Some models are scalable but you have to have VMs to modify resources to get better performance.
Firewalls VM Reviews
Showing reviews of the top ranking products in Firewalls, containing the term VM
Juniper SRX: VM
Fortinet FortiGate: VM
Good VPN, both IPSEC and SSL (web-mode, tunnel-mode). An engineer/network administrator has tools to debug VPN issues that can occur during tunnel setup with other vendors' equipment.
SD-WAN feature at no cost. This is really great feature for remote locations (branch offices) and HQ, application steering between many ISP links becomes a simple task. Steering can be done dynamically by measuring link quality (latency, jitter, packet loss, available bandwidth).
Wi-Fi and Switch controller at no cost. FortiSwitch and FortiAP can become a kind of port extender of the firewall, all its ports can be referenced in firewall policies. When you have such management plane consolidation it gives you a simpler way to operate.
Security Fabric Framework is helping in analyzing sudden and rapid changes in whole infrastructure, and gives the ability to simplify daily operations (e.g. address objects synchronization between all firewalls in Fabric, estimating overall security rating, single-sign-on for admin access and many more)
Single Sign On support with deep LDAP integration (several variants for environments with different scales), RADIUS authentication.
Can work as transparent and explicit web-proxy, the last option supports Kerberos authentication which requires no agents installed on any windows server.
Human readable firewall policies with editable security policies and
addresses in single page. This is very useful and time saving feature.
Firmware upgrade process is very simple, even for cluster configurations it is fully automated by default.
Straightforward SNAT and DNAT; you may work in two ways: with Central NAT rules configuration and by applying translation directly inside firewall policies.
Bulk CLI commands are uploaded via gui in script file (portions of config file).
VDOMs are very useful when you need to grant admin role to clients separately. VDOMs in FortiGate can be represented in FortiAnalyzer's ADOMs (administrative domain), which can have different log storage policies, event handling and alerting configurations. You can create one VDOM working in NAT/Route mode, and another VDOM working in Transparent mode.
If you don't want to create and use second VDOM you can still transparently inspect traffic at layer 2 level while having only one VDOM in NAT/Route mode. This is achived by configuring Virtual Wire Pair ports that work like a separate bridge.
Ability to capture packets going through any interface of device (and VM too). You can set number of packets, filter out packets by IP and port number for particular troubleshooting purposes, then download a .pcap file from web gui and analyze it in your favorite programm.
Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.
IPS, AV, Web Filter, AppControl profiles are working very well.
SSL Inspection and CASI (Cloud Access Security Inspection) profiles.
Rich logging options allow you troubleshoot most problems.
Straightforward HA with different redundancy schemas.
This solution is scalable. They have now built hyperscale firewalls and it's very easy. Also VMs, for example, is very easy to scale, you just need to adjust the licensing.
Our primary use case for Fortinet FortiGate is for the center firewalls. We use the VMware server. That seems good and acceptable to the customers.
reviewer1483797 says in a Fortinet FortiGate review
Service Delivery Engineer - Network Security Lead at a tech services company with 51-200 employees
The solution is highly scalable because they have devices that can handle a large amount of traffic. The VM version with the hardware appliances is widely scalable. It can handle small businesses to large scale enterprises. In terms of mode of deployment, you have VM, hardware appliance, and cloud. There is cloud management as well that is scalable. It can suit a number of deployment scenarios.
We currently have 50 employees using the solution, some of our clients that have deployed it has 1000 users and it has not given a problem.
reviewer1470960 says in a Fortinet FortiGate review
Lead Architect at a computer software company with 51-200 employees
If you're a small-medium size business:
- Size your use case carefully as licensing price jumps significantly with HW changes.
- Customizable Forticilent SW can be downloaded for free with FNDN membership
- If you have multi sites and require Fortigate based 2FA then consider getting a dedicated fortiauthenticator (VM) with fortiokens acting a central RADIUS server which can be cheaper than cloud tokens an with additional authentication flexibilities.
We have a hosted platform with our client. We've built a VPN site and the solution is deployed as a VM. The client connects to it and it protects anything that's behind it like a regular firewall. Everything we have there is hosted in a data center, all our servers and things that clients connect to. So we're using it as our gateway device. We are customers of pfSense and I'm the owner of our company.
