Coming October 25: PeerSpot Awards will be announced! Learn more

Firewalls Configuration Reviews

Showing reviews of the top ranking products in Firewalls, containing the term Configuration
Juniper SRX logo Juniper SRX: Configuration
Head Of Network & Technical Support at a financial services firm with 501-1,000 employees

The configuration is difficult and it should be easier.

View full review »
Pre-Sales Analyst at a tech services company with 201-500 employees

The initial setup wasn't too complex. It was pretty straightforward. We didn't really face any problems during implementation.

The deployment takes about 20 minutes. This without the client tests and just the configuration and no validation. Everything that was necessary was applied, however, not with the tests as it took too much of the client's time, and would have took much longer.

View full review »
Shrijendra Shakya - PeerSpot reviewer
C.T.O at Sastra Network Solution Inc. Pvt. Ltd.

What I like most about Juniper is that it is a complete configuration.

The user interface is good.

View full review »
Network Engineer & Cyber Security Analyst at a tech services company with 201-500 employees

The GUI of the solution is quite good. It's also very different from other solutions. On others, if you need to configure anything, you can do it all from the default gateway. Cisco, for example, has a bit of a more difficult process. Juniper's GUI is easier and it makes configuration easier.

Troubleshooting with the solution is quite easy. If you compare the process to, for example, Fortigate, Juniper is much easier.

The speed of the solution is very good.

The initial setup is very easy.

View full review »
Senior Network Administrator at Zetec, Inc.

The reliability needs to be improved. We purchased three devices and all three have been replaced under RMA. We've had other problems where they have needed to be rebooted.

A couple of times I've run into the problems where they have to integrate with other systems. The Juniper support really doesn't have a clue about other systems. They know Juniper and if everything is Juniper then it's great. However, we have Windows RADIUS Servers and I need Juniper-specific settings for them. Unfortunately, they're having a real hard time telling me what those should be, and they keep referring back to it being Microsoft, which they don't support. When they say that I need to speak with Microsoft, I remind them that these are things that are defined in the Juniper configurations that I need to set up. They seem to forget that not everybody is exclusively Juniper.

View full review »
Network Security Engineer at a tech services company with 201-500 employees

The IPSec configuration is going well.

View full review »
Pawel Jenner - PeerSpot reviewer
DevOps and System Engineer at Netyard

I think it needs some automation. I have to find an API for Python and so on, which is quite different from a typical solution. Sometimes committing configurations takes a lot of time in Juniper because of the connections, and it could be a little bit faster. Their documentation could also be better.

View full review »
IT System Engineer at a computer software company with 201-500 employees

The initial setup was straightforward. The time it takes to implement this solution depends on the complexity of the configuration.

View full review »
Senior Consultant with 51-200 employees

When compared to Palo Alto, Juniper is a better choice when it comes to the enterprise network and connectivity.

Juniper SRX is pretty fast to configure and make it work.

Once it is configured, it's fine, which is not the case with other firewalls.

Juniper is user-friendly. It works perfectly well.

Upgrades are available.

Juniper SRX has a roll-back feature which is very interesting. As no one is perfect and mistakes do happen, we can roll it back to the previous configuration.

This solution can handle a lot. It's manageable when you know the parameters, the features, and the number of policies of your firewall.

View full review »
Information Security Manager at a recruiting/HR firm with 201-500 employees

We have been in touch with support and they've been good. During the configuration stages, we had a couple of tickets and they were responsive to it.

View full review »
System Administrator at a leisure / travel company with 51-200 employees

We had implemented two SRXs in high availability mode. They were used, generally, for firewall and NAT translation tables, for forwarding for services, and connecting branch offices. We have a constant internet connection, which is directly connected with the branch offices, in general. We didn't explicitly configure or use any specific SRX features regarding the filtering of URLs or something that a UTM could use, since Juniper has a more advanced configuration and, in general, a UI that's made for the customer.

View full review »
Senior Manager (Engineering Department) at a comms service provider with 10,001+ employees

The installation is straightforward.

The time of the deployment depends on the complexity of the environment. If the customer requires HA deployment and the configuration could take longer time. On average, for a small-scale branch office, it can be completed within one day, which includes testing. If the customer does not have any special preference on the policy and they do not have any IP tunnels then it could be completed within half a day.

View full review »
Ahmed_Taha - PeerSpot reviewer
Director Of Operations at Diverse

The setup is a straightforward configuration, but the security customization may take time.

View full review »
Chair of Communication and Computer Networks at Poznan University of Technology

The solution's configurations and syntax are specific and more complicated than other platforms. Compared to Cisco, the solution is not intuitive. 

View full review »
Cisco ASA Firewall logo Cisco ASA Firewall: Configuration
Network & Systems Administrator Individual Contributor at T-Systems

It's an almost perfect solution.

The configuration is very easy.

The management aspect of the product is very straightforward.

The solution offers very good protection. 

The user interface itself is very nice and quite intuitive.

View full review »
CEO & Co-Founder at a tech services company with 51-200 employees

The configuration support is very good. You can find a lot of configuration samples and troubleshooting tips on the internet, which is very good.

View full review »
Phosika Sithisane - PeerSpot reviewer
Executive Director at ict training and development center

We primarily use the solution for basic firewall configurations such as NAT, FORWARD PORT and Block TCP-UDP Port.


View full review »
Technical Specialist, consultant at a computer software company with 10,001+ employees

The configuration capabilities and the integration with other tools are the most valuable features. 

I really like this product. Cisco is one of my favorite brands, and I always think Cisco solutions are very reliable, easy to configure, and very secure.

View full review »
Vinay-Singh - PeerSpot reviewer
Manager IT & Security at mCarbon Tech Innovations Pvt., Ltd.

The initial setup was straightforward. 

It's easy to install and it doesn't take a lot of time for the initial configuration.

It took an hour to install.

View full review »
Vincent Mulama - PeerSpot reviewer
Systems Administrator\Ag. IT Manager at a construction company with 201-500 employees

Its configuration through GUI as well as CLI can be improved and made easier.

View full review »
Gerente de Unidad at Redescomm, C.A.

The graphical interface should be improved to make the configuration easier, to do things with a single click.

There should be better integration with open-source products because some of our clients use them. It would be helpful if they integrated well.

View full review »
Network Consulting Engineer at a comms service provider with 201-500 employees

I have not been in contact with technical support but I use the implementation guide. I have also used the community support and I think that it's okay. The information that I received about the configuration was good.

View full review »
Hernan Trinco - PeerSpot reviewer
Presales Engineer at a comms service provider with 51-200 employees

It would be ideal if the solution offered a web application firewall.

We've had some issues with stability.

The solution has some scalability limitations.

The firewall itself has become a bit dated.

The pricing on the solution is a bit high.

Some individuals find the setup and configuration challenging.

View full review »
Matteo ZAMOLO - PeerSpot reviewer
Program director at a tech consulting company with 201-500 employees

It's easy for me to configure one because I have firewall configuration certifications. I don't know what someone with nothing in terms of experience would be able to do. 

It normally takes me a week to implement and deploy. I normally need a week and three people to do maintenance.

View full review »
System Engineer at a tech services company with 501-1,000 employees

The configuration is an area that needs improvement.

In the next release, I would like to see the UI include or provide web access, and more integration.

View full review »
Cyber Security Consultant at a tech services company with 51-200 employees

For a non-Cisco guy like me, there is quite a substantial amount of learning that needs to be done to actually understand how the products are. Some brands like FortiGate, require only an hour and 15 minutes to enable the product, to facilitate the basic requirements of connecting up the traffic and adding on the firewall router. For Cisco, there are levels of challenges because it's a hardened solution that sees a lot of restrictions right out of the box.

Without really understanding how it works, then there'll be a lot of confusion regarding the traffic, etc. You'll find yourself wondering if there are any security concerns if you alter it out-of-the-box. The management console is quite outdated; usually, a lot of configuration is through Commander. We really need to understand how to articulate the Cisco Commander to perform even the most basic feature.

View full review »
Network Security Engineer at a tech services company with 51-200 employees

The Inline Mode configuration works really well, and ASA works very impressively.

View full review »
Johan Derycke - PeerSpot reviewer
Network Security Engineer at Smals vzw

It lacks management. For me, it still doesn't have a proper management tool or GUI for configuration, logging, and visualization. Its management is not that easy. It is also not very flexible and easy to configure. They used to have a product called CSM, but it is no longer being developed. FortiGate is better than this solution in terms of GUI, flexibility, and user-friendliness.

View full review »
Asif Najmi - PeerSpot reviewer

Cisco, obviously, gives you a great amount of reliability which comes in handy. The brand is recognized as being strong. 

Even in very big environments, Cisco comes in handy with configuration and offers reliability when it comes to managing multiple items on one platform. You are able to integrate Firepower and all AMP. With so many items to configure, I haven't yet done them all, however, I hope to.

It's great for securing the network. You learn a lot.

The initial setup is straightforward.

The solution is very stable.

The scalability of the solution is very good.

View full review »
Pardeep Sharma - PeerSpot reviewer
Network security engineer at a tech services company with 1,001-5,000 employees

Cisco should work on ASDM. One of the biggest drawbacks of Cisco ASA is ASDM GUI. Cisco should improve the ASDM GUI. The configuration through ASDM is really difficult as compared to CLI. Sometimes when you are doing the configuration in ASDM, it suddenly crashes. It also crashes while pushing a policy. Cisco should really work on this.

View full review »
Vipin Garg - PeerSpot reviewer
Co-Founder at Multitechservers

The initial setup was not overly complex or difficult. It was quite straightforward and very easy to implement. 

Deployment takes about 20 to 25 minutes. 

In terms of the implementation strategy, at first, we put up the appliances in the data center. After that, we connected it with the console. After connecting the console, we had an in-house engineer that assisted. Cisco provided us onboarding help and they configured our device for us. We have just provided them the IP address and which port we wanted up. Our initial configuration has been done by them.

View full review »
WilliamMugobogobo - PeerSpot reviewer
Head of ICT Infrastructure and Security at City of Harare

The initial configurations were straightforward, not complex at all. It took us just two days to finalize things.

View full review »
Senior Information Security Analyst at a manufacturing company with 10,001+ employees

My advice to those wanting to implement the solution is to look at their use case and see if it meets those requirements for what they are looking for. There are a lot of security features that people may not be aware of and do not use. Explore the solution and all its features which will help you understand the configurations.

I rate Cisco ASA Firewall an eight out of ten.

View full review »
Mitku Bitew - PeerSpot reviewer
Head of Network Administration Section at Zemen Bank S.C.

It is a security device, and it is useful for securing our environment. It provides role-based access and other features and helps us in easily securing our environment.

It provides visibility. It has been helpful for packet inspection and logging activities for all kinds of packets, such as routing packets, denied packets, and permitted packets. All these activities are visible on Cisco ASA. There are different commands for logging and visibility.

We use Cisco ASA for the integration of the network. Our company is a financial company, and we are integrating different organizations and banks by using Cisco ASA. We are using role-based access. Any integration, any access, or any configuration is role-based. 

View full review »
Rauf Mahmudlu - PeerSpot reviewer
Network Engineer at a energy/utilities company with 10,001+ employees

The configuration was kind of straightforward from the command line and also from the ASDM. It was very easy to manage by using their software in Java. 

High throughput, high concurrent connections, easy site-to-site VPN were also valuable. It also had the capability to do double network translations, which is really useful when you are integrating with other vendors for site-to-site VPN.

View full review »
IT Consultant at Hostlink IT Solutions

We provide IT solutions. We provide solutions to our customers based on their requirements. We support them from the beginning and do the installation and configuration in the head office and front office.

We installed Cisco ASA to support a customer in a WAN environment. They used it for site-to-site VPN and remote VPN. They used it for accessing remote office locations via the remote VPN feature. They had Cisco ASA 5500.

View full review »
Alexander Mumladze - PeerSpot reviewer
Network Engineer at LEPL Smart Logic

It is not straightforward. You should know what to do, and it needs to be done from the command line. So, you should know what to do and how to do it.

From what I remember, its deployment took a week or 10 days. When I was doing the deployment, that company was migrating from an old data center to a new one. We were doing configurations for the new data center. The main goal was that users shouldn't know, and they shouldn't lose connectivity to their old data center and the new one. So, it was a very complex case. That's why it took more time.

View full review »
Manuel Briones - PeerSpot reviewer
Voice and data infrastructure specialist at a tech services company with 1,001-5,000 employees

I am very happy to use this type of Cisco equipment in my infrastructure. It has given us the most value is the management of dynamic routing, in this case, EIGRP. This protocol, together with a series of additional configurations, has helped us to maintain an automatic redundancy in all our infrastructure, keeping us with very high numbers of operability and without failures that take more than 1 minute or that have not been resolved automatically. With this solution, we only speak with our suppliers either for a link or equipment report, and even if the box or circuit is out of operation, the operation continues to work without problems.

View full review »
Data center design at a comms service provider with 10,001+ employees

We deployed with a consultant from Cisco support. Our experience with them was good. They provided a lot of documentation ahead of time to help us with our configuration.

From our side there were two people involved. One was doing the configuration and the other person was checking to make sure there were no errors, looking at IPs and the like.

View full review »
Network Engineer at a computer software company with 201-500 employees

We can build GRE tunnels. Whereas, Firepower can't route traffic nor do a bit more traffic engineering within the VPN tunnels. This is what I like about using ASAs over Firepower.

Firepower Threat Defense has a mode where you can manage multiple firewalls through a single device. 

I really like how Palo Alto does a much better job separating the network functions from the firewalling functions.

I would consider if there is a need to centralize all the configurations. If you have many locations and want to centrally manage it, I would use the ASA to connect to a small number of occasions. As that grew, I would look for a solution where I could centrally manage the policies, then have a little more autonomous control over the networking piece of it.

View full review »
Senior Network Architect at a tech services company with 10,001+ employees

It is stable and secure. There are a few bugs, etc. Overall, we are very happy with it. We have never looked at anything else because it works so well. I would rate the stability as 10 out of 10. It is very good.

There is maintenance. We have to keep an eye out for software upgrades and forced changes to the configuration. We have a network operations team of 15 people who take care of these things from day to day.

View full review »
Sergiy Ovsyannyk - PeerSpot reviewer
VP Network Engineering at a computer software company with 501-1,000 employees

I'm a designer, so I don't do racking and stacking, but I'm hands-on when it comes to configuration. I have used this product for years, so for me, it's not like adding a brand new product. It is just a matter of adding features, a hardware refresh. I wouldn't call it a challenge.

For maintenance, we have two to three network engineers involved.

View full review »
Senior network security, engineer and architect at a computer software company with 5,001-10,000 employees

It has improved things greatly by giving us easier and better access, easier configuration, and allowing users to gain the access they need. We have also had less downtime using these firewalls.

View full review »
Tim Maina - PeerSpot reviewer
Network Engineer at a tech vendor with 5,001-10,000 employees

The ASA has been very stable for us. Since I deployed the ASA 5585 in our data center, we've not had to resolve anything and I don't even recall ever calling TAC for an issue. I can't complain about its stability as a product.

Our Cisco ASA deployment is an Active-Standby setup. That offers us resilience. We've never had a case where both of them have gone down. In fact, we have never even had the primary go down. We've mainly used that configuration when we're doing code upgrades or maintenance on the network so that we have full network connectivity. When we're working on the primary, we can switch over to the standby unit. That type of resiliency works well for our architecture.

View full review »
Francisco Gaytan Magana - PeerSpot reviewer
Network Architecture Design Engineer at a comms service provider with 10,001+ employees

The IP filter configuration for specific political and Static NAT has been most valuable.

View full review »
Solutions Consultant at a comms service provider with 10,001+ employees

Sometimes my customers say that Cisco firewalls are a bit more difficult compared to Fortigate or Palo Alto. There is complexity in the configuration and the GUI could be improved.

View full review »
Senior Engineer at Teracai Corporation

It's very stable. We've had no hardware issues at all and only very infrequent software configuration issues.

View full review »
Paul Nduati - PeerSpot reviewer
Assistant Ict Manager at a transportation company with 51-200 employees

I find it very useful when we're publishing some of our on-prem servers to the public. I am able to easily do the NATing so that they are published. It also comes in very handy for aspects of configuration. It has made things easy, especially for me, as at the time I first started to use it I was a novice.

I have also added new requirements that have come into our organization. For example, we integrated with a server that was sitting in an airport because we needed to display the flight schedule to our customers. We needed to create the access rules so that the server in our organization and the server in the other organization could communicate, almost like creating a VPN tunnel. That experience wasn't as painful as I thought it would be. It was quite dynamic. If we had not been able to do that, if the firewall didn't have that feature, linking the two would have been quite painful.

In addition, we have two devices configured in an Active-Active configuration. That way, it's able to load balance in case one firewall is overloaded. We've tested it where, if we turn off one, the other appliance is able to seamlessly pick up and handle the traffic. It depends on how you deploy the solution. Because we are responsible for very critical, national infrastructure, we had to ensure we have two appliances in high-availability mode.

View full review »
Tushar Gaba - PeerSpot reviewer
Technical Solutions Architect at NIL Data Communications

I have mostly been involved in the pre-sales stage, and then eventually the post-sales as well. But we do the groundwork of making sure that we have set the stage for the customer to get the initial onboarding. And at times, I do it with other engineers or other colleagues who take it over from there. In my experience, it has been pretty straightforward.

It's not just the implementation, but [it's] also managing or maintaining [the ASA]. It would depend on how complex a configuration is, a one-box versus cluster versus clusters at different sites. Depending on the amount of configuration complexity and the amount of nodes that you have, you would need to look at staff from there. It's hard to put a number [on it and] just say you need a couple of guys. It could be different for different use cases and environments.

[In terms of maintenance] it's about a journey: the journey from having the right knowledge transfer, knowing how to configure a product, knowing how to deploy it, and then how to manage it. Now, of course, from the manageability standpoint, there are some basic checks that you have to do, like firmware upgrades, or backup restores, or looking at the sizing—how much your customer needs: a single node versus multiple nodes, physical versus virtual, cloud versus on-prem. But once you are done with that, it also depends on how much the engineers or SMEs know about configuring the product, because if they know about configuring the product, that's when they would know if something has been configured incorrectly. That also comes in [regarding] maintenance [of] or troubleshooting the product. Knowledge transfer is the key, and making sure that you're up to date and you have your basic checks done. Then, [the] manageability is like any other product, it's going to be easy.

View full review »
Fortinet FortiGate logo Fortinet FortiGate: Configuration
Chingiz Abdukarimov - PeerSpot reviewer
Director at a integrator with 11-50 employees

Good VPN, both IPSEC and SSL (web-mode, tunnel-mode). An engineer/network administrator has tools to debug VPN issues that can occur during tunnel setup with other vendors' equipment.

SD-WAN feature at no cost. This is really great feature for remote locations (branch offices) and HQ, application steering between many ISP links becomes a simple task. Steering can be done dynamically by measuring link quality (latency, jitter, packet loss, available bandwidth).

Wi-Fi and Switch controller at no cost. FortiSwitch and FortiAP can become a kind of port extender of the firewall, all its ports can be referenced in firewall policies. When you have such management plane consolidation it gives you a simpler way to operate.

Security Fabric Framework is helping in analyzing sudden and rapid changes in whole infrastructure, and gives the ability to simplify daily operations (e.g. address objects synchronization between all firewalls in Fabric, estimating overall security rating, single-sign-on for admin access and many more)

Single Sign On support with deep LDAP integration (several variants for environments with different scales), RADIUS authentication.

Can work as transparent and explicit web-proxy, the last option supports Kerberos authentication which requires no agents installed on any windows server.

Human readable firewall policies with editable security policies and
addresses in single page. This is very useful and time saving feature.

Firmware upgrade process is very simple, even for cluster configurations it is fully automated by default.

Straightforward SNAT and DNAT; you may work in two ways: with Central NAT rules configuration and by applying translation directly inside firewall policies.

Bulk CLI commands are uploaded via gui in script file (portions of config file).

VDOMs are very useful when you need to grant admin role to clients separately. VDOMs in FortiGate can be represented in FortiAnalyzer's ADOMs (administrative domain), which can have different log storage policies, event handling and alerting configurations. You can create one VDOM working in NAT/Route mode, and another VDOM working in Transparent mode.

If you don't want to create and use second VDOM you can still transparently inspect traffic at layer 2 level while having only one VDOM in NAT/Route mode. This is achived by configuring Virtual Wire Pair ports that work like a separate bridge.

Ability to capture packets going through any interface of device (and VM too). You can set number of packets, filter out packets by IP and port number for particular troubleshooting purposes, then download a .pcap file from web gui and analyze it in your favorite programm.

Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.

IPS, AV, Web Filter, AppControl profiles are working very well.

SSL Inspection and CASI (Cloud Access Security Inspection) profiles.

Rich logging options allow you troubleshoot most problems.

Straightforward HA with different redundancy schemas.

IPv6 support.

View full review »
System Administrator at a financial services firm with 5,001-10,000 employees

For me, this solution has nothing to improve and it meets the needs that I have. I don't see any way to improve, at least from my point of view on regular use.

In the next release, maybe the documentation on how to use this solution could be improved.

