"The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands."
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"The features I've found most valuable are the packet captures and packet traces because they help me debug connections. I like the logs because they help me see what's going on."
"The customer service/technical support is very good with this solution."
"Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches."
"Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to improve their end to end firewall functionality."
"Its stability and SD-WAN features are the most valuable."
"Its central management, especially when it comes to distributed environments, is great. I can generate and save a setting and then apply that setting across the network with just one click."
"It's great for handling complex items."
"Its ability to block incoming attacks is valuable. Its logging, traffic monitoring, and VPN capabilities are also valuable."
"Fortinet FortiGate protects against internet-based threats, both internal and external. It is scalable, stable, easy to use, and easy to install."
"This is an easy solution to deploy."
"It does a lot for you for intrusion protection and as an antivirus. The threat management bundle is worth the money. You don't need another company to monitor your web traffic for you. You can do everything yourself on the firewall. You restrict your own black list for people on the firewall. You don't need to pay some other company for another product to do that for you. The firewall can do that for you. So, it's an easy-to-use product for people to be independent. They don't need to rely on other vendors to do what the firewall can do. They can do everything."
"FortiGate has a strong security topic which allows all of the Fortinet devices to communicate and share information which makes their security more powerful."
"The features that I have found most valuable are the SD-WAN and their IP4 policy."
"The payment function for applications is good."
"It's very fast and easy to configure."
"I think that the UTM features are the most value, as it truly protects my infrastructure."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."
"A major area of improvement would be to have more functionality in public clouds, especially in terms of simplifying it. The high availability doesn't work right now because of the limitations in the cloud."
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility."
"The reporting and other features are nice, but there is an issue with applying the configuration. That part needs some improvement."
"The performance should be improved."
"I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device."
"The only drawback of the user interface is when it comes to policies. When you open it and click on the policies, you have to move manually left and right if you want to see the whole field within the cell. Checkpoint has a very detailed user interface."
"The price is a bit higher than other vendors."
"The administration UI could be better. It should also have better application detection policies."
"There is room for improvement in performance and the support language. The support they're providing right now is from a different country, and in our country, there are people—network admins and IT heads—who don't speak English properly. So Barracuda needs to provide support agents who speak additional languages, such as Bangla."
"The biggest issue that I have with this solution is that it is not super intuitive. Once you know what to do, things make sense, but you can't just open the program and start doing things. It would be great if there was a little bit more guided usage inside the program."
"Fortinet FortiGate could improve the user interface. There should be more functionality and options through the GUI."
"The cloud management and automation capability could be improved."
"There can be more security in hybrid implementations. When a customer has a hybrid environment where some parts are in the cloud, we need a consistent security solution for such scenarios."
"Fortinet FortiGate could improve by adding enhancements to FortiMail, FortiSOAR, and FortiDeceptor."
"Fortinet FortiGate can be integrated with different platforms. They have integrations in place, but I can't say they're 100%."
"It would be ideal if they had some sort of GUI interface for troubleshooting and diagnostics."
"Fortinet FortiGate can improve the integration with Active Directory. Additionally, I would like to have a Cloud Controller, such as they do in the Cisco Meraki solution."
"If I had any criticism that I would give FortiGate, it would be that they need to stop changing their logging format. Every time we do a firmware upgrade, it is a massive issue on the SIM. Parsers have to be rebuilt. Even the FortiGate guys came in and said that they don't play well in the sandbox."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
Barracuda CloudGen Firewall is ranked 12th in WAN Edge with 4 reviews while Fortinet FortiGate is ranked 1st in WAN Edge with 166 reviews. Barracuda CloudGen Firewall is rated 8.4, while Fortinet FortiGate is rated 8.4. The top reviewer of Barracuda CloudGen Firewall writes "My network has never been interrupted or experienced a denial of service". On the other hand, the top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". Barracuda CloudGen Firewall is most compared with Sophos XG, pfSense, Azure Firewall, Palo Alto Networks WildFire and Meraki MX, whereas Fortinet FortiGate is most compared with pfSense, Cisco ASA Firewall, Sophos XG, Check Point NGFW and SonicWall TZ. See our Barracuda CloudGen Firewall vs. Fortinet FortiGate report.
See our list of best Software Defined WAN (SD-WAN) Solutions vendors, best WAN Edge vendors, and best Firewalls vendors.
We monitor all WAN Edge reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
I strongly recommend you SonicWall 5600. Its having lots of feature for network security and Comparison of price and Support it would be great choice.
Fortigate firewalls are quite rugged and offer great flexibility in configuring the policies and managing them. For individuals as well as group level user privileges. The antivirus offered is also very effective and not at all resource hungry. The only drawback is, the admin should be very well trained and aware of configuring the firewall. It’s quite complicated that way. Or the support provider (reseller) should have expert level admins to configure and set these firewalls in the infrastructure.
