We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."
"I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable."
"It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS."
"When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well."
"It's got the capabilities of amassing a lot of throughput with remote access and VPNs."
"It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."
"The Adversity Malware Protection (AMP) feature is the most valuable. It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard."
"The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
"The firewall and intrusion detection features are good. It has blocked certain things. We have a lot of blocked sites that the staff or anyone using it, the public, etc., can't go on. It works for that. I get quite a few messages every now and again, saying that a virus has been detected and I can go in and block the user who's causing the problem."
"The initial setup is a breeze."
"Instead of using a cloud-based product for accessing information, and putting my data at risk in the cloud and in someone else's hands, it has allowed me to use a VPN and access my data directly from a laptop when I am out in the field. That has made my life a lot easier, where I'm able to access any information I need to be able access, basically on demand, with an Internet connection. That alone has been great."
"The reporting needs to be improved. It is hard to get a domain."
"The most valuable feature is the reliability of VPN capabilities. The VPN has been very reliable and secure. The security has been very good and the VPN connections are reliable in that they stay up. We don't have a lot of problems with downtime and that type of thing."
"The most valuable features of Kerio Control are the IPS and traffic rules. The traffic rules are very user-friendly and the IPS is working well. Additionally, the anti-virus is effective with quick options, such as filtering."
"The routing of the multiple internet physical routers I have is the most valuable feature of this solution. Instead of me physically unplugging a cable from one router to the server, if one connection goes down, it automatically switches for me. So I can have all three of them plugged in. If one goes down, it just picks up the other one automatically. There's no physical cable swapping."
"I want to have access to my computer from the outside and Kerio Control plays a role because it has a VPN... It is more reliable because it's a smaller group of computers to target for hackers and the like. The VPN works very well. I use it to work remotely very easily and exchange information, both to and from the location where it's deployed, and there have been no problems there."
"What I like about the solution is the ease of use."
"The cost of the solution is very reasonable."
"The stability, overall, is excellent. I haven't had a problem in the last two years."
"It is a very good product. The threat monitoring process is the most valuable feature."
"Monitoring and reporting are areas that need improvement."
"Sophos is a unified solution. We have anti-virus protection, firewall rules, knotting, and DACC all in one box."
"It is easy to manage."
"The most valuable feature is ransomware protection."
"Web filtering needs improvement because sometimes the URL is miscategorized."
"It would be great if some of the load times were faster."
"I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it."
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."
"We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."
"When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance."
"One area that confused me a bit when I was building my current network. I use VLANs to have separate functionality on the network, and the appliance I got was the WiFi model, but I discovered that you can't assign WiFi channels to the VLAN. So, you can have WiFi, but its own subnet. You can't run that over the VLAN. Effectively, I can't use the WiFi facility in the appliance and had to purchase a separate web that supports VLANs. In the end, I had to go to GFI support. They confirmed this is just a limited functionality of that device, as it is a low-end device. I don't know if any of their high-end models have a better facility or not."
"Kerio Control could improve by having higher availability and adding a mobile VPN channel. These additions are needed. The VPN is working fine on the Kerio Control but there needs to be a VPN client on the mobile phones, both for iOS and Android. This would be very good for us."
"I can no longer renew my subscription directly with GFI but we have to go through third-party resellers like CDW. The first time I did it with CDW. I went to CDW and it was almost like they didn't even know anything. They didn't know what package I was supposed to get. Then after I got it, it took almost five days to get everything working."
"It has a VPN back to our data center but I don't think it has increased the number of VPN clients extended to those outside our environment"
"My experience with the solutions technical support is fine but they could be faster in responding."
"The overall speed needs improvement. Internet connectivity speed needs to be improved somehow."
"When we did our last update, we had some trouble with the initial syncing process to get our messaging to go through. But we were also moving a store and a lot was changing during that process. I don't think it was on Kerio's end. It just coincided with the update. Once we got our third-party IT guy involved it was resolved very quickly."
"The denial of service could also be improved. There recently was a big issue with denial of service attacks and it was a bit laborious."
