We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The most valuable features of this solution are advanced malware protection, IPS, and IDS."
"The implementation is pretty straightforward."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses."
"The solution offers very easy configurations."
"Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening."
"Provides good integrations and reporting."
"There are no issues that we are aware of. It does its job silently in the background."
"The dashboard, customization, API, and pricing are good."
"Juniper is more flexible with the commit check and the commit confirmed command. The design of the forwarding and contract plan in the operating system is very important for the performance when we have very big traffic."
"It's a very powerful solution and the firewalls offer high performance"
"I'm told the solution is the fastest, and, so far, I do find that to be the case."
"The initial setup is pretty simple."
"It is deployed on the customer site, and we manage the firewalls on this side."
"The most valuable features are web control and IPS/IDS."
"The most valuable feature is that you can launch it in a very short time. You don't have to wait for the hardware to arrive and get it staged and installed. From that perspective, it is easy to launch. It is also scalable."
"Palo Alto Networks VM-Series is very easy to use."
"The most valuable features are the User ID, URL filtering, and application filtering."
"The most valuable feature is the Posture Assessment."
"What I like about the VM-Series is that you can launch them in a very short time."
"In Palo Alto the most important feature is the App-ID."
"The Palo Alto VM-Series is nice because I can move the firewalls easily."
"Cisco Firepower NGFW Firewall can be more secure."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment."
"This product is managed using the Firepower Management Center (FMC), but it would be better if it also supported the command-line interface (CLI)."
"It would be great if some of the load times were faster."
"When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance."
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility."
"Deploying configurations takes longer than it should."
"VPN access is an area that needs improvement."
"It could use more tutorials."
"Some people complain that the solution tends to have a steep learning curve. It could be because most people have basic familiarity with Cisco or other similar products and maybe have never worked closely with Juniper products."
"I would like to see an activity sensor for malicious content or sensor for viruses and malware."
"We worked with Cisco's support and Juniper's support and there are some differences, to be honest, Cisco is more available and is more competent at addressing our cases."
"We experienced some technical issues during implementation"
"The disadvantage with Palo Alto is that they don't have a cloud-based solution that includes a secure web gateway."
"Palo Alto is that it is really bad when it comes to technical support."
"At the beginning of the implementation, we had some difficulties with the scripts, but Palo Alto Networks support together with a local partner finally fixed it."
"It would be good if the common features work consistently in physical and virtual environments. There was an integration issue in the virtual deployment where it didn't report the interface counters, and we had to upgrade to the latest version, whereas the same thing has been working in the physical deployment for ages now. It seems that it was because of Azure. We were using VMware before, and we didn't have any such issues. We do see such small issues where we expect things to work, but they don't because of some incompatibilities. There also seems to be a limitation on how to do high availability in a virtualized environment. All features should be consistently available in physical and virtual environments. It is not always easy to integrate Palo Alto in the network management system. We would like to be able to compare two network management systems. They can maybe allow monitoring an interface through the GUI to create a reference or do a baseline check about whether your network monitoring system is actually giving you the correct traffic figures. You need traffic figures to be able to recognize the trends and plan the capacity."
"The solution needs to have more easily searchable details or documentation about it online, so it's easier to Google if you have queries."
"Integrative capabilities with other solutions should be addressed."
"They made only a halfhearted attempt to put in DLP (Data Loss Prevention)."
"The user interface could use some improvement."
"It definitely competes with the other vendors in the market."
"The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
"Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees."
"When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today."
"For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
"Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
"This solution is expensive and other solutions, such as FortiGate, are cheaper."
"Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
"The pricing is reasonable."
"As a customer, the pricing is good for us."
"It is not the cheapest on the market. The total cost for two firewall instances is $75,000. This includes licenses, deployment fees, and support for two years."
"Palo Alto can be as much as two times the price of competing products that have twice the capabilities."
"The cost of this product varies from customer to customer and the relationship with IBM, including how many offerings from IBM are already being used."
"The price of this solution is very high for some parts of Africa, which makes it a challenge."
"Because I work for a university and the URL is for the institution, it's a free license for us."
"The VM series is licensed annually."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
The VM-Series is a virtualized form factor of our next-generation firewall that can be deployed in a range of private and public cloud computing environments based on technologies from VMware, Amazon Web Services, Microsoft, Citrix and KVM.
The VM-Series natively analyzes all traffic in a single pass to determine the application identity, the content within, and the user identity. These core elements of your business can then be used as integral components of your security policy, enabling you to improve your security efficacy through a positive control model and reduce your incident response time though complete visibility into applications across all ports.
In both private and public cloud environments, the VM-Series can be deployed as a perimeter gateway, an IPsec VPN termination point, and a segmentation gateway, protecting your workloads with application enablement and threat prevention policies.
Juniper vSRX is ranked 22nd in Firewalls with 6 reviews while Palo Alto Networks VM-Series is ranked 11th in Firewalls with 16 reviews. Juniper vSRX is rated 8.2, while Palo Alto Networks VM-Series is rated 8.6. The top reviewer of Juniper vSRX writes "Fast with good usability and fairly scalable". On the other hand, the top reviewer of Palo Alto Networks VM-Series writes "An excellent solution for the right situations and businesses". Juniper vSRX is most compared with Juniper SRX, pfSense, Fortinet FortiGate-VM, Azure Firewall and Barracuda CloudGen Firewall, whereas Palo Alto Networks VM-Series is most compared with Azure Firewall, Fortinet FortiGate, Cisco ASA Firewall and Juniper SRX. See our Juniper vSRX vs. Palo Alto Networks VM-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.