We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete."
"A good intrusion prevention system and filtering."
"The most valuable feature is stability."
"The solution offers very easy configurations."
"The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable."
"One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses."
"The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"I have worked on some of the largest and smallest solutions that Fortinet sells and they all scale really well."
"In spite of the solution being inexpensive, it has everything one would need."
"The most valuable features of this solution are the integration within the environment, with centralized reporting."
"It is a complete package, and it has complete offerings. It fit the needs, and our customer is happy with it."
"The EPM bundle is a good feature."
"The user interface is the most valuable aspect of the solution."
"The initial setup is very user-friendly."
"The functionality provided is very good."
"The top features are ones that we're not using yet but we soon will be because we've just had broadband upgraded in Australia. We've got something called the National Broadband Network, which is forced onto you, so you have to take it when it arrives. We'll be trying the high availability out soon. We tried that with some load balancing, it didn't quite work as we expected, but I think that was more of a configuration thing rather than a product thing."
"One thing we use quite a lot, as well, is the DHCP Server, because we do a lot of work where all our devices need to have static IP addresses. Rather than going around and configuring every box, we do it all through DHCP reservations. It's easier. We've got a record of it. We can manipulate it if we need to change something or change some hardware. It's all easy. Even guys who are not used to using it can pick it up quite quickly."
"The most valuable features of Kerio Control are the IPS and traffic rules. The traffic rules are very user-friendly and the IPS is working well. Additionally, the anti-virus is effective with quick options, such as filtering."
"The reporting needs to be improved. It is hard to get a domain."
"One very good thing about the Kerio device is its authentication. I don't have a Windows domain for authentication. Instead, I use the Kerio product because it can separate users by Mac addresses and give them IP addresses based on their usernames, automatically logging them in. This makes for a very simple authentication system."
"Kerio is a lot clearer to set up to do particular things, whereas when I do it on a Cisco or a FortiGate I have to go fight with it per week sometimes to do something I can do in 20 minutes on Kerio."
"It is very comprehensive and simple. It has all the active protections. It's updated. We love that you can set how often it is updated so you can work what is right for you. A large company with a lot of bandwidth can update the virus definitions and security definitions hourly, if they want. A smaller site that's remote, where maybe updating the definitions will eat into the bandwidth, we can schedule those more to go later at night. It's very flexible and works for us in all types of situations. This is great because then we don't have to learn seven different products to be able to work with seven different scenarios."
"The ease of use in the GUI itself is the most valuable feature. The GUI is really the best part of it. We like the traffic rules so we can control who can get to what. It's easy to determine the flow of the traffic itself so we aren't having to guess through command lines and reading out basically command-driven output. It's just a very easy-to-use interface. The interface is the best part of the product."
"My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement."
"An area of improvement for this solution is the console visualization."
"The initial setup could be simplified, as it can be complex for new users."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"This product is managed using the Firepower Management Center (FMC), but it would be better if it also supported the command-line interface (CLI)."
"Implementations require the use of a console. It would help if the console was embedded."
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility."
"One feature I would like to see, that Firepower doesn't have, is email security. Perhaps in the future, Cisco will integrate Cisco Umbrella with Firepower. I don't see why we should have to pay for two separate products when both could be integrated in one box."
"There should be integration with an active directory — with Microsoft."
"The block, the clarity, the quarantine command, is not very user-friendly. You would have to do everything through the command line and I would have preferred if it wasn't a CLI."
"The user interface needs to be improved."
"The interface needs to be updated and simplified."
"The stability could be improved. I find Cisco to be more stable than Fortigate, which is I major differentiator between the two."
"It is difficult to size the VM in terms of machine resources, and for this reason, clients prefer the appliance."
"The price model is not transparent by any means and should be made more clear. What's included in the packages is often not very obvious."
"They should keep us up to date about the latest version. That's the biggest thing. Currently, we have to go looking for the latest version. We should get notified about what's going on with the versions. I would like to see easier dual-factor authentication."
"After the takeover by GFI, one of the things that Kerio built was MyKerio environment. This has not been very reliable because I get many messages that MyKerio is not functioning. For some reason, there are things that they changed and it is not very reliable at this moment, instead I have to connect to the firewall to see what is happening."
"The overall speed needs improvement. Internet connectivity speed needs to be improved somehow."
"One of the problems we do have causes problems with the VPN. The software slows the throughput down too much. You could have a one-gigabit connection from the internet, and it slows it down to the area of upload and download is extremely slow. There's too much content filtering at that point."
"When we did our last update, we had some trouble with the initial syncing process to get our messaging to go through. But we were also moving a store and a lot was changing during that process. I don't think it was on Kerio's end. It just coincided with the update. Once we got our third-party IT guy involved it was resolved very quickly."