Peter says in a pfSense review
Software Applications Manager at a engineering company with 201-500 employees
I've tried to scale the solution previously. I've got two hardware platforms running. I wasn't quite able to run everything I wanted on a small ARM based device. Therefore, I build my own Super-micro platform based on Intel Denverton.
It's actually easy to scale. It's just moving over most of the configuration: exporting, importing, or even going right into the original XML export file.
There are six users, 3 dozen of devices and a homelab server with VM running behind the solution at this time.
We have a client who's got a number of VMs on a single piece of hardware. They needed to have access over a VPN to those VMs from inside their network. We use pfSense to provide the VPN link using the IPsec.
In others, let's say smaller organizations, we will put a Mini ITX system that then connects into their broadband - typically sort of fiber or something like that - and just gives protection.
The solution also allows us then to manage port forwarding and things like that.
Sophos XG: VM
My advice would be to download the VMware and get to know the interface because running one of these devices is probably not as difficult as you'd think. If you have an onsite level one user, YouTube has online training and Sophos support will help you through it. It's a very easy device for a level one engineer to manage. My advice is to download the free VMware for 30 days and then either buy the platform or install the VMware product.
I rate this solution a 10 out of 10.
reviewer1053252 says in a Sophos XG review
Technical Presales Consultant/ Engineer at a wholesaler/distributor with 10,001+ employees
You need to pay for the license. You need to pay for the hardware as well. The cost depends on the model of the hardware and on which license. They have different editions, and licenses you're going to go with. They have different modules, and the cost depends on which modules you'd like to activate for security features. Not everyone will buy Sophos to utilize all the features. Usually, it's just the firewall, and IPS, sandbox, and the web filter that people are looking for. Not many people have Sophos or VM servers on-prem to protect them.
Kerio Control: VM
Our main customer base is superyachts, and they have the Kerio for traffic rules and bandwidth management of the various networks on board. They can optimize traffic for crew versus owners and guests, the VIPs that might be on board. They also use it for bandwidth sharing. They usually have a mixture of the VSAT satellite internet and 4G internet access. Sometimes they have WiFi, for example if they connect to a WiFi hotspot in a marina, as well as shoreline or fixed DSL. They use it to manipulate the internet traffic, so they can say the crew uses the slower VSAT and the guest gets the fast 4G or shoreline.
They also use it to see what's going on. If the boss complains that the internet's slow, they can quickly see if someone is downloading a load of updates or streaming Netflix and they can block them. They just want to have control, as the product name suggests, over the internet traffic.
In-house, we use the NG300, but because we are a partner, we use various hardware platforms. At the moment it's nearly all the NG series, the 100, 200, and 500. The most common that we use is the NG500. I'm interested in using the next-generation, which is due out in the next couple of months, but I've also used the virtual Kerio platform on a VMware hypervisor.
There's a virtual appliance, but also software installed on a Windows PC. We build our own virtual "guest" on a host, we've done a couple of those, and then attached it to a switch with VLANs, so we've covered all platforms.
We have these Kerios on anything from a 30-meter Sunseeker, with five or six crew members, four guest cabins, and a couple of master cabins, or a master and a VIP. They might have 20 guests so there would be a total of about 30 users and some 50 devices for those users. There is also all the AV equipment. And we've gone right up to a 120-meter superyacht, with 50 to 100 crew and space for about 200 guests. We've also got a couple of ski chalets, and a private island in Ibiza. A few hundred users is its top end, but as far as network-connected endpoints go, it could be in the few thousands of devices.
Cisco Firepower NGFW Firewall: VM
The primary use case is mainly around perimeter security at the HQ and the branch. This will include using the Next-Generation Intrusion Prevention System (NGIPS), using advanced malware protection for networks on the firewall, and remote access VPN as well as site-to-site VPN.
I work for a Cisco partner and managed service provider. We have a number of customers. Typically, the standard setup that we have is a Firepower Management Center Virtual, running in VMware, with physical FTD appliances (as the firewalls) on-premises.
We work with more mid-size organizations who typically have email security, web security, endpoint security, and perimeter security. In terms of products, that would be:
- Cisco Umbrella
- Cisco Cloud Email Security
- Cisco Secure Endpoint
- Firepower, for the perimeter.
That would be a typical technology mix. Sometimes, some customers will consume something like Duo Security for multi-factor authentication.
