We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches."
"One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses."
"The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands."
"We have not had to deal with stability issues."
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
"The most valuable feature is the integration into the overall cloud platform."
"Performance and stability are the key features of this product."
"The solution has many useful features. For example, the solution allows users to create virtual IP addresses."
"I can easily configure it."
"Great security and connectivity."
"Network filtering is valuable. The scalability capability from the cloud-native service helps us a lot because it simplifies our day-to-day maintenance activity."
"Microsoft's technical support is very good. They're quite knowledgable and responsive."
"The solution is very stable. When comparing it to other environments, it's actually quite impressive."
"One of the advantages of pfSense is that it is very easy to work with. It is a very good open-source solution, and it works really well. pfSense provides a complete package. For some features, it could be the first solution in the world. It is a very good alternative in the market for a firewall solution. You don't need to go to Cisco or other brands with expensive firewalls. pfSense also allows us to offer some support services."
"I'm the expert when it comes to Linux systems, however, with the pfSense, due to the web interface, the rest of the staff can actually make changes to it as required without me worrying about whether they've opened up ports incorrectly or not. The ease of use for non-expert staff is very good."
"I have found the firewall portion for the blocking most valuable."
"The scalability is very good, where you can do an HA configuration and then bring in another box, if necessary."
"What I like about pfSense is that it works well and runs on an inexpensive appliance."
"I have found the most valuable features to be antivirus and malware protection."
"The initial setup was simple and fast."
"The VPN is my favorite feature."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"It would be great if some of the load times were faster."
"On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it."
"The initial setup could be simplified, as it can be complex for new users."
"Deploying configurations takes longer than it should."
"One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically."
"I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here."
"The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area."
"The interface could be improved, it's not very user friendly."
"The solution doesn't offer the same capabilities of Fortinet. It should offer intrusion prevention and advance filtering. These are two very useful features offered on Fortinet that Azure lacks."
"Currently, it only supports IP addresses, so you have to be specific about the IPs that are in your environment."
"Azure Firewall has limited visibility for IDPS, no TLS inspection, no app ID, no user ID, no content ID, no device ID. There is no antivirus or anti-spyware. Azure Firewall doesn't scan traffic for malware unless it triggers an IDPS signature. There is no sandbox or machine learning functionality, meaning we are not protected from Zero-day threats. There is no DNS security and limited web categories."
"You have to have a defined IP range within your network to associate it with your network. The problem is you have to plan ahead of time if you expect to use the firewall in the future so that you don't have to reconfigure your subnets or that specific IP range. Other than that, I don't any issues. I use it for basic configuration for a single application, so I really don't try to leverage it for multiple applications where I might find some complexity or challenges."
"The threat intelligence part could be better. I don't see why our customers have to get an additional solution with Azure Firewall. It would be great if they made it on par with Palo Alto."
"We find it's different implementing it region-to-region. It might help if it was universal across all regions."
"They can improve the pricing of Azure Firewall."
"The VPN feature of the solution could improve by adding better functionality and providing easier configure ability."
"I've never tried it in large environments. All my clients are small businesses with a handful of employees, so I am not sure how it works in large environments. I keep up with recent versions, and there's nothing I'm waiting for, and nothing breaks when I get a new version."
"Lacks instructional videos."
"They could improve their commercial stance and be more agile when it comes to the commercial pricing of enterprise deals."
"There is more demand for UTMs than a simple firewall. pfSense should support real-time features for handling the latest viruses and threats. It should support real-time checks and real-time status of threats. Some other vendors, such as Fortinet, already offer this type of capability. Such capability will be good for bringing pfSense at the same level as other solutions."
"I'd like to find something in pfSense that is more specific to URL filtering. We have customers who would like to filter their web traffic. They would like to be able to say to their employees, "You can surf the web, but you cannot get access to Facebook or other social media," or "You can surf the web, but you're not allowed to gamble or watch porn on the web." My technicians say that doing this kind of stuff with pfSense nowadays is not easy. They can implement some filters using IP addresses but not by using the names of the domains and categories. So, we are not able to exclude some categories from the allowed traffic, such as porn, gambling, etc. To do that, we have to use another product and another web filter that uses DNS. I know that there are some third-party products that could work with pfSense, but I'd like the native pfSense solution to do that."
"pfSense could improve by having a sandboxing feature that I have seen in SonicWall. However, maybe it is available I am not aware of it."
"Web interface could be enhanced and more user friendly."
"There are additional implementation and validation costs."
"I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
"Pricing is the same as other competitors. It is comparable. The licensing has gotten better. It has been easier with Smart Licensing."
"When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis."
"The solution was chosen because of its price compared to other similar solutions."
"Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
"It definitely competes with the other vendors in the market."
"I am happy with the product in general, including the pricing."
"It is pay-as-you-go. So, you pay based on the usage. If I remember it well, there is a basic fee, and there is a traffic fee. It is not per month. It is per hour or something like that. It is not so expensive."
"The total cost of ownership is much less than Palo Alto, Cisco, or any other brand."
"The licensing module is good."
"Azure Firewall is more expensive. If Microsoft can make Azure Firewall cheaper, I can see that all clients will think of using it. One client used FortiGate because it is much cheaper. Some clients ask me for Cisco, but in the cloud estimate, I found its cost is the same as Azure Firewall."
"Azure Firewall is quite an expensive product."
"The solution is free. However, you need to pay for support."
"This solution provides enterprise-level features at a fraction of the cost of an enterprise firewall."
"I would recommend it for a small business or a startup as a starting point. It's also good for companies that are on a tight budget."
"I am using the free version of pfSense."
"The price of pfSense is reasonable. However, there is a free version available."
"I am using the community version of the solution and it is priced well. There is a cost of learning how to use the solution, if it was free it would be better."
"Our customers must pay for an annual license."
"It is open source."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.
Azure Firewall is ranked 16th in Firewalls with 19 reviews while pfSense is ranked 3rd in Firewalls with 53 reviews. Azure Firewall is rated 7.4, while pfSense is rated 8.6. The top reviewer of Azure Firewall writes "Good value for your money, good URL filtering, supports intrusion prevention, and is stable". On the other hand, the top reviewer of pfSense writes "Feature-rich, well documented, and there is good support available online". Azure Firewall is most compared with Palo Alto Networks NG Firewalls, Palo Alto Networks VM-Series, Fortinet FortiGate-VM, Check Point NGFW and Fortinet FortiGate, whereas pfSense is most compared with OPNsense, Fortinet FortiGate, Sophos UTM, Sophos XG and Zyxel Unified Security Gateway. See our Azure Firewall vs. pfSense report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.