What I have noticed is that when we have done some configurations directly from the command line, there is not a lot of information regarding splitting.

View full review »
Network Security Engineer at a performing arts with 201-500 employees

The commercial side of things can be improved a bit. They have such a good product, and when you disable some features, it has to be commercialized for you to enjoy those features. Therefore, you are actually buying half a product. You have hardware there, and yet, your features are not enabled. The primary things, such as the antivirus, web filter, DNS filter, application intrusion, file filter, and email filter come with the general license. There are other things that you want to also enjoy in this system and you can't. 

There are SD-WAN network monitoring, SD-WAN features, Industrial Databases, Internet of Things, Detection, etc., however, we do have not licenses for those features. We thought that if you bought a product, you should have all of the features it offers. Why should you need to make so many extra purchases to enable features? They should have one price for the entire offering. That's one of the drawbacks they could look at. 

Sometimes the firmware automatically updates itself. Then it corrupts the configuration and you have to roll back or you have to do amendments to the configurations. That, however, has happened only once with us. We have put in controls for automatic updates to stop them and now we do manual allowance or we allow the manual update.

Most of the features are good. They give you pricing and you get a VPN for about 10 users where you can test it. For us, we feel that we need to buy extra licenses due to COVID, as people are working from home. Under the current conditions, we are not getting the best out of the firewall. 

They could just maybe put better graphics or better reporting into the solution. I want to know who is the user and what is the exact website they're visiting. Something like that would help. They should do more like what the GFI is doing.

View full review »
System Administrator at a computer software company with 501-1,000 employees

The most valuable feature is the ease of configuration.

View full review »
Solution Architect at a tech services company with 51-200 employees

One of the things I like best is the ease of configuration.

Management-wise, it is very good.

The most important feature, normally for small business customers, is link load balancing.

The firewall throughput is very good. Most of the customers in this region use FortiGate for their data center firewalls, and the main reason is because of its high throughput.

View full review »
CIO at a manufacturing company with 201-500 employees

I am working as a manager, and I am not doing any of the configurations.

We only require one person for the maintenance of this solution.

View full review »
Owner at a consultancy with 1-10 employees

The biggest "gotcha" is that if the client purchases what they call the UTM shared bundle, which has unified threat management on both, it's not as easy to manage if you have more than one firewall. 

If I wanted a unified console, I have to pay extra. And that's the downfall. That's the only needed improvement that I would say for the Fortinet solution, is that they should have it web-based from the get-go. You should not have to buy an extra bundle or an extra device.

If I have to make an update to a web filter, and I have 12 devices, I've got to do it in 12 places. If I don't want to do that the client can pay for a pretty expensive device or virtual appliance that does that for them. It's like an expensive centralized management tool. That's the big downfall of Fortinet. It doesn't come included, you have to pay for it. Their web-based one, that's sort of just like an inventory manager. It's not really good for distributing roles. With Cisco, you don't have to do anything. The one from Aruba HD has one too. Fortinet should try to be similar to those options.

In the next release, it would be amazing if they could give a better tool for upgrading, so that if I upgrade from an older version to the other, it can read the configuration and processes it for me so that I don't have to rewrite it from scratch. In FortiConverter, they have a tool like this, however, it doesn't work well. It's really more for bringing items in from other vendors, not from one version to the other.

That was my last experience where they operated from version five to six. However, that's really the only big thing. The main thing is to include the FortiManager cloud software like Cisco does. To have one solution. If you paid $150 a year for the support, you might as well get that too so I could manage all the devices at one spot. They do have FortiCloud, however, it's not the same as the way Cisco does it. They are selling another product called FortiManager. FortiManager should be included with the support, and that would make it more of a business solution, rather than a feature request.

View full review »
Telecommunications Engineer at a university with 1,001-5,000 employees

The most valuable features are the policies, filtering, and configuration.

View full review »
NomanSaleem - PeerSpot reviewer
IT & PPN Coordinator at a manufacturing company

The solution overall is very easy to understand. Therefore, the initial setup is not complex. It's straightforward. Even the configurations are good. An organization shouldn't have too much trouble with it.

How long it takes to deploy depends on  what you want to configure on a firewall. It depends on the policies being implemented. That definitely takes time depending on the company and what is being done. If you are familiar with all features and all the steps regarding how to create a policy and how to implement a policy, it is pretty easy and won't take too long. 

View full review »
Firewall Engineer at a marketing services firm with 1-10 employees

The solution's initial setup is not complex. It's pretty straightforward. In my case, I have many years of expertise working with FortiGate and therefore it was not difficult. It's quite good and easy to manage.

How long it takes to deploy the solution, depends on what the customers ask you to do. More or less, however, it might take maybe one day to make the initial setup of the unit and the configuration that the customer requests. It may take another day or two to put it on service and check that everything is working properly, once again, based on the requirements of the customer.

View full review »
Network Systems Engineer at a tech services company with 501-1,000 employees

The initial setup was not complex. It was pretty straightforward.

How long it takes to deploy the solution depends on the company and the configurations required. Sometimes I am able to do it in one day, whereas other times it takes more than one month to complete.

View full review »
Michael-Sugg - PeerSpot reviewer
CEO at Sovereign Managed Services

The product has enterprise capabilities, which means there are a ton of configurations possible.  What I'd like to see in the product is more of a branch in the box wizard deployment for those that are not as well versed in firewall and routing.  For a small business, the firewall should be able to self-configure for a Unified Threat Management configuration with 2 SSIDs for protected wireless network for internal gear and a guest wireless network for employee cell phones and guests.  I'd like to open the box, plug in the router behind the cable modem, and check a few boxes, and the rest is done automatically.  I don't want to have to build a configure VLANs, SSIDs, security protocols for each port, and try to figure out and understand all the layers in an effort to deploy a solution.  It's great to have those capabilities in case you need them, but for most of the offices I am trying to deploy these into--it should be a branch in a box.

View full review »
MichaelZhang - PeerSpot reviewer
IT Director at Guangdong Technion Institute of Technology

In terms of what could be improved, the FortiGate support could do some improvements on their IPv6 configuration. Right now it's still in the very early stage for utilizing in an enterprise level network environment

In terms of the FortiGate IPS, we haven't gotten additional tools because they are not free, and we have to purchase them to maximize this IPS feature. As long as they can perform some basic functions to meet our business needs, that is okay. I'm okay with this feature right now, so far.

In the next release of FortiGate the price could be better.

View full review »
KrishnakumarNair - PeerSpot reviewer
IT Manager at KSB MIL Controls Limited

The solution is very, very easy to use.

The user interface is very nice.

The product seems to offer pretty good customization.

The configuration of the product has been very straightforward and simple.

The reporting on offer is quite good.

The initial setup is straightforward as well.

We've found the pricing to be pretty good.

Technical support from the partner has been very helpful.

View full review »
Data Center Operations and Customer Support Manager at a tech services company with 51-200 employees

Since we have been using FortiGate there haven't been any major problems so far. Especially nothing too serious like a major bug or anything like that.

The only issues that we have come across have had to do with simple configuration errors like missing configuration values from a previous implementation.

View full review »
Ahamed Ali Hameed - PeerSpot reviewer
IT Manager at Hadef & Partners

What I like the most is the configuration and that it's simple, and straightforward to maintain.

The UTM configuration on-premises is straightforward and simple to use.

Support is good and the interface is simple and intuitive.

View full review »
Ferrianto Suryanto - PeerSpot reviewer
Director Of Technology at PT Exa Teknologi Indonesia

In terms of what could be improved, the SD-WAN is quite difficult, because if you install in the new box, 15 is okay, but if you change from an old configuration, if there is already a configuration and a policy when you change to SD-WAN, you must change the whole policy that you see in the interface.

View full review »
CEO/CTO with 201-500 employees

We only use Fortinet's FortiGate for our hardware firewall protection.

However, if our clients need extra security, we may add other brands and security layers. We also work with SonicWall, Checkpoint, and Barracuda, for example.

I've also worked with pfSense, which is free, however, it has much more of a do-it-yourself approach. It's also quite different from other solutions. If you have Cisco experience, you'll be able to navigate Fortinet, whereas pfSense requires much more in-depth study. It has its own language, basically. That's one of the reasons you won't find too many of its configurations in China.

View full review »
President at Integral Design Software

The initial setup and configuration are not intuitive and require training.

View full review »
Amar Patil - PeerSpot reviewer
Security Engineer at Hitachi Systems, Ltd.

The management console is pretty simple, so anyone who understands networking can initially deploy the solution. But you need some good hands-on experience for advanced configuration. The amount of time required to deploy depends upon the project and also the organization. So it takes around four to five days to deploy a smaller device. And for the largest device, it takes around a maximum of two months. We do the deployment on our own. So we have a sales team, a pre-sales team, and a deployment team. Our sales team gets this and handles the sales end. After that, we come into the picture. So we do the whole migration, as well as the new implementation and everything. It should take no more than two people to deploy. If we want to migrate from one Fortinet device to another, then we use the command line. They have some script in their firmware, and we can migrate the script directly from the older firewall to the new one. So it isn't too complex.

View full review »
Ahmad Aloqlah - PeerSpot reviewer
General Manager at GlobalTech

We implemented through a reseller and it took couple of days. There were some modifications and configurations that took more time, but the core configuration took a couple of days.

View full review »
System & Network Administrator at a tech services company with 11-50 employees

Deployment of Fortinet FortiGate took one to two days, because I needed time to put my existing environment and what we have, and what we intended to do with our network, to convert it into the Fortinet FortiGate system.

We were on another platform which was a concurrent platform and it wasn't a good one, and it was our first time to go on Fortinet FortiGate, so we had an issue and it took me a few days to deploy.

Maintenance of this solution requires two people. The number of users of Fortinet FortiGate in our organization depends on whether it's direct or indirect. If indirect, it will be all the users we have in the organization, but if it's direct, it could be just the administrator. If indirectly, it'll be a hundred users on our actual site, and 2000 to 3000 users on the other site, all done remotely.

I didn't have to contact Fortinet's technical support, so I can't evaluate their level of responsiveness. I was able to make all the configurations I wanted, without needing to contact support. This solution is good for me.

I'm rating Fortinet FortiGate an eight out of ten.

I'm recommending this solution to be deployed for a new user. I'm really happy with it.

View full review »
LeandroCoelho - PeerSpot reviewer
Pre-sales Analyst at Algar Telecom

The most valuable feature of Fortinet FortiGate is security. They are known for efficiency and are on the top of Gartner Quadrant reviews. Fortinet FortiGate has an easy-to-use platform with a good graphical interface. The configuration is simple and the solution provides an overall good layer of security.

View full review »
Head of the Satellite Infrastructure and Operation System Department at a government with 1,001-5,000 employees

We are happy with its scalability. Its users are administrators. Our administrator team has about six people. The environment is set up as a multi-tenant, so each tenant has its own administrator for configuration.

It has been used every day since 2015. It is a core appliance for us.

View full review »
Network admin at Penobscot Valley Hospital

When I first got here in this job in 2007, they had Cisco ASA Firewall, but it was too cryptic. You had to enter all these CLI commands for a configuration. It also didn't do everything that Fortinet could do. It was very limited, and it wasn't easy to use. I know what I want to do, and I don't have to learn a special language in order to do it. I just want to be able to use some basic programming code that they have put into the firewall and use the GUI interface with it to actually visualize what I am looking at. Some of the Cisco products are not visual enough. That was one of the reasons I stayed away from it. Cisco is also very high-priced. They price themselves out of business a lot of times for equipment, but Fortinet is just great.

I've also used SonicWall before. It was okay, but it is better for bigger places. I was looking for a midrange-size firewall for a couple of hundred users, and I felt Fortinet was the right fit.

View full review »
Silvia Ihensekhien - PeerSpot reviewer
Chief Information Security Officer at ShipServ Limited

Fortinet FortiGate is not very easy to use. The navigation could be improved to make it easier to use. Instead of double clicking the items FortiGate needs to click the "details" button to get the configurations or record details

View full review »
Executive at a computer software company with 10,001+ employees

The initial setup is straightforward, however, we have knowledgeable teams. We also use Fortinet to check the configurations and make sure everything is supported during implementation. 

It's pretty standard to deploy. We're also familiar with Palo Alto and Check Point and there is not much of a difference between the three.

View full review »
Senior Manager (Engineering Department) at a comms service provider with 10,001+ employees

The UTM feature is quite good. FortiAP is easy to deploy because both Fortigate and FortiAP are under the same brand. Otherwise, you need to do more work on the configuration.

View full review »
EranjayaKumarasiri - PeerSpot reviewer
Security Engineer at Eguardian lanka

The initial implementation of Fortinet FortiGate is not complex because the GUI environment is easy to use. We can do a lot of things in the GUI. If the configurations engineer, network administrator, or network engineer has knowledge about firewalls, the process will not be complex. It can easily be managed.

View full review »
Solution Architect at TNS Networking Solution Pvt. Ltd

I would rate this solution 6 out of 10. 

The people who are working right now as system engineers are doing a kind of formal activity with the configuration. That means they are doing the basic activation. They are not doing a lot of experiments on them, so they should go with that because Fortinet is also having sensors, which can be highlighted to the customers. 

Training should be available to the partner. The people who really implement the Fortinet firewall or Check Point or Palo Alto don't have enough knowledge about that because there is no public document or public training available.

View full review »
Ed Sexton - PeerSpot reviewer
Account Director at Exponential-e

We use Fortigate, and we have a relationship with Fortinet. We are working with the Fortigate 100F firewall. It is mainly for firewalling, but we would also use them for network demarcation as a DHCP or NAT router. We're also working with our Fortinet account manager to try and push further forward using an SD-WAN controller.

In terms of deployment, it comes through to the build lab. We configure it and then ship it to our customers. We are reviewing how to obviously do zero hands with FortiCloud, but what we've done so far has been conventional configuration and shipping.

View full review »
Security Presales Consultant at a tech services company with 501-1,000 employees

Fortinet FortiGate could improve by having better visibility. Palo Alto has better visibility.

When using Fortinet FortiGate you sometimes have to use the CLI to do some configurations which can be sometimes more difficult than using a GUI that other solutions can use, such as Palo Alto.

View full review »
Network Engineer at a logistics company with 10,001+ employees

The simplicity of the configuration and the stability of the product are most valuable. The VPN concentrator is very useful. 

View full review »
Charbel Hajj - PeerSpot reviewer
Senior Supervisor at MEPEQ

It's not straightforward. You must have at least the knowledge and the settings. It's not that simple.

The length of time it takes to install is determined by the configuration you have inside. It could take anywhere from 30 minutes to three hours.

In our company, I am responsible for the solution's maintenance and deployment.

View full review »
Anderson Guedes - PeerSpot reviewer
Specialist of IT Solutions at InterNexa

The most valuable feature of Fortinet FortiGate is the simple configuration.

View full review »
Thendo Ndzimeni - PeerSpot reviewer
Network Administrator at Automated Outsourcing services

What we like about Fortinet FortiGate is that it's fast. You can also use it immediately, e.g. you don't have to wait and apply the policy before you can use it. It's robust and offers immediate usage, unlike Check Point, which we noticed was a slow product.

Fortinet FortiGate is also more secure, depending on how you set up the SD-WAN technology.

We also like the zero trust access, arrays, and the EDR features on this product. It's also 100% more user-friendly, e.g. even when I worked with them configuration-wise. The availability of the support hotline and their knowledgebase articles, e.g. the Cookbook, help a lot. Those articles are accessible to everyone, and they're free.

Whenever you implement a solution, you can run through Cookbook, then you can install the Fortinet certificate if you aren't able to, if you're stuck, but most of the time you are likely to get it right. The Cookbook explain everything straight to the point, and this makes it much easier.

View full review »
Mina Aziz - PeerSpot reviewer
Senior System Engineer at Effvision

I advise others Fortinet FortiGate has an easy configuration and it does not take much time to learn about the rules that you will need to apply for your company.  When you connect to the main server you have high security.

I rate Fortinet FortiGate an eight out of ten.

View full review »
Systems & Network Administrator at a tech services company with 51-200 employees

Fortinet FortiGate's most valuable features are ease of use, flexibility, and most of the configuration we can be done using the GUI. When we compare Fortinet FortiGate with other solutions the firewall policy are very easy to understand.

View full review »
Dhsrms Fff - PeerSpot reviewer
Team Leader Network & Security at Rogers Capital

The initial setup of Fortinet FortiGate was straightforward.

The time it takes to implement a firewall a large and small firewall is the same. It does not matter the size of the firewall. The complexity comes from the network and the scope of work that we need to do for the customer on the network.

If it is a large network, it will take us more time to deploy it, because there is more to configure. If it is a small network, it will take less time, but configuration-wise, it's likely the same.

View full review »
Tamer Baher - PeerSpot reviewer
Professional Services Manager at Insight Technology

It's easy to set up.

For maintenance, if you want to add a mesh configuration, you can restore your configuration from the backup.

View full review »
Systems Engineer at Vernity

The configuration option availability is not 100% from the website of the FortiGate web management site. When we log on to the web interface on FortiGate, we do not have everything under this web solution. If we need some specific configuration or need to do some specific configuration, we need to do additional things on the CLI. 

The stability could be a bit better.

View full review »
Sunil Kumar Nair - PeerSpot reviewer
Director Of Information Technology at Al Falah University

The initial setup of Fortinet FortiGate is straightforward we had an right person in-house for deploying it. Moreover, If required, Fortinet has its support extended to us. We can approach them anytime and they can assist us with any kind of complicated configuration.

View full review »
Network Solutions Architect at Yazata Solutions

Our biggest Fortinet solution was 500 plus retail sites. This customer chose the whole nine yards, including FortiGate, FortiSwitch, FortiAPs, and the FortiExtender, which is the LTE router. 

I made the templates for the configuration for our bottom tiers because they were the ones rolling them out. I made a standard template config and wrote notes specifying necessary changes for each site. 

The primary difficulty was trying to understand our customer's requirements and concerns because they were with an old provider. The provider had a lot of things on-site that weren't necessary. Deploying the Fortinet solution itself wasn't hard. 

Getting there was hard because we had to sit down with the customer and their tech team to determine what was needed because they had old Cisco routers. That took about three weeks and required a lot of on-site visits, but it wasn't hard to deploy the solution once we got an understanding of the requirements was not hard.

We trained the customers to manage and maintain the solution themselves. The only maintenance we do is emailing them monthly when we get notifications from Fortinet about router upgrades. You can configure it and then forget it. 

View full review »
Luis Teran - PeerSpot reviewer
Engineer at Cyber Sea

The firmware needs improvement because there are bugs when a new release comes through. Sometimes, the configuration changes, and it's a bit harder to see where the fail is. The first time that you have the firmware, it tends to have some issues, and it's better to wait a bit to update the equipment.

All the development of the firmware should be fixed before the update at the page level.

API tokens need to be improved, particularly with regard to integration with other cloud solutions. In other words, proxy flow and API integration need improvement.

View full review »
Kirubel Markos - PeerSpot reviewer
Senior Cyber Security Engineer at a tech services company with 11-50 employees

The initial setup of Fortinet FortiGate is very simple and user-friendly. The configuration for the solution is easy. The time it takes for the deployment depends on the environment of the company. It can take a week, but typically it takes three to four days.

View full review »
Barracuda CloudGen Firewall logo Barracuda CloudGen Firewall: Configuration
Andrea Andrea - PeerSpot reviewer

The implementation process is a walk in the park. IT's just next, next, next and you are done. You change a couple of parameters, and then you are online. Then you just adapt the firewall to the customer's needs. The setup is very easy. It's even easier if you are using the control center, even if it's quite expensive.

The initial setup itself might take 15 minutes or so. 

It's a five out of five in terms of ease of setup. 

There is some maintenance, however, it is minimal. Maybe every four years you'll need to switch the firewall. That's it. The new firewall is sent directly to the customer site. Then we just need to download the configuration file from the old one and just turn off a switch and turn on the new one.

View full review »
pfSense logo pfSense: Configuration
VinodGupta - PeerSpot reviewer
CEO and Founder at Indicrypt Systems

This solution is absolutely stable. With some systems there's a necessity to regularly redo the configurations inside the system. With Pfsense that's not the case. I have no issues with it at all. 

View full review »
IT Support Specialist with 51-200 employees

The initial setup has a bit of a learning curve. It's not complex per se. It just takes some getting used to. After the initial deployment, the other six or seven were easy. I could just copy the configuration of the other ones, change some IP addresses, and I was basically done.

View full review »
Leon Pinto - PeerSpot reviewer
Consultant and Head of Services at ILANZ LLC

Well, its opensource... So for the tech-minded, its not so difficult but yes, the configuration is understandable for those with good prior firewall knowledge... 

If you can get it working, its great... But yes, thats the first part... Get it working... 

Oncw working, all licenses etc are not a problem as it is opensource... So no restrictions there... so far...

View full review »
Malik Yusuf - PeerSpot reviewer
Solution Architect, Managed Services & System Integration at Transmeet Technologies

The interface is not very shiny and attractive. Most of the people that use pfSense are highly skilled, so they don't even bother to go the extra mile when it comes to configuration or any protection mechanisms. With other firewalls, with just one click or with the assistance of a wizard, the service is already configured. With pfSense, you have to have some time to do your own research regarding how to fine-tune it. If that could be improved, then life would be much easier. This would help any entry-level users to adapt to the platform. 

