"It's got the capabilities of amassing a lot of throughput with remote access and VPNs."
"Firepower has been used for quite a few enterprise clients. Most of our clients are Fortune 500 and Firepower is used to improve their end to end firewall functionality."
"Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."
"One of the most valuable features of Firepower 7.0 is the "live log" type feature called Unified Event Viewer. That view has been really good in helping me get to data faster, decreasing the amount of time it takes to find information, and allowing me to fix problems faster. I've found that to be incredibly valuable because it's a lot easier to get to some points of data now."
"The customer service/technical support is very good with this solution."
"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."
"Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches."
"The most valuable feature is the access control list (ACL)."
"The features that I have found most valuable are that it is good to use, and most importantly, the pricing. The customer especially likes the discount when they trade up or something like that."
"The solution can scale well."
"The user interface (UI) is very, very good."
"There are great templates, so you don't have to customize them if you don't want to. You do have the option to custom create some folders and some reports, however, with what is there, you don't really need to go through extra effort, as they already give you a lot of predefined views of reports and so forth."
"It's super reliable. I don't think I've ever had a reliability issue with it."
"The management console is pretty simple, so anyone who understands networking can initially deploy the solution."
"This version is stable. I don't have any issues with this solution, in our environment, it works well."
"The pricing is excellent. It's much less expensive than Cisco."
"The solution simplifies my business. Normally, for administration, we are using NetApp System Manager on Window since it's easy to create new policies. In a short amount of time, you can create new policies based on new requirements. For example, in the last few months, many requirements changed due to the coronavirus, adding the use of new services, like Office 365, and eLearning tools, like Zoom."
"The features that I have found most valuable are the FireWall features. The management side of WatchGuard is quite easy because it supports two ways to manage it - by the web and the other one they call WatchGuard systems manager. I used to be familiar with WSM only, but they improved their GUI in the web browser and now it is much easier to do it within the web browser."
"The ports that I have assigned appear to be unattainable to outside 'mal-actors,' unless they have an address registered on the internet that this thing is expecting. That's a layer of security."
"The policy monitoring and allowing different traffic flows are the most useful features for us; regulating which traffic comes in and out."
"Among the most valuable features is the ease of use — love the interface — of both the web interface and of the WatchGuard System Manager."
"Because we bought two firewalls... we need a central place to manage the policies and deploy them to both devices. It's good that it provides a system management console that is able to manipulate and manage policies in one place and deploy them to different locations."
"This product offers great protection using the default settings."
"It also provides us with layered security. It has onboard virus scanning features that allow it to scan before something gets to the host. It will also stop a person from going to a site that is known to be bad."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"This product is managed using the Firepower Management Center (FMC), but it would be better if it also supported the command-line interface (CLI)."
"It would be great if some of the load times were faster."
"The Firepower FTD code is missing some old ASA firewalls codes. It's a small thing. But Firepower software isn't missing things that are essential, anymore."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"The visibility for VPN is one big part. The policy administration could be improved in terms of customizations and flexibility for changing it to our needs."
"The product line does not address the SMB market as it is supposed to do. Cisco already has an on-premises sandbox solution."
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility."
"The initial setup and configuration are not intuitive and require training."
"There are SD-WAN network monitoring, SD-WAN features, Industrial Databases, Internet of Things, Detection, etc., however, we do have not licenses for those features. We thought that if you bought a product, you should have all of the features it offers. Why should you need to make so many extra purchases to enable features? They should have one price for the entire offering."
"Quality control on their firmware versions needs improvement. When they introduce new firmware, there tend to be bugs."
"Technical support needs to be improved."
"The performance could be a bit better. Right now, I find it to be lacking. Having good performance is very important for our work."
"In the balance between links feature normally you can just choose one option to balance. It would be better for the solution to have more than one option, preferably three."
"There are some problems that support cannot give you a logical reason as to why it happened. For example, I had a case where I was dealing with a WhatsApp application that was giving issues. Technical support gave more than one reason it could be giving issues, but none of them solved the problem. Eventually I solved the problem, but it was far from the solutions that support had given."