We are primarily running ASA Firewalls with the FTD image. We are also running some Firepower 1000 Series.
reviewer1627155 says in a Cisco Firepower NGFW Firewall review
Senior Systems Engineer at a tech services company with 201-500 employees
Technically, it is a very good firewall, but some improvements need to be done on the management side. I would advise getting a consultant or someone from Cisco to help you in implementing and using this firewall to its fullest extent.
We don't use workload integration as of now. We also don't use its dynamic policy capabilities to enable tight integration with a secure workload at the application workload level. Similarly, we don't use the solution's tags for VMware, AWS, or Azure for dynamic policies implementation in the cloud.
I would rate Cisco Firepower NGFW Firewall an eight out of 10.
We are using Firepower for outbound/inbound traffic control and management as well as for our internal security. We are using it for LAN security and VMware network security. It is a hardware device, and it is deployed on-prem.
Our target is to make our network 100% secure from the outside and inside traffic. For that, we are using the latest versions, updates, patches, and licenses. We have security policies to enable ports only based on the requirements. Any unnecessary ports are disabled, which is as per the recommendation from Cisco. For day-to-day activity monitoring and day-to-day traffic vulnerabilities, we have monitoring tools and devices. If there is any vulnerability, we can catch it. We are constantly monitoring and checking our outside and inside traffic. These are the things that we are doing to meet our target of 100% security.
We have a number of security tools. We have the perimeter firewalls and core firewalls. For monitoring, we have many tools such as Tenable, Splunk, etc. We have Cisco Prime for monitoring internal traffic. For malware protection and IPS, we have endpoint security and firewalls. The outside to inside traffic is filtered by the perimeter firewall. After that, it goes to the core firewall, where it gets filtered. It is checked at port-level, website-level, and host-level security.
We have the endpoint security updated on all devices, and this security is managed by our antivirus server. For vulnerabilities, we have a Tenable server that is monitoring all devices. In case of any vulnerability or attacks, we get updated. We are also using Splunk as SIEM. From there, we can check the logs. If any device is attacked, we get to know the hostname or IP address. We can then check our monitoring tool and our database list. We can see how this attack happened. We have configured our network into security zones. We have zone-based security.
In some cases that I'm aware of, when moving from specific platforms like Check Point, Firepower has offered a much easier way of working with the platform and deploying changes. For the customer, it's a lot easier in the newer platform than it was in the previous one.
I've done network assessments, where we wanted to get visibility into all flows. I used Firepower boxes for some of those, where we tapped a line and let Firepower see all the traffic. It was incredibly helpful in picking up all of the flows of data. As a result, I was able to give information to the customer, saying, "This is what it's doing and this is what it's seeing in your network." I find it very helpful to get all that type of data. It's got a lot more information than NetFlow-type systems.
There have also been use cases where I'm doing east-west and north-south in the same firewall box. That is possible with SGTs and SD-Access and Firepower. That ability has been critical in some of the designs we've done. A scenario would be that we have an underlay, a corporate network, and a guest network VRF-routed zone; big macro security zones. We are doing micro-segmentation at the edge with SD-Access, but the macro-segmentation between the zones is handled by the firewall. Because we didn't want to split up our east-west and north-south, because there really wasn't a budget for it, they're on the same box. That box is able to do both flows that go towards the internet and flows that go between the different interfaces on the firewall. We're using SGTs in those policies and we're able to extend the logic from the SD-Access environment into the firewall environment, which creates a very unified approach to security.
We're also able to implement dynamic policies for dynamic environments with 7.0. That's becoming more and more important every day. IPs are becoming less important; names and locations and where things live in the cloud mean things are becoming a lot more fluid in the world of security. It's very helpful to have objects and groups that can follow that fluidity along, as opposed to me trying to do it old school and static everything up. No one has time for that. Dynamic policy capabilities enable tight integration with Secure Workload at the application workload level. The IP is less relevant and the application or the VMware tag can be tied to a specific ruleset. It's very helpful to be able to have it be so dynamic now. We're using more and more of those dynamic group concepts.
When it comes to the solution’s tags for dynamic policy implementation in cloud environments, VMware is the primary one I'm seeing these days, but I expect Azure to pick up significantly. The use of these tags for dynamic policy implementation in cloud environments simplifies things. We don't have to have so much static stuff pinned up. We can just have a single rule that says, "If it's this tag, then do this," as opposed to, "If it's this IP and this IP and this other IP, then you're allowed to do this thing." By disconnecting it from the IP address, we've made it very flexible.