Netgate, the mother organization that manages the pfSense platform, should offer organized security feeds for its users so that they can avoid configuring multiple types of feeds in multiple locations. That could generate extra revenue for the company, too.

View full review »
CEO at a tech services company with 1-10 employees

The VPN is my favorite feature. pfSense is very easy to use. The interface and configuration capabilities are great.

View full review »
Software Applications Manager at a engineering company with 201-500 employees

I've tried to scale the solution previously. I've got two hardware platforms running. I wasn't quite able to run everything I wanted on a small ARM based device. Therefore,  I build my own Super-micro platform based on Intel Denverton.

It's actually easy to scale. It's just moving over most of the configuration: exporting, importing, or even going right into the original XML export file.

There are six users, 3 dozen of devices and a homelab server with VM running behind the solution at this time.

View full review »
Owner and business consultant at networks srl

The initial setup is straightforward. It took me about ten to 15 minutes to install it and maybe half an hour for configuration.

View full review »
FlorianBUIS - PeerSpot reviewer
Infrastructure Administrator at CFA-INSTA

The configuration of the solution is a bit difficult.

View full review »
Stephane Boudant - PeerSpot reviewer
IT Manager at a marketing services firm with 1,001-5,000 employees

The initial setup is very simple and the configuration is user-friendly. It took me one day for the whole process.

View full review »
Owner at The Computer Guy

Sometimes firewalls can get a little complicated. I think some of the things about the setup could be a little bit clearer. Maybe something like a configuration wizard or something that would guide you on more in-depth projects.

I'm running pfSense on old hardware, it takes all of 10 minutes to install.

View full review »
Dilawer Ali - PeerSpot reviewer
Acting Manager IT at National Insurance Company Limited

Scalable but only if one has expertise of open source configuration of software such as pfsense.

View full review »
IT Manager at a consultancy with 1-10 employees

The initial setup is easy. 

The first installation took an hour to complete, but the configuration is another part. It's about the complexity of my network because I have provided services from a firm and every company has a different setup.

View full review »
Buford Laruan - PeerSpot reviewer
Network Administrator at Benguet State University

It is quite easy. It is up in a few minutes even though I reinstalled the whole thing. For me, it is as straightforward as it can get. I'm a long-time user, and I don't see any problems with the configuration.

View full review »
SonicWall TZ logo SonicWall TZ: Configuration
IT Infra Head at a consumer goods company with 1,001-5,000 employees

It's a good product, but it's not a next-generation firewall. We are looking for a next-generation firewall and considering Cisco.

We require centralized monitoring of the network features, which they have but they are not to the level that we require.

The reporting is not good. Also, the historical configuration of the data or backup is not available.

To compete in the market, there have to be a lot of improvements.

We do not plan to continue using SonicWall TZ. We are looking for a replacement because we need centralized monitoring across the organization. It has been very difficult for us to manage the firewall as it is not managed centrally. This is the main drawback in our current scenario.

In the next release, I would like to see better scalability, easier installation, improved reporting, storage configuration, backup, and centralized management with reporting.

View full review »
Diretor Comercial at a retailer with 1-10 employees

Its initial setup is simple. The duration depends on the number of users and configuration, but it usually takes around 12 hours. We have three or four people for its deployment.

View full review »
Roy Haddad - PeerSpot reviewer
Director at FOXMINDS Solutions LLC

I would recommend this solution because it is easy to use and the configuration is simple.

I rate SonicWall TZ an eight out of ten.

View full review »
Eric Barba - PeerSpot reviewer
Senior Systems Analyst at a construction company with 1,001-5,000 employees

The solution is stable. We're an MSP, so if our clients have any dated hardware, we'll make a plan to switch to SonicWall, otherwise there can be issues with the internet or configuration where we can't get in and troubleshoot. We need to know we can get into the firewalls and make sure that they're online, as opposed to having to schedule someone to come in and deal with the basic physical connections or troubleshoot.

View full review »
Enrique PerezAfonso - PeerSpot reviewer
Business cybersecurity Specialist at Forlopd

Their scalability is wonderful. SonicWall has a migration table and it's easy to migrate the configuration of a small model to medium or all types. It's really easy. No problem. I have done this a few times and each time was perfect.

We have almost 100 users.

One person is enough for doing maintenance on SonicWall.

We do have plans to increase usage to more or less 10 or 20% more users next year.

View full review »
Antonio Galvao - PeerSpot reviewer

It is easy to set up SonicWall. It just depends on the scope of the project.

To set up for initial use takes about two hours. We start with the basic configuration and that is enough to start using SonicWall. After that, we do the more complex and detailed configuration of the security features.

Since we can deploy SonicWall in two hours with the basic configuration, we do a fast start because my users are starting to use the web and receive emails. After that, we do the next steps of the complex config for the more detailed secured configurations.

View full review »
Security Analyst at CyberTalos

I have previously used UiPath and FortiGate firewalls and FortiGate is my favorite because it is consistent and has a good configuration. UiPath has a good interface and is user-friendly.

View full review »
SonicWall NSa logo SonicWall NSa: Configuration
Director of IT at a consultancy with 11-50 employees

The initial setup isn't too complex. My understanding is that it's straightforward. I didn't set it up myself, however, it's got configuration wizards to walk a user through. This no doubt is quite helpful and makes it pretty simple in terms of implementation.

View full review »
TanveerBhatti - PeerSpot reviewer
Network Security Engineer at Next Step

We are integrators, but for SonicWall, we use it for a specific project in industrial cybersecurity. It was for ransomware recovery and network restoration.

We did the firewall and the configuration for the ransomware prevention.

Our clients were using it to control the SCADA System in their industry.

View full review »
Network Administrator at a healthcare company with 201-500 employees

It's not as easy to use, as, for example, Palo Alto.

Some of the configurations could be better.

View full review »
ICT Consultant at a tech services company with 11-50 employees

I like the solution's configuration, interfaces, and user guides.

View full review »
IT Manager at a insurance company with 51-200 employees

The installation is not easy, you should have a basic understanding of your network and what your requirements are. Generally, the implementation is done by the vendor. We have an external party who used to do the basic configuration. However, the new generation firewalls do not take much time and are easier.

View full review »
Manager of IT at a healthcare company with 10,001+ employees

I didn't use support over the last nine years, except for handling the device replacement itself. I needed a device replacement due to some damage, and they fulfilled my request and requirements. In terms of tasks such as configuration issues, I've never actually asked for assistance for those queries and therefore could not rate how helpful or responsive they are when they cover those matters. 

View full review »
Vinothkumar-Narasimman - PeerSpot reviewer
Cyber Security at a tech services company with 1-10 employees

I am a technical engineer, I have complete knowledge of SonicWall. I can do all of the configurations for the firewall. We are a service-based company and I handle the different solutions. If they need any requirement or they any action on the firewall then I can do that myself. 

The only thing that needs improvement is the VPN because we need to pay to connect the points.

View full review »
Network Engineer at a maritime company with 201-500 employees

We have two SonicWalls in the High Availability setup with failover configuration.

We use it for the firewalling, for IPS protection and for VPN clients.

View full review »
Sergi Pinto - PeerSpot reviewer
Internet Manager at MICROBLAU SL

It's very scalable. In some cases, it's necessary to change the firewall, however, it's easy to change as SonicWall has the ability to migrate the configuration from all firewalls to the new one.

View full review »
IT Manager at Esnad

Overall, I'm satisfied with SonicWall NSa, but it would be better if they could add a small terminal to each device. This would help me deal with certain issues by running a small bot onto any PC. This terminal could control technical configuration from a centralized configuration with the SonicWall appliance. 

View full review »
Amjad Edris - PeerSpot reviewer
Technical Support Engineer at Netco Security Solutions

SonicWall NSa's most valuable features are the ease of configuration and the GUI. It's a web-based application, so we can easily configure all we want in the browser.

View full review »
Presales Consultant at General Technologies

Deploying SonicWall NSa is straightforward. A new user can easily configure the firewall. You can usually complete the deployment within a day. Setting up the prerequisites takes about two hours and then it takes some time to deploy the policies. That varies depending on what the customer wants. 

Maintenance is primarily configuration-related stuff, and our customers have their own engineers, but we give them advice. One engineer can maintain the solution.

View full review »
Balaraju K - PeerSpot reviewer
Technical Lead at 64network security pvt ltd

SonicWall has all the usual functions, like LAN configurations, security features, word filters, etc., but it also has the CFS agent, which isn't available in any other firewall. Reporting port support is also there.

I also like the ability to manage all the firewalls from a single location. We can support all those things from this application. It's a cloud-based solution.

View full review »
Arijit Chatterjee - PeerSpot reviewer
Senior System Administrator at Nous Infosystems

We also use the Sophos Firewall for web configuration, which we don't have in SonicWall. Only Sophos has those options. If SonicWall included that feature, that would be a benefit for us.

We have configured radius configuration. I would like to see an in-built authentication feature that would authenticate results and directly communicate to the cloud. Right now, we have a third party server for that. We are manually configuring it.

If anything goes wrong, sometimes we are unable to bring up that MPS configuration immediately. Our main VPN connection is always authenticated with the MFA option itself. When that happens, we have to revert those changes back as LDAP authentication. That isn't a good recommendation for our organization for VPN purposes. Anybody can connect directly, so they won't get two-factor authentication. It would be great for us if that was an in-built feature included in the Azure authentication.

View full review »
Sophos XG logo Sophos XG: Configuration
Abhirup Sarkar - PeerSpot reviewer
Director, Middle East, East India & SAARC at a tech company with 51-200 employees

The initial setup was simple. Within one to two hours, we were done. This was not just the installation, but the complete configuration.

View full review »
Network Team Lead at a manufacturing company with 5,001-10,000 employees

The initial setup is straightforward. It is a single day task to do the initial configuration and move the traffic over there. The firewall hardening, of course, will take some time depending upon the traffic, but the initial setup is a single day task.

View full review »
Unmesh Deshpande - PeerSpot reviewer
CTO at Kingsway Hospitals

The initial setup was a little complex because of the kind of configuration that we were looking at, the way the firewall had to be configured was slightly complex. We carried out the implementation ourselves and it took a maximum two days. 

View full review »
Alexandre RASTELLO - PeerSpot reviewer
Senior IT Consultant - Sophos Architect at ARENTIA S.A.

The web application firewall or WAF is very useful. Web application firewalls help keep your servers safe from hackers by scanning activity and identifying probes and attacks.
Using the Web Application Firewall (WAF), also known as reverse proxy, Sophos
UTM lets you protect your webservers from attacks and malicious
behavior like cross-site scripting (XSS), SQL injection, directory
traversal, and other potent attacks against your servers.
You can define external addresses (virtual webservers) which should be
translated into the "real" machines in place of using the DNAT rule(s).
From there, servers can be protected using a variety of patterns and
detection methods.

This function has been completely re-developed in XG, relatively of the UTM-9 version, and it works fine. I protect many internet web servers (IIS) for my customers with this function, due to of a lot of attempted attacks. It's a very useful and relatively simple to implement in Sophos XG.

Obviously, like all security systems, it is not a "fire and forget" configuration. It is necessary to properly analyze the system to be protected, create an appropriate policy and monitor its behavior once activated.

View full review »
Network Security Administrator at a comms service provider with 501-1,000 employees

The initial setup was straightforward. It took us less than 30 minutes. Normally, it depends on the size of your organization, so for mine, the installation was less than 15 minutes. By 30 minutes I was finished even with the setup and configuration.

View full review »
Miyoba Sichimwi - PeerSpot reviewer
Information Technology Security Officer at a government with 201-500 employees

It is not a very scalable product. I would rate the scalability a seven out of ten because where you order it, it comes with prefixed ports. You will only have perhaps two for the WAN, and then maybe four LAN ports, and one console. In this regard, it's not scalable. 

When you buy it, you can't change the port configuration. In order to get more ports, you may have to upgrade to a bigger firewall.

We have about 130 accounts for approximately 80 employees.

View full review »
Service Delivery Engineer - Network Security Lead at a tech services company with 51-200 employees

The most valuable feature is the Intercept X. It is the advanced features that are used for malware detection and antivirus. It's similar to antivirus on steroids.

It's simple to use and has a simple interface. It's generally straightforward and configuration-wise, it's not complex. 

It's a very simple product to use and that's why you find it is used mostly in small to medium-sized enterprises. They don't have the manpower that a large organization can have, in terms of the skilled workforce when it comes to cybersecurity. They just need something that is simple to use, simple to manage, and simple to administer, but effective at the same time. That's the main selling point for Sophos.

View full review »
Systems Administrator Team Leader at a retailer with 1,001-5,000 employees

The initial setup is carried out on the portal so you need to work on the configuration with the respective partner and have the portal accessing all of the environment. It's a simple setup. We have deployed this solution on around 200 machines.

View full review »
Gonzalo Moreno - PeerSpot reviewer
Owner at supernovatel

The initial setup and configuration was very easy for us. I think it's easier than the other options in the marketplace. The deployment time is relative. For example, if you're deploying for a client who has another firewall and have to integrate it, it'll take around two or three days. But if it's a new environment, you can deploy the firewall within two hours.

View full review »
ICT Manager at a hospitality company with 1,001-5,000 employees

We find it easy to use. Its internal configuration is very easy. It is not complicated in terms of use and configuration.

It has been fairly stable, and it is also scalable.

View full review »
Manuel Gellida - PeerSpot reviewer
Owner at Dinamica en Microsistemas de Informatica, S.A. de C.V.

The initial setup is not complex. However, here in Mexico, it's very complex to sell the product. The brand is not as well known.

That said, the process is pretty straightforward. 

The deployment times vary. It depends on the end-user and what they need. Sometimes, it's easy as they don't have too many policies. The more policies they have, the longer it takes.

In other cases, clients may have a lot of VPNs. We have to work on those VPNs, and we have to do a lot of routing. However, that depends on the customer. Not all are like that.

For one appliance, you just need one person for deployment and maintenance. If we are working a lot of VPNs, we would have to use more people. We need to involve maybe two or three individuals and re-apply the configuration in that case. 

View full review »
Gonzalo  Diaz - PeerSpot reviewer
Head of Cybersecurity at mundo credito

I am using the Azure Active Directory in my company and it was complicated to integrate this solution with Azure. I had to use an internal VPN and had to do many configurations to get it operating. This process should be easier to implement.

View full review »
Marco-VIVALDELLI - PeerSpot reviewer

The initial setup is not so complicated. The system is not complicated to understand and also in can be installed without a very high level of expertise. Of course, if you have this kind of expertise, you can obtain from the system the maximum performance that the system can do, however, it means that you are not obliged to be a guru to be able to use these kinds of products. You can use these kinds of products just as an IT manager inside the company without having or needing special knowledge. 

Otherwise, you can leave to Sophos with the capability of doing something like a close box. You are sure that Sophos is able to guarantee the level of security that you are expecting. You can have it be automatic, or you can choose to go more manual in its operations. For example, if you were a professional photographer, you'd probably like a manual experience, as it would allow you more leeway with your craft, and if you were an amateur, you 'ld likely prefer an automatic camera that handles the heavy lifting for you. Sophos, in that sense, is the same. If you want, you can configure single parameters, or you can leave it to Sophos to give you something out-of-the-box.

In any case, if you stay on the automatic configuration, you are guaranteed that the system can provide the correct level of service that you want. It means that it's not required to have an expert. That said, you need of course to have a minimum level of knowledge, as it's clear that you need to know what you are managing. Starting from that, you can obtain what you need without moving into an advanced configuration.

Typically, a configuration takes about half a day or so, if you go that route. It doesn't take long, as those who would handle it would know what they are doing.

View full review »
Head of Network Department at a financial services firm with 1,001-5,000 employees

The GUI and support could be better. I think there are other products that we are going to deploy instead of Sophos. We have already upgraded a month ago because the interfaces and support for Sophos are really weak. But other products like Juniper, Cisco, or FortiGate are better than Sophos. It's also complicated, and the end-user or client does not understand it.

The interfaces and the GUI design are not easy, and when you do something, unrelated things are in the same configuration site. There are different sites to visit to configure Sophos. This is even more than other products. Many features can be improved, especially the VPN and web filtering features.

View full review »
Senior Engineer at a engineering company with 11-50 employees

I would advise others to go through the Sophos demos. They are very good, and they walk you through configuration and use cases. Their online documentation is very helpful in not only configuring it but also selecting a proper model to deploy.

I would rate Sophos XG an eight out of ten for ease of use and cost.

View full review »
Senior Consultant at Wavednet Group

The installation is very easy for anyone. The configuration is straightforward, all the information is available through a quick Google search.

View full review »
IT Manager for Network and Security at a religious institution with 51-200 employees

I've worked with Sophos previously and we had a different setup. In terms of implementation, sometimes there are complex setups and sometimes the setup s are more basic. Right now, we have a complex setup. We need to ensure interconnectivity between our branches. We'll have different networks, different sites, and a lot of complexity. 

It doesn't really take too long to deploy, however. The support from the supplier is good. They're always available to assist. They are well-trained and they are already familiar with the setups and configuration so they're doing a pretty good job in terms of helping us.

View full review »
Neil Noronha - PeerSpot reviewer
IT Manager at a hospitality company with 51-200 employees

In the past, I have worked with SonicWall and Fortinet products.

I prefer Sophos because of the user-friendly configuration and stability.

View full review »
Sandesh Khade - PeerSpot reviewer
IT Manager at k sera sera

The initial setup is quite easy. it's not overly complex. The configuration process is also very simple.

We have a team within our organization that can handle any maintenance that is required.

View full review »
Spiros Konstantinou - PeerSpot reviewer
Operations Manager at VL Toolbox Express Computer Solutions

The solution is scalable, but an organization should assess in advance its size based needs. Say, for example, a company utilizes the XG 125 version, but grows rapidly. At this point it may need to switch to the 210 version. Yet, switching from one version to another would not really present an issue. One can restore the backup configuration version on the new hardware and be up and running. 

View full review »
Vuli Moyo - PeerSpot reviewer
IT Technician at Zimbabwe School of MInes

There have been some issues when upgrading. For some reason, parts of the configuration become unconfigured, I then have to reconfigure it. I should not need to keep reconfiguring it after upgrades.

View full review »
Sr Information technology consultant at onkar international pvt ltd

There's no additional cost for installation. The provider from which we purchased, the vendor, himself arranged all installation and configuration. They helped us. However, even through customer care, a company can ask for assistance. 

View full review »
Creative Head/Director at a marketing services firm with 1-10 employees

I am the technical person. Installation can be handled independently. We do the configuration of the firewall. 

We have two teams that are responsible for the deployment, a firewall and a network one. We can handle the implementation using both teams. 

View full review »
Muhammad_Irfan - PeerSpot reviewer
Sr. Network Administrator at ACMC

We migrated from Cyberoam. The migration went very well.

The migration process did not require a lot of configuration.

It took a few days to complete the migration and the testing.

This solution is being managed by myself and a colleague. We are a team of two.

View full review »
IT support officer at a wholesaler/distributor with 51-200 employees

I contacted the external partner, and the setup was easy. It took about two or three days. Some little pictures were difficult for us to find, but that's normal. We could not make a one-to-one copy of the older one, so we had to search for some little personal configurations here. Now that everything is configured right, we are happy to have it. 

View full review »
Network & System Support Engineer at ITCG Solutions Pvt Ltd

When it comes to the firewall, everything hinges on the configuration. Every firewall is good, but one can see the importance of the configuration in the firewalls of Sophos and SonicWall. This is the most important thing, since users occcasionally disable the app control, IPS or anti-spyware features. They do this out of a lack of familiarity with the security, something which allows attacks to occur. Therefore, the configuration is key. I configure every firewall I employ, be it Sophos, SonicWall or Fortinet. 

I have not encountered any issues when it comes to the configuration

View full review »
Tech Doctor at a recruiting/HR firm with 11-50 employees

Compared to other firewalls that I had looked at, I thought Sophos was the better solution. It just seems to be easier to manage versus Cisco, Fortinet, or one of the other options I was looking at.

I'm not going to say that it's easy to configure, but I can understand how to configure it. There is a certain amount of support available to do the configurations. 

View full review »
Director at REDCO

The most valuable features are its nice interfaces and configuration. The endpoint is also very good.

View full review »
Gerente de Atendimento na Introduce at a tech services company with 11-50 employees

Sophos XG is really robust because of all the implementations you currently have active. We don't have problems on the hardware or a bug on the software or anything like that. It's really, really rare. Most of the problems are from requests for our customers asking to make a particular website available for some parts of the company and things like this. Just some little configurations on the web filter.

View full review »
RicardoURQUIDI - PeerSpot reviewer
CEO at a tech services company with 1-10 employees

Previously we were working with Astaro, so the setup and configuration of Sophos XG was easy. The implementation took less than a month.

View full review »
Founder and Managing Partner at a tech services company with 1-10 employees

The stability is what I have found attractive with the whole Sophos product line. You can have a client that starts with a three-person office and grow it to a 10,000 person operation and you keep moving the configuration to the next level of power.

