Coming October 25: PeerSpot Awards will be announced! Learn more

Firewalls Firmware Reviews

Showing reviews of the top ranking products in Firewalls, containing the term Firmware
Juniper SRX logo Juniper SRX: Firmware
System Administrator at a leisure / travel company with 51-200 employees

We've had some issues with the firmware

The solution is quite advanced. You need a lot of training to use it effectively.

When we bought the equipment, and we have more Juniper devices, not just SRX, they started to malfunction. I'm not sure why. All the devices that we bought were from the year 2018. We had the EX4600. Something was not working with this device. It was offline. We bought everything in twos so we could make a high availability with all of them. The current has malfunctioned, and all the warranties have also expired. We are, generally, expecting malfunctioning, maybe in the next few years. I was planning to switch the Juniper equipment with something else to avoid this.

It does not have a simple user interface. 

The warranty offered on the devices isn't long enough. it would be better if you could extend it out to five or eight years. Otherwise, you have to be very careful with the equipment. 

I'm not sure if Juniper SRX can filter emails or block viruses. I'm not familiar with these aspects as I haven't had that much experience using the SRX inside the UI. However, if they do not, it would be ideal if they did. I'm not sure if it can deflect any kind of DDoS attack. 

The one particular issue that I've seen on the SRX, is if you have SSH enabled and if there is a large number of SSH connections, when a brute force attack happens, the SRX, in general, tends to become unstable, or it resets by itself. That's one issue that's particularly making me angry, and I had to request the reseller to block the SSH permanently, or just to allow access, so only they can connect.

View full review »
Cisco ASA Firewall logo Cisco ASA Firewall: Firmware
Michael Mitchell - PeerSpot reviewer
Network Engineer at Utah broadband

Cybersecurity resilience has been outstanding because it is very stable. There are not a whole lot of upgrades that we need to do for the firmware.

Four engineers support it. From time to time, there are firmware upgrades that we need to keep up to date with. Sometimes, we need to run debugs to figure out what's going on with it, and if it needs a patch, then we will figure it out. Usually, Cisco has been really good about getting us that.

View full review »
Security engineer at a energy/utilities company with 10,001+ employees

It is stable for the most part.

There is maintenance needed for software, firmware, and updates. Three or four people keep up with the updates, etc. 

View full review »
Tushar Gaba - PeerSpot reviewer
Technical Solutions Architect at NIL Data Communications

I have mostly been involved in the pre-sales stage, and then eventually the post-sales as well. But we do the groundwork of making sure that we have set the stage for the customer to get the initial onboarding. And at times, I do it with other engineers or other colleagues who take it over from there. In my experience, it has been pretty straightforward.

It's not just the implementation, but [it's] also managing or maintaining [the ASA]. It would depend on how complex a configuration is, a one-box versus cluster versus clusters at different sites. Depending on the amount of configuration complexity and the amount of nodes that you have, you would need to look at staff from there. It's hard to put a number [on it and] just say you need a couple of guys. It could be different for different use cases and environments.

[In terms of maintenance] it's about a journey: the journey from having the right knowledge transfer, knowing how to configure a product, knowing how to deploy it, and then how to manage it. Now, of course, from the manageability standpoint, there are some basic checks that you have to do, like firmware upgrades, or backup restores, or looking at the sizing—how much your customer needs: a single node versus multiple nodes, physical versus virtual, cloud versus on-prem. But once you are done with that, it also depends on how much the engineers or SMEs know about configuring the product, because if they know about configuring the product, that's when they would know if something has been configured incorrectly. That also comes in [regarding] maintenance [of] or troubleshooting the product. Knowledge transfer is the key, and making sure that you're up to date and you have your basic checks done. Then, [the] manageability is like any other product, it's going to be easy.

View full review »
Fortinet FortiGate logo Fortinet FortiGate: Firmware
Chingiz Abdukarimov - PeerSpot reviewer
Director at a integrator with 11-50 employees

Good VPN, both IPSEC and SSL (web-mode, tunnel-mode). An engineer/network administrator has tools to debug VPN issues that can occur during tunnel setup with other vendors' equipment.

SD-WAN feature at no cost. This is really great feature for remote locations (branch offices) and HQ, application steering between many ISP links becomes a simple task. Steering can be done dynamically by measuring link quality (latency, jitter, packet loss, available bandwidth).

Wi-Fi and Switch controller at no cost. FortiSwitch and FortiAP can become a kind of port extender of the firewall, all its ports can be referenced in firewall policies. When you have such management plane consolidation it gives you a simpler way to operate.

Security Fabric Framework is helping in analyzing sudden and rapid changes in whole infrastructure, and gives the ability to simplify daily operations (e.g. address objects synchronization between all firewalls in Fabric, estimating overall security rating, single-sign-on for admin access and many more)

Single Sign On support with deep LDAP integration (several variants for environments with different scales), RADIUS authentication.