"Anti-phishing functionality should be improved."
"There were a lot of features and functionality in Sophos SG UTM but nothing was state of the art in terms of technology. You did not get the latest functions. It was very monolithic as it was based on an old Linux PuTTY system."
"It would be nice if it had basic features, such as DLP (Data Loss Prevention)."
"The solution needs to do better at covering mobile devices, although they may have an integrated solution for that purpose."
"I think that additional metrics features are needed to be able to monitor other areas or to monitor as much as you can, at a fine-grain resolution."
"Sophos should be more user-friendly, have more dashboards, and an easier implementation."
"The solution is not scalable."
"Sophos should improve its ability to check something like bandwidth consumption for users or something more real-time."
"The price of Firepower is not bad compared to other products."
"When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis."
"This solution is expensive and other solutions, such as FortiGate, are cheaper."
"I am happy with the product in general, including the pricing."
"The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
"Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees."
"Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
"Pricing is the same as other competitors. It is comparable. The licensing has gotten better. It has been easier with Smart Licensing."
"I think it is a bit on the pricey side, but it's okay. I've got 50 licenses which I think is $250 a year or something like that."
"I am living in Iran and we cannot buy the product from Kerio because of sanctions."
"GFI has made a stupid decision regarding small office licensing. For offices where there are only three to five employees and had five years towards a five user product, they now force these customers to a 10-year user license. I really don't understand it. It's a stupid decision for the small offices who want a good solution for security because they'll probably decide to go to another product. Why should they buy something that they don't use?"
"It is a good fit for SMBs because of its maintainability. When you want to keep your costs low, then Kerio Control is a very good solution. It's not an expensive product that is well integrated. It has a complete set of features within it that make it a very strong product."
"The yearly maintenance fee is a bit high for the Kerio Control Boxes. The end of life for the devices is kind of short. It seems like they're making you upgrade within a short period of time. They should at least allow five years, but it seems like they are changing their end of life to be shorter to generate revenue."
"Licensing is easier with Kerio Control. With FortiGate, we realized the licensing is really hectic, because if you skip one year, you have to back pay that year. If you skip two years, you have to back pay two years. With Kerio Control, if a license expires, one year later you can just reactivate and go on."
"The price is fine."
"Our clients see ROI with Kerio Control, as they are saving bandwidth costs."
"Our licensing fees are paid on a monthly basis."
"The prices can be better, they could make it a lot cheaper."
"We pay for the service on a yearly basis. The last time we paid was in June, for a year. At the time, it was about $20,000."
"This product is free for home users. The more expensive products have better performance."
"It is necessary to pay for a licence to use the solution, but it is not very expensive."
"The appliance should be purchased and there is a fee for the license."
"It's reasonably priced."
"The solution is very low cost compared to competitors. You have a good firewall, a lot of functions for less than the price of some omni firewall competitors."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Kerio Control brings together next-generation firewall capabilities -- including a network firewall and router, intrusion detection and prevention (IPS), gateway anti-virus, VPN, and web content and application filtering. These comprehensive capabilities and unmatched deployment flexibility make Kerio Control the ideal choice for small and mid-sized businesses.
Kerio Control is ranked 9th in Firewalls with 30 reviews while Sophos UTM is ranked 2nd in Unified Threat Management (UTM) with 20 reviews. Kerio Control is rated 8.0, while Sophos UTM is rated 8.4. The top reviewer of Kerio Control writes "Through the ease of how quickly we could roll out the VPN to everybody, we had whole companies remotely working overnight". On the other hand, the top reviewer of Sophos UTM writes "Great web and email filtering with reasonable pricing". Kerio Control is most compared with pfSense, Fortinet FortiGate, Sophos XG, OPNsense and Cisco ASA Firewall, whereas Sophos UTM is most compared with Fortinet FortiGate, pfSense, Sophos XG, Untangle NG Firewall and Palo Alto Networks NG Firewalls. See our Kerio Control vs. Sophos UTM report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.