We just raised a $30M Series A: Read our story

Compare Huawei NGFW vs. Zscaler Internet Access

Cancel
You must select at least 2 products to compare!
Featured Review
Find out what your peers are saying about Fortinet, Check Point, Netgate and others in Firewalls. Updated: November 2021.
552,305 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"It's got the capabilities of amassing a lot of throughput with remote access and VPNs.""I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete.""The most valuable features of this solution are the integrations and IPS throughput.""The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic.""They wanted to leverage something which is equivalent that can give them the next gen features like application awareness and intrusion protection. So that is a major reason they were looking forward to this. The original ASA firewall did not have these features. This was the major reason the customer moved on to Cisco Firepower Threat Defense (FTD). Now they can go ahead and leverage those functionalities.""There are no issues that we are aware of. It does its job silently in the background.""One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful.""If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."

More Cisco Firepower NGFW Firewall Pros »

"The user interface is very, very good.""I like that the initial setup is straighforward. It's also a scalable solution.""I had no difficulty using the Huawei NGFW.""The security is good. It's as effective as anything else on the market.""The support for the solution has been excellent. If we ever had an issue they would send an engineer to help us with our problem.""Huawei was able to assist us in the installation of their product. The installation was very fast.""The mapping features and traffic logging are good.""We make use of the new data center, specifically the containerized data center which is built and reviewed by Huawei, including all the device's infrastructure."

More Huawei NGFW Pros »

"The VPN is valuable, as the whole technology is very different from a traditional VPN.""The scanning feature is impressive, because they do not introduce a big latency to the traffic.""For our needs, the cloud-native proxy architecture is a very good solution. We are moving away from on-prem appliances and moving more toward cloud-based solutions. Zscaler is a good fit for our strategy. This architecture helps with cyber threats because we inspect most of the traffic and we can see that a lot of threats are stopped directly in the secure web gateway.""The security is excellent.""Zscaler Internet Access protects using data loss prevention. If you have a CASB exposing your cloud out into the network, then Zscaler Internet Access will go ahead and control that unknown cloud application in the CASB, protecting it. There is also data detection with exact data match. This improves the data coming into your cloud so you are protecting it."

More Zscaler Internet Access Pros »

Cons
"The performance should be improved.""The initial setup can be a bit complex for those unfamiliar with the solution.""The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second.""The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved.""FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it.""It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience.""Implementations require the use of a console. It would help if the console was embedded.""I was just trying to learn how this product actually operates and one thing that I see from internal processing is it does fire-walling and then sends it to the IPS model and any other model that needs to be performed. For example, content checking or filtering will be done in a field processing manner. That is something that causes delays in the network, from a security perspective. That is something that can be improved upon. Palo Alto already has implemented this as a pilot passed processing. So they put the same stream of data across multiple modules at the same time and see if it is giving a positive result by using an XR function. So, something similar can be done in the Cisco Firepower. Instead of single processing or in a sequential manner, they can do something similar to pile processing. Internal function that is something that they can improve upon."

More Cisco Firepower NGFW Firewall Cons »

"The documentation needs to be improved. When they retire old models, they also retire the documentation. However, if you are still using an older model, you still need access to that documentation. And yet, they go ahead and removed it. It's gone. You are therefore stuck with a device with no documentation and technical support that isn't very helpful as they also remove support assistance as well.""The solution could be more secure and have better integration.""With the Huawei firewall, none of the features comes at the top. We found out later that customer support is really not good. For this firewall, because of our customers' routine, for example, every six months they'll do a penetration test to find weaknesses. So whenever they came up with VAPT reports, they are looking to Huawei for help. I think that's basically because it's a different culture. Chinese culture and our culture is different. They have always tried to help find some excuses or say some other things that cannot help you solve the problem immediately.""The solution requires a more interactive dashboard. That would make it easier than playing with configurations the way we have to now.""The solution doesn't seem to be very mature. Our networking team says they are experiencing a lot of issues in the firewalls and some routers.""I would like to see an antivirus solution included with the product.""Wi-Fi scanning and Wi-Fi analysis would be useful features to include in the future.""The solution is scalable but it is difficult because you need to purchase new systems, it is not just one click."

More Huawei NGFW Cons »

"I would like to see the ability to choose a pool of IPs for my company, set up rules based on them, and know that those IPs are not used by other companies.""An improvement would be if they could provide an out-of-the-box experience, like 20 to 30 features all ready to go. In comparison, LogRhythm offers out-of-the-box features. With Zscaler Internet Access, there is firewall IPS, multiple security services, filtering, DLP, and CASB browser isolation. These are things that all users are going to be using. However, when an administrator or architect would start building this, I would definitely need to engage professional services to help clients do it.""There are a few features that are not compatible with the Azure cloud.""The reporting functionality could be a bit easier to use. There is a reporting function, but it's quite hard to do any good reporting, from a user-management perspective. For example, if a department manager wants to know how his department is using the web, there is a way to get the data, but it's quite cumbersome to get it and show it well. And that's true for comparing between departments.""I don't know whether it's Zscaler or not, however, sometimes I can't access my time management. I need to wait and try again a few hours later. Typically, if I let some time pass, I can access it again."

