We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The most valuable features of this solution are the integrations and IPS throughput."
"Another benefit has been user integration. We try to integrate our policies so that we can create policies based on active users. We can create policies based on who is accessing a resource instead of just IP addresses and ports."
"The solution offers very easy configurations."
"It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."
"One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now."
"The feature set is fine and is rarely a problem."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
"You just need a web browser to manage it, unlike Cisco, which requires another management system."
"Palo Alto NGFW provides a unified platform that natively integrates all security capabilities, which is very useful. This prevents us from having to go to a lot of different systems, and in some cases, many different systems in many different regions, because we are a global company with 60 remote offices around the world in 30 different countries. Its centralized platform is really what we look for in all services, whether it be security or otherwise."
"Ability to log each and every application."
"Everything is easy in Palo Alto Networks NG Firewall. It is very stable, easy to configure, and easy to upgrade. It is also very easy to create custom policies and applications. Everything can be done with the click of a button. It is also good for the protection of web services. Nowadays, they have a rather new DNS security feature, which is pretty good and functional. We did a one-month trial, and it is the best product for the firewall network."
"The technology's very good. We have had a lot of good experience with this solution."
"Its flexibility is the most valuable."
"Provision of quality training material and the reporting is very good."
"It is pretty important to have embedded machine learning in the core of the firewall to provide inline, real-time attack prevention, because all these different attacks and threats are constantly evolving. So, you want to have something beyond just hard pass rules. You want it to learn as it is going along. Its machine learning seems pretty good. It seems like it is catching quite a few things."
"A very robust product."
"Easily manageable in a variety of environments."
"I like that it works fine. Stormshield is a very good solution."
"I like how you can configure the rules. There is the task for the rules and a task for the network configuration. It also provides SMD filtering, and it can be integrated with the active directory for the users, their mission, and the VPN configuration. We are here in Sudan, and Stormshield didn't work in Sudan for more than a decade. Stormshield is a very strong firewall and very easy to configure and maintain. I am just working with the firewall solution, and we don't have any other solutions like endpoint solutions or something like that."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard."
"Web filtering needs improvement because sometimes the URL is miscategorized."
"Implementations require the use of a console. It would help if the console was embedded."
"One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically."
"The price and SD-WAN capabilities are the areas that need improvement."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"The initial setup could be simplified, as it can be complex for new users."
"This is a difficult product to manage, so the administrator needs to have a good knowledge of it, otherwise, they will not be able to handle it properly."
"The pricing could be improved upon."
"Over the past one or two years, Palo Alto Networks has added a lot of features into the NG Firewall products. I think this is becoming more complicated for our customers. Therefore, we could use some best practices, best practice tools, and implementation guides for some of the complicated features."
"In the future, I would like to see more OTP features."
"Maybe they could add some tools and more competing services, like servers, but that would increase the cost of the solution."
"I think automation and machine learning can be improved to make bulk configurations simpler, easier, and faster"
"For an upcoming release, they could improve on the way to build security rules per user."
"I would like to see better integration with IoT technologies."
"The SD card could be more secure."
"The filtering configuration could be better. We have some difficulties with the filtering configuration and the filter extension. It's not that easy. It's not that straightforward. In the next release, I would like to see a reporting system. Stormshield doesn't have any tutorials on how to do the configuration and things like that. They just have documentation on the website. If you want to configure, for example, Cisco or Fortinet, you can find tutorials on YouTube. They show you how to configure the features, and so on. In Stormshield, there is nothing on social media or the internet on how to configure different things. The lack of documentation or the lack of material makes it difficult for others to adopt this solution."
"Improvement is needed in terms of the technical support of the manufacturer."
"It could be better if it were more user-friendly. It's too complicated for us to use it. The price could be better as well."
"Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
"This product requires licenses for advanced features including Snort, IPS, and malware detection."
"The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
"The price is comparable."
"I am happy with the product in general, including the pricing."
"Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
"When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis."
"There are additional implementation and validation costs."
"This is an expensive product, which is why some of our customers don't adopt it."
"It is expensive as compared to other brands."
"Definitely look into a multi-year license, as opposed to a single-year. That will definitely be more beneficial in terms of cost... Palo Alto is definitely not the cheapest, but if you scale it the right way it will be very comparable to what's out there."
"It is a little bit expensive than other firewalls, but it is worth every penny. There are different licenses for the kinds of services you want to use. When we buy a new product, we go for a three-year subscription."
"It is very expensive. You pay for a year."
"We are on an annual license for this solution. I am happy with the price and when comparing it to other solutions it is priced competitively."
"Paul Alto is the most expensive solution in this category."
"We were very happy when they released the PA-440s. Previously, we had been looking at the PA-820s, which were a bit of overkill for us. Price-wise and capability-wise, the PA-820s hit the nail on the head for us."
"I think the price is good."
"We bought a three-year license, and we renew it whenever it expires. The price could be better. It's always very expensive."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Palo Alto Networks' next-generation firewalls secure your business with a prevention-focused architecture and integrated innovations that are easy to deploy and use. Now, you can accelerate growth and eliminate risks at the same time.
Palo Alto Networks NG Firewalls is ranked 7th in Firewalls with 67 reviews while Stormshield Network Security is ranked 8th in Unified Threat Management (UTM) with 4 reviews. Palo Alto Networks NG Firewalls is rated 8.4, while Stormshield Network Security is rated 8.4. The top reviewer of Palo Alto Networks NG Firewalls writes "The product stability and level of security are second to none in the industry". On the other hand, the top reviewer of Stormshield Network Security writes "Robust, provides a high level of security at a reasonable cost". Palo Alto Networks NG Firewalls is most compared with Fortinet FortiGate, Azure Firewall, Sophos XG, Meraki MX and Cisco ASA Firewall, whereas Stormshield Network Security is most compared with Fortinet FortiGate, pfSense, Cisco ASA Firewall, Sophos XG and WatchGuard Firebox. See our Palo Alto Networks NG Firewalls vs. Stormshield Network Security report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.