Most Helpful Review
Useful data quota features, but scalability is an issue and the signature database could be enhanced
Find out what your peers are saying about Sophos Cyberoam UTM vs. WatchGuard Firebox and other solutions. Updated: July 2020.
431,081 professionals have used our research since 2012.
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Unfortunately in Cisco, only the hardware was good.
The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control.
If we look at the Cisco ASA without Firepower, then one of the most valuable features is the URL filtering.
It's easy to integrate ASA with other Cisco security products. When you understand the technology, it's not a big deal. It's very simple.
The benefits we see from the ASA are connected to teleworking as well as, of course, having the basic functionality of a firewall in place and the prevention of attacks.
On the network side, where you create your rules for allowing traffic — what can come inside and what can go out — that works perfectly, if you know what you want to achieve. It protects you.
If you have a solution that is creating a script and you need to deploy many implementations, you can create a script in the device and it will be the same for all. After that, you just have to do the fine tuning.
They provide DDoS protection and multi-factor authentication. That is a good option as it enables work-from-home functionality.
Having a firewall solution with a data quota is very important when the bandwidth is limited, which really distinguishes it from other products.
The most valuable feature is the IPSec forwarding.
I'm more inclined towards the conventional firewall. So for me, I'm more geared towards the standard firewall type functionalities as well as the web application firewall because that seems to work fine.
The most valuable feature of this product is the threat protection.
It is a VPN that serves all your needs as an application firewall.
The solution simplifies my business. Normally, for administration, we are using NetApp System Manager on Window since it's easy to create new policies. In a short amount of time, you can create new policies based on new requirements. For example, in the last few months, many requirements changed due to the coronavirus, adding the use of new services, like Office 365, and eLearning tools, like Zoom.
As a whole, it has a very low requirement for ongoing interaction. It's very self-sufficient. If properly patched, it has very high reliability. The total cost of ownership once deployed is very low.
Among the most valuable features is the ease of use — love the interface — of both the web interface and of the WatchGuard System Manager.
The most valuable feature is the NAT-ing, the IP addresses... We can direct the traffic where it needs to go. We can control the traffic.
It also provides us with layered security. It has onboard virus scanning features that allow it to scan before something gets to the host. It will also stop a person from going to a site that is known to be bad.
The main reason we went with it was the security protocols. They were more robust on this device.
The policy monitoring and allowing different traffic flows are the most useful features for us; regulating which traffic comes in and out.
It provides us with Layer 2 and Layer 3 security.
In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline.
Security generally requires integration with many devices, and the management side of that process could be enhanced somewhat. It would help if there was a clear view of the integrations and what the easiest way to do them is.
One area where the ASA could be improved is that it doesn't have AMP. When you get an ASA with the Firepower model, ASA with FTD, then you have advanced malware protection.
If I want to activate IPS features on it, I have to buy another license. If I want Cisco AnyConnect, I have to buy another license. That's where we have challenges.
Cisco missed the mark with all the configuration steps. They are a pain and, when doing them, it looks as if we're using a very old technology — yet the technology itself is not old, it's very good. But the front-end configuration is very tough.
Cisco provides us with application visibility and control, although it's not a complete solution compared to other vendors. Cisco needs to work on the application behavior side of things, in particular when it comes to the behavior of SSL traffic.
It is expensive.
We were also not too thrilled when Cisco announced that in the upcoming new-gen ASA, iOS was not going to be supported, or if you install them, they will not be able to be managed through the Sourcefire. However, it seems like Cisco is moving away from the ASA iOS to the Sourcefire FireSIGHT firmware for the ASA. We haven't had a chance to test it out.
When it comes to web filtering and application filtering, it does not contain enough signatures to determine all of the sites that need to be blocked.
The VPN needs to be improved.
I would say there's room for improvement in terms of the GUI. Because it is better than some of the other standard firewalls. They have the drag and drop features.
The reporting should be improved as well as the backup.
Its scalability is not that great.
Sometimes I would like to copy a rule set from one box to another box in a direct way. This is a feature that is not present at the moment in WatchGuard.
The data loss protection works well, but it could be easier to configure. The complexity of data loss protection makes it a more difficult feature to fully leverage. Better integration with third-party, two-factor authentication would be advantageous.
If they could make the traffic monitoring easier that would be great. I don't use it that frequently, but I would like to see some improvements in the ease of use of that component, so it makes more sense. I know it's a technical component so there's going to be some difficulty trying to make that easier.
I would like to see more tutorials on setting up the Firebox.
There is room for improvement on the education side, regarding what does what, rather than just throwing it at a person and assuming they know everything about it. A lot of times, you have to call WatchGuard support to get the solution that will work, rather than their just having it published so that you can fix the problem on your own.
I'm not really impressed with the reporting side of it. It may be something I just haven't figured out very well, but it's hard to filter down on reporting of the actual valuable information that you would want. There is a lot of information out there so you have to have some kind of tool capture it and then filter through. So far, I haven't found the reporting side of the WatchGuard to be that user-friendly.