More Zscaler Internet Access Cons »

Pricing and Cost Advice
"I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way.""The price of Firepower is not bad compared to other products.""The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case.""The solution was chosen because of its price compared to other similar solutions.""It definitely competes with the other vendors in the market.""I am happy with the product in general, including the pricing.""Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain.""I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."

More Cisco Firepower NGFW Firewall Pricing and Cost Advice »

"I believe that we are entitled to a one-year extension on our licensing.""When you compare the price with other products, it's quite cost-effective. But the problem is always after, let's say, two years or three years later because they are not able to provide updates or patches very quickly.""The price of the license of this solution is high.""Licensing fees are billed on an annual basis."

More Huawei NGFW Pricing and Cost Advice »

"The pricing is fair based on its competitive market."

More Zscaler Internet Access Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
552,305 professionals have used our research since 2012.
Questions from the Community
Top Answer:  When you compare these firewalls you can identify them with different features, advantages, practices and… more »
Top Answer:  The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
Top Answer: It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
Top Answer: We make use of the new data center, specifically the containerized data center which is built and reviewed by Huawei… more »
Top Answer: I believe that we are entitled to a one-year extension on our licensing.
Top Answer: The solution could be more secure and have better integration. The bandwidth management utilization could stand… more »
Top Answer:  Cisco Umbrella and Zscaler Internet Access are two broad-spectrum Internet security solutions that I have tried.… more »
Top Answer: We researched Netskope but ultimately chose Zscaler. Netskope is a cloud access security broker that helps identify… more »
Top Answer: The VPN is valuable, as the whole technology is very different from a traditional VPN.
Comparisons
Also Known As
Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
Huawei USG Firewalls, USG9500 Series, USG6600 Series, USG6300 Series
ZIA
Learn More
Overview

Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

In addition to all the functions of conventional firewalls, Huawei NGFW also provides more advanced security functions, such as IPS and anti-malware functions, to identify applications and prevent application-layer threats. Huawei NGFW provides a global context awareness architecture for granular controls based on application, content, time, user, attack, and location (ACTUAL). The innovative SmartPolicy technology and management interfaces that can be easily integrated simplify the O&M management. The Intelligence Awareness Engine (IAE) uses an integrated architecture to perfectly balance security and performance. Huawei NGFW provides next-generation security featuring comprehensive protection, granular control, and OM simplicity to meet the requirements of enterprise networks on access control, scope of protection, usability, and performance in the new ICT landscape.

Zscaler Web Security provides unmatched security, visibility and control, going beyond the basics of web content filtering. Delivered in the cloud, Zscaler includes award-winning web security integrated with our robust network security platform that features advanced threat protection, real-time analytics and forensics. You'll get protection across every user, location and device, including laptops, smartphones, tablets and Internet of Things devices.

For more details: 
https://www.zscaler.com/produc...

Offer
Learn more about Cisco Firepower NGFW Firewall
Learn more about Huawei NGFW
Learn more about Zscaler Internet Access
Sample Customers
Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
KMITL, Peking University
Ulster-Greene ARC, BanRegio, HDFC, Ralcorp Holdings Inc., British American Tobacco, Med America Billing Services Inc., Lanco Group, Aquafil, Telefonica, Swisscom, Brigade Group
Top Industries
REVIEWERS
Comms Service Provider22%
Financial Services Firm16%
Manufacturing Company8%
Non Profit8%
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company21%
Government7%
Manufacturing Company4%
VISITORS READING REVIEWS
Comms Service Provider36%
Computer Software Company21%
Financial Services Firm6%
Cloud Provider6%
REVIEWERS
Comms Service Provider38%
Media Company13%
Pharma/Biotech Company13%
Engineering Company13%
VISITORS READING REVIEWS
Computer Software Company28%
Comms Service Provider24%
Financial Services Firm6%
Government5%
Company Size
REVIEWERS
Small Business43%
Midsize Enterprise28%
Large Enterprise29%
VISITORS READING REVIEWS
Small Business21%
Midsize Enterprise13%
Large Enterprise66%
REVIEWERS
Small Business50%
Midsize Enterprise13%
Large Enterprise38%
REVIEWERS
Small Business50%
Midsize Enterprise6%
Large Enterprise44%
VISITORS READING REVIEWS
Small Business14%
Midsize Enterprise13%
Large Enterprise73%
Find out what your peers are saying about Fortinet, Check Point, Netgate and others in Firewalls. Updated: November 2021.
552,305 professionals have used our research since 2012.

Huawei NGFW is ranked 25th in Firewalls with 8 reviews while Zscaler Internet Access is ranked 2nd in Secure Web Gateways (SWG) with 5 reviews. Huawei NGFW is rated 7.2, while Zscaler Internet Access is rated 8.6. The top reviewer of Huawei NGFW writes "Good interface and easy to set up but needs more documentation". On the other hand, the top reviewer of Zscaler Internet Access writes " AI decision-making on quarantined documents reduces manual work". Huawei NGFW is most compared with Fortinet FortiGate, Cisco ASA Firewall, Check Point NGFW, Palo Alto Networks NG Firewalls and Palo Alto Networks VM-Series, whereas Zscaler Internet Access is most compared with Cisco Umbrella, Netskope CASB, Prisma SaaS by Palo Alto Networks, Microsoft Defender for Cloud Apps and Palo Alto Networks WildFire.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.