"The implementation is pretty straightforward."
"Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening."
"The most valuable features of this solution are advanced malware protection, IPS, and IDS."
"If configured, Firepower provides us with application visibility and control."
"The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."
"The online documentation is complete and easy to read and understand."
"The firewall rule writing and object creation are the best and simplest I've seen on a firewall."
"Apart from it having very good features, I personally like the vulnerability assistance via report management which detects host and network vulnerability."
"The solution can scale."
"The firewall feature and DDoS Protector, when turned on, keep away attacks from the outside. They also prevent users from accessing things on the Internet that they are not supposed to access."
"On the firewall side, the security efficacy is good."
"While not being cheap, their pricing models are competitive."
"I use it as well as a VM. We use it a lot because we have all fiber optic connections, so we could use almost all of that. The federation is beautiful because I can transfer all traffic to my main site where I can use just one link to the internet, and I can use it as a proxy as well. It is good to keep control and security."
"The installation is easy, we have not had any complaints from our customers."
"Five out of five ROI."
"Very reliable solution with good scalability and straightforward implementation."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment. In that amount of time, management or someone else can ask me to change something or to provide permissions, but during that time, doing so is not possible. It's a drawback with Cisco. Other vendors, like Palo Alto or Fortinet do not have this deployment time issue."
"My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement."
"An area of improvement for this solution is the console visualization."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"The Antivirus feature is something that could be improved. We don't get much from the Antivirus update in comparison to their competitor's firewalls. It needs to be more advanced because Check Point is nowadays sent all over the world. Therefore, the Antivirus feature should be of very good quality and cover all virus checks. I would also like the Antivirus updates to be more frequent."
"Check Point should improve services related to the cloud-based solution."
"My customers complain that the interface isn't user-friendly."
"The interface could be better."
"I would like less CPU-intensive features to be introduced to replace the existing heavy-duty processes."
"With the increase of volume of traffic, the required resource/hardware to properly run goes up. Therefore, the hardware engineering to architecture flow has to be more efficient."
"The exterior of the physical device can be improved with the use of a display and not just simple lights."
"While not being cheap, their pricing models are competitive. In the pricing structure, however, they need improvement."
"SSL VPN license cost is not cheap."
Cisco Firepower Next-Generation Firewall (NGFW) is a firewall that provides capabilities beyond those of a standard firewall and delivers comprehensive, unified policy management of firewall functions, application control, threat prevention, and advanced malware protection from the network to the endpoint.
Cisco NGFW Firewalls include advanced threat defense capabilities to meet diverse needs, from small offices to high-performance data centers and service providers, and are deployed in leading private and public clouds. Available in a wide range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Cisco NGFW firewalls are also available with clustering for increased performance, high availability configurations, and more.
Key Features of Cisco NGFW Firewalls
Reviews from Real Users
Cisco NGFW stands out among its competitors for a number of reasons. Two major ones are its extensive discovery abilities that enable you to constantly see what is happening on your network and take action when necessary, and the high level of protection it provides.
Mike B., a director of IT security at a wellness & fitness company, writes, "It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."
Zhulien K., the lead network security engineer at TechnoCore LTD, notes, " The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy. Again, with that being said, I cannot shy away from giving kudos to all of the other features such as AVC (Application Visibility and Control), SSL Decryption, Identity policy, Correlation policy, REST API, and more. All of the features that are incorporated in the Cisco Firepower NGFW are awesome and easy to configure if you know what you are doing. Things almost always work, unless you hit a bug, which is fixed with a simple software update. "
Check Point NGFW is a next generation firewall that enables safe usage of internet applications by blocking malicious applications and unblocking safe applications. Check Point NGFW, which uses deep packet inspection to identify and control applications, has features such as application and user control and integrated intrusion prevention (IPS), as well as more advanced malware prevention capabilities like sandboxing.
Check Point NGFW includes 23 firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance.
Benefits of Check Point's Next Generation Firewall
Check Point NGFW is suitable for organizations of all sizes, from small businesses to larger enterprises.
Reviews from Real Users
Check Point NGFW stands out among its competitors for a number of reasons. Two major ones are its intrusion prevention feature as well as its centralized management, which makes it very easy to deploy firewall policies to many firewalls with one click.
Shivani J., a network security administrator, writes, "Check Point has a lot of features. The ones I love are the antivirus, intrusion prevention, and data loss prevention."
G., a network administrator at Secretaría de Finanzas de Aguascalientes, writes, “Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution. The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters.”
Arun J., a senior network engineer, notes, “The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them.”
Hillstone E-Series next generation firewalls provide visibility and control of web applications regardless of port, protocol, or evasive action. It can identify and prevent potential threats associated with high-risk applications while providing policy-based control over applications, users, and user-groups. Policies can be defined that guarantee bandwidth to mission-critical applications while restricting or blocking inappropriate or malicious applications. Hillstone E-Series firewalls incorporate comprehensive network security and advanced firewall features. They provide superior price performance, excellent energy efficiency, and a smaller size when compared to competing products.
Check Point NGFW is ranked 2nd in Firewalls with 184 reviews while Hillstone E-Series is ranked 29th in Firewalls with 2 reviews. Check Point NGFW is rated 8.8, while Hillstone E-Series is rated 9.0. The top reviewer of Check Point NGFW writes "Central architecture means we can see an end-to-end picture of attacks". On the other hand, the top reviewer of Hillstone E-Series writes "Efficient call processor and overall amazing ROI". Check Point NGFW is most compared with Fortinet FortiGate, Palo Alto Networks NG Firewalls, Azure Firewall, Cisco ASA Firewall and pfSense, whereas Hillstone E-Series is most compared with Fortinet FortiGate, Hillstone T-Series, Sophos XG, Palo Alto Networks NG Firewalls and Palo Alto Networks WildFire. See our Check Point NGFW vs. Hillstone E-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.