We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"The solution offers very easy configurations."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses."
"Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening."
"Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch."
"Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches."
"GajShield has improved our mobile device-based connectivity."
"The most valuable features in OPNsense are reporting and visibility."
"We have found pretty much all the features of the solution to be valuable."
"The system in general is quite flexible."
"I have found the solution has some great features overall, such as guest access capabilities, dashboards, and ease of use. There is plenty of documentation and support and it has the plugins that I needed."
"The solution is good for a basic firewall for a small business or for home use."
"The most valuable features are reporting, the Sensei plugin, and firewall capabilities."
"The interface and the dashboard are the most valuable features of this solution."
"OPNsense is easy to scale when running on the hardware."
"I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here."
"The price and SD-WAN capabilities are the areas that need improvement."
"The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution."
"Deploying configurations takes longer than it should."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically."
"The initial setup could be simplified, as it can be complex for new users."
"Implementations require the use of a console. It would help if the console was embedded."
"The firewall configuration and administration screens could use some improvement."
"The only thing that I would like to see improved is the Insight or the NetFlow analysis part. It would be good to have the possibility to dig down on the Insight platform. Right now, we can easily do only a few analyses. If this page becomes more powerful, it surely will be a well-adopted platform."
"The ability to set the VPN IP address would be a welcome addition."
"The solution could be more secure."
"The interface needs to be simplified. It is not user-friendly."
"There are issues with stability and reliability."
"The solution would not be suitable for anything large-scale."
"The logging could improve in OPNsense."
"I would like to see better SD-WAN performance."
"I am happy with the product in general, including the pricing."
"The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
"Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees."
"Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain."
"When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis."
"When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today."
"The price of Firepower is not bad compared to other products."
"Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
"It was about 15% cheaper compared to Sophos."
"The solution is not expensive."
"OPNsense is open source software so at this time it is free for us to use."
"It is not an expensive product. Basically, I deployed it because it was the fastest solution to satisfy our needs in open source."
"As an appliance, it's in the medium price range."
"OPNsense is a well known open-source tool."
"OPNsense is an open-source solution and it is free to use."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Traditional firewalls commonly serve as the boundary between the Internet and an organization's network. They offer protection based on controlling specific protocols and ports, and restricting traffic to and from specific IP addresses. These days however, most attacks are web-based, easily passing through http (port 80) and https (port 443). Most firewalls are unable to identify malicious applications or traffic passing through these common ports. Next Generation firewall must evolve to effectively defend against these threats.
Customers get, complete and Proactive security with GajShield Next Generation Appliances. GajShield has inbuild default security policy to deny all out bound traffic from local LAN to the internet. It reacts quickly to attacks with intelligent packet filtering that sets policies and hardens customer network defenses dynamically. GajShield has inbuild default security policy to deny all out bound traffic from local LAN to the internet. In today's organization, application, employees, vendors, clients, and security threats fight for the same network resources. It has become difficult for small to medium enterprises to manage their infrastructure as they are unable to distinguish between good traffic v/s bad traffic. Threats or various productive applications have become smarter as they camouflage data transfer using standard internet ports. Current day security products have failed to distinguish and manage such malicious traffic.
OPNsense is an open source, easy-to-use and easy-to-build FreeBSD based firewall and routing platform. OPNsense includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources.
GajShield Next Generation Firewall is ranked 28th in Firewalls with 1 review while OPNsense is ranked 19th in Firewalls with 11 reviews. GajShield Next Generation Firewall is rated 8.0, while OPNsense is rated 8.0. The top reviewer of GajShield Next Generation Firewall writes "Identifies and protects against email borne threats". On the other hand, the top reviewer of OPNsense writes "A solution that detects and blocks malicious content with good reporting and visibility, but the reliability needs improvement". GajShield Next Generation Firewall is most compared with Sophos XG, Fortinet FortiGate, Sophos Cyberoam UTM, SonicWall TZ and Cisco ASA Firewall, whereas OPNsense is most compared with pfSense, Untangle NG Firewall, Sophos XG, Sophos UTM and Fortinet FortiGate.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.