We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
"Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."
"We have not had to deal with stability issues."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete."
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
"The most valuable features of this solution are advanced malware protection, IPS, and IDS."
"Kerio is a lot clearer to set up to do particular things, whereas when I do it on a Cisco or a FortiGate I have to go fight with it per week sometimes to do something I can do in 20 minutes on Kerio."
"The installation is straightforward."
"The initial setup is a breeze."
"It has saved a lot of time and it was a secure way of doing it too. We had a whole contact center that worked from home for a period of time and that's a 21 hour a day contact center that we moved, that was spread out across the greater Brisbane region and working on home internet connections. Surprisingly, we didn't have a lot of stability issues anyway on those connections, but Kerio didn't blink, so that was good."
"The firewall and intrusion detection features are very useful these days because hackers have a lot of tricks that they use to get into a system. With Kerio Control you can see something that's happening. Otherwise, you have to use other tools to see what's happening on the firewalls. Having IPS in it is quite useful for us."
"The firewall and intrusion detection features are good. It has blocked certain things. We have a lot of blocked sites that the staff or anyone using it, the public, etc., can't go on. It works for that. I get quite a few messages every now and again, saying that a virus has been detected and I can go in and block the user who's causing the problem."
"The reporting needs to be improved. It is hard to get a domain."
"The solution is easy to manage. Kerio Control is unique compared to other firewalls because it has been around since 2000 when we switched and the name it started with was WinRoute, and then later became Kerio Control. It evolved over time and it is more of a proprietary firewall on its own and has been developed through open source."
"The initial setup was simple and fast."
"The features I have found best are ease of use, GUI, and performance."
"It is a better firewall than others and it has better features."
"The documentation is very good."
"The solution is very easy to use and has a very nice GUI."
"We've found the stability to be very good overall."
"It's a good solution for end-users. It's pretty easy to work with."
"The concurrent users are perfect for us."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"It would be great if some of the load times were faster."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"One feature I would like to see, that Firepower doesn't have, is email security. Perhaps in the future, Cisco will integrate Cisco Umbrella with Firepower. I don't see why we should have to pay for two separate products when both could be integrated in one box."
"I find it a bit costly to pay for the products that I am not using. They need to change their model in such a way that you don't have to pay for the products that you are not using. Its local support and scalability are also not good. I am looking forward to a more scalable product that will be able to grow with time and technology."
"There were certain things I didn't know about it, but I've always been able to just contact our IT company. They've been able to walk me through certain things. It was quite a monumental task to set up a public site. Support really had to help me with setting up the VLANs and walk me through it. It was not possible for me to figure that out on my own, but that's what they're here for. That could have been a little bit easier laid out."
"If I would suggest anything, it would be to expand on its multifactor authentication to be a little bit more user-friendly. They should do multifactor authentications for the client itself perhaps, rather than served on a webpage, in a page hijack, that might be more user-friendly, but I don't have a lot of complaints about it. It's doing its job. You have to have a certain amount of skills to configure these things anyway, the ones that we use on-site doing point-to-point, and we've been tricked up a few times with their interfaces."
"The overall speed needs improvement. Internet connectivity speed needs to be improved somehow."
"The VPN features are the ones that we really like, but we are using a VPN client to be able to use them. We would like to have an SSL implementation for this same feature so we don't need to install anything on the client side. That's a feature I really miss and that should really be embedded in the product. We really would love to use it via a web browser."
"I would like the customer statistics to be more user-friendly. It should explain more what users have been doing throughout the day. Sometimes, it'll just say they downloaded a big file. Meanwhile, they were connected through a VPN."
"The solution should offer more dashboards."
"If you have to dive deeper into the firewall or any other features, then you really have to read up a bit about how to set it up properly. Some of my colleagues, in the beginning, jumped in and made a bunch of rules but then it got really messy. If Kerio had a template or guidelines for best practices, at the beginning, that would really help. With Kerio Control it's basically 'find out for yourself.'"
