We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to improve their end to end firewall functionality."
"Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
"One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses."
"Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch."
"You do not have to do everything through a command line which makes it a lot easier to apply rules."
"There are no issues that we are aware of. It does its job silently in the background."
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"The most valuable feature for us is the VSX, the virtualization."
"The activation of additional features is very easy and well documented."
"The information stored in the logs is very descriptive and includes a lot of details."
"We have between five and ten firewalls on-premises, and if we want to configure or push the same configuration to all of the firewalls, then the centralized management system is very helpful."
"We are delighted with the powerful management console and diagnostic tools."
"It has various features, like Threat Prevention and Antivirus. It is easier to use and have knowledge of a single device rather than multiple devices/technologies when doing an installation. It is also easy to use because of having Antivirus and Threat Prevention features within the same firewall."
"I like the SmartEvent feature. When we see a threat, SmartEvent can create a rule for that. SmartEvent works with the SmartCenter to block a threat attack with a block monitor. The SmartCenter has the management for all the firewalls and data centers in a single dashboard."
"The central management makes it easier, and is a time-saver, when implementing changes."
"It's a very simple to use product."
"We've found the technical support to be helpful."
"Sangfor has the best capabilities for securing connections, securing web browsers, securing servers, and general threat protection."
"While the features are not dissimilar to other brands, configuration is much more simple, which works out great for Indonesian people."
"In four steps one can configure the entire firewall."
"In terms of the most valuable features, the IPS report is quick and updated. Performance is also valuable."
"In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard."
"Implementations require the use of a console. It would help if the console was embedded."
"One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically."
"Deploying configurations takes longer than it should."
"My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement."
"The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area."
"I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement."
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."
"Interoperability with other vendors is not the strongest when it comes to setting up VPNs."
"Check Point products have many places that need to be improved, but they are constantly upgrading."
"The anti-spam needs improvement."
"Check Point should quickly update and expand its application database to have what Palo Alto has."
"Although there is a lot of automation and pattern that can be classified automatically, the IPS systems are sometimes a little bit complicated, and doing the fine-tuning in over 20,000 patterns is hard to do."
"For R80.10 and above, if you want to install a hotfix, then you can't install it through the GUI. I don't know why. In the earlier days, I was able to do the installation of hotfixes through the GUI. Now, Check Point said that you have to install hotfixes through the CLI. If that issue could be resolved, then it would be great because the GUI is more handy than the CLI."
"The only thing which I think should be improved is that training should be increased. In my position I also interview potential employees and I haven't found many people in the market, nowadays, who are familiar with the Check Point firewall. They are more familiar with Palo Alto and Cisco ASA and they are more comfortable with them."
"The pricing could be better."
"They need to increase the number of ports in the firewall."
"I believe that IAM and NGFW need to merge into a single box, instead of there being two separate box solutions."
"Occasional issues with breaches which are dealt with expediently."
"The web interface needs to be improved, making it more user-friendly."
"The solution has too many bugs and these slow down the implementation."
"The solution was chosen because of its price compared to other similar solutions."
"This solution is expensive and other solutions, such as FortiGate, are cheaper."
"It definitely competes with the other vendors in the market."
"The price of Firepower is not bad compared to other products."
"The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
"Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain."
"This product is expensive."
"This product requires licenses for advanced features including Snort, IPS, and malware detection."
"Check Point brings good value for the money and is competitive in the market."
"Cisco pushes clients to purchase their hardware, and this is not the case with Check Point. This helps to easily manage costs."
"It is not a cheap solution, which is why we are looking for another one."
"It is quite an expensive product, although security is a top priority."
"Scaling requires the purchase of additional licenses."
"Maybe the pricing is a bit high but you get the durability and the duration."
"The price of the appliance should be decreased."
"You get licensing bundles, so depending on which features you want to activate, your license is going to be more expensive. Some things, like Threat Extraction and Threat Emulation, require subscriptions."
"Sangfor is cheaper than competing vendors."
"When it comes to the price of firewall solutions, Sangfor NGAF takes the cake."
"The price is unmatcheable."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Offered via the Check Point Infinity architecture, Check Point’s NGFW includes 23 Firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance. Learn More about Next Generation Firewall and What is Firewall?
Sangfor Next Generation Firewall (also known as NGAF) is a converged security solution providing protection against advanced threat, malware, viruses, ransomware and web-based attacks using integrated security features like firewall, IPS, anti-virus, anti-malware, APT, URL filtering, Cloud Sandbox, and WAF. As the world's first AI-enabled and fully integrated Next Generation Firewall & Web Application Firewall (WAF), NGAF offering the security visibility, real-time detection and response, simplified operation and maintenance and high-performance application layer security needed to operate an enterprise network in total security. Tested and proven to provide cutting-edge network security by ICSA Labs and endorsed by Gartner Inc., NGAF harnesses the power of Sangfor’s Neural-X threat intelligence and analytics platform and Engine Zero’s innovative malware detection to provide next-generation protection for today’s enterprise.
Check Point NGFW is ranked 2nd in Firewalls with 147 reviews while Sangfor NGAF is ranked 23rd in Firewalls with 6 reviews. Check Point NGFW is rated 8.8, while Sangfor NGAF is rated 8.2. The top reviewer of Check Point NGFW writes "Central architecture means we can see an end-to-end picture of attacks". On the other hand, the top reviewer of Sangfor NGAF writes "Great pricing, reliable stability, and easy to deploy". Check Point NGFW is most compared with Fortinet FortiGate, Azure Firewall, Palo Alto Networks NG Firewalls, Meraki MX and Juniper SRX, whereas Sangfor NGAF is most compared with Fortinet FortiGate, Sophos XG, Fortinet FortiOS, Sophos UTM and Cisco ASA Firewall. See our Check Point NGFW vs. Sangfor NGAF report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.