We just raised a $30M Series A: Read our story

Firewalls Firmware Reviews

Showing reviews of the top ranking products in Firewalls, containing the term Firmware
Juniper SRX: Firmware
AP
System Administrator at a leisure / travel company with 51-200 employees

We've had some issues with the firmware

The solution is quite advanced. You need a lot of training to use it effectively.

When we bought the equipment, and we have more Juniper devices, not just SRX, they started to malfunction. I'm not sure why. All the devices that we bought were from the year 2018. We had the EX4600. Something was not working with this device. It was offline. We bought everything in twos so we could make a high availability with all of them. The current has malfunctioned, and all the warranties have also expired. We are, generally, expecting malfunctioning, maybe in the next few years. I was planning to switch the Juniper equipment with something else to avoid this.

It does not have a simple user interface. 

The warranty offered on the devices isn't long enough. it would be better if you could extend it out to five or eight years. Otherwise, you have to be very careful with the equipment. 

I'm not sure if Juniper SRX can filter emails or block viruses. I'm not familiar with these aspects as I haven't had that much experience using the SRX inside the UI. However, if they do not, it would be ideal if they did. I'm not sure if it can deflect any kind of DDoS attack. 

The one particular issue that I've seen on the SRX, is if you have SSH enabled and if there is a large number of SSH connections, when a brute force attack happens, the SRX, in general, tends to become unstable, or it resets by itself. That's one issue that's particularly making me angry, and I had to request the reseller to block the SSH permanently, or just to allow access, so only they can connect.

View full review »
Fortinet FortiGate: Firmware
Director at a integrator with 11-50 employees

Good VPN, both IPSEC and SSL (web-mode, tunnel-mode). An engineer/network administrator has tools to debug VPN issues that can occur during tunnel setup with other vendors' equipment.

SD-WAN feature at no cost. This is really great feature for remote locations (branch offices) and HQ, application steering between many ISP links becomes a simple task. Steering can be done dynamically by measuring link quality (latency, jitter, packet loss, available bandwidth).

Wi-Fi and Switch controller at no cost. FortiSwitch and FortiAP can become a kind of port extender of the firewall, all its ports can be referenced in firewall policies. When you have such management plane consolidation it gives you a simpler way to operate.

Security Fabric Framework is helping in analyzing sudden and rapid changes in whole infrastructure, and gives the ability to simplify daily operations (e.g. address objects synchronization between all firewalls in Fabric, estimating overall security rating, single-sign-on for admin access and many more)

Single Sign On support with deep LDAP integration (several variants for environments with different scales), RADIUS authentication.

Can work as transparent and explicit web-proxy, the last option supports Kerberos authentication which requires no agents installed on any windows server.

Human readable firewall policies with editable security policies and
addresses in single page. This is very useful and time saving feature.

Firmware upgrade process is very simple, even for cluster configurations it is fully automated by default.

Straightforward SNAT and DNAT; you may work in two ways: with Central NAT rules configuration and by applying translation directly inside firewall policies.

Bulk CLI commands are uploaded via gui in script file (portions of config file).

VDOMs are very useful when you need to grant admin role to clients separately. VDOMs in FortiGate can be represented in FortiAnalyzer's ADOMs (administrative domain), which can have different log storage policies, event handling and alerting configurations. You can create one VDOM working in NAT/Route mode, and another VDOM working in Transparent mode.

If you don't want to create and use second VDOM you can still transparently inspect traffic at layer 2 level while having only one VDOM in NAT/Route mode. This is achived by configuring Virtual Wire Pair ports that work like a separate bridge.

Ability to capture packets going through any interface of device (and VM too). You can set number of packets, filter out packets by IP and port number for particular troubleshooting purposes, then download a .pcap file from web gui and analyze it in your favorite programm.

Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.

IPS, AV, Web Filter, AppControl profiles are working very well.

SSL Inspection and CASI (Cloud Access Security Inspection) profiles.

Rich logging options allow you troubleshoot most problems.

Straightforward HA with different redundancy schemas.

IPv6 support.

View full review »
President at simnet

Quality control on their firmware versions needs improvement. When they introduce new firmware, there tend to be bugs.

I would like the licensing price to be better. It would be nice if it were less than 25 percent of the hardware costs.