Can work as transparent and explicit web-proxy, the last option supports Kerberos authentication which requires no agents installed on any windows server.

Human readable firewall policies with editable security policies and
addresses in single page. This is very useful and time saving feature.

Firmware upgrade process is very simple, even for cluster configurations it is fully automated by default.

Straightforward SNAT and DNAT; you may work in two ways: with Central NAT rules configuration and by applying translation directly inside firewall policies.

Bulk CLI commands are uploaded via gui in script file (portions of config file).

VDOMs are very useful when you need to grant admin role to clients separately. VDOMs in FortiGate can be represented in FortiAnalyzer's ADOMs (administrative domain), which can have different log storage policies, event handling and alerting configurations. You can create one VDOM working in NAT/Route mode, and another VDOM working in Transparent mode.

If you don't want to create and use second VDOM you can still transparently inspect traffic at layer 2 level while having only one VDOM in NAT/Route mode. This is achived by configuring Virtual Wire Pair ports that work like a separate bridge.

Ability to capture packets going through any interface of device (and VM too). You can set number of packets, filter out packets by IP and port number for particular troubleshooting purposes, then download a .pcap file from web gui and analyze it in your favorite programm.

Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.

IPS, AV, Web Filter, AppControl profiles are working very well.

SSL Inspection and CASI (Cloud Access Security Inspection) profiles.

Rich logging options allow you troubleshoot most problems.

Straightforward HA with different redundancy schemas.

IPv6 support.

View full review »
Ted De Vos - PeerSpot reviewer
President at simnet

Quality control on their firmware versions needs improvement. When they introduce new firmware, there tend to be bugs.

I would like the licensing price to be better. It would be nice if it were less than 25 percent of the hardware costs.

View full review »
Network Security Engineer at a performing arts with 201-500 employees

The commercial side of things can be improved a bit. They have such a good product, and when you disable some features, it has to be commercialized for you to enjoy those features. Therefore, you are actually buying half a product. You have hardware there, and yet, your features are not enabled. The primary things, such as the antivirus, web filter, DNS filter, application intrusion, file filter, and email filter come with the general license. There are other things that you want to also enjoy in this system and you can't. 

There are SD-WAN network monitoring, SD-WAN features, Industrial Databases, Internet of Things, Detection, etc., however, we do have not licenses for those features. We thought that if you bought a product, you should have all of the features it offers. Why should you need to make so many extra purchases to enable features? They should have one price for the entire offering. That's one of the drawbacks they could look at. 

Sometimes the firmware automatically updates itself. Then it corrupts the configuration and you have to roll back or you have to do amendments to the configurations. That, however, has happened only once with us. We have put in controls for automatic updates to stop them and now we do manual allowance or we allow the manual update.

Most of the features are good. They give you pricing and you get a VPN for about 10 users where you can test it. For us, we feel that we need to buy extra licenses due to COVID, as people are working from home. Under the current conditions, we are not getting the best out of the firewall. 

They could just maybe put better graphics or better reporting into the solution. I want to know who is the user and what is the exact website they're visiting. Something like that would help. They should do more like what the GFI is doing.

View full review »
Effort Moyo - PeerSpot reviewer
Technical Services Manager at ProComm technologies

In terms of stability, I would rate it a seven out of ten. It should be more stable. Sometimes when you do firmware upgrades, a feature that was previously working is broken. There are things like that, but I guess that can be taken care of by reading the release notes and seeing what changed in the firmware upgrades.

View full review »
Security Systems Analyst at a retailer with 5,001-10,000 employees

If I had any criticism that I would give FortiGate, it would be that they need to stop changing their logging format. Every time we do a firmware upgrade, it is a massive issue on the SIM. Parsers have to be rebuilt. Even the FortiGate guys came in and said that they don't play well in the sandbox.

View full review »
Michael-Sugg - PeerSpot reviewer
CEO at Sovereign Managed Services

The initial setup is complex for me due to my lack of experience with the Fortinet FortiGate product. The complexity can be a good thing, however, as there's a lot of really good features associated with it. Where it could be simplified is in having that easy deployment option, and then you can start going down and trying to get into the nitty-gritty and figure out when do you need the extra features.

Right now, I'm just in a test environment getting all the firmware up and tested. Then, once I have it tested, I'll take it to the client location and yank out their WiFi mechanism, their WiFi router, and put this in.

View full review »
Mauricio Lazaro - PeerSpot reviewer
Director/Owner at Miodesk

My advice for anybody who is implementing FortiGate that it is a great product and easy to use, but be careful which firmware you use.

I would rate this solution a nine out of ten.

View full review »
Eric-Smith - PeerSpot reviewer
Solutions Engineer/Consultant at a tech services company with 11-50 employees

We are a managed services company, and we are also a partner with Fortinet and Cisco Meraki. The firmware that I just started using is 6.4.4. Most of the FortiGates that I sell are 60E and 60F. For some of our larger customers, I have got a handful of FortiGate 80, 100, and 200.

