"Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity."
"It's got the capabilities of amassing a lot of throughput with remote access and VPNs."
"If configured, Firepower provides us with application visibility and control."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable."
"The solution offers very easy configurations."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"A good intrusion prevention system and filtering."
"Its ability to block incoming attacks is valuable. Its logging, traffic monitoring, and VPN capabilities are also valuable."
"What I like best about this product are the support and the features."
"Their GPS possibilities and the security that it has, especially the SD-WAN functionality, is very good."
"Its central management, especially when it comes to distributed environments, is great. I can generate and save a setting and then apply that setting across the network with just one click."
"Scalability is good; the company wants to be able to handle large customers."
"The interface is very user-friendly and it is quite easy to use."
"Good identity fire walling, malware protection and application control features."
"Ability to manage multiple firewalls."
"The most valuable features of this solution are the firewall application and application control."
"Technical support is very responsive."
"Efficient and effective - it's easy to separate rules."
"Sophos UTM is the simplest of these products to setup."
"The stability, overall, is excellent. I haven't had a problem in the last two years."
"Good basic firewall functions with advanced firewall scanning."
"The three most important features for us are web protection, web server protection, and network protection."
"Sophos is a unified solution. We have anti-virus protection, firewall rules, knotting, and DACC all in one box."
"The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area."
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"The initial setup could be simplified, as it can be complex for new users."
"I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"Web filtering needs improvement because sometimes the URL is miscategorized."
"I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here."
"There is room for improvement in performance and the support language. The support they're providing right now is from a different country, and in our country, there are people—network admins and IT heads—who don't speak English properly. So Barracuda needs to provide support agents who speak additional languages, such as Bangla."
"The biggest issue that I have with this solution is that it is not super intuitive. Once you know what to do, things make sense, but you can't just open the program and start doing things. It would be great if there was a little bit more guided usage inside the program."
"The analytics are weak."
"Command line could be more user friendly."
"If you have another brand of VPN where you have to put an SSL VPN between two devices, Barracuda doesn't support that at a certain point. You can't actually build the VPN between Barracuda and a different device of a different brand."
"The interface should be more user-friendly and it should be easier to configure."
"If you experience an attack it can take a very long time to find a solution."
"Technical support used to be at a very high level but it is now a bit less so."
"Flexibility in pricing could be improved. It's more rigid in its pricing compared to its competitor: Kaspersky."
"It would be nice if it had basic features, such as DLP (Data Loss Prevention)."
"The logs are not clear, which means that you need an additional piece of software in order to read them clearly."
"Sophos UTM sometimes falls short in high-availability environments. They used to launch firmware that didn't work very well in a high-availability environment."
"We'd like to see them offer their services on mobile devices like tablets. I'm not sure if that's an option or not."
"The five-factor authentication needs improvement."
"Anti-phishing functionality should be improved."
"The solution is not scalable."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Barracuda's Cloud Generation Firewalls redefine the role of the Firewall from a perimeter security solution to a distributed network optimization solution that scales across any number of locations and applications, connects on-premises and cloud infrastructures, and helps organizations transform their business.
Barracuda CloudGen Firewall is ranked 24th in Firewalls with 9 reviews while Sophos UTM is ranked 2nd in Unified Threat Management (UTM) with 24 reviews. Barracuda CloudGen Firewall is rated 7.8, while Sophos UTM is rated 8.6. The top reviewer of Barracuda CloudGen Firewall writes "My network has never been interrupted or experienced a denial of service". On the other hand, the top reviewer of Sophos UTM writes "Great web and email filtering with reasonable pricing". Barracuda CloudGen Firewall is most compared with Fortinet FortiGate, Sophos XG, Cisco ASA Firewall, SonicWall TZ and Cisco SD-WAN, whereas Sophos UTM is most compared with Fortinet FortiGate, pfSense, Sophos XG, Untangle NG Firewall and Kerio Control. See our Barracuda CloudGen Firewall vs. Sophos UTM report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.