"It's got the capabilities of amassing a lot of throughput with remote access and VPNs."
"Its Snort 3 IPS has better flexibility as far as being able to write rules. This gives me better granularity."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"I have access to the web version of Cisco Talos to see the reputation of IP addresses. I find this very helpful. It provides important information for my company to obtain the reputation of IP addresses. The information in Talos is quite complete."
"There are no issues that we are aware of. It does its job silently in the background."
"The most valuable feature is the access control list (ACL)."
"We have not had to deal with stability issues."
"The way in which a computer is immediately isolated if it starts behaving badly and I get a notification of an infected computer is also extremely nice and a great feature."
"The Smart Dashboard allows for rule creation and administration and management and is user-friendly."
"We have not had any issues with the firewall."
"The uncomplicated configuration ensures that mistakes are avoided and rules are easily audited."
"We have found the solution to be scalable."
"The level of security is excellent. It protects our organization well."
"The packet inspections have been a strong point."
"The QoS blade is very good for controlling traffic such as Windows patches, mail traffic and other stuff."
"The features I have found best are ease of use, GUI, and performance."
"pfSense is easy to use, has user-friendly dashboards, and useful blocking features."
"The VPN is my favorite feature."
"The intrusion detection feature is the most valuable. It is an open-source firewall, so there is a lot of material on it. I also find the open VPN capability very nice. It is pretty customizable. The clustering and the high availability are the two biggest things to be able to get out of a firewall."
"The initial setup is not complex."
"A valuable feature is that the solution is open source."
"We like the fact that the product is open-source. It's free to use. There are no costs associated with it."
"The most valuable features of pfSense are the reports, monitoring, filtration, and blocking incoming and outgoing traffic."
"The performance should be improved."
"An area of improvement for this solution is the console visualization."
"One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically."
"Web filtering needs improvement because sometimes the URL is miscategorized."
"When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance."
"Cisco Firepower is not completely integrated with Active Directory. We are trying to use Active Directory to restrict users by using some security groups that are not integrated within the Cisco Firepower module. This is the main issue that we are facing."
"In a future release, it would be ideal if they could offer an open interface to other security products so that we could easily connect to our own open industry standard."
"Cisco Firepower NGFW Firewall can be more secure."
"We find the GUI to be wrong and the CLI doesn't always show all of the connections."
"It could be more stable and scalable. Check Point price and support could be better."
"Check Point can scale but at times we have experienced some issues."
"The antivirus is less effective than its competitors' antivirus. The antivirus is good, but in other firewalls, such as Palo Alto, it's quite effective. Check Point should provide more output. Sometimes it provides comprehensive information and sometimes it doesn't."
"Check Point products have many places that need to be improved, but they are constantly upgrading."
"I would like to see Check Point add more cloud management features and better integration with LAN software-defined networking."
"Geo-blocking would be very useful. There are too many attempts to infiltrate by non-country users. I can block access by IP address or IP network, however, a country-level blocking would be more useful and much quicker to implement."
"I would like less CPU-intensive features to be introduced to replace the existing heavy-duty processes."
"They could improve their commercial stance and be more agile when it comes to the commercial pricing of enterprise deals."
"The solution could always work at being more secure. It's a good idea to continue to work on security features and capabilities in order to ensure they can keep clients safe."
"It needs to be more secure."
"In terms of areas of improvement, the interface seemed like it had a lot. The GUI interface that I had gotten into was rather elaborate. I don't know if they could zero in on some markets and potentially for small, medium businesses specifically, give them a stripped-down version of the GUI for pfSense."
"In an upcoming release, the reporting could be more user-friendly. For example, the reporting in graphs and charts for the host can be cumbersome."
"The interface is not very shiny and attractive."
"We had training from an advisor for the configuring of this solution and it was not difficult. However, if we were not trained it would have been not as easy."
"The solution could improve by having centralized management and API support online."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
Check Point NGFW is ranked 2nd in Firewalls with 184 reviews while pfSense is ranked 3rd in Firewalls with 61 reviews. Check Point NGFW is rated 8.8, while pfSense is rated 8.4. The top reviewer of Check Point NGFW writes "Central architecture means we can see an end-to-end picture of attacks". On the other hand, the top reviewer of pfSense writes "Feature-rich, well documented, and there is good support available online". Check Point NGFW is most compared with Fortinet FortiGate, Palo Alto Networks NG Firewalls, Azure Firewall, Cisco ASA Firewall and Juniper SRX, whereas pfSense is most compared with OPNsense, Fortinet FortiGate, Sophos XG and Untangle NG Firewall. See our Check Point NGFW vs. pfSense report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.