Fundamentally, its primary purpose is security at the edge of the network. I have got some clients who are starting to use the SD-WAN feature for a multi-location setup. I have got other clients who are using a lot of IPSec tunnels. I also have some clients who, with the increase in remote workers, are taking advantage of the FortiClient product that ties in. They are using that for remote VPN connections. 

View full review »
Head of the Satellite Infrastructure and Operation System Department at a government with 1,001-5,000 employees

The Fortinet support needs improvement and also the quality control of the firmware (there are a lot of bugs)

View full review »
Kshitij Singhai - PeerSpot reviewer
Owner at Computech Associates

It is a scalable solution, and you can also upgrade. They come up with a new feature every time. Whenever you're updating your firewall firmware, it is ready to mitigate threats available in the fiber scenario.

Our clients are small, medium, and large businesses. We have deployed it for small offices or retail stores as well as for big manufacturing units. We also have clients from Education and Healthcare. Some of the large companies have between 800 to 1,000-plus devices protected through this firewall.

View full review »
Amar Patil - PeerSpot reviewer
Security Engineer at Hitachi Systems, Ltd.

Before version 6.0, FortiGate's firewall performed well enough, but lately, they've introduced so many features. After that, its stability has been somewhat lacking. This is because they're constantly updating their firmware. So it was pretty stable, but nowadays, it's not that stable.

View full review »
Charbel Hajj - PeerSpot reviewer
Senior Supervisor at MEPEQ

I have contacted technical support many times, they are very important and they are very good. They follow up on all of the cases that we have opened.

The response time is great.

They also always have an updated version of the firmware.

View full review »
Thendo Ndzimeni - PeerSpot reviewer
Network Administrator at Automated Outsourcing services

The product has different licensing models, depending on what you're going to do. For the IoT service, initially the program was for free, then the IoT service and the mix firmware that we had, we had to pay.

Services are separate in terms of Fortinet FortiGate license models, e.g. you could have IPS, AV scanning on high availability, etc. The license could be on annual renewal.

View full review »
Dhsrms Fff - PeerSpot reviewer
Team Leader Network & Security at Rogers Capital

Whenever we install a new release of an OS we should expect lots of bugs on the system that could break the system. Something that is working fine in the previous system, if we upgrade it, it could break it. Fortinet should work a lot on this to remediate it before releasing any OS. This includes any update and upgrade of FortiOS because I have seen issues when I upgraded, such as the memory and CPU jumping to 100 percent, and some or all functions were not operational. These bugs should be fixed in the firmware.

If there is a need for some upgrade or update on an existing system then I will plan ahead, but if it is not stable I will not do it. We have new releases being tested now and once they are rated stable I will upgrade.

View full review »
Mario De Keer - PeerSpot reviewer
IT Infrastructure & Service Manageer at Cerba Research

I don't see any area of improvement at this moment. I'm responsible for the IT infrastructure. I'm not a security specialist. The IT security is being managed by the CSO in our company. 

We had some issues in the beginning while setting it up, but after doing the firmware update, it is working fine.

View full review »
Sunil Kumar Nair - PeerSpot reviewer
Director Of Information Technology at Al Falah University

I used the Fortinet FortiGate support a long time ago. There was a small feature that was not functioning as per the documentation. When they released the latest firmware and the issue was resolved. They provide prompt support.

I would rate the support from Fortinet FortiGate a five out of five.

View full review »
Luis Teran - PeerSpot reviewer
Engineer at Cyber Sea

The firmware needs improvement because there are bugs when a new release comes through. Sometimes, the configuration changes, and it's a bit harder to see where the fail is. The first time that you have the firmware, it tends to have some issues, and it's better to wait a bit to update the equipment.

All the development of the firmware should be fixed before the update at the page level.

API tokens need to be improved, particularly with regard to integration with other cloud solutions. In other words, proxy flow and API integration need improvement.

View full review »
pfSense logo pfSense: Firmware
VP of Business Development at a tech services company with 1-10 employees

You could scale the pfSense platform to multiple users and bandwidth. With SonicWall, you have to go get a different version of their product because they're going to tie their firmware to their version. pfSense doesn't do that. It seemed to me like the scale of pfSense is easier and it was a non-sales interactive requirement to scale the offering versus with SonicWall.

View full review »
SonicWall TZ logo SonicWall TZ: Firmware
Creative Head/Director at a marketing services firm with 1-10 employees

Installation takes a maximum of 30 minutes. There is a default template. 

One only need register the firewall, upgrade the latest firmware and select that template. It will automatically configure the template.

View full review »
SonicWall NSa logo SonicWall NSa: Firmware
Creative Head/Director at a marketing services firm with 1-10 employees

SonicWall NSa has user-friendly firmware.

