We performed a comparison between Cisco Secure Firewall, Fortinet FortiGate, and Sophos UTM based on real PeerSpot user reviews.
Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls."The most valuable feature is the access control list (ACL)."
"For our very specific use case, for remote access for VPN, ASAs are very good."
"The implementation is pretty straightforward."
"Management Console and user profiling to define activities."
"You can also put everything into a nice, neat, little package, as far as configuration goes. I was formerly a command-line guy with the ASA, and I was a little nervous about dealing with a GUI interface versus a command line, but after I did my first deployment, I got a lot more comfortable with doing it GUI based."
"I'm a big fan of SecureX, Cisco's platform for tying together all the different security tools. It has a lot of flexibility and even a lot of third-party or non-Cisco integration. I feel like that's a really valuable tool."
"Everything is all documented in the file or in the command line script that gets uploaded to the device. It gives us great visibility."
"ASA is stable and with a low level of work required on the maintenance side."
"FortiGate has a strong security topic which allows all of the Fortinet devices to communicate and share information which makes their security more powerful."
"Virtual Domains (VDOMs) are a feature that we found valuable."
"The stability and scalability of this solution are satisfactory. Its SD-WAN, VPN, and URL filtering features are very useful."
"The most valuable features of Fortinet FortiGate are the ease of use and the UI. It has always provided me with what I needed. I have no need for additional costs that other solutions have, such as Sophos."
"The most valuable features of Fortinet FortiGate are the APIs. They are the most widely known."
"Fortinet has a very good solution for Secure SD-WAN. One very good feature is that they have robust and simple FortiOS through which they provide all solutions. That's their strength. There's not much complexity involved with the Secure SD-WAN solution of Fortinet as compared to Cisco's solution, which has a lot of flexibility but complexity also comes with that flexibility."
"We use a lot of function on the IPS and it works well for us."
"User-friendly and affordable security solution that's recommended for SMB customers. This solution has good technical support."
"Efficient and effective - it's easy to separate rules."
"The three most important features for us are web protection, web server protection, and network protection."
"I have no problem with the cost or licensing of this solution. This is a primary reason whay I wanted this solution. It does the same thing cheaper than other name brands."
"Has great security features and does a good job of protecting the network."
"The intrusion prevention is great, and I like dual virus scanning on the network layer because we scan it through Avira and Sophos. Web filtering is also a fantastic option for clients who want to really lock down internet access."
"It allows our developers to be able to securely log into servers to deploy and manage software."
"Sophos has a single pane of glass which allows me to manage all my VPCs from a single instance, managing all my firewall from one place."
"Configuration could not be made any easier."
"The usability of Cisco Firepower Threat Defense is an issue. The product is still under development, and the user interface is very difficult to deal with."
"The main problem we have is that things work okay until we upgrade the firmware, at which point, everything changes, and the net stops working."
"The policies module in FMC specifically isn't the most user-friendly. Coming from Cisco ASA, Cisco ASA is a little bit easier to use. When you get into particularly complex deployments where you have a lot of different interfaces and all that kind of stuff, it's a little bit tricky. Some usability improvements there would be nice."
"The worst part of the entire solution, and this is kind of trivial at times, is that management of the solution is difficult. You manage FireSIGHT through an internet browser. I've had Cisco tell me to manage it through Firefox because that's how they develop it. The problem is, depending on the page you're on, they don't function in the same way. The pages can be very buggy, or you can't resize columns in this one, or you can't do certain things in that one. It causes a headache in managing it."
"Technical support takes a long time to respond."
"Setting it up is not as intuitive as other more modern NGFWs."
"We don't have any serious problems. The firewall models that we have are quite legacy, and they have slower performance. We are currently investigating the possibility of migrating to next-generation firewalls."
"We are still running the original ASAs. The software that you are running for the ASDM software and Java application has never been a lot of fun to operate. It would have been nice to see that change update be redesigned with modern systems, which don't play nicely with Java sometimes. Cybersecurity doesn't seem to love how that operates. For us, a fresher application, taking advantage of the hardware, would have been a better approach."
"Price, of course, can always be more competitive or better."
"Lacks sufficient security options."
"It is stable, but its stability can be improved."
"The solution could have licensing fees reduced in the future."
"I think there could be more QoS features"
"I need user-behavior analytics, to find threat scenarios from inside the organization, insider attacks. That would be very helpful for us. In addition, I would like next-generation features for small and medium businesses. These businesses require UTM, all in one product. Fortinet must include it."
"The inability to scale the FortiAnalyzer to match our growth necessitates the purchase of new hardware."
"Security is a continuous process. In every product, there is a requirement for improvement. Its pricing should also be improved according to Indian market requirements. They must also improve on the reporting part. Its reporting can be more precise. If we can get a real-time report in a specific format, it will be helpful for customers to know about the current status of their security."
"The documentation during the AWS integration was a little fuzzy on getting it to work with how the whole public exposure versus private exposure, then routing some of the traffic."
"Anti-phishing functionality should be improved."
"The pricing is an issue."
"It does have built-in policies, which enable you to disable USB devices, etc. It would be nice if they had more policies because there are not that many of them."
"Sophos UTM could improve the way the configuration has to be done. I have to do the configuration through the command line interface but if it could be done through the graphical user interface it would be much better."
"I would like to see the SD-WAN feature improved."
"Sophos UTM's firewall is a bit weak, and some of its features lack depth compared to other products like F5."
"As it stands right now, when we have an internet failure on WAN1, it takes several minutes before our WAN2 connection picks up the traffic"