Palo Alto Networks VM-Series: VM
We have recently begun working with Palo Alto Networks VM-Series.
I have been using the Palo Alto VM-Series Firewall for a few months.
The Palo Alto VM-Series is a firewall that is part of our security solution.
VishalGilatar says in a Palo Alto Networks VM-Series review
IT Security Head with 1,001-5,000 employees
Palo Alto VM Series is a firewall that makes up part of our security solution, handing IPS, IDS, and other security measures.
I only have experience with Palo Alto; I don't know much about other VM firewall solutions.
Barbara Kipp says in a Palo Alto Networks VM-Series review
Manager, Information Technology at SWPA Corp
The primary use case of this solution is as a firewall for our servers.
We are running a total of 12 servers. Four of them are hardware servers and the rest are VMware servers. We have about 80 clients running Windows 10.
reviewer1415211 says in a Palo Alto Networks VM-Series review
Senior Manager Network Engineering at a manufacturing company with 10,001+ employees
I have been working with the Palo Alto VM-Series for four years.
reviewer1267734 says in a Palo Alto Networks VM-Series review
Executive Cyber Security Consultant at a tech services company with 11-50 employees
Palo Alto VM-Series is something we recommend as a firewall solution in certain situations for clients with particular requirements who have the budget leeway.
reviewer1415460 says in a Palo Alto Networks VM-Series review
Senior Network Architect at a manufacturing company with 5,001-10,000 employees
The VM-Series firewall is part of our overall security solution.
reviewer1286028 says in a Palo Alto Networks VM-Series review
Security Operations Specialist at a logistics company with 201-500 employees
I would definitely recommend this solution. It comes under the top industry leaders and is comparable to other top products in this category.
I would rate Palo Alto Networks VM-Series a nine out of ten.
It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities.
There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments.
It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity.
What I like about the VM-Series is that you can launch them in a very short time. You don't have to wait for the hardware to route for them to be staged and installed. From that perspective, it's easy to launch and it's good because it is more scalable.
The product is quite responsive.
reviewer1303821 says in a Palo Alto Networks VM-Series review
Network Security Engineer at a tech vendor with 51-200 employees
We are a solution provider and the Palo Alto VM-Series is one of the products that we implement for our customers. Our customers use this virtualized next-generation firewall as part of their security solution.
I am the guy they call up first for the central infrastructure and configuration of the malware, firewall, and main applications, and I use Palo Alto Networks VM-Series for that.
reviewer1448568 says in a Palo Alto Networks VM-Series review
IT Infrastructure Architect at a financial services firm with 10,001+ employees
With Palo Alto VM-Series, we are capable through a single point of management and visualization both in infrastructure and on premises and in the cloud. This allows us to improve the speed to create new rules, speed up the resolution of problems, having a holistic vision of our firewall infrastructure.
We use the solution for hands-on testing purposes and also for activating firewall re-entries, which is easy to accomplish. We only need to turn up the VM to the firewall. This serves users who are working at home due to the COVID-19 pandemic. We also utilize the solution in respect to several servers which are behind the firewall.
Fortinet FortiGate-VM: VM
reviewer1224273 says in a Fortinet FortiGate-VM review
Manager Information Technology at a media company with 51-200 employees
reviewer1222689 says in a Fortinet FortiGate-VM review
Managing Director at a tech vendor with 11-50 employees
reviewer997284 says in a Fortinet FortiGate-VM review
Network Engineer at a maritime company with 201-500 employees
FortiGate-VM is installed in our data centers and is used for site-to-site connections between offices.
I have been using FortiGate-VM for approximately one year.
The price of FortiGate-VM is high and should be more competitive.
In the next release, we would like to see full integration with VMware NSX virtualized networks.
The solution has a moderate amount of scalability potential. I wouldn't say it's the best, however, it is possible to scale it if you need to.
We have about 25-30 people on the VM currently.
reviewer1385283 says in a Fortinet FortiGate-VM review
Network Enginner at a comms service provider with 10,001+ employees
I use FortiGate-VM for testing.
Data reporting could be improved and also in terms of performance, some improvement should be made on VM, it should be more optimized. Scalability of the solution could also be improved.
For an additional feature, Fortinet should add more SD-WAN with caching as a special functionality. It should be integrated with Fortinet.
The virtual and hardware versions of the solution are mostly the same.
