We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"The most valuable features of this solution are advanced malware protection, IPS, and IDS."
"The Adversity Malware Protection (AMP) feature is the most valuable. It is also very easy to use. Every technical user can operate this solution without any difficulty. The dashboard of Cisco Firepower has every tool that a security operator needs. You can find every resource that you need to operate through this dashboard."
"Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches."
"Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening."
"There are no issues that we are aware of. It does its job silently in the background."
"Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity."
"One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses."
"The technical support is very good."
"They offer good antivirus solutions."
"Setup is easy. Anyone with basic firewall experience can do it."
"Compared to Cisco, SonicWall NSa is much easier to configure."
"It is a brilliant product. It is a Unified Threat Management (UTM) system. It has got about 11 security services that take care of your perimeter security. It takes care of any kind of cyber threats that could come in. It takes care of creating VPNs between two SonicWalls instantly and very easily. It has got spyware in it as well as a firewall. It has also got a gateway antivirus and an application firewall that can block things from outside."
"The filtering is excellent."
"User friendly and intuitive."
"The most valuable aspect of the solution is its ability to work like any other firewall."
"I like the firewall, inbound, and outbound modules the most. The VPN feature also works well. It is very easy to configure rules in Sophos XG. We have got local service here in Zimbabwe from Sophos, which is something that I like a lot. We have got good local support, and they come on-site when we have any challenges. Sophos provides a lot of good training all around Zimbabwe. They are quite dominant here, similar to other solutions like Fortinet or WatchGuard."
"So far, I'm happy that they have recently added a firewall role, so I feel a little more comfortable with the security. The threat management is good."
"The most valuable feature is that it scans all of the data for any kind of malware."
"I have found the feature allowing you to manage everything from a centralized location beneficial."
"Content filtering and intrusion prevention are most valuable. Our customers are fully satisfied with the performance of Sophos. It has all the features that they require in a firewall."
"We created and configured a VPN for connecting our remote sites and also to make it more secure and reliable. We also like its two-factor authentication features."
"The most valuable is the synchronized security between Sophos XG and Sophos endpoint because it provides a lot of visibility about unknown applications. The endpoint shares the information of unknown applications, and you can learn about those applications and create policies to allow or block those applications."
"I like how you can integrate with other endpoints and Intercept X in one central management platform. I think it's a perfect solution. Sophos will manage everything in one container. You can manage many firewalls or endpoints within one panel."
"Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment."
"The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution."
"The initial setup could be simplified, as it can be complex for new users."
"The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved."
"I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here."
"Deploying configurations takes longer than it should."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"Web filtering needs improvement because sometimes the URL is miscategorized."
"The pricing for this product in India is high and the fees should be reduced."
"The reporting and monitoring are a bit complex and should be easier in SonicWall NSa because other firewalls I have experienced have been more simple, such as Palo Alto. We are able to receive a clear view of our network. As a general user with little experience, it would be difficult for them to handle."
"I would like U.S.-based technical support."
"We also need to increase the throughput because the other devices are slower. The throughput will become slow. Since we're using VoIP, it tends to affect the voice quality. Even if you're using a quality service, it tends to decrease."
"The content ID needs to be improved."
"Do not even consider NetExtender - probably one of the most horrific, nightmare grade Java-based VPN clients. We have but all given up trying to make it work reliably."
"The implementation for VLANs is a little bit cumbersome. It would be good to make that a little bit easier."
"It would help us a lot of SonicWall sent us more information about the latest updates and things that are changing."
"An area of improvement would be the reporting as diagnostic graphs take a long time to load and refresh. If there could be an option to show only select graphs, it may speed up the graphics."
"The support service level agreement in regard to the amount of time needed to upgrade things is too low. It should be higher."
"The cloud support needs to be improved."
"The user interface could be improved and more bandwidth management would be helpful."
"The reaction time of the GUI is terrible when compared to other manufacturers."
"Sophos XG's web server protection and log viewer could improve. They should also introduce sandboxing."
"The solution could improve by having better security."
"It would be helpful if the solution offered some tutorial videos to help new users learn the system quickly."
"This product is expensive."
"It definitely competes with the other vendors in the market."
"I am happy with the product in general, including the pricing."
"I like the Smart Licensing, because it is more dynamic and easier to keep track of where you are at. If we have a high availability firewall pair and they are deployed in active/standby rather than active/active, I would expect that we would only pay for one set of licenses because you are using only one firewall at any one time. The other is there just for resiliency. The licensing, from a Firepower perspective, still requires you to have two licenses, even if the firewalls are in active/standby, which means that you pay for the two licenses, even though you might only be using one firewall any one time. This is probably not the best way to do it and doesn't represent the best value for money. This could be looked at to see if it could be done in a fairer way."
"For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
"I know that licensing for some of the advanced solutions, like Intrusion Prevention and Secure Malware Analytics, are nominal costs."
"There are additional implementation and validation costs."
"The solution was chosen because of its price compared to other similar solutions."
"They do have the option to purchase yearly, or two years, and three years renewal."
"The CPUs are not able to compete with a similar price point to the Fortinet, WatchGuard, or Palo Alto product."
"If you want to connect more than five concurrent users by VPN then you have to pay an additional fee."
"SonicWall is not an expensive solution."
"Licensed features provide application control, content filtering, antivirus, and anti-malware all in a single appliance."
"When implemented properly, the total cost of operation is very low."
"SonicWall still is only a dollar or Euro per gigabit. This means, of the IPsec, it's the cheapest solution."
"A firewall doing anti-spam might be a low cost solution, but it is not your best strategy."
"The price is good for the moment."
"There is a license required for this solution that is priced well and all the features are included."
"The cost could be lower especially if you want to add other features."
"It comes at a fair price as compared to some of the other products out there. Its price is in the middle. It is not the cheapest, and it is also not as expensive as Juniper, Check Point, and definitely Cisco. Nowadays, everybody is very cost-sensitive, and people don't want to spend unnecessary money, but even before that, it was a fairly priced product. You've got your choice of what license you want. There are basically two types of licenses, and it depends on what you need to do, and everything is included in that license. There is no cost for VPN and DMZ. You purchase the license, and you know upfront what you're getting or what you're not getting, and that's it. It is one license fee and done and dusted."
"There is no license required to use this solution."
"We prepaid in advance to get the max discount."
"The price is reasonable but it would be great if it was reduced to half the price."
"The issue of a recurring license is a hassle because every year, we have to subscribe."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Sophos XG Firewall is next gen firewall that is optimized for today’s business, delivering all the protection and insights you need in a single, powerful appliance that’s easy to manage.
SonicWall NSa is ranked 16th in Firewalls with 35 reviews while Sophos XG is ranked 5th in Firewalls with 119 reviews. SonicWall NSa is rated 7.6, while Sophos XG is rated 8.0. The top reviewer of SonicWall NSa writes "A rugged solution capable of defeating advanced threats". On the other hand, the top reviewer of Sophos XG writes "Light and stable with excellent real-time control ". SonicWall NSa is most compared with Meraki MX, Fortinet FortiGate, WatchGuard Firebox, SonicWall TZ and Palo Alto Networks NG Firewalls, whereas Sophos XG is most compared with Fortinet FortiGate, pfSense, Meraki MX, Palo Alto Networks NG Firewalls and Azure Firewall. See our SonicWall NSa vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.