View full review »
Network Administrator at chegus infotech

The interface can bit a bit more user-friendly. For me, it's still user-friendly and I don't find it difficult to use. However, the configuration should be more user-based. As an example, IPSec is complex and a little bit difficult to configure. If it were more like Microsoft Azure and the way their online configuration works, it would be an improvement. As it is now, I have all of the settings inside the device, so I can clone them and use them for customers. But, on the customer's side, it is difficult for people to understand.

Our Wi-Fi network is not working as well as expected.

View full review »
Head of Information Technology at a manufacturing company with 201-500 employees

I rate Sophos UTM eight out of 10 for ease of deployment. We didn't have any serious issues. The only challenge we had was migrating from Sophos UTM to XG. There was no direct migration, so we had to do a manual configuration

After deployment, the solution doesn't require much maintenance. So as long as my connections are up and running, I don't need to do any maintenance. All the updates are automatic.

View full review »
KerioControl logo KerioControl: Configuration
Senior Systems Tech/Admin at a computer software company with 1-10 employees

The solution is scalable. If you are using virtualized machines you can have as much memory and much storage, but you do not need much storage for this solution. It is powerful and fast, although it can slow down the internet because of the filtering. For example, if you have most of your services running, such as antivirus, content filtering, and intrusion prevention. When all of those are all enabled and there is a lot of configuration and it might slow down your internet service to about 70%, instead of a direct simple router.

View full review »
Cisco Firepower NGFW Firewall logo Cisco Firepower NGFW Firewall: Configuration
Zhulien Keremedchiev - PeerSpot reviewer
Lead Network Security Engineer at TechnoCore LTD

My primary use case with Cisco Firepower NGFW is implementing, configuring, maintaining, and troubleshooting lab and customer devices in both lab and production environments.

Using best practices for configuration, as well as fine-tuning intrusion policies and utilizing as many of the features that the firewall has to offer, which are feasible in said environment.

Overall, I am confident to say that I have worked with every flavor of Cisco Firepower NGFW, be it their older IPS-only sensors, ASA with Firepower services, as well as the FTD sensor itself.

View full review »
Javed Hashmi - PeerSpot reviewer
Chief Technology Officer at Future Point Technologies

There needs to be an improvement in the time it takes to deploy the configurations. It normally takes two to four minutes and they need to reduce this. The deployment for any configuration should be minimal. It's possibly improved on the very latest version. 

An additional feature I would like to have in Firepower would be for them to give us the data from the firewall - Cisco is probably working on that. 

View full review »
Muhammed Eslami - PeerSpot reviewer
Solution Architect at a tech services company with 11-50 employees

The initial setup is easy, with the installation and configuration taking about two hours.

View full review »
Guillermo  Fernandez - PeerSpot reviewer
Security Consultant at IKUSI

The solution offers very easy configurations.

The administration of the solution is very good.

The product integrates well with other products.

View full review »
Systems Engineer at a tech services company with 11-50 employees

First you have to configure the Firepower Device Manager, or Firepower Management Center. When you bootstrap it or do the initial config, you type in the IP address, host name, and DNS. When you have the IP configuration in place, you can log in to the Firepower Management Center and start building policies that suit your needs. When you have all the policies, you can add or join Firepower devices to the Firepower Management Center. After adding the devices to the Firepower Management Center, you can then apply the policies that you built in the first place, through the devices, and that will affect the behavior on the devices.

View full review »
Cesar Beut - PeerSpot reviewer
Networking Specialist at a healthcare company with 1,001-5,000 employees

The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second.

Three years ago, the Firepower Management Center was very slow. The solution has improved a lot in the last couple of years. It is now faster. I hope that continues to improve. 

View full review »
IT Administrator / Security Analyst at a healthcare company with 11-50 employees

The big three solutions, Cisco, Fortinet, and Palo Alto, are all really good but I tend to lean on Cisco versus the others because one of their strengths, in general, is threat intelligence. When you put a bunch of security people in a room then you have a lot of consensuses, but like anything, you'll have a lot of disagreements, too.

Each of these products has its strengths and weaknesses. However, when you factor in AnyConnect, which most people will agree is state-of-the-art from a security standpoint in terms of VPN technology, especially when it's integrated with Umbrella, it plays into the firewall. But, it always comes back to configuration. Often, when you read about somebody having an attack, it's probably because they didn't set things up properly.

If you're a mom-and-pop shop, maybe you can get by with a pfSense or something like that, which I have in my house. But again, if you're in a regulated environment, you're looking at not just a firewall, you're looking at all sorts of things. The reality is, security is complicated.

View full review »
Matt Back - PeerSpot reviewer
Cyber Security Practice Lead at Eazi Security

One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful. 

Cisco implemented a role-based access control for Firepower, so you can have very granular accounts. For example, a service desk analyst could have read-only access. If we have a security operations team, then they could have access to update IPS vulnerability databases. A network engineer could have access to update ACLs, not rules, which is quite useful. Also, you can selectively push out parts of the policy package based on your role-based access control. So, if you have one job role and work on one part of the configuration, and I work on another job role working on a different part of the configuration, then I could just deploy the changes that I have made without affecting what you are doing (or without pushing out your changes). It is quite nice to be able to do that in that way.

View full review »
Project Engineer at Telindus B.V.

I have experience with SonicWall, Fortinet, Juniper, and Sophos firewalls, among others. We work with Fortinet and Palo Alto. It's not that we only do Cisco. But I can say from my experience that I am really more convinced about Cisco products.

What customers really like about Cisco, the number-one thing that they are really happy about within Firepower—and it was also in the old ASA code, but it's even more a feature in Firepower—is that the configuration is in modules. It's modular. You have different policies for the different functions within your firewall, so that your access control policy is only for your access lists and that's it. You have a different network address translation policy. It's all separated into different policies, so a customer knows exactly where to look to configure something, to change something, or to look at something which is not working properly.

Also, with Cisco, when a customer is not totally certain about a change he's going to make, he can make a copy of the specific access control policy or the NAT policy. If something doesn't go right, he can assign the copied policy back to the device and everything is back to the way it was. 

These are the biggest advantages our customers see. When a customer doesn't have any knowledge about firewalls, I can explain the basics in a couple of hours and they have enough familiarity to start working with it. They see the different modules and they know how to make a backup of a specific module so that they can go back to the previous state if something goes wrong.

View full review »
Francesco-Molino - PeerSpot reviewer
Practice Lead at IPConsul

The IPS is one of the top features that I love.

The dashboard of the Firepower Management Center (FMC) has improved. The UI has been updated to look like a 2021 UI, instead of what it was before. It is easy to use and navigate. In the beginning, the push of the config was very slow. Now, we are able to push away some conflicts very quickly. We are also getting new features with each release. For example, when you are applying something and have a bad configuration, then you can quickly roll back to when it was not there. So, there have been a lot of improvements in terms of UI and configuration.

View full review »
Ed Vanderpool - PeerSpot reviewer
IT Technical Manager at Adventist Health

We found that the initial setup using Firepower products was actually very simple. The initial configuration for the Management Console was very straightforward. Adding devices usually takes a few minutes. And then once you've got them physically set up in your Management Console, it's streamlined. It's actually very simple.

One of the great features of having the Cisco Firepower Management Console is having the ability to group. So we have each one of our hospitals as a group, so we can actually do any device configuration within a group. They're HA so that when we do an upgrade, it is seamless because when it fires off the upgrade, it will actually force the HA over automatically as part of the upgrade. And the other part of that is policy management. We have several policies, but specifically, one for the general use at our hospitals has been phenomenal because you build out one policy and you can push that out to all of your end nodes with one push.

We require two staff members to actually implement and devise the initial configuration.

At my company, you have to be at least a senior or an architect in order to manage any type of firewalling, whether that's the IPS, the actual firewall itself, or AnyConnect. So we have senior network engineers that are assigned for that task.

We typically have one person that will actually rotate through the group for the maintenance. There's a senior network engineer that will maintain that on a daily basis. Typically, it doesn't take maintenance every day. The biggest maintenance for us comes to updating policy, verifying the geolocation information is correct, and any upgrades in the future. So typically that takes about one to two people.

View full review »
Raufuddin Gauri - PeerSpot reviewer
Network & Security Engineer at Oman LNG L.L.C.

It integrates with other Cisco products. We use Cisco ASA and Cisco FTD, and we also use Cisco FMC for monitoring and creating policies. For internal network monitoring purposes, we use Cisco Prime. We also use Cisco ISE. For troubleshooting and monitoring, we can do a deep inspection in Cisco FMC. We can reach the host and website. We can also do web filtering and check at what time an activity happened or browsing was done. We can get information about the host, subnet, timing, source, and destination. We can easily identify these things about a threat and do reporting. We can also troubleshoot site-to-site VPN and client VPN. So, we can easily manage and troubleshoot these things.

Cisco FMC is the management tool that we use to manage our firewalls. It makes it easy to deploy the policies, identify issues, and troubleshoot them. We create policies in Cisco FMC and then deploy them to the firewall. If anything is wrong with the primary FMC, the control is switched to a secondary FMC. It is also disconnected from the firewall, and we can manage the firewall individually for the time being. There is no effect on the firewall and network traffic.

Cisco FMC saves our time in terms of management and troubleshooting. Instead of individually deploying a policy on each firewall, we can easily push a policy to as many firewalls as we want by using Cisco FMC. We just create a policy and then select the firewalls to which we want to push it. Similarly, if we want to upgrade our firewalls, instead of individually logging in to each firewall and taking a backup, we can use Cisco FMC to take a backup of all firewalls. After that, we can do the upgrade. If Cisco FMC or the firewall goes down, we can just upload the backup, and everything in the configuration will just come back. 

We can also see the health status of our network by using Cisco FMC. On one screen, we can see the whole firewall activity. We can see policies, backups, and reports. If our management asks for information about how many rules are there, how many ports are open, how many matching policies are there, and which public IP is there, we can log in to Cisco FMC to see the complete configuration. We can also generate reports.

With Cisco FMC, we can create reports on a daily, weekly, or monthly basis. We can also get information about the high utilization of our internet bandwidth by email. In Cisco FMC, we can configure the option to alert us through email or SMS. It is very easy.

View full review »
Information Security and Compliance Manager at RSwitch

The initial setup is 50/50, between straightforward and complex. Migrating from Cisco to another Cisco product is okay, but migrating to Cisco from other network devices, like an IBM switch, is a bit tricky. You can't test the configuration to see if it's the same as what you're going to. But we managed with support from Cisco.

It took a month to complete the deployment.

Our implementation strategy was based on not upgrading everything at the same time. It was phased. We deployed a specific device and then we monitored everything to make sure everything looked okay, and then we moved on to the next one.

It requires a minimum of two people for deployment and maintenance, from our network and security teams.

View full review »
Reviewer43898 - PeerSpot reviewer
Engineering Services Manager at a tech services company with 201-500 employees

It may sound a bit strange, but one of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now.

Also, the new UI is always getting better from version to version. In the beginning, when it came to managing Cisco Secure Firewall, it wasn't always the easiest, but with 6.7 and 7.0, it's gotten easier and easier. It's a pretty easy system to manage. It's especially beneficial for people who are familiar with ASA logic because a lot of the Firepower logic is the same. For those people, they're just relearning where the buttons are, as opposed to having to figure out how to configure things.

I've used the backup VTI tunnel and that's a feature that lets me create some redundancy for my route-based stuff and it works pretty well. I haven't had any issues with it

Firepower 7.0 also has fantastic Dynamic Access Policies that allow me to replicate a lot of the configurations that were missing and that made it difficult to move off the old ASA platform for some customers. The addition of that capability has removed that limitation and has allowed me to move forward with implementing 7.0. 

Snort 3 is one of the biggest points on Firepower 7.0. I've been using Snort 3 for quite a while and, while I don't have a ton of customers on it, I do have some who are running on it and it's worked out pretty well. In their use cases, there wasn't a lot of risk, so that's why we started with it. Snort 3 has some huge advantages when it comes to performance and policy and how it's applying things and processing the flows.

Dynamic Objects have also been really critical. They're very valuable. Version to version, they're adding a lot more features onto Dynamic Objects, and I'm a big fan. 

I've also used the Upgrade Wizard quite a bit to upgrade the firmware. 

And on the management side, there are the health modules. They added a "metric ton" of them to the FMC [Firepower Management Center]. In version 6.7 they released this new health monitor which makes it a lot easier to see data and get to information faster. It's quite nice looking, as opposed to CLI. The new health modules really do stand out as a great way to get to some of that health data quickly—things like interface information, statistics, drops—that were harder to get to before. I can now see them over time, as opposed to at just a point in time. I've used that a lot and it has been very helpful.

In addition, there is the global search for policy and objects. I use that quite a bit in the search bar. It's a great way to get some information faster. Even if I have to pivot away from the screen I'm on, it's still great to be able to get to it very quickly there. 

In a lot of ways, they've addressed some of the biggest complaints, like the "housekeeping" stuff where you have to move around your management system or when it comes to making configuration changes. That has improved from version to version and 7.0 is different. They've added more and have made it easier to get from point A to point B and to consume a lot of that data quickly. That allows me to hop in and do some data validation much faster, without having to search and wait and search and wait. I can get to some of that data quicker to make changes and to fix things. It adds to the overall administrator experience. When operating this technology I'm able to get places faster, rather than it being a type of bottleneck.

There is also the visibility the solution gives you when doing deep packet inspection. It blows up the packet, it matches application types, and it matches web apps. If you're doing SSL decryption it can pinpoint it even further than that. It's able to pull encrypted apps apart and tell me a lot about them. There's a lot of information that 7.0 is bringing to the forefront about flows of data, what it is, and what it's doing. The deep packet inspection and the application visibility portion and Snort are really essential to managing a modern firewall. Firepower does a bang-up job of it, by bringing that data to the forefront.

It's a good box for visibility at the Layer 7 level. If you need Layer 7 visibility, Firepower is going to be able to do that for you. Between VLANs, it does a good job. It's able to look at that Layer 7 data and do some good filtering based on those types of rules.

View full review »
Imran Rashid - PeerSpot reviewer
IT/Solutions Architect at a financial services firm with self employed

In the new design, I put Cisco Firepower NGFW Firewall as a LAN segment and as the data center firewall. In the old design, I just used FortiGate Firewall for configurations, and we are going to replace it. The complete solution will be replaced with a two-tiered data center.

View full review »
Jure Martinčič - PeerSpot reviewer
Engineer Specialist at Telekom Slovenije

The ease of use, when it comes to managing Cisco Firepower NGFW Firewalls, is getting better because the UI is improving. It was a bit cumbersome in previous versions. Checkpoint, for example, has one of the most intuitive user interfaces, and now Cisco is really improving.

The only drawback of the user interface is when it comes to policies. When you open it and click on the policies, you have to move manually left and right if you want to see the whole field within the cell. Checkpoint has a very detailed user interface. Cisco is getting better and becoming more and more user-friendly.

Cisco needs a more intuitive user interface. When you know what to do, it's easy. Otherwise, you need training. You can install it and do the initial configuration, but if you don't have the proper training it's also possible to configure it the wrong way. If that happens, some things might pass through that you don't know about.

View full review »
Samson Belete - PeerSpot reviewer
Network Engineer at a financial services firm with 5,001-10,000 employees

The reporting and other features are nice, but there is an issue with applying the configuration. That part needs some improvement.

Services from the outside, like financial services that are critical, should be protected by the NGFW. There are cyber attacks on these services. Therefore, adding this NGFW in front of those services will reduce our costs for cyber crime.

View full review »
Ken Mohammed - PeerSpot reviewer
UC Solutions Engineer at Diversified

I like that you can get really granular, as far as your access lists and access control go. 

You can also put everything into a nice, neat, little package, as far as configuration goes. I was formerly a command-line guy with the ASA, and I was a little nervous about dealing with a GUI interface versus a command line, but after I did my first deployment, I got a lot more comfortable with doing it GUI-based.

View full review »
Hillstone E-Series logo Hillstone E-Series: Configuration
Head of Cybersecurity at a tech services company with 11-50 employees

The initial setup was very easy. Deployment of the solution, using advanced configuration, took an hour using only one person.

View full review »
Untangle NG Firewall logo Untangle NG Firewall: Configuration
Sameer Mogale - PeerSpot reviewer
Owner (Senior Systems Engineer) at 3Kay Solutions

At this stage, I think the SSL decryption option can be streamlined.

I think decryption transparency could be improved because you basically click a button and then you set up one rule-set and that's about it. I've noticed there's a problem on some sites where it doesn't do the proper decryption. I actually had to go through the application control module, and logs to see what was happening, and why some sites could not function, before I could decipher that it was the SSL decryption that was blocking the sites. I would like to see more hands-on configuration in that respect.

Update:- 10/26/2020

Untangle now supports TLS v1.3. So far testing has yielded positive results and I have not really had to bypass most of the sites we browse to, after resetting the policies to default.

View full review »
FedericoVillanueva - PeerSpot reviewer
Founding Partner - Technology Director at VSN LATAM

It is straightforward. Our target market is the small and medium companies that don't have IT departments and a firewall specialist. We provide the Untangle solution and the management of the solution for a quote. 

Most of the implementations are simple. However, we have implemented Untangle solution to replace Fortinet in a financial group in Mexico. This was the most complex configuration that we have handled. There were 65 locations with voiceover IP and some other features. We had to create balance and recovery from the cluster. 

Our last implementation took less than a week. You need just two people for its deployment and maintenance.

View full review »
Barry Arendt - PeerSpot reviewer
Owner at ThinkEzIT

We do a lot of Voice over IP, which is one of the features that I like about it. The firewall works really well with Voice over IP.

They have a command center that makes it easy to log into and see all of your appliances nationwide.

The reporting is wonderful. You can run reports and they are very helpful.

The alerting is great. It will send you alerts when there is any nonsense going on. For example, you will get alerts on DDoS types of attacks.

It has wonderful content filtering built into it. They also have a cap portal feature that is pretty good. It has several useful interesting features included.

The VPNs are great too, they are wonderful.

We set up RDP on our clients, but it's Atlanta LAN, the LAN RDP. If you get on the VPN, then the allow group, you can actually RDP, you make the VPN connection to it. You can also then do a site-to-site VPN and they make it very simple. Overall, the VPN features are wonderful.

The zero deployments are wonderful with this. With Zero deployment, you don't have to touch the firewall. When the firewall arrives on-site, you have a smart hands technician to unplug the old one and you plug in the new one. It automatically downloads the configuration offline. No technician will ever have to physically touch that firewall. It can all be done through the command center once the firewall connects to it. Everything is automatically added once you purchase it and it will download the proper configuration for that site.

View full review »
Director at Kisii County Government

This firewall has a lot of features and we are using all of them.

What I like about this product, which is the reason that we continue to use it, is that you can install the software version on your own hardware. In case there is a problem with the hardware, we can just install the firewall in another machine and restore the configuration. This is unlike using a device with hardware that is vendor-specific. We had such a problem one time, and it required that we had to purchase more hardware.

View full review »
Palo Alto Networks VM-Series logo Palo Alto Networks VM-Series: Configuration
Alexandru Sireteanu - PeerSpot reviewer
Assistant Professor at Facultatea de Economie și Administrarea Afacerilor din Iași

I am the guy they call up first for the central infrastructure and configuration of the malware, firewall, and main applications, and I use Palo Alto Networks VM-Series for that.

View full review »
Shrijendra Shakya - PeerSpot reviewer
C.T.O at Sastra Network Solution Inc. Pvt. Ltd.

This is our core firewall for the data center network.

We have two on-premises appliances set up in a high availability configuration.

View full review »
Director of IT at Tavoca Inc

Using this product has increased our security and has given us much better results in terms of security scans.

Palo Alto embeds machine learning into the core of the firewall to provide online real-time attack prevention, and I would rate that capability a six out of ten. It's definitely effective in terms of securing our network against threats that are able to evolve and morph rapidly.

This solution provides a unified platform that natively integrates all of the security capabilities, although we are not using parts of it. For example, we don't use the configuration tools like Panorama. We don't use the monitoring capabilities, either.

View full review »
Fortinet FortiGate-VM logo Fortinet FortiGate-VM: Configuration
Junior Network Engineer at a tech services company with 11-50 employees

We've had issues with integration. It hasn't gone well.

We have had some stability issues.

There are some instances where configurations can get complex.

View full review »
CISO at a religious institution with 501-1,000 employees

The initial setup was a little complicated due to our engineers working on knowledge of Checkpoint and trying to replicate the same configurations.  Hindsight finds it may have been less complicated to build the rules from the ground up rather than importing them.

View full review »
Richard Domikis - PeerSpot reviewer
Chief Technology Officer at cornerstone defense

The product does not have a good graphical interface. Their patches and their upgrades are not always compatible with configuration. That means that often you find after you upgrade that there was something else you have to do to the rest of the infrastructure, whether it's a printer or a user or whatever. It doesn't appear to me that their upgrades are well tested. They usually do what they're supposed to do, however, they also usually do some other things that FortiGate doesn't seem to be aware of.

It doesn't maintain legacy capabilities very well.