"They can improve the dynamic of the input of IPs from outside."
"Their support could be better in terms of the response time."
"The interface is not very shiny and attractive."
"There's a bit of a learning curve during the initial implementation."
"As an open-source solution, there are so many loopholes happening within the product. By design, no one is taking ownership of it, and that is worrisome to me."
"The main problem with pfSense is that it lacks adequate ransomware protection."
"In an upcoming release, the reporting could be more user-friendly. For example, the reporting in graphs and charts for the host can be cumbersome."
"The configuration of the solution is a bit difficult."
"When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today."
"This solution is expensive and other solutions, such as FortiGate, are cheaper."
"This product requires licenses for advanced features including Snort, IPS, and malware detection."
"Its pricing is good and competitive. There is a maintenance cost. It includes SecureX that makes it cost-effective as compared to the other solutions where you have to pay for XDR and SOAR capabilities."
"The solution was chosen because of its price compared to other similar solutions."
"It definitely competes with the other vendors in the market."
"Pricing is the same as other competitors. It is comparable. The licensing has gotten better. It has been easier with Smart Licensing."
"This product is expensive."
"Licensing is easier with Kerio Control. With FortiGate, we realized the licensing is really hectic, because if you skip one year, you have to back pay that year. If you skip two years, you have to back pay two years. With Kerio Control, if a license expires, one year later you can just reactivate and go on."
"It is priced low enough for entry-level, but it has the power to grow with a company without them having to replace it."
"Our clients see ROI with Kerio Control, as they are saving bandwidth costs."
"It is a good fit for SMBs because of its maintainability. When you want to keep your costs low, then Kerio Control is a very good solution. It's not an expensive product that is well integrated. It has a complete set of features within it that make it a very strong product."
"It's pretty expensive in licensing costs, especially if you use the product longer than one or two years. The licensing costs are still high, which I don't think is reasonable for a product like this."
"The price is fine."
"GFI has made a stupid decision regarding small office licensing. For offices where there are only three to five employees and had five years towards a five user product, they now force these customers to a 10-year user license. I really don't understand it. It's a stupid decision for the small offices who want a good solution for security because they'll probably decide to go to another product. Why should they buy something that they don't use?"
"The price of Kerio Control could be better, it is a bit overpriced compared to other solutions."
"Our customers must pay for an annual license."
"I spent a couple of $1,000 on hardware, and the OS was free. A comparable firewall would cost me probably 20 grand. It saved a lot of money."
"pfSense is a free solution."
"There is no license. You don't have to pay anything. It's completely free."
"pfSense is an open-source solution and free to use."
"We are using the open-source version which is free. We are testing the solution to see if we are going to go to the enterprise version which requires a license and is not free."
"We are using the open-source version, not the commercial one."
"This solution provides enterprise-level features at a fraction of the cost of an enterprise firewall."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Kerio Control brings together next-generation firewall capabilities -- including a network firewall and router, intrusion detection and prevention (IPS), gateway anti-virus, VPN, and web content and application filtering. These comprehensive capabilities and unmatched deployment flexibility make Kerio Control the ideal choice for small and mid-sized businesses.
Kerio Control is ranked 9th in Firewalls with 30 reviews while pfSense is ranked 3rd in Firewalls with 53 reviews. Kerio Control is rated 8.0, while pfSense is rated 8.6. The top reviewer of Kerio Control writes "Through the ease of how quickly we could roll out the VPN to everybody, we had whole companies remotely working overnight". On the other hand, the top reviewer of pfSense writes "Feature-rich, well documented, and there is good support available online". Kerio Control is most compared with Fortinet FortiGate, Sophos UTM, Sophos XG, OPNsense and Cisco ASA Firewall, whereas pfSense is most compared with OPNsense, Fortinet FortiGate, Sophos UTM, Sophos XG and Zyxel Unified Security Gateway. See our Kerio Control vs. pfSense report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.