"It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS."
"The most valuable feature is the access control list (ACL)."
"The Firepower+ISE+AMP for endpoint integration is something that really stands it out with other vendor solutions. They have something called pxGrid and i think it is already endorsed by IETF. This allows all devices on the network to communicate."
"The most valuable feature is stability."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"A good intrusion prevention system and filtering."
"I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable."
"We get the Security Intelligence Feeds refreshed every hour from Talos, which from my understanding is that they're the largest intelligence Security Intelligence Group outside of the government."
"I have found the solution has some great features overall, such as guest access capabilities, dashboards, and ease of use. There is plenty of documentation and support and it has the plugins that I needed."
"The system in general is quite flexible."
"OPNsense is easy to scale when running on the hardware."
"We have found pretty much all the features of the solution to be valuable."
"The most valuable features are reporting, the Sensei plugin, and firewall capabilities."
"The solution is good for a basic firewall for a small business or for home use."
"The most valuable features in OPNsense are reporting and visibility."
"The graphic user interface is very good and it is user-friendly which makes the product easy-to-use."
"The interface is user-friendly and the product is easy to configure."
"There are many features. VPN, firewalling, and intrusion detection are the main features that are most useful for us at this time."
"It is stable, flexible, and easy to use. It has got a web management portal that can be accessed from anywhere."
"The solution is easy to set up and configure."
"It is feature-rich, I like the server authentication, and the reports are good."
"Sophos XG's price is right, and it's easy to manage. It's a good fit for our current needs at the moment."
"Sophos CG is cost-effective, which makes it really suitable for SMB. If you want basic security and more embedded features, go with Sophos XG."
"Dashboard is easy to use and the reporting offers a lot of detail."
"My team tells me that other solutions such as Fortinet and Palo Alto are easier to implement."
"Its interface is sometimes is a little bit slow, and it can be improved. When you need to put your appliance in failover mode, it is a little difficult to do it remotely because you need to turn off the appliance in Cisco mode. In terms of new features, it would be good to have AnyConnect VPN with Firepower. I am not sure if it is available at the moment."
"They need a VTI. I know it's going to be available in the next software version, which is the 6.7 version. However, the problem with that is that the 6.7 is going to deprecate all the older IKEv1 deployment tunnels. Therefore, the problem is that we have a lot of customers which are using older encryptions. If I do that, update it, it's not going to work for me."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"One feature I would like to see, that Firepower doesn't have, is email security. Perhaps in the future, Cisco will integrate Cisco Umbrella with Firepower. I don't see why we should have to pay for two separate products when both could be integrated in one box."
"We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."
"One of the few things that are brought up is that for the overall management, it would be great to have a cloud instance of that. And not only just a cloud instance, but one of the areas that we've looked at is using an HA type of cloud. To have the ability to have a device file within a cloud. If we had an issue with one, the other one would pick up automatically."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"The ability to set the VPN IP address would be a welcome addition."
"The interface isn't so friendly user. But we have some technicians here who are quite confident with this tool. OPNSense could maybe add sets of rules so it's simpler to manage different groups with particular needs."
"The interface needs to be simplified. It is not user-friendly."
"While they do have paid options that actually gives better features, for most of the clients, if they tend to take a paid option will instead opt for Fortinet."
"There should be more technical documentation."
"The solution could be more secure."
"I would like to see better SD-WAN performance."
"The only thing that I would like to see improved is the Insight or the NetFlow analysis part. It would be good to have the possibility to dig down on the Insight platform. Right now, we can easily do only a few analyses. If this page becomes more powerful, it surely will be a well-adopted platform."
"The cloud support needs to be improved."
"The only area that requires improvement is scalability."
"I'm just a sole proprietor for IT support, and from my perspective, there could be better ways to educate a proprietor, such as myself, on how to set it up, and program it, and manage it. They do tend to have support, but a lot of times, it is for larger networks. I need something that is simpler and more rudimentary as to how to go about setting up and configuring the firewall, setting up the rules, and that type of thing. So, if there is a missing component there, that would be it."
"Sophos can improve the debugging of the WAPS function."
"Everything is working as expected at this moment, but the anti-spam solution in Sophos XG needs to be improved. It needs more granular features and more stability. The anti-spam solution currently doesn't have many features, and we would like to have more features. At this moment, there is no expression filter for anti-spam. We need something to be able to filter subjects or attachments in emails based on the keyword. Sometimes, there is an issue with anti-spam, and Sophos XG suddenly stops processing incoming or outgoing emails. The only solution for this issue is to restart the appliance. Their support should be improved. It takes a long time to escalate a support case from level one to level two."
"It would be helpful if the solution offered some tutorial videos to help new users learn the system quickly."
"They need to do more quality checks before they release firmware upgrades. Currently, a few Cyberoam firewall customers are facing some issues while upgrading the Cyberoam firmware to Sophos. After the new firmware is installed, they are seeing some performance issues, which require some bug fixes. The performance is fine after getting the required support. Customers who are already using Sophos hardware are quite satisfied with this solution. Their support should also be improved. We are facing difficulties getting support on time through email or phone."
"I think that the main area for improvement is the quality assurance of the updates."
More Cisco Firepower NGFW Firewall Pricing and Cost Advice →
OPNsense is ranked 13th in Firewalls with 11 reviews while Sophos XG is ranked 5th in Firewalls with 129 reviews. OPNsense is rated 8.0, while Sophos XG is rated 8.2. The top reviewer of OPNsense writes "A solution that detects and blocks malicious content with good reporting and visibility, but the reliability needs improvement". On the other hand, the top reviewer of Sophos XG writes "Light and stable with excellent real-time control ". OPNsense is most compared with pfSense, Untangle NG Firewall, Sophos UTM, Fortinet FortiGate and Cisco ASA Firewall, whereas Sophos XG is most compared with Fortinet FortiGate, pfSense, Meraki MX, Palo Alto Networks NG Firewalls and SonicWall NSa. See our OPNsense vs. Sophos XG report.
See our list of best Firewalls vendors.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