The stability of the solution isn't ideal.

They don't seem capable of supporting their own product.

The solution needs a better user interface and more intelligent services like spam blocking and auto whitelisting, gray listing, blacklisting, et cetera. It just basically needs better user monitoring.

View full review »
Swapnil Talegaonkar - PeerSpot reviewer
Technology consultant at a tech services company with 501-1,000 employees

There are certain GUI features that should be present but are not, although these we can address through the command-line interface. We have to make use of this to create certain policies or change the interface layer. These configuration restrictions should be addressed. 

Moreover, the reporting should be upgraded, as there are only a small number of reports available. We also encounter issues on the logging pages. GUI does not allow for live logging and the command-line interface must be used in its stead. The need to rely on CLI should be done away with entirely. 

While we consider the solution to be user-friendly, certain improvements should be made in this respect. 

View full review »
Consultant at a comms service provider with 11-50 employees

There should be more options to use lower-end models in a high availability configuration.

They should continue to improve the traffic shaping; they should add some AI to the traffic shaping. They should also consider learning from other organizations as opposed to just internally. They should follow patterns instead of everyone having to recognize patterns and make adjustments on their own. Instead, they should add some form of intelligence to guide administrators in best practices with traffic shaping. I think this will become very important as we move more toward a SaaS-type world. 

View full review »
IT Specialist at a tech services company with 51-200 employees

I work with a service provider and he sells service in cloud and FortiGate products, including FortiGate VMs. With this, he sells services, and I work with him on support and initial configurations or deactivations for customers. 

I work with various versions of the solution, the latest being 7.7.

We use a variety of deployments, including on-premise and in public clouds. Not an American public cloud, however. Rather, it's a public cloud here in South America.

I'd rate the solution at a ten out of ten. the product is excellent and I am very happy with it overall.

View full review »
Network Administrator at Furnmart

I previously used pfSense but found it was a bit complicated in terms of configuration and didn't give periodic updates. I switched to FortiGate because they were very consistent in giving updates on outbreaks and what they were doing to resolve them.

View full review »
MauricioCorrêa - PeerSpot reviewer
Full support analyst at Gruppen

My experience with the solution has been very positive and Fortinet provides a great layer of security when it comes to SD-WAN and other security capabilities. There are many models available to suit a host of environments. 

The solution is extremely easy and friendly. The configuration, graphical interface and command line are easy to use.

View full review »
Director at REDCO

With every new version, there are issues and new parts due to the improvements. But the improvements are not always easy for the customer, especially when making a big configuration. Rather than being an improvement, it becomes more complicated.

View full review »
Mohammed Alahdal - PeerSpot reviewer
Cyber Security architect at Avanade

The previous version, which was 7.1 or 7.2, was a little bit easier to use. It's kind of a little bit tricky to find the options from the firewall configurations now, in the latest version. Previously, it was easier to deal with. The whole dashboard that you get can be improved. They could organize the whole dashboard a bit more to put stuff under each other in a way that makes sense and makes everything easy to reach.

The costs could be lowered.

View full review »
Network Analyst at a manufacturing company with 1,001-5,000 employees

We only have one person for deployment and maintenance.

It took us only two days to deploy it with our desired configurations.

View full review »
Peter Salerno - PeerSpot reviewer
Owner / Principal Consultant at Stratus Concept LLC

I liked its general capabilities.

Its cloud management is very good.

I did like the ability to back up the configuration into the cloud, as opposed to having to store the configurations or just downloading them, the backups, to local devices.  When you want to back up the configuration you can download it as a local file and save it to the cloud.   

That flexibility was very useful. 

The product had a fairly good user interface. It was well thought out and the controls seem to be in a logical hierarchy. I was able to find stuff without having to configure things. There was just a logical breakdown of how to find things.

View full review »
OPNsense logo OPNsense: Configuration
Owner and business consultant at networks srl

We plan to continue using this solution. Right now, we are settling our networks. We plan to expand its usage, but I don't think it will happen until 2022.

It has a good user interface. Its configuration is simple but requires a little planning. It is much simpler than the Cisco ASA configuration.

I would recommend this solution. I would rate OPNsense a nine out of ten. I am happy with it.

View full review »
Simon Hoarebury - PeerSpot reviewer
Director at KBR

OPNsense could improve by making the configuration more web-based rather than shell or command-line-based.

The timeline for new features could be better. They could be faster at updating features.

View full review »
Check Point NGFW logo Check Point NGFW: Configuration
IT Infrastructure & Cyber Security Manager at a retailer with 501-1,000 employees

It was really pretty straight forward because we upgraded from an older Check Point product. The installation and the assimilation of the new firewall was very quick with almost no downtime and almost no problems.

We deployed four firewalls in two clusters and, all in all, it took about one day of work; half a day for each side. That includes the installation, the configuration, and the exporting of the configuration from the old system and, of course, all the fixes and patches.

On our side there was one person involved in the initial setup, just to make sure that everything was going okay and, after the installation, to do all the checks and verify that everything was working fine and as needed.

View full review »
reviewer1489602 - PeerSpot reviewer
Network Security Assurance Specialist at Visa Inc.

The main use case is Firewall provisioning and integration with Tufin and Skybox. Also, we focus on firewall compliance, rule review, VPN configuration, and network troubleshooting.

View full review »
Network Associate at a wireless company with 1,001-5,000 employees

I like the antivirus, attack prevention, three-layer architecture, and data center management features.

The antivirus updates are quite frequent, which is something that I like.

Central management is a key feature. We have between five and ten firewalls on-premises, and if we want to configure or push the same configuration to all of the firewalls, then the centralized management system is very helpful. It means that we only have to push the configuration once and it gets published on all of the firewalls.

View full review »
Sr. Network Engineer at a tech services company with 1,001-5,000 employees

We currently use Check Point and Cisco ASA. The purpose for the company is to increase the security. They were only using Cisco ASA Firewall, which is kind of a degrading firewall right now because it lacks many features, which are advanced in Check Point Firewall. With Cisco ASA, we need to purchase additional IPS hardware. But, for Check Point, we do not require that. Also, if we want the same configuration for multiple firewalls at a time, then Cisco ASA does not support that. We have to create the same policy in each firewall.

View full review »
PRAPHULLA  DESHPANDE - PeerSpot reviewer
Associate Consult at Atos

It has not only improved our environment but the entire organization. Adopting it brings better functionality.

Starting from the basic firewall blade to sandbox threat emulation and threat extraction, it works seamlessly to protect against both known and unknown malware.

After the version 80.xx migration, Check Point stability and security have improved tremendously.

Through the management server, it has become very easy to manage the configuration for each of the blades, as well as the day-to-day operations. With central management, it has become possible to manage endpoint devices as well.

View full review »
Network Security Engineer at a tech services company with 10,001+ employees

The first phase of the implementation is to plan the firewall deployment. After that, we do the configuration and validate it. In the case of a Check Point firewall, this process will take between two and three months to complete.

The complexity of the process depends on the features that you want to add. In general, it is straightforward and not too complex.

View full review »
Network Security Engineer at a tech services company with 10,001+ employees

Prior to Check Point, we were using Cisco ASA.

The problem with Cisco ASA is that it is a purely CLl-based firewall. Check Point is not only UI and CLI-based, but it is also a next-generation firewall. It has many different and more advanced features, compared to Cisco ASA.

For example, in Cisco ASA, we can use only two gateways in active-active mode, but with this product, we can use five gateways at a time. Another difference is that the Cisco ASA policy configuration options are not as granular as Check Point.

View full review »
Swapnil Talegaonkar - PeerSpot reviewer
Technology consultant at a tech services company with 501-1,000 employees

Check Point's new Smart dashboard has an all-in-one configuration interface. They provide a very easy configuration for NAT and one tick for source & destination NAT is possible.

Policies can be configured in a more organized way using a section & layered approach.

Application control has all of the required application data to introduce it into policy and the URL filtering works great, although creating regular expressions is complicated.

The software upgrade procedure is very easy; it just needs few clicks & we are done.

View full review »
reviewer1531134 - PeerSpot reviewer
Cybersecurity Engineer at Insurance Company

The virtual systems solution (VSX under Check Point terminology) has provided the company the ability to improve performance and adapt to the network and security needs in a flexible way, as the network has been possible to be redesigned at any time and put an additional firewall where there wasn't before without more hardware. At the same time, the costs of the solution are known and limited, as you pay for a bundle of firewall licenses and your hardware purchased.

The NGFW security solution scales well and easily when needed as long as your hardware (performance) admits it. And having a central management system that allows us to share the same object database and different configurations have allowed us to improve the platform operating time. Due to this, we can implement the security needs of more proyects than we used to.

View full review »
Sreegith Sreedharan Nair - PeerSpot reviewer
Senior Network Engineer at LTI - Larsen & Toubro Infotech

Configurations can be complex in some situations and need experienced engineers for managing the solution.

Integration with a third-party authentication mechanism is tricky and needs to be planned well.

SmartView monitor can be enhanced to display granular details of gateways with a single click. Also, having the ability to generate alerts from the Smart Monitor would be a nice feature.

View full review »
Gonzalez - PeerSpot reviewer
Network Administrator at Secretaría de Finanzas de Aguascalientes

Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution.

The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters. It is well organized.

Some other of the services that have worked well for us are antivirus, anti-bot, and URL filtering. Together, these have allowed us to maintain control and organization amongst the users.

Another one of the pluses that have helped us a lot has been the IPsec VPN, especially in these times of pandemic.

View full review »
Basil Dange - PeerSpot reviewer
Senior Manager at a financial services firm with 10,001+ employees

This is a zone-based firewall, which differs from other firewall solutions available on the market. It changes the way the admin manages firewall policy. The administrator has to be careful while defining policy because it can lead to configuration errors, allowing unwanted access.

For example, if a user needs to access the internet on the HTTPS port, then the administrator has to create a policy as below, rather than using NAT for assigning the user's machine to a public IP.

Source: User machine
Destination: any
Action: allow (for allowing the user's machine access)

This has to be done along with the below policy:

Source: User machine
Destination: Other Zone created on Firewall
Action: block 

The two policies, together, mean that the user's machine will not be able to communicate with any other L3 Network created on the firewall.

The firewall throughput or performance reduces drastically after enabling each module/blade.

It does not provide for standalone configuration on the security gateway. Instead, you need to have a management server/smart console for managing it. This can be deployed on a dedicated server or can be deployed on the security gateway itself.

View full review »
reviewer1543578 - PeerSpot reviewer
User at Johnson Controls, Inc.

We greatly appreciate the ease of configuring firewall policy ACL rules and how the seamless integration with VPN users and user groups provides the ability to granularly restrict access. The uncomplicated configuration ensures that mistakes are avoided and rules are easily audited.

Having the ability to set an expiration date for remote access VPN users simplifies the process and increases security by ensuring that stale accounts and not forgotten.

In general, we find that CheckPoint offers a great balance between ease of use and configurability.

View full review »
CTO at a computer software company with 11-50 employees

Easy setup and configuration by a non-network/security person.

View full review »
Anthony Hassiotis - PeerSpot reviewer

Remote access with a secure workspace provides a clear separation between the client and corporate network. 

Threat Emulation (sandboxing) is great for zero-day malware and it is easy to configure. 

Logging and administration are best-of-breed. You can quickly trace back on all sorts of logs in no time. 

IPS and AV rules are granular and specific for the rules that you need. 

The geolocation feature is good for dropping irrelevant traffic. 

Configuration through SMS is quick and easy. It eliminates administration errors while checking consistency before applying a policy.

View full review »
SaifKhan1 - PeerSpot reviewer
Network Security Engineer at a consumer goods company with 201-500 employees

Until you have some experience, the installation and configuration are difficult.

View full review »
Security product manager at RRC

Its initial setup is easy for me. The deployment duration varies. A simple deployment takes two or three days. A complex deployment that involves a cluster configuration or appliance replacement can take up to five days.

View full review »
Ifeanyi Onyiaodike - PeerSpot reviewer
Network security engineer at Fidelity Bank

We use this solution for permissions regarding access ports and services. We also use Check Point Remote Access VPN as an endpoint VPN. We use it for site-to-site configuration

All of the traffic that comes through our sites passes through our firewall. Basically, everyone, including our staff and clients, passes through our firewall. In other words, we have thousands of users using this solution.

View full review »
IT Manager at a comms service provider with 51-200 employees

The implementation was through a vendor, and the installation went really well. The consultant was Check Point certified and explained everything in detail.

Later on, we added new remote sites to the configuration (in-house) without any problem. We didn't need to check with the vendor.

View full review »
Xavier Espinoza - PeerSpot reviewer
Subgerente de Tecnologías de la Información at ETAPA EP

The URL filter is activated to filter access to our employees. We use filtering for VPN access.

The configuration is one of the best features of this product.

When this product was purchased approximately 12 years ago it was the top of the line.

The product has been working very well.

I don't have any issues with the software of this solution. It works as is expected.

View full review »
User at a financial services firm with 10,001+ employees

I have been designing, deploying, implementing, and operating Check Point's Security solutions including NGFWs and EndPoint security as well as Remote Access VPNs, Intrusion Prevention systems, URL filtering, user identity, UTMs, et cetera, for around 12 years. 

I have also used VSX and MDS/MDLS solutions. In my organisation I am using over 150 virtual and physical appliances and also MDS for virtualized/contanerized central configuration management and also central log management MDLS/MLM. We are using this not just for NGFW but also for other Perimeter security solutions.

View full review »
IT Manager at a transportation company with 501-1,000 employees

The web interface was easy for me. The configuration is logical, so it's easy to use and easy to understand how to protect, how to open a port, how to manage, and how to route a device. That's why I prefer Check Point. It's robust and I never have issues with the hardware.

View full review »
Firewall Engineer at a logistics company with 1,001-5,000 employees

Firewalling is one of Check Point's core business attributes, and it just works.

Creating site-to-site VPNs between Check Point Gateways that are within the same management is unbelievably easy. If you create VPNs for 3rd parties and there are mismatches or issues, you will see logs that help pinpoint issues or misconfiguration.

Application control help with identifying applications and therefore makes firewall rules easier since changing ports don't have to be adapted every time an application changes or updates.

View full review »
System Security Engineer at Ziraat Teknoloji

In some features, it is not easy to use the Check Point firewall. 

The IPSEC VPN setup is not easy to configure. In some cases, if the VPN is not established, it is very hard to troubleshoot the configuration. It does not address the problem well. 

The upgrading process takes too much time.

View full review »
José Javier Dominguez Reina - PeerSpot reviewer
Project Manager at Junta de Andalucia

The initial configuration was simple. The previous team was also using Check Point, we only had to export and update the rules. Only a couple of things had to be corrected and changed.

View full review »
Logical Security Deputy Manager - IT at a financial services firm with 1,001-5,000 employees

Check Point offers a reliable firewall solution with VPN options that have allowed us to establish secure and stable connections with other companies and users in a very simple way.

Simple and centralized administration has allowed us to manage all the firewall nodes from a single console, facilitating the deployment of firewalls through the network, since a large part of the configurations and access rules, as well as the protection controls, are managed from a single console and via centralized maintenance.

View full review »
Technology Architect at BearingPoint

The setup is pretty straightforward, at least for the basic setup. Even with more complicated configurations, you have good support and experts at Check Point in the background that can help.

View full review »
IT System Operations Manager at Hamamatsu Photonics KK

They offer very scalable solutions to extend compute resources if needed so initial sizing isn't too much of an issue as you can easily add more resources if needed. Reliability is a major factor in any hardware or software solution, and Check Point uses leading-edge hardware, and their software upgrade process is flexible for various deployment requirements. 

Policy configuration has been consistent over the years, so there is not much of a learning curve as upgrades are released. 

Their threat analysis reporting from their management console is very comprehensive and easy to use. Their web-based dashboard is well designed and offers many out-of-the-box reporting, and provides admins extensive customizations.

View full review »
Innovation Consultant at KPN

Several enterprises, from financial institutions to hospitals, use this product mainly as edge solution. In most cases, the setup was based on a redundant configuration. Other cases which have been rolled out are based on smaller devices in office locations and larger devices in the central datacenter of the customer. As an MSSP we trust the reliability of the solutions, since we cannot risk having our reputation being harmed. Our team is perfectly able to manage the devices on a day by day basis using the central management solution.

View full review »
President at NGA Consulting, Inc.

The initial setup is straightforward and plug and play for a basic configuration to get you started. You can then begin building the NAT and policy rules, which are easy enough to do.

View full review »
reviewer1697127 - PeerSpot reviewer
User at a insurance company with 201-500 employees

Initially, I was using the Cisco ASA5500 series firewall. I never believed there could be better firewall devices in terms of ease of setup and management. The NGFW from Check Point has increased my confidence in terms of performance and ease of configuration with its intuitive interface. It supports the VPN configuration without any unnecessary latency and packet dropping.                                                                                                                              

It blocks over 97% of threats!                                          

View full review »
Head of Technology at African Alliance Plc.

The product is very stable with no crashing or configuration corruption.

View full review »
Executivo de Negócios de TiC at a comms service provider with 10,001+ employees

My customers cite performance and ease of configuration as two of the solution's most valuable features. 

View full review »
Engineer at CENACE

I think the most valuable feature is that the application and configuration were easy for us. When we need to do some work with the networks, configuration and deploying are easy - if I want to search for information, it is easy in the Check Point platform.

View full review »
DiegoMirones - PeerSpot reviewer
General Manager at Qhawariy

I like the facility of the product configuration. The ease with which the solution can be put into production makes it easy for my employers and for me to provide client support. 

View full review »
Network and Security Engineer at BIMBA & LOLA, S.L.

The centrally managed firewalls are great. We can save a lot of configuration time in configuration tasks. We have deployed about 200 devices in record time due to the fact that we use a unique policy for almost all of them.

Logs, Views and Reports are the most detailed compared to other vendors (FortiGate, etc.) We can see a lot of detail in the logs and also we can configure any report we need without any problem and in two clicks.

We can see that, for IPS signatures, we have updates every day, sometimes twice a day, so we see a lot of effort from the vendor. They really try to protect our environment from known attacks and vulnerabilities.

View full review »
Consultant at Systemhaus

Although there is a lot of automation and pattern that can be classified automatically, the IPS systems are sometimes a little bit complicated, and doing the fine-tuning in over 20,000 patterns is hard to do. This has been improved in the last versions, however, it can still be made a little bit better. 

For example, the automatic classification of which pattern should be activated is very simple yet lacks some special configuration options (for example if you want to have more than one classification pattern for the activation).

The HTTPS inspection is very tricky, too. Since there are a lot of applications that are using certificate pinning, most of the SSL traffic (especially to the big cloud provider) must pass without inspection.

Since attackers also use these clouds, there is a problem in getting your security definitions to work.

Of course, this is not a Check Point-specific problem and rather a problem in the HTTPS inspection itself.

There is the need to know which sites are accessed by our staff and to get the visited URLs, to get the internal security policy working. The SSL classification feature of Check Point is a good intention, yet not as good as needed.

View full review »
Networking engineer at Hewlett Packard Enterprise

The Identity-Based Inspection Control gives us the ability to leverage the organization’s Microsoft AD, LDAP, RADIUS, and Cisco pxGrid. 

The Terminal Servers group membership allows policies to automate typical processes (user moves/add/changes) and decrease configuration changes required on the firewall, which is tremendously beneficial. This limits the integration with the identity store to just one interface, and we still get broad security coverage based on a single set of identity policies. 

We leverage the combination of identity and application awareness, which is mandatory in order to build scalable security policies that protect the business without compromising user experience. This feature is extended to the SmartEvent console.

View full review »
Integration engineer at S21sec

In earlier versions, it was a bit hard to do migrations of Multi-Domain Servers/CMAs, nowadays, with +R80.30 it has gotten much easier. I cannot really think of many things to improve. 

One thing that could be useful is to have a website to analyze CP Infos. This way, it would be much faster to debug problems or check configurations. 

Another thing not very annoying but enough to comment on is when preparing a bootable UBS with the ISOMorphic (Check Point's bootable USB tool), it gives the option to attach a Hotfix. However, this usually causes corrupted ISO installations.

One thing to improve is the VSX gateway. It is quite complex to work with VSX and they are quite easy to break if you aren't familiar with them.

View full review »
Chester at Iocane

Product-wise, I have no real complaints. 

Potential improvements could be made around simplifying VPN functionality and configuration.  

The main area that the organization can improve is around the lack of local, in-state technical support. Competitor vendors have a strong presence in the Adelaide Market, however, Check Point has always been limited with its commitment to staffing local technical resources. If this focus is made, I could see Check Point returning to the strength that it once had in the Adelaide market.

View full review »
Snr Information Security Analyst at The Toronto Star

The product has improved visibility into the traffic going through our network.

For all traffic leaving the network, Check Point provides the capability to inspect and permit traffic using not just ports but application IDs, which is more secure than simply permitting TCP/UDP.

Check Point has a robust IPS Blade which has added an additional layer of security on connections to the data center.

Check Point's compliance blade also helps in checking how Check Point's appliance configuration is in compliance with any requirement that we need to provide evidence for.