"In terms of what could be improved, the SD-WAN is quite difficult, because if you install the new box, 15 is okay, but if you change from an old configuration, if there is already configuration and a policy when you change to SD-WAN, you must change the whole policy that you see in the interface."
"I haven’t dug deeply into the reporting features yet or if they are working well. However, I have generated several reports and there was too much unnecessary information, in comparison with the reporting features in the Sophos firewall. Sophos' reporting is more readable and easier to configure."
"Once you start getting into proxy actions and setting up: "Okay, cool. Once this rule gets triggered, what actions have to happen?" I do know a few people who use WatchGuard and they still have to get assistance when they look at that. So I would file that as a con for WatchGuard. Proxy actions can be a little bit complicated."
"I would like to have a little more control over access points and the ability to see the bandwidth that is passing through a specific access point. We are not able to see that. We can see what traffic is passing through the Firebox itself, but we can't identify if it is coming from a particular access point or not."
"The only downside is that it is missing an API, that you can use to easily collect information from it."
"The UI is not as user-friendly as the model that I had used before, which was from Check Point. The design of the Firebox UI is restricted and needs an experienced network guy to understand the format and settings."
"There is room for improvement on the education side, regarding what does what, rather than just throwing it at a person and assuming they know everything about it. A lot of times, you have to call WatchGuard support to get the solution that will work, rather than their just having it published so that you can fix the problem on your own."
"Some of the configuration options are somewhat confusing."
"I would like to see more tutorials on setting up the Firebox."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
Fortinet FortiGate is ranked 1st in Firewalls with 98 reviews while WatchGuard Firebox is ranked 3rd in Unified Threat Management (UTM) with 27 reviews. Fortinet FortiGate is rated 8.4, while WatchGuard Firebox is rated 8.6. The top reviewer of Fortinet FortiGate writes "Stable, easy to set up, and offers good ROI". On the other hand, the top reviewer of WatchGuard Firebox writes "Competent, basic front-end; the ports that I have assigned appear to be unattainable to outsiders". Fortinet FortiGate is most compared with Cisco ASA Firewall, pfSense, Check Point NGFW, Meraki MX and Cisco SD-WAN, whereas WatchGuard Firebox is most compared with Sophos XG, pfSense, Cisco ASA Firewall, SonicWall NSa and Azure Firewall. See our Fortinet FortiGate vs. WatchGuard Firebox report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
In my organization, we use Fortinet’s Fortigate. We find it to be very powerful, cost-efficient, and reliable. The user interface is friendly, and it is easy to create policies and set rules. As an NGFW, you can upgrade the firewall cluster firmware without disturbing the user. The graphic interface is very intuitive. The endpoint and email protection are on point, and you don’t have to worry about downtime.
FortiGate offers malware and spyware protection, with advanced capabilities like proxy-based antivirus. It has advanced network protection features and a powerful intrusion prevention system with anti-spam and web filtering capabilities. For all the capabilities it offers, the price is reasonable.
FortiGate has downsides though: the technical support is not great, and there is not a lot of documentation available. It is also kind of hard to configure.
We reviewed WatchGuard before choosing FortiGate. WatchGuard offers a comprehensive advanced network security platform with enterprise-grade security. The router is rich in security features like antivirus, APT blocker, and spam blocker. It is simple to use and applicable for various use cases. It offers web filtering, application control, and monitoring.
We liked that the GUI interface seemed intuitive and easy to use. It integrates with Active Directory, so it is a good fit for MS enterprise users. You can also schedule backups with ease.
WatchGuard is, however, lacking in features for application control and we found the DNS server functionality to be poor. The firewall policies don’t point to a domain, only to IP addresses. While it is excellent that it integrates with Active Directory, the single-sign-on sometimes doesn’t refresh users’ permissions when they log on and off.
Conclusion
Fortinet Fortigate is undoubtedly a powerful and established next-generation firewall, and with all the features and capabilities, it is a better and more cost-effective solution than WatchGuard. WatchGuard would be better for organizations that use MS products.