We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity."
"The most valuable features of this solution are the integrations and IPS throughput."
"The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy."
"The most valuable features of this solution are advanced malware protection, IPS, and IDS."
"Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."
"One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now."
"It has been stable so far."
"The way that the solution quickly updates to adjust to threats is the solution's most valuable aspect. When there's a security attack, within five minutes, all Wildfire subscribers have access to updates so that all systems will be safe. Its threat prevention is way better than other vendor products."
"The most valuable feature is the improved security that it offers."
"You have better control because you define apps. You just don't define ports. You define apps, and the apps are monitored in the traffic. It is more specific than the Cisco firewall when it comes to our needs."
"The solution is completely integrated with all the other Palo Alto products. I think that it is the best part for endpoint protection. The firewall features include URL and DNS filtering, threat protection, and antivirus."
"The most valuable feature for us is the VPN."
"The most valuable feature of this solution is how it keeps up-to-date with viruses."
"For example, if a security Intel threat talks about an IOC. We can then go to our MSP and say, "Is there a signature for this particular type of malware that just came out?" And if they'll say yes, then we'll say, "Okay. Does it apply to these firewalls? And have we seen any hits on it?" There's absolutely value in it."
"The most valuable feature is the cloud-based protection against zero-day malware attacks."
"Implementations require the use of a console. It would help if the console was embedded."
"The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area."
"On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it."
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."
"The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"They have a very good technical support team, but I think there are some communication issues due to language differences."
"Management and web filtering can be improved. There should also be better reporting, particularly around web filtering."
"The size of Palo Alto's cloud is big but it could be easier to use from a product management perspective."
"It would be nice if there was an easier way to install and deploy it, such as through the inclusion of wizards."
"Our main concern is that everything has to be synced with the WildFire Cloud and has to be checked through the subscription."
"The support is good but they could be faster."
"The deployment model could be better."
"The only complaint that we receive from our customers is in regards to the price."
"The threat intelligence that we receiving in the reporting was not as expected. We were expecting more. Additionally, we should be able to whitelist a specific file based on a variety of attributes."
"It definitely competes with the other vendors in the market."
"The price is comparable."
"When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis."
"There are additional implementation and validation costs."
"I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
"This solution is expensive and other solutions, such as FortiGate, are cheaper."
"Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees."
"I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
"We got a much cheaper price than that provided by Fortinet right now."
"Pricing could be improved."
"The physical appliance is around €3,000 or €4,000, and then, you have the licensing for a year for around €3,000."
"The price is a bit higher than the other products such as TrendMicro, or FireEye."
"The price of the Palo Alto Networks WildFire license is expensive. When it came time to renew the solution the price doubled."
"We pay between $3,000 and $4,000 CAD ($2,200 - $3,000 USD) per year to maintain this solution."
"It depends on the features. Additional features cost additional money as well."
"WildFire is a little bit pricey. Sometimes it's difficult to sell it to customers at the current price."
"The solution is overpriced."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Hillstone’s T-Series intelligent Next-Generation Firewall (iNGFW) uses three key technologies to detect advanced attacks and provide continuous threat defense for today’s networks. First, it uses statistical clustering to detect unknown malware, leveraging the patented Hillstone Advanced Threat Detection engine (ATD). Second, it uses behavioral analytics to detect anomalous network behavior, which is based on the Hillstone Abnormal Behavior Detection engine (ABD). Finally, it leverages the Hillstone threat correlation analysis engine to correlate threat events detected by disparate engines – including ATD, ABD, Sandbox and other traditional signature-based threat detection technologies – along with context information to identify advanced threats.
Hillstone T-Series is ranked 30th in Firewalls with 1 review while Palo Alto Networks WildFire is ranked 1st in Advanced Threat Protection (ATP) with 17 reviews. Hillstone T-Series is rated 5.0, while Palo Alto Networks WildFire is rated 8.4. The top reviewer of Hillstone T-Series writes "Is stable but needs to improve communication issues with technical support". On the other hand, the top reviewer of Palo Alto Networks WildFire writes "Good technical support and provides automatic analysis that saves us time in filtering email". Hillstone T-Series is most compared with Fortinet FortiGate, Hillstone E-Series, Cisco ASA Firewall and Sangfor NGAF, whereas Palo Alto Networks WildFire is most compared with Fortinet FortiGate, Cisco ASA Firewall, Proofpoint Email Protection, Juniper SRX and Zscaler Internet Access.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.