The VM it's very quick for deployment. If we need to have a POC for a customer, if we don't have any hardware physically at our premises, at our store, in our office, we can download the VM from Fortinet and install all the VM to their environment in order to run it. If we have a customer that says "let's start tomorrow" we are able to do that in a way that's not possible with a hardware version.
Normally Fortinet is very flexible that it supports almost all environments.
The solution is user friendly.
The cost of the solution is pretty fair.
The documentation is very good.
The SD-WAN is very good, as compared to, for example, Citrix SD-WAN which has an overall lack of security and needs to leverage other devices, like Palo Alto, to cover this.
reviewer1428657 says in a Fortinet FortiGate-VM review
IT Director at a retailer with 1,001-5,000 employees
We have been using Fortinet FortiGate-VM for almost two years.
reviewer1238931 says in a Fortinet FortiGate-VM review
Junior Network Engineer at a tech services company with 11-50 employees
The installation process is very easy with FortiGate VM. We can easily deploy it. That said, we did run into issues with some customer requirements and our engineers were forced to get involved. Occasionally, it takes too much time to configure certain aspects. However, a basic configuration is pretty easy.
reviewer1212075 says in a Fortinet FortiGate-VM review
Owner at a financial services firm with 1-10 employees
I would rate Fortinet FortiGate-VM a nine out of ten.
reviewer1504884 says in a Fortinet FortiGate-VM review
Systems Engineer at a tech services company with 501-1,000 employees
Most of the use cases that we have are SD-WAN and perimeter firewall related.
Our clients are mostly small to medium-sized businesses. We also have large enterprise clients that range from 1,000 to 8,000 users. We haven't planned to increase the usage, but we are currently using Fortinet FortiGate-VM for perimeter firewalls and SD-WAN for our branch offices.
reviewer1512672 says in a Fortinet FortiGate-VM review
Project Coordinator at a marketing services firm with 201-500 employees
We use Fortinet FortiGate-VM as a firewall to deliver high-performance network security solutions that protect our network and data from evolving threats.
The solution is FortiGate 60D and FortiGate-VM is FortiOS 5.2.2. I'm not sure which version of the solution we are currently on.
Our company exports this solution to large customers. We're partners with Fortinet.
We have the solution on a local server.
I'd rate the solution at an eight out of ten.
Lindsay Mieth says in a Fortinet FortiGate-VM review
CISO at a religious institution with 501-1,000 employees
We work with the government and the customers do not want the VM solution, they prefer appliance solutions.
reviewer1401510 says in a Fortinet FortiGate-VM review
Team leader technical support at a manufacturing company with 201-500 employees
I would definitely recommend this solution. I was advised to be very skeptical about the performance statistics as indicated in the documentation, but I didn't find that to be the case. It is very scalable with good performance.
I would rate Fortinet FortiGate-VM an eight out of ten.
I would recommend this solution to others. Especially if they are new to these types of solutions, it is easy to understand.
I rate Fortinet FortiGate-VM an eight out of ten.
I have been using Fortinet Fortigate-VM for the past two years.
We installed Fortinet FortiGate-VM for security purposes. Our main motivation is for security reasons and improving networking.
For firewall devices, Fortinet is very good. They can improve on other solutions, I have used some solutions in the past that did not have a good UI. There are other things that Fortinet as a whole can focus on.
I rate Fortinet FortiGate-VM a nine out of ten.
reviewer1602627 says in a Fortinet FortiGate-VM review
Network Security Engineer at a tech company with 201-500 employees
I have been an integrator for Fortinet FortiGate-VM for a couple of years.
reviewer1054542 says in a Fortinet FortiGate-VM review
Consultant at a comms service provider with 11-50 employees
I have been using Fortinet FortiGate-VM for the past three years.
Aurelio Rodas says in a Fortinet FortiGate-VM review
IT Specialist at a tech services company with 51-200 employees
It's very stable. I remember only one case in which we had issues with a routing protocol. This was the big problem that I had with FortiGate, as they had some issues and they reduced the equipment. However, in the last five years, it was the one lone situation that I opened a case for and they took a lot of time to get to the solution, which was an SBS and BGP routing protocol into the FortiGate. That said, that issue was on an appliance, not a VM solution.
reviewer1622106 says in a Fortinet FortiGate-VM review
Project manager at a comms service provider with 10,001+ employees
I would rate Fortinet FortiGate-VM a 10 out of 10. It tops others in terms of performance.
reviewer1641246 says in a Fortinet FortiGate-VM review
Senior Security Engineer at a energy/utilities company with 1,001-5,000 employees
The use case for VMs is if you're going to deploy them like a SaaS edge, to protect your applications or provide deeper visibility into the traffic. Or you could use it in your data centers as well. However, that's not our preference.
