We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"The most valuable feature is the access control list (ACL)."
"The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable."
"The Adversity Malware Protection (AMP) feature is the most valuable. It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard."
"Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity."
"The customer service/technical support is very good with this solution."
"Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
"pfSense helped us during COVID-19 because we used OpenVPN to connect from home."
"We've found the stability to be very good overall."
"One of the advantages of pfSense is that it is very easy to work with. It is a very good open-source solution, and it works really well. pfSense provides a complete package. For some features, it could be the first solution in the world. It is a very good alternative in the market for a firewall solution. You don't need to go to Cisco or other brands with expensive firewalls. pfSense also allows us to offer some support services."
"The intrusion detection feature is the most valuable. It is an open-source firewall, so there is a lot of material on it. I also find the open VPN capability very nice. It is pretty customizable. The clustering and the high availability are the two biggest things to be able to get out of a firewall."
"It is a stable solution. It is also easy to install and can be deployed and maintained by one team member."
"It is a better firewall than others and it has better features."
"The initial setup is not complex."
"The scalability is very good, where you can do an HA configuration and then bring in another box, if necessary."
"Efficient and effective - it's easy to separate rules."
"Sophos UTM is the simplest of these products to setup."
"Sophos is a unified solution. We have anti-virus protection, firewall rules, knotting, and DACC all in one box."
"It is a very good product. The threat monitoring process is the most valuable feature."
"It's a stable solution."
"The most valuable feature is ransomware protection."
"What I like about the solution is the ease of use."
"This is a very stable product."
"Report generation is an area that should be improved."
"The initial setup could be simplified, as it can be complex for new users."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."
"The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution."
"We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."
"The initial setup can be a bit complex for those unfamiliar with the solution."
"The performance should be improved."
"Ease of use is a problem for a user who is unfamiliar with this product because, in the interface, everything has to be set manually."
"pfSense has some limitations in detecting site sessions. We want to control internet usage based on sites and their content, and pfSense doesn't perform this function."
"The main problem with pfSense is that it lacks adequate ransomware protection."
"I would like to see pfSense integrate WireGuard. Currently, pfSense uses OpenVPN, and there's nothing wrong with it, but WireGuard is a lot leaner and meaner."
"The security could be improved."
"We are at the moment looking to use it as a proxy service so that we can limit what websites people go and view and that sort of thing. That's an area I've struggled with a little bit at the moment and it could be a bit easier to set up."
"As an open-source solution, there are so many loopholes happening within the product. By design, no one is taking ownership of it, and that is worrisome to me."
"The main problem with pfSense is that we have to use proxy solutions."
"When we call support, we get put on hold for a long time."
"The five-factor authentication needs improvement."
"Anti-phishing functionality should be improved."
"The solution needs to do better at covering mobile devices, although they may have an integrated solution for that purpose."
"There were a lot of features and functionality in Sophos SG UTM but nothing was state of the art in terms of technology. You did not get the latest functions. It was very monolithic as it was based on an old Linux PuTTY system."
"The logs are not clear, which means that you need an additional piece of software in order to read them clearly."
"There needs to be some improvement in the IPsec VPN. There is implementation only support. I have version one. I'd be most interested in having IP version two from the protocol."
"The ease of use could be a bit better."
"I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
"Pricing is the same as other competitors. It is comparable. The licensing has gotten better. It has been easier with Smart Licensing."
"It definitely competes with the other vendors in the market."
"Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
"When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today."
"The solution was chosen because of its price compared to other similar solutions."
"This solution is expensive and other solutions, such as FortiGate, are cheaper."
"This product is expensive."
"We are using the open-source version, not the commercial one."
"The solution is free. However, you need to pay for support."
"This solution provides enterprise-level features at a fraction of the cost of an enterprise firewall."
"I am using the community version of the solution and it is priced well. There is a cost of learning how to use the solution, if it was free it would be better."
"I would recommend it for a small business or a startup as a starting point. It's also good for companies that are on a tight budget."
"We are using the open-source version which is free. We are testing the solution to see if we are going to go to the enterprise version which requires a license and is not free."
"pfSense is open-source."
"Looking at what it does, I think that it is fairly priced."
"It's reasonably priced."
"The solution is very low cost compared to competitors. You have a good firewall, a lot of functions for less than the price of some omni firewall competitors."
"The prices can be better, they could make it a lot cheaper."
"This product is free for home users. The more expensive products have better performance."
"It is necessary to pay for a licence to use the solution, but it is not very expensive."
"Our licensing fees are paid on a monthly basis."
"The appliance should be purchased and there is a fee for the license."
"It is the cheapest product available. It's good if you have a low budget."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
pfSense is ranked 3rd in Firewalls with 56 reviews while Sophos UTM is ranked 2nd in Unified Threat Management (UTM) with 21 reviews. pfSense is rated 8.6, while Sophos UTM is rated 8.4. The top reviewer of pfSense writes "Feature-rich, well documented, and there is good support available online". On the other hand, the top reviewer of Sophos UTM writes "Great web and email filtering with reasonable pricing". pfSense is most compared with OPNsense, Fortinet FortiGate, Sophos XG, Untangle NG Firewall and Zyxel Unified Security Gateway, whereas Sophos UTM is most compared with Fortinet FortiGate, Sophos XG, Untangle NG Firewall, OPNsense and Palo Alto Networks NG Firewalls. See our Sophos UTM vs. pfSense report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.