We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands."
"It's got the capabilities of amassing a lot of throughput with remote access and VPNs."
"It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS."
"The implementation is pretty straightforward."
"The Adversity Malware Protection (AMP) feature is the most valuable. It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard."
"Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening."
"One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now."
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
"I really like that it's internationally deployable."
"It's very easy to set up, even for more junior developers."
"The solution can scale well."
"It gives all the features of a full-fledged firewall with great performance."
"The standard features, including the filtering, are quite good. All the basic features are pretty useful for us."
"It's a relatively simple product that is easy to use. It's not overly complex."
"The most valuable features are the web proxy for protection and web gateway for deployment."
"This product is affordable and it's a good, high-performance appliance."
"The most valuable feature is that you can launch it in a very short time. You don't have to wait for the hardware to arrive and get it staged and installed. From that perspective, it is easy to launch. It is also scalable."
"The feature that I have found the most useful is that it meets all our requirements technically."
"The most valuable feature is the Posture Assessment."
"The most valuable features are the User ID, URL filtering, and application filtering."
"The interface with Panorama makes it very easy to use."
"The initial setup was straightforward."
"The most valuable feature is that you can control your traffic flowing out and coming it, allowing you to apply malware and threat protection, as well as vulnerability checks."
"The most valuable aspects of this solution are that it's simple and stable. It has better security aspects compared to other similar solutions."
"Deploying configurations takes longer than it should."
"The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically."
"On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it."
"I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here."
"My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement."
"The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved."
"The product may not be as robust as Palo Alto. However, unless you are a big bank, you probably won't need it to be."
"It is a very good product, and it is good at standing by itself. It can maybe have a little bit of integration with other products, but it is not that important for most use cases."
"There should be more options to use lower-end models in a high availability configuration."
"It would be useful to have integration with different reporting tools. This is something we are sorely missing. It would be a plus to have reporting integrations. It would be good to have more integration with the identity suites, such as Office 365 and Azure Active Directory, of different providers that we use. Integrations are already available, but it would be nice to have some more advanced options."
"Some issues with connecting to the VPN from home after firmware updates."
"Integration could be better. Whatever devices I'm using with FortiGate are all compatible. The access points and switches are also FortiGate, so I can easily integrate them. But it would be better if we could embed other devices as well. There are compatibility issues with other brands, and we need that. We can only integrate universal brands with FortiGate. The initial setup could also be easier."
"The interface of the solution could be improved."
"In the next releases, it would be nice to see central cloud management."
"In the next release, I would like for them to develop an anti-malware functionality in which it checks for malicious files like Cisco has."
"They made only a halfhearted attempt to put in DLP (Data Loss Prevention)."
"There should be an option for direct integration with the Azure platform."
"The user interface could use some improvement."
"Integrative capabilities with other solutions should be addressed."
"It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities. There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments. It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity."
"At the beginning of the implementation, we had some difficulties with the scripts, but Palo Alto Networks support together with a local partner finally fixed it."
"The implementation should be simplified."
"For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
"Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
"Pricing is the same as other competitors. It is comparable. The licensing has gotten better. It has been easier with Smart Licensing."
"Its pricing is good and competitive. There is a maintenance cost. It includes SecureX that makes it cost-effective as compared to the other solutions where you have to pay for XDR and SOAR capabilities."
"This product requires licenses for advanced features including Snort, IPS, and malware detection."
"Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
"The solution was chosen because of its price compared to other similar solutions."
"I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
"There is an annual license required to use the solution."
"Of all the firewalls that we compared, FortiGate is the cheapest and most affordable, so we are satisfied with the pricing."
"The price of this product is great compared to others."
"There is a support fee that can be bought on a yearly or two-yearly basis. I don't think they do five years. The best benefit is that the same pricing is guaranteed for that duration. If you can afford it, I would recommend using the longest possible time span."
"Our license is yearly, but we're thinking of going monthly. I think it's somewhere around 100,000 for VM04. Nowadays, everyone wants to be a hacker, so we believe in security. That's why we also have third-party people that we involve to make sure that we're secure. I don't think the costs are too bad. You still want to get advice from people who worked in security for many years, so you add a third party. The third party also said they would give their share like 100K, or 200K or something like that, so I don't think it's too expensive for security. I think it just adds more trust."
"It's not a cheap solution but it comes with its benefits."
"The solution could be better priced."
"This solution is very expensive."
"It is not the cheapest on the market. The total cost for two firewall instances is $75,000. This includes licenses, deployment fees, and support for two years."
"The price of this solution is very high for some parts of Africa, which makes it a challenge."
"Palo Alto can be as much as two times the price of competing products that have twice the capabilities."
"Because I work for a university and the URL is for the institution, it's a free license for us."
"The VM series is licensed annually."
"The cost of this product varies from customer to customer and the relationship with IBM, including how many offerings from IBM are already being used."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
FortiGate Virtual Appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all of the security and networking services common to traditional hardware-based FortiGate appliances. With the addition of virtual appliances from Fortinet, you can deploy a mix of hardware and virtual appliances, operating together and managed from a common centralized management platform.
The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM.
The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports.
In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.
Fortinet FortiGate-VM is ranked 13th in Firewalls with 57 reviews while Palo Alto Networks VM-Series is ranked 11th in Firewalls with 16 reviews. Fortinet FortiGate-VM is rated 8.2, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Fortinet FortiGate-VM writes "Slightly unstable, needs a better user interface, and lacks good monitoring capabilities ". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "An excellent solution for the right situations and businesses". Fortinet FortiGate-VM is most compared with Azure Firewall, Fortinet FortiGate, OPNsense, Cisco ASA Firewall and Sophos XG, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate, Cisco ASA Firewall, Juniper SRX and Palo Alto Networks NG Firewalls. See our Fortinet FortiGate-VM vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.