Henry PanTechnical Consulting Manager at a consultancy
Anonymous UserSolutions Consultant at a comms service provider
Dirk EmmermacherNetwork Administrator at Niedersächsischer Turner-Bund e.V.
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"I like the way Firepower presents the data. It gives you two classifications for the evidence, something based on the priority of the evidence and another classification based on the impact of the evidence in your environment. This makes it very easy to spot the evidence that is most impactful to my environment. Instead of having to go through all the evidence based on that priority, I can focus on the evidence that has the most impact on my environment."
"The most valuable feature of the Firepower solution is FireSIGHT, which can be easily managed and is user-friendly."
"Once you add Firepower onto to it and you start enabling some of its features, you get some IDS/IPS involved with it and you can even do web filtering."
"The most valuable features of Cisco firewalls are the IPS and IDS items. We find them very helpful. Those are the biggest things because we have some odd, custom-made products in our environment. What we've found through their IPS and IDS is that their vulnerability engines have caught things that are near-Zero-day items, inside of our network."
"The IPS, as well as the malware features, are the two things that we use the most and they're very valuable."
"The protection and security features, like URL filtering, the inspection, and the IPS feature, are also very valuable for us. We don't have IT staff at most of the sites so for us it's important to have a robust firewall at those sites"
"We can easily track unauthorized users and see where traffic is going."
"With the FMC and the FirePOWERs, the ability to quickly replace a piece of hardware without having to have a network outage is useful. Also, the ability to replace a piece of equipment and deploy the config that the previous piece of equipment had is pretty useful."
"I'm more inclined towards the conventional firewall. So for me, I'm more geared towards the standard firewall type functionalities as well as the web application firewall because that seems to work fine."
"The most valuable feature is the IPSec forwarding."
"Having a firewall solution with a data quota is very important when the bandwidth is limited, which really distinguishes it from other products."
"The product, itself, doesn't seem to have any bugs or glitches."
"The interface is user-friendly."
"It has been working fine. You just turn it on, and it works."
"The user interface is well laid out and understandable."
"The initial setup was straightforward."
"The most valuable are the VPN and proxy features."
"It's pretty simple to understand when you want to do any diagnostics on your network. If you want to go in and see what packages are having trouble getting through, what's being held, stalled, etc., it's very easy to use in that way."
"The firewall aspect and the branch office VPNs are the most valuable features... We don't have any issues with it. We don't have to spend a lot of time maintaining it."
"It protects me against malicious websites, as well as malicious downloads, as a perimeter anti-virus. I've also seen it blocking a lot of pings and different probes."
"If there is any conflict, the reporting feature will kick out all types of information, which is great."
"One of my favorite features is the Geolocation service, where you can actually block specific activity or IP addresses registered to certain countries. For example, I don't want any web traffic from Russia or North Korea. I may even lock down certain policies down to 'I only want U.S. IP addresses.' I find that very useful."
"They've done a lot of work with their SD-WAN, which we do use, to have our old internet service with our new internet service. If anything goes down on a particular interface, I can have different rules applied. Most of my users don't even know when our primary internet goes down anymore... I don't have to be here to do anything to switch it to our backup internet or to switch it back."
"One of the most valuable features is the Geolocation. Because we aren't a multinational corporation, it allows me to look at things which might be suspicious to make sure that they are legitimate transactions rather than people sniffing around the network."
"Also, they have a Firepower source file that I can work on the ASA device and on Firepower devices. A problem here lies in the way that you manage these devices. Some devices do not support the FMC, and some devices have to be managed through ASDM, and others have to be managed through FMC."
"I would like to see the inclusion of more advanced antivirus features in the next release of this solution."
"In Firepower, there is an ability to search and dig into a search, which is nice. However, I'm not a super fan of the way it scrolls. If you want to look at something live, it's a lot different. You're almost waiting. With the ASDM, where it just flows, you can really see it. The second someone clicks something or does something, you'll see it. The refresh rate on the events in Firepower is not as smooth."
"The worst part of the entire solution, and this is kind of trivial at times, is that management of the solution is difficult. You manage FireSIGHT through an internet browser. I've had Cisco tell me to manage it through Firefox because that's how they develop it. The problem is, depending on the page you're on, they don't function in the same way. The pages can be very buggy, or you can't resize columns in this one, or you can't do certain things in that one. It causes a headache in managing it."
"For the new line of FTDs, the performance could be improved. We sometimes have issues with the 41 series, depending what we activate. If we activate too many intrusion policies, it affects the CPU."
"The user interface for the Firepower management console is a little bit different from traditional Cisco management tools. If you look at products we already use, like Cisco Prime or other products that are cloud-based, they have a more modern user interface for managing the products. For Firepower, the user interface is not very user-friendly. It's a little bit confusing sometimes."
"We would like to see improvement in recovery. If there is an issue that forces us to do recovery, we have to restart or reboot. In addition, sometimes we have downtime during the maintenance windows. If Cisco could enhance this, so that upgrades would not necessarily require downtime, that would be helpful."
"We had an event recently where we had inbound traffic for SIP and we experienced an attack against our SIP endpoint, such that they were able to successfully make calls out... Both CTR, which is gathering data from multiple solutions that the vendor provides, as well as the FMC events connection, did not show any of those connections because there was not a NAT inbound which said either allow it or deny it."
"I would say there's room for improvement in terms of the GUI. Because it is better than some of the other standard firewalls. They have the drag and drop features."
