"It's got the capabilities of amassing a lot of throughput with remote access and VPNs."
"Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete."
"There are no issues that we are aware of. It does its job silently in the background."
"The most valuable feature is the access control list (ACL)."
"We have not had to deal with stability issues."
"The way in which a computer is immediately isolated if it starts behaving badly and I get a notification of an infected computer is also extremely nice and a great feature."
"The Smart Dashboard allows for rule creation and administration and management and is user-friendly."
"We have not had any issues with the firewall."
"The uncomplicated configuration ensures that mistakes are avoided and rules are easily audited."
"We have found the solution to be scalable."
"The level of security is excellent. It protects our organization well."
"The packet inspections have been a strong point."
"The QoS blade is very good for controlling traffic such as Windows patches, mail traffic and other stuff."
"The features I have found best are ease of use, GUI, and performance."
"pfSense is easy to use, has user-friendly dashboards, and useful blocking features."
"The VPN is my favorite feature."
"The intrusion detection feature is the most valuable. It is an open-source firewall, so there is a lot of material on it. I also find the open VPN capability very nice. It is pretty customizable. The clustering and the high availability are the two biggest things to be able to get out of a firewall."
"The initial setup is not complex."
"A valuable feature is that the solution is open source."
"We like the fact that the product is open-source. It's free to use. There are no costs associated with it."
"The most valuable features of pfSense are the reports, monitoring, filtration, and blocking incoming and outgoing traffic."
"The performance should be improved."
"An area of improvement for this solution is the console visualization."
"One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically."
"Web filtering needs improvement because sometimes the URL is miscategorized."
"When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance."
"Cisco Firepower is not completely integrated with Active Directory. We are trying to use Active Directory to restrict users by using some security groups that are not integrated within the Cisco Firepower module. This is the main issue that we are facing."
"In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard."
"Cisco Firepower NGFW Firewall can be more secure."
"We find the GUI to be wrong and the CLI doesn't always show all of the connections."
"It could be more stable and scalable. Check Point price and support could be better."
"Check Point can scale but at times we have experienced some issues."
"The antivirus is less effective than its competitors' antivirus. The antivirus is good, but in other firewalls, such as Palo Alto, it's quite effective. Check Point should provide more output. Sometimes it provides comprehensive information and sometimes it doesn't."
"Check Point products have many places that need to be improved, but they are constantly upgrading."
"I would like to see Check Point add more cloud management features and better integration with LAN software-defined networking."
"Geo-blocking would be very useful. There are too many attempts to infiltrate by non-country users. I can block access by IP address or IP network, however, a country-level blocking would be more useful and much quicker to implement."
"I would like less CPU-intensive features to be introduced to replace the existing heavy-duty processes."
"They could improve their commercial stance and be more agile when it comes to the commercial pricing of enterprise deals."
"The solution could always work at being more secure. It's a good idea to continue to work on security features and capabilities in order to ensure they can keep clients safe."
"It needs to be more secure."
"In terms of areas of improvement, the interface seemed like it had a lot. The GUI interface that I had gotten into was rather elaborate. I don't know if they could zero in on some markets and potentially for small, medium businesses specifically, give them a stripped-down version of the GUI for pfSense."
"In an upcoming release, the reporting could be more user-friendly. For example, the reporting in graphs and charts for the host can be cumbersome."
"The interface is not very shiny and attractive."
"We had training from an advisor for the configuring of this solution and it was not difficult. However, if we were not trained it would have been not as easy."
"The solution could improve by having centralized management and API support online."
Cisco Firepower Next-Generation Firewall (NGFW) is a firewall that provides capabilities beyond those of a standard firewall and delivers comprehensive, unified policy management of firewall functions, application control, threat prevention, and advanced malware protection from the network to the endpoint.
Cisco NGFW Firewalls include advanced threat defense capabilities to meet diverse needs, from small offices to high-performance data centers and service providers, and are deployed in leading private and public clouds. Available in a wide range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Cisco NGFW firewalls are also available with clustering for increased performance, high availability configurations, and more.
Key Features of Cisco NGFW Firewalls
Reviews from Real Users
Cisco NGFW stands out among its competitors for a number of reasons. Two major ones are its extensive discovery abilities that enable you to constantly see what is happening on your network and take action when necessary, and the high level of protection it provides.
