We performed a comparison between Cisco Secure Firewall, Fortinet FortiGate, and Trellix Network Detection and Response based on real PeerSpot user reviews.
Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls."VPN, firewall, and IDS/IPS allow us to deliver services to meet client needs across various industry verticals."
"I love the ASDM (Adaptive Security Device Manager) which is the management suite. It's a GUI and you're able to see everything at a glance without using the command line. There are those who love the CLI, but with ASDM it is easier to see where everything is going and where the problems are."
"Because of the deeper inspection it provides we have better security and sections that allow users broader access."
"It protects our network."
"The benefits we see from the ASA are connected to teleworking as well as, of course, having the basic functionality of a firewall in place and the prevention of attacks."
"It is a very stable product. I've not had any issues with it. It is a super product, and I won't need to change it anytime soon."
"Cisco ASA is very strong."
"The command line is the same as it is on the Cisco iOS router."
"FortiGate SD-WAN facilitated a smooth transition for our customers between their two internet service providers, ensuring uninterrupted connectivity without any downtime."
"One of the nice things about FortiGate is that it can be deployed on the cloud or on-premises. You can actually do both. That's the biggest reason why I stick with this solution as opposed to something like Cisco Meraki. Another nice thing is that I can log directly into a FortiGate or get to it through their FortiCloud access products. They're pretty reliable and consistent. One of the reasons why I started using the product was their single pane of management. I can deploy their line of firewalls in conjunction with their switching and access points, and I can manage the entire network from one interface. I don't have to log into one interface for the firewall, another one for the access points, and another one for the switches. These firewalls have access point controller functionality built right into the system, so I don't even have to purchase additional devices to manage them."
"Fortigate's most valuable feature is that it doesn't need a push policy when writing rules."
"Fortinet FortiGate is a security device. It can optimize security on the networks of a company. It actually protects the company from attacks from outside. With FortiGate, you can categorize the users. You can create a group of users that can access all of the websites for their work. You can limit other users' access."
"Anti-Spam web content filterinG."
"Fortinet FortiGate has many valuable features, such as IDS, and intrusion detection. It has security features that are in part with the technologies that are available in the market."
"The signature database and zero-day detection are Fortinet FortiGate's most valuable features."
"The license management is very valuable. You can get a new license each year, or you can enroll every two to four years. You can get the logs, and you will get the information on the risk in your network and the entire organization. With this information, you can take action on your actives, computers, or devices. You can bring your own device as an SSE."
"Its ability to find zero-day threats, malware and anything malicious has greatly improved my customer's organization, especially for protecting the users' browser."
"It allows us to be more hands off in checking on emails and networking traffic. We can set up a bunch of different alerts and have it alert us."
"Over the thirteen years of using the product, we have not experienced a single compromise in our environment. During the COVID period, we faced numerous DDoS attacks, and the tool proved highly effective in mitigating these threats."
"The sandbox feature of FireEye Network Security is very good. The operating system itself has many features and it supports our design."
"If we are receiving spam emails, or other types of malicious email coming from a particular email ID, then we are able to block them using this solution."
"It protects from signature-based attacks and signature-less attacks. The sandboxing technology, invented by FireEye, is very valuable. Our customers go for FireEye because of the sandboxing feature. When there is a threat or any malicious activity with a signature, it can be blocked by IPS. However, attacks that do not have any signatures and are very new can only be blocked by using the sandboxing feature, which is available only in FireEye. So, FireEye has both engines. It has an IPS engine and a sandbox engine, which is the best part. You can get complete network protection by using FireEye."
"The server appliance is good."
"Improved our systems and our customers' by providing better malware protection, defense against zero-day threats, and improved network security."
"The security features in the URL category need more improvement."
"It would be great to have all the data correlated to have an overview and one point of administration."
"I'm not very familiar with the largest Firepower models, but competitors like Palo Alto seem to have a more capable engine to do, for instance, TLS/SSL decryption. As I understand, Firepower doesn't let you export the decrypted traffic so that, for instance, the security department can look at the traffic or inspect traffic. It's all in the box. I've heard rumors that this is something Cisco is working on, but it isn't yet available."
"Antivirus features must be integrated for end user security."
"The annual subscription cost is a bit high. They should try to make it comparable to other offerings. We have a number of Chinese products here in Pakistan, which are already, very cheap and have less annual maintenance costs compared to Cisco."
"There's a little bit of a disconnect between Firepower’s management and the rest of the products, like DNA and Prime. The solution should have fewer admin portals for network, security, and firewalls."
"Cisco is still catching up with its Firepower Next-Generation firewalls."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"It can be a little bit more user-friendly in terms of policy definition and implementation. It seems a little bit complicated, and it could be simplified."
"The visibility of the network can be better. The GUI can be improved for better visibility of the network flow. Other solutions have better GUI in terms of network visibility."
"Due to its higher cost, Fortinet FortiGate can lead to increased operational expenses."
"The solution can have more features in a single box that can be multi-applied to integrate everything."
"Price, of course, can always be more competitive or better."
"It should be more stable. There should be full integration within Fortinet products themselves as well as with other third-party products. Especially when you're not dealing with SIEM and the correlation of the security box, we want Fortinet to be able to share that information with as many other products as it can."
"Fortinet currently has many products bundled with FortiGate including the basic firewall and load balancer, and I think that that they need to have separate product portfolios for each of these specialized services."
"I would like reporting to be improved and should offer a lot more tools to monitor the products."
"Technical support could be improved."
"As far as future inclusions, it would be useful to display more threat intelligence, such as the actual area of the threat and the origin of the web crawling (Tor and Dark Web)."
"Technical packaging could be improved."
"I heard that FireEye recently was hacked, and a lot of things were revealed. We would like FireEye to be more secure as an organization. FireEye has to be more protective because it is one of the most critical devices that we are using in our environment. They have a concept called SSL decryption, but that is only the packet address. We would like FireEye to also do a lot of decryption inside the packet. Currently, FireEye only does encryption and decryption of the header, but we would like them to do encryption and decryption of the entire packet."
"Improvements could be achieved through greater integration capabilities with different firewall solutions. Integrating with the dashboard itself for different firewalls so users can also pull tags into their firewall dashboard."
"It doesn't connect with the cloud, advanced machine learning is not there. A known threat can be coming into the network and we would want the cloud to look up the problem. I would also like to see them develop more file replication and machine learning."
"It would be a good idea if we could get an option to block based upon the content of an email, or the content of a file attachment."
"They can maybe consider supporting some compliance standards. When we are configuring rules and policies, it can guide whether they are compliant with a particular compliance authority. In addition, if I have configured some rules that have not been used, it should give a report saying that these rules have not been used in the last three months or six months so that I disable or delete those rules."
More Trellix Network Detection and Response Pricing and Cost Advice →