We primarily use the solution for network segmentation at our data centers and remote connectivity to our distributed sites.
We use Fortinet FortiGate-VM for managing inbound and outbound internet traffic through our environment. Sometimes, we also use it for managing the site's internet outbound and routing. We also use it for IPSec on Azure. We also have an on-premises environment, and we're using it for IPSec on that environment.
All the routing happens through it because we're swinging all the traffic on the Azure side through a firewall which is basically the gateway. It acts as the gateway and manages outbound traffic in that environment. We have also set up the SSL VPN for users. We do have FortiGate on-premise, and we set up the SSL VPN connection for users.
I have been using Fortinet FortiGate-VM for more than two years.
We are using the latest version.
reviewer1625292 says in a Fortinet FortiGate-VM review
Creative Head/Director at a marketing services firm with 1-10 employees
We use the solution for creating IPsec tunnels and web and application filters. We use it for monitoring virtual traffic on platforms including VMware solutions.
reviewer1651302 says in a Fortinet FortiGate-VM review
Director Of Technology at a tech services company with 1,001-5,000 employees
Fortinet FortiGate-VM may be installed on Azure or AWS.
You can either install it in your data center alongside your virtual applications or put it in the public cloud to secure it.
Edd Bautista says in a Fortinet FortiGate-VM review
Engineering Manager at Primatel Communication Snd Bhd
We're using FortiGate-VM on-prem for our firewalls. The Fortinet component in the cloud is FortiGuard. We get our virus definitions regularly updated from the cloud, but the FortiGate firewalls are all on-prem. While the virtual firewalls are created inside the physical firewall, there is an option for a virtual machine firewall where we'll give you the VHD file, and you can install it to a server.
Virtual machines aren't widely used in Brunei because the Brunei government isn't ready for these things yet. They're more confident in hardware, but everything is slowly starting to head in this direction. Others are watching what will happen when people use the apps before they try them.
I've been using FortiGate-VM for six years.
reviewer1280259 says in a Fortinet FortiGate-VM review
Information Security Manager at a financial services firm with 501-1,000 employees
We use FortiGate-VM to access clients' networks. These are generally Azure cloud environments in which we set up resources for clients to use.
We use Fortinet FortiGate-VM as an SD-WAN solution and for security profiles.
I do not recall which version we are using.
I have been working with FortiGate products for the past five years and with Fortinet FortiGate-VM for the past year.
I occasionally implement Fortinet for clients.
In the most recent instance, we had a cloud implemented and I was driving the infrastructure. The client had separate areas inside it purposely. They needed to implement a FortiGate solution in the same client, with different VMs, for different clients, to make different areas for these clients.
reviewer1718730 says in a Fortinet FortiGate-VM review
User at a hospitality company with 10,001+ employees
Fortinet FortiGate-VM is easy to use.
reviewer1691751 says in a Fortinet FortiGate-VM review
Principal Network Engineer at a computer software company with 201-500 employees
We have two people running the solution and another 50 to 80 people using the solution, so we have a relatively small setup.
The solution is scalable and can be deployed to multiple VMs.
This product is very scalable. I always buy hardware that can handle a lot of connections and a lot of users. So, in terms of scalability, all you have to do is upgrade your hardware. Or, it is especially scalable if you use the VM version because you only have to provision more resources.
We regularly have between 20 and 50 users, although sometimes it is as little as 5 or 10.
Check Point NGFW: VM
It is easy to deploy or upgrade. There is no need to do this manually with commands. This solution can be set up online.
We have two devices. Right now, we are deploying and upgrading a new setup, where you can do management, management plus gateway on the device, or virtually you can install your management device on VMware or Hyper-V. With the Hyper-V and the Management Server, you can access all the gateways. For the Management Server and gateways, we have an activation key.
Our company works in developing and delivering online gambling platforms. The Check Point NGFWs are the core security solution we use to protect our DataCenter environment located in Asia (Taiwan). The environment has about ~50 physical servers as virtualization hosts, and we have two HA Clusters consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix. The Clusters serve as firewalls for both inter-VLAN and external traffic.
