We just raised a $30M Series A: Read our story

Compare Sangfor NGAF vs. WatchGuard Firebox

Cancel
You must select at least 2 products to compare!
Featured Review
Find out what your peers are saying about Fortinet, Check Point, Netgate and others in Firewalls. Updated: November 2021.
554,382 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
"One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now.""The most valuable features of this solution are advanced malware protection, IPS, and IDS.""The customer service/technical support is very good with this solution.""The most valuable features of this solution are the integrations and IPS throughput.""You do not have to do everything through a command line which makes it a lot easier to apply rules.""A good intrusion prevention system and filtering.""The most valuable feature is the access control list (ACL).""The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."

More Cisco Firepower NGFW Firewall Pros »

"In four steps one can configure the entire firewall.""Sangfor has the best capabilities for securing connections, securing web browsers, securing servers, and general threat protection.""It's a very simple to use product.""In terms of the most valuable features, the IPS report is quick and updated. Performance is also valuable.""We've found the technical support to be helpful.""While the features are not dissimilar to other brands, configuration is much more simple, which works out great for Indonesian people."

More Sangfor NGAF Pros »

"The main reason we went with it was the security protocols. They were more robust on this device.""There are many fantastic features.""The solution simplifies my business. Normally, for administration, we are using NetApp System Manager on Window since it's easy to create new policies. In a short amount of time, you can create new policies based on new requirements. For example, in the last few months, many requirements changed due to the coronavirus, adding the use of new services, like Office 365, and eLearning tools, like Zoom.""It also provides us with layered security. It has onboard virus scanning features that allow it to scan before something gets to the host. It will also stop a person from going to a site that is known to be bad.""The solution has increased productivity with our outside salespeople being able to connect into their computers and use those remotely.""The security that is used for defending from the attacks is very good.""Two of the functionalities we use most are the traffic monitoring and the full panel dashboard. Those are two things that are very useful for us... In addition, it provides us with layered security. It allows us to determine what types of access, to which networks, we want to allow or deny.""The set up of the VPN is pretty straightforward. Being able to build VPNs on the fly for certain users, if need be, is also valuable."

More WatchGuard Firebox Pros »

Cons
"The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough.""The price and SD-WAN capabilities are the areas that need improvement.""The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second.""I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here.""Implementations require the use of a console. It would help if the console was embedded.""On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it.""The solution could offer better control that would allow the ability to restrictions certain features from a website.""Web filtering needs improvement because sometimes the URL is miscategorized."

More Cisco Firepower NGFW Firewall Cons »

"Occasional issues with breaches which are dealt with expediently.""The solution has too many bugs and these slow down the implementation.""They need to increase the number of ports in the firewall.""I believe that IAM and NGFW need to merge into a single box, instead of there being two separate box solutions.""The web interface needs to be improved, making it more user-friendly."

More Sangfor NGAF Cons »

