"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"A good intrusion prevention system and filtering."
"There are no issues that we are aware of. It does its job silently in the background."
"One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now."
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to improve their end to end firewall functionality."
"The feature set is fine and is rarely a problem."
"Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches."
"The App-ID feature is the coolest feature because you don't need to open a new port. Apps are directly linked to the port. It provides one of the best ways to lock down the additional port switch."
"The most valuable feature is WildFire, which blocks sophisticated attacks and distinguishes it from other traditional firewall functions."
"The stability of the product has been good over the years."
"I love the Policy Optimizer feature. I am also completely happy with its stability."
"We have found the DPI ability to understand web applications and build access rules on web application categories first to be a great feature."
"GlobalProtect and App-ID features are very good."
"The technology's very good. We have had a lot of good experience with this solution."
"Identifying applications is very easy with this solution."
"An area of improvement for this solution is the console visualization."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"This product is managed using the Firepower Management Center (FMC), but it would be better if it also supported the command-line interface (CLI)."
"We only have an issue with time sync with Cisco ASA and NTP. If the time is out of sync, it will be a disaster for the failover."
"When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance."
"One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment. In that amount of time, management or someone else can ask me to change something or to provide permissions, but during that time, doing so is not possible. It's a drawback with Cisco. Other vendors, like Palo Alto or Fortinet do not have this deployment time issue."
"A major area of improvement would be to have more functionality in public clouds, especially in terms of simplifying it. The high availability doesn't work right now because of the limitations in the cloud."
"Cisco Firepower NGFW Firewall can be more secure."
"Its stability can be better. Their technical response from the support side can also be better."
"Having a better pricing model would make this product more competitive, and more affordable for our customers."
"The VPN connectors should be better. We had some challenges in terms of the VPN with Palo Alto Networks NG Firewall, and that's one of the main reasons why we moved to Sophos. Its load handling can also be improved. There were challenges when traffic was high. During peak business hours, it did not function very well. There was a lot of slowness, and the users used to complain, especially when they were connecting from outside. We even reported this to the support team. Their support should also be improved. Technical support was a bit of a concern while using this solution. We didn't get very good support from the Palo Alto team."
"The SD-WAN product is fairly new. They could probably improve that in terms of customizing it and making the configuration a little bit easier."
"The user interface is probably not as slick as it could be."
"They can work on the price. They are a little bit expensive, and not all customers are able to afford this solution. Taking into consideration that there is huge competition in the market and there are multiple firewall companies that are much cheaper than them and offer almost the same features, it would be good to improve the price."
"Palo Alto keeps coming out with antivirus and malware updates. When we have to integrate those updates we face some problems with the cloud platform, not the on-prem setup. The device works fine, but sometimes the sync doesn't happen on time."
"The machine learning in Palo Alto NG Firewalls for securing networks against threats that are able to evolve and morph rapidly is good, in general. But there have been some cases where we get false positives and Palo Alto has denied traffic when there have been new updates and signature releases. Valid traffic gets blocked. We have had some bad experiences with this. If there were an ability, before it denies traffic, to get some kind of notification that some traffic is going to be blocked, that would be good."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Cisco Firepower NGFW Firewall is ranked 4th in Firewalls with 47 reviews while Palo Alto Networks NG Firewalls is ranked 7th in Firewalls with 78 reviews. Cisco Firepower NGFW Firewall is rated 8.2, while Palo Alto Networks NG Firewalls is rated 8.6. The top reviewer of Cisco Firepower NGFW Firewall writes "The ability to implement dynamic policies for dynamic environments is important, given the fluidity in the world of security". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "The product stability and level of security are second to none in the industry". Cisco Firepower NGFW Firewall is most compared with Fortinet FortiGate, Cisco ASA Firewall, Meraki MX, Palo Alto Networks WildFire and Juniper SRX, whereas Palo Alto Networks NG Firewalls is most compared with Azure Firewall, Fortinet FortiGate, Check Point NGFW, Meraki MX and OPNsense. See our Cisco Firepower NGFW Firewall vs. Palo Alto Networks NG Firewalls report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
There are some major differentiators that make Palo Alto more preferable. First of all Palo Alto's Hardware is FPGA based, which has no parallel. Due to this capability it supports SP3 technology which provides single pass parallel processing architecture. This means PA processes traffic through all the engines i.e. application, IPS and others simultaneously. This improves resiliency and provides exactly the same throughput which committed in PA data sheet. PA has been in the leaders magic quadrant of Gartner for the 7th consecutive time in a row, which shows its block capability is above power. Moreover, it is very user friendly and easy for configure. Palo Alto provides all routing features plus IPsec tunnels without any license - license subscriptions are only required for security bundles. Palo Alto has on-box (without any additional license or cost) reporting capability that no other firewall has at the moment.
On the contrary, Cisco Firewall and its management center is not stable and lacks user friendly operations.
Well they are two leaders, one from US, another from Israel.
Checkpoint is the first well known firm to launch firewalls.
Palo Alto is certainly now the leader, but could be expensive in strong configurations. It supports virtualization very well and is number one for reporting.
Checkpoint NGFW is strong but under competition for high volumes when compared referred to a comparable appliance (Fortinet for instance). It needs perhaps more technical knowledge to administrate, in spite of an amazing choice of blades in the NGFW offering.
The reliability depends on your partner or integrator and a good definition of needs to have a proper sizing of your equipment.
Ease of Use
- GUI familiarities and adoption level can differ from user to user.
- Personally I found CISCO ASA interface is hard to comprehend compare to Palo Alto
- Command line interface is good, only challenge is past experience and correctness of commands to get error free results!
Performance of the Appliance
- Palo Alto VS CISCO - Palo Alto is better performing appliance.
Palo Alto is the market leader and a company with a very holistic approach to security. Firewalls are its mainstream business, whereas Cisco basically known as a networking company is trying to be one of the major players in providing security solutions. Things like advantages, disadvantages, usage and practices is a very vast topic. Generally companies already having Cisco infrastructure tend to choose Cisco firewalls from the integration point of view. Palo Alto firewalls could be more expensive.
Pick a product model for both vendors: Cisco & Palo Alto (refer to technical data sheets and whitepapers --) See the key differences on your target or specific needs).
Practical evaluation by a person who has both products under the belt and can share their experiences...
Anyone inputs, please?