View full review »
TitleNetwork Manager at Destinology

Check Point is very feature-rich. There aren't any features missing or that I am awaiting in a future release. 

The only downside to Check Point, is, due to the vast expanse of configurable options, it does become easily overwhelming - especially if your coming from a small business solution like Draytek. 

Check Point comes with a very steep learning curve. However, they do offer a solid knowledge base. Some issues I have encountered in my five years have only been resolvable via manually editing configuration files and using the CLI. Users need to keep this in mind as not everything can be configured via the web interface or their smart dashboard software. 

View full review »
Senior Infrastructure Technical Analyst at

I protect customers and other types of data by ensuring a secure environment. Check Point allows me to deploy quickly and securely, along with using more advanced detection and prevention. By securing multiple sites and various infrastructure elements, I have reduced my overall workload.

I'm using a lot of permanent tunnels and protecting them to ensure that monitoring customer infrastructure is not compromised in any way, shape, or form.

Various hardware has been deployed at proper sizing for customers and the equipment is stable without the need for a lot of custom configuration

View full review »
IT Consultant/Engineer at a computer software company with 11-50 employees

You need to merge all the old consoles into one new one and make the interface more convenient for the novice administrator. Until now, the initial settings as well as subsequent changes to the "iron" part of the firewall, namely its interfaces, routing, or DCCP settings, you must use the web interface through a browser. This is inconvenient. Of course, you can use the command-line for these purposes, however, this also complicates the configuration process for the administrator and requires a well-known habit.

View full review »
Senior Network Security Engineer at a tech services company with 1,001-5,000 employees

We wanted to deploy a specialized Next-Generation Firewall in our perimeter security.

The solution addresses the Security requirements at Perimeter Layer including:

  1. Network IPS
  2. Application Control
  4. SSL VPN.
  5. Proxy

It was required to enable IPSEC VPN between our vendors across the world

We got positive responses on Check Point Firewalls from our vendors as well.

Our team addresses the regular audits with a Next-Generation Firewall, starting from configuration and application vulnerabilities to customized reporting.

View full review »
Oscar Daniel Garcia - PeerSpot reviewer
IT Director at Facultad de Ciencias Actuariales, Universidad Anáhuac México

I would rate this solution a nine out of ten. This is a very good solution. It's complex because it's not too easy to use, but the brand and our partner help us with NG Firewall configuration issues or other solutions like Harmony.

The university is growing every year and with that, I purchase more endpoint licenses and Harmony Endpoint because the firewall works well on the dimension and capacity. Next year, we plan to integrate Harmony Email and Office. The solution also prevents threats to Office 365.

View full review »
Leandro Oliveira - PeerSpot reviewer
Infrastructure Manager at trt18

The initial setup is hard. We came from another Cisco solution and even then it is hard, especially talking about the traffic. So we had to inspect the traffic and sometimes we had to do a lot of configurations. It would be nice if it was easier.

It took about three months to deploy.

It would be nice if it was easier to set up and to maintain.

View full review »
Anil Redekar - PeerSpot reviewer
Senior Network Engineer at Infosys

In our organization, we are using policy configurations where various policies are configured for internal to outside organization communication, and our DM's are there too. Various zones are created in our organization. 

For each particular zone, if I want to communicate with the external zone, then I need to create a policy for internal to external. Various rules can be created, particularly for organization communication outside the organization. It will be configured in our organization and four gateways are there allowing for our four different locations to communicate. 

In our HR deployment, hiring deployment, there is a new and legacy mode that we are currently using.

View full review »
Network at financial sector

For the migration for Smart-1, I wish the security policy could allow for a migration per gateway. 

There needs to be more storage space for reporting. The storage is always full if the reporting feature is on.

We need HA for Smart-1.

The traffic trekking (logs view) needs to be more accurate. Some traffic is often not in the logs view.

We'd like to have more user friendly menu for import vpn users.

There needs to be more compatibility with SIEM.

It would be great if we could join domains with more than one Active Directory server (active-active).

There needs to be an easy menu for export backup configuration (the current menu always has an error).

The signature information needs more detail. We need to know current update versions and on running versions.

View full review »
Senior Systems Engineer at Upper Occoquan Service Authority

It was pretty simple to transfer the old firewall configuration to the new one. So, it was pretty straightforward and easy. I would rate it a four out of five in terms of effortlessness.

It took over a month. We ran two systems. We built a new system for a couple of weeks before switching over completely.

View full review »
Analista de suporte at NTSec

The Check Point could use more time to upgrade the VPN configurations console. At the moment it is not easy to configure some VPN S2S in Check Point. You need to keep opening several groups, objects, and options to configure one simple VPN.

View full review »
Ingeniero de Infraestructura at E-Global S.A.

Check Point's most useful feature is threat prevention and extraction. It was tough to manage seven firewalls and a perimeter solution for IPS, anti-malware, anti-bot, and sandboxing. 

Integrating everything in Check Point allows us to see all the attacks that are blocked with our perimeter countermeasures every day. Check Point's high detection rate improves our overall security posture, and we can achieve a low rate of false positives through a few adjustments to the configuration.

View full review »

The Check Point Next Generation Firewall solution has allowed us to improve our protection scenario as it is above other products that we have known. It allows us to easily update against the latest security vulnerabilities and has also allowed us to have the opportunity to analyze unexpected behavior in files and applications.

In addition, the constant improvement in the new versions allows us to include better features in the administration and ease in its configuration and allows for the possibility of obtaining important data through the reports that it generates.

View full review »
Senior Solution Architect at a comms service provider with 51-200 employees

The implementation of Check Point NGFW difficulty level depends on the environment. For example, from the initial deployment, it can be easy, but you have to keep your teams learning, they have to consider their traffic size and many other factors. However, the configuration can be difficult, you need a lot of knowledge. Integrating Check Point NGFW with different networks requires a lot of knowledge about the infrastructure.

View full review »
Technology at Partswerx

Check Point VPN has been most valuable to our organization. Having a hardware solution that allows our remote users to connect securely to our business is extremely valuable. 

The ease of use, setup and configuration backed by the knowledgeable support of Check Point has made this a smooth and easy setup. Our users can get connected securely, anywhere. When connected with our Check Point VPN endpoint, users get the same security and prevention from the threat prevention module as the rest of the devices on our network.

View full review »
Network Engineer at Fujairah Port

The list of site-to-site VPN configuration options is long. They can become confusing and communication with other vendors when deploying VPNs is not the strongest. It's totally different from any other VPN vendor I've encountered.

It lists the current threats identified on the appliance's front page. It would be easier to find information by clicking on the threat and clicking the exact logs, rather than all host logs.

The smart console is heavy. It would be better if it was like the web-based consoles that Palo Alto and Fortigate FW offer.

View full review »
Afrizal Guntur - PeerSpot reviewer
Junior Security Engineer at PT Kereta Api Indonesia (Persero)

We use the solution for the DMZ firewall. It's very common and very easy to make configuration, Having IPsec for tunneling solutions with third-party routers and firewalls with other branch offices is very helpful. 

It offers support for segmentation networks. 

The geolocation feature makes it so that our company can easily allow or block a location of IP and can integrate with our SOC or our log management system. 

URL filtering is very powerful for blocking malicious connections. 

The user interface is very cool and easy to use. It has anti-DDOS protection which is very useful too.

View full review »
Ümit Güler - PeerSpot reviewer
Consultant at KoçSistem

If you are looking for a firewall appliance that has a lot of security features, easy installation, and configuration, Check Point firewall products are the best for you.

View full review »
Systems Engineer at HarborTech Mobility

Configuration using the command line is not that simple and user-friendly.

There is no email security.

It's a bit confusing to configure at first. An example is having to set up separate source and destination NAT rather than a simple static mapping. Some configurations require accessing multiple different sections rather than being consolidated in one area. License subscriptions are a bit confusing as well for additional features.

The CLI is not very useful.

There's no option to import bulk address objects.

The firewall default rule 0 blocks rule matches to allowed traffic, even though allow rule is written.

View full review »
Adhi Wahyu - PeerSpot reviewer
Network Engineer at RSUP Dr. Sardjito

The product could provide an easier user interface and management, by combining all functions (network and policy configuration) into one single application rather than splitting it into different applications. 

Users will also really appreciate it if Check Point provides a free management and logfile analysis module. In the existing setup, a user must pay an extra subscription fee to have access to the firewall management module. It makes the user without a subscription unable to fully gain insight from the firewall log file so they are unable to fully utilize the device

View full review »
Solutions Architect, Cyber Security & Networking team at Expert Systems Ltd

The solution provides better stability and some interesting features such as the ease of throughput expansion (or we can say the load sharing).

The scalability helps to offload the high traffic volume during school time. It also enhances redundancy. 

The load sharing capabilities using ClusterXL is possible to switch over the cluster mode to load sharing or Maestro. I also appreciate how easy it is to scale this product.

It is also great that the Check Point community (CheckMates portal) has a lot of helpful guidance. It helps us to work better and ease to find unfamiliar configurations on the new features, it is great for larger organizations as well as very small ones.

View full review »
System Administrator at System Administrator

Unfortunately, as is the case with many big companies, new features seem to always be more important than fixing the last little bugs that affect only a minor customer base. 

The command line, for instance, is still needed regularly if you want to dive deeper into debugging certain issues. 

While it certainly has improved over the years, it still doesn't feel like a polished product. Some features (e.g. super netting VPN connections) need to be enabled by editing a configuration file, which is sometimes lost upon upgrading to a new version. I'd really like to see more easily manageable debugging solutions. 

View full review »
Information Technology Security Specialist at AKBANK TAS

In my company, there have between ten and 15 firewalls on-premises, and if I want to configure or push the same configuration to all of the firewalls, then the centralized management system is easy and very helpful. 

It is difficult to convey the end-user experience. However, in general, administrators can get used to the interface and start working quickly. Especially after Revision 81.10, I can say that everything became more stable and faster in terms of management. It should be said that it does quite well on the DDOS side.

View full review »
Fabian Miranda - PeerSpot reviewer
Subject Matter Expert - Helthcare and Corporate Verticals Development at Lenovo

The management console offers excellent visibility of all security options and configurations, also showing all the traffic from each user. 

Once you're working on a specific action, the interface will pop relevant information around past actions contradicting the new policy, showing you strictly where potential threats may come from. 

Admins and executives are more at ease with the compliance engine within the software as it measures how many of the security requirements we're compliant with, making their work much more accessible from that standpoint.

View full review »
Adriamcam - PeerSpot reviewer
Consultant at ITQS

One of the valuable characteristics of Check Point NGFW is that it presents very centralized management. Due to this, it's improved our security throughout the organization and outside of it. Many collaborators work from their homes or different places and help us filter, limit of access to packet inspection with flexibility and speed that was not previously possible.

Other characteristics are the records that it shows us and generates depending on its configuration and they are very visible to be able to attack and correct in time, or when superiors ask us for administrative information in that part it provides great value.

View full review »
Jonathan Ramos G. - PeerSpot reviewer
Cloud Engineer at ITQS

The most outstanding feature of Check Point is the possibility of having more than 60 indicating services within it. Among the most outstanding in keeping safe is its rule management, VPN configuration, SSL, and, above all, HTTPS Inspection, which is a solution that allows us to see what users do. We can decipher the activity of each connection and see what is inside it. In this way, we ensure that the data is not violated or violated by third parties outside our organization and we validate the internal and timely security. 

View full review »
kenyan_reviewer - PeerSpot reviewer
User at Pevans EA Ltd

The following can be improved:

1) The management solution is currently using a desktop client for administration purposes. This should be improved by ensuring configuration on the firewalls can be done 100% using a web-based approach. This is currently a work in progress in R81.X, yet should be fast-tracked.

2) The Check Point TAC support has, in recent years, deteriorated. Getting support is usually a pain as the TAC engineers don't seem to understand our issues fast enough and are not readily available. This is in contrast to the amount of money paid for the support.

View full review »
Network Engineer at Pevans EA Ltd

1. Complexity in upgrades. Currently, upgrades are quite cumbersome. I would prefer the click of a button and process upgrades.

2. Pricing. The pricing is quite high as compared to other industry firewalls (such as Cisco or Fortinet).

3. Documentation. They have to improve on providing more documentation and examples for certain features online. In other sections, it feels shallow and we could use more information and examples.

4. Complexity in system tweaks. There are some knobs that need to be tweaked at the configuration files on the CLI which can be considered complex.

5. Check Point Virtual Security. The features take a bit more time to be released as compared to physical gateways.

View full review »
Palo Alto Networks NG Firewalls logo Palo Alto Networks NG Firewalls: Configuration
Solutions Architect at a computer software company with 10,001+ employees

As a solutions architect group, we are what you would call "vendor-agnostic." We evaluate any solution that seems like it may be viable to provide clients with some advantages. I will never go to a customer and say that these are the only products that we are going to support. However, if there is something that a client wants to use which I feel would be detrimental to their business or that doesn't fit their needs, I will encourage them to look at other solutions and explain why the choice they were leaning towards may not be the best. When a solution they want to use means that no matter what we do they are going to get broken into, I'll let them know. It isn't good for their business or ours.

That said, some of the most requested or considered firewall solutions by clients beside Palo Alto are Fortinet, Firepower, and Meraki. Looking at each provides a background into how we look at solutions and how we evaluate options for clients. You have to look at the benefits and disadvantages.

Cisco Firepower NGFW (Next-Generation Firewall)

I think that Firepower can be simplified and can be made into a more viable product in the Cisco line. I think that Cisco has the ability to get into the Firepower management platform and trim it, doing so by breaking down all of the different areas of concern and configuration and categorizing them into overviews, implementation across the board, and steady-state management. If they were to do that, then users could start at the top layer and drill down more as they see fit to customize to their needs. I believe that Cisco can do that with Firepower and make it a much better security tool.

Firepower is not just a firewall, it is an SD-WAN. It is an application that Cisco sells that gets loaded onto an ASA 5500 series appliance (the appliance has to be the X platform). It is not a bad solution. I can use it to get into your network and protect a lot of your customers who will be running traffic through it. But a problem that you are going to get into as a result of using Firepower is that it is extremely difficult to configure. Security engineers that I have handed the setup after a sale came back from the service and asked me never to sell it again because it was very difficult for them to set up. However, it is also very secure. The difficulty is in using the GUI, which is the console that you would log into to set up your rules and applications. It can take about 10 times as long as Meraki to set up, and that is no exaggeration. Palo Alto is easier to set up than Firepower, but not as easy to set up as Meraki. But, the security in Palo Alto is phenomenal compared to Meraki. Firepower is pretty secure. If it was a little easier to operate, I'd be recommending it up one side and down the next, but ease-of-use also comes into play when it comes to recommending products.

I'll support what Firepower has to offer considering the quality of the security. But I can't take anyone seriously who is proud of themselves just because they think their firewall is next generation. It might have that capability but it might not be 'next generation' if it is set up wrong. Some vendors who sell firewall solutions that I've spoken to admit to dancing their customers around the 'next generation' promise and they make amazing claims about what it can do. Things like "This firewall will protect the heck out of your network," or "This firewall has built-in SD-WAN and can save you lots of money." These things are true, perhaps, depending on the clients' needs and the likelihood that they will be able to properly manage the product. 

Firepower is a capable solution but it is difficult to set up and manage.

Cisco Meraki NGFW (Next-Generation Firewall)

Meraki was a horrible acquisition by Cisco and it is harming their name. All of us who are familiar enough with the firewall know how bad that firewall is and we know that Cisco needs to make changes. The acquisition is almost funny. The logic seemed to be something like "Let's buy an inferior security solution and put our name on it." That is a textbook case on how not to run a company.

If Cisco wanted to improve Meraki, the first thing they need to do is simply activate the ability to block an unknown application. Start with that and then also improve utility by blocking every threat by default like other products so that users can open up traffic only to what they need to. That saves innumerable threats right there.

There are situations where Meraki works very well as is. One example is at a coffee shop. What the coffee shop needed for their firewall solution was to have a firewall at every location for guests. The guests go there to eat their donuts, drink their coffee, and surf the internet. The company's need was simply to blockade a VLAN for guest access to the internet while maintaining a VLAN for corporate access. They need corporate access because they need to process their transactions and communications. All corporate devices can only communicate through a VPN to headquarters or through a VPN to the bank. For example, they need to process transactions when somebody uses their debit card at a POS station. It works great at the coffee shop. 

It works great at department stores as well. All employees have a little device on their hip that enables them to find what aisle a product is in when a customer asks them. If the store doesn't have the product on hand, the employee can do a search for another store that does have it in stock right on the device. They can do that right on the spot and use that service for that device. For that reason, they are not going across the internet to find the information they are searching for. They are forced into a secure tunnel for a specific purpose. That is something you can do with Meraki. If you don't let employees surf the web on the device, then Meraki will work.

I can actually give you the methodologies in which hackers are able to completely hack into a Cisco customer's network and steal extremely valuable information. Meraki is the most simple of all firewalls to infiltrate in the industry. It is an extremely dangerous piece of hardware. What comes into play is that Meraki, by default, does the opposite of what all of the other firewalls do. Every firewall not called Meraki will block every means of attack until you start saying to permit things. The Meraki solution is the opposite. Meraki, by default, blocks nothing, and then you have to go in and custom key everything that you want to block. This is dangerous because most people don't know everything in the world that they need to block. With Meraki, you have to get hacked in order to be able to find out. Now, tell me who really wants that.

An example of this is that Meraki cannot block an application it doesn't know about, which means that all unknown applications are forever allowed in by Meraki. If I am a hacker and I know that you are using a Meraki firewall, I can write an application to use for an attack. When I do, it is unknown because I just wrote it today. If I load it up on a website, anybody that goes to that website using a Meraki firewall has this application loaded onto their computer. Meraki can't block it. That application I wrote is designed to copy everything from that person's computer and everything across the network that he or she has access to, up to a server offshore in a non-extradition country. I will have your data. Now I can sell it or I can hold you for ransom on it.

Customers love it because it is simple to configure. I don't even need to be a security architect to sit down at a Meraki console and configure every device across my network. It is an extremely simple device and it's extremely cheap. But you get what you pay for. You are generally going to suffer because of the simplicity. You are going to suffer because of the low cost and "savings."

All I can say about Meraki is that it is cheap and easy to use and fits well in niche situations. If you need broader security capabilities, spend a few bucks on your network and get a better security solution.

Fortinet FortiGate
 NGFW (Next-Generation Firewall)

I'm supportive of Fortinet because it is a decent next-generation firewall solution. While not as secure as Palo Alto, it is a cost-effective and reasonably reliable product. I have customers choose it over Palo Alto. But if they decide to use this solution, I want to charge them to manage it for them. The reason for that is, if anything goes wrong in the network and they get hacked, my client will likely get fired and replaced. If anything goes wrong in the network and I am paid to manage their firewall, I am the one in trouble if they get hacked — not the client. I apply my services to the network, make sure everything is working as it should and give them my business card. I tell them that they can give the business card to their boss if anything goes wrong because the guy on the card is the one to blame. That way I remain sure that nothing will go wrong because of poor administration, and my client contact sleeps better at night.

Fortinet is sort of middle-of-the-road as a solution. It has a relative simplicity in setup and management, it has a lower price and provides capable security. Fortinet FortiGate still gets some of my respect as a viable alternative to Palo Alto.

Comparing the Complexity of Setup

Firepower is the most complex to set up. The second most complex is Palo Alto. The third is Fortinet. The fourth is Meraki as the simplest.

Rating the Products

On a scale from one to ten with ten being the best, I would rate each of these products like this:

  • Meraki is a one out of ten (if I could give it a zero or negative number I would).
  • Fortinet is seven out of ten because it is simple but not so secure.
  • Firepower is seven out of ten because it is more secure, but not so simple.
  • Palo Alto is a ten out of ten because the security side of it is fantastic, and the gui is not a nightmare.

An Aside About Cisco Products 

It is interesting to note that the two offerings by Cisco are on completely opposite ends of the spectrum when it comes to the learning curve. Firepower is on one end of the spectrum as the most difficult to configure and having the worst learning curve, and Meraki is on the other as the easiest to configure and learn. Both are owned by Cisco but Cisco did not actually develop either of product. They got them both by acquisition.

View full review »
Khawaja AhsanZia - PeerSpot reviewer
Network Security Engineer at a tech services company with 11-50 employees

The initial setup is a very smooth process integrated with initial configuration. It's very easy. 

View full review »
MIhajlo MItev - PeerSpot reviewer
System Administrator at a mining and metals company with 51-200 employees

I was using Check Point before Palo Alto. I am very disappointed with Check Point because I had to reboot power three to five times a week. Palo Alto Networks NG Firewall is comparatively very easy to manage and use. It has better logic for configuration than other firewalls.

View full review »
Team Lead Network Infrastructure at a tech services company with 1-10 employees

It's a next-generation firewall and it's pretty stable. You don't have to worry about if you restart it for some maintenance. It will just come back. Basically, it would come back in a straightforward manner. There are no stability issues.

The one thing that I like about Palo Alto is it's throughput is pretty straightforward. It supports bandwidth and offers throughput for the firewall.  The throughput basically decreases.

Palo Alto actually provides two throughput values. One is for firewall throughput and other is with all features. Whether you use one or all features, its throughput will be the same.

