that they were able to successfully make calls out... Both CTR, which is gathering data from multiple solutions that the vendor provides, as well as the FMC events connection, did not show any of those connections because there was not a NAT inbound which said either allow it or deny it."
"I wish that the Palos had better system logging for the hardware itself."
"In the future, I would like to see more OTP features."
"Need improvement with their logs, especially the command line interface."
"We're working with the entry-level appliances, so I don't know what the higher-end ones are like, however, on the entry-level models I would say commit speeds need to be improved."
"The pricing could be improved upon."
"I would like the option to be able to block the traffic from a specific country in a few clicks."
"The whole performance takes a long time. It takes a long time to configure."
"The user interface is probably not as slick as it could be."
"In the next release, I would like for them to develop an anti-malware functionality in which it checks for malicious files like Cisco has."
"There should be an option for direct integration with the Azure platform."
"The command-line interface is something that some people struggle with and I think that they should have an option to go straight to the GUI."
"I would like to have automatic daily reporting, such as how many users have connected via SSL VPN."
"The solution needs to have more easily searchable details or documentation about it online, so it's easier to Google if you have queries."
"In the next release, I would like to see better integration between the endpoints and the firewalls."
"The disadvantage with Palo Alto is that they don't have a cloud-based solution that includes a secure web gateway."
"The product needs improvement in their Secure Access Service Edge."
"The price of this solution is not good or bad."
"The Firepower series of appliances is not cheap. I just got a quote recently for six firewalls that was in the range of over half-a-million dollars. That's what could push us to look to other vendors..."
"Our subscription costs, just for the firewalls, is between $400,000 and $500,000 a year."
"Cisco's pricing is high, at times, for what they provide."
"The one-time cost is affordable, but the maintenance cost and the Smart Net costs need to be reduced. They're too high."
"We normally license on a yearly basis. The hardware procurement cost should be considered. If you're virtual maybe that cost is eradicated and just the licensing cost is applied. If you have hardware the cost must be covered by you. All the shipping charges will be paid by you also. I don't thing there are any other hidden charges though."
"Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
"There are additional implementation and validation costs."
"The price of this product should be reduced."
"The pricing is competitive in the market."
"This is an expensive product, which is why some of our customers don't adopt it."
"The product is expensive compared to competing products but uses a similar type of pricing model based on hardware, software and maintenance."
"It is a little bit expensive than other firewalls, but it is worth every penny. There are different licenses for the kinds of services you want to use. When we buy a new product, we go for a three-year subscription."
"It is a little bit expensive."
"The NG firewall is an expensive solution."
"This is an expensive product and there is a subscription cost."
"The price of this solution is very high for some parts of Africa, which makes it a challenge."
"Palo Alto can be as much as two times the price of competing products that have twice the capabilities."
"The cost of this product varies from customer to customer and the relationship with IBM, including how many offerings from IBM are already being used."
"Because I work for a university and the URL is for the institution, it's a free license for us."
"It is not the cheapest on the market. The total cost for two firewall instances is $75,000. This includes licenses, deployment fees, and support for two years."
"The VM series is licensed annually."
Donny LeeUser at KLA
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Palo Alto Networks' next-generation firewalls secure your business with a prevention-focused architecture and integrated innovations that are easy to deploy and use. Now, you can accelerate growth and eliminate risks at the same time.
The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM.
The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports.
In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.
Palo Alto Networks NG Firewalls is ranked 7th in Firewalls with 60 reviews while Palo Alto Networks VM-Series is ranked 11th in Firewalls with 16 reviews. Palo Alto Networks NG Firewalls is rated 8.4, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Palo Alto Networks NG Firewalls writes "The product stability and level of security are second to none in the industry". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "An excellent solution for the right situations and businesses". Palo Alto Networks NG Firewalls is most compared with Fortinet FortiGate, Azure Firewall, Sophos XG, pfSense and OPNsense, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate, Cisco ASA Firewall, Juniper SRX and Check Point NGFW. See our Palo Alto Networks NG Firewalls vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.