"The implementation is pretty straightforward."
"Being able to determine our active users vs inactive users has led us to increased productivity through visibility. Also, if an issue was happening with our throughput, then we wouldn't know without research. Now, notifications are more proactively happening."
"The most valuable features of this solution are advanced malware protection, IPS, and IDS."
"If configured, Firepower provides us with application visibility and control."
"The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."
"The online documentation is complete and easy to read and understand."
"The firewall rule writing and object creation are the best and simplest I've seen on a firewall."
"Apart from it having very good features, I personally like the vulnerability assistance via report management which detects host and network vulnerability."
"The solution can scale."
"The firewall feature and DDoS Protector, when turned on, keep away attacks from the outside. They also prevent users from accessing things on the Internet that they are not supposed to access."
"On the firewall side, the security efficacy is good."
"While not being cheap, their pricing models are competitive."
"I use it as well as a VM. We use it a lot because we have all fiber optic connections, so we could use almost all of that. The federation is beautiful because I can transfer all traffic to my main site where I can use just one link to the internet, and I can use it as a proxy as well. It is good to keep control and security."
"The installation is easy, we have not had any complaints from our customers."
"Five out of five ROI."
"Very reliable solution with good scalability and straightforward implementation."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment. In that amount of time, management or someone else can ask me to change something or to provide permissions, but during that time, doing so is not possible. It's a drawback with Cisco. Other vendors, like Palo Alto or Fortinet do not have this deployment time issue."
"My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement."
"An area of improvement for this solution is the console visualization."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"The Antivirus feature is something that could be improved. We don't get much from the Antivirus update in comparison to their competitor's firewalls. It needs to be more advanced because Check Point is nowadays sent all over the world. Therefore, the Antivirus feature should be of very good quality and cover all virus checks. I would also like the Antivirus updates to be more frequent."
"Check Point should improve services related to the cloud-based solution."
"My customers complain that the interface isn't user-friendly."
"The interface could be better."
"I would like less CPU-intensive features to be introduced to replace the existing heavy-duty processes."
"With the increase of volume of traffic, the required resource/hardware to properly run goes up. Therefore, the hardware engineering to architecture flow has to be more efficient."
"The exterior of the physical device can be improved with the use of a display and not just simple lights."
"While not being cheap, their pricing models are competitive. In the pricing structure, however, they need improvement."
"SSL VPN license cost is not cheap."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
Check Point NGFW is ranked 2nd in Firewalls with 184 reviews while Hillstone E-Series is ranked 29th in Firewalls with 2 reviews. Check Point NGFW is rated 8.8, while Hillstone E-Series is rated 9.0. The top reviewer of Check Point NGFW writes "Central architecture means we can see an end-to-end picture of attacks". On the other hand, the top reviewer of Hillstone E-Series writes "Efficient call processor and overall amazing ROI". Check Point NGFW is most compared with Fortinet FortiGate, Palo Alto Networks NG Firewalls, Azure Firewall, Cisco ASA Firewall and pfSense, whereas Hillstone E-Series is most compared with Fortinet FortiGate, Hillstone T-Series, Sophos XG, Palo Alto Networks NG Firewalls and Palo Alto Networks WildFire. See our Check Point NGFW vs. Hillstone E-Series report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