View full review »
MohammedMateen - PeerSpot reviewer
Network Administrator at Transgulf Readymix

SonicWall NSa performs well, but sometimes, there are bugs, so I have to call their support when this happens, and I elaborate on the problem we're facing. Support then takes the diagnostic data, fixes it, then sends back to me the firmware or the setting so I can restore my SonicWall NSa.

View full review »
Sophos XG logo Sophos XG: Firmware
IT Analyst at a financial services firm with 11-50 employees

In the Firewall, the Intrusion Prevention System can be improved. Now because COVID has come to stay, people tend to work from home, and cybersecurity has been on the high side. 

It can improve more on the security aspect of this so that it can combat any major threat or common bug. I am not saying that the security has become compromised, as it is usually active, but they can improve on it.

Local and technical support can be improved.

When firmware updates are complete, there were issues with connectivity and VPN users. Recently, I stopped updating the firmware because I didn't want to obstruct the connectivity of the staff working remotely at different locations. 

I have stopped doing any updates until the issue can be addressed.

View full review »
Antony Muturi - PeerSpot reviewer
ICT/HMIS Supervisor at a healthcare company with 501-1,000 employees

They made some changes to the firmware update sometime last year, which moved some of the policies from where they were before. Some of the policies, such as NAS policies, were separated, which made it a bit hard for people to trace the policies they had configured.

View full review »
Programmer / Analyst at Maridive & Oil Services

Their updates can be faster and more regular. Right now, it's updated monthly. When I need to update the firmware, I want it done within weeks, not months. There are also some changes in version 18, like rules, that aren't needed.

View full review »
Network Manager at a outsourcing company with 5,001-10,000 employees

There's an IP address delivery for our VPN client and a limited range of IP addresses. So this is a problem in the latest firmware release, but rather than using homework scenarios, we need a lot of VPN clients.

View full review »
Dipl. Ing. at a tech services company with 11-50 employees

Recently, I've had a problem with updating firmware. Updates should be more stable . The last update I did was not successful and ended in a unusable device. Also the support case i opened for it could have been more effective.

I don't use all of the features and therefore it would be difficult to evaluate if anything is missing.

View full review »
Marco-VIVALDELLI - PeerSpot reviewer

I'm using the solution mainly for its firewall application and to prevent intrusion in the system. The XG platform is very powerful from the perspective of identification and to prevent potential attacks on the system due to its the capacity to predict and to anticipate the potential damage on the system.

It's integrated inside the system, meaning that it can control all the endpoints in the system and talk with them and identify any potential situation. It can also isolate one area inside the system without compromising the entire system. This allows you to isolate the initial problem without involving the entire infrastructure. 

You have real-time control of all your infrastructure. It is integrated with the hardware and offers good performance alongside the hardware and by the firmware, and these work together to control the entire infrastructure.

View full review »
Senior Information Technology Project Manager at a tech vendor with 201-500 employees

I think Sophos has to concentrate on the latest firmware's stability because we have version 18, and we have many problems with our customers who have this version. I think Sophos has to thoroughly test the firmware before launching it. When you get any update on any hardware device, you get many problems. It's not good.

View full review »
Arvind Gupta - PeerSpot reviewer
Senior Technical Consultant at Hash 1 IP services llp

They need to do more quality checks before they release firmware upgrades. Currently, a few Cyberoam firewall customers are facing some issues while upgrading the Cyberoam firmware to Sophos. After the new firmware is installed, they are seeing some performance issues, which require some bug fixes. The performance is fine after getting the required support. Customers who are already using Sophos hardware are quite satisfied with this solution. 

Their support should also be improved. We are facing difficulties getting support on time through email or phone.

View full review »
Hariram Ale - PeerSpot reviewer
Sr. Network Officer at a tech services company with 1,001-5,000 employees

Feature-wise, I would give Sophos a rating of seven out of ten.

They need to improve their support, overall customer care, and lower the security licensing fees. If they improved these issues, I would give them a higher rating.

 Before upgrading any Sophos firmware, be sure to contact the Sophos team and upgrade it according to their advice. Without their advice, I wouldn't recommend performing an upgrade.

View full review »
ChristopherMonsini - PeerSpot reviewer
Revenue Development Manager at Integrity by CELT

In terms of improvement, I think the UI could be faster. Sometimes the system freezes and there's a lag. It seems there were some issues with the firmware but it's not a big problem. The user interface could also be improved. It would be great if they could include a little bit more bandwidth management. If they would integrate FatPipe into their product, it would be closer to what Fortinet does.

View full review »
Network & System Support Engineer at ITCG Solutions Pvt Ltd

In light of all the firmware upgrades, maintenance, feature and general releases of firmware, I really appreciate the support offered by Sophos. It is really good. 

However, the response time could stand improvement, as I do not benefit from immediate support. There is a delay involved. This can be problematic when I need urgent support, such as when my device is in a production environment. 

View full review »
Network Engineer at Spectrum Engineering Consortium Ltd.