I would alternatively suggest looking into Sophos firewalls. They are equally rugged and effective. And also have a much user-friendly configuration and management console.
Barracuda: No Presence in the market at all, quite different way to install manage the product. Impossible to find the technical resource. If it is managed by Multinet then it’s a different story.
UTM control was not good back in the days, not sure about recent improvements.
Support Generally good feedback of Barracuda support.
Sonicwall: Very little presence in the local market, will have compatibility issues when establishing VPN with other vendors or any other integration.
UTM should be good, not experienced it first-hand.
Support, Have horrible feedback about support. they don’t respond for months.
Fortinet: Firewall full of features, good market presence with official REPs in the country. It is basically the same Juniper SSG ScreenOS platform with good UTM.
UTM is good
Support, Support in the region from India is poor, fright. A good local partner can make your day. If case is escalated to US/Canada teams, the experience is much better. You need in-country REPs support to escalate the cases.
China effect, the downside of Fortinet is, its QA of new FortiOS release is not good at all. Things running fine on one release fail badly when upgraded to new release. you need to be ready for an alternate solution when faced with such situation.
But it is better than Barracuda and SonicWall anyways.
RMA time is not next day.
Palo Alto: I would recommend Palo Alto, it can do everything typically required from a NGFW/UTM. Price can be expensive. Typically models with high throughput are quoted from most vendors. In reality, the actual required throughput is not that much. PA820 and PA220 can cater 90% of requirement we have in our environments. This way solution will be comparatively competitive cost wise. Compatibility with third-party devices is good.
Per-user bandwidth limit is missing.
UTM is best.
Support is good. The first level is through support partners, but the experience is good.
No rapid RMA, as no in-country depot exists. But On site spare is best, as the customer owns the spare unit on his premises.
Fortinet is a good option, the interesting thing with them is all the other bits you can add. Many of these such as email protection, Sandbox, edge device protection (anti-virus, VPN Connector for PCs), tokens (electronic or hardware), switches, Wireless Access Points all talk to each other so the Fortinet security umbrella covers them as well. Fortinet has a SIEM as well.
Whatever you buy, get training on it. Also, evaluate the reseller's ability to do an install. Some folks just sell the product, other also know how to install - buy from the latter, and get some Pro Services for the installation.
I have always thought Barracuda's marketing was better than the products (it is very good marketing) and SonicWALL R&D suffered under Dell, and I don't know that it is any better now they are owned by an Investment house.
Out of these three firewalls I would, and have chosen Fortinet. Checkout NSS Labs for real world comparisons. I have been using Fortigates for 2 years now in HA configurations and have only once had to use the cli. Also updates and firmware upgrades never bring the network or internet down. These firewalls get new features added at no extra cost and the throughput is amazing. Buying the UTM bundles gets you all of the features you need and more. I heard about support issues but evertime i call i get routed to someone who knows how the features work and actually helps. We added a fortianalyzer and now we can see logs from all of the firewalls in one console and hold them for a year. Fortinet doesn't just manage their antivirus products they are the developers. These firewalls decrypt data on the fly and scan for viruses before it gets to your email, desktops or servers. Within the first week it caught ransomware within a yahoo email before it could infect our systems. We replaced our websense URL filtering with the URL filtering within the fortigates and never looked back.
I could go on and on but the real tilt in Fortinets favor was it was near half the cost of similar features and functions PA had quoted. Write down what you want and then ask if the vendors have these included in their firewalls or if they have separate appliances that can do them. Every appliance has a latency cost associated with it. You might find that all three can do what you want then it will come down to the management of the firewalls and cost.
Good luck.
I've utilized both SonicWALL and Fortinet in many implementations over the years. Fortinet does a better job in large, multi-tenant deployments and has excellent stateful packet inspection throughput. If you're planning to do SSL decryption and inspection, SonicWALL is the way to go (and currently, the product we lead with). I've found SonicWALL to be easier to manage and have also found that if you're a GUI-oriented user, all of the features are there in the UI. On the Fortigate you'll often have to dig into the CLI to enable some features.
The Barracuda products are very good and quite pricey, especially since you mentioned you were looking at the Sonicwall TZ series. The Sonicwall TZ series is meant for a smaller environment. The Fortinet firewalls are great but require a little more training. My experience with Sophos is that they have been a little buggy and support is not great. Since Sonicwall was sold by Dell the support has been better. I work with several small companies and I would say go with whatever product you have the most experience with. The learning curve can be a little much when you don't know what you're looking at. Both Sonicwall and Fortinet have pretty good support and a pretty extensive KB. Good Luck!
fortinet or baracuda and CISCO ASA 5500 series also good