We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches."
"Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch."
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
"I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable."
"The customer service/technical support is very good with this solution."
"The implementation is pretty straightforward."
"The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy."
"The flexibility of adding new kinds of services without spending any money can't be beaten."
"The concurrent users are perfect for us."
"It has a good web cache. I used to use a DHCP server and DNS server. For my company, I use pfSense as a load balancing application."
"I mostly like all of it. Whatever we use is valuable."
"The scalability is very good, where you can do an HA configuration and then bring in another box, if necessary."
"The documentation is very good."
"The solution is very easy to use and has a very nice GUI."
"The initial setup is easy."
"We like the features, but the main thing is from a commercial and cost perspective it is very good."
"We have utilized all the features. The most valuable are the URL filtering by category, DMZ zoning, load balancing and site-to-site VPN."
"The most valuable feature is the sandbox."
"This product is user-friendly and easy to configure."
"The filtering is excellent."
"The most valuable features of this solution are intrusion detection, intrusion prevention, and the advanced capture client, which provides live traffic analysis."
"The technical support is very good."
"SonicWall NSA is easy to deploy, easy to maintain, and easy to configure."
"The initial setup could be simplified, as it can be complex for new users."
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"It would be great if some of the load times were faster."
"One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically."
"An area of improvement for this solution is the console visualization."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it."
"In an upcoming release, the reporting could be more user-friendly. For example, the reporting in graphs and charts for the host can be cumbersome."
"Also, the GUI is helpful, but it's not user-friendly. It's complicated. It should be more intuitive for the average user and have an excellent graphical view. Of course, the user will typically know about network administration, but it still should be easy to understand."
"I tried pfSense, and it has a big issue with file system consistency, and this is what drove me to OPNsense. The file system stability is quite a big issue for us. We have a lot of outages related to power issues, and OPNsense is much more stable on this side."
"If a user doesn't have a large amount of experience in Linux systems, they will have problems using this solution. Users need to be highly skilled in troubleshooting competency. Users who do not have such skills will find the product difficult to use."
"Layer 7 advanced firewall features are not included in the solution."
"The router monitoring needs improvement when compared with Sonicwall."
"They could improve their commercial stance and be more agile when it comes to the commercial pricing of enterprise deals."
"Lacks instructional videos."
"Vendor support needs improvement. The frequency of time and support should be increased."
"They are not ready for managed security services. Their Cloud GMS product is weak, barely out of beta (buggy)."
"The filter settings are confusing and overly complicated. The user interface can be improved."
"It would be useful to have an application firewall that prevents the outside world from seeing your private IPs. You don't need to publicize your private IPs to the outside world, and you can create a barrier, like a proxy server."
"Potential improvement around the associated VPN cost"
"The implementation for VLANs is a little bit cumbersome. It would be good to make that a little bit easier."
"In terms of improvement, features like App Control do not work properly"
"They should consider upgrading the capabilities within the GUI."
"Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain."
"Pricing is the same as other competitors. It is comparable. The licensing has gotten better. It has been easier with Smart Licensing."
"Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
"For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
"When we purchased the firewall, we had to take the security license for IPS, malware protection, and VPN. If we are using high availability, we have to take a license for that. We also have to pay for hardware support and technical support. Its licensing is on a yearly basis."
"I am happy with the product in general, including the pricing."
"It definitely competes with the other vendors in the market."
"The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case."
"pfSense is open-source."
"I spent a couple of $1,000 on hardware, and the OS was free. A comparable firewall would cost me probably 20 grand. It saved a lot of money."
"Its price is pretty fair."
"I am using the community version of the solution and it is priced well. There is a cost of learning how to use the solution, if it was free it would be better."
"The price of pfSense is reasonable. However, there is a free version available."
"The solution is free. However, you need to pay for support."
"It has almost zero cost, and it is open to us. It runs on a small appliance just for a couple of 100 bucks, and I've never had an appliance burn out on me yet."
"Our customers must pay for an annual license."
"SonicWall is a one-time purchase and there is no renewal license."
"We are on a three-year license for the solution. The price is inexpensive compared to other solutions."
"SonicWall is not an expensive solution."
"Its price is okay."
"Licensed features provide application control, content filtering, antivirus, and anti-malware all in a single appliance."
"They do have the option to purchase yearly, or two years, and three years renewal."
"The pricing is good and we are satisfied with the cost of this solution."
"If you want to connect more than five concurrent users by VPN then you have to pay an additional fee."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
pfSense is ranked 3rd in Firewalls with 56 reviews while SonicWall NSa is ranked 16th in Firewalls with 35 reviews. pfSense is rated 8.6, while SonicWall NSa is rated 7.6. The top reviewer of pfSense writes "Feature-rich, well documented, and there is good support available online". On the other hand, the top reviewer of SonicWall NSa writes "A rugged solution capable of defeating advanced threats". pfSense is most compared with OPNsense, Fortinet FortiGate, Sophos UTM, Sophos XG and Zyxel Unified Security Gateway, whereas SonicWall NSa is most compared with Meraki MX, Fortinet FortiGate, WatchGuard Firebox, SonicWall TZ and Zyxel Unified Security Gateway. See our SonicWall NSa vs. pfSense report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.