"I don't think I can get a full-blown DNS client from it. I've been trying to have DNS services. It has forwarding, but I don't get the services of a full DNS client. My main difficulty with it is that I can't run a complete service. I need NTP. I need DNS. I need DHCP for my domain, but I only get forwarding. As far as I can tell, I don't get caching and the kinds of reporting and registration needed to host a DNS for a domain. I have to have a separate solution for that.""The pricing could be improved. It is definitely one of the more expensive products.""There are a couple of things I wished that it would do, but I can't think of those off the top of my head.""I'm not really impressed with the reporting side of it. It may be something I just haven't figured out very well, but it's hard to filter down on reporting of the actual valuable information that you would want. There is a lot of information out there so you have to have some kind of tool capture it and then filter through. So far, I haven't found the reporting side of the WatchGuard to be that user-friendly.""Websense is an application that monitors and filters internet traffic. Websense was derived from WatchGuard. But when you go to WatchGuard to actually implement that particular feature, you have to use some type of additional feature and you have to pay for it, unfortunately. I think it should be free or free in the WatchGuard box itself, as an option. It would be nice if they didn't charge us for that.""The way Secure Sign-On authentication is happening needs to be improved. When the Secure Sign-On portal is turned on, anybody who comes into the campus, whether he or she is a staff member or a guest, has to go past the initial portal. One of the shortcomings is the username. It shouldn't allow permutations or combinations with upper or lower cases. For example, when there is a username abc, it shouldn't allow ABC or Abc. It should not allow the same username, but currently, two separate people can go in. Therefore, its authentication or validation should be improved, and the case sensitiveness should be picked up. If I have restricted someone to two devices, they shouldn't be able to use different combinations of the same username and get into the third or fourth device. It shouldn't allow different combinations of alphabets to be used to log in.""I would like to have a little more control over access points and the ability to see the bandwidth that is passing through a specific access point. We are not able to see that. We can see what traffic is passing through the Firebox itself, but we can't identify if it is coming from a particular access point or not.""Sometimes I would like to copy a rule set from one box to another box in a direct way. This is a feature that is not present at the moment in WatchGuard."

More WatchGuard Firebox Cons »

Pricing and Cost Advice
"The solution was chosen because of its price compared to other similar solutions.""Its pricing is good and competitive. There is a maintenance cost. It includes SecureX that makes it cost-effective as compared to the other solutions where you have to pay for XDR and SOAR capabilities.""The price for Firepower is more expensive than FortiGate. The licensing is very complex. We usually ask for help from Solutel because of its complexity. I have a Cisco account where I can download the VPN client, then connect. Instead, I create an issue with Solutel, then Solutel solves the case.""Cisco is not for a small mom-and-pop shop because of the cost, but if you're in a regulated industry where a breach could cost you a million dollars, it's a bargain.""Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed.""It definitely competes with the other vendors in the market.""When we are fighting against other competitors for customers, whether it is a small or big business, we feel very comfortable with the price that Firepower has today.""I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."

More Cisco Firepower NGFW Firewall Pricing and Cost Advice »

"The price is unmatcheable.""When it comes to the price of firewall solutions, Sangfor NGAF takes the cake.""Sangfor is cheaper than competing vendors."

More Sangfor NGAF Pricing and Cost Advice »

"I usually tell people that it's really affordable as well, particularly compared to Cisco.""The primary reason that we went with Firebox was its cost. It is very economical and it provided us with all the security functions that we were looking for at the time. And the throughput was more than what we required, so it was a very cost-effective device to deploy on our network.""They license it. When we buy it, we buy it with a three-year license. That's the most cost-effective way to do it. So, if you're going to buy it, then buy it with the three-year licensing.""The pricing was in line with everyone else; maybe slightly higher.""The cost was somewhere in the vicinity of $2,000 to $3,000 for each one...""I find the solution to be very affordable.""It has a very good price. It is not the most expensive one, and it is also not the cheapest one. It is just spot-on in terms of price.""The pricing of WatchGuard is probably a little higher than the SonicWall, but it makes up for it in dependability. It's worth it to me, especially since it's not much higher. For just a little bit higher price you get the dependability of the firewall with the WatchGuard brand."

More WatchGuard Firebox Pricing and Cost Advice »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
554,382 professionals have used our research since 2012.
Questions from the Community
Top Answer:  When you compare these firewalls you can identify them with different features, advantages, practices and… more »
Top Answer:  The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
Top Answer: It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
Top Answer: In four steps one can configure the entire firewall.
Top Answer: The price is very cheap. It cannot be matched.
Top Answer: I believe that IAM and NGFW need to merge into a single box, instead of there being two separate box solutions.
Top Answer: We are providing our services to all WatchGuard customers in the region. 
Top Answer: We just use it as a secondary WiFi device. We're a small office and we needed to set up a WiFi device for a few of our… more »
Top Answer: We're a hospital and we use it for developing our incoming and outgoing policies, and we also use it for VPN.
Comparisons
Also Known As
Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
Sangfor NGAF Firewall Platform
Learn More
Overview

Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.

