"Web filtering is a big improvement for us. The previous version we used, the AC520, did not have that feature included. It was not very easy for us, especially because the environment had to be isolated and we needed to get updates from outside, such as Windows patches. That feature has really helped us when we are going outside to pull those patches."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"The main thing that I love the most is its policy and objects. Whenever I try to give access to a user, I can create an object via group creation in the object fields. This way, I am not able to enter a user in the policy repeatedly."
"Firepower NGFW has improved my organization in several ways. Before, we were trying to stamp out security threats and issues, it was a one-off type of way to attack it. I spent a lot of manpower trying to track down the individual issues or flare-ups that we would see. With Cisco's Firepower Management, we're able to have that push up to basically one monitor and one UI and be able to track that and stop threats immediately. It also gives us a little more granularity on what those threats might be."
"I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable."
"We have not had to deal with stability issues."
"The most valuable feature is the access control list (ACL)."
"When it comes to the integration among Cisco tools, we find it easy. It's a very practical integration with other components as well."
"The only firewall able to monitor traffic from a CCTV network. Can detect unauthorized devices plugged into the network, which standard firewalls can't do."
"It has been stable so far."
"The most valuable features of this solution are all of the services it provides."
"The solution is user-friendly. It's secure and easy to understand your network visibility, control the network, and prevent attacks."
"I love the Policy Optimizer feature. I am also completely happy with its stability."
"The most valuable features are the power of the threat prevention and the WildFire service. Its strength comes from the huge number of sensors all over the world. The firewalls have a rich library of signatures."
"You just need a web browser to manage it, unlike Cisco, which requires another management system."
"Operationally, it is easier, and the manageability and their security features are good."
"DNS Security is a good feature because, in the real world with web threats, you can block all web threats and bad sites. DNS Security helps to prevent those threats. It's also very helpful with Zero-day attacks because DNS Security blocks all DNS requests before any antivirus would know that such requests contain a virus or a threat to your PC or your network."
"The application control portion of the solution is its most valuable aspect."
"An area of improvement for this solution is the console visualization."
"When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"The initial setup was a bit complex. It wasn't a major challenge, but due to our requirements and network, it was not very straightforward but still easy enough."
"The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area."
"The price and SD-WAN capabilities are the areas that need improvement."
"It would be great if some of the load times were faster."
"One of my colleagues is using the firewall as an IPS, but he is worried about Firepower's performance... With the 10 Gb devices, when it gets to 5 Gbps, the CPU usage goes up a lot and he cannot manage the IPS."
"They have a very good technical support team, but I think there are some communication issues due to language differences."
"Licensing is not cheap."
"Its software updates can be improved. It sometimes becomes very slow with the software updates for different features. It should have an External Dynamic List of data. The malicious IP is not frequently getting updated in Palo Alto, and this should be done."
"If you enable SSL you will face a problem. The throughput of the firewall will be degraded. SSL is a big issue on all firewalls. All products suffer from issues with SSL, but Palo Alto firewalls suffer more from it."
"When it comes to their support, we have to select every single component that we want to include in a particular bundle. That is a very tedious process. T"
"The only area I can see for improvement is that Palo Alto should do more marketing."
"From a documentation standpoint, there is room for improvement. Even Palo Alto says that their documentation is terrible."
"They can improve the handling and management of User-ID. They should also improve its price. Their technical support can also be improved."
"The pricing of the solution is quite high. It's one of the most expensive firewall solutions on the market."
"As things are evolving, we want to make sure that Palo Alto is able to keep up with what is going on outside. They should continue to do more intelligence-related enhancements and integrate with some of the other security tools. We want to have a more intelligent toolset down the road."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
More Palo Alto Networks NG Firewalls Pricing and Cost Advice →
Hillstone T-Series is ranked 32nd in Firewalls with 2 reviews while Palo Alto Networks NG Firewalls is ranked 7th in Firewalls with 76 reviews. Hillstone T-Series is rated 7.0, while Palo Alto Networks NG Firewalls is rated 8.6. The top reviewer of Hillstone T-Series writes "Customizable reports with advanced threat protection". On the other hand, the top reviewer of Palo Alto Networks NG Firewalls writes "The product stability and level of security are second to none in the industry". Hillstone T-Series is most compared with Fortinet FortiGate, Hillstone E-Series, Cisco ASA Firewall, Sangfor NGAF and Palo Alto Networks WildFire, whereas Palo Alto Networks NG Firewalls is most compared with Azure Firewall, Fortinet FortiGate, Check Point NGFW, Meraki MX and OPNsense. See our Hillstone T-Series vs. Palo Alto Networks NG Firewalls report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.