We are facing some problems on this firmware version, version 18, that require improvement. We want to improve the email security because it doesn't give proper security with the data protection. Also, our clients are facing some problems where most of the sites which they're accessing are getting blocked. I want to improve those sites, that email security, and the data protection on the Firmware version 18. Also, sometimes it gets frozen and we cannot access it. After we shut it down and restart, then it's perfect. That's a point that we want to improve. 

In the next release, I want them to please improve version 18 so that it has more features and is more user friendly and it should have a VRF option.

View full review »
Founder and Managing Partner at a tech services company with 1-10 employees

Maintenance for Sophos XG it's pretty straightforward. I will receive an email if there's a firmware update that needs to be applied and any one of my team, or I will apply the update at our next convenience. You can schedule it to allow it to take place at a non-production time. For example, if I want the firmware update to apply it at 2:00 am in the morning I can schedule it. Additionally, it automatically applies pattern updates.

View full review »
Head of Information Technology at a manufacturing company with 201-500 employees

Sometimes when you roll out a new firmware, you find that the rules you already have in place are broken, so it's difficult to migrate to a new firmware without going through release notes and user reviews. That's the only downside I've experienced in Sophos.

View full review »
SegunIyanda - PeerSpot reviewer
Software Developer/ IT Analyst Individual Contributor at AIICO Capital Limited

We recently did an upgrade on the Sophos XG firmware and we were surprised that after the upgrade,  the automatic switch actually we were using did not work anymore.

We try to understand exactly why it wasn't working with the new 18.5 firmware, but we could not figure it out. I realized that I was stuck with the main ISP. If there's an outage, it was not reliable on the network any longer.

We had to reverse, back to the old firmware even though we were still trying to fix the new version. It is a very efficient feature for our operation. If it was not there, it could make the workings of our operation inefficient. It is one of the best features of Sophos XG. It makes operations very efficient. You don't have to worry about anything at all. We are using the entire Sophos package, such as Sophos endpoint, Sophos XGR, Sophos ZGR.

The documentation can improve with Sophos XG. This will allow our network engineer to work better with the solution. Additionally, they can improve the ability to filter down devices. Recently we were faced with a challenge where we needed to restrict mobile phone users on the network but we realized that we couldn't do this with the solution. 

Recently I was looking at the Cisco Meraki solution, to see what it can do in terms of capacity. There's one feature that stood out to me, and that feature has the ability to implement some policies. Organizations need to have security policies in place. I would like the ability to create policies.

View full review »
Cisco Firepower NGFW Firewall logo Cisco Firepower NGFW Firewall: Firmware
Cesar Beut - PeerSpot reviewer
Networking Specialist at a healthcare company with 1,001-5,000 employees

It is a very powerful device. Firepower Management Center is a great tool, but it is a bit slow.

We don't have Cisco Umbrella integrated with Firepower. We tested Firepower's integration with Meraki Umbrella, but we don't use it because you need better firmware.

I would rate this solution as an eight (out of 10).

View full review »
Network Support Engineer at a manufacturing company with 51-200 employees

This product has a lot of issues with it. We are using it in a limited capacity, where it protects our DR site only. It is not used in full production.

The main problem we have is that things work okay until we upgrade the firmware, at which point, everything changes, and the net stops working. As a financial company, we have a lot of transactions and when the net suddenly stops working, it means that we lose transactions and it results in a huge loss.

We cannot research or test changes in advance because we don't have a spare firewall. If we had a spare then we would install the new firmware and test to see if it works, or not. The bottom line is that we shouldn't have to lose the network. If we upgrade the firmware then it should work but if you do upgrade it, some of the networks stop working. 

View full review »
Reviewer43898 - PeerSpot reviewer
Engineering Services Manager at a tech services company with 201-500 employees

It may sound a bit strange, but one of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now.

Also, the new UI is always getting better from version to version. In the beginning, when it came to managing Cisco Secure Firewall, it wasn't always the easiest, but with 6.7 and 7.0, it's gotten easier and easier. It's a pretty easy system to manage. It's especially beneficial for people who are familiar with ASA logic because a lot of the Firepower logic is the same. For those people, they're just relearning where the buttons are, as opposed to having to figure out how to configure things.

I've used the backup VTI tunnel and that's a feature that lets me create some redundancy for my route-based stuff and it works pretty well. I haven't had any issues with it

Firepower 7.0 also has fantastic Dynamic Access Policies that allow me to replicate a lot of the configurations that were missing and that made it difficult to move off the old ASA platform for some customers. The addition of that capability has removed that limitation and has allowed me to move forward with implementing 7.0. 

Snort 3 is one of the biggest points on Firepower 7.0. I've been using Snort 3 for quite a while and, while I don't have a ton of customers on it, I do have some who are running on it and it's worked out pretty well. In their use cases, there wasn't a lot of risk, so that's why we started with it. Snort 3 has some huge advantages when it comes to performance and policy and how it's applying things and processing the flows.