Sangfor Next Generation Firewall (also known as NGAF) is a converged security solution providing protection against advanced threat, malware, viruses, ransomware and web-based attacks using integrated security features like firewall, IPS, anti-virus, anti-malware, APT, URL filtering, Cloud Sandbox, and WAF. As the world's first AI-enabled and fully integrated Next Generation Firewall & Web Application Firewall (WAF), NGAF offering the security visibility, real-time detection and response, simplified operation and maintenance and high-performance application layer security needed to operate an enterprise network in total security. Tested and proven to provide cutting-edge network security by ICSA Labs and endorsed by Gartner Inc., NGAF harnesses the power of Sangfor’s Neural-X threat intelligence and analytics platform and Engine Zero’s innovative malware detection to provide next-generation protection for today’s enterprise.

WatchGuard's approach to network security focuses on bringing best-in-class, enterprise-grade security to any organization, regardless of size or technical expertise. Ideal for SMBs and distributed enterprise organizations, our award-winning Unified Threat Management (UTM) appliances are designed from the ground up to focus on ease of deployment, use, and ongoing management, in addition to providing the strongest security possible.

Offer
Learn more about Cisco Firepower NGFW Firewall
Learn more about Sangfor NGAF
Learn more about WatchGuard Firebox
Sample Customers
Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
The Ministry of Science, Technology, and Innovation (Indonesia), Lawson, Inc. (Philippines), Universiti Sultan Zainal Abidin (Indonesia), TEK Automotive (Italy), etc.
Ellips, Diecutstickers.com, Clarke Energy, NCR, Wrest Park, Homeslice Pizza, Fortessa Tableware Solutions, The Phoenix Residence
Top Industries
REVIEWERS
Comms Service Provider22%
Financial Services Firm16%
Manufacturing Company8%
Non Profit8%
VISITORS READING REVIEWS
Comms Service Provider32%
Computer Software Company21%
Government7%
Manufacturing Company4%
VISITORS READING REVIEWS
Comms Service Provider43%
Computer Software Company20%
Media Company5%
Government5%
REVIEWERS
Manufacturing Company18%
Construction Company15%
Healthcare Company9%
University6%
VISITORS READING REVIEWS
Comms Service Provider34%
Computer Software Company17%
Government6%
Wholesaler/Distributor4%
Company Size
REVIEWERS
Small Business43%
Midsize Enterprise28%
Large Enterprise29%
VISITORS READING REVIEWS
Small Business21%
Midsize Enterprise13%
Large Enterprise66%
REVIEWERS
Small Business43%
Midsize Enterprise57%
REVIEWERS
Small Business67%
Midsize Enterprise21%
Large Enterprise13%
VISITORS READING REVIEWS
Small Business87%
Midsize Enterprise3%
Large Enterprise10%
Find out what your peers are saying about Fortinet, Check Point, Netgate and others in Firewalls. Updated: November 2021.
554,382 professionals have used our research since 2012.

Sangfor NGAF is ranked 23rd in Firewalls with 6 reviews while WatchGuard Firebox is ranked 3rd in Unified Threat Management (UTM) with 24 reviews. Sangfor NGAF is rated 8.2, while WatchGuard Firebox is rated 8.8. The top reviewer of Sangfor NGAF writes "Great pricing, reliable stability, and easy to deploy". On the other hand, the top reviewer of WatchGuard Firebox writes "Competent, basic front-end; the ports that I have assigned appear to be unattainable to outsiders". Sangfor NGAF is most compared with Fortinet FortiGate, Sophos XG, Fortinet FortiOS, Sophos UTM and Check Point NGFW, whereas WatchGuard Firebox is most compared with Fortinet FortiGate, Sophos XG, SonicWall NSa, pfSense and Azure Firewall.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.