We performed a comparison between Cisco Secure Firewall, Fortinet FortiGate, and Juniper SRX Series Firewall based on real PeerSpot user reviews.
Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls."Valuable features include AnyConnect, double translations, and an independent IPS module."
"Implementing Cisco Secure Firewall has saved us time because we rely on most of the out-of-the-box signatures. It has reduced the time and effort spent in configuration within the security network."
"VPN load balancing has been particularly essential for my connections to integrate via multiple time zones."
"It is easy to create interfaces and routing, which all can be done at the GUI level."
"I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable."
"Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch."
"If you have a solution that is creating a script and you need to deploy many implementations, you can create a script in the device and it will be the same for all. After that, you just have to do the fine tuning."
"Cisco ASA works out-of-the-box. With the setup wizard, it was easy to get it deployed quickly, even by novice IT users."
"Offers good security and filtering."
"The solution is stable."
"I like how we can achieve total integration."
"Whenever I need something, Fortinet improves and updates the software for me."
"The SD-WAN function is very developed. It has SD-WAN functionality with security features in one device. We can manage from one single console SD-WAN and the security policy."
"It's very fast and easy to configure."
"This is an easy solution to deploy."
"I appreciate FortiGate's flexibility, which allows for centralized management through FortiManager."
"The user interface is good."
"The ports are really versatile for their application and don't always have to be used for the purpose for which they were made."
"The solution's stability is very good."
"The EEE security controls allow us to make policy restrictions, so I can customize port numbers to allow or limit control."
"The most valuable feature is the virtualization because it can be used for customers who are using the mobile data network to request a private connection to a remote site."
"We think they have a good interface, the operating system is good, it's robust. It has plenty of great features, and the relation between the cost and benefits works for our business."
"The deployment is quite easy and fast."
"The solution is relatively easy and inexpensive to maintain."
"It is surprising that you need to have a virtual appliance for the Firepower Management Center. It is not good if you have to setup a VMware server just for it."
"I would like to see the inclusion of more advanced antivirus features in the next release of this solution."
"The user interface for the Firepower management console is a little bit different from traditional Cisco management tools. If you look at products we already use, like Cisco Prime or other products that are cloud-based, they have a more modern user interface for managing the products. For Firepower, the user interface is not very user-friendly. It's a little bit confusing sometimes."
"There are always vulnerabilities that come up and there was one in early 2018 but this was patched with software updates."
"We don't have any serious problems. The firewall models that we have are quite legacy, and they have slower performance. We are currently investigating the possibility of migrating to next-generation firewalls."
"We only have an issue with time sync with Cisco ASA and NTP. If the time is out of sync, it will be a disaster for the failover."
"If I want to activate IPS features on it, I have to buy another license. If I want Cisco AnyConnect, I have to buy another license. That's where we have challenges."
"Also, they have a Firepower source file that I can work on the ASA device and on Firepower devices. A problem here lies in the way that you manage these devices. Some devices do not support the FMC, and some devices have to be managed through ASDM, and others have to be managed through FMC."
"I could not configure sFlow from the FortiGate graphical user interface. I realized that the sFlow configuration is available only from the CLI, and discovered that sFlow is not supported on virtual interfaces, such as VDOM links, IPsec, or GRE."
"Fortinet FortiGate is a stable solution. However, my issue is the performance only. When I use all the profiles, this affects the performance. From the beginning, I should have had a better sizing of the box."
"FortiGate support could do some improvements on their IPv6 configuration. Right now it's still in the very early stage for utilizing in an enterprise level network environment."
"I would like to see a more intuitive dashboard."
"There is room for improvement related to the logging and reporting aspect."
"We'd like more management across other integrations."
"Reporting is limited to providing an external appliance for improving the reporting capabilities of the FortiAnalyzer. It does not offer a central management and is also sold separably as an appliance."
"Its filtering is sometimes too precise or strict. We sometimes have to bypass and authorize some of the sites, but they get blocked. We know that they are trusted sites, but they are blocked, and we don't know why."
"The Juniper product has to improve in terms of innovation."
"In some cases, customers encounter issues related to network interfaces, while others prioritize security concerns."
"As a networking person, I don't really have any major issues with this device. Based on my experience of using it in a cluster, it could be more stable. I had an incident when one of the SRXs in a cluster couldn't learn ARP. It is a good solution, but firewalls don't seem to be an area of development for Juniper. They are focusing on data centers, routers, and switches, not firewalls."
"The GUI needs to be easier to handle."
"Juniper needs to focus more on their perimeter firewalls."
"The solution could cost less. It's a bit expensive right now."
"It would be good if Junos had "unique commands" between all hierarchical levels, discarding the use of the "Run" command."
"The user interface is something that Juniper needs to improve."