View full review »
JC
Network Security Engineer at a performing arts with 201-500 employees

The commercial side of things can be improved a bit. They have such a good product, and when you disable some features, it has to be commercialized for you to enjoy those features. Therefore, you are actually buying half a product. You have hardware there, and yet, your features are not enabled. The primary things, such as the antivirus, web filter, DNS filter, application intrusion, file filter, and email filter come with the general license. There are other things that you want to also enjoy in this system and you can't. 

There are SD-WAN network monitoring, SD-WAN features, Industrial Databases, Internet of Things, Detection, etc., however, we do have not licenses for those features. We thought that if you bought a product, you should have all of the features it offers. Why should you need to make so many extra purchases to enable features? They should have one price for the entire offering. That's one of the drawbacks they could look at. 

Sometimes the firmware automatically updates itself. Then it corrupts the configuration and you have to roll back or you have to do amendments to the configurations. That, however, has happened only once with us. We have put in controls for automatic updates to stop them and now we do manual allowance or we allow the manual update.

Most of the features are good. They give you pricing and you get a VPN for about 10 users where you can test it. For us, we feel that we need to buy extra licenses due to COVID, as people are working from home. Under the current conditions, we are not getting the best out of the firewall. 

They could just maybe put better graphics or better reporting into the solution. I want to know who is the user and what is the exact website they're visiting. Something like that would help. They should do more like what the GFI is doing.

View full review »
Technical Services Manager at ProComm technologies

In terms of stability, I would rate it a seven out of ten. It should be more stable. Sometimes when you do firmware upgrades, a feature that was previously working is broken. There are things like that, but I guess that can be taken care of by reading the release notes and seeing what changed in the firmware upgrades.

View full review »
DB
Security Systems Analyst at a retailer with 5,001-10,000 employees

If I had any criticism that I would give FortiGate, it would be that they need to stop changing their logging format. Every time we do a firmware upgrade, it is a massive issue on the SIM. Parsers have to be rebuilt. Even the FortiGate guys came in and said that they don't play well in the sandbox.

View full review »
MS
President at Sovereign Mange Services

The initial setup is complex for me due to my lack of experience with the Fortinet FortiGate product. The complexity can be a good thing, however, as there's a lot of really good features associated with it. Where it could be simplified is in having that easy deployment option, and then you can start going down and trying to get into the nitty-gritty and figure out when do you need the extra features.

Right now, I'm just in a test environment getting all the firmware up and tested. Then, once I have it tested, I'll take it to the client location and yank out their WiFi mechanism, their WiFi router, and put this in.

View full review »
Director/Owner at Miodesk

My advice for anybody who is implementing FortiGate that it is a great product and easy to use, but be careful which firmware you use.

I would rate this solution a nine out of ten.

View full review »
Solutions Engineer/Consultant at a tech services company with 11-50 employees

We are a managed services company, and we are also a partner with Fortinet and Cisco Meraki. The firmware that I just started using is 6.4.4. Most of the FortiGates that I sell are 60E and 60F. For some of our larger customers, I have got a handful of FortiGate 80, 100, and 200.

Fundamentally, its primary purpose is security at the edge of the network. I have got some clients who are starting to use the SD-WAN feature for a multi-location setup. I have got other clients who are using a lot of IPSec tunnels. I also have some clients who, with the increase in remote workers, are taking advantage of the FortiClient product that ties in. They are using that for remote VPN connections. 

View full review »
YK
IT Professional at a government with 1,001-5,000 employees

The Fortinet support needs improvement and also the quality control of the firmware (there are a lot of bugs)


View full review »
Owner at Computech Associates

It is a scalable solution, and you can also upgrade. They come up with a new feature every time. Whenever you're updating your firewall firmware, it is ready to mitigate threats available in the fiber scenario.

Our clients are small, medium, and large businesses. We have deployed it for small offices or retail stores as well as for big manufacturing units. We also have clients from Education and Healthcare. Some of the large companies have between 800 to 1,000-plus devices protected through this firewall.

View full review »
Security Engineer at Hitachi Systems, Ltd.

Before version 6.0, FortiGate's firewall performed well enough, but lately, they've introduced so many features. After that, its stability has been somewhat lacking. This is because they're constantly updating their firmware. So it was pretty stable, but nowadays, it's not that stable.

View full review »
pfSense: Firmware
TO
VP of Business Development at a tech services company with 1-10 employees

You could scale the pfSense platform to multiple users and bandwidth. With SonicWall, you have to go get a different version of their product because they're going to tie their firmware to their version. pfSense doesn't do that. It seemed to me like the scale of pfSense is easier and it was a non-sales interactive requirement to scale the offering versus with SonicWall.

