We performed a comparison between Cisco Firepower NGFW Firewall and WatchGuard Firebox based on real PeerSpot user reviews.
Find out in this report how the two Firewalls solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."
"The feature set is fine and is rarely a problem."
"With Cisco, there are a lot of features such as the network map. Cisco builds the whole network map of the machines you have behind your firewall and gives you insight into the vulnerabilities and attributes that the host has. Checkpoint and Fortinet don't have that functionality directly on the firewall."
"The main thing that I love the most is its policy and objects. Whenever I try to give access to a user, I can create an object via group creation in the object fields. This way, I am not able to enter a user in the policy repeatedly."
"Provides good integrations and reporting."
"Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"I have experience with URL filtering, and it is very good for URL filtering. You can filter URLs based on the categories, and it does a good job. It can also do deep packet inspection."
"The most valuable features are the VPN and web blocker security."
"The main features of the solution are the control of the site-to-site network access and the overall features."
"The most valuable feature of WatchGuard Firebox is its ease of use."
"The ease of use is most valuable. You can quickly train someone who hasn't seen a firewall in life. You can get people up to speed, and in a few months, they are able to manage this product very easily. It is a very user-friendly, scalable, and stable product. Its price is also spot-on."
"Two of the functionalities we use most are the traffic monitoring and the full panel dashboard. Those are two things that are very useful for us... In addition, it provides us with layered security. It allows us to determine what types of access, to which networks, we want to allow or deny."
"All of the features have been valuable. There's nothing on my M270 that I'm not using. If you have remote access, you can see how many users are coming from the outside world to be connected to the systems, through the virus systems that we have behind the firewall, in order to gain access to their files and do their work. We can also see how long they stay online and whether these connections are closed forcefully or for any other reasons, such as a glitch or some kind of misbehavior, to see if internet traffic is optimized and if that particular traffic is under company policies, concerning which websites were visited."
"I like that this product has very few issues."
"Firebox's best feature is the access portal."
"The only drawback of the user interface is when it comes to policies. When you open it and click on the policies, you have to move manually left and right if you want to see the whole field within the cell. Checkpoint has a very detailed user interface."
"The performance should be improved."
"Deploying configurations takes longer than it should."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it."
"This product is managed using the Firepower Management Center (FMC), but it would be better if it also supported the command-line interface (CLI)."
"An area of improvement for this solution is the console visualization."
"It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."
"There's always room for improvement, especially if the threats are getting more sophisticated and the IT department cannot sufficiently meet this kind of sophistication with their own knowledge and experience. Knowing that this solution can get up to the level of addressing a lot of these threats is something that everybody wishes for. If we look at the dark web and the lawful web, they are two opposites, and if these two good and bad collide in the world of the internet, you want the best possible product—especially if you cannot get to that point of knowledge. I am just an individual and end user, with limited knowledge of usage. That's why I say there's always room for improvement, from their side and also from mine, because by knowing exactly what they can achieve and the knowledge that they can get on an everyday basis, and the portion that is understandable to me, it's an improvement for them as well."
"What could use some significant improvement in WatchGuard Firebox would be its interface and policy management. An additional feature I'd like to see in the next release of WatchGuard Firebox is the ability to modify an existing policy instead of having to recreate a policy when changes are necessary. At the moment, there's no possibility to modify the policy. You have to delete the policy and recreate it."
"I would like to have a little more control over access points and the ability to see the bandwidth that is passing through a specific access point. We are not able to see that. We can see what traffic is passing through the Firebox itself, but we can't identify if it is coming from a particular access point or not."
"They are working on cloud-based options. However, they do not have the options fully functional in their solution at this time."
"This is a great product and offers great protection but they don't hear the customers' needs. They don't make improvements as per the customers' requests."
"An area for improvement is that when we use a web administration link, there is no security."
"The solution is lacking a professional website, they should be updated more often."
"There should be better integration and a way to configure multiple vendors into the same data center in order to offer more flexibility."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
Cisco Firepower NGFW Firewall is ranked 7th in Firewalls with 53 reviews while WatchGuard Firebox is ranked 4th in Unified Threat Management (UTM) with 20 reviews. Cisco Firepower NGFW Firewall is rated 8.2, while WatchGuard Firebox is rated 8.2. The top reviewer of Cisco Firepower NGFW Firewall writes "The ability to implement dynamic policies for dynamic environments is important, given the fluidity in the world of security". On the other hand, the top reviewer of WatchGuard Firebox writes "Competent, basic front-end; the ports that I have assigned appear to be unattainable to outsiders". Cisco Firepower NGFW Firewall is most compared with Fortinet FortiGate, Cisco ASA Firewall, Meraki MX, Palo Alto Networks WildFire and Palo Alto Networks VM-Series, whereas WatchGuard Firebox is most compared with Fortinet FortiGate, pfSense, Sophos XG, Meraki MX and Stormshield Network Security. See our Cisco Firepower NGFW Firewall vs. WatchGuard Firebox report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
