"I like the firewall features, Snort, and the Intrusion Prevention System (IPS)."
"One of the nice things about Firepower is that you can set it to discover the environment. If that is happening, then Firepower is learning about every device, software operating system, and application running inside or across your environment. Then, you can leverage the discovery intelligence to get Firepower to select the most appropriate intrusion prevention rules to use for your environment rather than picking one of the base policies that might have 50,000 IPS rules in it, which can put a lot of overhead on your firewall. If you choose the recommendations, as long as you update them regularly, you might be able to get your rule set down to only 1,000 or 1,500, which is a significant reduction in a base rule set. This means that the firewall will give you better performance because there are less rules being checked unnecessarily. That is really useful."
"If configured, Firepower provides us with application visibility and control."
"The feature set is fine and is rarely a problem."
"One of the most valuable features is the AMP. It's very good and very reliable when it comes to malicious activities, websites, and viruses."
"Provides good integrations and reporting."
"Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch."
"I have integrated it for incidence response. If there is a security event, the Cisco firewall will automatically block the traffic, which is valuable."
"You can easily integrate it with Active Directory, and you can use the GlobalProtect VPN for internal and external purposes. The URL Filtering is also clear and the application filtering is a plus. The application filtering is much better when you compare it to FortiGate or other firewall vendors."
"This solution not only provides better security than flat VLAN segments but allows easy movement through the lifecycle of the server."
"The Unified Threat Management (UTM) module, which consists of the basic firewall and IPS services, is what the majority of our customers use in Palo Alto Firewall."
"The technology's very good. We have had a lot of good experience with this solution."
"They have a good system operator in the firewalls and it provides many tools that they can use to protect their networks."
"Some of the valuable features in this solution are traffic monitoring, GUI functionality, and it very easy to troubleshoot if there is any problem that happens."
"GlobalProtect and App-ID features are very good."
"They are regularly releasing new versions that include more integration with third-party services."
"The initial setup was straightforward."
"The performance has been good overall."
"The solution is excellent for web and application filtering and remote access with the VPN."
"Its portal is user-friendly. I am able to manage the user data and access control through this device."
"The interface is user-friendly."
"The solution is easy to integrate."
"We consider the user level and control features of Sophos Cyberoam UTM to be the best."
"The most valuable feature is the IPSec forwarding."
"FirePOWER does a good job when it comes to providing us with visibility into threats, but I would like to see a more proactive stance to it."
"We cannot have virtual domains, which we can create with FortiGate. This is something they should add in the future. Additionally, there is a connection limit and the FMC could improve."
"An area of improvement for this solution is the console visualization."
"Web filtering needs improvement because sometimes the URL is miscategorized."
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility."
"We're getting support but there's a big delay until we get a response from their technical team. They're in the USA and we're in Africa, so that's the difficulty. When they're in the office, they respond."
"On the VPN side, Firepower could be better. It needs more monitoring on VPNs. Right now, it's not that good. You can set up a VPN in Firepower, but you can't monitor it."
"The configuration in Firepower Management Center is very slow. Deployment takes two to three minutes. You spend a lot of time on modifications. Whereas, in FortiGate, you press a button, and it takes one second."
"Based on the features that I have seen so far, I do not see any room for improvement, but they can improve their CLI documentation. I haven't really seen much when it comes to CLI documentation."
"The pricing could be improved upon."
"The solution is not straightforward."
"The only real drawback to this product is that it is expensive. But you get what you pay for and there is no way to put a price on top-notch security."
"Sometimes some of the applications the customer has do not respond as they normally should."
"Currently, they don't have email protection. They can maybe add it in the future. Currently, if you want to do so, you need to go with another solution."
"It would be better to have more tools to control Palo Alto Networks NG Firewalls. We don't have too many tools to access Palo Alto. For example, the IT team doesn't have access to it. We can see it physically and see if it's running or not. We need to contact a special team to receive that information. I would also like to see more reporting in the next release."
"The only area I can see for improvement is that Palo Alto should do more marketing."
"The product is at its end-of-life. There is nothing to improve as it will be discontinued."
"The policy is a bit too vague."
"I would like to see real-time alerts on traffic insights."
"There needs to be more documentation that users can access to help them understand the solution or troubleshoot as necessary."
"Sometimes, during part of the configuration, if you don't have a lot of technical knowledge, then you may struggle a bit to configure it."
"I don't know whether this will be included in an upgrade, but I would like to get the user utility, like seeing where the users are using more of the data."
"When it comes to web filtering and application filtering, it does not contain enough signatures to determine all of the sites that need to be blocked."
"The VPN is an area that can be improved."
Cisco NGFW firewalls deliver advanced threat defense capabilities to meet diverse needs, from
small/branch offices to high performance data centers and service providers. Available in a wide
range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Advanced threat
defense capabilities include Next-generation IPS (NGIPS), Security Intelligence (SI), Advanced
Malware Protection (AMP), URL filtering, Application Visibility and Control (AVC), and flexible VPN
features. Inspect encrypted traffic and enjoy automated risk ranking and impact flags to reduce event
volume so you can quickly prioritize threats. Cisco NGFW firewalls are also available with clustering
for increased performance, high availability configurations, and more.
Cisco Firepower NGFWv is the virtualized version of Cisco's Firepower NGFW firewall. Widely
deployed in leading private and public clouds, Cisco NGFWv automatically scales up/down to meet
the needs of dynamic cloud environments and high availability provides resilience. Also, Cisco NGFWv
can deliver micro-segmentation to protect east-west network traffic.
Cisco firewalls provide consistent security policies, enforcement, and protection across all your
environments. Unified management for Cisco ASA and FTD/NGFW physical and virtual firewalls is
delivered by Cisco Defense Orchestrator (CDO), with cloud logging also available. And with Cisco
SecureX included with every Cisco firewall, you gain a cloud-native platform experience that enables
greater simplicity, visibility, and efficiency.
Learn more about Cisco’s firewall solutions, including virtual appliances for public and private cloud.
Palo Alto Networks' next-generation firewalls secure your business with a prevention-focused architecture and integrated innovations that are easy to deploy and use. Now, you can accelerate growth and eliminate risks at the same time.
Palo Alto Networks NG Firewalls is ranked 7th in Firewalls with 72 reviews while Sophos Cyberoam UTM is ranked 5th in Unified Threat Management (UTM) with 23 reviews. Palo Alto Networks NG Firewalls is rated 8.6, while Sophos Cyberoam UTM is rated 7.6. The top reviewer of Palo Alto Networks NG Firewalls writes "The product stability and level of security are second to none in the industry". On the other hand, the top reviewer of Sophos Cyberoam UTM writes "Useful data quota features, but scalability is an issue and the signature database could be enhanced". Palo Alto Networks NG Firewalls is most compared with Fortinet FortiGate, Azure Firewall, Sophos XG, Meraki MX and Check Point CloudGuard Network Security, whereas Sophos Cyberoam UTM is most compared with Fortinet FortiGate, Sophos XG, Sophos UTM, Cisco ASA Firewall and OPNsense. See our Palo Alto Networks NG Firewalls vs. Sophos Cyberoam UTM report.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.