"The comprehensiveness of the security features could be improved upon. However, for the most part, it is pretty good. They could add more logs. I would like to see more detailed reporting, custom reporting from the logs, and more of a streamlined interface for certain aspects."
"It has a VPN back to our data center but I don't think it has increased the number of VPN clients extended to those outside our environment"
"One area that confused me a bit when I was building my current network. I use VLANs to have separate functionality on the network, and the appliance I got was the WiFi model, but I discovered that you can't assign WiFi channels to the VLAN. So, you can have WiFi, but its own subnet. You can't run that over the VLAN. Effectively, I can't use the WiFi facility in the appliance and had to purchase a separate web that supports VLANs. In the end, I had to go to GFI support. They confirmed this is just a limited functionality of that device, as it is a low-end device. I don't know if any of their high-end models have a better facility or not."
"There's also room for improvement in the Traffic Rules. We define networks to use a specific outgoing interface, say VSAT, shore, or marine WiFi, which is okay. But then all we have is a checkbox that says "Use other internet interfaces if this one is unavailable." What we would prefer would be to have a priority list. So if VSAT is unavailable, try to use 4G, etc. We haven't really found a reliable way of doing that in the current release."
"This solution is expensive and other solutions, such as FortiGate, are cheaper."
"Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees."
"Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
"I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
"This product is expensive."
"Pricing is the same as other competitors. It is comparable. The licensing has gotten better. It has been easier with Smart Licensing."
"This product requires licenses for advanced features including Snort, IPS, and malware detection."
"When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis."
"The solution could be better priced."
"It's a mid-ranged product."
"The price could be lower."
"The customer must buy his own license."
"The price of this product is great compared to others."
"There is a support fee that can be bought on a yearly or two-yearly basis. I don't think they do five years. The best benefit is that the same pricing is guaranteed for that duration. If you can afford it, I would recommend using the longest possible time span."
"Of all the firewalls that we compared, FortiGate is the cheapest and most affordable, so we are satisfied with the pricing."
"Licensing is pretty standard. It's approximately 15% of the total cost per year as a subscription cost."
"Licensing is easier with Kerio Control. With FortiGate, we realized the licensing is really hectic, because if you skip one year, you have to back pay that year. If you skip two years, you have to back pay two years. With Kerio Control, if a license expires, one year later you can just reactivate and go on."
"The biggest advice that I could probably give people is when you buy the solution be prepared to either buy the unlimited license or buy more licenses than you think. Each user license gives you one employee and each a user gives you five devices. In the world nowadays where everybody has a cellphone, tablet, desktop, and laptop, that's four devices. You still get one more device per person. That covers your servers and back-ends."
"Its initial cost is less as compared to other products. It becomes a bit costly when you pay for the products that you don't use. We paid for almost all the products through subscription, but we are using only a few products. We use EndPointSecurity, Kerio Connect, WebMonitor, and LanGuard. We don't use the rest of the products."
"I am living in Iran and we cannot buy the product from Kerio because of sanctions."
"Our clients see ROI with Kerio Control, as they are saving bandwidth costs."
"It gives us a lot. It does prove to be a very robust product for the cost."
"It's too expensive. The license, in the last year or so, has gone up by over a £100. We're almost being out-priced by the annual license at the minute."
"It gets expensive pretty quickly if you need to purchase license packs."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
FortiGate Virtual Appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all of the security and networking services common to traditional hardware-based FortiGate appliances. With the addition of virtual appliances from Fortinet, you can deploy a mix of hardware and virtual appliances, operating together and managed from a common centralized management platform.
Kerio Control brings together next-generation firewall capabilities -- including a network firewall and router, intrusion detection and prevention (IPS), gateway anti-virus, VPN, and web content and application filtering. These comprehensive capabilities and unmatched deployment flexibility make Kerio Control the ideal choice for small and mid-sized businesses.
Fortinet FortiGate-VM is ranked 13th in Firewalls with 57 reviews while Kerio Control is ranked 9th in Firewalls with 30 reviews. Fortinet FortiGate-VM is rated 8.2, while Kerio Control is rated 8.0. The top reviewer of Fortinet FortiGate-VM writes "Slightly unstable, needs a better user interface, and lacks good monitoring capabilities ". On the other hand, the top reviewer of Kerio Control writes "Through the ease of how quickly we could roll out the VPN to everybody, we had whole companies remotely working overnight". Fortinet FortiGate-VM is most compared with Azure Firewall, Fortinet FortiGate, Palo Alto Networks VM-Series, OPNsense and Sophos XG, whereas Kerio Control is most compared with pfSense, Fortinet FortiGate, Sophos UTM, Sophos XG and WatchGuard Firebox. See our Fortinet FortiGate-VM vs. Kerio Control report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.