It's performance is better than other firewalls. That is due to the fact that it is based on SPD architecture, not FX. It basically provides you with the SB3 technology, a single path parallel processing. What other brands do is they have multiple engines, like an application engine and IPS engine and other even outside management engines. This isn't like that.

With other solutions, the traffic basically passes from those firewalls one after the other engine. In Palo Alto networks, the traffic basically passes simultaneously on all the engines. It basically improves the throughput and performance of the firewall. There's no reconfiguration required.

View full review »
Jan Hammer - PeerSpot reviewer
Marine Consultant/Captain/Senior DPO at Jan Arild Hammer

Its price can be better. They should also provide some more examples of configurations online.

View full review »
Hari Pandu Dairi - PeerSpot reviewer
Network Engineer at a tech services company with 201-500 employees

I like the architecture because it separates the management plan process and the data plan process. When I perform something CPU-intensive on management configurations, it doesn't disturb the data plan.

On the data plan, it uses parallel processing. This makes the security process and network process is more efficient.

View full review »
AnkitMittal - PeerSpot reviewer
Network Engineer at Vibs

Implementing this product can be a little bit difficult. The configuration is difficult compared to other products, so it would be nice if there were videos are other instructions available. It can be very time consuming for the network administrator.

View full review »
Sr. Engineer at a comms service provider with 51-200 employees

We set up this solution for companies of all sizes, from small to large enterprises. One of our clients is a telecom, which is quite sizable. They have the most complex configuration. The solution, however, is able to work for any company, no matter what the size. In that sense, it's a scalable option.

That said, the NG firewall is not a typical product that we can scale up on a whim. If we want to scale up in this product, we need to buy a higher series. We have to replace it. If we want to scale out this product, we can do a roll out in another location. Therefore, you can expand it out, however, you do need to change the sizing, which means getting a size or two up.

View full review »
Network Security Engineer at a tech services company with 1,001-5,000 employees

I think automation and machine learning can be improved to make bulk configurations simpler, easier, and faster. Scalability can also be better.

View full review »
Information Technology Project Manager at JSC "Penkiu kontinentu komunikaciju centras"

The configuration is very simple. 

View full review »
Network Manager at a financial services firm with 1,001-5,000 employees

The ease of use and the ease of configuration of our policies are the most valuable features.

View full review »
Network Administrator at a healthcare company with 201-500 employees

It's been 10 years and I don't remember any outages because of a hardware failure or a logical error in configuration. We had problems with servers or switches initially but it works like a charm now. 

View full review »
Swapnil Talegaonkar - PeerSpot reviewer
Technology consultant at a tech services company with 501-1,000 employees

The initial setup is pretty straightforward. We just had to do the initial configuration of hardware, deploy our Panorama VM and integrate with hardware firewall, and it is pretty simple. It's also quite self-explanatory. 

View full review »
Network Administrator at a real estate/law firm with 201-500 employees

The SD-WAN product is fairly new. They could probably improve that in terms of customizing it and making the configuration a little bit easier.

View full review »
Security Team Technical Manager at ECCOM Network System Co., Ltd.
  • Application identification
  • Antivirus
  • Vulnerability protection
  • URL filtering
  • IPsec VPN

Palo Alto NGFW provides a unified platform that natively integrates all security capabilities. Most of our customers are busy. They cannot afford the time to learn very complicated user interfaces and configuration procedures. With Palo Alto Networks, they offered a unified user interface for all its NG Firewall products and Panorama. I think it reduces some of our customers' maintenance time. 

Palo Alto NGFW’s unified platform has helped our customers eliminate security holes. With a unified platform, customers can deploy the NG Firewall both in the data center edge, inside the data center, and in the product/public cloud environments. They have the same user interfaces and platform, so they can be maintained by a single unified platform called Panorama. Customers can use Palo Alto Network NG Firewalls in all the places where they need to protect their environments. This helps to decrease security holes.

View full review »
Senior Network Engineer at a tech services company with 201-500 employees

With Palo Alto NG Firewalls, we can pass all compliance requirements. We trust it and we are building the security of our environment based on it. We feel that we are secure in our network.

It also provides a unified platform that natively integrates all security capabilities. It's very important because it gives us one solution that covers all aspects of security. The unified platform helps to eliminate security holes by enabling detection. It helps us to manage edge access to our network from outside sources on the internet and we can do so per application. It also provides URL filtering. The unified platform has helped to eliminate multiple network security tools and the effort needed to get them to work together with each other. In one appliance it combines URL filtering, intrusion prevention and detection, general firewall rules, and reporting. It combines all of those tools in one appliance. As a result, our network operations are better because we have a single point of view for our firewall and all related security issues. It's definitely a benefit that we don't need different appliances, different interfaces, and different configurations. Everything is managed from one place.

View full review »
Chief Architect at a recruiting/HR firm with 1,001-5,000 employees

Historically, DNS would have been from local providers. Now, having a centralized DNS allows us to make sure there are no issues of DNS cache poisoning and DNS exfiltration. 

The solution has definitely helped us with the security holes around visibility and uniform policy deployments across the estate. Unified, centralized configuration management definitely helps us reduce the risk by having a central place where we can create a policy, and it is deployed everywhere, without the risk of human mistakes creeping in, e.g., typo mistakes creeping into configurations.

View full review »
Quoc Vo - PeerSpot reviewer
Director Of Technology at La Jolla Country Day School

I have been looking at different firewalls because our service and maintenance contracts are up on it. We have two different outsourced folks who look at the firewall and help us do any configurations. My staff and I lack the knowledge to operate it. For any change that we need to make, we have to call these other folks, and that is just not sustainable.

We are moving away from this solution because of the pricing and costs. Everything costs a lot. We are moving to Meraki MS250s because of their simplicity. They match the industry better. I have called the bigger companies, and Meraki matches the size, then the type of institution that we are.

If someone was looking for the cheapest and fastest firewall product, I would suggest looking at the Meraki products in the educational space. I think that is a better fit.

View full review »
Amar-Patil - PeerSpot reviewer
Security Engineer at Hitachi Systems, Ltd.

The initial deployment is straightforward; very simple. The primary access for these firewalls is quite simple. We can directly access them, after a few basic steps, and start the configuration. Even the hardware registration process and licensing are quite simple.

The time it takes to deploy a firewall depends upon hardware and upon the customer's environment. But a basic to intermediate deployment takes two to three months.

View full review »
Presales Specialist at a tech services company with 1-10 employees

The initial setup is really easy. If you're working with Palo Alto Panorama, which is their management server, it's very easy to deploy a lot of appliances in a couple of days, because you're just sending out the configuration and templates on a blind device. In a couple of hours that device is working like the rest.

View full review »
Network Analyst at a recreational facilities/services company with 1,001-5,000 employees

It is our main Internet firewall. It is used a lot for remote access users. We also use the site-to-site VPN instance of it, i.e., LSVPN. It is pretty much running everything. We have WildFire in the cloud, content filtering, and antivirus. It has pretty much all the features enabled.

We have a couple of virtual instances running in Azure to firewall our data center. Predominantly, it is all physical hardware.

I am part of the network team who does some work on Palo Alto Networks. There is actually a cybersecurity team who kind of controls the reins of it and does all the security configuration. I am not the administrator/manager in charge of the group that has the appliance.

View full review »
Technical Manager at a tech services company with 201-500 employees

We are an implementation partner for Palo Alto. One of the companies we implemented its Next-Generation Firewalls for was previously using Barracuda. A ransomware attack happened and they lost all their backup data, and their configuration. Once we implemented Palo Alto for them, there were similar attacks but they were blocked.

Along with Prisma, it helps in preventing a lot of attacks, especially Zero-day attacks.

View full review »
Amol Kurane - PeerSpot reviewer
Deputy General Manager IT at ARAI

We are not happy with Palo Alto at all. It would be better if they provided more support for the firewall. We have a few pending issues with the configuration for each application. We cannot deploy them yet due to some support-related problems in the firewall.

We have deployed a few policies for DNS spoofing and DNS attacks, but we could only block a few IP addresses through the policy. That's DNS security, and we have configured a few policies for DNS spoofing and more.

URL categorization and URL filtering are not yet adequately maintained. For example, if you created a few rules in the rule-based configuration and made some rules downstairs, you will lose some of them if you give access upstairs. It's not giving us a proper solution for which route it is using. We need to apply the application-based policies and URL filtering-based policies. It creates more issues because we are not getting good support from the team.

View full review »
Hamada Elewa - PeerSpot reviewer
System Engineer - Security Presales at Raya Integration

Someone who says, "We are just looking for the cheapest and fastest firewall?" can get a free firewall, but they will not be protected. They will not be updated against the latest attacks all over the world.

There are tools on the Palo Alto portal that can be used to enhance the configuration of your Palo Alto product and they are free.

Overall, I love Palo Alto.

View full review »
Gokul Anand - PeerSpot reviewer
Deputy Manager at a financial services firm with 5,001-10,000 employees

The technical support is good. I would rate them as 10 out of 10. 

They are able to support me and the issues that have arisen, which have been very minimal. For cases where we break something in the configuration or any bug that is out of control, they are good in understanding and analyzing our issues as well as providing a solution for them. That is why I rated them as 10.

View full review »
Matt Gahafer - PeerSpot reviewer
Network Engineer at Samtec, Inc.

These are gateway firewalls to the Internet for every site. At a majority of the sites, we use the firewall as our gateway for the network below.

Previously, we used them just for the Internet firewall and Internet security side. However, in the last year or two, we have started to migrate them as the gateway routers, e.g., as gateways for the networks below. They are doing Internet firewalling as well as firewalling for the networks below.

We are using the PA-220s, PA-440s, PA-820s, PA-3250s, and PA-5250s. We are using all of those hardware models. Then, we are running the PAN-OS 10.1.3 on those.

We have around 40 locations worldwide. At minimum, we have one Palo Alto Networks NG Firewall at each location. At some of the larger sites, we have two Palo Alto Networks NG Firewalls in HA configuration. Then, at our headquarters and disaster recovery site, we have two at each site.

View full review »
Solutions Architect at HCL Technologies

The most important thing is that it's really user-friendly. I have almost stopped using the CLI because I like the graphical interface. You can do whatever you want on a single screen, including all the configuration and implementation, using Panorama. You don't have to switch from one place to another. And the best part is that you can manage multiple Palo Alto devices. We do have other companies' devices and for them we need to go to the CLI. But with Panorama, you almost get everything you need. It is very important for managing all the technology and features on the device, and for adding multiple devices, on one page.

Palo Alto also gives you a lot more options to troubleshoot and fix problems. That really helps our operations team.

Another valuable feature is the sinkhole option. If a malicious packet travels across the firewall, the firewall detects it as malicious traffic but it doesn't stop the traffic then and there. That way the attacker assumes that they have been successful but they have not. It's a type of honeytrap. It allows us to keep on responding to those packets.

Also, when the firewall does network discovery it can detect a malfunction or bugs or a configuration issue. That is very important. If your endpoint system is not functioning properly, it gives you an extra layer of protection in the network discovery field. It shows you all the options and all the data if your system is not compliant.

The Single Pass architecture is a nine out 10. A single pass is always good.

View full review »
Gabriel Franco - PeerSpot reviewer
Senior Service Delivery Engineer at NetData Innovation Center

There are no issues with stability. In most cases, they are very stable. 

We recommend our customers to have an HA configuration with active/passive, which is very good in Palo Alto. It takes seconds to change from one firewall to another, which provides reliability and prevents loss of service because of a hardware problem or a network problem on a device. Having an HA environment makes your network resilient.

View full review »
Ferenc Balku - PeerSpot reviewer
System Engineer at a tech vendor with 1-10 employees

The solution's VPN, called GlobalProtect, could be improved as I've had a few issues with that. 

It can be challenging to migrate configurations between Palo Alto firewalls or restart with a backup configuration using the CLI. That could be improved. I think I'm one of the only people still using the CLI over the GUI, so that's just a personal issue.

View full review »
Marcin Chudzik - PeerSpot reviewer
Senior Security Engineer at T Systems Poland

The security features are the most valuable aspect of Palo Alto's Next-Generation Firewalls. It has all the typical static threat protection based on signatures and WildFire dynamic analyzers. I love this feature. Palo Alto Networks updates the signatures of global threats on the cloud every 60 seconds, so we are protected against the latest threats. 

It also has SD-1, but unfortunately, very few customers in Poland want to enable SSL decryption. From time to time, we have customers who want to test this. Machine learning is crucial to security features like anti-spyware and URL security profiles. Palo Alto was one of the first firewalls to have this capability. It helps us analyze real-time traffic using machine learning instead of signatures. Palo Alto has a better web interface than other firewalls I've used.

The DNS Security checks if your DNS queries are valid because infected computers try to connect to the DNS domain. We have this configuration to block access to the domain. We can use the application to block the DNS tunnel link. 

View full review »
Ali Mohiuddin - PeerSpot reviewer
Security Architect at a educational organization with 201-500 employees

One of the key features for us is product stability. We are a bank, so we require 24/7 service.

Another feature we like about Palo Alto is that it works as per the document. Most vendors provide a few features, but there are issues like glitches when we deploy the policy. We faced this with Cisco. When we pushed policies and updated signatures, we ran into issues. With Palo Alto, we had a seamless experience.

The maintenance and upgrade features are also key features. Whenever we have to do maintenance and upgrades, we have it in a cluster and upgrade one firewall. Then, we move the traffic to the first one and upgrade the second one. With other vendors, you generally face some downtime. With Palo Alto, our experience was seamless. Our people are very familiar with the CLI and troubleshooting the firewall.

It's very important that the solution embeds machine learning in the core of the firewall to provide inline real-time attack prevention. There is one major difference in our architecture, which we have on-premises and on the cloud. Most enterprises will have IPS as a separate box and the firewall as a separate box. They think it's better in terms of throughput because you can't have one device doing firewall and IPS and do SSL offloading, etc. In our new design, we don't have a separate box.

When we looked at Palo Alto about five years ago, we felt that the IPS capability was not as good as having a separate product. But now we feel that the product and the capabilities of IPS are similar to having a separate IPS.

Machine learning is very important. We don't want to have attacks that bypass us because we completely rely on one product. This is why any AI machine learning capability, which is smarter than behavioral monitoring, is a must.

There was a recent attack that was related to Apache, which everyone faced. This was a major concern. There was a vulnerability within Apache that was being exploited. At the time, we used the product to identify how many attempts we got, so it was fairly new. Generally, we don't get vulnerabilities on our web server platform. They're very, very secure in nature.

We use Palo Alto to identify the places we may have missed. For example, if someone is trying something, we use Palo Alto to identify what kind of attempts are being made and what they are trying to exploit. Then we find out if we have the same version for Apache to ensure that it protects. Whenever there are new attacks, the signature gets updated very quickly.

We don't use Palo Alto Next Generation Firewalls DNS security. We have a separate product for that right now. We have Infoblox for DNA security.

Palo Alto Next Generation Firewall provides a unified platform that natively integrates with all security capabilities. We send all the logs to Panorama, which is a management console. From there, we send it to our SIM solution. Having a single PAN is also very good when we try to search or if we have issues or any traffic being dropped. 

Panorama provides us with a single place to search for all the logs. It also retains the log for some time, which is very good. This is integrated with all our firewalls. Plus, it's a single pane of glass view for all the products that we have for Palo Alto.

When we have to push configurations, we can push to multiple appliances at one time. 

Previously for SSL offloading, we utilized a different product. Now we use multiple capabilities, IPS, the SSL offload, and in certain cases the web browsing and the firewall capability altogether. Our previous understanding was that whenever you enable SSL offloading, there is a huge impact on the performance because of the load. Even though we have big appliances, they seem to be performing well under load. We haven't had any issues so far.

View full review »
Ishan Kumara - PeerSpot reviewer
Senior Vice President/Chief Financial Officer at a financial services firm with 1,001-5,000 employees

The initial setup was straightforward. The initial configuration took one to two hours. You need to configure the policies and features. Since we had to do performance tuning, it took us two to three weeks.

View full review »
Cisco IOS Security logo Cisco IOS Security: Configuration
Technical Lead at a tech services company with 10,001+ employees

I was not part of the installation process. That was handled by another team entirely. That said, they didn't take a lot of time to get everything up and running. It was, if I recall correctly, less than one week to put it up and test it and make all the configuration adjustments. Deployment was fast and it's my understanding that the whole process from beginning to end was straightforward.

We only needed two people and they were able to handle both deployment and maintenance. They are engineers.

View full review »
Owner at it logic

The configuration should be easier in the solution.

View full review »
Sr. Security and Enterprise Architect at a security firm with 11-50 employees

As a Cisco partner/reseller, security has been a concern for many years. Cisco has a security concept that begins right when you try to connect to the network. Security is a complete system and is not just put on security devices at the perimeter or between tiers inside a data center.

iOS on routers is a mature solution, allowing easy setup of a traditional ISAKMP V1 or V2 VPN, and a very mature proprietary VPN flavor called DMVPN. DMVPN allows on-demand VPN establishment with minimal setup configuration and creates a pseudo full mesh avoiding bottlenecks. 

Cisco Technical Assistance Center works on a follow-the-sun concept and gives real 24x7 customer support, which is a great advantage when you have a service contract with them.

View full review »
Senior Presale Agent

I can do all the implementation of the solutions through the Cisco DNA Center. I can manage the Cisco IOS Security configuration. The whole process can be complex. Additionally, when we cannot connect to the internet we need to do manual configuration.

The full setup can take a couple of hours. However, initially, it took to use a couple of weeks.

View full review »
Director at Cros Elements LLC

How to improve the solution depends on the usage. 

Sometimes I find it difficult to manage. Some configurations are difficult for new engineers, for example. 

It could be more flexible. 

View full review »
Consultant at twigalpha

The configuration and reporting interfaces need a lot of improvement. It needs to be more accessible forsolide without a strong technical background. If you had a simplified dashboard, the lower-level techs could manage the solution and provide services. Cisco IOS Security requires someone who is highly trained to operate it. 

There is central management, but reporting could be more centralized too. You can have a lab module. However, we need to see some es, and that will help you deploy without breaking the live system. There's no way for me to have a live system to test my new configuration. If it breaks, I have to deploy it and reverse it to the previous configuration

It would be nice if I could create an online lab on the fly to test for 10 minutes to an hour without messing anything up. That would be great, especially for things that we do on our live network appliance.

View full review »
Fortinet FortiOS logo Fortinet FortiOS: Configuration
System Administrator at RBDigital

I work on the configuration and not really involved in the pricing. It was already in place when the company decided to switch back to Fortinet. 

I concentrate more on security.

View full review »
Javed Hashmi - PeerSpot reviewer
Chief Technology Officer at Future Point Technologies

We have had some performance issues, but that seems to be improving. I'd like to see better integrations and more flexibility for different scenario configurations. In comparison to Cisco, the CLI is quite difficult to use. Finally, I believe that the reporting could be enhanced to provide better visibility into the traffic. 

As an additional feature, Fortinet could have XDR embedded into it which would mean more visibility from the reporting side because right now we have to separately install FortiManager and FortiAnalyzer for driver analysis.

View full review »
Senior Manager (Engineering Department) at a comms service provider with 10,001+ employees

We use FortiOS for the internet router and firewall for our customers' offices. In some of the smaller offices, there is only one FortiGate, but the hub site may have a pair of firewalls in an HA configuration.

View full review »
Subbu Madhira - PeerSpot reviewer
CEO at OmniNet Systems

If I have to implement through the Fortinet FortiOS I have to go through multiple screens. For example, if I need to configure a simple VPN, and a site-to-site Sec VPN channel, in Fortinet FortiOS, I may have to go through multiple GUI pages or screens. Whereas, in SonicWall, everything can be done on one page.

When comparing the ease of configuration and management, with SonicWall, I find Fortigate needs some improvement. If it was improved it would make it a lot easier for implementers.

View full review »
Sales engineer/Technical support engineer at Vietnet

Fortinet's central management needs to be improved. FortiManager's technical tool provider ability should manage all Fortinet security products. Right now, FortiManager only manages the configuration of FortiGate.

View full review »
Security Architect - SME at Rrivate Entrepreneur

The stability of Fortinet FortiOS initial setup is simple and it is user-friendly. To do the whole process of transferring the firewall configurations and updates took approximately one day. 

View full review »
Director at REDCO

The solution is very easy to configure and has a good interface, plus it offers more configuration options than other vendors.

View full review »
RaynoPowell - PeerSpot reviewer
Senior System Analyst at EOH

If you are a novice person that has never worked with any firewall and don't really understand the concepts, you may find it challenging to set up. However, there are help files, online tutorials, and videos that guide you on any of the topics you have in it.

It really helps you a lot to get to it in order to do the configuration. So it varies. It depends on how you install it. It may be fairly easy for your average user at home or for an average enterprise guy. However, for a process environment, it may be a bit more challenging since there are different approaches that we follow in order to install it. That said, Fortinet itself is not very difficult to use and its knowledge base and help are very extensive.

We only need one person to deploy the solution.

How long deployment takes depends on the customer requirements and what they require for their network that we need to implement. For the actual deployment of the FortiOS and the initial testing, you're looking anything from a day to about four days' worth of work.

