We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"The feature set is fine and is rarely a problem."
"Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
"The solution offers very easy configurations."
"The most valuable features of this solution are advanced malware protection, IPS, and IDS."
"The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands."
"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."
"The solution can autoscale."
"Performance and stability are the key features of this product."
"I think that one of the best features is definitely the premium version, along with the IDPs in terms of the intrusion detection and prevention system."
"The feature that I have found the most valuable is the control over the network permissions and the network."
"The Layer four features are okay and meet my business needs."
"Great security and connectivity."
"The solution should be capable of self-scaling, which is one of the features we like about it."
"The most valuable feature is threat intelligence. It is based on filtering and can identify multiple threats."
"We purchased the AGSS Bundle (Advanced Gateway Security Suite) for the security services, such as antivirus, intrusion prevention system, and anti-spyware botnet GUI."
"The security of this system is fantastic, including the IPS and IDS."
"When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."
"Cisco makes horrible UIs, so the interface is something that should be improved."
"The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second."
"I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement."
"Web filtering needs improvement because sometimes the URL is miscategorized."
"The solution could offer better control that would allow the ability to restrictions certain features from a website."
"It is a cloud service, but the lending speed for each region is not always the same. For example, in China, the speed is slow. They need to think about how to make sure that the service pace or speed is always the same in all regions. It would be a great improvement if they can provide the same pace worldwide."
"The threat intelligence part could be better. I don't see why our customers have to get an additional solution with Azure Firewall. It would be great if they made it on par with Palo Alto."
"Azure Firewall has limited visibility for IDPS, no TLS inspection, no app ID, no user ID, no content ID, no device ID. There is no antivirus or anti-spyware. Azure Firewall doesn't scan traffic for malware unless it triggers an IDPS signature. There is no sandbox or machine learning functionality, meaning we are not protected from Zero-day threats. There is no DNS security and limited web categories."
"You have to have a defined IP range within your network to associate it with your network. The problem is you have to plan ahead of time if you expect to use the firewall in the future so that you don't have to reconfigure your subnets or that specific IP range. Other than that, I don't any issues. I use it for basic configuration for a single application, so I really don't try to leverage it for multiple applications where I might find some complexity or challenges."
"We find it's different implementing it region-to-region. It might help if it was universal across all regions."
"There are a number of things that need to be simplified, but it's mostly costs. It needs to be simplified because it's pretty expensive."
"It would be nice to be able to create groupings for servers and offer groups of IP addresses."
"The solution doesn't offer the same capabilities of Fortinet. It should offer intrusion prevention and advance filtering. These are two very useful features offered on Fortinet that Azure lacks."
"I would like to see the reporting opened up and have several more opportunities for automatic reports."
"There are limitations to bandwidth management."
"I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
"This solution is expensive and other solutions, such as FortiGate, are cheaper."
"The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
"The price of Firepower is not bad compared to other products."
"When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today."
"I am happy with the product in general, including the pricing."
"For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
"This product is expensive."
"The licensing module is good."
"The total cost of ownership is much less than Palo Alto, Cisco, or any other brand."
"Azure Firewall is more expensive. If Microsoft can make Azure Firewall cheaper, I can see that all clients will think of using it. One client used FortiGate because it is much cheaper. Some clients ask me for Cisco, but in the cloud estimate, I found its cost is the same as Azure Firewall."
"It is pay-as-you-go. So, you pay based on the usage. If I remember it well, there is a basic fee, and there is a traffic fee. It is not per month. It is per hour or something like that. It is not so expensive."
"Azure Firewall is quite an expensive product."
"Our initial purchase, which included a three-year term of support, was about $25,000 USD."
"We are currently using the trial version."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Azure Firewall is a user-friendly, intuitive, cloud-native firewall security solution that provides top-of-the-industry threat protection for all your Azure Virtual Network resources. Azure Firewall is constantly and thoroughly analyzing all traffic and data packets, making it a very valuable and secure fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. Azure Firewall allows users to create virtual IP addresses and provides for secure DDoS protection for the virtual machines on your network. It also provides fast and efficient east-west and north-south traffic security.
Azure Firewall is a managed, cloud-based network security service built to protect your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
Azure Firewall has two significant offerings, Standard and Premium.
Azure Firewall Standard works directly with Microsoft Cyber Security and supplies excellent L3-L7 filtering and threat awareness. The proactive real-time threat awareness will quickly alert you and immediately deny all traffic to and from any known problematic or suspicious domains or IP addresses. Microsoft Cyber Security is updated continually to protect against all new and known potential threats at all times. To learn more about Azure Firewall Standard, click here.
Azure Firewall Premium provides everything the standard version does, and additionally adds extra levels of data encryption, network intrusion detection, extended URL filtering, and Web category filters. To learn more about the added features of Azure Firewall Premium, click here.
Key Benefits and Features of Azure Firewall:
What our real users have to say:
Many IT CEntral Station (soon to be Peerspot) users found Azure Firewall to be very user-friendly and easy to use. They liked that it offers seamless integration to the cloud and were especially pleased with the threat filtering options.
Regarding integration and threat intelligence, our users wrote:
NSv delivers complete advanced threat protection, including high-performance intrusion and malware prevention, and cloud-based sandboxing with SonicWall's RTDMI technology. NSv ensures lateral movement protection, plus inbound and outbound traffic protection.
Azure Firewall is ranked 18th in Firewalls with 19 reviews while SonicWall NSV is ranked 27th in Firewalls with 2 reviews. Azure Firewall is rated 7.4, while SonicWall NSV is rated 8.0. The top reviewer of Azure Firewall writes "Good value for your money, good URL filtering, supports intrusion prevention, and is stable". On the other hand, the top reviewer of SonicWall NSV writes "Reliable, easy to scale, and reasonably priced ". Azure Firewall is most compared with Palo Alto Networks NG Firewalls, Palo Alto Networks VM-Series, Fortinet FortiGate-VM, Check Point NGFW and Cisco ASA Firewall, whereas SonicWall NSV is most compared with SonicWall NSa. See our Azure Firewall vs. SonicWall NSV report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.