There are now more competitors in the market, like Palo Alto and VMware.
Palo Alto is a bit more smooth and cost-efficient than Check Point. Palo Alto has Unified Threat Management (UTM) coupled with a dake lake database that is huge. Also, its migration is more smooth than Check Point's.
The most valuable feature is the centralized management, which gives us control over all of the Check Point gateways. This means that you do not need to connect to each gateway and make the necessary changes.
Cluster functionality, "ClusterXL", works like a charm. A rollover to the standby gateway does work with no noticeable delay in the network.
You can buy a Check Point appliance or install the Check Point NGFW as a VM on your own hardware.
The extremely wide function horizon covers almost every possible scenario.
reviewer1425090 says in a Check Point NGFW review
Network and Security Specialist at a tech services company with 51-200 employees
The initial setup was straightforward. I told one of my colleagues in my last job, "Just follow the prompts and you should be able to install it. It is a very simple, basic thing. Just do it as a gateway, then that's it. You are done".
Before, on R77.30, there were cluster IDs and people needed to know what they were doing. In the R80 cluster, the cluster ID is gone, so it is very straightforward and you don't have to be an expert to install it.
A new installation on the VMs (about a week ago) took me around 20 minutes or less. This was a lot faster than I imagined, and I've created quite a lot of resources to their management and Gateway as well.
AshishRawat says in a Check Point NGFW review
Firewall Administrator at a tech services company with 1,001-5,000 employees
In our company we do setup of Check Point firewalls very frequently because we are a growing company and we are required to do them on a fresh basis for our new branches.
The initial setup for these firewalls is straightforward. There's nothing complex about Check Point firewalls. They are easy to install and configure. We have cloud-based VM firewalls. We configure them in our environment. It is easy to access them and it is also easy to implement the changes on them.
Deployment time depends on the condition and the space of the organization. In our case, it requires three to six months for the setup phase. We have the same implementation strategy for all our branches, which is very simple. It is a three-level hierarchy which is recommended by Check Point. We use the SmartConsole, we use the Security Gateway, and we use the Security Management Server.
In my organization there are six people who have the access to the Check Point firewalls. Two of them are network administrators and four are managers.
Arun Jethy says in a Check Point NGFW review
Sr. Network Engineer at a tech services company with 51-200 employees
We are using this solution for the security enhancement of our internal company network. This is to protect our customers as well as internal users from the untrusted network or outside world.
I am using the physical appliances of Check Point Firewall as well as virtual machines (VMs). We are using the same versions of R80 on our VMs that we are using for our physical appliances.
reviewer1721655 says in a Check Point NGFW review
Networking engineer at Hewlett Packard Enterprise
The solution should be evaluated and a trial run should be done in the lab as Check Point provides VM instances that can be installed on an open server box. Make sure to check with sales about the features and if they require additional licenses before purchasing.
Palo Alto Networks NG Firewalls: VM
reviewer1232628 says in a Palo Alto Networks NG Firewalls review
Solutions Architect at a comms service provider with 501-1,000 employees
We use both the NG and VM series of Palo Alto firewalls. We sell and install them for clients to provide the best security that money can buy. Additionally, adding SD WAN on the same edge device has made an all-in-one, security-edge-intelligent routing solution possible without sacrificing performance or a secure environment.
reviewer1447032 says in a Palo Alto Networks NG Firewalls review
Senior Network Engineer at a tech services company with 201-500 employees
The best feature of this solution is the GlobalProtect, followed by the App-ID feature which is very good. I also like the VMS feature.
reviewer1461459 says in a Palo Alto Networks NG Firewalls review
Team Lead Network Infrastructure at a tech services company with 1-10 employees
The solution can be used in the data center it can be used as perimeter firewalls and gateways as well. It can be used anywhere. From the systems side, the data center side, or I typically recommend that it be deployed in a VM, as it may be able to see the internet traffic and specifically it would basically look into the details of a virtualized environment as well.
The initial setup is pretty straightforward. We just had to do the initial configuration of hardware, deploy our Panorama VM and integrate with hardware firewall, and it is pretty simple. It's also quite self-explanatory.
Gerry Hicks says in a Palo Alto Networks NG Firewalls review
CyberSecurity Network Engineer at a university with 5,001-10,000 employees
We're slowly migrating our on-premises solutions to the cloud. We implemented the next largest size VM for the PA-7050s because we're using 7050s on-premises, due to the bandwidth requirement of 100 GBS.
