We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"The customer service/technical support is very good with this solution."
"It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."
"The Adversity Malware Protection (AMP) feature is the most valuable. It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard."
"I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable."
"The most valuable feature is stability."
"The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
"Its administrative panel is very intuitive and simple. It is simpler than the other solutions that we had. As an administrator, we are always looking for the easiest solution to manage network policies. We are able to filter everything on our network and also use the VPN feature, which is important these days when people are working remotely during COVID."
"Web filtering and two-factor authentication are great features."
"It's user-friendly and easy to operate."
"The most valuable feature is the ease of configuration."
"Overall, the pricing of the solution is very good. The product offers good value."
"Some of the key features of the solution is that it has good reporting, you can receive many details from the connection, for example, clients and website information."
"The most valuable feature is the web filter."
"The main reason why I purchased the particular unit was that it had good reviews and what other people were saying as far as its completeness and its leading capabilities in terms of endpoint security was very good."
"The filtering is excellent."
"The technical support is very good."
"It's very flexible and meets our customer's needs."
"The antivirus and items of that nature were quite helpful to have."
"The most valuable feature is the sandbox."
"Deep packet inspection and intelligent application control are the most valuable features. It is a very updated solution. It is very current as compared to other brands and vendors."
"It's very simple to use and the support is great."
"Support has improved dramatically since their separation from Dell."
"When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance."
"It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."
"It would be great if some of the load times were faster."
"The price and SD-WAN capabilities are the areas that need improvement."
"The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved."
"The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility."
"Some of the web policy reports could be improved."
"There are SD-WAN network monitoring, SD-WAN features, Industrial Databases, Internet of Things, Detection, etc., however, we do have not licenses for those features. We thought that if you bought a product, you should have all of the features it offers. Why should you need to make so many extra purchases to enable features? They should have one price for the entire offering."
"They've become quite expensive."
"The pricing could be a bit better, especially when you consider how they have the most basic offering priced."
"In the next release, maybe the documentation on how to use this solution could be improved."
"FortiLink is the interface on the firewall that allows you to extend switch management across all of your switches in the network. The problem with it is that you can't use multiple interfaces unless you set them up in a lag. Only then you can run them. So, it forces you to use a core type of switch to propagate that management out to the rest of the switches, and then it is running the case at 200. It leaves you with 18 ports on the firewall because it is also a layer-three router that could also be used as a switch, but as soon as you do that, you can't really use them. They could do a little bit more clean up in the way the stacking interface works. Some use cases and the documentation on the FortiLink checking interface are a little outdated. I can find stuff on version 5 or more, but it is hard to find information on some of the newer firmware. The biggest thing I would like to see is some improvement in the switch management feature. I would like to be able to relegate some of the ports, which are on the firewall itself, to act as a switch to take advantage of those ports. Some of these firewalls have clarity ports on them. If I can use those, it would mean that I need to buy two less switches, which saves time. I get why they don't, but I would still like to see it because it would save a little bit of space in the server rack."
"The product does need better support in the cloud environment. It's not exactly cloud-native right now."
"If they had better integration with security products, such as Cisco ISE or Rapid Threat Containment, then it would be an improvement."
"The anti-spam requires a specific Java version on the server side (do not update it, otherwise it will break)."
"In terms of improvement, features like App Control do not work properly"
"Vendor support needs improvement. The frequency of time and support should be increased."
"Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably."
"It only has a single power interface, which has limitations in terms of high availability."
"The ongoing service fees are high."
"The product has a lot of bugs, actually. We are facing some issues with this product. The DPI SSL feature which is there, it is not working properly."
"I would like to have a built-in vulnerability scanner in the firewall. It would be great to have such functionality. Its price could also be better. It would also be good to have a local warehouse. It doesn't get damaged a lot, but if a customer needs a replacement, currently, it has to come from Miami or Mexico, which can take a few days. It would be better if they have a local warehouse from where we can just pick replacements and quickly solve a client's needs in terms of replacing equipment. It would be great to have it locally instead of waiting for it from Mexico or the USA."
"When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis."
"The price is comparable."
"I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
"Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
"There are additional implementation and validation costs."
"Its pricing is good and competitive. There is a maintenance cost. It includes SecureX that makes it cost-effective as compared to the other solutions where you have to pay for XDR and SOAR capabilities."
"This product is expensive."
"This solution is expensive and other solutions, such as FortiGate, are cheaper."
"Fortinet FortiGate's price can be reduced."
"It's expensive, but compared to the competition it's okay."
"The pricing is fair."
"We just pay a flat monthly fee to the vendor for the support."
"Fortinet is the least expensive solution."
"Setup cost may be not so low, as you expect, because it depends on different factors, but TCO for 5 years may pleasantly surprise you."
"The pricing of the solution is very competitive."
"The price is okay."
"Licensing fees are paid on a yearly basis, and we are happy with the pricing."
"The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product."
"SonicWall is a one-time purchase and there is no renewal license."
"SonicWall is not an expensive solution."
"Its price is okay."
"There is a license required for this solution and you can purchase a one, two, or three year term. Typically businesses choose the one year subscription and then later choose the three year licensing option if they are satisfied."
"SonicWall still is only a dollar or Euro per gigabit. This means, of the IPsec, it's the cheapest solution."
"The price is reasonable for what it does."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
The FortiGate family of NG firewalls provides proven protection with unmatched performance across the network, from internal segments, to data centers, to cloud environments. FortiGates are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.
Fortinet FortiGate is ranked 1st in Firewalls with 97 reviews while SonicWall NSa is ranked 16th in Firewalls with 35 reviews. Fortinet FortiGate is rated 8.4, while SonicWall NSa is rated 7.6. The top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". On the other hand, the top reviewer of SonicWall NSa writes "A rugged solution capable of defeating advanced threats". Fortinet FortiGate is most compared with Cisco ASA Firewall, pfSense, Meraki MX and Check Point NGFW, whereas SonicWall NSa is most compared with Meraki MX, WatchGuard Firebox, SonicWall TZ, Cisco ASA Firewall and Palo Alto Networks NG Firewalls. See our Fortinet FortiGate vs. SonicWall NSa report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.