Mike B., a director of IT security at a wellness & fitness company, writes, "It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."
Zhulien K., the lead network security engineer at TechnoCore LTD, notes, " The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy. Again, with that being said, I cannot shy away from giving kudos to all of the other features such as AVC (Application Visibility and Control), SSL Decryption, Identity policy, Correlation policy, REST API, and more. All of the features that are incorporated in the Cisco Firepower NGFW are awesome and easy to configure if you know what you are doing. Things almost always work, unless you hit a bug, which is fixed with a simple software update. "
Check Point NGFW is a next generation firewall that enables safe usage of internet applications by blocking malicious applications and unblocking safe applications. Check Point NGFW, which uses deep packet inspection to identify and control applications, has features such as application and user control and integrated intrusion prevention (IPS), as well as more advanced malware prevention capabilities like sandboxing.
Check Point NGFW includes 23 firewall models optimized for running all threat prevention technologies simultaneously, including full SSL traffic inspection, without compromising on security or performance.
Benefits of Check Point's Next Generation Firewall
Check Point NGFW is suitable for organizations of all sizes, from small businesses to larger enterprises.
Reviews from Real Users
Check Point NGFW stands out among its competitors for a number of reasons. Two major ones are its intrusion prevention feature as well as its centralized management, which makes it very easy to deploy firewall policies to many firewalls with one click.
Shivani J., a network security administrator, writes, "Check Point has a lot of features. The ones I love are the antivirus, intrusion prevention, and data loss prevention."
G., a network administrator at Secretaría de Finanzas de Aguascalientes, writes, “Within the organization, the inspection of packages has given us great help in detecting traffic that may be a threat to the institution. The configuration of policies has allowed us to maintain control of access and users for each institution that is incorporated into our headquarters.”
Arun J., a senior network engineer, notes, “The nicest feature is the centralized management of multiple firewalls. With the centralized management, we can easily use and operate multiple firewalls as well as create a diagram of them.”
pfSense is a free and open-source operating system for routers and firewalls, and is typically configured as DHCP server, DNS server, WiFi access point, VPN server, all running on the same hardware device. It is operated through a user-friendly web interface, making administration easy even for users with limited networking knowledge.
In addition, pfSense is feature-rich, has a mature platform, is customizable, is flexible by design, and can be used on a small home router as well as run the entire network of a large corporation. pfSense puts you in control of your networking, is regularly updated, and works to promptly patch security issues. pfSense has recently become the favored alternative to the industry leader, Cisco.
pfSense Key Features
pfSense has many key features and capabilities, including:
Reviews from Real Users
Below is some feedback from PeerSpot Users who are currently using the solution.
Bojan O., CEO at In.sist d.o.o., says, “The classic features, such as content inspection, content protection, and the application-level firewall, are the most important."
Another PeerSpot user, a chef at a media company, explains what he finds most valuable about pfSense: "The plugins or add-ons are most valuable. Sometimes, they are free of charge, and sometimes, you have to pay for them, but you can purchase or download very valuable plugins or add-ons to perform internal testing of your network and simulate a denial-of-service attack or whichever attack you want to simulate. You can also remote and monitor your network and see where the gap is."
T.O., a VP of Business Development at a tech services company, mentions, "What I found most valuable is the cost of the platform, the flexibility of the platform, and the fact that the ongoing fees are not there as they are with the competitor."
Check Point NGFW is ranked 2nd in Firewalls with 184 reviews while pfSense is ranked 3rd in Firewalls with 61 reviews. Check Point NGFW is rated 8.8, while pfSense is rated 8.4. The top reviewer of Check Point NGFW writes "Central architecture means we can see an end-to-end picture of attacks". On the other hand, the top reviewer of pfSense writes "Feature-rich, well documented, and there is good support available online". Check Point NGFW is most compared with Fortinet FortiGate, Palo Alto Networks NG Firewalls, Azure Firewall, Cisco ASA Firewall and Juniper SRX, whereas pfSense is most compared with OPNsense, Fortinet FortiGate, Sophos XG and Untangle NG Firewall. See our Check Point NGFW vs. pfSense report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.