After changing our firewalls to 7050s last year and this year, both our internal firewalls and our border firewalls are 7050s.
Fortinet FortiOS: VM
I think Fortinet needs to improve their support. They are not one of the gold star rating support companies. There are a few big vendors like Cisco, EMC, VMware with gold star support rating. The support is sometimes not up to the mark.
SonicWall NSV: VM
Niranjan Prajapati says in a SonicWall NSV review
Network & System Support Engineer at a tech services company with 11-50 employees
The initial setup is straightforward. It is easy to deploy.
I've done a number of deployments for our clients. We haven't had any difficulties. It's working well.
I am familiar with the GUI, which helps with the deployment process.
The deployment is normally 20 to 30 minutes, but it depends on the hardware configuration.
For example, when we deploy in a VMware platform or a Hyper-V platform it can take anywhere from 25 to 45 minutes to complete.
Check Point CloudGuard Network Security: VM
It's meeting our needs at this time. If I could make it better, it would be by making it more standalone. That would be beneficial to us. I say that because our current platform for virtualization is VMware. The issue isn't any fault of Check Point, it's more how the virtualization platform partners allow for that partnership and integration. There has to be close ties and partnerships between the vendors to ensure interoperability and sup-portability. There is only so far that Check Point, or any security vendor technology can go without the partnership and enablement of the virtualization platform vendor as it relies on "Service Insertion" to maintain optimal performance.
We are frequently in contact with Check Point's Diamond Support, Product Development Managers as well as their sales team, as we look to keep apprised of where the product ius and should be going. Most of our requests have been around our physical assets, the physical UTM devices — Check Point Maestro, as an example — as well as their endpoint systems. There has not been anything at this time where we've said, "We wish CloudGuard did X differently." CloudGuard, in my opinion, having recently talked with them, is continously improving and is incorporating some of their recently acquired capabilities, such as Dome9 cloud compliance. Those are areas I have been evaluating and looking to add to my environment. My preference would be that it be included in my CloudGuard subscription licensing, and not an add-on; But that's the only thing that I could say that would be beneficial to us as an enhancement to the system.
Our company works in the area of developing and delivering online gambling platforms. The Check Point Next-Generation Firewalls are the core security solution that we use for the protection of our DataCenter environment located in Asia (Taiwan).
The environment has about 50 physical servers as virtualization hosts, and we have two HA Clusters that consist of 2x5400 hardware appliances, managed by an OpenServer Security Management Server on a Virtual Machine (KVM), all running on R80.10 with the latest JumboHotfix.
The Check Point Virtual Systems are activated on the NGFWs to logically divide the firewall into two parts. One is for serving internal, intra-VLAN traffic, and the other is for serving the external traffic coming from the Internet.
reviewer1518027 says in a Check Point CloudGuard Network Security review
Electronic Engineer at a tech vendor with 11-50 employees
We're solutions providers. We're partners with Check Point. We offer integrations and support. This is one of the products we offer to our clients.
We're using the latest version of the solution. The platform is R80.40. It's deployed on VMware's virtual environment.
I'd recommend the solution to other organizations. The likelihood of running into issues is low.
I'd rate the solution at a nine out of ten. We've largely been satisfied with the product.
reviewer1213497 says in a Check Point CloudGuard Network Security review
DBA Team Lead with 51-200 employees
After I made up my mind to migrate it to another solution, I was kind of checking all the other firewalls, the FortiGate, Check Point, pfSense and OPNsense, and Check Point has pretty simple solutions, like the virtual appliance which you just download and it is imported into VMware and you just start using it. You just have to know Check Point's GUI so you can manage your IP addresses and access rules and stuff. But as I said, Check Point is really advanced and the GUI is kind of advanced, which the customer reports actually prove.
reviewer1670154 says in a Check Point CloudGuard Network Security review
Firewall Engineer at a logistics company with 1,001-5,000 employees
Having the whole environment be under the same management is definitely is a plus.
Using a scale set to increase/decrease the amount of firewalls in the cloud helps with saving costs in the long run, as they will only increase if traffic increases and therefore saving us on licensing costs. For a normal Cloud Guard you pay for each core, so using the SS you don't have to fully size and pay for the maximum amount of traffic.
It's possible to sync the Check Point Management with the cloud portal, therefore allowing automated rules to be set in place whenever creating a new VM.