There are a couple of things I wished that it would do, but I can't think of those off the top of my head.
Once you start getting into proxy actions and setting up: "Okay, cool. Once this rule gets triggered, what actions have to happen?" I do know a few people who use WatchGuard and they still have to get assistance when they look at that. So I would file that as a con for WatchGuard. Proxy actions can be a little bit complicated.
Pricing and Cost Advice
Always consider what you might need to reduce your wasted time and invest it in other solutions.
There is room for improvement in the pricing when compared to the market. Although, when you compare the benefits of support from Cisco, you can adjust the value and it becomes comparable, because you usually need very good support. So you gain value there with this device.
When it comes to Cisco, the price of everything is higher. Cisco firewalls are expensive, but we get support from Cisco, and that support is very active.
It's a brilliant firewall, and the fact that it comes with a perpetual license really does go far in terms of helping the organization in not having to deal with those costs on an annual basis. That is a pain point when it comes to services like the ones we have on Fortigate. That's where we really give Cisco firewalls the thumbs up.
Cisco is expensive, but you do get benefits for the price.
In terms of costs, other solutions are more expensive than Cisco. Palo Alto is more expensive than Cisco.
Pricing varies on the model and the features we are using. It could be anywhere from $600 to $1000 to up to $7,000 per year, depending on what model and what feature sets are available to us.
We used Check Point and the two are comparable. Cost was really what put us onto the ASAs... the price tag for Check Point was exorbitantly more than what it is for the ASA solution.
This is a cost-effective solution compared to other vendors, such as Cisco.
I have no comment about the pricing.
I think the larger firewall packages are much better because a normal firewall is not enough for these times. You need IPS, APT, and all the security features of a firewall that you can buy.
The pricing was in line with everyone else; maybe slightly higher.
The pricing of WatchGuard is probably a little higher than the SonicWall, but it makes up for it in dependability. It's worth it to me, especially since it's not much higher. For just a little bit higher price you get the dependability of the firewall with the WatchGuard brand.
I usually tell people that it's really affordable as well, particularly compared to Cisco.
We don't have any other costs other than the licensing stuff.
The cost was somewhere in the vicinity of $2,000 to $3,000 for each one...
It costs me about $800 a year.
I buy a three-year renewal on the main device, which is usually around $3,000 to $4,000. They usually upgrade the device when I do it. You get a big discount when you do three years.
Compared 36% of the time.
Compared 13% of the time.
Compared 9% of the time.
Compared 6% of the time.
Compared 2% of the time.
Compared 27% of the time.
Compared 26% of the time.
Compared 13% of the time.
Compared 6% of the time.
Compared 5% of the time.
Compared 25% of the time.
Compared 14% of the time.
Compared 11% of the time.
Compared 10% of the time.
Compared 4% of the time.
Also Known As
|Cisco ASA, Adaptive Security Appliance, ASA, Cisco Sourcefire Firewalls|
Adaptive Security Appliance (ASA) is Cisco's end-to-end software solution and core operating system that powers the Cisco ASA product series. This software solution provides enterprise-level firewall capabilities for all types of ASA products, including blades, standalone appliances and virtual devices. Adaptive Security Appliance provides protection to organizations of all sizes, and allows end-users to access information securely anywhere, at any time, and through any device.
Adaptive Security Appliance is also fully compatible with other key security technologies, and so provides organizations with an all-encompassing security solution.
Block more threats and quickly mitigate those that do breach your defenses with the industry’s first threat-focused NGFW.
|Cyberoam Unified Threat Management hardware appliances offer comprehensive security to organizations, ranging from large enterprises to small and branch offices. Multiple security features integrated over a single, Layer 8 Identity-based platform make security simple, yet highly effective.|
WatchGuard's approach to network security focuses on bringing best-in-class, enterprise-grade security to any organization, regardless of size or technical expertise. Ideal for SMBs and distributed enterprise organizations, our award-winning Unified Threat Management (UTM) appliances are designed from the ground up to focus on ease of deployment, use, and ongoing management, in addition to providing the strongest security possible.
Learn more about Cisco ASA NGFW
Learn more about Sophos Cyberoam UTM
Learn more about WatchGuard Firebox
|There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.||Gulf Corporation for Technology, Maridive & Oil Services, Fidelity Bank, Petra University, Capital FM Kenya, Safari Park Hotel and Casino, Mayfair Casino, Pacific International Lines, Mozambique Ministry of Education, University of Namibia, Royal Hospital for Neuro-disability, University of Hawai, New Delhi Municipal Council||Ellips, Diecutstickers.com, Clarke Energy, NCR, Wrest Park, Homeslice Pizza, Fortessa Tableware Solutions, The Phoenix Residence|
Financial Services Firm20%
Comms Service Provider9%
Computer Software Company28%
Comms Service Provider21%
Computer Software Company28%
Comms Service Provider14%
Computer Software Company20%
Comms Service Provider17%