We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."
"Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
"They wanted to leverage something which is equivalent that can give them the next gen features like application awareness and intrusion protection. So that is a major reason they were looking forward to this. The original ASA firewall did not have these features. This was the major reason the customer moved on to Cisco Firepower Threat Defense (FTD). Now they can go ahead and leverage those functionalities."
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
"It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."
"Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to improve their end to end firewall functionality."
"The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable."
"We have not had to deal with stability issues."
"The App-ID, Content-ID, User-ID, and encryption and decryption are valuable features."
"The application control portion of the solution is its most valuable aspect."
"With App-ID, we can identify exact traffic. Even if someone tries to fool the firewall with a different port number, or with the correct port number, Palo Alto is able to identify what kind of traffic it is."
"The stability of the product has been good over the years."
"Mechanically, all firewalls work in a similar fashion, but what makes Palo Alto different is that it also has some of the threat hunt capabilities. It is a little bit better than other vendors."
"The most valuable features are the IPS/IDS subscriptions."
"You just need a web browser to manage it, unlike Cisco, which requires another management system."
"It is pretty important to have embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, because all these different attacks and threats are constantly evolving. So, you want to have something beyond just hard pass rules. You want it to learn as it is going along. Its machine learning seems pretty good. It seems like it is catching quite a few things."
"pfSense is a nice product, and I find that there's a lot of information out there. There are some good tutorials on YouTube and other websites with helpful information."
"I'm the expert when it comes to Linux systems, however, with the pfSense, due to the web interface, the rest of the staff can actually make changes to it as required without me worrying about whether they've opened up ports incorrectly or not. The ease of use for non-expert staff is very good."
"pfSense is easy to use, has user-friendly dashboards, and useful blocking features."
"The documentation is very good."
"The initial setup was simple and fast."
"I like pfSense's security features."
"I have found pfSense to be stable."
"It has a very nice web interface, and it is very simple to use. The way policies are working is also good."
"One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment. In that amount of time, management or someone else can ask me to change something or to provide permissions, but during that time, doing so is not possible. It's a drawback with Cisco. Other vendors, like Palo Alto or Fortinet do not have this deployment time issue."
"The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution."
"I was just trying to learn how this product actually operates and one thing that I see from internal processing is it does fire-walling and then sends it to the IPS model and any other model that needs to be performed. For example, content checking or filtering will be done in a field processing manner. That is something that causes delays in the network, from a security perspective. That is something that can be improved upon. Palo Alto already has implemented this as a pilot passed processing. So they put the same stream of data across multiple modules at the same time and see if it is giving a positive result by using an XR function. So, something similar can be done in the Cisco Firepower. Instead of single processing or in a sequential manner, they can do something similar to pile processing. Internal function that is something that they can improve upon."
"An area of improvement for this solution is the console visualization."
"In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard."
"On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"Deploying configurations takes longer than it should."
"For an upcoming release, they could improve on the way to build security rules per user."
"They can improve the handling and management of User-ID. They should also improve its price. Their technical support can also be improved."
"Support should be improved, wait times can be long."
"The only real drawback to this product is that it is expensive. But you get what you pay for and there is no way to put a price on top-notch security."
"Based on the features that I have seen so far, I do not see any room for improvement, but they can improve their CLI documentation. I haven't really seen much when it comes to CLI documentation."
"Currently, they don't have email protection. They can maybe add it in the future. Currently, if you want to do so, you need to go with another solution."
"With new features and applications you get bugs."
"The pricing could be improved upon."
"The main problem with pfSense is that it lacks adequate ransomware protection."
"Lacks instructional videos."
"The integration should be improved."
"Could be simplified for new users."
"The integration of pfSense with EPS and EDS could be better. Also, it should be easier to get reports on how many users are connecting simultaneously and how sections connect in real-time."
"Many people have problems setting up the web cache for the web system."
"They could improve their commercial stance and be more agile when it comes to the commercial pricing of enterprise deals."
"pfSense could improve by having a sandboxing feature that I have seen in SonicWall. However, maybe it is available I am not aware of it."
"We normally license on a yearly basis. The hardware procurement cost should be considered. If you're virtual maybe that cost is eradicated and just the licensing cost is applied. If you have hardware the cost must be covered by you. All the shipping charges will be paid by you also. I don't thing there are any other hidden charges though."
"This product is expensive."
"The solution was chosen because of its price compared to other similar solutions."
"Its pricing is good and competitive. There is a maintenance cost. It includes SecureX that makes it cost-effective as compared to the other solutions where you have to pay for XDR and SOAR capabilities."
"It definitely competes with the other vendors in the market."
"This product requires licenses for advanced features including Snort, IPS, and malware detection."
"Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain."
"There are additional implementation and validation costs."
"Its price can be better. Licensing is on a yearly basis."
"Compared to other solutions, it's very expensive to set up and maintain."
"Cheap and faster are the opposite sides of security. Security inspections have some technical and money costs. If you just purchase some cheap, fast firewalls, then you will lose a lot of the security features and fraud protection capabilities."
"The price of this product should be reduced."
"It has a yearly subscription."
"It is an expensive solution."
"We pay for the licensing annually and the price could be cheaper."
"We are on an annual license for this solution. I am happy with the price and when comparing it to other solutions it is priced competitively."
"pfSense is open-source."
"I would recommend it for a small business or a startup as a starting point. It's also good for companies that are on a tight budget."
"I like the fact that it is open-source."
"The pricing is lower than some of its competitors."
"I am using the community version of the solution and it is priced well. There is a cost of learning how to use the solution, if it was free it would be better."
"It is open source."
"pfSense is an open-source solution and free to use."
"Our customers must pay for an annual license."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Palo Alto Networks' next-generation firewalls secure your business with a prevention-focused architecture and integrated innovations that are easy to deploy and use. Now, you can accelerate growth and eliminate risks at the same time.
Palo Alto Networks NG Firewalls is ranked 7th in Firewalls with 67 reviews while pfSense is ranked 3rd in Firewalls with 53 reviews. Palo Alto Networks NG Firewalls is rated 8.4, while pfSense is rated 8.6. The top reviewer of Palo Alto Networks NG Firewalls writes "The product stability and level of security are second to none in the industry". On the other hand, the top reviewer of pfSense writes "Feature-rich, well documented, and there is good support available online". Palo Alto Networks NG Firewalls is most compared with Fortinet FortiGate, Azure Firewall, Sophos XG, Meraki MX and Check Point NGFW, whereas pfSense is most compared with OPNsense, Fortinet FortiGate, Sophos UTM, Sophos XG and Juniper SRX. See our Palo Alto Networks NG Firewalls vs. pfSense report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.