View full review »
SonicWall TZ: Firmware
BT
Virtual CIO/ CISO at Kyber Security

Once you get past all the configuration issues, If you are on a rock-solid GA (Generally Available firmware), I don't know if I want to say it's bulletproof, however, the stability is really, really good. I don't sit and worry, thinking, "Oh, God. We know another one's going to fail today." We never think that way about that type of stuff. It's the odd time where we might get hardware failures or random reboots. We've had a couple of SMA units go sideways. Even SonicWall couldn't solve the problem. However, that said, it's rare.

View full review »
AM
Creative Head/Director at a marketing services firm with 1-10 employees

Installation takes a maximum of 30 minutes. There is a default template. 

One only need register the firewall, upgrade the latest firmware and select that template. It will automatically configure the template.

View full review »
SonicWall NSa: Firmware
Senior IT Consultant at a tech consulting company with 51-200 employees

SonicWall has weaknesses. During its tenure with Dell, it was severely damaged (its reputation, innovation, etc.).  It is now recovering, but it may take time to get competitive again. They are clueless in some regards, which is unfortunate as they have the potential.

CPU: The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product. Compare with the need to get 1Gbps throughput with full security (common nowadays), you are looking at NSA 5700. 

Wireless: What a disaster this has been historically. The new SonicWall will tell you it has been resolved and improved. It has improved - it actually works now, but performance is substandard. It is a terrible strategy to have a firewall act as an AP controller, in any case. Perhaps for an SMB, the integrated WiFi in their TZ series has a niche.

Anti-spam: Do not even consider it. It leaks like a shower head. What a mess that offering is. It requires a specific Java version on the server side (do not update it, otherwise it will break). In any case, a firewall doing anti-spam might be a low cost solution, but it is not your best strategy.

Logging/reporting: You need their analyzer to properly generate reports. This is an expensive, licensed feature, with a complex application or appliance back-end. 

MSP: They are not ready for managed security services.  Their Cloud GMS product is weak, barely out of beta (buggy).

VPN: Site-to-site is another problem area - Client-based VPN is another hot mess. Global VPN client issues and mobile connect issues. Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably.   If VPN is important for you - look elsewhere.  You have to pay for licenses (most competitive vendors include this by default).  You will have 4 different methods, 3 different clients, 2 licenses and all of this to have a horrible VPN connectivity.  No proper or modern 2FA for additional security.  AVOID!

AGSS / ATP: This is poorly implemented.  A user will click to download a new type of file, and nothing happens.  They have to wait an indeterminate amount of time, and try again to see if it works.  It is so annoying, most clients avoid this capability, just nullifying the whole purpose of it.

App Control:  Be aware that either due to firmware updates, or bugs - app control will behave poorly (cause packet loss, or outright blocking) with normal and legitimate activities.  Resetting and re-configuring it is the work-around (super annoying).


View full review »
Senior Systems Administrator at a manufacturing company with 51-200 employees

The firmware is very stable and I've never had issues with the stability of the operating system and I was several versions behind until recently. There were some minor bugs but that's because the firmware was not updated. 

View full review »
AM
Creative Head/Director at a marketing services firm with 1-10 employees

SonicWall NSa has user-friendly firmware.

View full review »
Sophos XG: Firmware
AW
IT Analyst at a financial services firm with 11-50 employees

In the Firewall, the Intrusion Prevention System can be improved. Now because COVID has come to stay, people tend to work from home, and cybersecurity has been on the high side. 

It can improve more on the security aspect of this so that it can combat any major threat or common bug. I am not saying that the security has become compromised, as it is usually active, but they can improve on it.

Local and technical support can be improved.

When firmware updates are complete, there were issues with connectivity and VPN users. Recently, I stopped updating the firmware because I didn't want to obstruct the connectivity of the staff working remotely at different locations. 

I have stopped doing any updates until the issue can be addressed.

View full review »
ICT/HMIS Supervisor at a healthcare company with 501-1,000 employees

They made some changes to the firmware update sometime last year, which moved some of the policies from where they were before. Some of the policies, such as NAS policies, were separated, which made it a bit hard for people to trace the policies they had configured.

View full review »
KM
Programmer / Analyst at Maridive & Oil Services

Their updates can be faster and more regular. Right now, it's updated monthly. When I need to update the firmware, I want it done within weeks, not months. There are also some changes in version 18, like rules, that aren't needed.

