We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."
"The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy."
"The most valuable features of this solution are the integrations and IPS throughput."
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
"Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS."
"Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity."
"The user interface, the UI, is excellent on the solution."
"I like the IPS feature, it is the most valuable."
"The traffic inspection and the Firepower engine are the most valuable features. It gives you full details, application details, traffic monitoring, and the threats. It gives you all the containers the user is using, especially at the application level. The solution also provides application visibility and control."
"On the network side, where you create your rules for allowing traffic — what can come inside and what can go out — that works perfectly, if you know what you want to achieve. It protects you."
"Everything is all documented in the file or in the command line script that gets uploaded to the device. It gives us great visibility."
"I have found the stability of this solution really good. This is why I use it."
"It is extremely stable I would say — at least after you deploy it."
"The most valuable feature is the ability to block almost all of the ports."
"I like the IPS. IPS is the master feature. I depend on the firewall and sandbox."
"The most valuable feature of this solution is the support."
"The blocking, based on the signal provided, is the solution's most valuable aspect."
"Technical support has been quite helpful in the past."
"The most valuable feature is the console management."
"I like the Firewall and the IPS."
"When comparing this solution to others this one has better reporting, user management, and is easy to use."
"The most valuable feature is SD-WAN."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"This product is managed using the Firepower Management Center (FMC), but it would be better if it also supported the command-line interface (CLI)."
"An area of improvement for this solution is the console visualization."
"The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second."
"It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."
"We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."
"The annual subscription cost is a bit high. They should try to make it comparable to other offerings. We have a number of Chinese products here in Pakistan, which are already, very cheap and have less annual maintenance costs compared to Cisco."
"If the implementation was easier, it would be a lot better for us."
"We don't have any serious problems. The firewall models that we have are quite legacy, and they have slower performance. We are currently investigating the possibility of migrating to next-generation firewalls."
"I would say that in inexperienced hands, the interface can be kind of overwhelming. There are just a lot of options. Too much, if you don't know what you are looking for or trying to do."
"The cost is very high. Most organizations cannot afford it."
"In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline."
"There is huge scope for improvement in URL filtering. The database that they have is not accurate. Their content awareness and categorization for URL filtering are not that great. We faced many challenges with their categorization and content awareness. They should improve these categorization issues."
"It would be nice if you didn't have to configure using a command-line interface. It's a bit technical that way."
"Forcepoint would be improved if there were more training available."
"They need to work on stability, it has not been the best in our experience."
"They should have a local vendor who can provide support. Most of the support is overseas, so the time zones can be a problem."
"Management could be better. They can improve the management. I think all our customers can't accept firewalls that have standalone management. So, they prefer Fortinet or Palo Alto. But overall, inspection and other features are working fine."
"The ability to dynamically change policies could be improved."
"The company should update the URL filtering database. They need to enhance the URL filtering and make it easier to customize."
"Its management center should be easier to use. The management interface of Forcepoint is unique and a little bit different from some of the firewall solutions on which people might have worked before. Sometimes, the customers say that it is not very friendly, and we help them with how to use this management interface. It just takes a little bit of time, and after some time, it gets easy to manage or use. It is quite similar to Palo Alto, Fortinet, and legacy Juniper solutions. Their support should be faster. We have received complaints that they are not responding fast, which is not good for the vendor and us."
"The network interface could be better, and it could be cheaper."
"The solution was chosen because of its price compared to other similar solutions."
"This product requires licenses for advanced features including Snort, IPS, and malware detection."
"When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today."
"I am happy with the product in general, including the pricing."
"This product is expensive."
"Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees."
"When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis."
"There are additional implementation and validation costs."
"Its price is moderate. It is not too expensive."
"Cisco is expensive, but you do get benefits for the price."
"The licensing is a bit off because the physical firewall is cheaper than the virtual one. We only have the physical ones as they are cheaper than the virtual ones. We only use the physical firewalls because of the price difference."
"When it comes to Cisco, the price of everything is higher. Cisco firewalls are expensive, but we get support from Cisco, and that support is very active."
"The product is very expensive."
"We pay about €2,000 ($2,400 USD) per year for licensing."
"I like its licensing because you buy the license once, and it is yours. We don't have to go for a subscription. So, I liked how they licensed Cisco ASA. Our clients are also very satisfied with its licensing model."
"It's a brilliant firewall, and the fact that it comes with a perpetual license really does go far in terms of helping the organization in not having to deal with those costs on an annual basis. That is a pain point when it comes to services like the ones we have on Fortigate. That's where we really give Cisco firewalls the thumbs up."
"It is expensive."
"Forcepoint is very expensive but it's really secure."
"We have just a subscription for the cloud, and this license is great. The license is so good."
"We would love to take other solution from Forcepoint, but unfortunately the price is too high. That's why we are not considering using Forcepoing for our proxy and DLB. They have a very good DLB, but the matter in the end is the cost."
"Everything in Forcepoint comes with an individual license, which is kind of a problem. In our last meeting, they said that it may change at the beginning of 2021, and they will try to merge some licenses together. Customers will get more features than what they got previously. We will wait and see."
"The pricing should be more competitive against other vendors in the market."
"It could be cheaper like Fortinet."
"The training that they offer to their end-customers. It's quite expensive, I believe it costs roughly $11,000"
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Cisco ASA firewalls deliver enterprise-class firewall functionality with highly scalable and flexible VPN capabilities to meet diverse needs, from small/branch offices to high performance data centers and service providers. Available in a wide range of models, Cisco ASA can be deployed as a physical or virtual appliance. Flexible VPN capabilities include support for remote access, site-to-site, and clientless VPN. Also, select appliances support clustering for increased performance, VPN load balancing to optimize available resources, advanced high availability configurations, and more.
Cisco ASAv is the virtualized version of the Cisco ASA firewall. Widely deployed in leading private and public clouds, Cisco ASAv is ideal for remote worker and multi-tenant environments. The solution scales up/down to meet performance requirements and high availability provides resilience. Also, Cisco ASAv can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables greater simplicity, visibility, and efficiency.
Cisco ASA Firewall is ranked 5th in Firewalls with 62 reviews while Forcepoint Next Generation Firewall is ranked 18th in Firewalls with 19 reviews. Cisco ASA Firewall is rated 8.0, while Forcepoint Next Generation Firewall is rated 8.0. The top reviewer of Cisco ASA Firewall writes "Robust solution that integrates well with both Cisco products and products from other vendors". On the other hand, the top reviewer of Forcepoint Next Generation Firewall writes "Good console management, but the interface is not user-friendly and application filtering needs finer granularity". Cisco ASA Firewall is most compared with Fortinet FortiGate, Palo Alto Networks WildFire, Meraki MX, Juniper SRX and SonicWall TZ, whereas Forcepoint Next Generation Firewall is most compared with Fortinet FortiGate, Palo Alto Networks Threat Prevention, Darktrace, pfSense and Juniper SRX. See our Cisco ASA Firewall vs. Forcepoint Next Generation Firewall report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.