"The VPN needs to be improved."
"When it comes to web filtering and application filtering, it does not contain enough signatures to determine all of the sites that need to be blocked."
"Cyberoam UTM needs to have more certifications with third-parties, such as NSS Labs."
"We have had some issues with technical support, which is an area that needs improvement."
"It should have a better VPN client. We decided to find something different than Cyberoam because of the VPN client software. It would be nice to have a user interface not only in English but also in different languages."
"Sometimes, users are timed out intermittently."
"Technical support could be faster."
"It's very hard to get information from their website, for exactly what I need to do. Sometimes I end up having to open a lot of support tickets... It's a navigational issue which makes it hard to find what I'm looking for and it's just so broad."
"One other shortcoming is that there is no backup for it. We really haven't figured out how we might solve that problem. We may want to put a duplicate in... With WatchGuard, we just have the one box. If that were to fail, we'd probably be really hurting."
"We use WatchGuard to manage our failover for internet. If a primary internet goes down, it does a failover to the secondary the internet. However, what it doesn't do so well is that if the primary internet has a lot of latency but it's not completely down, it doesn't do a failover to the backup in a timely manner."
"I would like to see more simplified management of the firewall... It's a complicated system to use."
"The software in it could be a bit more friendly for an amateur user. I look at it and don't understand what half the stuff is. Looking at the interface, it is all mumbo-jumbo to me. It's not a simple interface. You have to be an IT guy to understand it. It is not for your average person to use, then walk away from it. It is much more entailed."
"Reporting is something you've got to set up separately. It's one of those things that you've got to put some time into. One of the options is to set up a local report server, which is what I did. It's not great. It's okay... Some of the stuff is a little complicated to get up and running. Once you do, it becomes very user-friendly and easy to work with, but I find there are some implementation headaches with some of their stuff."
"The drawbacks are just sometimes not having the technical information that we need in order to easily make connections with all of our Internet-based clients."
"Last year, I had an issue with one of the Fireboxes going down. It was overheated, because my server room became overheated and this fried it."
"The price of this solution is not good or bad."
"The Firepower series of appliances is not cheap. I just got a quote recently for six firewalls that was in the range of over half-a-million dollars. That's what could push us to look to other vendors..."
"Our subscription costs, just for the firewalls, is between $400,000 and $500,000 a year."
"Cisco's pricing is high, at times, for what they provide."
"The one-time cost is affordable, but the maintenance cost and the Smart Net costs need to be reduced. They're too high."
"We normally license on a yearly basis. The hardware procurement cost should be considered. If you're virtual maybe that cost is eradicated and just the licensing cost is applied. If you have hardware the cost must be covered by you. All the shipping charges will be paid by you also. I don't thing there are any other hidden charges though."
"Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
"There are additional implementation and validation costs."
"This is a cost-effective solution compared to other vendors, such as Cisco."
"There are no costs in addition to the standard licensing fees."
"It is not cheap."
"We paid for a two-year FullGuard license that includes support."
"It's not an expensive product."
"I am not happy with the pricing, it could be better."
"I had an issue when I was trying to stop a user from using too much bandwidth while I was using Azure, I was not able to stop them."
"We pay for licensing the solution. It's my understanding that it is not overly expensive. It may be somewhere around $2,000 for a license."
"We only license our corporate one and the one we have at our DR site, we don't worry about the branches. It doesn't pay for us to license the ones at the branches. What they charge for what they call basic maintenance is extremely high for those little fireboxes."
"The two larger devices are about $1,000 each and the smaller ones are about $500 or $600 each... It's cheaper and you have more control because it's self-managed."
"The cost three years ago was about $800."
"There is an additional cost for support on top of licensing. When I bought my new unit, I received additional time added to my support."
"We had a trade-in offer at the end of our first three-year term. As a result, we pretty much got a free device by buying the three-year subscription. It was around $3,000 for the three-years."
"I think we might be subscribed to one or two of the premium features."
"We pay about $3,500 every three years."
"Their price point worked, which is the reason why we stayed with WatchGuard."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
WatchGuard's approach to network security focuses on bringing best-in-class, enterprise-grade security to any organization, regardless of size or technical expertise. Ideal for SMBs and distributed enterprise organizations, our award-winning Unified Threat Management (UTM) appliances are designed from the ground up to focus on ease of deployment, use, and ongoing management, in addition to providing the strongest security possible.
Sophos Cyberoam UTM is ranked 6th in Unified Threat Management (UTM) with 19 reviews while WatchGuard Firebox is ranked 2nd in Unified Threat Management (UTM) with 38 reviews. Sophos Cyberoam UTM is rated 7.4, while WatchGuard Firebox is rated 8.8. The top reviewer of Sophos Cyberoam UTM writes "Useful data quota features, but scalability is an issue and the signature database could be enhanced". On the other hand, the top reviewer of WatchGuard Firebox writes "Geolocation allows us to lock down certain policies to only U.S. IPs". Sophos Cyberoam UTM is most compared with Sophos XG, Fortinet FortiGate, Sophos UTM and Cisco ASA Firewall, whereas WatchGuard Firebox is most compared with Fortinet FortiGate, Sophos XG, SonicWall NSa, pfSense and Palo Alto Networks NG Firewalls. See our Sophos Cyberoam UTM vs. WatchGuard Firebox report.
We monitor all Unified Threat Management (UTM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.