We performed a comparison between Cisco Firepower NGFW Firewall and Palo Alto Networks WildFire based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Cisco Firepower is the winner in this comparison. It is relatively easy to deploy and is a fast and stable product with good customer support. In addition, compared to WildFire, it is reasonably priced.
"The most valuable feature is stability."
"The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy."
"Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch."
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable."
"The most valuable features of this solution are advanced malware protection, IPS, and IDS."
"The most valuable feature is the Intrusion Prevention System."
"The main thing that I love the most is its policy and objects. Whenever I try to give access to a user, I can create an object via group creation in the object fields. This way, I am not able to enter a user in the policy repeatedly."
"You have better control because you define apps. You just don't define ports. You define apps, and the apps are monitored in the traffic. It is more specific than the Cisco firewall when it comes to our needs."
"The most valuable features are all of the security features in terms of protection and SSL and VPN."
"The most valuable feature of this solution is how it keeps up-to-date with viruses."
"Remote access is excellent."
"What I like about Palo Alto is that it is a complete product, with everything in it."
"The most valuable feature is the improved security that it offers."
"WildFire's application encryption is useful."
"It gives a more accurate assessment of a virus in terms of whether it's truly a virus, malware, or a false positive. We have some legacy software that could pop up as being something that is malware. WildFire goes through and inspects it, and then it comes back and lets us know if it's a false positive. Usually, when it finds out that it's not a virus, it lets us know that it's benign, and it can exclude it from that scan, which means I don't even have to worry about that one popping up anymore."
"Implementations require the use of a console. It would help if the console was embedded."
"The only drawback of the user interface is when it comes to policies. When you open it and click on the policies, you have to move manually left and right if you want to see the whole field within the cell. Checkpoint has a very detailed user interface."
"The performance should be improved."
"We only have an issue with time sync with Cisco ASA and NTP. If the time is out of sync, it will be a disaster for the failover."
"They could improve by having more skilled, high-level engineers that are available around the clock. I know that's an easy thing to say and a hard thing to do."
"The maturity needs to be better."
"Cisco Firepower NGFW Firewall can be more secure."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"There are some formats that the solution cannot support ."
"The system performance degrades after the solution has been deployed for some time. The data that it gives us becomes a little bit slow. When you try to get some data for troubleshooting, it seems like it's working hard to extract that data."
"The configuration should be made a little bit easier. I understand why it is as it is, but there should be a way to make it easier from the user side."
"The automation and responsiveness need improvement."
"In the future, I would like to see more automation in the reporting."
"In terms of what I'd like to see in the next release of Palo Alto Networks WildFire, each release is based on malware that has been identified. The key problem is an average of six months from the time malware is written to the time it's discovered and a signature is created for it. The only advice that I can give is for them to shorten that timeframe. I don't know how they would do it, but if they shorten that, for example, cut it in half, they'll make themselves more famous."
"The deployment model could be better."
"Our main concern is that everything has to be synced with the WildFire Cloud and has to be checked through the subscription."
Cisco Firepower Next-Generation Firewall (NGFW) is a firewall that provides capabilities beyond those of a standard firewall and delivers comprehensive, unified policy management of firewall functions, application control, threat prevention, and advanced malware protection from the network to the endpoint.
Cisco NGFW Firewalls include advanced threat defense capabilities to meet diverse needs, from small offices to high-performance data centers and service providers, and are deployed in leading private and public clouds. Available in a wide range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Cisco NGFW firewalls are also available with clustering for increased performance, high availability configurations, and more.
Key Features of Cisco NGFW Firewalls
Reviews from Real Users
Cisco NGFW stands out among its competitors for a number of reasons. Two major ones are its extensive discovery abilities that enable you to constantly see what is happening on your network and take action when necessary, and the high level of protection it provides.
Mike B., a director of IT security at a wellness & fitness company, writes, "It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."
Zhulien K., the lead network security engineer at TechnoCore LTD, notes, " The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy. Again, with that being said, I cannot shy away from giving kudos to all of the other features such as AVC (Application Visibility and Control), SSL Decryption, Identity policy, Correlation policy, REST API, and more. All of the features that are incorporated in the Cisco Firepower NGFW are awesome and easy to configure if you know what you are doing. Things almost always work, unless you hit a bug, which is fixed with a simple software update. "
Cisco Firepower NGFW Firewall is ranked 5th in Firewalls with 53 reviews while Palo Alto Networks WildFire is ranked 1st in ATP (Advanced Threat Protection) with 21 reviews. Cisco Firepower NGFW Firewall is rated 8.2, while Palo Alto Networks WildFire is rated 8.2. The top reviewer of Cisco Firepower NGFW Firewall writes "The ability to implement dynamic policies for dynamic environments is important, given the fluidity in the world of security". On the other hand, the top reviewer of Palo Alto Networks WildFire writes "Intuitive, stable, and scalable zero-day threat prevention solution with a machine learning feature". Cisco Firepower NGFW Firewall is most compared with Fortinet FortiGate, Cisco ASA Firewall, Meraki MX, Check Point NGFW and pfSense, whereas Palo Alto Networks WildFire is most compared with Cisco ASA Firewall, Fortinet FortiGate, Proofpoint Email Protection, Juniper SRX and Zscaler Internet Access.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.