View full review »
RA
Network Manager at a outsourcing company with 5,001-10,000 employees

There's an IP address delivery for our VPN client and a limited range of IP addresses. So this is a problem in the latest firmware release, but rather than using homework scenarios, we need a lot of VPN clients.

View full review »
JB
Dipl. Ing. at a tech services company with 11-50 employees

Recently, I've had a problem with updating firmware. Updates should be more stable . The last update I did was not successful and ended in a unusable device. Also the support case i opened for it could have been more effective.

I don't use all of the features and therefore it would be difficult to evaluate if anything is missing.

View full review »
CEO at MARVIV SRLS

I'm using the solution mainly for its firewall application and to prevent intrusion in the system. The XG platform is very powerful from the perspective of identification and to prevent potential attacks on the system due to its the capacity to predict and to anticipate the potential damage on the system.

It's integrated inside the system, meaning that it can control all the endpoints in the system and talk with them and identify any potential situation. It can also isolate one area inside the system without compromising the entire system. This allows you to isolate the initial problem without involving the entire infrastructure. 

You have real-time control of all your infrastructure. It is integrated with the hardware and offers good performance alongside the hardware and by the firmware, and these work together to control the entire infrastructure.

View full review »
MF
Senior Information Technology Project Manager at a tech vendor with 201-500 employees

I think Sophos has to concentrate on the latest firmware's stability because we have version 18, and we have many problems with our customers who have this version. I think Sophos has to thoroughly test the firmware before launching it. When you get any update on any hardware device, you get many problems. It's not good.

View full review »
Senior Technical Consultant at Hash 1 IP services llp

They need to do more quality checks before they release firmware upgrades. Currently, a few Cyberoam firewall customers are facing some issues while upgrading the Cyberoam firmware to Sophos. After the new firmware is installed, they are seeing some performance issues, which require some bug fixes. The performance is fine after getting the required support. Customers who are already using Sophos hardware are quite satisfied with this solution. 

Their support should also be improved. We are facing difficulties getting support on time through email or phone.

View full review »
Sr. Network Officer at a tech services company with 1,001-5,000 employees

Feature-wise, I would give Sophos a rating of seven out of ten.

They need to improve their support, overall customer care, and lower the security licensing fees. If they improved these issues, I would give them a higher rating.

 Before upgrading any Sophos firmware, be sure to contact the Sophos team and upgrade it according to their advice. Without their advice, I wouldn't recommend performing an upgrade.

View full review »
Revenue Development Manager at Integrity by CELT

In terms of improvement, I think the UI could be faster. Sometimes the system freezes and there's a lag. It seems there were some issues with the firmware but it's not a big problem. The user interface could also be improved. It would be great if they could include a little bit more bandwidth management. If they would integrate FatPipe into their product, it would be closer to what Fortinet does.

View full review »
NP
Network & System Support Engineer at a tech services company with 11-50 employees

In light of all the firmware upgrades, maintenance, feature and general releases of firmware, I really appreciate the support offered by Sophos. It is really good. 

However, the response time could stand improvement, as I do not benefit from immediate support. There is a delay involved. This can be problematic when I need urgent support, such as when my device is in a production environment. 

View full review »
Kerio Control: Firmware
EMP Specialist at Global EPM BV

Where we were using, for example, a VPN solution for 75 users, GFI has now changed the contracts to use the unlimited version, and that is a bit cheaper price-wise, compared to having 75-user account licenses.

But it's pretty expensive in licensing costs, especially if you use the product longer than one or two years. The licensing costs are still high, which I don't think is reasonable for a product like this.

The licensing should really be narrowed down and be at least one-tenth of the price. To give you an idea of costs, an NG500 costs about €3000, and the licensing costs are about €1400 to €1500 a year. They call it "maintenance," but they are not doing anything in terms of maintenance on my firewall. They just supply a little update and those updates really don't cover the price that they calculate for it.

By comparison, if you know what a Windows 10 workstation does on your local computer, you get the updates for free and the price of the installation is something like $100, and you can use it as long as the product is supported. That's a reasonable price, and it also has security. 

With those licensing costs for a little firewall, it's really disturbing because people look for different solutions when the price is too high. You can't make money off of it if you need to pay almost €1500 a year just to get the updates, and those are basically firewall updates. Of course, if there is a system update, like firmware, they will implement that as well. But it doesn't match the cost of what they are doing for us with it. It doesn't explain why these licensing costs are so extremely high.