That said, your pre-prep, in other words, all your pre-definition of your firewall rules and what security model you need to run and what security level in your Purdue model that you need to implement, can take a good couple of months to do since it's purely based on how you apply the IEC 62442.

It also greatly depends on what the customer needs are. The pre-prep work is actually the most important. The actual configuration is quick. However, the pre-prep work takes quite a while.

View full review »
Raghu Chandra Das - PeerSpot reviewer
Network & System Administrator at National Takaful Company

The initial setup of Fortinet FortiOS was very easy. The configuration was simple to do. The whole implementation took approximately two weeks.

View full review »
Senior Information Technology Manager at a wellness & fitness company with 5,001-10,000 employees

SD-WAN configuration could be easier. 

The support could be better.

We'd like to see bandwidth optimization and traffic prioritization capabilities. These are the two things that I'm looking for, especially in SD-WAN.

View full review »
CEO and SISO at IONBAY Consulting Servises

It's easy to manage, actually. It's a UTM device rather than a normal firewall as compared to Cisco PIX, or Juniper. 

The web filtering is a key feature of almost every firewall. However, this appliance is more secure, reliable, and stable. We haven't had any problems, so far.

For ten to 12 years it has been quite secure.

It's scalable.

Policy management is very easy, and configuration is very easy as well. 

The support is also good.

View full review »
Sangfor NGAF logo Sangfor NGAF: Configuration
Product Manger

While the features are not dissimilar to other brands, configuration is much more simple, which works out great for Indonesian people. 

View full review »
FarisKhan - PeerSpot reviewer
Enterprise System Engineer at Innolytix Pakistan Pvt Ltd

The simple deployment of a network on NGF is quite simple and their guides are quite simple as well. The do lack visual guides that are easier for some customers to follow. It's easy to configure a normal deployment scenario for networking and ET. When it comes to high level security and highly advanced features, you need to have some experience in that area to actually apply that on this firewall.

If you're experienced, it would take two or three hour maximum, depending on how many customers are using the policy and how much detailed configuration is needed. I would rate our experience with the setup an eight out of ten. 

We have faced some of the issues after deployment with URL filtering which we have logged a ticket for. Our customers are unable to access certain websites. We have diagnosed the problem but we are unable to identify the URL signature or what is blocking the IAM and preventing access to that site. 

View full review »
Huawei NGFW logo Huawei NGFW: Configuration
Senior Software Manager at a engineering company with 51-200 employees

The initial setup is okay because you basically have to follow the user interface and configuration. Setup is quite easy to follow as long as you have all these network consents and firewall knowledge, you can do it easily.

View full review »
Chief Information Security Officer at Scil Animal Care Company S.r.l.

We use Huawei for a firewall and router switching with some components of our network. It's the first line of defense for our infrastructure. Our USG protects the navigation and communication of a lots of people. We have a big fiber channel network with more than 600 kilometers of fiber.

We have our environment and our technical needs, and if those can't be met by our base configuration we need to seek out an additional solution with extra features. In USG, we have both BBN and OBBN as well as some additional security features, like ATS and anti-spam.

View full review »
Forcepoint Next Generation Firewall logo Forcepoint Next Generation Firewall: Configuration
Managing Director at FORESEC

It is stable and scalable. In addition, their support is great. When you ask them for something, they provide support, and if required, they also involve the R&D team to help you to resolve the issues in your configuration.

View full review »
Systems Engineer at a tech services company with 11-50 employees

The initial setup is of medium complexity. It is neither straightforward nor complex. If you want to implement a new firewall, you need to connect it to something called SMC or security management center, which is the main thing. It is the brain of the firewall, and without that, you cannot manage the firewalls. There are certain steps that need to be done on the SMC to do the configuration of the firewall. 

View full review »
Team Lead Network Infrastructure at a tech services company with 1-10 employees

Forcepoint is a little difficult to configure compared to its competitors. 

The product could be more user friendly. Firewalls are getting better in graphical user interfaces. If there is an issue with the appliances then the engineering team can work on the command line controls. A cheaper way is a graphical user interface for any users to be able to quickly configuration and implement.

View full review »
Associate Consultant at SoftwareONE

The solution is mostly stable. We've just had a little configuration issue around the access and net policy. However, beyond that, it's been pretty reliable.

View full review »
Mustafa Adel - PeerSpot reviewer
Senior Solutions Architect at Infort

The initial configuration is straightforward, and we can use it with the cloud. But sometimes, there are network issues we can't see when we're using the ethernet cable. I think you need an engineer with some experience before implementing the first implementation by yourself.

The time it takes to deploy this solution depends on the features I have to implement or configure. Normally, it takes five or six working days, but it might take another week if I have issues with the VPN or user IDs.

View full review »
PS & Technical Manager at a integrator with 11-50 employees

Configuration is not easy because it has an old-fashioned interface. The configuration interface is highly complex, and it's been the same for years. They have to change the interface.

The structure of the configuration interface isn't like Palo Alto or FortiGate where you can do everything from a single screen. With Forcepoint, you have to import or assign rules because it's working with SMC, the central firewall management. Also, you cannot communicate directly with the product. You have to communicate with the product through the management interface. 

The dashboard also should be updated. 

View full review »
Network Engineer at a tech services company with 51-200 employees

The installation is quite simple, but when it comes to configuration we need to know why the customer is implementing the solution. Firewalling or connecting other branches is a simple configuration but with something like auto-scaling or antivirus, Forcepoint needs to be more straightforward.

View full review »
Azure Firewall logo Azure Firewall: Configuration
Group Cloud Competency Center Manager at a transportation company with 10,001+ employees

Its initial setup was pretty straightforward. With its native portal and User Guide, you can very quickly do the implementation. Its UI is very user-friendly. 

We made it an enterprise shared service for our use case. We studied and designed the cloud-native Azure Firewall service from scratch and packaged it as a standard service in our environment. We wanted to maintain the Azure service like the DNAT network rule and application rule. We wanted it to be always manageable in its lifecycle. So, we chose the infrastructure mode to manage our service. We have a delivery pipeline, and we also use the DevOps mode to maintain the Azure Firewall configuration in its lifecycle. For this part, the API is good, and the native Terraform and Ansible have relevant predefined modules. It is working fine. So, for this part, it is very good. It doesn't matter whether you are a junior technical guy or an advanced technical guy. You can always find a comfortable way to deploy, manage, and maintain it.

Its deployment is very quick. It takes a few minutes. In order to make it the deployer pipeline, you need to spend some time because you need to think about the integration, such as how to integrate with GitLab CI, and how to make Azure Workbook so that it can monitor the usage and user performance. We wanted it as a managed service. So, the duration also depends on your use case.

View full review »
Geo Thomas - PeerSpot reviewer
Network Security Engineer at Diyar United Company

Compared to other firewall products, the setup is complex. I have faced problems setting up the DNAT, and there are some issues with setting up the certificates. I have also had trouble with service tag issues.

The basic deployment takes one day or two days at the maximum. The fine-tuning, where we have to monitor and identify the proper traffic, takes place over two or three weeks. Fine-tuning is an extensive part of it. It is important that the configuration is set up correctly.

View full review »
Network Engineer at a leisure / travel company with 10,001+ employees

In terms of what could be improved, it lacks a couple of features which are available in the other marketplace products, but it is stable and it performs most of the basic functions that are expected from a normal firewall.

When we deployed we did not have a centralized management of multiple firewalls. Right now, with Azure Firewall, we cannot have a normal inbound traffic flow. For inbound, Microsoft suggests using application gateways, so the options are very limited. I cannot use this firewall as an intermediate firewall because of the limitations, and I cannot point routing to another firewall. So if I want to use back-to-back firewall architecture in my environment, I cannot use Azure Firewall for that type of configuration either. 

Other features I would like to see are intrusion prevention, URL filtering, category-based URL filtering and other advanced features.

Overall, the configuration can definitely be improved.

In terms of the overall product architecture, if the management and the architecture of the product could support back-to-back firewall architectures so that I could use Azure Firewall in combination with another firewall, that would be one point which would help this product be used more and in a better way.

Again, if the Azure Firewall could be accommodated as a back-to-back firewall, meaning if it could work as a firewall which handles the inbound traffic from the internet, which is an NVA, or a network virtual appliance, and we could reroute the traffic to Azure Firewall, that would be good. But as of now, there is no routing options in Azure Firewall.

View full review »
ThomasZebar - PeerSpot reviewer
Senior Azure Solution Architect at a tech company with 10,001+ employees

There are a lot of competitors to Azure Firewall. Microsoft figured it out, that they needed a firewall for their Azure platform that can integrate with their services. That's why they came up with Azure Firewall. It really has a pretty nice integration with Azure services. 

In terms of the reporting, it's beautiful. It integrates with Azure monitoring and with Azure policies. That piece is a big help. You can set governing policies and you can use the application firewall, as well as the Azure Firewall, to enforce those policies. If you use the Azure platform, it is the best choice. And they're working on integrating it with many more Azure resources.

The configuration is much easier because Microsoft already provides you with a tool that belongs to Azure. You can set one rule instead of setting 100 rules. That makes the administration of Azure Firewall much easier. For example, when it comes to DNS tags, services tags, and URL tags, you don't have to go URL-by-URL and tell it to open this or that port.

In addition, it's a SaaS service. You don't have to worry about managing a virtual machine and things like patching and upgrading.

View full review »
Cloud Architect at a financial services firm with 1,001-5,000 employees

You have to have a defined IP range within your network to associate it with your network. The problem is you have to plan ahead of time if you expect to use the firewall in the future so that you don't have to reconfigure your subnets or that specific IP range. Other than that, I don't any issues. I use it for basic configuration for a single application, so I really don't try to leverage it for multiple applications where I might find some complexity or challenges.

View full review »
Cloud Architect at a tech services company with 10,001+ employees

We get enterprise support as well as Microsoft support with our premium version.

Technical support is also fine. It is sufficient in my opinion. We have a Microsoft solution architect aligned with us as well, and if any new services, or deployment, as well as configuration, are required, he comes into the picture and we can get support from him. Aside from that, we have technical support for case-by-case scenarios such as severity A, B, and C for Microsoft. So far Microsoft support has not been an issue. I have been working with Microsoft for the past 10 years, I don't see much of an issue from Microsoft on support, at least from my point of view.

View full review »
Mohammed Alahdal - PeerSpot reviewer
Cyber Security architect at Avanade

I would advise people who are interested in Azure Firewall to find the people who can implement it, because not everyone is able to do everything in the proper way. Some people will go ahead and do the configuration but it's not the right configuration. The client will start to have issues and will start to complain about the product. But the problem is not the product, it's the implementation itself. The person who did it wasn't knowledgeable enough.

View full review »
Palo Alto Networks K2-Series logo Palo Alto Networks K2-Series: Configuration
SureshSingh - PeerSpot reviewer
Team Lead at British Telecommunications

I have heard that Juniper firewalls are more complex when it comes to configuration than Palo Alto Networks K2-Series. The flexibility of Palo Alto Networks K2-Series is a large advantage and they use the best parts.

View full review »
Kyaw Bo Bo Htun - PeerSpot reviewer
Network Engineer at One Cloud

The most valuable feature of Palo Alto Networks K2-Series is the configuration, it is very clear.

View full review »
Chef manager at Secure360

The initial setup of Palo Alto Networks K2-Series was straightforward. However, we have support from Palo Alto. There were some configurations that needed to be done for our firewall that required some advanced knowledge from a certified expert. Since we were using the help from Palo Alto the experience was good.

View full review »
Juniper vSRX logo Juniper vSRX: Configuration
Expert - architect of ICT systems at a tech services company with 501-1,000 employees

It is deployed on the customer site, and we manage the firewalls on this side. It's a very useful solution. It is used on-premise at the customer site. It is useful for management, and the configuration is rather easy, as well.

View full review »
AsefHadiyana - PeerSpot reviewer
ICT Administrator at a energy/utilities company with 51-200 employees

Mine control is not an easy area to control in Juniper. There are also too many steps for configuration, like the IP address policy. There are too many types of licenses, which can be confusing. Simple licenses should be built in.

Processing is too slow between Juniper and Cisco. Palo Alto is faster. The database is not as complete as Cisco or Palo Alto.

View full review »
GajShield Next Generation Firewall logo GajShield Next Generation Firewall: Configuration
VIPUL PANCHAL - PeerSpot reviewer

The firewall configuration and administration screens could use some improvement. 

I think the UI screen has to be a lot simpler and smarter for firewall administration. They should also build a smarter alert mechanism in case of any unauthorized access. Basic alerts are there, but I think they could be better. First and foremost is the UI configuration screen. Some screens are good, and some screens are not that good. The UI for the administration of the firewall needs a lot of work.

View full review »
SonicWall NSSP logo SonicWall NSSP: Configuration
Executive Vice President at a tech services company with 51-200 employees

It has been delivering results efficiently. Its configurations and updates have been easy. It is also user-friendly.

View full review »
SonicWall NSV logo SonicWall NSV: Configuration
Network & System Support Engineer at ITCG Solutions Pvt Ltd

The hardware box renewal appliances GUI became extremely slow after the release of SonicOS 7.

When I compare SonicWall to its competitors, I notice that there are some functions that I cannot perform with the SonicWall appliance. For example, when I assign a user base bandwidth management, I enable the ULA (User Level Authentication), but I need a different solution and must enable browser-based authentication.

SonicWall requires certain features such as the authentication agent and user-based routing.

There are limitations to bandwidth management. When used in the education sector, there are some difficulties. They require bandwidth management, an authentication agent, and SSL VPNs.

Google Chrome is not supported, which is why the ULA occasionally fails to function. The authentication page does not appear.

The earlier model is TZ SOHO, they now have a startup with TZ270. We have some offices that have 10 users, as well as a limited amount of users that require a small device such as TZ SOHO, and not the TZ270. 

We are having some difficulties with the SOHO 250 model, regarding the throughput, but when I use the TZ270 it works well. I decided to replace it with TZ270.

When I enable the ULA, the Sophos core usage increases dramatically. Everything works fine when I use the IP-based policy. In general, when it comes to IP-based configuration, everything is fine; everything works great.

In terms of user-based policies and Gen 7, we have several problems with the ULA, and the page does not appear. We are unable to log in when the page does not appear, even when we have entered the correct credentials.

SonicWall, as well as other competitors, have SD-WAN, however, SonicWall features are different. The web filter component, the application component, and the firewall access rules, for example, are all different in the SonicWall Appliance.

When creating firewall access rules in Sophos and Fortinet, I just define the source, destination, and user, as well as a web filter, an application filter, and user bandwidth management on a single line. I only follow one rule and have never had a problem.

Everything is contained in a single rule only when I create it. I can assign web filter policies, application filter policies, and I can apply all security services in a single rule.

View full review »
Check Point CloudGuard Network Security logo Check Point CloudGuard Network Security: Configuration
Oleg Pekar - PeerSpot reviewer
Senior Network/Security Engineer at Skywind Group

As an administrator, I can say that among all of the Check Point products I have been working with so far, the Virtual Systems solution is one of the most difficult. You need to understand a lot of the underlying concepts to configure it, like the virtual switches and routers it uses underneath. That leads to additional time needed for the initial configuration if you don't have previous experience.

In addition, there is a list of limitations connected specifically with the virtual systems, like the inability to work with the VTI interfaces in a VPN blade, or an unsupported DLP software blade.

View full review »
Electronic Engineer at a tech vendor with 11-50 employees

The solution, overall, has worked very well for our organization.

The reliability of the product is excellent.

The configuration capabilities are very good.

The initial setup is pretty easy.

View full review »
Security Platform Administrator at a tech services company with 501-1,000 employees

Check Point CloudGuard Network Security has established communications with other devices and other cloud providers. CloudGuard has improved the passage of CIS and PCI regulations. The functions for autoscaling save costs for the company and the centralized management helps us with administration. CloudGuard complements the security model of the company. We only need one solution for all cloud providers as it offers good compatibility with lots of protection. the easy funtion of use the licence core in other gateways helmpe to save cost. And the easy VPN configuration helpme to stablish more than 100 VPN in an shortly time.

View full review »
Adriamcam - PeerSpot reviewer
Consultant at ITQS

The configuration was very simple since the tool and the wizard are very interactive and user-friendly. It was not very difficult to do the installation and configuration.

View full review »
AlexOgbalu - PeerSpot reviewer
Managing Director at LiveFromSpace Limited

The initial setup was straightforward. Some processes were easy click-through processes which needed some configurations and technical expertise to set up. Hence, some technical expertise is required.

View full review »
Sophos XGS logo Sophos XGS: Configuration
LauriLaanenurm - PeerSpot reviewer
Network and Security Engineer at Datafox OÜ

The initial setup for Sophos XGS is very easy. From cloud it can be deployed even faster, since it allows to create configuration templates.

View full review »
Senior Technical Engineer at Infinigate Norway

In the new release 19, there should be the implementation of a cloud service that you can use to set up the IPSec tunnels, and the SD-WAN from the WAN dashboard, and then you can push that configuration out to every firewall that you have.

View full review »
Bhanu Brahmaji - PeerSpot reviewer
Senior Network Engineer at Prospecta Technologies

The initial setup is complex. Sophos has some features like rules and policies, NATing, and PATing so deployment might take more time than if we were using an alternate solution. Deployment can take up to two weeks because every policy and VPN requires checking and that takes time. I've been working for the past 10+ years experience in network engineering and firewall configuration so we deployed in-house but we contacted Sophos for assistance when we needed it.

View full review »
Rotimi Omotayo-Benson - PeerSpot reviewer
Technical architect at boldbytesng

The initial setup is straightforward and takes 15 minutes. The time it takes to setup depends on what you're trying to achieve and how complex you want your configuration to be. 

View full review »
Head of Information Technology at ICCS Ltd

We handled the installation and configuration with our in-house team.

View full review »
Mohamed Y Ahmed - PeerSpot reviewer
Technical & Pre-Sales Manager at GateLock

I am a cyber professional. I support customers with this solution. Sophos XGS is primarily a firewall. The product allows my customers to manage their internet access for their employees while protecting their environment from things like malware.

The solution requires one administrator as it does not require much maintenance. It depends on the usage and the environment. For example, in some account configurations, the environment has only four or five rules, other times there are over 100 rules. More rules will require more maintenance. 

View full review »
Yasir Siddiqui - PeerSpot reviewer
Owner & MD at Naysz IT Consultancy & Services Pvt Ltd

The initial setup is complex as Sophos doesn't support the installation or configuration. I would rate the ease of setup as one out of five.

View full review »
Muhammad Nouman - PeerSpot reviewer
Head of Sales & Operations at Supernet

The initial setup was quite simple, and the configuration took around an hour and a half.

View full review »
Head Of Information Technology at Zambia National Building Society

It works. However, Sophos configurations are a bit complex. It's not very user-friendly. I don't find it user-friendly when it comes to setting up the firewalls.

The user interface for the technical admin can be better. It should be set forward to configure a firewall. if a firewall has complexities. I don't know why they did that. However, you should be able to quickly set up a rule to minimize the mistakes that a security administrator or a firewall administrator can make and configure. If not, that becomes an issue. One mistake on a firewall could result in a bridge.

It should be more straightforward. If you compare it with GFI Carrier Control Firewall, which is very straightforward, you can see why it’s helpful when it's easier.

View full review »
Ryan Dominic Momblan - PeerSpot reviewer
System Engineer at Microgenesis Business Systems

In general, the solution is scalable.

Its features and configuration can expand. As long as the engineer or the implementer knows which policies are needed, the Sophos firewall integrator can also help with that. If he or she does not know any complicated solution, Sophos support is also there to help.

View full review »
Boris Yenoa - PeerSpot reviewer
Technician at 3R Technologie

There are issues with some designs being able to work on high availability. We design our architecture in three tiers on the network. There is the core tier, the distribution tier, and the access tier. We haven't succeeded in our attempts to configure this and haven't been able to find documentation on how to go about it. Sophos has a single sign-on, but it requires configuration to communicate with the firewall and that is lacking. The configuration on Sophos is well described, but the configuration on the Windows system is not well described in relation to the Sophos knowledge base. It took a lot of my own research to figure out what was wrong. I'm a cyber security guy so it's very difficult for me to implement the solution.

View full review »
Md.Ahsanur Rahman - PeerSpot reviewer
Senior Engineer at Spectrum Engineering Consortium Ltd.

It was an easy setup, and it was not complex. The deployment depends on the customer's timeline, requirements and scope of work. Basic configuration takes about one or two days, and we deployed both in-house and in the customer environment. I rate the initial setup an eight out of ten. One person can do deployment because we're not doing any mounting, and mounting requires two people. So configuration can also be done by one person.

View full review »
IT Administrator at a outsourcing company with 1-10 employees

If I could host my emails using an email transfer agent, hosting it, it would be ideal.

The configurations can be a bit complex. It may be a while before you understand the configuration process.

If you do not have any experience with the product, you may struggle to set it up.

I'd like to see more integrated services from Sophos so I can handle everything from one place without a third-party. I would like to have email hosting and management integrated into Sophos XGS.

View full review »