We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The most valuable feature is stability."
"Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."
"The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
"Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
"The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable."
"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."
"One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses."
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"We've found the solution to be pretty stable."
"We have found it to be very reliable and that's why our teams and various users in our company use it as our main firewall every day."
"The SD-WAN function is very developed. It has SD-WAN functionality with security features in one device. We can manage from one single console SD-WAN and the security policy."
"The application control features, such as Facebook blocking and Spotify blocking, are the most valuable."
"It's great for capturing the traffic and troubleshooting it."
"It's user-friendly and easy to operate."
"The most important feature, normally for small business customers, is link load balancing."
"Its user interface is good, and it is always working fine."
"WatchGuard has a very easy VPN and branch office VPN setup, so we use those pretty extensively."
"The set up of the VPN is pretty straightforward. Being able to build VPNs on the fly for certain users, if need be, is also valuable."
"The security that is used for defending from the attacks is very good."
"After conducting several tests I found the antivirus is working very well. Additionally, they have a very interesting feature, DNS WatchGuard, which is checking DNS requests for phishing, among other things, and it has caught a lot of unwanted attempts and attacks."
"Because we bought two firewalls... we need a central place to manage the policies and deploy them to both devices. It's good that it provides a system management console that is able to manipulate and manage policies in one place and deploy them to different locations."
"Among the most valuable features is the ease of use — love the interface — of both the web interface and of the WatchGuard System Manager."
"Regarding the reporting, I was in the Dimension server earlier today. It's very powerful. I like it. And the management features are easy to use. I like the fact that I can open up the System Manager client or I can just do it through the web if I'm making a quick change."
"Two of the functionalities we use most are the traffic monitoring and the full panel dashboard. Those are two things that are very useful for us... In addition, it provides us with layered security. It allows us to determine what types of access, to which networks, we want to allow or deny."
"I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"Report generation is an area that should be improved."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough."
"The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area."
"There is a lot of improvement needed with SSL-VPN."
"We had a minor problem where there was a major system upgrade on the hardware platfrom and the Mac client was not available as soon as it might have been. The PC client was available immediately, but we had to wait a month or so, before there was a mac client. I was slightly irritated that it was not ready on time, but it was eventually resolved."
"The solution could have licensing fees reduced in the future."
"They can do more tests before they release new versions because I would like to be more assured. We had some experiences where they release something new and great, but some of the old features are disabled or they don't work well, which impacts the product satisfaction. The manufacturer should be able to prove that everything works or not only that it might work. This is applicable to most of the other services, software, and hardware companies. They all should work on this. We cannot trust every new release, such as a beta release, on the first day. We wait for some comments on the forums and from other companies that we know. We always wait a few weeks before we use the updated version. They should also extend the VPN client application, especially for Linux versions. Currently, it has an application for Linux devices, but it doesn't work the way we want to connect to the VPN. They use only the old connection, not the new one. They have VPN client applications for Windows and Mac, but they can add more useful features to better manage the devices and monitor the current health of each device. Such features would be helpful for our company."
"Vulnerability scanning could be improved."
"The initial setup is complex."
"It should provide better visibility over the network and more information in the form of reports for the end users. Its installation should also be easier."
"The product does need better support in the cloud environment. It's not exactly cloud-native right now."
"The usability could be better, but it is definitely manageable. If we have to go to a backup internet connection, that could be a little bit easier."
"I would like to see more tutorials on setting up the Firebox."
"I would like to have a little more control over access points and the ability to see the bandwidth that is passing through a specific access point. We are not able to see that. We can see what traffic is passing through the Firebox itself, but we can't identify if it is coming from a particular access point or not."
"I haven’t dug deeply into the reporting features yet or if they are working well. However, I have generated several reports and there was too much unnecessary information, in comparison with the reporting features in the Sophos firewall. Sophos' reporting is more readable and easier to configure."
"The solution is lacking a professional website, they should be updated more often."
"I would like to see the devices made more flexible by adding modules to increase the ports that we can use."
"The data loss protection works well, but it could be easier to configure. The complexity of data loss protection makes it a more difficult feature to fully leverage. Better integration with third-party, two-factor authentication would be advantageous."
"The pricing could be improved. It is definitely one of the more expensive products."
"Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
"The price is comparable."
"When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today."
"The price of Firepower is not bad compared to other products."
"Its pricing is good and competitive. There is a maintenance cost. It includes SecureX that makes it cost-effective as compared to the other solutions where you have to pay for XDR and SOAR capabilities."
"The solution was chosen because of its price compared to other similar solutions."
"For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
"This product requires licenses for advanced features including Snort, IPS, and malware detection."
"The price is fair compared to the other competitors."
"The license is too expensive to renew. The license renewal process is also complex."
"Fortinet is the least expensive solution."
"For our organization, the licensing costs are approximately $7,000 per year."
"If you purchase a one-year subscription with the hardware and then you want to renew for the second year, it is very costly."
"The price of FortiGate support is too expensive."
"It has a competitive price."
"It's expensive, but compared to the competition it's okay."
"The primary reason that we went with Firebox was its cost. It is very economical and it provided us with all the security functions that we were looking for at the time. And the throughput was more than what we required, so it was a very cost-effective device to deploy on our network."
"It's fair pricing, but it could always be reduced."
"The pricing of WatchGuard is probably a little higher than the SonicWall, but it makes up for it in dependability. It's worth it to me, especially since it's not much higher. For just a little bit higher price you get the dependability of the firewall with the WatchGuard brand."
"The pricing was in line with everyone else; maybe slightly higher."
"It has a very good price. It is not the most expensive one, and it is also not the cheapest one. It is just spot-on in terms of price."
"We don't have any other costs other than the licensing stuff."
"WatchGuard had a very competitive price. It was only 10 to 20 percent more than a single instance device but with that extra cost it provided a second load balancing device... unlike other brands whose method of hardware and software licensing would have doubled our cost."
"I think the larger firewall packages are much better because a normal firewall is not enough for these times. You need IPS, APT, and all the security features of a firewall that you can buy."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
The FortiGate family of NG firewalls provides proven protection with unmatched performance across the network, from internal segments, to data centers, to cloud environments. FortiGates are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.
WatchGuard's approach to network security focuses on bringing best-in-class, enterprise-grade security to any organization, regardless of size or technical expertise. Ideal for SMBs and distributed enterprise organizations, our award-winning Unified Threat Management (UTM) appliances are designed from the ground up to focus on ease of deployment, use, and ongoing management, in addition to providing the strongest security possible.
Fortinet FortiGate is ranked 1st in Firewalls with 97 reviews while WatchGuard Firebox is ranked 3rd in Unified Threat Management (UTM) with 23 reviews. Fortinet FortiGate is rated 8.4, while WatchGuard Firebox is rated 8.8. The top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". On the other hand, the top reviewer of WatchGuard Firebox writes "Competent, basic front-end; the ports that I have assigned appear to be unattainable to outsiders". Fortinet FortiGate is most compared with Cisco ASA Firewall, pfSense, Meraki MX, Check Point NGFW and Cisco SD-WAN, whereas WatchGuard Firebox is most compared with Sophos XG, pfSense, SonicWall NSa, Cisco ASA Firewall and Azure Firewall. See our Fortinet FortiGate vs. WatchGuard Firebox report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.