As long as the product works we use it because we know the product. It's much easier to use an existing product than to swap over to a low-cost product that we are not familiar with. That is one of the reasons we use this product, but mostly because we never had a breach, which is, of course, pretty important now.

Everybody has a price when it comes to security. You can use a simple Windows Firewall on a virtual machine, which costs you almost nothing. And if you put the firewall on there and use it as a router, you can also connect VPN clients to it, but you're using the Microsoft solution for that. Kerio is based on a Linux kernel, which is pretty much free and they are asking a lot of money for a firewall because it's called a firewall and it should protect you. But in fact, they cannot guarantee that nobody will ever get through your firewall. Nobody is giving that guarantee to you, and that is why it's too expensive.

View full review »
Cisco Firepower NGFW Firewall: Firmware
Networking Specialist at a healthcare company with 1,001-5,000 employees

It is a very powerful device. Firepower Management Center is a great tool, but it is a bit slow.

We don't have Cisco Umbrella integrated with Firepower. We tested Firepower's integration with Meraki Umbrella, but we don't use it because you need better firmware.

I would rate this solution as an eight (out of 10).

View full review »
Engineering Services Manager at a tech services company with 201-500 employees

It may sound a bit strange, but one of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now.

Also, the new UI is always getting better from version to version. In the beginning, when it came to managing Cisco Secure Firewall, it wasn't always the easiest, but with 6.7 and 7.0, it's gotten easier and easier. It's a pretty easy system to manage. It's especially beneficial for people who are familiar with ASA logic because a lot of the Firepower logic is the same. For those people, they're just relearning where the buttons are, as opposed to having to figure out how to configure things.

I've used the backup VTI tunnel and that's a feature that lets me create some redundancy for my route-based stuff and it works pretty well. I haven't had any issues with it

Firepower 7.0 also has fantastic Dynamic Access Policies that allow me to replicate a lot of the configurations that were missing and that made it difficult to move off the old ASA platform for some customers. The addition of that capability has removed that limitation and has allowed me to move forward with implementing 7.0. 

Snort 3 is one of the biggest points on Firepower 7.0. I've been using Snort 3 for quite a while and, while I don't have a ton of customers on it, I do have some who are running on it and it's worked out pretty well. In their use cases, there wasn't a lot of risk, so that's why we started with it. Snort 3 has some huge advantages when it comes to performance and policy and how it's applying things and processing the flows.

Dynamic Objects have also been really critical. They're very valuable. Version to version, they're adding a lot more features onto Dynamic Objects, and I'm a big fan. 

I've also used the Upgrade Wizard quite a bit to upgrade the firmware

And on the management side, there are the health modules. They added a "metric ton" of them to the FMC [Firepower Management Center]. In version 6.7 they released this new health monitor which makes it a lot easier to see data and get to information faster. It's quite nice looking, as opposed to CLI. The new health modules really do stand out as a great way to get to some of that health data quickly—things like interface information, statistics, drops—that were harder to get to before. I can now see them over time, as opposed to at just a point in time. I've used that a lot and it has been very helpful.

In addition, there is the global search for policy and objects. I use that quite a bit in the search bar. It's a great way to get some information faster. Even if I have to pivot away from the screen I'm on, it's still great to be able to get to it very quickly there. 

In a lot of ways, they've addressed some of the biggest complaints, like the "housekeeping" stuff where you have to move around your management system or when it comes to making configuration changes. That has improved from version to version and 7.0 is different. They've added more and have made it easier to get from point A to point B and to consume a lot of that data quickly. That allows me to hop in and do some data validation much faster, without having to search and wait and search and wait. I can get to some of that data quicker to make changes and to fix things. It adds to the overall administrator experience. When operating this technology I'm able to get places faster, rather than it being a type of bottleneck.

There is also the visibility the solution gives you when doing deep packet inspection. It blows up the packet, it matches application types, and it matches web apps. If you're doing SSL decryption it can pinpoint it even further than that. It's able to pull encrypted apps apart and tell me a lot about them. There's a lot of information that 7.0 is bringing to the forefront about flows of data, what it is, and what it's doing. The deep packet inspection and the application visibility portion and Snort are really essential to managing a modern firewall. Firepower does a bang-up job of it, by bringing that data to the forefront.

