We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
"Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"The most valuable features of this solution are advanced malware protection, IPS, and IDS."
"The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands."
"The implementation is pretty straightforward."
"When compared to Palo Alto, Juniper is a better choice when it comes to the enterprise network and connectivity."
"The IPSec configuration is going well."
"The EEE security controls allow us to make policy restrictions, so I can customize port numbers to allow or limit control."
"Technical support is perfect."
"One of Juniper SRX's most valuable features is the site-to-site VPN."
"It is very fast and very easy to maintain. Another nice part of it is that you can easily extract the logs and move them over to a security operations center."
"The scalability is fine."
"The most valuable feature is robustness."
"Ease of management and the VPN integration."
"Good site categorization and application controls."
"The site-to-site VPN connections, content filtering, and in our current remote working situation, SSL VPN remote desktop connectivity are the most valuable features."
"I've found the technical support to be helpful."
"Most of the features are useful. It is easy to configure and easy to troubleshoot. I can see the utilization of different networks, and there are also App control features."
"The solution boasts good performance and is easy to use."
"It is very user-friendly, and there is no problem in using its interface."
"We are very much happy with the support."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."
"It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"Deploying configurations takes longer than it should."
"I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device."
"The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved."
"It could have features that other products support like blade options and stand-alone endpoint security."
"Its logging is very good, but we would like to have an easier way of creating more reports. We would like to be able to manipulate the reports or manage the way the reports are coming out."
"While the GUI is pretty good on the Juniper side, there can still be tweaks made to it that will make it even better."
"As a networking person, I don't really have any major issues with this device. Based on my experience of using it in a cluster, it could be more stable. I had an incident when one of the SRXs in a cluster couldn't learn ARP. It is a good solution, but firewalls don't seem to be an area of development for Juniper. They are focusing on data centers, routers, and switches, not firewalls."
"It must be 5G ready. The 5G network is rolling out soon in India, and Juniper must upgrade their firewall slot to the 5G network, or they must manufacture a 5G dongle card for the Juniper firewall. I want Juniper to upgrade their dongle from 4G to 5G. Presently, they have an expansion slot in the SRX 322 series and higher firewalls. In that expansion slot, they can put a 4G mobility SIM card so that whenever our primary link is down, it will automatically connect through this GSM network and form a tunnel."
"It could be more secure."
"The configuration is difficult and it should be easier."
"In the next release, I would like to have a better web interface. It needs to be more user-friendly. Right now, you can only access many features through the console."
"GUI interface could be improved."
"I would like to see lower antivirus pricing."
"The VPN that is available in the new version is a bit bulky and slower in speed."
"I would like the solution to build in more redundancy. I"
"In general, the company needs to think contingently and integrate more security options."
"There is a point I don't like about SonicWall in the past and now. Most of the destinations we look at when we're detecting some user using too much bandwidth or something like that, SonicWall just gave us destination IP address, instead of the full qualified domain name. I think that's the most important part that is still missing. I think that's the most important for us."
"We have been facing issues with reporting."
"The stability could be a lot better."
"There are additional implementation and validation costs."
"The solution was chosen because of its price compared to other similar solutions."
"When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today."
"This product requires licenses for advanced features including Snort, IPS, and malware detection."
"This solution is expensive and other solutions, such as FortiGate, are cheaper."
"I am happy with the product in general, including the pricing."
"I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
"I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
"Its price is reasonable. In India, most of the products have a similar price. There is only a 5% to 10% variation in the price of different brands."
"The price could improve, it is a bit expensive."
"The product itself is costly and the price of migration is very high."
"In general, their price definitely couldn't be cheaper."
"When you consider performance, price, and features, maybe Juniper is not so cost-effective compared to other solutions like MikroTik."
"Compared to other vendors, the pricing of this solution is good."
"The price is reasonable."
"There is a licensing fee."
"The license that we purchased is good for three years."
"The price is fair for the solution for the quality you receive."
"The price is high compared to some other solutions."
"Its pricing is okay as compared to other solutions."
"It is a bit expensive. We have to purchase the license and the reporting part separately, which makes it a bit pricey. This is the main reason why we have thought of moving to another firewall. It would be good if they combine both of these."
"The price is fair."
"Customers are required to pay for a yearly subscription."
"You need to purchase multiple licenses to manage multiple devices which is cost-prohibitive for the value you would receive."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Juniper SRX is ranked 13th in Firewalls with 32 reviews while SonicWall TZ is ranked 10th in Firewalls with 31 reviews. Juniper SRX is rated 7.8, while SonicWall TZ is rated 8.4. The top reviewer of Juniper SRX writes "This best in class Next-Gen firewall is elegant in its ease-of-use and architecture". On the other hand, the top reviewer of SonicWall TZ writes "Easy to implement, fairly stable, and supports SSL-DPI". Juniper SRX is most compared with Fortinet FortiGate, Cisco ASA Firewall, Palo Alto Networks WildFire, pfSense and Palo Alto Networks VM-Series, whereas SonicWall TZ is most compared with Fortinet FortiGate, Cisco ASA Firewall, Sophos XG and Meraki MX. See our Juniper SRX vs. SonicWall TZ report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.