We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
"The customer service/technical support is very good with this solution."
"The Adversity Malware Protection (AMP) feature is the most valuable. It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard."
"The most valuable feature is the access control list (ACL)."
"A good intrusion prevention system and filtering."
"Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches."
"The implementation is pretty straightforward."
"Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."
"Among the most valuable features are the DDoS protection that protects your virtual machines, the threat intelligence, and traffic filtering."
"Network filtering is valuable. The scalability capability from the cloud-native service helps us a lot because it simplifies our day-to-day maintenance activity."
"I think that one of the best features is definitely the premium version, along with the IDPs in terms of the intrusion detection and prevention system."
"Microsoft's technical support is very good. They're quite knowledgable and responsive."
"Performance and stability are the key features of this product."
"Great security and connectivity."
"The solution has many useful features. For example, the solution allows users to create virtual IP addresses."
"The feature that I have found the most valuable is the control over the network permissions and the network."
"Palo Alto Networks VM-Series is very easy to use."
"The most valuable feature is that you can launch it in a very short time. You don't have to wait for the hardware to arrive and get it staged and installed. From that perspective, it is easy to launch. It is also scalable."
"The feature that I have found the most useful is that it meets all our requirements technically."
"The most valuable features are security and support."
"It has excellent scalability."
"The interface with Panorama makes it very easy to use."
"In Palo Alto the most important feature is the App-ID."
"The most valuable features are web control and IPS/IDS."
"I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"Cisco Firepower NGFW Firewall can be more secure."
"It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility."
"I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here."
"They can improve the pricing of Azure Firewall."
"This solution is not mature when it comes to handling perimeter traffic like internet browsing."
"Azure Firewall has limited visibility for IDPS, no TLS inspection, no app ID, no user ID, no content ID, no device ID. There is no antivirus or anti-spyware. Azure Firewall doesn't scan traffic for malware unless it triggers an IDPS signature. There is no sandbox or machine learning functionality, meaning we are not protected from Zero-day threats. There is no DNS security and limited web categories."
"It would be nice to be able to create groupings for servers and offer groups of IP addresses."
"It is a cloud service, but the lending speed for each region is not always the same. For example, in China, the speed is slow. They need to think about how to make sure that the service pace or speed is always the same in all regions. It would be a great improvement if they can provide the same pace worldwide."
"There are a number of things that need to be simplified, but it's mostly costs. It needs to be simplified because it's pretty expensive."
"The product could be made more customizable."
"The reporting, logging, and monitoring features, as well as the flexibility of the policies, need to be improved."
"There should be an option for direct integration with the Azure platform."
"It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities. There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments. It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity."
"Integrative capabilities with other solutions should be addressed."
"The one issue that I didn't like is that the SNMP integration with interfaces didn't record the interface counters."
"It'll help if Palo Alto Networks provided better documentation."
"The user interface could use some improvement."
"The command-line interface is something that some people struggle with and I think that they should have an option to go straight to the GUI."
"I would like to have automatic daily reporting, such as how many users have connected via SSL VPN."
"I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
"I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
"There are additional implementation and validation costs."
"For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
"The solution was chosen because of its price compared to other similar solutions."
"I am happy with the product in general, including the pricing."
"Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees."
"This product requires licenses for advanced features including Snort, IPS, and malware detection."
"The licensing module is good."
"Azure Firewall is more expensive. If Microsoft can make Azure Firewall cheaper, I can see that all clients will think of using it. One client used FortiGate because it is much cheaper. Some clients ask me for Cisco, but in the cloud estimate, I found its cost is the same as Azure Firewall."
"Azure Firewall is quite an expensive product."
"It is pay-as-you-go. So, you pay based on the usage. If I remember it well, there is a basic fee, and there is a traffic fee. It is not per month. It is per hour or something like that. It is not so expensive."
"The total cost of ownership is much less than Palo Alto, Cisco, or any other brand."
"The cost of this product varies from customer to customer and the relationship with IBM, including how many offerings from IBM are already being used."
"Because I work for a university and the URL is for the institution, it's a free license for us."
"It is not the cheapest on the market. The total cost for two firewall instances is $75,000. This includes licenses, deployment fees, and support for two years."
"Palo Alto can be as much as two times the price of competing products that have twice the capabilities."
"The price of this solution is very high for some parts of Africa, which makes it a challenge."
"The VM series is licensed annually."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.
The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM.
The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports.
In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.
Azure Firewall is ranked 16th in Firewalls with 19 reviews while Palo Alto Networks VM-Series is ranked 11th in Firewalls with 16 reviews. Azure Firewall is rated 7.4, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Azure Firewall writes "Good value for your money, good URL filtering, supports intrusion prevention, and is stable". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "An excellent solution for the right situations and businesses". Azure Firewall is most compared with Palo Alto Networks NG Firewalls, Fortinet FortiGate-VM, Check Point NGFW, Cisco ASA Firewall and Fortinet FortiOS, whereas Palo Alto Networks VM-Series is most compared with Fortinet FortiGate, Cisco ASA Firewall, Juniper SRX, Fortinet FortiGate-VM and Palo Alto Networks NG Firewalls. See our Azure Firewall vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.