We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The feature set is fine and is rarely a problem."
"We have not had to deal with stability issues."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete."
"The user interface is very, very good."
"I like that the initial setup is straighforward. It's also a scalable solution."
"The security is good. It's as effective as anything else on the market."
"The mapping features and traffic logging are good."
"I had no difficulty using the Huawei NGFW."
"Huawei was able to assist us in the installation of their product. The installation was very fast."
"We make use of the new data center, specifically the containerized data center which is built and reviewed by Huawei, including all the device's infrastructure."
"The support for the solution has been excellent. If we ever had an issue they would send an engineer to help us with our problem."
"Using Palo Alto Networks Panorama, we were able to deploy a single point of management and visualization of the firewall infrastructure in cloud, on-premise and integrated with Azure to automate scale up. Its security features, i.e. anti-malware, threat prevention, URL Filtering, VPN, and antivirus are the most valuable. The ID-User integrated with AD and 2FA features are also very useful to provide secure access to servers and some users in the company. "
"What I like about the VM-Series is that you can launch them in a very short time."
"The interface with Panorama makes it very easy to use."
"The VM series has an advantage over the physical version because we are able to change the sources that the machine has, such as the amount of available RAM."
"Palo Alto Networks VM-Series is very easy to use."
"In Palo Alto the most important feature is the App-ID."
"The feature that I have found the most useful is that it meets all our requirements technically."
"The initial setup was straightforward."
"I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"The initial setup could be simplified, as it can be complex for new users."
"Web filtering needs improvement because sometimes the URL is miscategorized."
"The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution."
"We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"The solution could offer better control that would allow the ability to restrictions certain features from a website."
"I would like to see an antivirus solution included with the product."
"The documentation needs to be improved. When they retire old models, they also retire the documentation. However, if you are still using an older model, you still need access to that documentation. And yet, they go ahead and removed it. It's gone. You are therefore stuck with a device with no documentation and technical support that isn't very helpful as they also remove support assistance as well."
"Wi-Fi scanning and Wi-Fi analysis would be useful features to include in the future."
"The solution is scalable but it is difficult because you need to purchase new systems, it is not just one click."
"The solution requires a more interactive dashboard. That would make it easier than playing with configurations the way we have to now."
"The solution could be more secure and have better integration."
"The solution doesn't seem to be very mature. Our networking team says they are experiencing a lot of issues in the firewalls and some routers."
"With the Huawei firewall, none of the features comes at the top. We found out later that customer support is really not good. For this firewall, because of our customers' routine, for example, every six months they'll do a penetration test to find weaknesses. So whenever they came up with VAPT reports, they are looking to Huawei for help. I think that's basically because it's a different culture. Chinese culture and our culture is different. They have always tried to help find some excuses or say some other things that cannot help you solve the problem immediately."
"At the beginning of the implementation, we had some difficulties with the scripts, but Palo Alto Networks support together with a local partner finally fixed it."
"I would like to have automatic daily reporting, such as how many users have connected via SSL VPN."
"In the next release, I would like for them to develop an anti-malware functionality in which it checks for malicious files like Cisco has."
"The command-line interface is something that some people struggle with and I think that they should have an option to go straight to the GUI."
"There should be an option for direct integration with the Azure platform."
"Integrative capabilities with other solutions should be addressed."
"The user interface could use some improvement."
"In the next release, I would like to see better integration between the endpoints and the firewalls."
"This product requires licenses for advanced features including Snort, IPS, and malware detection."
"The price is comparable."
"This solution is expensive and other solutions, such as FortiGate, are cheaper."
"There are additional implementation and validation costs."
"The solution was chosen because of its price compared to other similar solutions."
"I am happy with the product in general, including the pricing."
"Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
"The price of Firepower is not bad compared to other products."
"The price of the license of this solution is high."
"Licensing fees are billed on an annual basis."
"When you compare the price with other products, it's quite cost-effective. But the problem is always after, let's say, two years or three years later because they are not able to provide updates or patches very quickly."
"I believe that we are entitled to a one-year extension on our licensing."
"It is not the cheapest on the market. The total cost for two firewall instances is $75,000. This includes licenses, deployment fees, and support for two years."
"The price of this solution is very high for some parts of Africa, which makes it a challenge."
"Because I work for a university and the URL is for the institution, it's a free license for us."
"The cost of this product varies from customer to customer and the relationship with IBM, including how many offerings from IBM are already being used."
"Palo Alto can be as much as two times the price of competing products that have twice the capabilities."
"The VM series is licensed annually."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
In addition to all the functions of conventional firewalls, Huawei NGFW also provides more advanced security functions, such as IPS and anti-malware functions, to identify applications and prevent application-layer threats. Huawei NGFW provides a global context awareness architecture for granular controls based on application, content, time, user, attack, and location (ACTUAL). The innovative SmartPolicy technology and management interfaces that can be easily integrated simplify the O&M management. The Intelligence Awareness Engine (IAE) uses an integrated architecture to perfectly balance security and performance. Huawei NGFW provides next-generation security featuring comprehensive protection, granular control, and OM simplicity to meet the requirements of enterprise networks on access control, scope of protection, usability, and performance in the new ICT landscape.
The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM.
The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports.
In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.
Huawei NGFW is ranked 25th in Firewalls with 8 reviews while Palo Alto Networks VM-Series is ranked 11th in Firewalls with 16 reviews. Huawei NGFW is rated 7.2, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Huawei NGFW writes "Good interface and easy to set up but needs more documentation". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "An excellent solution for the right situations and businesses". Huawei NGFW is most compared with Fortinet FortiGate, Cisco ASA Firewall, Check Point NGFW, Palo Alto Networks NG Firewalls and Sophos XG, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate, Cisco ASA Firewall, Juniper SRX and pfSense. See our Huawei NGFW vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.