We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete."
"There are no issues that we are aware of. It does its job silently in the background."
"The implementation is pretty straightforward."
"The customer service/technical support is very good with this solution."
"A good intrusion prevention system and filtering."
"One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses."
"The solution’s firewall and intrusion detection features are quite good because you can see exactly who is attacking you and who is getting blocked."
"The firewall and intrusion detection features are good. It has blocked certain things. We have a lot of blocked sites that the staff or anyone using it, the public, etc., can't go on. It works for that. I get quite a few messages every now and again, saying that a virus has been detected and I can go in and block the user who's causing the problem."
"The firewall and intrusion detection features are very useful these days because hackers have a lot of tricks that they use to get into a system. With Kerio Control you can see something that's happening. Otherwise, you have to use other tools to see what's happening on the firewalls. Having IPS in it is quite useful for us."
"The top features are ones that we're not using yet but we soon will be because we've just had broadband upgraded in Australia. We've got something called the National Broadband Network, which is forced onto you, so you have to take it when it arrives. We'll be trying the high availability out soon. We tried that with some load balancing, it didn't quite work as we expected, but I think that was more of a configuration thing rather than a product thing."
"The traffic insight page or the administrative portal is really helpful because you can see all the internet usage down to the point where you can see if it's big files or streams. It gives us a good view of what the internet usage is of users who are coupled to an IP address. That way, if there are problems with, for example, a lot of data usage or problems with the connection, we can narrow it down to a single user or server and address the problem. It's really helpful for diagnostic data."
"The installation is straightforward."
"Instead of using a cloud-based product for accessing information, and putting my data at risk in the cloud and in someone else's hands, it has allowed me to use a VPN and access my data directly from a laptop when I am out in the field. That has made my life a lot easier, where I'm able to access any information I need to be able access, basically on demand, with an Internet connection. That alone has been great."
"The initial setup is a breeze."
"The most valuable features are the reporting, dashboards, and graphical user interface. It gives a good overall picture of what is happening over the network."
"I recommend the solution due to its ease of use and pricing."
"Content filtering and intrusion prevention are most valuable. Our customers are fully satisfied with the performance of Sophos. It has all the features that they require in a firewall."
"Good security and a good interface."
"I've tried out Sophos XG a little. It has a good interface that's very user-friendly, but I haven't used all of its functions because I'm only configuring and running the system."
"It's a product that is in continuous improvement and is following what the customer is asking for. They are taking inputs and designing new releases specifically according to the client and their needs."
"The product has a console that is based in the cloud for all their products. In this console, they have email security, firewall security, endpoint security, et cetera. All of the products on offer in the console are very useful for us."
"This solution does everything and anything a firewall can do."
"The solution could offer better control that would allow the ability to restrictions certain features from a website."
"The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved."
"In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard."
"My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement."
"On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it."
"I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."
"One of the problems we do have causes problems with the VPN. The software slows the throughput down too much. You could have a one-gigabit connection from the internet, and it slows it down to the area of upload and download is extremely slow. There's too much content filtering at that point."
"There were certain things I didn't know about it, but I've always been able to just contact our IT company. They've been able to walk me through certain things. It was quite a monumental task to set up a public site. Support really had to help me with setting up the VLANs and walk me through it. It was not possible for me to figure that out on my own, but that's what they're here for. That could have been a little bit easier laid out."
"The comprehensiveness of the security features could be improved upon. However, for the most part, it is pretty good. They could add more logs. I would like to see more detailed reporting, custom reporting from the logs, and more of a streamlined interface for certain aspects."
"One area that confused me a bit when I was building my current network. I use VLANs to have separate functionality on the network, and the appliance I got was the WiFi model, but I discovered that you can't assign WiFi channels to the VLAN. So, you can have WiFi, but its own subnet. You can't run that over the VLAN. Effectively, I can't use the WiFi facility in the appliance and had to purchase a separate web that supports VLANs. In the end, I had to go to GFI support. They confirmed this is just a limited functionality of that device, as it is a low-end device. I don't know if any of their high-end models have a better facility or not."
"The antivirus seemed to be a bit laggy on the connection so I disconnected that. It's definitely good. The only issue we've had with any sort of cyber attack seemed to be coming from a couple of distinct locations, people trying to get into known ports on remote desktops and stuff like that. The fact that we can block all that traffic is just great. It simplifies it."
"I would like it if the interface section had multiple failovers. Although I do have three connections, just in case our physical cables get disconnected, I can only set up one failover as a backup. So, if for some reason our fiber and our AFM went down together, I would have to have it search for our 4G modem. I'd love to have extra backups running."
