We performed a comparison between Cisco Secure Firewall, Fortinet FortiGate, and WatchGuard XTM [EOL] based on real PeerSpot user reviews.
Find out what your peers are saying about Netgate, Fortinet, OPNsense and others in Firewalls."Netting is one of the best features. We can modify it in different ways. Site-to-site VPN is also an awesome feature of Cisco ASA. The biggest advantage of Cisco products is technical support. They provide the best technical support."
"The most stable firewall I’ve ever worked with. Once you get the ASA set up properly, it can run for a whole year without any major issues, apart from the normal daily administration."
"The command line is the same as it is on the Cisco iOS router."
"I like all of the features."
"With Cisco, there are a lot of features such as the network map. Cisco builds the whole network map of the machines you have behind your firewall and gives you insight into the vulnerabilities and attributes that the host has. Checkpoint and Fortinet don't have that functionality directly on the firewall."
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"Cisco has the best documentation. You can easily find multiple documents by searching the web. Even a child can go online and find the required information."
"They are easy to maintain."
"The IPS is good. It protect my network from attackers."
"It's a firewall that secures our internal network. I have been using it since 2013, and I find that most of the features are advanced, and very user friendly."
"I only deal with it from a security analyst's point of view. I don't really get into the features of the actual FortiGate. From the security point of view, it works, and it does its job."
"The solution has very good threat and content filtering switches."
"The network security and cloud security are most valuable."
"FortiGate is very simple to manage and easy to use."
"LinkGreat firewall capabilities"
"FortiGate's web and URL filtering are unlike any other firewall I've used. The functionality of URL filtering in those solutions is problematic because everything is encrypted, and firewalls can't break that encryption protocol. Fortinet has an SSL proxy, so the encryption is done before the packet ever leaves the FortiGate. The URL filter is definitely one of the most helpful features."
"SNMP status monitoring and the Central Management Software."
"We have used technical support for WatchGuard many times and overall, we are satisfied with it. They are always listening and there is a good reaction time to our findings. When there are issues, they really try to resolve them."
"I like the hostwatch because I can see what traffic uses the most bandwidth and I can block that site."
"It is stable and does not require you to reboot all the time."
"After installing the product, we achieved awareness of our data protection needs and email misuse."
"Reputation Enabled Defense indicates that some websites are so infested that it's not even worth visiting them, and therefore saving the bandwidth of going through the detection process."
"Monitoring of network activity is included in the box."
"They have a reporting system which can store data over a very long period of time. Not many other firewall vendors provide a reporting system, but if they do, like Fortinet does, then you've got buy that as an additional product and that can be more than twice as expensive as the initial investment in the firewall. And without reporting over a long-term period, you're just about wasting your time."
"Initial setup can be complex. It is complex. We have to set up ASA, SFR module, and FMC separately, which sometimes requires extensive troubleshooting, even for smaller issues."
"Cisco is not cheap, however, it is worth investing in these technologies."
"It is hard to collaborate with our filtered environment."
"The interface for monitoring could be improved to allow better views to make troubleshooting easier."
"With regards to stability, we had a critical bug come out during our evaluation... not good."
"Cisco missed the mark with all the configuration steps. They are a pain and, when doing them, it looks as if we're using a very old technology — yet the technology itself is not old, it's very good. But the front-end configuration is very tough."
"In NGFW, Cisco should be aligned with the new technology and inspection intelligence because Cisco is far behind in this pipeline."
"Antivirus features must be integrated for end user security."
"The routing capability on the FortiGate devices has room for improvement."
"I would prefer to have more detailed logs within the FortiGate products themselves rather than relying on a separate tool."
"Its filtering is sometimes too precise or strict. We sometimes have to bypass and authorize some of the sites, but they get blocked. We know that they are trusted sites, but they are blocked, and we don't know why."
"I haven't had a single issue since using Fortinet."
"I could not configure sFlow from the FortiGate graphical user interface. I realized that the sFlow configuration is available only from the CLI, and discovered that sFlow is not supported on virtual interfaces, such as VDOM links, IPsec, or GRE."
"Technical support could be better. You don't always get the level of help you need right away."
"Some of the filtering is not robust, you can escape it with a VPN. Some of the users bypass some of the filters. It catches some but it also misses some, that area could be improved. It's functioning reasonably but there's room for improvement in that area."
"The feedback that I have received is that the performance could be better, and the user experience is not as good compared to a previous solution we used. It could be more user-friendly. Of course, it still works fine for our operations."
"One huge issue with WatchGuard XTM is that I'm not getting reports in a readable format. Readable means, I don't want Excel online. We repeat auditing when we trigger the report or setup calendar. That functionality is what we are looking for from WatchGuard XTM here."
"Sometimes we have had issues with stability of the product."
"I would like them to improve the product's overall protections. This would be good for all product users."
"The VPN errors are not helpful when troubleshooting."
"The initial setup is neither simple nor complex. If you know the base in networking and how the firewall works, you will be able to figure it out."
"Syslog (Dimension) is focused on presentation, but needs more focus on utility like SonicWall syslog (GMS/Analyzer)."
"WatchGuard doesn't have a product that allows them to get into the data center. And that's just because there is no hardware to do the job. The software could do it, but there's no hardware that allows that to happen at the moment. So it doesn't scale as well as some other products, that's for sure."
"The setting policies need improvement. It needs an easier way to do static NAT and check on what policy is being used for that specific traffic."
Earn 20 points