Dynamic Objects have also been really critical. They're very valuable. Version to version, they're adding a lot more features onto Dynamic Objects, and I'm a big fan. 

I've also used the Upgrade Wizard quite a bit to upgrade the firmware

And on the management side, there are the health modules. They added a "metric ton" of them to the FMC [Firepower Management Center]. In version 6.7 they released this new health monitor which makes it a lot easier to see data and get to information faster. It's quite nice looking, as opposed to CLI. The new health modules really do stand out as a great way to get to some of that health data quickly—things like interface information, statistics, drops—that were harder to get to before. I can now see them over time, as opposed to at just a point in time. I've used that a lot and it has been very helpful.

In addition, there is the global search for policy and objects. I use that quite a bit in the search bar. It's a great way to get some information faster. Even if I have to pivot away from the screen I'm on, it's still great to be able to get to it very quickly there. 

In a lot of ways, they've addressed some of the biggest complaints, like the "housekeeping" stuff where you have to move around your management system or when it comes to making configuration changes. That has improved from version to version and 7.0 is different. They've added more and have made it easier to get from point A to point B and to consume a lot of that data quickly. That allows me to hop in and do some data validation much faster, without having to search and wait and search and wait. I can get to some of that data quicker to make changes and to fix things. It adds to the overall administrator experience. When operating this technology I'm able to get places faster, rather than it being a type of bottleneck.

There is also the visibility the solution gives you when doing deep packet inspection. It blows up the packet, it matches application types, and it matches web apps. If you're doing SSL decryption it can pinpoint it even further than that. It's able to pull encrypted apps apart and tell me a lot about them. There's a lot of information that 7.0 is bringing to the forefront about flows of data, what it is, and what it's doing. The deep packet inspection and the application visibility portion and Snort are really essential to managing a modern firewall. Firepower does a bang-up job of it, by bringing that data to the forefront.

It's a good box for visibility at the Layer 7 level. If you need Layer 7 visibility, Firepower is going to be able to do that for you. Between VLANs, it does a good job. It's able to look at that Layer 7 data and do some good filtering based on those types of rules.

View full review »
AlexEng - PeerSpot reviewer
Systems Engineer at a healthcare company with 201-500 employees

We made a gradual transition from ASA to Firepower because they first had this as Sourcefire services. That is what we used to install first for our customer base. Then Firepower defense appliances and firmware came out. It was a natural process.

View full review »
Untangle NG Firewall logo Untangle NG Firewall: Firmware
Barry Arendt - PeerSpot reviewer
Owner at ThinkEzIT

You can have templates that simplify the process.

They will back up the firmware for you to configure. Your firewall is backed up all of the time on the command center. If you make a change and it's bad, you can push the bad config down, and put the old one back into it. Or before you make a change, you can back up the config into the cloud and the controller, then you can make the change.

With Zero deployment, so you can have a general template that you push onto all of the devices. If you need to dropship one to somebody somewhere that's not local, just get a smart hands tech. They can plug it in and once it hits the internet, it automatically downloads its config off of the server.

We maintain this solution ourselves, but technical support will help if we need help with anything.

One person can maintain a whole fleet. You can have thousands of them out there and one person could easily maintain them because it's all in one portal, and all of the alerts get generated.

If there is an issue then you get an email with an alert or a text message letting you know that there is something wrong. It makes it easy to deal with.

View full review »
Fortinet FortiGate-VM logo Fortinet FortiGate-VM: Firmware
IT Director at a retailer with 1,001-5,000 employees

Since we first implemented it about two years ago, we haven't experienced any major problems aside from the firmware that we needed to have upgraded.

View full review »
Ranjit Kumar Sriramoju - PeerSpot reviewer
Tech Security & Networking Support Lead at a venture capital & private equity firm with 51-200 employees

I would recommend this solution to others. It is a stable firmware, with many releases. It has a lot of features. Apart from the firewall, it comes with antivirus, IPS, and Web Application Firewall.

It has a lot of integration with external connectors, such as Teams, that are protected from threats that come from external sources.

I would rate Fortinet FortiGate-VM an eight out of ten.

View full review »
Creative Head/Director at a marketing services firm with 1-10 employees

I only know a little bit about the solution's firmware.

This said, the solution is stable and user-friendly. 

View full review »
Network Administrator at Furnmart

We have had some issues with connecting to the VPN from home after firmware updates, which could be an area for improvement.

View full review »
Network Analyst at a manufacturing company with 1,001-5,000 employees

We occasionally have issues when we are doing firmware updates.

The log settings and filters could use some improvement.

View full review »
Peter Salerno - PeerSpot reviewer
Owner / Principal Consultant at Stratus Concept LLC

The stability is rock solid. It's a very good solution. I haven't had to touch it for a year. The last thing I did was a firmware upgrade. That was a year ago, and they haven't requested any more work on that now. It's still operational and solid. There have been no complaints really on it.