It's a good box for visibility at the Layer 7 level. If you need Layer 7 visibility, Firepower is going to be able to do that for you. Between VLANs, it does a good job. It's able to look at that Layer 7 data and do some good filtering based on those types of rules.

View full review »
Untangle NG Firewall: Firmware
Owner at ThinkEzIT

You can have templates that simplify the process.

They will back up the firmware for you to configure. Your firewall is backed up all of the time on the command center. If you make a change and it's bad, you can push the bad config down, and put the old one back into it. Or before you make a change, you can back up the config into the cloud and the controller, then you can make the change.

With Zero deployment, so you can have a general template that you push onto all of the devices. If you need to dropship one to somebody somewhere that's not local, just get a smart hands tech. They can plug it in and once it hits the internet, it automatically downloads its config off of the server.

We maintain this solution ourselves, but technical support will help if we need help with anything.

One person can maintain a whole fleet. You can have thousands of them out there and one person could easily maintain them because it's all in one portal, and all of the alerts get generated.

If there is an issue then you get an email with an alert or a text message letting you know that there is something wrong. It makes it easy to deal with.

View full review »
Fortinet FortiGate-VM: Firmware
Sr. Project Consultant (IFS-Complex MRO Process) at a aerospace/defense firm with 201-500 employees

I think one thing we couldn't find in the software console was all of our logs. In the logs themselves, for example, we couldn't find if a user was accessing all of the VPN. We don't get to know or we don't have a report that shows on what date or for how long and from what time he user has logged on. We don't have that particular feature or that kind of visibility. That could be improved. Reporting, therefore, in general, could be improved.

The one thing that could be improved is the integration with the exchange. The gateway level controls can be enhanced a bit more. For example, it's still little here and there. You do get malicious attacks and suspicious emails like spam. It's not like Sophos where we got a lot of spam email, and yet, it's still relatively vulnerable. It can be upgraded, maybe with a fifth-generation firmware that it is ready for unknown threats. 

Especially after this pandemic situation, it requires a little more enhancement. For an SME level organization, it's okay, but when it comes to corporate and banking enterprises it still requires a lot of enhancement. Comparing it to Palo Alto, for example, it's still very behind the curve.

View full review »
ZM
Solutions Architect at a computer software company with 5,001-10,000 employees

The most valuable features of this solution are the integration within the environment, with centralized reporting. 

One analyzer and the different devices feeding into that environment. 

The firmware is always up-to-date.

View full review »
JD
IT Director at a retailer with 1,001-5,000 employees

Since we first implemented it about two years ago, we haven't experienced any major problems aside from the firmware that we needed to have upgraded.

View full review »
Tech Security & Networking Support Lead at a venture capital & private equity firm with 51-200 employees

I would recommend this solution to others. It is a stable firmware, with many releases. It has a lot of features. Apart from the firewall, it comes with antivirus, IPS, and Web Application Firewall.

It has a lot of integration with external connectors, such as Teams, that are protected from threats that come from external sources.

I would rate Fortinet FortiGate-VM an eight out of ten.

View full review »
AM
Creative Head/Director at a marketing services firm with 1-10 employees

I only know a little bit about the solution's firmware.

This said, the solution is stable and user-friendly. 

View full review »
TM
Network Administrator at Furnmart

We have had some issues with connecting to the VPN from home after firmware updates, which could be an area for improvement.

View full review »
Check Point NGFW: Firmware
GG
Security and Platforms Engineer at a educational organization with 201-500 employees

I am using this solution for perimeter security in the company. Our firewall security is centralized under one management. Also, we use this firewall to manage some of the VPN clients and the employees' access across the company. 

Each firewall is capable of using the VPN client, but we only use two. We have five in total, but we only use two for these issues.

I am using the firmware version for the operating system. The blades are firewalled for IPS and mobile access.

View full review »
IP LAN and Integrity Specialist at Chevron

In general, this is a very stable solution. We have had only one incident in the last few years that was with the size or the route tables in memory that finally it was discovered that was a bug in a specific version and was solved upgrading the devices to new firmware that solved the bug

View full review »
Technology consultant at a tech services company with 501-1,000 employees

We deployed a Check Point firewall on the perimeter as well as on the internal network. Both are in HA & we have enabled all threat prevention blades. All devices are 5600 & 4200. We are managing our two firewalls with two different security management servers.

Currently, we are using the R80.20 firmware version and we have a pretty simple design.

Our primary uses are firewall security, VPN, web filtering & monitoring. We have also used the TE-100X appliance for private cloud sandboxing.

