"The solution offers very easy configurations."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly."
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
"The most valuable feature is the access control list (ACL)."
"The feature set is fine and is rarely a problem."
"We have not had to deal with stability issues."
"A good intrusion prevention system and filtering."
"Using this product makes the VPN seamless and almost invisible to me in the sense that I don't have to think about it."
"The usage in general is pretty good."
"We've found the solution to be pretty stable."
"The features that I have found most valuable are that it is good to use, and most importantly, the pricing. The customer especially likes the discount when they trade up or something like that."
"The solution has very good threat and content filtering switches."
"The solution is stable."
"Customers are more inclined towards FortiGate because of application control, web filtering, and anti-spam features. The support from the FortiGate team is good, and price-wise, it is affordable."
"The most valuable feature is the web filter."
"I like pfSense's security features."
"Is good at blocking IP addresses."
"I have found the firewall portion for the blocking most valuable."
"The concurrent users are perfect for us."
"One of the advantages of pfSense is that it is very easy to work with. It is a very good open-source solution, and it works really well. pfSense provides a complete package. For some features, it could be the first solution in the world. It is a very good alternative in the market for a firewall solution. You don't need to go to Cisco or other brands with expensive firewalls. pfSense also allows us to offer some support services."
"The most valuable features are the VPN and the capture photo."
"The solution is very robust."
"The flexibility of adding new kinds of services without spending any money can't be beaten."
"I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here."
"The central management tool is not comfortable to use. You need to have a specific skill set. This is an important improvement for management because I would like to log into Firepower, see the dashboard, and generate a real-time report, then I question my team."
"Cisco Firepower NGFW Firewall can be more secure."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"I believe that the current feature set of the device is very good and the only thing that Cisco should work on is improving the user experience with the device."
"The intelligence has room for improvement. There are some hackers that we haven't seen before and its ability to detect those types of attacks needs to be improved."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"Cisco makes horrible UIs, so the interface is something that should be improved."
"We have an issue with hotel guest vouchers."
"There are some cloud-based features that could be much more flexible than they currently are."
"I would like to see a more intuitive dashboard."
"Quality control on their firmware versions needs improvement. When they introduce new firmware, there tend to be bugs."
"Sometimes you do need to know some CLI commands, so it's a bit harder for technicians or new people that don't know it."
"We were not able to build a full-mesh VPN; however, I am not sure if this was the fault of Fortinet FortiGate."
"They've become quite expensive."
"Some of the software stability could improve."
"The product could offer more integrated plugins."
"The solution requires a lot of administration."
"Lacks instructional videos."
"Layer 7 advanced firewall features are not included in the solution."
"The main problem with pfSense is that it lacks adequate ransomware protection."
"There's a bit of a learning curve during the initial implementation."
"The router monitoring needs improvement when compared with Sonicwall."
"The integration should be improved."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
Fortinet FortiGate is ranked 1st in Firewalls with 98 reviews while pfSense is ranked 3rd in Firewalls with 60 reviews. Fortinet FortiGate is rated 8.4, while pfSense is rated 8.6. The top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". On the other hand, the top reviewer of pfSense writes "Feature-rich, well documented, and there is good support available online". Fortinet FortiGate is most compared with Cisco ASA Firewall, Check Point NGFW, Meraki MX, Sophos XG and SonicWall TZ, whereas pfSense is most compared with OPNsense, Sophos UTM, Sophos XG, Untangle NG Firewall and Zyxel Unified Security Gateway. See our Fortinet FortiGate vs. pfSense report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
PFSense or Fortinet... That would depend on your used case....
We are using pfSense for the past two years and it does mostly what you would expect of a firewall... Captive portal, site-to-site VPN, TLS based VPN, IPsec VPN, SNORT, Suricata, ACME, port forwarding, NAT, CA, DHCP, DHCP relay, VLANS, Bridges, LAGG, LACP, etc... etc...
Most of all, no paid licenses anywhere as it is open source and free... Support can be purchased but I personally never needed it so far...
The only downside is that you need to be highly technical to get it working as per your needs... Also, a lot of docs in Google/YouTube (though a bit of scouting and navigating through bugs is required) to get things moving assuming you already know firewalls as a concept...
With a Fortinet, in case you have the money to pay and justify the need for it, then it's worth going for because they will support you as long as they keep getting paid... In our case (in our small SMB), I have not yet come across a need to move away from pfSense because it basically does what it is supposed to do...
It has been running with us for almost two years with no reasons for complaints... Again, it's my own personal opinion...
PfSense is the only product that would perform in a Symmetric NAT. Painful but OS-fingerprinting and impossible to do UDP NAT hole punching. Skype, Zoom uses that and even Kerio Operator, but that is all.
It is a very broken product and when you need IPS (the " free one" is 30 days old database) you need to pay Cisco for Snort... I would not use pfSense on its own. Period.
Fortinet is one of the best products. Lots of other things rely on one CPU to do the job. Sophos & pfSense (just to name a few) when you start adding inspection modes it is like having a 3 tonnes car with a 2 cylinder engine. The CPU goes to 90%.
Fortinet has been ultra clever from day number one to have custom chips to do the work in hardware, so throughput with all protection features can happen without suffering speed of service to users, compare to others.
The new OS7 is very good.
So, I would not touch pfSense. It Is like comparing a Toyota Yaris to a Kia K 900 car. Sort to speak.
Many people said that depends on your needs, and I agree.
Fortinet and many other vendors are more than a set of level 2 or level 3 rules. They also have IPS, Antivirus, SSL Inspection, stateful inspection.
If I have to choose between Fortinet and pfSense for my company, I would think twice. Fortinet.
Fortinet’s Fortigate is a firewall solution we use and are very much satisfied with its performance. We find Fortigate both cost-effective and efficient. One of the features we like most is that Fortigate can secure our infrastructure against known and unknown attacks. Unlike other firewalls we tried, it has a user-friendly interface. It is easy to create policies, and we can define security profiles and rules. Other features include a remote VPN, advanced malware protection, comprehensive logging, and IPS.
Fortigate also has some room for improvement. The command line is not easy, so it requires expertise with CLI commands. Additionally, it is not easy to configure. All told, though, it is a robust firewall and gives value for the price.
Previously we tried pfSense, and although it is a strong solution, it doesn’t combine Fortigate’s advantages. Sure, pfSense is free and open-source. You cannot be more cost-effective than that. But sometimes you get what you pay for. PfSense’s main advantage is its flexibility as a firewall and routing platform. Another advantage you get with pfSense is that it is customizable.
PfSense offers most features basic firewalls offer, like stateful packet inspection. I find it a bit stuck in time, though, with almost none of the features you find in next-generation firewalls. The interface is a bit clumsy, it has lots of bugs, and there seems to be no documentation available.
Conclusions
If you are looking for a basic firewall at a lower possible price, you may go with PfSense. It offers basic features and is easy to configure, and if you don’t mind the bugs, it is an excellent place to start. However, if you are looking for something more powerful with advanced features, I would suggest you consider Fortinet’s Fortigate. It offers advanced firewall functions and is still cost-effective for small businesses. Yes, it has a bit of a learning curve, but in my opinion, it is worth it.