"I can no longer renew my subscription directly with GFI but we have to go through third-party resellers like CDW. The first time I did it with CDW. I went to CDW and it was almost like they didn't even know anything. They didn't know what package I was supposed to get. Then after I got it, it took almost five days to get everything working."
"When it comes to dealing with updates, there are often bugs on the solution. They should do a lot more testing before they release new versions."
"I'm just a sole proprietor for IT support, and from my perspective, there could be better ways to educate a proprietor, such as myself, on how to set it up, and program it, and manage it. They do tend to have support, but a lot of times, it is for larger networks. I need something that is simpler and more rudimentary as to how to go about setting up and configuring the firewall, setting up the rules, and that type of thing. So, if there is a missing component there, that would be it."
"The response time could stand improvement."
"The user interface could be improved and more bandwidth management would be helpful."
"The MTR feature needs enhancing."
"The pricing has gotten much higher."
"They should improve the hardware. If they can do that, it will be a very good product."
"The solution could offer a bit more integration with other systems, with other platforms - just to be able to extend the capability and to interface with other kinds of platforms or systems that I can find on the market as it gives the possibility to improve the level of integration."
"The user interface could be better."
"This solution is expensive and other solutions, such as FortiGate, are cheaper."
"There are additional implementation and validation costs."
"The solution was chosen because of its price compared to other similar solutions."
"I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
"Its price is in the middle range. Both Firepower and FortiGate are not cheap. Palo Alto and Check Point are the cheapest ones. I don't remember any costs in addition to the standard licensing fees."
"Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
"This product requires licenses for advanced features including Snort, IPS, and malware detection."
"The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
"Its initial cost is less as compared to other products. It becomes a bit costly when you pay for the products that you don't use. We paid for almost all the products through subscription, but we are using only a few products. We use EndPointSecurity, Kerio Connect, WebMonitor, and LanGuard. We don't use the rest of the products."
"GFI has made a stupid decision regarding small office licensing. For offices where there are only three to five employees and had five years towards a five user product, they now force these customers to a 10-year user license. I really don't understand it. It's a stupid decision for the small offices who want a good solution for security because they'll probably decide to go to another product. Why should they buy something that they don't use?"
"Our clients see ROI with Kerio Control, as they are saving bandwidth costs."
"It gets expensive pretty quickly if you need to purchase license packs."
"The fixed model of users and devices is a bit of a problem for us. We want to be able to expand it fast and not have to contact our supplier first to get a license... If they had a larger fixed price with unlimited users or devices, that would help. Now, it's five users each time. A pack of 100 or 200 users for a certain price would make it more dynamic and user-scalable."
"It's too expensive. The license, in the last year or so, has gone up by over a £100. We're almost being out-priced by the annual license at the minute."
"Licensing is easier with Kerio Control. With FortiGate, we realized the licensing is really hectic, because if you skip one year, you have to back pay that year. If you skip two years, you have to back pay two years. With Kerio Control, if a license expires, one year later you can just reactivate and go on."
"It is priced low enough for entry-level, but it has the power to grow with a company without them having to replace it."
"When comparing with Palo Alto and Cisco, Sophos is cheaper."
"The pricing is flexible. Sophos looks at a country's economy and offers flexible pricing. This is how they have managed to penetrate the market."
"Sophos is very good when it comes to pricing."
"The issue of a recurring license is a hassle because every year, we have to subscribe."
"Sophos XG isn't expensive compared to Check Point."
"The hardware is inexpensive but the license is expensive."
"It is very expensive."
"We paid for our licensing for three years, upfront, and there are no costs in addition to the standard fees."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Kerio Control brings together next-generation firewall capabilities -- including a network firewall and router, intrusion detection and prevention (IPS), gateway anti-virus, VPN, and web content and application filtering. These comprehensive capabilities and unmatched deployment flexibility make Kerio Control the ideal choice for small and mid-sized businesses.
Sophos XG Firewall is next gen firewall that is optimized for today’s business, delivering all the protection and insights you need in a single, powerful appliance that’s easy to manage.
Kerio Control is ranked 9th in Firewalls with 30 reviews while Sophos XG is ranked 5th in Firewalls with 119 reviews. Kerio Control is rated 8.0, while Sophos XG is rated 8.0. The top reviewer of Kerio Control writes "Through the ease of how quickly we could roll out the VPN to everybody, we had whole companies remotely working overnight". On the other hand, the top reviewer of Sophos XG writes "Light and stable with excellent real-time control ". Kerio Control is most compared with pfSense, Fortinet FortiGate, Sophos UTM, OPNsense and Cisco ASA Firewall, whereas Sophos XG is most compared with Fortinet FortiGate, pfSense, Meraki MX, Palo Alto Networks NG Firewalls and Sophos Cyberoam UTM. See our Kerio Control vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.