View full review »
TR
System Analyst at a comms service provider with 51-200 employees

While this version seems to be quite stable, Check Point, in previous versions, had a lot of issues when we used to do firmware updates.

View full review »
BZ
IT System Operations Manager at Hamamatsu Photonics KK

Lately, stability is 100% reliable. Earlier generation firewalls were a bit unreliable, however, as Check Point acquired third-party hardware. For example, their Nokia acquired security appliances had a firmware that worked, until they started to modify the firmware (IPSO 6.0 was solid, but problems started with our upgrade to R75), then it became less stable; frequent crashes, settings not saving, high availability issues, frequent reboots required.  Eventually, we upgraded to their NGFW offerings.  Their newer hardware, and firmware R77.x was released, and we have been stable ever since.  Upgrades to R80.x have been flawless, HA works as expected, and we have had zero performance issues.

View full review »
SW
Service Manager Datacenter LAN

Administration of the routing and system settings should be moved to the central dashboard. It's not good to go to all GAIA Interfaces to change settings there.

The client for the central tools is very big - maybe using web access in future releases, similar to other vendors should be possible.

The firmware for the Check Point Firewalls is very big. It takes a long time when we are using small lines for data transfers. Other vendors have updates lower than 100MB. For Check Point often we need a minimum of 2GB.

View full review »
Palo Alto Networks NG Firewalls: Firmware
Security Engineer at Hitachi Systems, Ltd.

It's quite stable. They are launching a new firmware version, but compared to other products, Palo Alto is quite stable.

View full review »
Fortinet FortiOS: Firmware
PR
System Administrator at RBDigital

Many things are missing from the interface that necessitates using the CLI, so it needs to be improved. When I migrated to FortiGate, there many things that I wanted to do, but couldn't.

With FortiOS, you can use the router in two modes. The first mode is the profile mode, which is the starter mode that most use, but you have another mode that is a policy mode and is required before creating your firewall rule. The problem is that when you switch from one mode to the other, all of your firewall rules will be gone. This means that you have to decide if you want to use the policy mode firewall or a profile mode firewall.

With policy mode, you can have granular control on the application on the firewall rule because the firewall rule works with the source destination protocol. With the application, you have multiple rules, one by one. As an example, you can have one for Skype or one for OneDrive, etc. On the source, you can add a group, and add people to the group, and they can have access to Skype and OneDrive along with others added.

You can granularly control applications on the firewall rule with the policy mode, but you don't have access to the proxy mode rules. There are also issues with the antivirus, IPS, and you are forced to switch back to the profile mode where you have less granular control on the application.

I have problems with the IPS stability and the antivirus in Policy Based Mode. If the file is bigger, then the antivirus doesn't check it.

In policy Based Mode, There are many issues. (Firmware =< 6.4)

View full review »
Sangfor NGAF: Firmware
TM
Director Technology & Service Delivery at a tech services company with 11-50 employees

These days there are lots of breaches and vulnerabilities which you can see if you do some research. Sangfor has similar issues with one or two products where customers have had problems. The company deaks with these things immediately and quickly brings out new firmware to solve the issue so I'm not aware of any deficiency in the solution. If a customer finds a feature lacking, we open a ticket to support and Sangfor comes up with the appropriate new firmware within 10 days. If you were to do the same with other vendors, it would normally take four to five months to get the new feature. 

View full review »
Senior Presales Consultant at Megaplus

I believe I am using the recently updated firmware of version 4.0.

View full review »
Check Point CloudGuard Network Security: Firmware
Senior System Administrator at a tech services company with 501-1,000 employees

The ROI is in the number of people managing it. Technically, you don't need to manage it. If you have an on-prem, you constantly need to manage the firewall. You need to make sure everything is okay, when it comes to hardware, software, and managing the actual firewall. With CloudGuard on the cloud, we eliminated two of the three. We didn't need to care about the hardware or about the software upgrades. If we did need to upgrade, it was just with respect to CloudFormation. We didn't need to do any firmware. The only thing we needed to do was manage an interface, which is what you're going to do anyway. 

You only need just one person to do it. When it comes to return on investment, you don't need to hire a full team to manage your whole network. If you have a firewall team, with Check Point CloudGuard, you don't need it anymore. It's just a single person because, if a Check Point goes down, it gets spun up right away. You don't need to call anybody or order hardware or anything like that.

View full review »