"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"The most valuable features of this solution are advanced malware protection, IPS, and IDS."
"The customer service/technical support is very good with this solution."
"The solution offers very easy configurations."
"The dashboard is the most important thing. It provides good visibility and makes management easy. Firepower also provides us with good application visibility and control."
"It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS."
"The most important features are the intrusion prevention engine and the application visibility and control. The Snort feature in Firepower is also valuable."
"You do not have to do everything through a command line which makes it a lot easier to apply rules."
"It has very good features; it's easy to use, configure, set up, and deploy."
"It is easy to manage, which is one of the most important things for us. It is also flexible, stable, and scalable."
"In general, Meraki MX is easy to work with."
"It is very easy to use and manage. It is also very easy to scale."
"Dual WAN connections are greatly simplified and point-to-point VPNs automatically connect regardless of what WAN connection is active."
"The most valuable feature is that we didn't have any problems with Meraki MX."
"Point-to-point VPNs can dynamically follow IP changes with no need for static IPs."
"They have very good technical support and I have relied heavily on them."
"I like that this product has very few issues."
"It provides us with Layer 2 and Layer 3 security."
"Their support is excellent, and the stability is very good."
"There are no problems with the technical support. If a problem occurs it gets resolved immediately with our technical support partners."
"Regarding the reporting, I was in the Dimension server earlier today. It's very powerful. I like it. And the management features are easy to use. I like the fact that I can open up the System Manager client or I can just do it through the web if I'm making a quick change."
"It saves us time in the respect that we now have the template built for it so we can get in and get it done. We've had much less problem supporting Voice over IP technologies from different companies. Because our client base has grown over the years, we're probably saving 20 to 30 man-hours a month now that we've got this on a good stable level."
"The solution has increased productivity with our outside salespeople being able to connect into their computers and use those remotely."
"The ease of use is most valuable. You can quickly train someone who hasn't seen a firewall in life. You can get people up to speed, and in a few months, they are able to manage this product very easily. It is a very user-friendly, scalable, and stable product. Its price is also spot-on."
"When you make any changes, irrespective of whether they are big or small, Firepower takes too much time. It is very time-consuming. Even for small changes, you have to wait for 60 seconds or maybe more, which is not good. Similarly, when you have many IPS rules and policies, it slows down, and there is an impact on its performance."
"The initial setup could be simplified, as it can be complex for new users."
"It's mainly the UI and the management parts that need improvement. The most impactful feature when you're using it is the user interface and the user experience."
"Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment."
"The initial setup can be a bit complex for those unfamiliar with the solution."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively."
"One feature I would like to see, that Firepower doesn't have, is email security. Perhaps in the future, Cisco will integrate Cisco Umbrella with Firepower. I don't see why we should have to pay for two separate products when both could be integrated in one box."
"Meraki tech support staff have a lot more visibility into your network than you do, which is frustrating at times. I understand the approach is to keep the dashboard easier to understand. This will frustrate more advanced users at times."
"In general, the SD-WAN feature needs to be improved. The load sharing and load balancing of the traffic should be improved. I have had some problems with these features in the past."
"In the next release, because the security is pretty basic, I think they could include additional security features."
"We have been having a problem with the VPN. When the energy goes down and is back again, the VPN link doesn't get established. We have to manually turn off the modems and other pieces of equipment and manually establish the VPN. It has been around one month since we have been having this problem, and we don't have enough support from Meraki to solve the problem."
"From the improvement perspective, we need more monitoring capabilities. We want to have full-based access visibility, such as, what is happening when something is trying to reach and it is denying. We cannot see some parts of it. The integration of active directory with this product is not very fruitful. It has some bugs or lacks in the functionality of active directory integration. We are unable to identify where exactly and whether it has really applied our policy."
"When we do API integrations with Meraki, they have always been hard as well as tedious to build. The data that we want out of the API integrations has been only recently available. Six months ago, it was hard to get someone to build something correctly or useful with Meraki APIs. Recently, they have made more data available on the API, but it is just a start. They need to do more."
"You cannot use switching behaviors as you see on the Meraki switch."
"The security is not as strong as it could be"
"The pricing could be improved. It is definitely one of the more expensive products."
"The solution can improve by adding a feature to tag a MAC address of a computer system in the policy and more IP configuration settings."
"The only downside is that it is missing an API, that you can use to easily collect information from it."
"There should be better integration and a way to configure multiple vendors into the same data center in order to offer more flexibility."
"The usability could be better, but it is definitely manageable. If we have to go to a backup internet connection, that could be a little bit easier."
"Once you start getting into proxy actions and setting up: "Okay, cool. Once this rule gets triggered, what actions have to happen?" I do know a few people who use WatchGuard and they still have to get assistance when they look at that. So I would file that as a con for WatchGuard. Proxy actions can be a little bit complicated."
"Sometimes I would like to copy a rule set from one box to another box in a direct way. This is a feature that is not present at the moment in WatchGuard."
"If they could make the traffic monitoring easier that would be great. I don't use it that frequently, but I would like to see some improvements in the ease of use of that component, so it makes more sense. I know it's a technical component so there's going to be some difficulty trying to make that easier."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
WatchGuard's approach to network security focuses on bringing best-in-class, enterprise-grade security to any organization, regardless of size or technical expertise. Ideal for SMBs and distributed enterprise organizations, our award-winning Unified Threat Management (UTM) appliances are designed from the ground up to focus on ease of deployment, use, and ongoing management, in addition to providing the strongest security possible.
Meraki MX is ranked 1st in Unified Threat Management (UTM) with 17 reviews while WatchGuard Firebox is ranked 3rd in Unified Threat Management (UTM) with 27 reviews. Meraki MX is rated 8.4, while WatchGuard Firebox is rated 8.6. The top reviewer of Meraki MX writes "Makes it easy to stay on top of everything for security". On the other hand, the top reviewer of WatchGuard Firebox writes "Competent, basic front-end; the ports that I have assigned appear to be unattainable to outsiders". Meraki MX is most compared with Fortinet FortiGate, Cisco ASA Firewall, Sophos XG, Palo Alto Networks NG Firewalls and Juniper SRX, whereas WatchGuard Firebox is most compared with Fortinet FortiGate, Sophos XG, pfSense, Cisco ASA Firewall and Azure Firewall. See our Meraki MX vs. WatchGuard Firebox report.
We monitor all Unified Threat Management (UTM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.