View full review »
Check Point NGFW logo Check Point NGFW: Firmware
reviewer1523535 - PeerSpot reviewer
IP LAN and Integrity Specialist at Chevron

In general, this is a very stable solution. We have had only one incident in the last few years that was with the size or the route tables in memory that finally it was discovered that was a bug in a specific version and was solved upgrading the devices to new firmware that solved the bug

View full review »
Swapnil Talegaonkar - PeerSpot reviewer
Technology consultant at a tech services company with 501-1,000 employees

We deployed a Check Point firewall on the perimeter as well as on the internal network. Both are in HA & we have enabled all threat prevention blades. All devices are 5600 & 4200. We are managing our two firewalls with two different security management servers.

Currently, we are using the R80.20 firmware version and we have a pretty simple design.

Our primary uses are firewall security, VPN, web filtering & monitoring. We have also used the TE-100X appliance for private cloud sandboxing.

View full review »
System Analyst at a comms service provider with 51-200 employees

While this version seems to be quite stable, Check Point, in previous versions, had a lot of issues when we used to do firmware updates.

View full review »
IT System Operations Manager at Hamamatsu Photonics KK

Lately, stability is 100% reliable. Earlier generation firewalls were a bit unreliable, however, as Check Point acquired third-party hardware. For example, their Nokia acquired security appliances had a firmware that worked, until they started to modify the firmware (IPSO 6.0 was solid, but problems started with our upgrade to R75), then it became less stable; frequent crashes, settings not saving, high availability issues, frequent reboots required.  Eventually, we upgraded to their NGFW offerings.  Their newer hardware, and firmware R77.x was released, and we have been stable ever since.  Upgrades to R80.x have been flawless, HA works as expected, and we have had zero performance issues.

View full review »
Service Manager Datacenter LAN

Administration of the routing and system settings should be moved to the central dashboard. It's not good to go to all GAIA Interfaces to change settings there.

The client for the central tools is very big - maybe using web access in future releases, similar to other vendors should be possible.

The firmware for the Check Point Firewalls is very big. It takes a long time when we are using small lines for data transfers. Other vendors have updates lower than 100MB. For Check Point often we need a minimum of 2GB.

View full review »
Senior Network Security Engineer at a tech services company with 1,001-5,000 employees

It took so many weeks to migrate our old firewall to Check Point after we did internal and external assessments on earlier setups and enabled multiple security features.

We had difficulty configuring the NAT. For example, instead of following A-B-C, we need to do A-C-B

Initially, we faced a few challenges with firmware. Later this was addressed with jumbo hotfixes.

We tried to create a single management software to manage the policies, view the logs, have a mobile access VPN, and do reporting.

Please concentrate on local services enablement for faster resolutions.

View full review »
President at NGA Consulting, Inc.

I have not had any issues with the device for the past six years; it has just worked.  By that I mean that unlike some cheaper firewalls (consumer grade), the Checkpoint NGFW is enterprise grade, I never had to reboot the firewall to get traffic working again, I would just leave it up and running until a firmware upgrade was available and after the upgrade, the firewall would automatically reboot, but aside from those times, firewall was on 24/7.

View full review »
Palo Alto Networks NG Firewalls logo Palo Alto Networks NG Firewalls: Firmware
Amar-Patil - PeerSpot reviewer
Security Engineer at Hitachi Systems, Ltd.

It's quite stable. They are launching a new firmware version, but compared to other products, Palo Alto is quite stable.

View full review »
Fortinet FortiOS logo Fortinet FortiOS: Firmware
System Administrator at RBDigital

Many things are missing from the interface that necessitates using the CLI, so it needs to be improved. When I migrated to FortiGate, there many things that I wanted to do, but couldn't.

With FortiOS, you can use the router in two modes. The first mode is the profile mode, which is the starter mode that most use, but you have another mode that is a policy mode and is required before creating your firewall rule. The problem is that when you switch from one mode to the other, all of your firewall rules will be gone. This means that you have to decide if you want to use the policy mode firewall or a profile mode firewall.

With policy mode, you can have granular control on the application on the firewall rule because the firewall rule works with the source destination protocol. With the application, you have multiple rules, one by one. As an example, you can have one for Skype or one for OneDrive, etc. On the source, you can add a group, and add people to the group, and they can have access to Skype and OneDrive along with others added.

You can granularly control applications on the firewall rule with the policy mode, but you don't have access to the proxy mode rules. There are also issues with the antivirus, IPS, and you are forced to switch back to the profile mode where you have less granular control on the application.

I have problems with the IPS stability and the antivirus in Policy Based Mode. If the file is bigger, then the antivirus doesn't check it.

In policy Based Mode, There are many issues. (Firmware =< 6.4)

View full review »
System Engineer at a tech services company with 51-200 employees

There are some issues with the performance. We also had some issues while updating the firmware.  

The download options can be better. While downloading VPN clients, it is a little bit difficult to get different versions. You need to log on and search.

Their support can be better. 

