We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete."
"Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"The implementation is pretty straightforward."
"Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."
"It's got the capabilities of amassing a lot of throughput with remote access and VPNs."
"When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well."
"The most valuable feature is the access control list (ACL)."
"They have a good system operator in the firewalls and it provides many tools that they can use to protect their networks."
"Operationally, it is easier, and the manageability and their security features are good."
"URL filtering and WildFire features are most valuable. It is very user-friendly. It is a very solid product, and it definitely works."
"Palo Alto NGFW provides a unified platform that natively integrates all security capabilities, which is very useful. This prevents us from having to go to a lot of different systems, and in some cases, many different systems in many different regions, because we are a global company with 60 remote offices around the world in 30 different countries. Its centralized platform is really what we look for in all services, whether it be security or otherwise."
"I have found it to be reliable and very easy to use. I haven't really encountered many problems with it because its documentation is clear and readily available on their website."
"It's one of the best products I've worked with. It's typically a market leader on Gartner. It's a very respected brand."
"The most valuable features are web filtering and application filtering."
"The technology's very good. We have had a lot of good experience with this solution."
"The initial setup is pretty easy."
"Technical support is very responsive."
"The most valuable features of this solution are the firewall application and application control."
"Good basic firewall functions with advanced firewall scanning."
"What I like about the solution is the ease of use."
"Sophos is a unified solution. We have anti-virus protection, firewall rules, knotting, and DACC all in one box."
"It's a stable solution."
"With Sophos, we have not had any incidents this year. The security provided has been good. It has proven to be okay for our needs."
"I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here."
"Report generation is an area that should be improved."
"I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device."
"One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment. In that amount of time, management or someone else can ask me to change something or to provide permissions, but during that time, doing so is not possible. It's a drawback with Cisco. Other vendors, like Palo Alto or Fortinet do not have this deployment time issue."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."
"One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically."
"When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance."
"I would like a collaboration system and reporting ASA policy needs to be smarter."
"I wish that the Palos had better system logging for the hardware itself."
"The machine learning in Palo Alto NG Firewalls for securing networks against threats that are able to evolve and morph rapidly is good, in general. But there have been some cases where we get false positives and Palo Alto has denied traffic when there have been new updates and signature releases. Valid traffic gets blocked. We have had some bad experiences with this. If there were an ability, before it denies traffic, to get some kind of notification that some traffic is going to be blocked, that would be good."
"The scalability of the firewalls could be improved."
"They can improve the handling and management of User-ID. They should also improve its price. Their technical support can also be improved."
"In the cloud, the HA could be a lot better. Its price could also be better. It is very expensive."
"They could improve their support and pricing and maybe integration. It's a little more expensive that Check Point but the quality is better. Integration with firewall endpoints could be better. Palo Alto does have very good malware or antivirus protection. I think they could improve on that front."
"People sometimes find it more expensive as compared to other solutions. There are also fewer training opportunities for Palo Alto than Cisco and other vendors."
"It's stable, but the reaction time of the GUI is terrible."
"The solution is not scalable."
"There needs to be some improvement in the IPsec VPN. There is implementation only support. I have version one. I'd be most interested in having IP version two from the protocol."
"Updates come out agonizingly slowly, a trickle."
"Sophos should be more user-friendly, have more dashboards, and an easier implementation."
"I think that additional metrics features are needed to be able to monitor other areas or to monitor as much as you can, at a fine-grain resolution."
"There were a lot of features and functionality in Sophos SG UTM but nothing was state of the art in terms of technology. You did not get the latest functions. It was very monolithic as it was based on an old Linux PuTTY system."
"The initial setup may be difficult for those not familiar with the product."
"It definitely competes with the other vendors in the market."
"Its pricing is good and competitive. There is a maintenance cost. It includes SecureX that makes it cost-effective as compared to the other solutions where you have to pay for XDR and SOAR capabilities."
"For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
"The solution was chosen because of its price compared to other similar solutions."
"I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
"Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees."
"I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
"This product is expensive."
"It is expensive."
"It is an expensive solution."
"It is very expensive. You pay for a year."
"The pricing is very high."
"Paul Alto is the most expensive solution in this category."
"Palo Alto is not a cheap solution but it is competitive when it comes to subscriptions."
"I am not involved in the commercial side, but I believe that Palo Alto is quite expensive compared to others."
"We pay for the licensing annually and the price could be cheaper."
"The solution is very low cost compared to competitors. You have a good firewall, a lot of functions for less than the price of some omni firewall competitors."
"This product is free for home users. The more expensive products have better performance."
"Our licensing fees are paid on a monthly basis."
"It's reasonably priced."
"It is necessary to pay for a licence to use the solution, but it is not very expensive."
"We pay for the service on a yearly basis. The last time we paid was in June, for a year. At the time, it was about $20,000."
"The appliance should be purchased and there is a fee for the license."
"It is the cheapest product available. It's good if you have a low budget."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Palo Alto Networks' next-generation firewalls secure your business with a prevention-focused architecture and integrated innovations that are easy to deploy and use. Now, you can accelerate growth and eliminate risks at the same time.
Palo Alto Networks NG Firewalls is ranked 8th in Firewalls with 67 reviews while Sophos UTM is ranked 2nd in Unified Threat Management (UTM) with 21 reviews. Palo Alto Networks NG Firewalls is rated 8.4, while Sophos UTM is rated 8.4. The top reviewer of Palo Alto Networks NG Firewalls writes "The product stability and level of security are second to none in the industry". On the other hand, the top reviewer of Sophos UTM writes "Great web and email filtering with reasonable pricing". Palo Alto Networks NG Firewalls is most compared with Fortinet FortiGate, Azure Firewall, Sophos XG, Meraki MX and SonicWall NSa, whereas Sophos UTM is most compared with Fortinet FortiGate, pfSense, Sophos XG, Untangle NG Firewall and SonicWall NSa. See our Palo Alto Networks NG Firewalls vs. Sophos UTM report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.