"The integration of network and workload micro-segmentation helps a lot to provide unified segmentation policies across east-west and north-south traffic. One concrete example is with Cisco ACI for the data center. Not only are we doing what is called a service graph on the ACI to make sure that we can filter traffic east-west between two endpoints in the same network, but when we go north-south or east-west, we can then leverage what we have on the network with SGTs on Cisco ISE. Once you build your matrix, it is very easy to filter in and out on east-west or north-south traffic."
"Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches."
"It's got the capabilities of amassing a lot of throughput with remote access and VPNs."
"It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS."
"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"There are no issues that we are aware of. It does its job silently in the background."
"One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now."
"The most valuable feature is stability."
"The most valuable features of this solution are the integration within the environment, with centralized reporting."
"The most valuable feature is geofencing, where we can block all access from all non-domestic locations."
"It gives all the features of a full-fledged firewall with great performance."
"I really like that it's internationally deployable."
"The thing that I like the most is that they're very willing to work with us to resolve issues that they haven't taken care of before in their product."
"It's a relatively simple product that is easy to use. It's not overly complex."
"The most valuable features of Fortinet FortiGate-VM are the servers, analyzer, and track protection."
"It's almost perfect. It's very stable. We don't have many hardware issues."
"After conducting several tests I found the antivirus is working very well. Additionally, they have a very interesting feature, DNS WatchGuard, which is checking DNS requests for phishing, among other things, and it has caught a lot of unwanted attempts and attacks."
"It also provides us with layered security. It has onboard virus scanning features that allow it to scan before something gets to the host. It will also stop a person from going to a site that is known to be bad."
"This product offers great protection using the default settings."
"Their support is excellent, and the stability is very good."
"There are many fantastic features."
"It provides us with Layer 2 and Layer 3 security."
"The ease of use is most valuable. You can quickly train someone who hasn't seen a firewall in life. You can get people up to speed, and in a few months, they are able to manage this product very easily. It is a very user-friendly, scalable, and stable product. Its price is also spot-on."
"The solution has increased productivity with our outside salespeople being able to connect into their computers and use those remotely."
"The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area."
"My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement."
"Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment."
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility."
"The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved."
"I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device."
"One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically."
"The price and SD-WAN capabilities are the areas that need improvement."
"The costs could be lowered."
"The solution is fairly complex."
"The licensing needs to be improved. We need longer licensing periods, especially for POCs and trials. It should be for six months. Right now, it's too short of a timeframe."
"When new versions are deployed they tend to be a little buggy, so they should be more fully tested before release."
"We haven't attempted to scale the solution just yet. If we want to scale this solution we may have to look at other models. With certain requirements, we probably wouldn't be able to scale it so well as it is right now."
"It is difficult to size the VM in terms of machine resources, and for this reason, clients prefer the appliance."
"The stability could be improved. I find Cisco to be more stable than Fortigate, which is I major differentiator between the two."
"There are certain GUI features that should be present but are not."
"The data loss protection works well, but it could be easier to configure. The complexity of data loss protection makes it a more difficult feature to fully leverage. Better integration with third-party, two-factor authentication would be advantageous."
"There is room for improvement on the education side, regarding what does what, rather than just throwing it at a person and assuming they know everything about it. A lot of times, you have to call WatchGuard support to get the solution that will work, rather than their just having it published so that you can fix the problem on your own."
"Sometimes I would like to copy a rule set from one box to another box in a direct way. This is a feature that is not present at the moment in WatchGuard."
"The UI is not as user-friendly as the model that I had used before, which was from Check Point. The design of the Firebox UI is restricted and needs an experienced network guy to understand the format and settings."
"I would like to see the devices made more flexible by adding modules to increase the ports that we can use."
"In terms of what could be improved, I would say their web blocker feature. It is still quite a confusing setup, especially when you want to filter out a particular category for granularity. For example, you do not want to filter Facebook but you do want to filter Facebook games only. It can be done, but the process to do it is very confusing."
"The pricing could be improved. It is definitely one of the more expensive products."
"The only downside is that it is missing an API, that you can use to easily collect information from it."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
Fortinet FortiGate-VM is ranked 12th in Firewalls with 67 reviews while WatchGuard Firebox is ranked 3rd in Unified Threat Management (UTM) with 27 reviews. Fortinet FortiGate-VM is rated 8.2, while WatchGuard Firebox is rated 8.6. The top reviewer of Fortinet FortiGate-VM writes "Flexible with good cloud management and a straightforward user interface". On the other hand, the top reviewer of WatchGuard Firebox writes "Competent, basic front-end; the ports that I have assigned appear to be unattainable to outsiders". Fortinet FortiGate-VM is most compared with Azure Firewall, Fortinet FortiGate, Palo Alto Networks VM-Series, OPNsense and Sophos UTM, whereas WatchGuard Firebox is most compared with Fortinet FortiGate, Sophos XG, pfSense, Cisco ASA Firewall and Azure Firewall. See our Fortinet FortiGate-VM vs. WatchGuard Firebox report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