View full review »
Sabyasachi Sen - PeerSpot reviewer
IT General Manager at Manav Rachna International School

We have several access points on FortiGate, which were procured long ago. Those are not supporting the present firmware update we make on the UTM. Therefore, we cannot get the latest firmware updated on the UTMs. I was thinking that if we need to get rid of these physical devices, we should move to some cloud-based system.

The only problem that we are facing at the moment is that all the devices of FortiGate, whether it is for FortiGate's access points or authenticator or controllers or UTM, is in the FortiOS. They are interrelated and interdependent. It means if I buy a FortiGate car, I have to run FortiGate OS, I have to fill in FortiGate fuel, and I have to run it on a Fortinet road. I can’t mix and match it with different solutions. There is no flexibility.

The initial setup is a bit complex.

We would like to have NMS built into the solution.

View full review »
Xin He - PeerSpot reviewer
Network Support at Rexall Pharmacy Group

FortiOS is just an operating system. That's it. It's a firmware FortiGate is running. 

FortiOS is the foundation of the Fortinet secured fabric.

View full review »
Sangfor NGAF logo Sangfor NGAF: Firmware
Muhammad  USman - PeerSpot reviewer
Senior Presales Consultant at Megaplus

I believe I am using the recently updated firmware of version 4.0.

View full review »
Huawei NGFW logo Huawei NGFW: Firmware
Junaid Iqbal - PeerSpot reviewer
Network System Architect at SIUT NORTH AMERICA INC

Other than the stability and the user-friendly environment, there's no problem with this Huawei product. Huawei needs to work on product stability in terms of firmware and some kind of feature sets. That said, it's not bad. 

I'd rate the solution seven out of ten. 

View full review »
Check Point CloudGuard Network Security logo Check Point CloudGuard Network Security: Firmware
Genesis Floresta - PeerSpot reviewer
Senior System Administrator at a tech services company with 501-1,000 employees

The ROI is in the number of people managing it. Technically, you don't need to manage it. If you have an on-prem, you constantly need to manage the firewall. You need to make sure everything is okay, when it comes to hardware, software, and managing the actual firewall. With CloudGuard on the cloud, we eliminated two of the three. We didn't need to care about the hardware or about the software upgrades. If we did need to upgrade, it was just with respect to CloudFormation. We didn't need to do any firmware. The only thing we needed to do was manage an interface, which is what you're going to do anyway. 

You only need just one person to do it. When it comes to return on investment, you don't need to hire a full team to manage your whole network. If you have a firewall team, with Check Point CloudGuard, you don't need it anymore. It's just a single person because, if a Check Point goes down, it gets spun up right away. You don't need to call anybody or order hardware or anything like that.

View full review »
Sophos XGS logo Sophos XGS: Firmware
Bhanu Brahmaji - PeerSpot reviewer
Senior Network Engineer at Prospecta Technologies

There are occasional issues when we update an operating firmware there's some lag time. Updating requires us to reboot the firewall, in this scenario 24/7 organization will be the most effective. In addition, I'd like to see more focus on customer support calls we were waiting for hours to connect with them. In some cases, Sophos's team is extraordinarily helpful to solve any issues in the firewall. Sophos needs to focus on customer support through a chatbot or call management quickly so we can find some help on the client side. Thank you

View full review »
ErcanSonmez - PeerSpot reviewer
Information Technology Manager at OPLOG

We've had many problems lately. We're having issues with its firmware, now, and we are trying to fix it with the supplier, the Sophos supplier in Turkey. 

It has recently started to suddenly block and crash. We don't know what will happen. We're not sure if it is the device or something else. We're trying to fix the problem with Sophos. 

It's not extremely scalable. 

View full review »
Ryan Dominic Momblan - PeerSpot reviewer
System Engineer at Microgenesis Business Systems

There were certain lacking capabilities, for example, the searching of its settings et cetera, previously in Sophos XG. There have been some features that were not visible or unavailable compared to the one here on Sophos XGS. Right now, Sophos XGS is stable with its current firmware and hardware versions. It’s gotten better.

I can’t speak to which features could be added.

As long as they just maintain the stability of the firmware version, we will remain happy.

Support is great, however, it can always be improved.

View full review »
Md.Ahsanur Rahman - PeerSpot reviewer
Senior Engineer at Spectrum Engineering Consortium Ltd.

There was a hardware conflict with the software. Recently we did five RMA of Sophos hardware, and several customers said the hardware and firmware were faulty, so there is a dependency on the hardware. For some customers, EQuIS is also an issue, and when we claim RMA from Bangladesh, it takes almost one month to get the product. 

In addition, the firmware has some bugs because it continuously updates in 5.1, 5.3, and 5.7. So, if we randomly change the firmware, it's not fixable, and this should be improved. 

In Sophos XG Firewall, we can create a different zone, like LAN, DMZ, and MZ, but we cannot customize the WAN dual, so it would be good if we could do dual customization.

View full review »